Project import
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..df9b15b
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,110 @@
+#
+#    Copyright (c) 2010-2011 Nest, Inc.
+#    All rights reserved.
+#
+#    This document is the property of Nest. It is considered
+#    confidential and proprietary information.
+#
+#    This document may not be reproduced or transmitted in any form,
+#    in whole or in part, without the express written permission of
+#    Nest.
+#
+#    Description:
+#      This file is the makefile for the "Super User Do" (sudo) utility.
+#
+
+BuildConfigSpecialized	:= No
+BuildProductSpecialized	:= No
+
+include pre.mak
+
+PackageName		:= sudo
+
+PackageExtension	:= tar.gz
+PackageSeparator	:= -
+
+PackagePatchArgs	:= -p1
+
+PackageArchive		:= $(PackageName).$(PackageExtension)
+PackageSourceDir	:= $(PackageName)$(PackageSeparator)$(PackageVersion)
+
+PackageBuildMakefile	= $(call GenerateBuildPaths,Makefile)
+
+CleanPaths		+= $(PackageLicenseFile)
+
+all: $(PackageDefaultGoal)
+
+# Generate the package license contents.
+
+$(PackageSourceDir)/LICENSE: source
+
+$(PackageLicenseFile): $(PackageSourceDir)/LICENSE
+	$(copy-result)
+
+# Extract the source from the archive and apply patches, if any.
+
+$(PackageSourceDir): $(PackageArchive) $(PackagePatchPaths)
+	$(expand-and-patch-package)
+
+# Prepare the sources.
+
+.PHONY: source
+source: | $(PackageSourceDir)
+
+# Patch the sources, if necessary.
+
+.PHONY: patch
+patch: source
+
+# Generate the package build makefile.
+
+$(PackageBuildMakefile): | $(PackageSourceDir) $(BuildDirectory) $(ResultDirectory)
+	$(Verbose)cd $(BuildDirectory) && \
+	$(CURDIR)/$(PackageSourceDir)/configure \
+	CC="$(CC)" AR=$(AR) RANLIB=$(RANLIB) STRIP=$(STRIP) \
+	INSTALL="$(INSTALL) $(INSTALLFLAGS)" \
+	sudo_cv_uid_t_len=10 \
+	--build=$(HostTuple) \
+	--host=$(TargetTuple) \
+	--enable-shared \
+	--enable-fast-install \
+	--without-lecture \
+	--with-logging="syslog" \
+	--without-sendmail \
+	--without-insults \
+	--without-ldap \
+	--disable-pam-session \
+	--without-pam \
+	--prefix=/usr \
+	--sysconfdir=/etc \
+	--localstatedir=/var
+
+# Configure the source for building.
+
+.PHONY: configure
+configure: source $(PackageBuildMakefile)
+
+# Build the source.
+#
+# We have to unset MAKEFLAGS since they confuse the package build otherwise.
+
+.PHONY: build
+build: configure
+	$(Verbose)unset MAKEFLAGS && \
+	$(MAKE) $(JOBSFLAG) -C $(BuildDirectory) all
+
+# Stage the build to a temporary installation area.
+#
+# We have to unset MAKEFLAGS since they confuse the package build otherwise.
+
+.PHONY: stage
+stage: build | $(ResultDirectory)
+	$(Verbose)unset MAKEFLAGS && \
+	$(MAKE) $(JOBSFLAG) -C $(BuildDirectory) DESTDIR=$(ResultDirectory) install
+
+clean:
+	$(Verbose)$(RM) $(RMFLAGS) -r $(PackageSourceDir)
+	$(Verbose)$(RM) $(RMFLAGS) -r $(BuildDirectory)
+	$(Verbose)$(RM) $(RMFLAGS) -r $(ResultDirectory)
+
+include post.mak
diff --git a/sudo-1.7.4p4/ChangeLog b/sudo-1.7.4p4/ChangeLog
new file mode 100644
index 0000000..d5247b7
--- /dev/null
+++ b/sudo-1.7.4p4/ChangeLog
@@ -0,0 +1,24861 @@
+2010-09-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	When matching the runas user and runas group (-u and -g command line
+	options), keep track of runas group and runas user matches
+	separately. Only return a positive match if we have a match for
+	both runas user and runas group (if specified).
+	[68d30216c13a]
+
+2010-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c, parse.c:
+	Do not return -1 on error from the display functions; the call
+	expects a return value >= 0.
+	[e50e6ae4d06d]
+
+	* ldap.c:
+	display_bound_defaults now returns a count so make the stub return
+	0, not 1.
+	[97293ced4908]
+
+2010-09-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* get_pty.c:
+	It looks like AIX doesn't need to push STREAMS modules for ptys.
+	[62c281fcd4ad]
+
+2010-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Install sudoers file from the build dir not hte src dir.
+	[a26afd8db531]
+
+2010-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	If runas_pw changes, reset the stashed runas aux group vector.
+	Otherwise, if runas_default is set in a per-command Defaults
+	statement, the command runs with root's aux group vector (i.e. the
+	one that was used when locating the command).
+	[24a695707b67]
+
+	* Makefile.in:
+	Add target to generate sudoers file Remove generated sudoers file as
+	part of distclean
+	[448627fc35b6]
+
+2010-08-23  millert  <millert@rh4-x86.home.courtesan.com>
+
+	* exec.c:
+	When not logging I/O install a handler for SIGCONT and deliver it to
+	the command upon resume. Fixes bugzilla #431
+	[e84690aa67bd]
+
+2010-08-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Don't need to fork and wait when compiled with --disable-pam-session
+	[2ae1bbe4437a]
+
+2010-08-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* lbuf.c:
+	Convert a remaining puts() and putchar() to use the output function.
+	[d68c213feb0f]
+
+2010-08-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Replace sudoers with sudoers.in in DISTFILES
+	[616509f85d6c]
+
+	* env.c:
+	Set dupcheck to TRUE when setting new HOME value if !env_reset but
+	always_set_home is true. Prevents a duplicate HOME in the
+	environment (old value plus the new one) introduced in 9f97e4b43a4b.
+	[2672ae047984]
+
+	* configure, configure.in, sudoers, sudoers.in:
+	Substitute sysconfdir in the installed sudoers file to get the
+	correct path for sudoers.d.
+	[ab14a68e546f]
+
+2010-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* boottime.c, get_pty.c:
+	Fix typos that prevented compilation on Irix; Friedrich Haubensak
+	[a3e6c5a66890]
+
+2010-08-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	If the user hits ^C while a password is being read, error out before
+	reading any further passwords in the pam conversation function.
+	Otherwise, if multiple PAM auth methods are required, the user will
+	have to hit ^C for each one.
+	[c8f6bc58fd86]
+
+2010-08-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* exec.c:
+	Fix waitpid() loop termination condition.
+	[97719b3259f2]
+
+	* exec_pty.c:
+	Use sudo_waitpid() instead of bare waitpid()
+	[624a40269189]
+
+2010-08-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pp:
+	Set pp_kit_version and strip off patchlevel
+	[814c87778567]
+
+	* sudo.pp:
+	Better handling of versions with a patchlevel. For rpm and deb, use
+	the patchlevel+1 as the release. For AIX, use the patchlevel as the
+	4th version number. For the rest, just leave the patchlevel in the
+	version string.
+	[d18ef30f0a72]
+
+2010-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/sudo_auth.c:
+	For non-standalone auth methods, stop reading the password if the
+	user enters ^C at the prompt.
+	[59d2b1328d1e]
+
+	* check.c:
+	When removing/resetting the timestamp file ignore the tty ticket
+	contents.
+	[8b285f601ec0]
+
+2010-08-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* UPGRADE:
+	Fix typo
+	[0f443aa22e96]
+
+2010-08-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	Do not produce a warning for "sudo -k" if the ticket file does not
+	exist.
+	[eeaaa73d7f5b]
+
+2010-08-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aclocal.m4, configure:
+	Add cross-compile defaults for remaining AC_TRY_RUN usage.
+	[fb88d22eabc6]
+
+2010-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aclocal.m4, config.h.in, configure, configure.in, snprintf.c:
+	Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
+	and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
+	[5e7cc557a46e]
+
+2010-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* .hgtags:
+	Added tag SUDO_1_7_4 for changeset 2920a3b9d568
+	[e929004d5102]
+
+	* pp:
+	Debian: Remove dots from decoded release number AIX: looser matching
+	of file command output for AIX 5.1
+	[2920a3b9d568] [SUDO_1_7_4]
+
+	* .hgtags:
+	Added tag SUDO_1_7_4 for changeset 0d844aa34c1d
+	[cf65ddcec602]
+
+2010-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* exec_pty.c:
+	exec_monitor is static
+	[0d844aa34c1d]
+
+	* pp:
+	Update to latest version
+	[7b8a00defbd6]
+
+2010-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pp:
+	Let pp determine pp_aix_version itself.
+	[c5ee7944af03]
+
+	* INSTALL, config.h.in, configure, configure.in, mkpkg, sudo.c:
+	Add support for Ubuntu admin flag file and enable it when building
+	Ubuntu packages.
+	[2d97501cda0c]
+
+	* sudo.pp, sudoers:
+	Add commented out SuSE-like targetpw settings
+	[f4ad331ace46]
+
+	* configure, configure.in:
+	Only try to use +DAportable for non-GCC on hppa Check the value of
+	$pic_flag insteaf of whether the compiler is ANSI C when detecting
+	the HP-UX bundled C compiler.
+	[654da0091c16]
+
+	* configure, configure.in:
+	Prevent configure from adding the -g flag unless in devel mode
+	[e3c11f228c56]
+
+2010-07-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pp:
+	Go back to sudo-flavor to match existing packages and only use an
+	underscore for those that need it.
+	[1f78ecf3b990]
+
+	* sudo.pp:
+	Use sudo_$flavor instead of sudo-$flavor since that causes the least
+	amount of trouble for the various package managers.
+	[7e1e07115788]
+
+	* mkpkg:
+	Fix handling of the ldap flavor Remove destdir unless --debug was
+	specified Make distclean before running configure if there is a
+	Makefile present
+	[2bde3925346d]
+
+	* configure, configure.in:
+	Back out version change in 5baf2187a138
+	[bbc3a81afbba]
+
+	* mkpkg:
+	Pass extra args on to configure on HP-UX, if we don't have the HP C
+	compiler, disable zlib to prevent gcc from finding it in
+	/usr/local/lib.
+	[87201c7f1116]
+
+	* configure, configure.in, mkpkg:
+	Use the HP ANSI C compiler on HP-UX if possible
+	[5baf2187a138]
+
+	* sudoreplay.c:
+	Some getline() implementations (FreeBSD 8.0) do not ignore the
+	length pointer when the line pointer is NULL as they should.
+	[8652300785ed]
+
+	* sudoreplay.c:
+	Don't need to check for *cp being non-zero, isdigit() will do that.
+	[107301a99b6a]
+
+	* sudoreplay.c:
+	Add setlocale() so the command line arguments that use floating
+	point work in different locales. Since sudo now logs the timing
+	data in the C locale we must Parse the seconds in the timing file
+	manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
+	the number of seconds with the user's locale so if the decimal point
+	is not '.' try using the locale-specific version.
+	[2b8ed181e37c]
+
+	* exec.c:
+	Do I/O logging in the C locale so the floating point numbers in the
+	timing file are not locale-dependent.
+	[18abbca14078]
+
+	* sudoreplay.c:
+	Use errorx() not error() for thingsthat don't set errno.
+	[a2e7c6793d26]
+
+2010-07-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pp:
+	Add Tru64 kit support
+	[40e2d21aa17f]
+
+	* pp:
+	Better support for 1.2.3 style versions in Tru64 kits
+	[f7133199a711]
+
+	* pp:
+	Remove apparently unnecessary use of sudo
+	[a667a69eeab0]
+
+	* Makefile.in:
+	Create timedir as part of install-dirs target.
+	[a2e394d694dd]
+
+	* exec_pty.c:
+	Handle ENXIO from read/write which can occur when reading/writing a
+	pty that has gone away. Fixes bugzilla 422
+	[142f4c2efa17]
+
+	* pwutil.c:
+	sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
+	[82e5e46bf458]
+
+	* mkpkg:
+	platform is a pp flag not a variable
+	[9d0ab9b9bf0c]
+
+	* Makefile.in, mkpkg, sudo.pp:
+	Add simple arg parsing for mkpkg so we can set debug, flavor or
+	platform.
+	[8142ab01ccd9]
+
+	* pp:
+	Make rpm backend work on AIX 5.x
+	[2467a79d0b4d]
+
+2010-07-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers:
+	Add commented out Defaults entry for log_output
+	[b3fe97e59ae0]
+
+2010-07-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Install binary files with -b~ to make a backup. Fixes "text file
+	busy" error on HP-UX during install.
+	[3563e3e0163a]
+
+	* install-sh:
+	"mv -f" on HP-UX doesn't unlink the destination first so add an
+	explicit rm before moving the temporary into place.
+	[3994af813c88]
+
+	* configure, configure.in:
+	Some more ${foo} -> $(foo) conversion for consistent Makefiles.
+	[c214d50c32ec]
+
+2010-07-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pathnames.h.in:
+	Add missing include of maillock.h for Solaris
+	[343f04b7a581]
+
+	* NEWS, TROUBLESHOOTING, UPGRADE, configure, configure.in,
+	sample.syslog.conf, sudoers.cat:
+	Change the default syslog facility from local2 to authpriv (or auth
+	if the operating system doesn't support authpriv).
+	[949f39cf4a59]
+
+	* Makefile.in, configure, configure.in, sudo.pp:
+	Install sudoers as /etc/sudoers on RPM and debian systems where the
+	package manager will not replace a user-modified configuration file.
+	This fixes upgrades from the vendor sudo packages.
+	[74c7ff01e880]
+
+	* pp:
+	RPM: use %config(noreplace) instead of %config for volatile This
+	results in the new file being installed with a .rpmnew suffix
+	instead of the file being replaced and the old one renamed with a
+	.rpmsave suffix.
+	[166133a4fb9e]
+
+2010-07-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* boottime.c, mkstemps.c:
+	Include time.h for struct timeval.
+	[50446e0b8398]
+
+	* exec_pty.c:
+	The return value of strsignal() may be const and should be treated
+	as const regardless.
+	[c035b17b50e3]
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Mention that 127.0.0.1 will not match, nor will localhost unless
+	that is the actual host name.
+	[e9977ec7ac4f]
+
+	* Makefile.in:
+	fix typo
+	[f216d653404d]
+
+	* Makefile.in, NEWS, README, UPGRADE, WHATSNEW:
+	Rename WHATSNEW -> NEWS
+	[f3ce0a462ca0]
+
+	* pp:
+	Updated pp with latest patches
+	[cded68af5ba0]
+
+	* WHATSNEW, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h:
+	If pam is in use, wait until the process has finished before calling
+	pam_close_session().
+	[fb3d7de50a05]
+
+	* sudoers.cat, sudoers.man.in:
+	regen sudoers manual
+	[7498a058eeb1]
+
+	* UPGRADE, sudoers, sudoers.pod:
+	Add commented out line to add HOME to env_keep and add a warning to
+	the note about the HOME change in UPGRADE.
+	[0f7e08f09b9f]
+
+2010-07-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c:
+	Add LINE_MAX define for those without it.
+	[6248dd44573c]
+
+	* WHATSNEW:
+	Mention that tty_tickets is now the default.
+	[4cf26eaee5ba]
+
+	* INSTALL, UPGRADE, config.h.in, configure, configure.in, defaults.c,
+	sudoers.cat, sudoers.man.in, sudoers.pod:
+	The tty_tickets option is now on by default.
+	[73dd2b82a3a9]
+
+	* WHATSNEW:
+	Mention that AIX authdb support has been fixed.
+	[9331829dc276]
+
+	* aix.c:
+	setauthdb() only sets the "old" registry if it was set by a previous
+	call to setauthdb(). To restore the original value, passing NULL
+	(or an empty string) to setauthdb() is sufficient.
+	[d956fd763521]
+
+2010-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Mention new handling of HOME in always_set_home and set_home
+	descriptions.
+	[a69c9bed3164]
+
+	* sudo.cat, sudo.man.in, sudo.pod:
+	fix typo
+	[9b90bb3e9187]
+
+	* UPGRADE, WHATSNEW, env.c, sudo.cat, sudo.man.in, sudo.pod:
+	Reset HOME when env_reset is enabled unless it is in env_keep
+	[18223dfd1ac3]
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	The default for set_logname has been "true" for some time now.
+	[9f97e4b43a4b]
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Document that MAIL it set in env_reset mode.
+	[dcf9ad98079e]
+
+	* boottime.c:
+	Add missing include of time.h
+	[57bee414982d]
+
+	* defaults.c, sudo.c:
+	Check return value of setdefs() but don't stop setting defaults if
+	we hit an unknown one.
+	[a42cb2d6b7ed]
+
+	* logging.c:
+	Fix check for dup2() return value.
+	[916cd7fdeba7]
+
+	* visudo.c:
+	Treat an unknown defaults entry as a parse error.
+	[1f94675835d9]
+
+	* env.c:
+	Check KEPT_MAIL not DID_MAIL when determining whether to set MAIL in
+	-i and env_reset mode.
+	[aa6657ccfe01]
+
+	* env.c:
+	Add PYTHONUSERBASE to initial_badenv_table
+	[93058374f0d9]
+
+	* WHATSNEW, aclocal.m4, config.h.in, configure, configure.in, env.c,
+	pathnames.h.in, sudo.cat, sudo.man.in, sudo.pod:
+	If env_reset is enabled, set the MAIL environment variable based on
+	the target user unless MAIL is explicitly preserved in sudoers.
+	[d903c904dcd4]
+
+2010-07-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pp:
+	decode debian code names
+	[2df0ecbc23b4]
+
+	* WHATSNEW:
+	fix typo
+	[b66a95fa1869]
+
+2010-07-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW:
+	Add entry about SuSE bash script fix.
+	[04af78fa281c]
+
+	* sudo.c:
+	Restore RLIMIT_NPROC after the uid switch if it appears that
+	runas_setup() did not do it for us. Fixes a bash script problem on
+	SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
+	[bb14802d48b1]
+
+2010-07-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mkpkg, pp, sudo.pp:
+	Restore the dot removal in the os version reported by polypkg. Adapt
+	mkpkg and sudo.pp to the change.
+	[83c7870130fe]
+
+2010-07-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW:
+	Mention polypkg
+	[c5f6e40bbb58]
+
+	* README, WHATSNEW:
+	Update for sudo 1.7.4
+	[0c688f1f8160]
+
+	* INSTALL:
+	document --with-pam-login
+	[33ca3f6308ae]
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	The tag is NOSETENV, not UNSETENV. From Petr Uzel.
+	[95f37e63ca15]
+
+2010-07-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pp:
+	Include flavor in solaris package name
+	[b6d56ccf367e]
+
+	* mkpkg:
+	Older shells don't support IFS= so set explictly to space, tab,
+	newline.
+	[336925525e17]
+
+	* mkpkg:
+	Use '=' not '==' in test
+	[98c692271cfd]
+
+	* mkpkg:
+	Fix typo that prevented debian from matching
+	[af4deec35e37]
+
+	* mkpkg:
+	Add missing prefix setting for debian
+	[d0c1941cb6ec]
+
+	* sudo.pp:
+	Use tab indents to reduce the chance of problem with <<- Uncomment
+	some env_keep lines for RHEL, SLES and Debian to more closely match
+	the vendor sudoers files.
+	[74ba26566cdc]
+
+	* sudo.pp:
+	Fix indentation Fix the debian %set section, pp does not set
+	pp_deb_distro Uncomment %sudo line in sudoers for debian Add pam.d
+	to %files for debian Remove the /etc/sudo-ldap.conf symlink on
+	debian for ldap flavor
+	[f15ff41b5afd]
+
+	* sudoers:
+	Add commented out env_keep entries, sample Aliases and a %sudo line
+	for debian.
+	[8264e4ed42dc]
+
+	* configure, configure.in:
+	Remove check for egrep; configure has its own
+	[27b3d85ebf4f]
+
+	* configure.in:
+	Use enable_zlib instead of enableval for consistency
+	[4a15cfd43d3e]
+
+2010-07-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mkpkg:
+	Enable zlib for linux distros
+	[fcab91448bb0]
+
+	* mkpkg:
+	Add ldap flavor to default build
+	[e35a577c8994]
+
+	* mkpkg, sudo.pp:
+	Simplify rpm linux distro settings
+	[f30547765636]
+
+	* UPGRADE, aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
+	sudoers.cat:
+	Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
+	[8c9440423d98]
+
+	* Makefile.in, mkpkg, sudo.pp:
+	Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
+	environment variable.
+	[9f418defc08a]
+
+	* sudo.pp:
+	Create sudo group on debian
+	[4b0cc7b8b0b5]
+
+	* mkpkg, sudo.pp:
+	Add debian 4/5/6 and use the dot when doing version matches
+	[d5184f0a1efc]
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Remove spurious "and"; from debian
+	[8b9f2a5937bc]
+
+	* aclocal.m4, configure:
+	Use a loop when searching for mv, sendmail and sh
+	[a1c7d19721a4]
+
+	* aclocal.m4, configure, configure.in, sudoers.cat, sudoers.man.in,
+	sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
+	Substitute the value of EDITOR into the sudoers and visudo manuals.
+	[f00dc9343f94]
+
+2010-07-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mkpkg, pp, sudo.pp:
+	Initial debian 4.0 support
+	[6d73c000723f]
+
+	* mkpkg:
+	Some platforms need -fPIE instead of -fpie
+	[8533a29633e8]
+
+	* Makefile.in:
+	Add packaging bits to DISTFILES
+	[dea9f374f28b]
+
+	* auth/pam.c:
+	Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
+	On Linux it causes a DNS lookup via libaudit.
+	[22e04d2f5f0f]
+
+	* sudo.psf:
+	We now use pp to generate HP-UX packages
+	[6c9f8ae6bc11]
+
+2010-07-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	Fix indentation
+	[e52e9e6338d5]
+
+	* INSTALL, Makefile.in:
+	isntall-man -> install-doc
+	[02cc8198ea7a]
+
+	* configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+	sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+	sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+	Bump version to 1.7.4
+	[df6ce4ea908a]
+
+	* INSTALL.binary, Makefile.binary.in, Makefile.in:
+	Remove remaining bits of the old binary package
+	[8d4f82c23c22]
+
+	* sudo.pp:
+	Use http://rc.quest.com/topics/polypkg/ for packaging
+	[d71793085629]
+
+	* Makefile.in, mkpkg, pp:
+	Use http://rc.quest.com/topics/polypkg/ for packaging
+	[675e505758c5]
+
+	* install-sh:
+	Just ignore the -c option, it is the default Add support for -d
+	option
+	[2adfb3a63231]
+
+	* env.c, logging.c, pathnames.h.in:
+	Use _PATH_STDPATH instead of _PATH_DEFPATH
+	[2c22d54a1f02]
+
+	* Makefile.in:
+	Do not strip binaries.
+	[bc84682b372c]
+
+	* INSTALL, configure, configure.in:
+	Add --insults=disabled configure option to allow people to build in
+	insult support but have the insults disabled unless explicitly
+	enabled in sudoers.
+	[6d9f40db9cca]
+
+2010-07-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c, sudoreplay.c:
+	Fix K&R compilation
+	[e44d3be7ab85]
+
+2010-07-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c, config.h.in, configure, configure.in, env.c, sudo.c,
+	sudo.h:
+	Add support for a sudo-i pam.d file to be used for "sudo -i".
+	Adapted from a RedHat patch.
+	[2984c3831d88]
+
+	* Makefile.in:
+	Fix installation of sudo_noexec.so
+	[d1f7ca8331b6]
+
+	* Makefile.in, config.h.in, configure, configure.in, missing.h,
+	mkstemp.c, mkstemps.c, sudo_edit.c:
+	Use mkstemps() instead of mkstemp() in sudoedit. This allows
+	sudoedit to preserve the file extension (if any) which may be used
+	by the editor (like emacs) to choose the editing mode.
+	[46399679d9ae]
+
+2010-07-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+	TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
+	TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
+	code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
+	should avoid disabling TLS_CHECKPEER is possible.
+	[1d626a5cf8c0]
+
+2010-07-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	Add suport for negated user/host/command lists in a Defaults entry.
+	E.g. Defaults:!baduser noexec
+	[24f07a805dce]
+
+2010-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.ldap.pod:
+	fix typo.
+	[d5f2922cecf2]
+
+2010-06-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* .hgtags:
+	Added tag SUDO_1_7_3 for changeset 72fd1f510a08
+	[cc8b2277e17e]
+
+	* configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+	sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+	sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+	Sudo 1.7.3 GA
+	[72fd1f510a08] [SUDO_1_7_3]
+
+	* alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
+	auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+	auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+	auth/securid5.c, auth/sia.c, auth/sudo_auth.c, boottime.c, check.c,
+	defaults.c, env.c, exec.c, exec_pty.c, fileops.c, find_path.c,
+	fnmatch.c, get_pty.c, getcwd.c, getdate.c, getdate.y, getline.c,
+	getspwuid.c, glob.c, goodpath.c, gram.c, gram.y, interfaces.c,
+	iolog.c, lbuf.c, ldap.c, logging.c, match.c, parse.c, parse_args.c,
+	pwutil.c, set_perms.c, snprintf.c, sudo.c, sudo_edit.c, sudo_nss.c,
+	sudoreplay.c, term.c, testsudoers.c, tgetpass.c, toke.c, toke.l,
+	tsgetgrpw.c, visudo.c:
+	Include strings.h even if string.h exists since they may define
+	different things. Fixes warnings on AIX and others.
+	[7c6de7fb5dba]
+
+	* env.c:
+	Do not rely on env.env_len when unsetting a variable, just use the
+	NULL terminator.
+	[faf088613ce5]
+
+	* env.c:
+	In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
+	[47f8dfcc7a48]
+
+2010-06-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+	Mention that multiple URI lines are merged into a single one.
+	[1dc0ac5929bf]
+
+	* WHATSNEW:
+	Document AIX fixes
+	[be36e8a6dddd]
+
+2010-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c, sudo.c, sudo.h:
+	For env_init() just use environ not the envp from main().
+	[d4f3e374caeb]
+
+2010-06-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+	sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+	sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+	Update version to 1.7.3rc1
+	[fe43fe79070d]
+
+	* TODO:
+	fqdn issue is resolved
+	[f35cb63eb74b]
+
+	* env.c:
+	In unsetenv(), assign ep in the for loop instead of doing it
+	earlier. This version of the code does not change env.envp in
+	between when ep is assigned and when it is used but older versions
+	(e.g. 1.7.2) do.
+	[a4cd29c862c9]
+
+	* aix.c:
+	Use S_REGISTRY instead of S_AUTHSYSTEM as the argument to
+	getuserattr() when fetching the administrative domain to be used by
+	setauthdb(). This was suggested by AIX support and is consistent
+	with what OpenSSH does.
+	[d3109706ec85]
+
+	* vasgroups.c:
+	Use warningx() instead of log_error() since the latter is not
+	available to visudo or testsudoers. This does mean that they don't
+	end up in syslog.
+	[0174e89f983b]
+
+	* sudo.c:
+	Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
+	closed the sudoers sources. From Quest sudo.
+	[c1b33e3e0f9e]
+
+	* pwutil.c:
+	Ignore case when matching user/group names in the cache. From Quest
+	sudo.
+	[72df368a8a0e]
+
+2010-06-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, selinux.c:
+	Add check for setkeycreatecon() when --with-selinux is specified.
+	[24144c52c0cc]
+
+	* configure, configure.in:
+	Bump version to 1.7.3b5 Error out if libaudit.h is missing or
+	ununable when --with-linux-audit was specified
+	[215c7653d9bc]
+
+	* aix.c:
+	K&R function declaration for aix_setauthdb()
+	[82da12d222a6]
+
+	* env.c, sudo.c, sudo.h:
+	If env_init() was called implicitly via getenv(), setenv() or
+	putenv() just use the specified envp instead of mallocing a new
+	copy. This prevents an infinite loop on OpenBSD which calls
+	getenv() from malloc() to get MALLOC_OPTIONS.
+	[8e82ce63f774]
+
+	* ldap.c:
+	Add support for multiple URI lines by joining the contents and
+	passing the result to ldap_initialize.
+	[b4e10b2ffdb1]
+
+2010-06-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c, set_perms.c, sudo_nss.c:
+	Bracket initgroups with calls to aix_setauthdb() and
+	aix_restoreauthdb()
+	[363dbe449f1c]
+
+	* aix.c:
+	Include compat.h before alloc.h to get __P
+	[819a2667ffd7]
+
+	* auth/aix_auth.c:
+	Include usersec.h for authenticate() prototype
+	[2b8dd2b67131]
+
+	* aix.c:
+	Add missing includes Add missing trailing NUL in userinfo string
+	[8deaedf44943]
+
+2010-06-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* HISTORY, history.pod:
+	Mention when LDAP was incorporated.
+	[4e6c8ec4f67c]
+
+2010-06-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
+	not covered by _ALL_SOURCE.
+	[3657f1b181b9]
+
+	* pwutil.c:
+	Include usersec.h on AIX to get IDtouser() prototype.
+	[11483bbe15c7]
+
+	* configure.in:
+	Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
+	not covered by _ALL_SOURCE.
+	[fd48e6e2136b]
+
+2010-06-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* iolog.c:
+	Add a cast to quiet a compiler warning.
+	[51e9d419bd83]
+
+	* boottime.c:
+	Use memset() instead of zero_bytes() since we don't include sudo.h
+	[f310b2123ba9]
+
+	* Makefile.in:
+	getline.o is already in LIB_OBJS, do not need it in COMMON_OBJS
+	[c8750c2d75ab]
+
+	* getdate.c, getdate.y:
+	Quiet a compiler warning.
+	[9f231be15958]
+
+	* defaults.c, sudo.c:
+	Call set_fqdn() after sudoers has parsed instead of inline as a
+	callback.
+	[26d413ddb6dd]
+
+	* WHATSNEW:
+	Do not call set_fqdn() until sudoers parses (where is gets run as a
+	callback).
+	[582453a993a1]
+
+	* sudo.c:
+	Do not call set_fqdn() until sudoers parses (where is gets run as a
+	callback). Otherwise, if sudo is built --with-fqdn the fqdn will be
+	set even if !fqdn is set in sudoers.
+	[aa01e867d1bb]
+
+	* configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+	sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+	sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+	Bump version to 1.7.3b4
+	[c1c5a73766b6]
+
+	* WHATSNEW:
+	mention the change in tty ticket behavior when there is no tty
+	[93ddde63e453]
+
+	* TODO:
+	remove done items
+	[9601b2e8dcef]
+
+	* aix.c:
+	Remove comment; NAME in usrinfo should be user name.
+	[eb46f1e8ea08]
+
+	* check.c:
+	Do not update tty ticket if there is no tty.
+	[e64e8c8f2286]
+
+	* sudo.cat, sudo.man.in, sudo.pod:
+	No longer need to use -- with the -s flag
+	[e45c18dd79dc]
+
+	* Makefile.in:
+	Add missing $(srcdir) to sudo.man.in target
+	[2bd89f6ca9f3]
+
+	* Makefile.in:
+	Do not rely on BSD make's $>
+	[cb328b82cb92]
+
+	* configure, configure.in:
+	Set timedir to /var/db/sudo for darwin to match Apple sudo's
+	location
+	[860c7f1b001f]
+
+2010-06-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, configure, configure.in:
+	Move aix.o from SUDO_OBJS to COMMON_OBJS
+	[f8a9bdf346c1]
+
+	* config.h.in, configure, configure.in, defaults.c, iolog.c,
+	sudoreplay.c:
+	Check for zlib.h in addition to libz.
+	[fb77e44d5196]
+
+	* Makefile.in, exec.c, exec_pty.c, sudo.h, sudo_exec.h:
+	Move functions and symbols shared between exec.c and exec_pty.c into
+	sudo_exec.h.
+	[e798d945424e]
+
+	* sudo.h:
+	Add missing prototypes for aix_setauthdb and aix_restoreauthdb
+	[8bc2af6d4e17]
+
+	* Makefile.in:
+	Comment out rules to build .man.in and .cat files unless --with-
+	devel
+	[81d6726a19ab]
+
+	* aix.c, pwutil.c, set_perms.c, sudo.h:
+	Fix AIX compilation problems.
+	[7d95f73eca42]
+
+	* sudo.c:
+	Cast isalnum() arg to unsigned char.
+	[5fff9a81af00]
+
+	* WHATSNEW:
+	Add Linux audit support.
+	[e59e0670ba79]
+
+	* sudo.c:
+	Quote any non-alphanumeric characters other than '_' or '-' when
+	passing a command to be run via the shell for the -s and -i options.
+	[d35a3f4cb3c0]
+
+	* sudo.c:
+	Add missing braces that broke -i mode.
+	[7fe124b078ec]
+
+	* linux_audit.c:
+	Fix linux_audit_command() return value
+	[0c582476181c]
+
+2010-06-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, linux_audit.c, linux_audit.h:
+	Add Linux audit support.
+	[b207dc9960de]
+
+2010-06-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, audit.c, bsm_audit.c, config.h.in, configure, configure.in,
+	logging.h, selinux.c:
+	Add Linux audit support.
+	[26ae31d7ff93]
+
+2010-06-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+	Sync sudoreplay with trunk
+	[65b780cccfa5]
+
+	* exec_pty.c:
+	Remove an XXX
+	[8304ac649241]
+
+	* aix.c, configure, configure.in, pwutil.c, set_perms.c, sudo.h:
+	Set usrinfo for AIX Set adminstrative domain for the process when
+	looking up user's password info and when preparing for execve().
+	[52b48cbe97fd]
+
+	* ldap.c, parse.c:
+	Better prefix determination now that we can't rely on len==0 to tell
+	the beginning on an entry.
+	[32f1875d9605]
+
+	* WHATSNEW, ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in,
+	sudoers.ldap.pod:
+	Add support for multiple sudoers_base entries in ldap.conf. From
+	Joachim Henke
+	[3c0b59fce7b4]
+
+	* configure, configure.in:
+	Remove duplicate setsid check
+	[7712d6d52da1]
+
+	* Makefile.in, config.h.in, configure, configure.in, exec_pty.c,
+	logging.c, missing.h, setsid.c:
+	Move setsid emulation into setsid.c
+	[f24743c9e4e9]
+
+	* exec_pty.c, logging.c, selinux.c, sudo.c, tgetpass.c:
+	Check for dup2() failure.
+	[b1b6ba761b61]
+
+	* config.h.in, configure, configure.in:
+	Remove dup2 check, it is not optional.
+	[cfbe5f3b5956]
+
+2010-06-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW:
+	Add mbr_check_membership support and SELinux fixes
+	[af1936a7cf2f]
+
+	* Makefile.in:
+	Sync SRCS and DISTFILES with reality
+	[0971b5dcb1be]
+
+	* INSTALL:
+	Update OS specific notes. Delete some really ancient ones and move
+	older ones to the end of the list.
+	[872dd8b437a8]
+
+	* README:
+	Bump for sudo 1.7.3 Merge some changes from trunk
+	[a3088c75bf22]
+
+	* selinux.c, sudo.c:
+	Call selinux_restore_tty() as part of cleanup() so it gets called
+	from error()/errorx()
+	[0197c07d4c1e]
+
+	* compat.h:
+	No longer use SA_NOCLDSTOP
+	[73ca654cd3f8]
+
+	* interfaces.h, match.c:
+	Move union sudo_in_addr_un into interfaces.h
+	[c84bda7c332a]
+
+	* pathnames.h.in:
+	Update copyright year
+	[94871f44206b]
+
+	* HISTORY, LICENSE, aix.c, alias.c, alloc.h, boottime.c, bsm_audit.h,
+	compat.h, defaults.c, defaults.h, env.c, fileops.c, find_path.c,
+	gettime.c, gram.y, history.pod, lbuf.h, license.pod, logging.c,
+	match.c, missing.h, nanosleep.c, parse.h, set_perms.c,
+	sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
+	sudoreplay.c, term.c, tgetpass.c, toke.l, visudo.c, visudo.cat,
+	visudo.man.in, visudo.pod:
+	Update copyright year
+	[4cfb47c799b8]
+
+	* Makefile.in:
+	Remove varsub as part of clean
+	[61f04a21b0bb]
+
+	* match.c:
+	Quiet a compiler warning.
+	[06d8cfe916c8]
+
+	* getdate.c, getdate.y:
+	Quiet a compiler warning.
+	[473d2b7d44a1]
+
+	* ldap.c, sudo.h:
+	Make the remaining functions in ldap.c static
+	[ba555565b30a]
+
+	* ldap.c:
+	Make private functions static. Diff from Joachim Henke
+	[1603035b1863]
+
+	* schema.ActiveDirectory:
+	Updates from Alain Roy to provide better examples for importing the
+	schema and to fix problems caused by Windows validating attributes
+	which have not yet been added before committing the changes.
+	[83f11ae00f19]
+
+2010-06-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, configure, configure.in, sudo.cat, sudoers.cat:
+	Generate .cat files directly from .man.in instead of .man using
+	default values in configure.in
+	[0a92b41c5ce5]
+
+2010-06-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in, sudo.c, sudo_usage.h.in:
+	Print configure args with verbose version information.
+	[ca4a5fcf0af8]
+
+	* visudo.c:
+	Remove tfd from struct sudoersfile; it is not used. Add prev pointer
+	to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
+	Use tq_append to append sudoers entries to the tail queue.
+	[344c631d0d43]
+
+2010-06-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW:
+	Describe tty timestamp improvements
+	[136b0f832903]
+
+	* toke.c, toke.l:
+	A comment character may not be part of a command line argument
+	unless it is quoted with a backslash. Fixes parsing of:
+	testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
+	[2a0c82ffedde]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+	regen
+	[c9fddd23c7e1]
+
+	* sudoers.pod:
+	Make this read a little bit better when passwd_timeout is 0.
+	[51644950823f]
+
+	* Makefile.in:
+	Use the --file argument to config.status instead of setting
+	CONFIG_FILES
+	[fc2b42c60b5d]
+
+	* sudo.man.pl, sudo.pod:
+	Attempt to handle a default password prompt timeout of zero more
+	gracefully.
+	[478b8e720993]
+
+	* toke.c, toke.l:
+	Do not override value of keepopen global, instead restore it to the
+	value we pushed onto the stack when popping.
+	[dc370d57a668]
+
+	* exec.c, exec_pty.c, logging.c, mon_systrace.c, tgetpass.c:
+	Use SA_INTERRUPT in sa_flags
+	[3845c6637361]
+
+	* getdate.c, getdate.y, ldap.c, sudoreplay.c:
+	Silence some compiler warnings
+	[112ac65afd0c]
+
+2010-06-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* exec.c, exec_pty.c, sudo.c, sudo.h:
+	Implement background mode. If I/O logging we use pipes instead of a
+	pty.
+	[8d448eaf2aaa]
+
+	* compat.h, exec.c, exec_pty.c, mksiglist.c, strsignal.c, tgetpass.c:
+	Move compat definition of NSIG to compat.h
+	[cae72a4c9dec]
+
+	* tgetpass.c:
+	Ignore SIGPIPE for "sudo -S"
+	[c6595c8527c4]
+
+	* tgetpass.c:
+	Properly handle TGP_ECHO again. Print a newline if the user
+	interrupted password input.
+	[15acbe4fb535]
+
+	* exec_pty.c:
+	Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
+	[dd041fc9554c]
+
+2010-06-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* exec.c, exec_pty.c, selinux.c, sudo.c, sudo.h:
+	Return an error from selinux_setup() instead of exiting. Call
+	selinux_setup() from exec_setup().
+	[b518225cafba]
+
+	* compat.h:
+	Add definition of WCOREDUMP for systems without it. This is known
+	to work on AIX and SunOS 4, but may be incorrect on other systems
+	that lack WCOREDUMP.
+	[365e56db7cd5]
+
+	* check.c, compat.h, config.h.in, configure, configure.in, iolog.c,
+	nanosleep.c, sudo_edit.c, visudo.c:
+	Replace timerfoo macros with timevalfoo since the timer macros are
+	known to be busted on some systems.
+	[4bb5228606c5]
+
+	* toke.c, toke.l:
+	If a file in a #includedir has improper permissions or owner just
+	skip it. This prevents packages that incorrectly install a file
+	into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
+	#includedir files still result in a parse error (for now).
+	[b7fb75eddb77]
+
+	* TODO, auth/pam.c, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h:
+	Defer call to pam_close_session() until after the command finishes
+	if there is a monitor process.
+	[0a39c8e6a81b]
+
+	* WHATSNEW, def_data.c, def_data.h, def_data.in, exec.c, sudoers.cat,
+	sudoers.man.in, sudoers.pod:
+	Add use_pty sudoers option to force use of a pty even when not
+	logging I/O.
+	[aea971f1456a]
+
+	* env.c, sudo.c, sudo.h:
+	Instead of trying to keep the global environment in sync with our
+	private copy, provide our own getenv() that returns values from the
+	private environment and use env_get() to pass the environment in to
+	run_command().
+	[58c85c5695dc]
+
+	* set_perms.c:
+	Fix typo
+	[0f677fcdde04]
+
+2010-06-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.h:
+	Rename pty.c -> get_pty.c
+	[39137dcc4420]
+
+	* iolog.c:
+	Add #define for maximum session id
+	[2a487437f013]
+
+	* Makefile.in, configure, configure.in, exec.c, exec_pty.c, iolog.c,
+	selinux.c, sudo.c, sudo.h, sudo_edit.c:
+	Split exec.c into exec.c and exec_pty.c Pass a flag in to
+	sudo_execve to indicate whether we need to wait for the command
+	to finish (fork + execve vs. execve).
+	[b197515585db]
+
+	* Makefile.in, configure, configure.in, get_pty.c, pty.c:
+	Rename pty.c -> get_pty.c
+	[c0e5270bb28a]
+
+	* aclocal.m4, configure, configure.in:
+	Fix --without-iologdir
+	[dcd6c5907b10]
+
+2010-06-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* iolog.c:
+	Only use I/O input log file if def_log_input is set and output file
+	if def_log_output is set.
+	[96cdd49be996]
+
+2010-06-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse_args.c, sudo.c:
+	Include sudo_usage.h after sudo.h now that it has function
+	prototypes to guarantee that __P is defined.
+	[c67b77f8d6b1]
+
+2010-06-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	Do signal setup after turning off echo, not before. If we are using
+	a tty but are not the foreground pgrp this will generate SIGTTOU so
+	we want the default action to be taken (suspend process). Use an
+	array for signals received instead of a single variable so we don't
+	lose any when there are multiple different signals.
+	[de356064ea01]
+
+	* defaults.h, lbuf.h, sudo.h:
+	Reorg function prototypes a bit
+	[5c40f58bb28e]
+
+	* Makefile.in, parse_args.c, sudo.c, sudo.h, sudo_usage.h.in:
+	Move argument parsing into parse_args.c
+	[fad7b8737c12]
+
+	* Makefile.in, config.h.in, configure, configure.in, missing.h,
+	mksiglist.c, mksiglist.h, siglist.in, strsignal.c:
+	Build our own sys_siglist for systems that lack it.
+	[3b5f671936dc]
+
+	* exec.c, iolog.c, missing.h, sudo_edit.c:
+	K&R fixes
+	[dad62986f2fe]
+
+	* exec.c, pty.c, sudo.c, sudo.h, sudo_edit.c:
+	Log sudoedit sessions as well; adapted from trunk
+	[2c5d9695022b]
+
+	* configure:
+	regen
+	[9b319e89a6c4]
+
+	* INSTALL, Makefile.in, WHATSNEW, aclocal.m4, configure, configure.in,
+	def_data.c, def_data.h, def_data.in, defaults.c, exec.c, gram.c,
+	gram.h, gram.y, iolog.c, parse.c, parse.h, pathnames.h.in, pty.c,
+	script.c, selinux.c, sudo.c, sudo.h, sudoers.cat, sudoers.man.in,
+	sudoers.pod, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
+	sudoreplay.pod, term.c:
+	Merge I/O logging changes from trunk. Disabling I/O log support at
+	compile time does not currently work. Sudoedit is not yet hooked up
+	to I/O logging.
+	[968c2c74c69b]
+
+2010-06-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, configure, configure.in:
+	Add --enable-warnings configure option
+	[19cf967c36d1]
+
+	* check.c, lbuf.h, script.c, sudo.c, sudo_nss.c:
+	Fix K&R compilation issues on HP-UX.
+	[c01a547cdcf8]
+
+	* lbuf.c, lbuf.h, ldap.c, parse.c, sudo.c, sudo_nss.c:
+	Pass in output function to lbuf_init() instead of writing to stdout.
+	A side effect is that the usage info can now go to stderr as it
+	should. Add support for embedded newlines in lbuf and use that
+	instead of multiple calls to lbuf_print.
+	[596a427ff873]
+
+	* configure, configure.in, sudo.man.pl, sudoers.man.pl:
+	Use numeric registers to handle conditionals instead of trying to do
+	it all with text processing.
+	[31570c372e0e]
+
+	* sudoers.pod:
+	Document per-command SELinux settings
+	[bbce5acad1be]
+
+	* sudo.pod:
+	timestamp -> time stamp
+	[d7335ce6286f]
+
+	* tsgetgrpw.c:
+	Set close on exec flag in private versions of setpwent() and
+	setgrent().
+	[954814bdbd56]
+
+	* logging.c:
+	Make send_mail() take a printf-style argument list
+	[0783ad585062]
+
+	* Makefile.binary.in, Makefile.in, aclocal.m4, acsite.m4,
+	config.guess, config.h.in, config.sub, configure, configure.in,
+	ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
+	m4/ltversion.m4, m4/lt~obsolete.m4:
+	Update to autoconf 2.65 and libtool 2.2.6b
+	[3544dd2f1a94]
+
+	* boottime.c:
+	Don't use TRUE/FALSE which may not be defined.
+	[8649bf22b3b2]
+
+	* sudo.cat, sudo.man.in, sudo.pod:
+	Document new tty_ticket behavior
+	[0663e0390338]
+
+	* find_path.c, sudo.c, sudo.h, visudo.c:
+	Make find_path() a little more generic by not checking def_foo
+	variables inside it. Instead, pass in ignore_dot as a function
+	argument.
+	[16c3f27cd9b9]
+
+	* check.c:
+	Store info from stat(2)ing the tty in the tty ticket when tty
+	tickets are in use. If the tty lives on a devpts (Linux) or devices
+	(Solaris) filesystem, stash the ctime in the tty ticket file, as it
+	is not updated when the tty is written to. This helps us determine
+	when a tty has been reused without the user authenticating again
+	with sudo.
+	[f9aec9ab9054]
+
+	* boottime.c, check.c, sudo.h:
+	get_boottime() now fills in a timeval struct
+	[dbd2003659c0]
+
+2010-06-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c, compat.h, config.h.in, configure, configure.in, fileops.c,
+	gettime.c, sudo.h, sudo_edit.c, visudo.c:
+	Use timeval directly instead of converting to timespec when dealing
+	with file times and time of day.
+	[c85bf3e41839]
+
+	* auth/pam.c:
+	Fix OpenPAM detection for newer versions.
+	[67f29a0703d0]
+
+	* vasgroups.c:
+	Sync with Quest sudo git repo
+	[2680ad9762c2]
+
+	* aclocal.m4, configure, configure.in:
+	HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
+	libvas may need libdl for dlopen() Add missing template for
+	ENV_DEBUG Adapted from Quest sudo
+	[6c886eb9070a]
+
+	* README.LDAP:
+	Fix typos; from Quest Sudo
+	[cf258fc69f1a]
+
+	* Makefile.in, configure.in:
+	Use value of SHELL from configure in Makefile
+	[08aaf12221d6]
+
+2010-05-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Handle duplicate variables in the environment. For unsetenv(), keep
+	looking even after remove the first instance. For sudo_putenv(),
+	check for and remove dupes after we replace an existing value.
+	[086c6397d8cd]
+
+2010-04-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Fix a crash when checking a sudoers file that has aliases that
+	reference themselves. Based on a diff from David Wood.
+	[5efc702a3b35]
+
+2010-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* alias.c:
+	Fix use after free in error message when a duplicate alias exists.
+	[9eaac49bd22b]
+
+2010-04-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Set errorfile to the sudoers path if we set parse_error manually.
+	This prevents a NULL dereference in printf() when checking a sudoers
+	file in strict mode when alias errors are present.
+	[b4eed2f0615d]
+
+2010-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO, sudoers.cat, sudoers.man.in, sudoers.pod:
+	Fix typo
+	[57198cae9cf5]
+
+2010-04-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* find_path.c:
+	Qualify the command even if it is in the current working directory,
+	e.g. "./foo" instead of just returning "foo". This removes an
+	ambiguity between real commands and possible pseudo-commands in
+	command matching.
+	[fb4d571495fa]
+
+2010-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Add a note about the security implications of the fast_glob option.
+	[84f8097553d9]
+
+	* memrchr.c:
+	Remove duplicate includes
+	[3e8d90f4c30f]
+
+2010-03-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Fix installation of sudoers.ldap in "make install" when --with-ldap
+	was specified without a directory. From Prof. Dr. Andreas Mueller
+	[5177a284b9ff]
+
+2010-03-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	When doing a glob match, short circuit if gl.gl_pathc is 0. From
+	Mark Kettenis.
+	[549f8f7c2463]
+
+2010-03-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Use parent process group id instead of parent process id when
+	checking foreground status and suspending parent. Fixes an issue
+	when running commands under /usr/bin/time and others.
+	[eac86126e335]
+
+	* env.c:
+	In setenv(), if the var is empty, return 1 and set errno to EINVAL
+	instead of returning EINVAL directly.
+	[d202091ec15e]
+
+2010-02-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	Check for pseudo-command by looking at the first character of the
+	command in sudoers instead of checking the user-supplied command for
+	a slash.
+	[88f3181692fe]
+
+2010-02-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.l:
+	Avoid a duplicate fclose() of the sudoers file.
+	[164d39108dde]
+
+	* toke.l:
+	Fix size arg when realloc()ing include stack. From Daniel Kopecek
+	[8900bccef219]
+
+2010-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aix.c, config.h.in, configure, configure.in:
+	Use setrlimit64(), if available, instead of setrlimit() when setting
+	AIX resource limits since rlim_t is 32bits.
+	[2cbb14d98fc1]
+
+	* logging.c:
+	Fix use after free when sending error messages. From Timo Juhani
+	Lindfors
+	[caf183fd9d94]
+
+2010-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ChangeLog, Makefile.in:
+	Generate the ChangeLog as part of "make dist" instead of having it
+	in the repo.
+	[836c31615859]
+
+2010-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Generate correct ChangeLog for 1.7 branch.
+	[586dd90b8878]
+
+2010-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
+	auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+	auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+	auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
+	auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
+	closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
+	emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
+	fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
+	gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
+	ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
+	isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
+	logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
+	mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
+	pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
+	sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
+	sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
+	strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
+	sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
+	sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
+	sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
+	term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
+	utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
+	Remove CVS $Sudo$ tags.
+	[de683a8b31f5]
+
+2009-12-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_usage.h.in:
+	make this match sudoers SYNOPSIS
+	[c74ba66944c2]
+
+	* lbuf.c, parse.c:
+	Print a newline between Runas and Command-specific defaults in sudo
+	-l.
+	[b5bdfcc9ce4b]
+
+	* term.c:
+	Use SET and CLR macros in term_raw
+	[50ca42609d6c]
+
+	* sudoreplay.c:
+	Set stdin to non-blocking mode early instead of in check_input. Use
+	term_raw instead of term_cbreak since the data we get has already
+	been expanded via OPOST.
+	[51c47e803d62]
+
+2009-12-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c, term.c:
+	Enable/disable all postprocessing instead of just nl->crnl
+	processing since things like tab expansion matter too. However, if
+	stdout is a tty leave postprocessing on in the pty since we run into
+	problems doing it only on the real stdout with .e.g nvi.
+	[62666e309673]
+
+2009-12-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	If tty_tickets is enabled and there is no tty, prompt for a
+	password. Do not lecture user for "sudo -k command" if user has a
+	timestamp.
+	[5880200c5f6b]
+
+	* INSTALL:
+	Document missing options: --with-efence and --with-bsm-audit
+	[d83afcdf9ff3]
+
+	* sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
+	sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
+	sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
+	visudo.man.in, visudo.pod:
+	username -> user name groupname -> group name hostname -> host name
+	[10c85646f45d]
+
+	* INSTALL, README.LDAP, sudoers.pod:
+	filename -> file name like the rest of the docs
+	[1ef8ab5a9018]
+
+2009-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Fix printing of entries with multiple host entries on a single line.
+	[226ceaf91d8d]
+
+2009-12-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Mention that targetpw affects the timestamp file name.
+	[a26e22e4f72e]
+
+	* def_data.c, def_data.h, def_data.in, defaults.c, script.c,
+	sudoers.pod:
+	Add compress_transcript option.
+	[6e94f8cb9dfb]
+
+2009-12-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	bump to 1.7.3b2
+	[906d7e347d15]
+
+	* pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
+	Better split of membership vs. traditional group check in
+	user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
+	[6ebc55d4716b]
+
+2009-12-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c:
+	Fix pasto and add default return value.
+	[7973b5e4599c]
+
+	* check.c, match.c, pwutil.c, sudo.h:
+	refactor group member checking into user_in_group()
+	[48ca8c2eddf8]
+
+	* check.c, config.h.in, configure, configure.in, match.c, sudo.c,
+	sudo.h:
+	Add support for mbr_check_membership() as present in darwin.
+	[5501aed02b9f]
+
+2009-12-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	Rename label to be accurate
+	[3af17dd960f7]
+
+	* Makefile.in, boottime.c, check.c, config.h.in, configure,
+	configure.in, sudo.h:
+	Treat timestamp files from before we booted as old. Idea from and
+	Apple patch.
+	[5c96e484c05a]
+
+2009-12-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c, sudo.pod, sudo_usage.h.in:
+	Allow the -u flag to be used in conjunction with the -v flag as per
+	older versions of sudo.
+	[591e9fc13c1a]
+
+	* logging.c:
+	fix typo in last commit
+	[4fd0c692dcf0]
+
+2009-12-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	Convert fmt_first and fmt_confd into macros.
+	[32e870158b29]
+
+	* sudoers.pod:
+	timeouts can be floats now
+	[89de639a9679]
+
+	* WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
+	defaults.h, mkdefaults:
+	Add support for floating point timeout values (e.g. 2.5 minutes).
+	[210ffa291733]
+
+2009-12-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod:
+	The -L flag will be removed in sudo 1.7.4
+	[ffd026084333]
+
+2009-12-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c:
+	Fix a bug due to order of operators.
+	[938d34464283]
+
+2009-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	cmnd_matches() already deals with negation so _cmndlist_matches()
+	does not need to do so itself. Fixes a bug with negated entries in
+	a Cmnd_List.
+	[71c845f6ce73]
+
+2009-11-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Don't exit() from open_sudoers, just return NULL for all errors.
+	[8cfa832f972a]
+
+	* script.c:
+	Can't rely on the shell sending us SIGCONT when transitioning from
+	backgroup to foreground process.
+	[3c6c5b6cb4b3]
+
+	* toke.c, toke.l:
+	Add missing extern def for parse_error
+	[45b7b59d03b7]
+
+2009-11-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	Avoid a parse error when #includedir doesn't find any files. Closes
+	bug #375
+	[1ce1b850e9e6]
+
+	* Makefile.in:
+	Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
+	[6a22e32da108]
+
+2009-11-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Start command out in foreground mode if stdout is a tty. Works
+	around issues with some curses-based programs that don't handle
+	tcsetattr getting interrupted by a signal. Still allows us to avoid
+	hogging the tty if the command is part of a pipeline.
+	[1c32f2b94769]
+
+	* script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
+	Use a socketpair to pass signals from parent to child. Child will
+	now pass command status change info back via the socketpair. This
+	allows the parent to distinguish between signals it has been sent
+	directly and signals the command has received. It also means the
+	parent can once again print the signal notifications to the tty so
+	all writes to the pty master occur in the parent. The command is
+	now always started in background mode with tty signals handled by
+	the parent.
+	[c6790b82986d]
+
+2009-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Fix a few typos in the descriptions; from Jeff Makey Only do the
+	check for krb5_get_init_creds_opt_free() taking two arguments if we
+	find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
+	positive when using our own krb5_get_init_creds_opt_free which takes
+	only a single argument.
+	[845a9ff6f93d]
+
+2009-11-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Remove a spurious comma in the kerb5 bits.
+	[3433eab083db]
+
+	* auth/kerb5.c:
+	Call krb5_get_init_creds_opt_init() in our emulated
+	krb5_get_init_creds_opt_alloc() for MIT kerberos.
+	[7ffb40bf43e9]
+
+2009-11-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	Add HAVE_ZLIB
+	[9297bde61ecc]
+
+	* script.c:
+	Need to ignore SIGTT{IN,OU} in child when running the command in the
+	background. Also some minor cleanup.
+	[dc208d982319]
+
+2009-10-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Instead of calling sigsuspend when waiting for SIGUSR[12] from
+	parent, install the signal handlers w/o SA_RESTART and let them
+	interrupt waitpid().
+	[759c7d18203b]
+
+	* script.c:
+	Pass along SIGHUP and SIGTERM from parent to child.
+	[035b0e254568]
+
+	* script.c:
+	Close unused bits of script_fds in processes that don't need them.
+	Restore default SIGCONT handler in child.
+	[e037378ab0c1]
+
+	* script.c:
+	Update foreground/background status in SIGCONT handler in parent
+	process.
+	[3f7f91333264]
+
+2009-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Defer setting terminal into raw mode until just before we fork() and
+	only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
+	and sudo is already in the foreground be sure to set raw mode before
+	continuing the child.
+	[1102ef40832c]
+
+2009-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
+	give the command the controlling tty if the main sudo process is the
+	foreground process.
+	[cf3a91cb5682]
+
+	* script.c:
+	Don't bother with sudo_waitpid() here for now.
+	[9086de480c2d]
+
+	* script.c:
+	fix non-zlib case
+	[a258bff0f9a6]
+
+2009-10-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Remove non-wroking code that crept into rev 1.55
+	[2802dd55cff5]
+
+2009-10-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, configure, configure.in, script.c, sudoreplay.c:
+	First pass at zlib support for transcript data files
+	[5d10260807da]
+
+	* Makefile.in:
+	remove vestiges of ZLDFLAGS
+	[1fa0caf1c0fb]
+
+	* script.c:
+	Add missing variable declaration for when TIOCSCTTY is not defined.
+	Need to include sys/termio.h for TIOCSCTTY on some systems.
+	[ee7f41ac2709]
+
+	* script.c:
+	when resuming command, send SIGCONT to its pgrp not just pid
+	[5cd63c1d565b]
+
+	* selinux.c:
+	remove unused variable
+	[df67df4be228]
+
+	* script.c:
+	include selinux.h for is_selinux_enabled() proto
+	[85ebaa880cc1]
+
+	* script.c:
+	Don't use log_error() in the child process.
+	[def65fe2a433]
+
+	* script.c:
+	Do I/O in parent instead of child since the parent can have both
+	/dev/tty as well as the pty fds open. The child just sets things up
+	and waits for its grandchild and writes the signal description to
+	the pty master if the command was killed by a signal.
+	[95e473208982]
+
+2009-10-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* missing.h, sudo.h:
+	Move two struct forward declarations from sudo.h to missing.h
+	[90ad28294a8c]
+
+	* script.c:
+	Make comment at the top of script_exec() match reality.
+	[c5042d27dbe0]
+
+	* sudo.c:
+	if neither stdin nor stdout is a tty, check stderr
+	[c532ff20c8d8]
+
+	* Makefile.in:
+	Add back dependecy of gram.h on gram.y
+	[c58382b7fcca]
+
+	* script.c:
+	Make transcript mode work as long as we can figure out our tty, even
+	if it is not stdin. We'd like to use /dev/tty but that won't be
+	valid after the setsid().
+	[7b8bba8d99e7]
+
+2009-10-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, pty.c:
+	Add support for IRIX-style dynamic ptys
+	[bedc9bac44c1]
+
+	* Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
+	Move alloc.c protos into alloc.h
+	[b6a90649617d]
+
+	* missing.h:
+	Move prototypes for missing libc functions to missing.h
+	[dda9ae1ccaf8]
+
+	* Makefile.in, sudo.h, sudoreplay.c:
+	Move prototypes for missing libc functions to missing.h
+	[7483166b577b]
+
+2009-10-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in:
+	Disable transcript support if no tcsetpgrp until we support older
+	BSD-style job control.
+	[27ac1d8163df]
+
+	* configure, configure.in, pty.c, script.c:
+	Break out pty code into pty.c
+	[e85509b25d41]
+
+	* compat.h, config.h.in, configure, configure.in:
+	add killpg macro if no killpg function
+	[3a125f4a51f0]
+
+	* config.h.in, configure, configure.in, script.c:
+	Push ptem and ldterm for STERAMS-based systems when allocating a
+	pty.
+	[36bb39b30ff2]
+
+2009-10-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
+	[d94bd5c9bf4e]
+
+	* script.c:
+	Call tcgetpgrp() in the parent, not the child and have the child
+	spin until it is granted. Fixes a race on darwin.
+	[6e8d435339ce]
+
+	* script.c:
+	Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
+	reopen slave.
+	[0bdc63c019ca]
+
+2009-10-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	In script mode, if the command is killed by a signal, print the
+	signal description as well as a core dump notification like the
+	shell does.
+	[9df61738df07]
+
+	* Makefile.in, config.h.in, configure, configure.in, strsignal.c,
+	sudo.h:
+	Add check for strsignal() and a simple implementation if it is not
+	there but sys_siglist is
+	[61421a188ef4]
+
+	* script.c:
+	Add missing WUNTRACED and store the signal that stopped the
+	grandchild in suspended, not signo.
+	[df65042b200e]
+
+	* script.c:
+	g/c unused code
+	[40d8cb5c9203]
+
+	* script.c:
+	Associate the grandchild's pgrp with the tty instead of the child's
+	and just get suspend notifications via SIGCHLD instead of directly.
+	This fixes a hang with programs that try to set terminal attributes
+	and is more consistent with how the shell handles things.
+	[6865abff7e94]
+
+2009-10-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Move setpgid() of child into the parent side of the fork() where it
+	belongs.
+	[3defa782777c]
+
+2009-10-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	fix typo
+	[b6a612b3622c]
+
+	* script.c:
+	Run command in its own pgrp (like the shell does) for easier
+	signalling. No need to relay SIGINT or SIGQUIT to parent, just send
+	to grandchild. Don't want grandchild stopped events in the child
+	(only termination). Flush output after suspending grandchild before
+	signalling parent.
+	[db556bf2176f]
+
+	* script.c:
+	Back out revision 1.34; the problem lies elsewhere.
+	[85f590a03275]
+
+	* script.c:
+	Don't set stdout to blocking mode when flushing remaining output.
+	It can cause us to hang when trying to exit. Need to investigate
+	why.
+	[6f803a3e33ca]
+
+	* script.c:
+	Handle SIGTTOU and remove some debugging.
+	[52d17279053e]
+
+	* term.c:
+	Back out revision 1.10 as the signal that interrupts us may be
+	SIGTTOU or SIGTTIN which the caller must handle.
+	[7e2fa9107975]
+
+	* script.c:
+	Apparently we need to send SIGSTOP to the command as well as ourself
+	when we get SIGTSTP, the kernel doesn't automatically stop the
+	process for us.
+	[1a936e9309c4]
+
+	* script.c:
+	Use an extra process to act as the glue bewteen the sessions
+	associated with the user's controlling tty (what the shell uses) and
+	the tty that sudo is using to do its logging. Basically, this means
+	that if we get, e.g. SIGTSTP from the process sudo is running, we
+	relay the signal to the parent so it's shell can do the job control.
+	[6dd296988060]
+
+	* term.c:
+	Handle getting/setting terminal attributes when the fd is in non-
+	blocking mode.
+	[ae5ae535ea7b]
+
+2009-10-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+	Add support for pausing and changing the speed in interactive mode.
+	[72a2063780a7]
+
+	* script.c:
+	Already define O_NOCTTY in compat.h, don't need it here
+	[b5d80ed3e5ce]
+
+2009-10-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c:
+	Add missing protos
+	[c4cb4e7f4d8a]
+
+2009-09-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_edit.c:
+	Always update the stashed mtime of the temp file instead of using
+	what we have for the original because the time resolution of the
+	filesystem the temporary is on may not match that of the filesystem
+	that holds the original. Should fix bz #371 found by Philippe Levan.
+	[c86ca4bec60c]
+
+	* sudoreplay.c:
+	Use cbreak mode instead of raw mode and add signal handlers to
+	restore the tty on interrupt.
+	[84dd283da41c]
+
+	* script.c, sudo.h, term.c:
+	Retain NL to NLCR conversion on the real tty and skip it on the pty
+	we allocate. That way, if stdout is not a pty there are no extra
+	carriage returns.
+	[32e4f570414e]
+
+	* script.c:
+	Fix log_output(); just pass in a string and a length.
+	[ca980cc0a3fb]
+
+2009-09-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	do not use errno when complaining out lack of a tty
+	[8f9b8c55ab8e]
+
+2009-09-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, sudoreplay.c, term.c:
+	Instead of messing with line endings, just set terminal to raw mode
+	in sudoreplay.
+	[90943fa87acb]
+
+	* term.c:
+	When copying the terminal attributes to the pty, be sure not to set
+	ONLCR. This prevents extra carriage returns from ending up in the
+	script output file.
+	[e6b5475ac2aa]
+
+	* script.c:
+	Convert a do {} while into a while
+	[e461310d2c77]
+
+	* Makefile.in:
+	Use if then instead of test && when installing binaries that may not
+	exist.
+	[ad4f9490d971]
+
+	* script.c:
+	Add O_NOCTTY when opening a tty device. Explicitly disconnect from
+	old tty before associatng with new one.
+	[0e0ca634b80c]
+
+	* script.c, selinux.c, sudo.c, sudo.h:
+	First cut at refactoring some of the selinux code so it can be used
+	in conjunction with sudo's transcript support.
+	[779b0d8f9d29]
+
+2009-09-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aclocal.m4, configure, configure.in:
+	Fix default case of transcript_enabled being unset.
+	[f8aa96186e6b]
+
+	* script.c, sudoreplay.c:
+	Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
+	[2844a7a851fa]
+
+	* INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
+	Hook up --disable-transcript and --enable-transcript=DIR
+	[b3fa7e6b2480]
+
+2009-09-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aclocal.m4, configure, configure.in, pathnames.h.in:
+	_PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
+	transcript=DIR option to specify the directory
+	[b0bb76d43cda]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+	regen
+	[c7a8a0a9027c]
+
+	* configure, configure.in, sudoers.man.pl, sudoers.pod:
+	Substitute in default value for secure_path
+	[c8f9ac6dbf93]
+
+	* sudo.pod:
+	Mention that the password must be followed by a newline with the -S
+	option.
+	[2fc589a3ee7e]
+
+2009-09-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Go back to dropping out of the select() loop when the process dies;
+	Linux ptys apparently don't behave the same as BSD in regards to
+	select(). No need to flush remaining output to the transcript, only
+	to stdout. Add back code to check the master pty for additional data
+	when we exit the main select loop.
+	[abed9a9cbc6b]
+
+2009-09-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Add getline.o to COMMON_OBJS
+	[04ef7643cbc2]
+
+	* Makefile.in:
+	sudoreplay depends on libsudo.a
+	[142bd0472631]
+
+	* Makefile.in:
+	More pwutil.o into COMMON_OBJS
+	[4a016b933629]
+
+	* pwutil.c, testsudoers.c, tsgetgrpw.c:
+	Remove my_* redirection in pwutil.c for testsudoers and just use the
+	normal libc get{pw,gr}* names.
+	[9b76d637d86b]
+
+	* sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+	More time and date examples
+	[c6ee0175ec56]
+
+	* Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
+	Move nanosleep() emulation into its own file Check librt.a for
+	nanosleep if we don't find it in libc
+	[4da0cc26aad7]
+
+	* Makefile.in, configure, configure.in:
+	Build libsudo with the common bits and link things against that.
+	[2b53bc0b081a]
+
+	* script.c:
+	Fix final flush.
+	[6da287d833da]
+
+	* script.c:
+	Keep reading from the pty master -> log file until read returns <=
+	0. Do our best to write everything to stdout when flushing any
+	remaining bits.
+	[2a45d4ae280c]
+
+	* sudoreplay.c:
+	Use unbuffered I/O when writing to stdout and make sure we write the
+	entire buffer.
+	[f39ef9844a47]
+
+2009-09-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c:
+	Only use max_wait if it is non-zero
+	[f6c10604d2e8]
+
+	* getdate.c, getdate.y, getline.c:
+	Need compat.h here
+	[5d6722e225a0]
+
+	* sudoreplay.c:
+	Fix nanosleep emulation
+	[34e5e5d72a76]
+
+	* script.c:
+	Fix comment after #endif
+	[bd1347718b25]
+
+	* sudoreplay.c:
+	Add protos for missing libc bits
+	[644f496427a2]
+
+	* configure, configure.in:
+	add missing line continuation char
+	[db13c0d402cd]
+
+	* config.h.in, configure, configure.in, getline.c:
+	Implement getline() in terms of fgetln() if we have it.
+	[3ab786eaadc5]
+
+	* sudoreplay.c:
+	Print year when formatting log line
+	[90be669e3443]
+
+	* sudoreplay.pod:
+	Document cwd, attempt to document time/date formats.
+	[6290fb9b65c6]
+
+	* sudoreplay.c:
+	Fix getline return value check.
+	[d696d6657261]
+
+	* Makefile.in, config.h.in, configure, configure.in, getline.c,
+	sudoreplay.c:
+	Use getline() if the system has it, else use provide our own for
+	sudoreplay.
+	[afca1d6fbe5e]
+
+	* script.c:
+	Refactor code to update output and timing files.
+	[361491332b1a]
+
+2009-09-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c:
+	Make sudo_getln() behave more like glibc getline.
+	[40c9f2ea29e6]
+
+	* script.c:
+	When flushing remaining output, also update timing file.
+	[5a9a5a627549]
+
+	* sudoreplay.c:
+	Use get_timestr() and make the -l output look like the regular sudo
+	log.
+	[452ba9d436c9]
+
+	* logging.c, sudo.h, timestr.c:
+	Make get_timestr() take a time_t so we can use it properly in
+	sudoreplay.
+	[82e67cc53c9c]
+
+	* script.c:
+	Create session dir earlier now that we update the seq number early.
+	[797fe8d6dc61]
+
+2009-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c:
+	Use fromdate and todate as the keywords instead of from and to; the
+	short forms will still be accepted.
+	[d14d9b116df4]
+
+	* sudoreplay.c:
+	Fix reading long liensin sudo_getln()
+	[58dadd74118c]
+
+	* script.c, sudoreplay.c:
+	Log the cwd in the script log file. Add sudo_getln() to read
+	arbitrarily long lines.
+	[faceb802ab8f]
+
+	* Makefile.in, logging.c, sudo.h, timestr.c:
+	Move get_timestr() into its own source file so sudoreplay can use
+	it.
+	[99b054bfa20a]
+
+2009-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c:
+	Add to and from perdicates (date ranges); needs documentation
+	[1d629174dcf4]
+
+2009-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, getdate.c, getdate.y:
+	Fix warning and add generated getdate.c
+	[b877a86b5a03]
+
+	* Makefile.in, getdate.y:
+	Add getdate.y to be used for sudoreplay date parsing.
+	[b8e26fbb7a40]
+
+2009-09-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c:
+	Check more than just the first character of a predicate
+	[4fe53728adb1]
+
+	* sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+	Add examples, sort predicates
+	[70f8075cbccc]
+
+	* Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
+	sudoreplay.pod:
+	Implement search expressions in sudoreplay similar in concept to
+	what find or tcpdump uses. TODO: date ranges
+	[f7ce4fb4cf3a]
+
+2009-09-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Remove vhangup as it was hanging up the wrong tty. Should really
+	vhangup in the child after it as set its tty.
+	[2eed9df73010]
+
+	* sudoers.pod:
+	Fix cut at documenting transcript support.
+	[e6c533a5568a]
+
+	* logging.c:
+	ID= -> TSID= for transcript ID
+	[1bf755a35333]
+
+2009-09-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Move fast_glob description to where it belongs in sorted order
+	[5901cfb0d25f]
+
+	* def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
+	parse.c, parse.h, sudo.c:
+	Rename script -> transcript
+	[e06cf823122c]
+
+2009-09-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat.h:
+	Add timeradd and timersub for those without them
+	[929f8aa06c2b]
+
+	* script.c:
+	Sanity check sessid before using it.
+	[aa8ca5211d43]
+
+	* sudo.c:
+	Only set the session id if we are running a command or editing a
+	file.
+	[7205d717c098]
+
+	* script.c:
+	Actually. qsort is fine since most versions fal back to a cheaper
+	sort when the number of elements to sort is small (like in our
+	case).
+	[d11c7cd352fe]
+
+	* config.h.in, configure, configure.in, script.c:
+	Check for dup2 and use dup instead if we don't have it.
+	[98bd89830f8a]
+
+	* script.c, sudo.c, sudo.h:
+	Move the code to dup2 the script fds to low numbered descriptors
+	into script_duplow() and fix the fd sorting.
+	[9453fdc5fba6]
+
+	* script.c, sudo.c, sudo.h:
+	Move script_setup() back to immediately before we drop privs and
+	call the new script_nextid() in its place, which will set
+	sudo_user.sessid for the logging functions.
+	[8434d0c8ff08]
+
+2009-09-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Install sudoreplay
+	[6acf2cdb4d3f]
+
+	* sudoreplay.c:
+	remove unused variable
+	[2316360bb992]
+
+2009-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c, script.c, sudo.c, sudo.h:
+	Log the session ID, if there is one. Currently logs ID=XXXXXX,
+	perhaps should be SESSIONID or SESSID.
+	[53976905b0a6]
+
+	* Makefile.in, configure, configure.in, sudoreplay.cat,
+	sudoreplay.man.in, sudoreplay.pod:
+	Add sudoreplay docs
+	[da4f14f0e64c]
+
+	* sudoreplay.c:
+	add -V (version) flag
+	[b5e743639ee3]
+
+	* sudoreplay.c:
+	Hook up max_wait.
+	[2ec5697a92ba]
+
+	* script.c, sudoreplay.c:
+	Use base36 number for the ID and store script files with paths like
+	/var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
+	(2,176,782,336) unique IDs.
+	[6aab019d07aa]
+
+2009-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure.in:
+	Add check for regcomp
+	[44c3ebd7ff34]
+
+	* sudoreplay.c:
+	Add support for selecting by pattern and tty when listing.
+	[66189f840c52]
+
+2009-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c:
+	The beginnings of a list mode.
+	[8d0150b4a52c]
+
+2009-08-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	fix pasto
+	[616b4640b8a8]
+
+	* Makefile.in, config.h.in, configure.in:
+	Add scaffolding for building sudoreplay
+	[a32958505dbe]
+
+	* sudoreplay.c:
+	include error.h first arg to nanotime is const
+	[fe5a7bb31bc5]
+
+	* sudoreplay.c:
+	Initial cut at sudoreplay; replay a sudo session.
+	[f149fba372bd]
+
+2009-08-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Fix wait() usage and use correct wait status.
+	[f4745ed7ad05]
+
+	* sudo.c, sudo.h, tgetpass.c:
+	Add protos for term_* to sudo.h
+	[14fe1abd7e7b]
+
+	* script.c:
+	Fix detection of the child process exiting. Since the child is in
+	its own session we should only ever get SIGCHLD for that process but
+	better safe than sorry.
+	[7edfdadd8505]
+
+	* config.h.in:
+	Add UNIX98 pty support.
+	[82f4b53a0e8f]
+
+	* configure, configure.in, script.c:
+	Add UNIX98 pty support.
+	[795b8bb0a3a1]
+
+2009-08-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* term.c:
+	For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
+	if it is defined.
+	[40f8b83baf69]
+
+	* auth/pam.c:
+	Set PAM_RUSER and PAM_RHOST early so they can be used during
+	authentication. Based on a patch from Jamie Beverly.
+	[3d567b453a6a]
+
+	* match.c:
+	Close dir before returning if strlcpy() reports overflow. From
+	Martynas Venckus.
+	[6a82f96473e5]
+
+	* config.h.in, configure, configure.in, script.c:
+	On Linux, the openpty proto libes in pty.h
+	[98643a018d1c]
+
+	* script.c:
+	Call vhangup on exit if the system has it Use setpgrp() if no
+	setsid()
+	[3a9e13149829]
+
+2009-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in:
+	Add checks for revoke and vhangup if we don't have openpty
+	[fcb04572e994]
+
+	* script.c:
+	Session logging guts that got forgotten in the previous commit.
+	[c2af08a63ea9]
+
+	* Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
+	configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
+	gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
+	tgetpass.c:
+	First cut at session logging for sudo. Still need to write
+	get_pty() for Unix 98 and old-style BSD ptys. Also needs
+	documentation and general cleanup.
+	[77e3f5e25738]
+
+2009-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c, sudo_edit.c:
+	Fix a bug introduced with def_closefrom. The value of def_closefrom
+	already includes the +1.
+	[7291c136300d]
+
+2009-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Generate sudo distributions with pax in ustar mode. No longer need
+	to use a temp file or have the source dir name match the version.
+	[9778177a8272]
+
+2009-07-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	Fix expansion of %h in #include names. Fixes bugzilla 363
+	[6e346879ba24]
+
+2009-07-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mkdefaults:
+	If no arg assume def_data.in
+	[c1dd28c0e675]
+
+	* README, WHATSNEW:
+	Update for 1.7.2
+	[f5ad45f69f05] [SUDO_1_7_2]
+
+	* ChangeLog:
+	sync
+	[6283549396ff]
+
+2009-06-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Add missing single quotes around a colon in Runas_Spec definition.
+	From Elias Benali.
+	[ccc6ee4fca83]
+
+2009-06-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.man.in, sudoers.man.in:
+	regen
+	[546e75304ebf]
+
+	* redblack.c:
+	In rbrepair, re-color the root or the first non-block node we find
+	to be black. Re-coloring the root is probably not needed but won't
+	hurt.
+	[34d01ebe241b]
+
+	* sudo.cat, sudoers.cat:
+	regen
+	[bebf5a39f54f]
+
+2009-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* redblack.c:
+	When repairing the tree, don't touch the root node.
+	[9841f0d5d789]
+
+2009-06-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
+	Reported by Josef Schmid.
+	[ed044b1eb879]
+
+2009-06-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Document that we accept env_pam-style environment files
+	[e3b545456352]
+
+	* env.c:
+	Adapt to accept pam_env-style /etc/environment which allows shell-
+	style lines such as: export EDITOR="/usr/bin/vi"
+	[752eb75bf007]
+
+	* sudoers.pod:
+	Make it clear that env_delete only works when !env_reset. From Lo??c
+	Minier
+	[3bd3f8e351ba]
+
+2009-06-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod, sudoers.pod:
+	Add non-unix group bits, adapted from Quest
+	[8ce427de8dea]
+
+	* Makefile.in:
+	build the .cat page in the current working dir, not the src dir
+	[00e87a307674]
+
+	* env.c:
+	Return EINVAL in setenv() if var is NULL or the empty string to
+	match glibc behavior.
+	[23fd7c247142]
+
+2009-06-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
+	[fedd4a3e2a85]
+
+2009-06-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+	sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+	regen
+	[7b9f461a40b3]
+
+2009-06-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	Document --with-libvas and --with-libvas-rpath
+	[a071e6d96c89]
+
+2009-05-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c, sudoers.ldap.pod:
+	For netscape-derived LDAP SDKs the cert and key paths may be a
+	directory or a file. However, version 5.0 of the SDK only seems to
+	support using a directory. If ldapssl_clientauth_init fails and the
+	cert or key paths look like they could be files, strip off the last
+	path element and try again.
+	[ac4e49d83043]
+
+	* Makefile.in:
+	Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
+	[4547cc1a335f]
+
+2009-05-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in, match.c, sudo.c, vasgroups.c:
+	Update non-Unix group support from Quest, as reworked by me.
+	[1abafce29dc6]
+
+	* toke.c:
+	regen
+	[01bfca9148b7]
+
+	* toke.l:
+	Add support for escaped hex chars in names, e.g. \x20 for space.
+	[3c7be8e58a39]
+
+2009-05-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
+	auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
+	fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
+	logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
+	set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
+	sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
+	tgetpass.c, toke.l, visudo.c:
+	Update copyright years.
+	[e615f676c764]
+
+2009-05-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* interfaces.c, lbuf.c:
+	Minor fixes for Minix-3
+	[898c510d23f9]
+
+2009-05-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	Handle getgroups() returning 0. Also add missing check for
+	HAVE_GETGROUPS.
+	[d73b958f9ffd]
+
+2009-05-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, config.h.in, configure, configure.in, sudo.c,
+	version.h, visudo.c:
+	Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
+	[5050579a264d]
+
+2009-05-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	Remove group setting code in setusercontext case, we will do it
+	ourselves later on in runas_setup. Set the gid after
+	initgroups/setgroups is called, since on Mac OS X it seems to change
+	the egid.
+	[09dc21d8b42d]
+
+2009-05-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
+	vasgroups.c:
+	Initial bits of non-unix group support using Quest Authentication
+	Services
+	[1eecab0ff27e]
+
+	* toke.c, toke.l:
+	Accept %:foo as a non-Unix group
+	[4c4b5dd899a6]
+
+	* toke.c, toke.l:
+	Allow user/group to be double quoted in the case of non-Unix groups
+	which contain spaces.
+	[47a3d568b7e8]
+
+2009-05-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	Don't allow the user to specify the default runas user if their
+	sudoers entry only allows them to run as a group.
+	[4d726177227c]
+
+2009-05-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Must call audit_success before we change uids.
+	[04a9e6ce6e55]
+
+	* logging.c, set_perms.c, sudo.h, testsudoers.c:
+	Add option for set_perm to not exit on failure and use this in the
+	logging routines.
+	[833dce7b7f42]
+
+	* parse.c:
+	In -l mode, if the user is only allowed to run as a group, display
+	the user's name, not root's before the allowed group.
+	[ef92ff99d265]
+
+	* sudo.c:
+	Fix -g mode, broken by rev 1.503 which had the side effect of
+	setting the runas user to root unilaterally.
+	[50a2f7df4385]
+
+2009-05-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* fileops.c:
+	When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
+	[30fbe832dcf3]
+
+	* pwutil.c:
+	Only cache by the method we fetched for pwd and grp lookups.
+	Previously we cached both by namd and id but this can cause problems
+	for entries that share the same id. Also add more info in the error
+	message in case the insert fails (which should now be impossible).
+	[ef95a4f0bab5]
+
+2009-04-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Add a clarification from Nick Sieger
+	[1eadad329561]
+
+2009-04-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Inline the setting of the environment string.
+	[9515d11c6295]
+
+2009-04-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	setenv(3) in Linux treats a NUL value as the empty string setenv(3)
+	in BSD doesn't return an error if the name has '=' in it, it just
+	treats the '=' as end of string.
+	[941260bf94d2]
+
+2009-04-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	Not all systems have d_namlen
+	[e377b18d8e2d]
+
+2009-04-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Fix up some pod2html issues.
+	[823a1f10ab60]
+
+2009-04-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* interfaces.c:
+	Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
+	Quest Software.
+	[73de36653131]
+
+	* sudoers.pod:
+	Ignore files ending in '~' in sudo.d (emacs backup files)
+	[7871fad702db]
+
+	* toke.c, toke.l:
+	Ignore files ending in '~' in sudo.d (emacs backup files)
+	[53fded2a469f]
+
+2009-04-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
+	For #includedir, ignore any file containing a dot
+	[a7daa1bce6c2]
+
+	* Makefile.in, version.h:
+	Bump version
+	[ef60f14ffc44]
+
+	* gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
+	sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
+	visudo.c:
+	Implement #includedir directive. Files in an includedir are not
+	edited by visudo unless they contain a syntax error.
+	[3923d85a6c79]
+
+	* ChangeLog:
+	sync
+	[8741ed61a78b] [SUDO_1_7_1]
+
+	* WHATSNEW:
+	Forgot umask_override
+	[7c86a21a5504]
+
+	* ChangeLog, TODO:
+	sync
+	[57339ca6bccf]
+
+2009-04-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Rewind stream if we fdopen sudoers since it may not be at the
+	beginning. Set the keepopen flag on already-open files too so the
+	lexer doesn't close them out from under us.
+	[61292d819aff]
+
+	* visudo.c:
+	Print the proper file name when there is a parse error in an include
+	file.
+	[b0e85d4aedde]
+
+2009-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW:
+	Sync
+	[997e5d485ea3]
+
+2009-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Fix a warning when --without-ldap is specified.
+	[d91fd9481b30]
+
+2009-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* alias.c, parse.h, visudo.c:
+	Store aliases that we remove during check_aliases in a freelist and
+	free them at the end so we don't leak memory.
+	[805e2272f6a3]
+
+2009-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Check aliases in -c mode too.
+	[9199e188d9f2]
+
+	* alias.c, parse.h, visudo.c:
+	Make alias_remove return the alias struct instead of freeing it
+	directly. Fixes a use after free in alias_remove_recursive, the only
+	consumer.
+	[a04b61804800]
+
+	* alias.c, match.c, parse.c, parse.h, visudo.c:
+	Rename find_alias -> alias_find for consistency.
+	[48b0a82924f3]
+
+2009-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	When checking for unused aliases, recurse if the alias points to
+	another alias.
+	[2d4d1a7f3a41]
+
+2009-03-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Back out rev 1.105 for now. Real ldapux_client.conf support will be
+	done later after some refactoring.
+	[8ad72e69b277]
+
+2009-03-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Treat ldap_hostport the same as "host" for ldapux.
+	[3281dcc66da8]
+
+	* configure, configure.in:
+	Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
+	Fixes compilation with ldapux.
+	[ca1ed585ef0e]
+
+2009-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* fileops.c:
+	fix char subscript
+	[41e51f080d00]
+
+2009-03-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	remove errant carriage returns
+	[e9e258a31c7b]
+
+	* audit.c, env.c:
+	fix K&R compilation
+	[d182e8920f13]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+	sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+	regen
+	[791a5cbf04e5]
+
+2009-03-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	Add missing HAVE_BSM_AUDIT
+	[49ad1bb96f04]
+
+	* WHATSNEW:
+	Add 1.7.1 features
+	[f107f1604c61]
+
+	* INSTALL:
+	Mention --with-netsvc
+	[d1e90d147795]
+
+	* sudoers.ldap.pod:
+	Document netsvc.conf support
+	[e78f8abce6af]
+
+	* configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
+	sudo_nss.h:
+	Add support for AIX netsvc.conf (like nsswitch.conf).
+	[1df56a84dee5]
+
+2009-03-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, env.c:
+	Add --enable-env-debug flag to enable environment sanity checks.
+	[128cdd8832e7]
+
+	* sudoers.ldap.pod, sudoers.pod:
+	Work around some pod2html issue.
+	[e733b9609bd2]
+
+2009-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Only sync environ for putenv, setenv, and unsetenv. We need to make
+	sure that sudo_putenv and sudo_setenv only modify env.envp, not
+	environ.
+	[be3ac732243c]
+
+2009-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Really fix UNSETENV_VOID
+	[08ab7e882507]
+
+	* env.c:
+	Fix unsetenv when UNSETENV_VOID
+	[d3038b3f2f15]
+
+	* aclocal.m4, configure:
+	Fix SUDO_FUNC_PUTENV_CONST
+	[de35569c572b]
+
+	* ldap.c:
+	tivoli-based ldap does not have ldapssl_err2string
+	[c63fd90d5e99]
+
+	* configure:
+	regen
+	[f38f1ee828ad]
+
+2009-03-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, ldap.c:
+	Add support for Tivoli-based LDAP start TLS as seen in AIX.
+	Untested.
+	[8f8771829f85]
+
+	* env.c:
+	Add sanity checks for setenv/unsetenv
+	[adbd1d95856b]
+
+	* Makefile.in:
+	Include bsm_audit.h in the tarball
+	[4a4aa02b2c32]
+
+	* Makefile.in, version.h:
+	bump version for sudo 1.7.1
+	[362c71d21595]
+
+	* aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
+	env.c, ldap.c, sudo.h:
+	Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
+	provide our own setenv/unsetenv/putenv that operates on own env
+	pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
+	[276edcd23032]
+
+2009-02-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Make "sudoedit -h" work as expected
+	[2bcbbb45d389]
+
+	* auth/pam.c:
+	Make sure def_prompt is always defined. This is a workaround for
+	pam configs that prompt for a password in the session but don't have
+	an auth line. A better fix is to expand the sudo prompt earlier and
+	set def_prompt to that when initializing.
+	[ee073c04aec3]
+
+	* sudo.pod:
+	Mention that the helper for -A may be graphical.
+	[b64a940c4082]
+
+	* TROUBLESHOOTING:
+	Document what happens if there is no tty.
+	[313d58a856a5]
+
+	* sudo.c:
+	cosmetic changes
+	[894f5e3b0c3e]
+
+	* term.c:
+	Fix term_restore
+	[6c6315ff14bc]
+
+	* sudo.c:
+	Fix "sudo -k" with no other args
+	[59e94dc419c6]
+
+2009-02-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c, sudo.c, sudo.pod, sudo_usage.h.in:
+	Allow the -k flag to be specified in conjunction with a command or
+	another option that may require authentication.
+	[5960ff20355d]
+
+2009-02-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
+	[e86ab69c4a57]
+
+	* Makefile.in:
+	Parallel make fix. From Diego E. 'Flameeyes'
+	[1289d7ee27db]
+
+2009-02-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
+	Implement umask_override
+	[8b87a3f7c5aa]
+
+	* toke.c:
+	regen
+	[79d7ca9ac873]
+
+	* sudoers.pod, toke.l, visudo.c:
+	Implement %h escape in sudoers include filenames.
+	[a7f288dd64f0]
+
+	* audit.c:
+	Need to include compat.h
+	[c0dc07ce2f70]
+
+	* Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
+	Make audit_success and audit_failure generic functions in
+	preparation for integrating linux audit support.
+	[7df020a8fd6f]
+
+	* term.c:
+	remove duplicate include
+	[1dfcd01a7e46]
+
+2009-02-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* bsm_audit.c:
+	Add missing include
+	[fb56e08c37ee]
+
+	* sudo.c:
+	May need to update the runas user after parsing command-based
+	defaults.
+	[246f130d7802]
+
+2009-02-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* glob.c:
+	Add missing pair of braces introduced with character class support.
+	[0e2afa2e03e9]
+
+2009-02-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
+	Rename pwstars to pwfeedback
+	[a9f85a57ebac]
+
+2009-02-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* bsm_audit.c, bsm_audit.h:
+	Add const to make MacOS happy.
+	[4274432d6627]
+
+	* Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
+	configure.in, sudo.c:
+	Add bsm audit support from Christian S.J. Peron
+	[bef61cd8693d]
+
+	* term.c:
+	This is new code, no DARPA notice.
+	[ec6ad09b9c23]
+
+2009-02-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
+	Rename simple_glob -> fast_glob
+	[68d9ed803cc1]
+
+	* match.c:
+	g/c unused var
+	[693fa0464eb6]
+
+	* def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
+	Add simple_glob option to use fnmatch() instead of glob(). This is
+	useful when you need to specify patterns that reference network file
+	systems.
+	[77ba634f6949]
+
+	* tgetpass.c:
+	add term_* proto
+	[520f5149d073]
+
+	* sudoers.pod:
+	mention glob()
+	[ddaab8e03c52]
+
+2009-02-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	Delete any pwstars we wrote after the user hits return. That way
+	there is no record on screen as to the user's password length.
+	[fae25cda762b]
+
+2009-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* term.c:
+	Move terminal setting bits from tgetpass.c to term.c
+	[03d43325ee99]
+
+	* Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
+	tgetpass.c:
+	Add pwstars sudoers option that causes sudo to print a star every
+	time the user presses a key.
+	[7aab417e184d]
+
+2009-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
+	[64f70e879816]
+
+2009-01-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
+	indicate no limit. From Mark Janssen.
+	[e2c5732d54f5]
+
+2009-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	Comments that begin with #- should not be parsed as uids.
+	[a72a50f12f41]
+
+2009-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Do not try to set the close on exec flag if we didn't actually open
+	sudoers.
+	[ece3ca256904]
+
+2008-12-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ChangeLog:
+	regen
+	[e11f0e4c1bdd] [SUDO_1_7_0]
+
+2008-12-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO:
+	sync
+	[5b8954462bb3]
+
+2008-12-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
+	password prompt.
+	[8563601cb3de]
+
+	* configure, configure.in:
+	Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
+	as it cannot generate shared objects.
+	[6d4262ef9669]
+
+	* emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
+	K&R compilation fixes
+	[77921678d17c]
+
+	* parse.c:
+	Use tq_foreach_fwd when checking pseudo-commands to make it clear
+	that we are not short-circuiting on last match. When pwcheck is
+	'all', initialize nopass to TRUE and override it with the first non-
+	TRUE entry.
+	[96b209f4778f]
+
+2008-12-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Do not short circuit pseudo commands when we get a match since,
+	depending on the settings, we may need to examine all commands for
+	tags.
+	[fdbaf89d6f35]
+
+2008-12-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[1ecce7c1b841]
+
+	* sudoers.pod:
+	hostnames may also contain wildcards
+	[82b76695601c]
+
+	* Makefile.in:
+	remove stamp-* files and linux core files in clean target
+	[22003f091467]
+
+2008-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/sudo_auth.h, config.h.in, configure, configure.in:
+	Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
+	[6905bede8410]
+
+2008-11-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	correctly enable SIA on Digital UNIX
+	[a51881d13995]
+
+	* TODO:
+	checkpoint
+	[af0fe8d94d42]
+
+	* ChangeLog:
+	sync
+	[831f623cf99c]
+
+2008-11-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c, sudo.h, tgetpass.c:
+	Even if neither stdin nor stdout are ttys we may still have /dev/tty
+	available to us.
+	[20f306ba883b]
+
+2008-11-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[76d97c4c318f]
+
+	* sudoers.pod:
+	fix typos; Markus Lude
+	[bff8bc1e2066]
+
+	* ChangeLog:
+	sync
+	[f108552531cd]
+
+	* toke.c:
+	regen
+	[de828413c67e]
+
+	* toke.l:
+	Fix matching of a line that only consists of a comment char
+	[09c953d8d5ca]
+
+2008-11-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	MacOS pam will retry conversation function if it fails so just treat
+	^C as an empty password.
+	[d056058930bc]
+
+	* visudo.c:
+	When checking for alias use, also check defaults bindings.
+	[2647f82c7dbd]
+
+	* redblack.c:
+	unused var
+	[b7ff71c17c18]
+
+	* redblack.c:
+	Replace my rbdelete with Emin's version (which actually works ;-)
+	[21b133dd0c72]
+
+2008-11-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* testsudoers.c:
+	malloc debugging
+	[0fb446fa3279]
+
+	* visudo.c:
+	malloc options in devel mode for visudo too
+	[98d06c6afeef]
+
+2008-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	fix compilation on non-C99; from Theo
+	[7c304e16c536]
+
+	* visudo.c:
+	fix check_aliases
+	[83f30a3b1765]
+
+	* alias.c:
+	when destroying an alias, free the correct data pointer
+	[6e1a8bd86c01]
+
+	* auth/sudo_auth.h:
+	add proto for aixauth_cleanup; from Dale King
+	[eba94ffc8f63]
+
+2008-11-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+	visudo.man.in:
+	regen
+	[409fa57fff83]
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	standardize on the term 'option' for command line options (not flag)
+	[228caefc2e36]
+
+2008-11-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	Add note on configuring HP-UX pam
+	[f7674a581baf]
+
+2008-11-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c, sudo.c:
+	Move tty checks into check_user() so we only do them if we actually
+	need a password.
+	[7d997d7106d6]
+
+	* sudo.c:
+	Don't error out if no tty or askpass unless we actually need to
+	authenticate.
+	[9f23b83ed66c]
+
+2008-11-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ChangeLog:
+	regen
+	[23f9aef32da6]
+
+	* pathnames.h.in, sudo.c:
+	s/overriden/overridden/; from Tobias Stoeckmann
+	[9f7459a8fac5]
+
+2008-11-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW, visudo.c:
+	check sudoers owner and mode in strict mode
+	[a3468c5ac1c4]
+
+	* gram.c, toke.c:
+	regen
+	[7d6b515a5443]
+
+	* sudo.man.in, sudoers.man.in, visudo.man.in:
+	Update copyright years.
+	[52d340cb8cba]
+
+	* LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
+	auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+	auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
+	closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
+	gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
+	interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
+	parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
+	sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
+	testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
+	visudo.pod, zero_bytes.c:
+	Update copyright years.
+	[b4e6bf2beafa]
+
+	* emul/charclass.h, fnmatch.c, glob.c:
+	add my copyright
+	[28681385014a]
+
+2008-11-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	The loop in fill_cmnd() was going one byte too far past the end,
+	resulting in a NUL being written immediately after the buffer end.
+	[a5a49d603cd7]
+
+	* UPGRADE, WHATSNEW:
+	add sections on tgetpass changes
+	[2e6929b6a102]
+
+	* tgetpass.c:
+	Treat EOF w/o newline as an error.
+	[aa02b1db9240]
+
+2008-11-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Fix "sudo -v" when NOPASSWD is set.
+	[f4914711ea80]
+
+	* auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
+	auth/sudo_auth.h:
+	No longer treat an empty password at the prompt as special. To quit
+	out of sudo you now need to hit ^C at the password prompt.
+	[980f760ad419]
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[6ca21a2cd869]
+
+	* def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
+	Sudo will now refuse to run if no tty is present unless the new
+	visiblepw sudoers flag is set.
+	[0cc56943252e]
+
+2008-11-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aix.c:
+	just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
+	defined
+	[24fc6f712d5c]
+
+	* aix.c:
+	fix fallback value for RLIM_SAVED_MAX
+	[e09e04e1af89]
+
+	* auth/aix_auth.c, auth/sudo_auth.h:
+	Move clearing of AUTHSTATE into aixauth_cleanup.
+	[e14ae7bd259c]
+
+	* auth/aix_auth.c, env.c:
+	Unset AUTHSTATE after calling authenticate() as it may not be
+	correct for the user we are running the command as.
+	[d14f68f1b0ab]
+
+	* isblank.c:
+	Add isblank() function for systems without it. Needed for POSIX
+	character class matching in fnmatch.c and glob.c.
+	[16cba30b283f]
+
+2008-11-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TROUBLESHOOTING:
+	expound on sudo and cd
+	[8e0fa9033637]
+
+2008-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ChangeLog:
+	regen
+	[40cf320a10fc]
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[7cac761ae2c6]
+
+	* sudoers.pod:
+	mention defauts parse order
+	[4e2ce86d1394]
+
+2008-11-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, aclocal.m4, compat.h, configure:
+	Add isblank() function for systems without it. Needed for POSIX
+	character class matching in fnmatch.c and glob.c.
+	[a1ab55da8424]
+
+	* Makefile.in:
+	add emul/charclass.h to HDRS
+	[7e8a019dcaa4]
+
+2008-11-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO:
+	checkpoint
+	[afeb9bc1baed]
+
+	* defaults.c, parse.c, testsudoers.c, visudo.c:
+	Move update_defaults into defaults.c and call it properly from
+	visudo and testsudoers.
+	[f4dbb369461f]
+
+	* defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
+	tsgetgrpw.c:
+	use zero_bytes() instead of memset() for consistency
+	[4cee0465f4a8]
+
+	* logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
+	visudo.c:
+	Zero out sigaction_t before use in case it has non-standard entries.
+	[120092225459]
+
+	* match.c:
+	quiet gcc
+	[098a1df49b23]
+
+	* match.c:
+	Short circuit glob() checks if basename(pattern) !=
+	basename(command). Refactor code that checks for a command in a
+	directory and use it in the glob case if the resolved pattern ends
+	in a '/'.
+	[3c46fd317acb]
+
+2008-11-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
+	Defer setting runas defaults until after runaspw/gr is setup.
+	[12e75ee49c0c]
+
+2008-10-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c, sudo.c, testsudoers.c:
+	Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
+	systems do not include space for the NUL in the size. Also manually
+	NUL-terminate buffer from gethostname() since POSIX is wishy-washy
+	on this.
+	[7266ab3296a3]
+
+2008-10-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c, sudoers.pod:
+	When setting the umask, use the union of the user's umask and the
+	default value set in sudoers so that we never lower the user's umask
+	when running a command.
+	[4e804b004e38]
+
+	* sudo.c:
+	Don't try to read from a zero-length sudoers file. Remove the bogus
+	Solaris work-around for EAGAIN. Since we now use fgetc() it should
+	not be a problem.
+	[bb8e5f68d944]
+
+2008-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	In update_defaults() check the return value of user*_matches against
+	ALLOW so we don't inadvertantly match on UNSPEC.
+	[4e422fa1527e]
+
+2008-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+	sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+	regen man pages; no more hyphenation
+	[15de4fe2fe01]
+
+	* sudo.c:
+	Don't error out on a zero-length sudoers file. With the advent of
+	#include the user could create a situation where sudo is unusable.
+	[6eb461319fa5]
+
+2008-10-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/kerb5.c, config.h.in, configure, configure.in:
+	Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
+	krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
+	all. Add configure tests to handle all the cases.
+	[4b554a98470d]
+
+2008-10-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod:
+	resort ENVIRONMENT
+	[f4f20f40653e]
+
+	* sudoers.pod:
+	document sudoers_locale
+	[0bffd2dbe806]
+
+	* sudo.pod, sudo_edit.c:
+	add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
+	or EDITOR
+	[0ef8cb248cee]
+
+	* toke.c, toke.l:
+	In fill_cmnd(), collapse any escaped sudo-specific characters.
+	Allows character classes to be used in pathnames.
+	[5685244c8e44]
+
+2008-10-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* lbuf.c:
+	fix typo in non-C89 function declaration
+	[99a7113b3a05]
+
+	* sudoers.pod:
+	Mention POSIX characters classes now that out fnmatch() and glob()
+	support them.
+	[9c916f1230c3]
+
+	* sample.sudoers, sudoers.pod:
+	Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
+	locale agnostic.
+	[a60a62bec244]
+
+	* parse.h:
+	use __signed char if we are going to assign a negative value since
+	on Power, char is unsigned by default
+	[2877b319df17]
+
+	* config.h.in, configure, configure.in:
+	Add tests for __signed char and signed char.
+	[5eb874fdf1d4]
+
+	* aix.c:
+	Fix AIX limit setting. getuserattr() returns values in disk blocks
+	rather than bytes. The default hard stack size in newer AIX is
+	RLIM_SAVED_MAX. From Dale King.
+	[3db67415ecc3]
+
+2008-09-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* emul/charclass.h, fnmatch.c, glob.c:
+	Add character class support to included glob(3) and fnmatch(3).
+	[6b5b4ad77899]
+
+2008-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* emul/fnmatch.h:
+	Remove UCB advertising clause and some compatibility defines.
+	[2ade7bee74e1]
+
+2008-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_edit.c:
+	Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
+	or sudo. This allows one to set EDITOR to sudoedit without getting
+	into an infinite loop of sudoedit running itself until the path gets
+	too big.
+	[aa49ab68f82d]
+
+	* def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
+	Add sudoers_locale Defaults option to override the default sudoers
+	locale of "C".
+	[0639886a35bf]
+
+2008-09-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Set locale to system default except for during sudoers parse.
+	[016dd2736728]
+
+2008-09-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	Redo change in 1.34 to use pointer arithmetic.
+	[f9e7b63bb450]
+
+2008-09-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	Fix a dereference (read) of a freed pointer. Reported by Patrick
+	Williams.
+	[69877b633753]
+
+2008-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Set locale to "C" to avoid interpretation issues with character
+	ranges in sudoers. May want to make the locale a sudoers option in
+	the future.
+	[098a95de1746]
+
+2008-08-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	we no longer use setproctitle
+	[c7f20fb747ea]
+
+	* sudo.h:
+	remove #if 1
+	[a368ee6816c6]
+
+	* LICENSE, mkstemp.c:
+	Use my replacement mkstemp() from the mktemp package.
+	[d07c2beb0f9e]
+
+2008-07-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* gram.c:
+	regen with yacc skeleton bug fixed
+	[24784571cbb8]
+
+	* sudoers.pod:
+	Remove duplicate "as root". From Martin Toft.
+	[97241acfee5e]
+
+2008-07-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c, sudo.c, sudo.h, testsudoers.c:
+	Flesh out the fake passwd entry used for running commands as a uid
+	not listed in the passwd database. Fixes an issue with some PAM
+	modules.
+	[a6648227f3f2]
+
+2008-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Error out in -i mode if the user has no shell. This can happen when
+	running commands as a uid with no password entry.
+	[0c174bef36ff]
+
+2008-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	Better fix for line continuation inside double quotes. Now accepts
+	whitespace between the backslash and the newline like the main
+	lexer.
+	[64efcdf86d31]
+
+2008-06-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	Fix line continuation in strings. It was only being honored if
+	preceded by whitespace.
+	[96c21271a3e4]
+
+2008-06-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, logging.c:
+	Replace the double fork with a fork + daemonize.
+	[328505441e67]
+
+2008-06-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c, sudo.c:
+	The -i flag should imply env_reset. This got broken in sudo 1.6.9.
+	[3caedfeaec87]
+
+	* logging.c, sudo.c, sudo_edit.c, visudo.c:
+	Change how the mailer is waited for. Instead of having a SIGCHLD
+	handler, use the double fork trick to orphan the child that opens
+	the pipe to sendmail. Fixes a problem running su on some Linux
+	distros.
+	[b59ce60a393d]
+
+2008-06-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Fix configure test for dirfd() on Linux where DIR is opaque.
+	[b8f729cdfecc]
+
+2008-06-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
+	this problem we'll need to revisit this again.
+	[c17fee8ad530]
+
+2008-06-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	Ignore SIGPIPE instead of blocking it when piping to the mailer. If
+	we only block the signal it may be delivered later when we unblock.
+	Also, there is no need to block SIGCHLD since we no longer do the
+	double fork. The normal SIGCHLD handler is sufficient.
+	[e94a49e992e5]
+
+2008-06-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Add description for NO_PAM_SESSION, from a redhat patch.
+	[b9e4c939ec09]
+
+2008-06-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudo.pod:
+	Fix typos in -i usage
+	[2d7ce5de0235]
+
+2008-05-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Redo the test for dgettext() in a way that hopefully will work
+	around the libintl_dgettext() undefined problem.
+	[d27beb0cf85e]
+
+2008-05-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* schema.ActiveDirectory:
+	change filename in comment
+	[733da4ee9ac5]
+
+2008-05-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
+	sudoers.ldap.pod:
+	Reference schema.ActiveDirectory
+	[d6aec537800e]
+
+2008-05-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* schema.OpenLDAP, schema.iPlanet:
+	Mark sudoRunAs as deprecated.
+	[00c50df807af]
+
+	* schema.ActiveDirectory:
+	add sudoRunAsUser and sudoRunAsGroup
+	[19bcce6f72fb]
+
+	* schema.ActiveDirectory:
+	Active Directory schema by Chantal Paradis and Eric Paquet
+	[06a09c92c6a5]
+
+2008-05-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	remove an XXX that was fixed
+	[b88038062fa2]
+
+	* ChangeLog:
+	sync
+	[8fc27c17270e]
+
+	* parse.c:
+	Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
+	fixes a problem where the tag value printed was influenced by
+	defaults set in the first pass through the parser.
+	[588ccd630367]
+
+2008-05-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, sudo.psf:
+	No point in packaging the TODO file
+	[9590248fffe1]
+
+	* ChangeLog:
+	sync
+	[152acf4c6813]
+
+2008-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
+	sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
+	Add env_file Defaults option that is similar to /etc/environment on
+	some systems.
+	[1daf53d51e18]
+
+2008-05-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
+	sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+	version.h, visudo.cat, visudo.man.in:
+	change version to 1.7.0
+	[d41d126b9bd8]
+
+	* UPGRADE:
+	initial valgrind pass done
+	[c59c3876d8ca]
+
+2008-04-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Fix typo/think in sudo_ldap_read_secret() when storing the secret.
+	[830d246c09b0]
+
+2008-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	define LDAPS_PORT if the system headers do not
+	[247b12325701]
+
+2008-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* gram.c, gram.y:
+	Fix another memory leak in init_parser().
+	[7bba47deba11]
+
+	* configure, configure.in:
+	There was a missing space before the ldap libs in SUDO_LIBS for some
+	configurations.
+	[7524cfc93759]
+
+	* alias.c, gram.c, gram.y, toke.c, toke.l:
+	Clean up some memory leaks pointed out by valgrind.
+	[a965866ece1a]
+
+2008-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	fix "sudo -s" broken by mode/flags breakout
+	[acffe984d408]
+
+	* configure, configure.in:
+	remove duplicate check for dgettext
+	[58145529133c]
+
+2008-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aix.c:
+	Fall back to default stanza if no user-specific limit is found.
+	[7b8cb29123ee]
+
+2008-04-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* snprintf.c:
+	include stdint.h if present
+	[f0ec38529306]
+
+	* snprintf.c:
+	Use LLONG_MAX, not the old QUAD_MAX
+	[01041ce508fb]
+
+2008-04-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.ldap.pod:
+	fix cut and pasto
+	[34240fdef5ab]
+
+2008-03-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c:
+	Add #ifdef PURITY
+	[ce1b571ad526]
+
+2008-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/bsdauth.c:
+	remove useless cast
+	[494f8a862e1d]
+
+2008-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ChangeLog:
+	sync
+	[f5c97ffaabcc]
+
+	* TODO:
+	sync
+	[96ff1c44c182]
+
+	* sudo.h:
+	Split MODE_* defines into primary and flags.
+	[c02ee3027cb9]
+
+2008-03-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aix.c:
+	It turns out the logic for getting AIX limits is more convoluted
+	than I realized and differs depending on whether the soft and/or
+	hard limits are defined.
+	[cf8d3f85d395]
+
+2008-03-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, configure, configure.in:
+	Back out AIX-specific change to set the sudo_noexec path to the .a
+	file, we do really want to use the .so file. Since libtool doesn't
+	do that correctly, just install the .so file ourselves in the
+	Makefile.
+	[05c6f33177d9]
+
+	* install-sh:
+	If the file given to install is a path, only use the basename of the
+	file when building the destination path.
+	[695ba4e429ce]
+
+2008-03-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	parse_args() cleanup: Sort command line options in the getopt()
+	switch The -U option requires a parameter Normalize a few ISSET
+	calls Split mode into mode and flags and retire the now-obsolete
+	excl variable
+	[0d156835f861]
+
+	* WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
+	sudo_usage.h.in:
+	Add -n (non-interactive) flag.
+	[e3e50400d32d]
+
+	* sudo.c:
+	Move version printing, etc. into a separate function.
+	[18c91b476e2c]
+
+	* sudo.c:
+	Don't try to cleanup nsswitch if it has not been initialized.
+	[aeb1ca1b399d]
+
+2008-03-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	Block SIGPIPE in send_mail() so sudo is not killed by a problem
+	executing the mailer.
+	[f130e7924cca]
+
+2008-03-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	AIX shared libs end in .a, not .so.
+	[a5deb07020d8]
+
+2008-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Preserve HOME by default too. Matches documentation and previous
+	behavior.
+	[c16f17f1047c]
+
+2008-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Use getopt() to parse the command line. We need to be able to
+	intersperse env variables and options yet still honor "--"" which
+	complicates things slightly.
+	[60f271ce5c16]
+
+2008-03-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ChangeLog:
+	sync
+	[685e67964eda]
+
+	* acsite.m4, configure, ltmain.sh:
+	update to libtool-1.5.26
+	[4c9a8c3d3b40]
+
+	* config.guess, config.sub:
+	update from libtool-1.5.26 distribution
+	[c6641aef2527]
+
+	* aix.c, sudo.h:
+	attempt to fix compilation errors on AIX
+	[edb13e5b2184]
+
+	* Makefile.in:
+	fix typo in last commit
+	[25ba7f7ceae4]
+
+	* Makefile.in:
+	Add WHATSNEW file to the distribution
+	[213f4115de8f]
+
+	* visudo.c:
+	use warningx instead of fprintf(stderr, ...)
+	[a3494b8ccb19]
+
+	* list.c:
+	add DEBUG to list2tq
+	[115d24a3000c]
+
+	* ChangeLog, TODO:
+	sync
+	[60e6f4d1fac0]
+
+	* WHATSNEW:
+	mention mailfrom
+	[e2498f9e18d6]
+
+	* Makefile.in, aix.c, config.h.in, configure, configure.in,
+	set_perms.c, sudo.h:
+	Add aix_setlimits() to set resource limits on AIX using a
+	combination of getuserattr() and setrlimit(). Currently untested.
+	[9b1441fd89ca]
+
+2008-03-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
+	sudoers.man.in, sudoers.pod:
+	Add mailfrom Defaults option that sets the value of the From: field
+	in the warning/error mail. If unset the login name of the invoking
+	user is used.
+	[029b9f05d3d9]
+
+	* defaults.c:
+	store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
+	[a90e407d5e00]
+
+	* gram.c, gram.y:
+	When adding a default, only call list2tq() once to do the list to tq
+	conversion. It is not legal to call list2tq multiple times on the
+	same list since list2tq consumes and modifies the list argument.
+	[fbc25d245c4a]
+
+	* sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+	comment out XXXs for now
+	[595a1d43309d]
+
+	* WHATSNEW:
+	mention askpass
+	[b993e0837c22]
+
+2008-03-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Error out if both -A and -S are specified Error out if -A is
+	specified but no askpass is configured
+	[24f1df2638f6]
+
+	* configure, configure.in:
+	we are not going to ship a sudo-specific askpass
+	[61949e7a3943]
+
+2008-03-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.h:
+	fix definition of TGP_ASKPASS
+	[0447c57ba4c3]
+
+	* def_data.c, def_data.in:
+	make askpass boolean-capable
+	[e0885893a325]
+
+	* INSTALL:
+	document --with-askpass
+	[c76e15ba97cf]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+	sudoers.man.in, visudo.cat:
+	regen
+	[8d16242980b7]
+
+2008-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod, sudo_usage.h.in, sudoers.pod:
+	document -A and askpass
+	[02c07505a78c]
+
+	* auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
+	def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
+	sudo_usage.h.in, tgetpass.c:
+	Add support for running a helper program to read the password when
+	no tty is present (or when specified with the -A flag). TODO: docs.
+	[05780f5f71fd]
+
+	* def_data.c, def_data.in:
+	add missing printf format to SELinux role and type strings
+	[2b32774715e7]
+
+2008-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, configure, configure.in:
+	Disable use of gss_krb5_ccache_name() by default and add
+	--enable-gss-krb5-ccache-name configure option to enable it. It
+	seems that gss_krb5_ccache_name() doesn't work properly with some
+	combinations of Heimdal and OpenLDAP.
+	[f61ebd3b19bd]
+
+2008-02-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* selinux.c:
+	Ignore setexeccon() failing in permissive mode. Also add a call to
+	setkeycreatecon() (though this is probably insufficient). From Dan
+	Walsh.
+	[52564fc1c069]
+
+	* auth/pam.c:
+	Only set std_prompt for the PAM_PROMPT_* cases. The conversation
+	function may be called for non-password reading purposes so we must
+	be careful not to use def_prompt in cases where it may not be set.
+	[29d88ca575ba]
+
+2008-02-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* selinux.c:
+	Don't free the new tty context, we need to keep it around when we
+	restore the tty context after the command completes
+	[5b4bd39b6ea8]
+
+2008-02-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* selinux.c:
+	s/newrole/sudo/
+	[21b8a96ff8df]
+
+	* sudo.man.pl, sudo.pod:
+	Only put login_cap(3) in SEE ALSO section if we have login.conf
+	support
+	[05250ddff2c0]
+
+2008-02-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+	sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+	regen
+	[301e5c5ccdbe]
+
+	* sudoers.pod:
+	Substitute in comment characters for lines partaining to login.conf,
+	BSD auth and SELinux and only enable them if pertinent.
+	[c1c98fa163ce]
+
+	* sudoers.man.pl:
+	Substitute in comment characters for lines partaining to login.conf,
+	BSD auth and SELinux and only enable them if pertinent.
+	[6c88f30b878a]
+
+	* sudo.pod:
+	Substitute in comment characters for lines partaining to login.conf,
+	BSD auth and SELinux and only enable them if pertinent.
+	[acdbdfd24e1d]
+
+	* sudo.man.pl:
+	Substitute in comment characters for lines partaining to login.conf,
+	BSD auth and SELinux and only enable them if pertinent.
+	[0c56d4750ac3]
+
+	* Makefile.in, configure, configure.in:
+	Substitute in comment characters for lines partaining to login.conf,
+	BSD auth and SELinux and only enable them if pertinent.
+	[9a02bd6a6658]
+
+	* Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
+	Remove the =cut on the first line (above the copyright notice) to
+	quiet pod2man. Also remove the hackery in the FILES section and
+	just deal with the fact that there will a newline between each
+	pathname.
+	[2ac1ab191835]
+
+2008-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	run sudo.man.pl when generating sudo.man.in
+	[859727369168]
+
+	* configure, configure.in, sudo.man.pl:
+	comment out SELinux manual bits unless --with-selinux was specified
+	[97ff4212b649]
+
+	* sudoers.pod:
+	document role and type defaults for SELinux
+	[870f303366b3]
+
+	* sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
+	Document "sudo -ll" and make "sudo -l -l" be equivalent.
+	[3ce6dc429ea3]
+
+2008-02-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
+	Debian GNU/kFreeBSD.
+	[c4efa567a328]
+
+2008-02-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/kerb5.c:
+	Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
+	verify_krb_v5_tgt()
+	[f80538e5a6fa]
+
+	* logging.c, logging.h, sudo.c:
+	Remove dependence on VALIDATE_NOT_OK in logging functions. Split
+	log_auth() into log_allowed() and log_denial() Replace mail_auth()
+	with should_mail() and a call to send_mail()
+	[58aac9997557]
+
+2008-02-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Add debugging so we can tell if the krb5 ccache is accessible
+	[c679322527bb]
+
+	* INSTALL:
+	mention --with-selinux
+	[9efbe0b52194]
+
+2008-02-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[467a834f867c]
+
+	* selinux.c:
+	add Sudo tag
+	[d004ee669bed]
+
+	* sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
+	sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
+	testsudoers.c, toke.c, toke.l:
+	Add support for SELinux RBAC. Sudoers entries may specify a role
+	and type. There are also role and type defaults that may be used.
+	To make sure a transition occurs, when using RBAC commands are
+	executed via the new sesh binary. Based on initial changes from Dan
+	Walsh.
+	[1d4abfe2c004]
+
+	* sesh.c:
+	Add support for SELinux RBAC. Sudoers entries may specify a role
+	and type. There are also role and type defaults that may be used.
+	To make sure a transition occurs, when using RBAC commands are
+	executed via the new sesh binary. Based on initial changes from Dan
+	Walsh.
+	[1e3b395ce049]
+
+	* Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
+	def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
+	pathnames.h.in, selinux.c:
+	Add support for SELinux RBAC. Sudoers entries may specify a role
+	and type. There are also role and type defaults that may be used.
+	To make sure a transition occurs, when using RBAC commands are
+	executed via the new sesh binary. Based on initial changes from Dan
+	Walsh.
+	[6b421948286e]
+
+2008-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
+	Add long list (sudo -ll) support for printing verbose LDAP and
+	sudoers file entries. Still need to update manual.
+	[2875be37935c]
+
+2008-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
+	Unify the -l output for file and ldap based sudoers and use lbufs
+	for both. The ldap output does not currently include options that
+	cannot be represented as tags. This will be remedied in a long list
+	output mode to come.
+	[b2e429456596]
+
+2008-01-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	Use a specific error message for errno == EAGAIN when setuid() et al
+	fails. On Linux systems setuid() will fail with errno set to EAGAIN
+	if changing to the new uid would result in a resource limit
+	violation.
+	[08d0aecd9f03]
+
+	* sudo.c:
+	Unlimit nproc on Linux systems where calling the setuid() family of
+	syscalls causes the nroc resource limit to be checked. The limits
+	will be reset by pam_limits.so when PAM is used. In the non-PAM
+	case the nproc limit will remain unlimited but there doesn't seem to
+	be a way around that other than having sudo parse
+	/etc/security/limits.conf directly.
+	[df024b415a8d]
+
+	* env.c, sudo.c, sudo.pod:
+	Only read /etc/environment on Linux and AIX
+	[90669e2aefdb]
+
+2008-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
+	ldap.conf and ldap.secret paths from going into config.h. Avoid
+	single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
+	since in some versions of bash they will end up literally in the
+	resulting define.
+	[25390f3ef10a]
+
+2008-01-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README.LDAP:
+	mention --with-nsswitch=no
+	[c509df927263]
+
+	* configure, configure.in:
+	ldap_ssl.h depends on ldap.h being included first
+	[d96d90e9b21f]
+
+	* config.h.in, configure, configure.in, ldap.c:
+	Include ldap_ssl.h if we can find it. Needed for the
+	ldapssl_set_strength defines on HP-UX at least.
+	[9e530470948a]
+
+	* sudoers.ldap.pod:
+	sync
+	[b9d101f4673a]
+
+	* TODO:
+	sync
+	[2ce951b2ecd0]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+	sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+	regen
+	[b61d793987e0]
+
+	* Makefile.in:
+	Use 78n line length when formatting cat pages.
+	[761bee9d5759]
+
+	* README.LDAP:
+	Remove redundant info that is now in sudoers.ldap.pod
+	[01828dcce59e]
+
+2008-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+	Reorganize the first section a bit. Substitute the proper path for
+	/etc/sudoers.
+	[11ae165e065d]
+
+	* sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+	Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
+	schema into EXAMPLES
+	[ab6509d1dde7]
+
+	* configure, configure.in:
+	Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
+	sudoers.ldap.man.
+	[6e689972f465]
+
+	* configure, configure.in:
+	substitute for sudoers.ldap.man
+	[5a4a25766dee]
+
+	* Makefile.in:
+	Fix cut & pasto introduced when adding sudoers.ldap man page.
+	[a7b069af8894]
+
+	* sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+	Fill in some of the missing pieces. Still needs some reorganization
+	and editing.
+	[5e7331722166]
+
+2008-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
+	sudoers.ldap.pod:
+	Beginnings of a sudoers.ldap man page. Currently, much of the
+	information is adapted from README.LDAP.
+	[aad28c8a922d]
+
+2008-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c:
+	When copying gr_mem we must guarantee that the storage space for
+	gr_mem is properly aligned. The simplest way to do this is to
+	simply store gr_mem directly after struct group. This is not a
+	problem for gr_passwd or gr_name as they are simple strings.
+	[af58fc76f1ed]
+
+	* ldap.c:
+	Fix a typo/thinko in one of the calls to
+	sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
+	[70b2eb8097f5]
+
+2008-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, ldap.c:
+	include <mps/ldap_ssl.h> in ldap.c if available
+	[34346206ef16]
+
+2008-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* gram.c, gram.y:
+	Make sure we define SIZE_MAX for yacc's skeleton.c
+	[d8a45c7a3c42]
+
+	* tgetpass.c:
+	Use TCSAFLUSH when restoring terminal settings (and echo) to
+	guarantee that any pending output is discarded
+	[549a184479e5]
+
+2008-01-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers:
+	no longer need to specify SETENV when user has sudo ALL
+	[3051b41f8032]
+
+	* testsudoers.c:
+	sync user_args size calculation with sudo.c Add -g group option,
+	renaming old -g to -G Add set_runasgr() and set_runaspw() and use
+	them
+	[0850325180f0]
+
+	* sudo.c, sudo.h:
+	Make set_runaspw static void
+	[5d44d7a340ce]
+
+	* testsudoers.c, visudo.c:
+	g/c set_runaspw stub
+	[79ebb5e2cc38]
+
+	* configure, configure.in:
+	Don't add -llber twice.
+	[4356d302eef4]
+
+2008-01-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	fix typo
+	[249cecc557e9]
+
+2008-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* gram.c:
+	regen
+	[2f94ea375b67]
+
+	* configure, configure.in:
+	Fix check that determines whether -llber is required.
+	[6afa99523379]
+
+	* README.LDAP, config.h.in, configure, configure.in, ldap.c:
+	For netscape-based LDAP, use ldapssl_set_strength() to implement the
+	checkpeer ldap.conf option.
+	[16ae24d73795]
+
+	* auth/kerb5.c:
+	Delay krb5_cc_initialize() until we actually need to use the cred
+	cache, which is what krb5_verify_user() does. Better cleanup on
+	failure.
+	[d12e5f1695b8]
+
+2008-01-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/kerb5.c:
+	Rewrite verify_krb_v5_tgt() based on what heimdal's
+	krb5_verify_user() does.
+	[05b5815f86c9]
+
+2008-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* gram.c:
+	The U suffix on constants is an ANSI feature
+	[c6dfce3167f1]
+
+	* configure, configure.in:
+	Add check for ber_set_option() in -llber
+	[43d0c0566074]
+
+2008-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README.LDAP:
+	default if no nsswitch.conf is files only
+	[c13001d9c998]
+
+2008-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README.LDAP:
+	don't tell people to mail aaron about LDAP stuff
+	[8165ec1ef0c6]
+
+	* README.LDAP:
+	timelimit and bind_timelimit
+	[44f74cbed167]
+
+	* ChangeLog:
+	sync
+	[aba1a0ab02bd]
+
+	* ldap.c:
+	Move ldap.secret reading into a separate function.
+	[1948acc9f7a4]
+
+	* check.c:
+	user_runas -> runas_pw
+	[334490fc2bae]
+
+2008-01-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO:
+	sync
+	[c7b165cc47c6]
+
+	* check.c, sudo.pod, sudoers.pod:
+	Add and document the %p escape in the password prompt. Based on a
+	patch from Patrick Schoenfeld.
+	[3972d4f31ffa]
+
+	* ldap.c:
+	Check strlcpy() return values.
+	[9b42f3ae8ff1]
+
+	* ldap.c:
+	refactor ldap binding code into sudo_ldap_bind_s()
+	[cb0c66a4d955]
+
+	* README.LDAP:
+	Make it clear that host and uri can take multiple parameters. URI is
+	now supported for more than just openldap nsswitch.conf does't
+	accept "compat"
+	[f610dea656d6]
+
+	* sudo.c:
+	comment cleanup and update (c) year
+	[6cd69c810ca5]
+
+	* parse.c, sudo_nss.c:
+	Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
+	This should make it possible to build an LDAP-only sudo binary.
+	[61c3f27066a0]
+
+	* ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
+	Improve chaining of multiple sudoers sources by passing in the
+	previous return value to the next in the chain
+	[2c0b722b1b2d]
+
+	* gram.y:
+	Free up parser data structures in sudo_file_close().
+	[2251531d4519]
+
+	* gram.c, parse.c:
+	Free up parser data structures in sudo_file_close().
+	[8371f130f401]
+
+	* ldap.c:
+	Parse uri ourself if no ldap_initialize() is present Use
+	ldap_create() instead of deprecated ldap_init() Use
+	ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
+	[85d3825b1953]
+
+	* config.h.in, configure, configure.in:
+	Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
+	CFLAGS
+	[240524512bc5]
+
+2008-01-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in:
+	add check for ldap_create
+	[3089badd73b8]
+
+2008-01-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, ldap.c:
+	Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
+	dn using the mechanism appropriate for the LDAP SDK in use. Use
+	ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
+	ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
+	[6deeca3d00cc]
+
+	* lbuf.c:
+	include unistd.h
+	[8419ed0bae7f]
+
+	* config.h.in, configure.in:
+	fix typo in mtim_getnsec
+	[2d5f21230a60]
+
+2008-01-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in:
+	add check for st__tim in struct stat as used by SCO
+	[587060ea2a89]
+
+	* ldap.c:
+	use ldap_search_ext_s instead of deprecated ldap_search_s
+	[5fc44fe3b44c]
+
+	* Makefile.in, TODO, sudo.cat, sudo.man.in:
+	add sudo_nss.h to HDRS
+	[86f01a70ff29]
+
+	* ldap.c:
+	Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
+	ldap_rdn2str().
+	[aa217002cfae]
+
+2008-01-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Use ldap_get_values_len()/ldap_value_free_len() instead of the
+	deprecated ldap_get_values()/ldap_value_free().
+	[e22dceb85e57]
+
+	* ChangeLog:
+	sync
+	[adad27b36107]
+
+	* TODO:
+	sync
+	[c449eb47e0ef]
+
+	* gettime.c, sudo.c:
+	Remove some already fixed XXXs
+	[532788d0e6da]
+
+	* ldap.c:
+	Same return value as non-existent sudoers if LDAP was unable to
+	connect.
+	[5819810e8e4e]
+
+	* sudo.pod:
+	mention /etc/environment
+	[ea8e6102f853]
+
+	* README.LDAP, UPGRADE, WHATSNEW:
+	Update to reflect recent developments.
+	[ed1fb026fe77]
+
+	* sudo.c:
+	Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
+	[55b68a58260d]
+
+	* ldap.c:
+	When building up a query don't list groups in the aux group vector
+	that are the same as the passwd file group. On most systems the
+	first gid in the group vector is the same as the passwd entry gid.
+	[4bb51e297e0d]
+
+	* env.c, ldap.c:
+	Define LDAPNOINIT before calling ldap_init(), etc. to disable user
+	ldaprc and system defaults that could affect how LDAP works.
+	[ce5036440db2]
+
+	* INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
+	sudo_nss.c, sudo_nss.h:
+	Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
+	to specify nsswitch.conf path or disable it. If --with-nsswitch=no
+	but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
+	file and --with-ldap-secret-file
+	[ea5d7704381f]
+
+	* parse.c:
+	Honor def_ignore_local_sudoers
+	[f38e1121fae1]
+
+2007-12-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	no longer need to check def_ignore_local_sudoers here
+	[fce2a72f96fb]
+
+	* parse.c:
+	Refactor group vector resetting into a function and also call it
+	from display_cmnd. Stop after the first sucessful match in
+	display_cmnd. Print a newline between each display_privs method.
+	[981b37b5adff]
+
+	* parse.c:
+	fix double free introduced in rev 1.218
+	[c574b02d8747]
+
+	* ldap.c:
+	belt and suspenders; zero out result after freeing it
+	[7732988d4620]
+
+	* env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
+	Refactor line reading into a separate function, sudo_parseln(),
+	which removes comments, leading/trailing whitespace and newlines.
+	May want to rethink the use of sudo_parseln() for /etc/ldap.secret
+	[61d9068f0645]
+
+	* parse.c, sudo.c:
+	Make the inability to read the sudoers file a non-fatal error if
+	there are other sudoers sources available. sudoers_file_lookup now
+	returns "not OK" if sudoers was not present
+	[643babf597a8]
+
+	* ldap.c:
+	make it clear that the global options are from LDAP
+	[9ff950349463]
+
+	* logging.c:
+	allocate proper amount of space for error string
+	[8bebb7d46d19]
+
+	* sudo_nss.c, sudo_nss.h:
+	actual sudo nss code
+	[5bd7d52d7738]
+
+	* ldap.c, parse.c, sudo.c, sudo.h:
+	nss-ify display_privs and display_cmnd.
+	[cccfdd3253f2]
+
+	* defaults.c, parse.c, testsudoers.c, visudo.c:
+	move update_defaults() to parse.c
+	[ace144b958a9]
+
+	* Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
+	Use nsswitch to hide some sudoers vs. ldap implementation details
+	and reduce the number of #ifdef LDAP TODO: fix display routines and
+	error handling
+	[6225edde89a6]
+
+2007-12-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
+	First cut at nsswitch.conf support. Further reorganizaton and
+	related changes are forthcoming.
+	[717f59d0790b]
+
+2007-12-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c, pathnames.h.in, sudo.c, sudo.h:
+	Add support for reading and /etc/environment file. Still needs to
+	be documented and should probably only applies to OSes that have it
+	(AIX and Linux, maybe others).
+	[15d3edae27e4]
+
+	* ldap.c:
+	include limits.h
+	[e19875ef0f82]
+
+2007-12-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW:
+	reword LDAP SASL
+	[7ec3c4ec31b5]
+
+2007-12-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO:
+	sync
+	[87c5a7aea7bf]
+
+	* README.LDAP:
+	Add an example sudoRole, clarify netscape vs. openldap a bit more
+	[6f96c0ca8107]
+
+	* README.LDAP:
+	Be clear on what is OpenLDAP vs. Netscape-derived
+	[a33c8314dec5]
+
+	* config.h.in, configure, configure.in, ldap.c:
+	Use ldapssl_init() for ldaps support instead of trying to do it
+	manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
+	and tls_key for cert7.db and key3.db respectively. Don't print
+	debugging info for options that are not set. Add warning if
+	start_tls specified when not supported.
+	[abb62dc7e4a3]
+
+	* ldap.c:
+	fix compilation on solaris
+	[03d449684e80]
+
+	* Makefile.in:
+	add missing .h and .c files for missing lib objs
+	[8b37825bdfc7]
+
+2007-12-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	fix LDAP_OPT_NETWORK_TIMEOUT setting
+	[226eba89c0ad]
+
+	* ldap.c:
+	fix compilation on Solaris
+	[917d47639eb6]
+
+2007-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	fix typo
+	[009d5c81b225]
+
+	* README.LDAP:
+	try to clear up which variables are for OpenLDAP and which are for
+	netscape-derived SDKs
+	[f8d9823ee73c]
+
+	* config.h.in, configure, configure.in, ldap.c:
+	Add support for "ssl on" in both netscape and openldap flavors. Only
+	the OpenLDAP flavor has been tested.
+	[952745829ec5]
+
+	* logging.c, sudo.c, sudo.h:
+	Call cleanup() before exit in log_error() instead of calling
+	sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
+	[da02d1b67a2c]
+
+	* sudo.c:
+	ld -> ldap_conn
+	[01afa6d927cc]
+
+2007-12-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c, sudo.c, sudo.h:
+	Better ldap cleanup.
+	[25b9abe2d617]
+
+	* ldap.c:
+	Distinguish between LDAP conf settings that are connection-specific
+	(which take an ld pointer) and those that are default settings
+	(which do not).
+	[d48dc6c9c3b4]
+
+2007-12-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Improved warnings on error.
+	[c8dce7b4feb4]
+
+	* ldap.c:
+	Make ldap config table driven and set the config *after* we open the
+	connection.
+	[d9698b5a2681]
+
+2007-12-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
+	[598c6df06660]
+
+	* configure, configure.in:
+	some operating systems need to link with -lkrb5support when using
+	krb5
+	[8896365dde9e]
+
+2007-12-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW:
+	minor update
+	[acfeeb7f4886]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+	regen
+	[a3c6699674f9]
+
+2007-12-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ChangeLog, TODO:
+	sync
+	[138e99b925ee]
+
+	* ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
+	add -g support for LDAP
+	[8fc27dbe9287]
+
+2007-12-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
+	The -i and -s flags can now take an optional command.
+	[6afec104ee77]
+
+2007-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
+	sudoers.pod:
+	Add passprompt_override flag to sudoers that will cause the prompt
+	to be overridden in all cases. This flag is also set when the user
+	specifies the -p flag.
+	[e4c5402131a6]
+
+	* sudo.c:
+	Move setting of login class until after sudoers has been parsed. Set
+	NewArgv[0] for -i after runas_pw has been set.
+	[62a48c8c56fa]
+
+	* configure, configure.in:
+	Move the dgettext check.
+	[5fd8a4712d1c]
+
+2007-12-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c, config.h.in, configure, configure.in:
+	Add basic support for looking up the string "Password: " in the PAM
+	localized text db. This allows us to determine whether the PAM
+	prompt is the default "Password: " one even if it has been
+	localized.
+
+	TODO: concatenate non-std PAM prompts and user-specified sudo
+	prompts.
+	[81c25a415d41]
+
+2007-11-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, config.h.in, configure, configure.in, parse.c,
+	set_perms.c, sudo.c, sudo.h:
+	Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
+	insufficient.
+	[1cce6ec1a91e]
+
+	* acsite.m4, configure, interfaces.c, memrchr.c:
+	Fix typos; Martynas Venckus
+	[be1233cca11a]
+
+2007-11-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	Don't assume runas_pw is set; it may not be in the -g case.
+	[aa11bd2193ac]
+
+2007-11-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c, set_perms.c:
+	Set aux group vector for PERM_RUNAS and restore group vector for
+	PERM_ROOT if we previously changed it. Stash the runas group vector
+	so we don't have to call initgroups more than once. Also add no-op
+	check to check_perms.
+	[53837fc755f7]
+
+2007-11-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
+	ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
+	pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
+	sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
+	testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
+	Add support for runas groups. This allows the user to run a command
+	with a different effective group. If the -g option is specified
+	without -u the command will be run as the current user (only the
+	group will change). the -g and -u options may be used together.
+	TODO: implement runas group for ldap improve runas group
+	documentation add testsudoers support
+	[9019309df6d0]
+
+	* configure, configure.in:
+	fix setting of mandir
+	[2c60f269399f]
+
+	* sudo.pod, sudoers.pod:
+	document that ALL implies SETENV
+	[bcc8e5b703b9]
+
+	* ldap.c:
+	s/setenv_ok/setenv_implied/g
+	[f005df2c2eea]
+
+	* ldap.c:
+	hostname_matches() returns TRUE on match in sudo 1.7.
+	[c3d4377b6e8b]
+
+	* ldap.c:
+	use strcmp, not strcasecmp when comparing ALL
+	[e486024574a1]
+
+	* ldap.c:
+	Make sudo ALL imply setenv. Note that unlike with file-based
+	sudoers this does affect all the commands in the sudoRole.
+	[bc12f54321d1]
+
+	* gram.c, gram.y, parse.c, parse.h:
+	sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
+	it is not passed on to other commands in the list.
+	[026e2cb40680]
+
+	* visudo.c:
+	Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
+	sudo_getpwuid() instead of getpwuid().
+	[86f30a8fbd49]
+
+2007-11-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers:
+	Expand on the dangers of not using visudo to edit sudoers.
+	[e434e8057d02]
+
+2007-11-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Don't quote *?[]! on output since the lexer does not strip off the
+	backslash when reading those in.
+	[561da4a13afa]
+
+2007-11-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* glob.c:
+	expand "u_foo" types to "unsigned foo" to avoid compatibility
+	issues.
+	[b0d7c64d78c3]
+
+2007-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	Refactor log line generation in to new_logline().
+	[6a9b9730615d]
+
+2007-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TROUBLESHOOTING:
+	fix typo
+	[9e19d4f86e47]
+
+2007-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, interfaces.c, interfaces.h,
+	match.c:
+	Add configure check for struct in6_addr instead of relying on
+	AF_INET6 since some systems define AF_INET6 but do not include IPv6
+	support.
+	[e24082c416bd]
+
+2007-10-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
+	use.
+	[76a9df4a63be]
+
+2007-10-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	POSIX states that struct timespec be declared in time.h so check
+	there regardless of the value of TIME_WITH_SYS_TIME.
+	[e42c55ec9daf]
+
+2007-10-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	Instead of defining a macro to call the appropriate method for
+	turning on/off echo, just define tc[gs]etattr() and the related
+	defines that use the correct terminal ioctls if needed. Also go back
+	to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
+	[5dfb2379d995]
+
+2007-10-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	g/c @ALLOCA@
+	[e6946c2e3820]
+
+	* configure:
+	regen
+	[9bac7159a138]
+
+	* INSTALL, auth/pam.c, config.h.in, configure.in:
+	Add --disable-pam-session configure option to disable calling
+	pam_{open,close}_session. May work around bugs in some PAM
+	implementations.
+	[273d0fdb4a9d]
+
+2007-10-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	quiet gcc warnings
+	[325565c5a579]
+
+	* tgetpass.c:
+	Avoid printing the prompt if we are already backgrounded. E.g. if
+	the user runs "sudo foo &" from the shell. In this case, the call
+	to tcsetattr() will cause SIGTTOU to be delivered.
+	[db2139a8d8b8]
+
+2007-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* def_data.c, def_data.h, def_data.in:
+	Reorder things such that the definition of env_reset come right
+	before the env variable lists.
+	[e0d8e22a581a]
+
+	* parse.h:
+	Shrink type and seqno in struct alias from int to u_short
+	[9425263dd565]
+
+	* alias.c, match.c, parse.c, parse.h:
+	Add a sequence number in the aliases for loop detection. If we find
+	an alias with the seqno already set to the current (global) value we
+	know we've visited it before so ignore it.
+	[301a0548ffff]
+
+2007-09-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO, auth/pam.c, sudo.c, sudo.h:
+	PAM wants the full tty path so add user_ttypath which holds the full
+	path to the tty or is NULL if no tty was present.
+	[c7c1dd4b36c8]
+
+	* auth/pam.c:
+	Set PAM_RHOST to work around a bug in Solaris 7 and lower that
+	results in a segv.
+	[3a8865b3a357]
+
+2007-09-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* gram.c:
+	regen
+	[5647be127950]
+
+	* alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
+	parse.h, testsudoers.c, visudo.c:
+	rename lh_ -> tq_
+	[8f500c542c4a]
+
+2007-09-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* alloc.c:
+	remove some useless casts
+	[409a448b23f5]
+
+	* alloc.c:
+	pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
+	predates the final C99 spec and the standard specifies that it shall
+	include stdint.h anyway
+	[ae478fdef61a]
+
+2007-09-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, alloca.c, configure.in:
+	Since we ship with a pre-generated parser there is no need to ship a
+	bogus alloca implementation.
+	[3f611a7cc0e5]
+
+	* configure:
+	regen
+	[771eccf5269c]
+
+	* configure.in:
+	remove initial setting of CHECKSIA, we require that it be unset if
+	not used
+	[a2e91adc5aa2]
+
+	* Makefile.in:
+	add list.c to SRCS
+	[7db0e56cf5b9]
+
+	* configure:
+	regen
+	[3716ec30172e]
+
+	* configure.in:
+	only do SIA checks on Digital Unix
+	[6a96e1af2597]
+
+2007-09-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[ac1dc29de72b]
+
+	* ChangeLog, TODO:
+	sync
+	[781effce0a2d]
+
+	* auth/kerb5.c:
+	Remove call to krb5_cc_register() as it is not needed for modern
+	kerb5.
+	[351b8b764f16]
+
+	* configure:
+	regen
+	[ac21dbcc9c2c]
+
+	* aclocal.m4, configure.in:
+	New method for setting the default authentication type and avoiding
+	conflicts in auth types.
+	[5fb15be11f78]
+
+	* match.c, parse.c, testsudoers.c:
+	Each entry in a cmndlist now has an associated runaslist so no need
+	to keep track of the most recent non-NULL one.
+	[582e015786b0]
+
+2007-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	back out partial ldaps support mistakenly committed
+	[357703e94b2d]
+
+	* ldap.c:
+	Add support for unix groups and netgroups in sudoRunas
+	[2f04eb91c6d0]
+
+2007-09-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_edit.c:
+	Fix sudoedit of a non-existent file. From Tilo Stritzky.
+	[a5488a03bddd]
+
+2007-09-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[541177376ee1]
+
+	* INSTALL:
+	update --passprompt escape info
+	[6d57db4cd538]
+
+	* configure.in:
+	remove now-bogus comment and update copyright date
+	[6a4af45fa331]
+
+	* configure.in:
+	Fix up use of with_passwd
+	[7c79d8640f77]
+
+	* acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
+	Update to autoconf-2.61 andf libtool-1.5.24
+	[045259b0b439]
+
+	* Makefile.in:
+	"cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
+	[f5b6a7afb817]
+
+2007-09-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* gram.c:
+	regen
+	[b5b78e71d2cb]
+
+	* gram.y:
+	move tags and runaslist propagation to be earlier
+	[94f7805f4489]
+
+	* visudo.c:
+	If -f flag given use the permissions of the original file as a
+	template
+	[9303d22bddb0]
+
+	* gram.y:
+	prevent a double free() when re-initing the parser
+	[5b3907c4de5a]
+
+2007-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[49a90b19a17d]
+
+	* aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
+	auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
+	auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
+	configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
+	parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
+	sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
+	Remove support for compilers that don't support void *
+	[35e1d01ae197]
+
+	* gram.c:
+	regen
+	[70ce412a458a]
+
+	* Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
+	parse.c, parse.h, testsudoers.c, visudo.c:
+	Move list manipulation macros to list.h and create C versions of the
+	more complex ones in list.c. The names have been down-cased so they
+	appear more like normal functions.
+	[9cea0e281148]
+
+	* Makefile.in:
+	Fix cmp command when regenerating parser. Make gram.o the first
+	dependency for all programs so gram.h will be generated before
+	anything that needs it.
+	[429ea065abf1]
+
+	* gram.y, parse.h:
+	Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
+	[2f3433833589]
+
+	* match.c, parse.c, testsudoers.c:
+	Use LH_FOREACH_REV when checking permission and short-circuit on the
+	first non-UNSPEC hit we get for the command. This means that
+	instead of cycling through the all the parsed sudoers entries we
+	start at the end and work backwards and quit after the first
+	positive or negative match.
+	[881474532f3e]
+
+	* gram.c:
+	regen
+	[9152a19d4188]
+
+	* defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
+	Change list head macros to take a pointer, not a struct.
+	[054f1dcce4cc]
+
+	* gram.c:
+	regen
+	[be154aae6235]
+
+	* gram.y:
+	Propagate the runasspec from one command to the next in a cmndspec.
+	[4957b1cb03a3]
+
+2007-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	Replace has_meta() with a macro that calls strpbrk().
+	[a2e58846a542]
+
+	* regen
+	[5a932a5c9451]
+
+	* alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
+	testsudoers.c, visudo.c:
+	Use a list head struct when storing the semi-circular lists and
+	convert to tail queues in the process. This will allow us to
+	reverse foreach loops more easily and it makes it clearer which
+	functions expect a list as opposed to a single member.
+
+	Add macros for manipulating lists. Some of these should become
+	functions.
+
+	When freeing up a list, just pop off the last item in the queue
+	instead of going from head to tail. This is simpler since we don't
+	have to stash a pointer to the next member, we always just use the
+	last one in the queue until the queue is empty.
+
+	Rename match functions that take a list to have list in the name.
+	Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
+	[7c37b271607a]
+
+	* parse.c:
+	Fix pasto, append "!" not negated (which is an int) for sudo -l
+	output.
+	[93a444c3997f]
+
+	* Makefile.in:
+	Remove the dependency of gram .h on gram.y, the .c dependency is
+	enough. Only move y.tab.h to gram.h if it is different; avoids
+	needless rebuilding.
+	[67bf4ea2a2e5]
+
+2007-08-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Defaults lines may be associated with lists of users, hosts,
+	commands and runas users, not just single entries.
+	[795effacb6be]
+
+2007-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Revert the "cmp" portion of the last diff, it doesn't make sense.
+	[26f34bf4e2e3]
+
+	* Makefile.in:
+	Remove *.lo for clean: When generating the parser, only move the
+	generated files into place if they differ from the existing ones.
+	[84673fea371b]
+
+2007-08-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	Replace IPV6 regexp with a much simpler (readable) one and add an
+	extra check when it matches to make sure we have a valid address.
+	[592e9f690556]
+
+	* match.c:
+	Fix thinko introduced when merging IPV6 support.
+	[da38cd5eb8c7]
+
+2007-08-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* HISTORY, LICENSE:
+	regen
+	[0d7b27b90634]
+
+	* license.pod:
+	add 2007
+	[510e5048ae1a]
+
+	* UPGRADE:
+	mention #uid vs. comment pitfall
+	[4d2861898bcc]
+
+	* acsite.m4:
+	Merge in a patch from the libtool cvs that fixes a problem with the
+	latest autoconf. From Stepan Kasal.
+	[0c279ae7df3e]
+
+	* parse.h:
+	Back out he XOR swap trick, it is slower than a temp variable on
+	modern CPUs.
+	[91c4b024e317]
+
+	* gram.c:
+	regen
+	[cb6d4106fb74]
+
+	* gram.y, parse.h:
+	Convert the tail queue to a semi-circle queue and use the XOR swap
+	trick to swap the prev pointers during append.
+	[8bf4d9fbee58]
+
+2007-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.h:
+	remove useless statement
+	[421ec1dd73e6]
+
+	* toke.c, toke.l:
+	Refactor #include parsing into a separate function and return
+	unparsed chars (such as newline or comment) back to the lexer.
+	[64166917aa3d]
+
+2007-08-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW:
+	mention better uid support
+	[56f510e7f2ec]
+
+	* sudoers.pod:
+	Users may now consist of a uid.
+	[5fd31b2c55ed]
+
+	* gram.c, gram.h, toke.c:
+	regen
+	[599e58af6dc1]
+
+	* parse.c:
+	Use lbuf_append_quoted() for sudo -l output to quote characters that
+	would require quoting in sudoers.
+	[3132d05c990a]
+
+	* lbuf.c, lbuf.h:
+	Add lbuf_append_quoted() which takes a set of characters which
+	should be quoted with a backslash when displayed.
+	[ab09bebb1d65]
+
+	* toke.l:
+	Require that the first character after a comment not be a digit or a
+	dash. This allows us to remove the GOTRUNAS state and treat
+	uid/gids similar to other words. It also means that we can now
+	specify uids in User_Lists and a User_Spec may now contain a uid.
+	[461fe01f8392]
+
+	* gram.y, toke.l:
+	Replace RUNAS token with '(' and ')' tokens to make the runas
+	portion of the grammar more natural.
+	[e0c383b4684d]
+
+	* BUGS:
+	The BUGS file is history
+	[4d9a809585c7]
+
+	* Makefile.in, README:
+	The BUGS file is history
+	[d9500e261172]
+
+2007-08-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	Allow comments after a RunasAlias as long as the character after the
+	pound sign isn't a digit or a dash.
+	[d7f3bd94eeda]
+
+	* WHATSNEW:
+	Glob support was back-ported to 1.6.9
+	[d1d5cfd46228]
+
+2007-08-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	remove sudo_usage.h in distclean
+	[df05ce9c4127]
+
+	* parse.c:
+	If a Defaults value contains a blank, double-quote the string.
+	[9057a910daad]
+
+	* toke.c, toke.l:
+	Properly deal with Defaults double-quoted strings that span multiple
+	lines using the line continuation char. Previously, the entire
+	thing, including the continuation char, newline, and spaces was
+	stored as-is.
+	[4a4e8eacefe6]
+
+	* sudo.c:
+	Be consistent when using single quotes and backticks.
+	[d010b83a0fa1]
+
+2007-08-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
+	sudo.c, sudo_usage.h.in:
+	Add new linebuf code to do appends of dynamically allocated strings
+	and word-wrapped output. Currently used for sudo's usage() and sudo
+	-l output. Sudo usage strings are now in sudo_usage.h which is
+	generated at configure time.
+	[4dfd0ee8d961]
+
+2007-08-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c, sudo.c, sudo.h:
+	Fix line wrapping in usage() and use the actual tty width instead of
+	assuming 80.
+	[700eab37c5a6]
+
+2007-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* history.pod:
+	some more info
+	[8140112a8ae1]
+
+	* history.pod:
+	Mentioned Chris Jepeway's parser and also the new one that is in
+	sudo 1.7.
+	[2132d00f0597]
+
+2007-08-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod, visudo.pod:
+	For the options list, add flag args where appropriate and increase
+	the indent level so there is room for them.
+	[2b60fb572e12]
+
+2007-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Fix some spacing in "sudo -l" and add a comment about some bogosity
+	in the line wrapping.
+	[b59b056f5ee2]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+	visudo.man.in:
+	regen
+	[5fb719f18ebc]
+
+	* INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
+	def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
+	parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
+	testsudoers.c, toke.c, toke.l:
+	Remove monitor support until there is a versino of systrace that
+	uses a lookaside buffer (or we have a better mechanism to use).
+	[61ff76878e4a]
+
+	* config.h.in, configure, configure.in, sudo.c:
+	use getaddrinfo() instead of gethostbyname() if it is available
+	[cc33c136aa6a]
+
+2007-08-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c, sudo.c:
+	Deal with OSes where sizeof(gid_t) < sizeof(int).
+	[130a89cbdfba]
+
+	* interfaces.c:
+	repair non-getifaddrs() code after ipv6 integration
+	[7ae7a89e2236]
+
+	* sudo.c:
+	If we can open sudoers but fail to read the first byte, close the
+	file stream before trying again.
+	[6f31272fae7b]
+
+2007-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c:
+	regen
+	[4d7afe0aa6fa]
+
+	* gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
+	Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
+	[4e6ff2965a42]
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	Add some missing markup Update copyright
+	[7e6d3c686b5e]
+
+2007-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	fix sudo_noexec extension which got broken in the libtool update
+	[3a5b447df861]
+
+2007-08-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	explicitly specify -Tascii to nroff
+	[45c8da4cbefe]
+
+2007-08-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	remove an ANSI-ism that crept in
+	[29086f87b2ca]
+
+2007-08-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod:
+	Adjust list indents Prevent -- from being turned into an em dash Use
+	a list for the environment instead of a literal paragraph
+	[c3abcd8f76f4]
+
+	* visudo.pod:
+	Use a list for the environment instead of an indented literal
+	paragraph.
+	[0ffcfcb7349f]
+
+	* sudoers.pod:
+	Adjust list indentation
+	[615c89e3123a]
+
+	* license.pod:
+	add =head3
+	[8b2e0d38c0bd]
+
+2007-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod:
+	mention that when specifying a uid for the -u option the shell may
+	require that the # be escaped
+	[3e3a17bff150]
+
+2007-08-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	Fix off by one in group matching.
+	[b529602b7fba]
+
+2007-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
+	[ffbf8907c6e7]
+
+2007-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
+	-lgssapi_krb5 case.
+	[2b85a89c2252]
+
+	* aclocal.m4, configure, configure.in:
+	Fix link tests such that new gcc doesn't optimize away the test.
+	[83484ec95cba]
+
+2007-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	add missing over/back
+	[251a12c89b91]
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	Change FILES section to use =item
+	[60b9efc3a0b2]
+
+	* env.c:
+	Add back allocation of the env struct in rebuild_env but save a copy
+	of the old pointer and free it before returning.
+	[1100cd4fa997]
+
+	* env.c:
+	Don't init the private environment in rebuild_env() since it may
+	have already been done implicitly sudo_setenv/sudo_unsetenv.
+
+	Multiply length by sizeof(char *) in memcpy/memmove when copying the
+	environment so we copy the full thing.
+
+	Add missing set of parens so we deref the right pointer in
+	sudo_unsetenv when searching for a matching variable.
+	[9086a8f756b1]
+
+2007-07-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	Use file markup for paths in the FILES section
+	[940d99f731f2]
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	Don't capitalize sudo/visudo
+	[f067a455d44b]
+
+	* sudoers.pod:
+	Sort sudoers options; based on a diff from Igor Sobrado.
+	[a9b9befe85ac]
+
+2007-07-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
+	latter confuses pod2man. The Makefile rules for the .man.in file
+	will add @mansectsu@ and @mansectform@ back in after pod2man is done
+	anyway.
+	[b50ea0db727c]
+
+2007-07-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE, Makefile.in, license.pod:
+	Move license info to pod format
+	[25bdd82e592b]
+
+	* configure, configure.in, sudoers.pod:
+	Substitute value of path_info into sudoers man page.
+	[9ba661a82798]
+
+	* WHATSNEW:
+	remove features that were back-ported to 1.6.9
+	[e76d756cbe65]
+
+	* sudo.c, sudo.pod, visudo.c, visudo.pod:
+	Sort SYNOPSIS and sync usage. From Igor Sobrado.
+	[4970386c9e54]
+
+	* env.c:
+	Only need sudo_setenv/sudo_unsetenv if we are going to use
+	ldap_sasl_interactive_bind_s() but don't have
+	gss_krb5_ccache_name().
+	[f1a73d8b35c5]
+
+	* ChangeLog:
+	rebuild without branch info
+	[5d5a33494677]
+
+	* Makefile.in:
+	Add ChangeLog target
+	[a702034fdd89]
+
+	* auth/pam.c:
+	Run cleanup code if the user hits ^C at the password prompt.
+	[9cf87768e921]
+
+	* auth/pam.c:
+	Some versions of pam_lastlog have a bug that will cause a crash if
+	PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
+	string.
+	[5b63f6c88866]
+
+2007-07-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	ChageLog not Changelog
+	[1243d8473ceb]
+
+	* ChangeLog:
+	sync
+	[d887df98c6b0]
+
+	* Makefile.in:
+	CHANGE -> Changelog
+	[917738df30dd]
+
+	* TODO:
+	sync
+	[cd382f7d1948]
+
+2007-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, ldap.c:
+	Add configure hooks for gss_krb5_ccache_name() and the gssapi
+	headers.
+	[139606209991]
+
+2007-07-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c, sudo.c:
+	rebuild_env() and insert_env_vars() no longer return environment
+	pointer, they set environ directly.
+
+	No longer need to pass around an envp pointer since we just operate
+	on environ now.
+
+	Add dosync argument to insert_env() that indicates whether it should
+	reset environ when realloc()ing env.envp.
+
+	Use an initial size of 128 for the environment.
+	[4735fd5fddb8]
+
+	* env.c:
+	Split sudo_setenv() into an external version and a version only for
+	use by rebuild_env().
+	[fda7d655adb1]
+
+2007-07-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Add support for using gss_krb5_ccache_name() instead of setting
+	KRB5CCNAME. Also use sudo_unsetenv() in the non-
+	gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
+	original environment. TODO: configure setup for
+	gss_krb5_ccache_name()
+	[fcafa5a49caf]
+
+	* README.LDAP:
+	add krb5_ccname
+	[fceb8f883886]
+
+	* README.LDAP, ldap.c:
+	Add support for sasl_secprops in ldap.conf
+	[1f06f4bf7347]
+
+	* env.c, sudo.h:
+	Add sudo_unsetenv() and refactor private env syncing code into
+	sync_env().
+	[045ecb3fd22b]
+
+	* README.LDAP, ldap.c:
+	The ldap.conf variable is sasl_auth_id not sasl_authid.
+	[a5f98491311b]
+
+2007-07-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c, sudo.c, sudo.h:
+	Add support for krb5_ccname in ldap.conf. If specified, it will
+	override the default value of KRB5CCNAME in the environment for the
+	duration of the call to ldap_sasl_interactive_bind_s().
+	[b08a10c3045b]
+
+	* env.c, sudo.h:
+	Remove format_env() Add sudo_setenv() to replace most format_env() +
+	insert_env() combinations. insert_env() no longer takes a struct
+	environment *
+	[131da52f43f3]
+
+	* ldap.c:
+	Fix use_sasl vs. rootuse_sasl logic.
+	[0c0417b6918c]
+
+	* README.LDAP, config.h.in, configure, configure.in, ldap.c:
+	Add support for SASL auth when connecting to an LDAP server. Adapted
+	from a diff by Tom McLaughlin.
+	[a6285f1356ea]
+
+2007-07-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Only enable AIX or BSD auth if no other exclusive auth method has
+	been chosen. Allows people to e.g., use PAM on AIX without adding
+	--without-aixauth. A better solution is needed to deal with default
+	authentication since if a non-exclusive method is chosen we will
+	still get an error.
+	[83f7afdc0ec3]
+
+2007-07-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* HISTORY, Makefile.in, history.pod:
+	Generate HISTORY from history.pod (which is also used for web pages)
+	[60bcd5164931]
+
+2007-07-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.man.in, sudoers.man.in:
+	regen
+	[63956a366191]
+
+	* sudo.pod:
+	Better explanation of environment handling in the sudo man page.
+	[6c247742f7ee]
+
+	* env.c, sudo.c:
+	Defer setting user-specified env vars until after authentication.
+	[4750b79323ee]
+
+	* env.c:
+	honor def_default_path for PATH set on the command line
+	[6db31d9b6d65]
+
+	* env.c, sudo.c, sudo.pod, sudoers.pod:
+	Allow user to set environment variables on the command line as long
+	as they are allowed by env_keep and env_check. Ie: apply the same
+	restrictions as normal environment variables. TODO: deal with
+	secure_path
+	[26c0da3840cf]
+
+2007-07-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c, sudo_edit.c:
+	Call rebuild_env() in call cases. Pass original envp to sudo_edit().
+	Don't allow -E or env var setting in sudoedit mode. More accurate
+	usage() when called as sudoedit.
+	[a4af20658361]
+
+	* ldap.c:
+	warn -> warning
+	[d87d1192b048]
+
+	* sudo.pod:
+	add -c option to sudoedit synopsis
+	[15b596a7e2db]
+
+	* TODO:
+	udpate to reality
+	[e2f8fde89db1]
+
+	* parse.c:
+	Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
+	value from {user,host,runas,cmnd}_matches(). Rename *matches
+	variables -> *match. Purely cosmetic.
+	[e54a44c00a88]
+
+	* parse.c:
+	Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
+	in behavior.
+	[c6272b4f2127]
+
+	* sudoers:
+	add SETENV tag
+	[3a3066bb6788]
+
+2007-07-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Make pwcheck local to the pwflag block. Use pwcheck even if user
+	didn't match since Defaults options may still apply.
+	[45da9efbbafd]
+
+	* check.c, sudo.c:
+	Do not update timestamp if user not validated by sudoers.
+	[a4a9d4364827]
+
+	* set_perms.c:
+	for PERM_RUNAS, set the egid to the runas user's gid and restore to
+	the user's original in PERM_ROOT
+	[1514bfb32847]
+
+	* logging.c, mon_systrace.c, set_perms.c, sudo.h:
+	PERM_FULL_ROOT is now no different than PERM_ROOT so remove
+	PERM_FULL_ROOT
+	[b9d047a3178c]
+
+	* check.c:
+	don't check timestamp mtime if we are just going to remove it
+	[5d2470bc6cbd]
+
+	* sudoers.pod:
+	Move sudoers defaults parameters into their own section.
+	[54701fbc0ff3]
+
+	* testsudoers.c:
+	Reduce a level of indent by a few placed continue statements.
+	[5d5a9838c8ef]
+
+	* parse.c:
+	Make matching but negated commands/hosts/runas entries override a
+	previous match as expected. Also reduce some levels of indent by a
+	few placed continue statements.
+	[dd59fa4b91a1]
+
+2007-07-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Print default runas in "sudo -l" if sudoers don't specify one.
+	[07d408c400bd]
+
+	* match.c:
+	Less hacky way of testing whether the domain was set.
+	[a537059776e5]
+
+2007-07-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	Mention pam-devel and openldap-devel for Linux
+	[9e708c54ecc3]
+
+2007-07-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README.LDAP:
+	or vs. are
+	[abe8c0f3a410]
+
+2007-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	fix typo in Solaris project support
+	[2ffeb2d80959]
+
+	* HISTORY:
+	update
+	[df162b36f120]
+
+	* sudo.c:
+	Make -- on the command line match the manual page. The implied shell
+	case has been simplified as a result.
+	[cd217a1f6694]
+
+2007-06-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers2ldif:
+	add simplistic support for sudoRunas; note that if a sudoers entry
+	contains multiple Runas users, all will apply to the sudoRole
+	[65b11421f5c8]
+
+	* sudoers2ldif:
+	honor SETENV and NOSETENV tags
+	[2c0d5ba7a09b]
+
+2007-06-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mon_systrace.c:
+	Redo setting of user_args. We now build up a private copy of argv
+	first and then replace the NULs?with spaces.
+	[ccbba72ea112]
+
+	* mon_systrace.c:
+	getcwd() returns NULL on failure, not 0 on success
+	[88cd9e66e530]
+
+	* mon_systrace.c:
+	allow chunksiz to reach 1 before erroring out
+	[619d68f14964]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+	visudo.man.in:
+	regen
+	[8db512d3caf0]
+
+2007-06-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
+	logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
+	toke.c, toke.l:
+	Add support for setting environment variables on the command line.
+	This is only allowed if the setenv sudoers options is enabled or if
+	the command is prefixed with the SETENV tag.
+	[5744caebd969]
+
+	* README.LDAP:
+	replace Aaron's email address with the sudo-workers list
+	[2ffce5f9afc0]
+
+	* configure:
+	regen
+	[8013dff82c0c]
+
+2007-06-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* schema.OpenLDAP, schema.iPlanet:
+	Break schema out into separate files.
+	[15e598e4c60b]
+
+	* Makefile.in, README.LDAP:
+	Break schema out into separate files.
+	[1a53966ca1fa]
+
+2007-06-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/aix_auth.c:
+	free message if set by authenticate()
+	[849c220c1236]
+
+	* match.c:
+	deal with NULL gr_mem
+	[49e4d74f0bbe]
+
+2007-06-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	regen
+	[fead999ad3e9]
+
+	* configure.in:
+	add template for HAVE_PROJECT_H
+	[e6c42c2eaad1]
+
+	* closefrom.c:
+	include fcntl.h
+	[54d98b382f03]
+
+2007-06-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	mention --with-project
+	[d3ea3baad7c5]
+
+	* config.h.in, configure.in, sudo.c:
+	Add Solaris 10 "project" support. From Michael Brantley.
+	[f14f3c8c6554]
+
+	* sudoers.pod:
+	fix typo
+	[50db81a19787]
+
+	* configure:
+	regen
+	[ea71afd3e564]
+
+	* configure.in:
+	Fix preservation of LDFLAGS in the LDAP case.
+	[40a3a47e8059]
+
+	* memrchr.c:
+	Remove dependecy on NULL
+	[c957ae5e1733]
+
+	* configure:
+	regen
+	[4955ce0c6912]
+
+	* aclocal.m4, configure.in:
+	Can't use the regular autoconf fnmatch() check since we need
+	FNM_CASEFOLD so go back to our custom one.
+	[f10d76237486]
+
+	* env.c:
+	Fix preserving of variables in env_keep.
+	[d040049d6b84]
+
+	* env.c:
+	add XAUTHORIZATION
+	[0d589a5fe015]
+
+	* UPGRADE:
+	expand upon env resetting and mention that it began in 1.6.9 not
+	1.7.
+	[dba251655c76]
+
+	* sudoers.pod:
+	Update descriptions of env_keep and env_check to match current
+	reality.
+	[dba77357954b]
+
+2007-06-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
+	LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
+	[eec4632bd190]
+
+	* env.c, logging.c:
+	Treat USERNAME environemnt variable like LOGNAME/USER
+	[09f52dcfd70c]
+
+	* env.c:
+	Don't need to populate keepenv table with the contents of the
+	checkenv table.
+	[527a14afd973]
+
+	* sudo.c:
+	Don't force sudo into the C locale.
+	[8a5bd301ef96]
+
+	* env.c:
+	Make env_check apply when env_reset it true. Environment variables
+	are passed through unless they contain '/' or '%'. There is no need
+	to have a variable in both env_check and env_keep.
+	[840c802721e4]
+
+2007-06-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Remove an duplicate lock_file() call and add a comment.
+	[5af9dcdf0eb6]
+
+	* UPGRADE:
+	Add sudo 1.6.9 upgrade note.
+	[1585149f2914]
+
+2007-06-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* interfaces.c:
+	Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
+	small. From Klaus Wagner.
+	[d6899fc44f77]
+
+	* logging.c, sudo.h:
+	Redo the long syslog line splitting based on a patch from Eygene
+	Ryabinkin. Include memrchr() for systems without it.
+	[66a50e8d553a]
+
+	* memrchr.c:
+	Redo the long syslog line splitting based on a patch from Eygene
+	Ryabinkin. Include memrchr() for systems without it.
+	[2f6702b7d41b]
+
+	* Makefile.in, config.h.in, configure, configure.in:
+	Redo the long syslog line splitting based on a patch from Eygene
+	Ryabinkin. Include memrchr() for systems without it.
+	[407a46190921]
+
+	* configure.in:
+	Since we need to be able to convert timespec to timeval for utimes()
+	the last 3 digits in the tv_nsec are not significant. This makes the
+	sudoedit file date comparison work again.
+	[9d0258849fa9]
+
+2007-06-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aclocal.m4, configure, configure.in:
+	Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
+	This deals with exclusive authentication methods in a simple way.
+	[7d70072c0f35]
+
+2007-06-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE:
+	mkstemp.c is BSD code too.
+	[29e236d98162]
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	No commercial support for now.
+	[7c76b3e192dd]
+
+2007-06-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	cleanenv() is no more.
+	[518080514408]
+
+2007-06-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ChangeLog:
+	Display branch info in Changelog
+	[44e3b27427c7]
+
+	* utimes.c:
+	Include config.h early so we have it for TIME_WITH_SYS_TIME
+	[4bf1a00d0703]
+
+	* ChangeLog:
+	Fix Changelog generation and update.
+	[6e960dbcbece]
+
+2007-06-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* closefrom.c:
+	Use /proc/self/fd instead of /proc/$$/fd
+
+	Move old-style fd closing into closefrom_fallback() and call that if
+	/proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
+	[faa7e4810758]
+
+	* auth/kerb5.c, config.h.in, configure.in:
+	o use krb5_verify_user() if available instead of doing it by hand o
+	use krb5_init_secure_context() if we have it o pass an encryption
+	type of 0 to krb5_kt_read_service_key() instead of
+	ENCTYPE_DES_CBC_MD5 to let kerberos choose.
+	[df7acf72bd7c]
+
+	* env.c:
+	Check TERM and COLORTERM for '%' and '/' characters. From Debian.
+	[f92d05197e40]
+
+	* configure.in:
+	Fix closefrom() substitution in the Makefile
+	[b642b13fcc5c]
+
+	* TROUBLESHOOTING:
+	Mention alternate sudo pronunciation.
+	[7c71dc73409f]
+
+2007-06-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Remove KRB5_KTNAME from environment. Allow COLORTERM.
+	[70f35a79f780]
+
+	* auth/kerb5.c:
+	If we cannot get a valid service key using the default keytab it is
+	a fatal error. Fixes a bug where sudo could be tricked into
+	allowing access when it should not by a fake KDC. From Thor Lancelot
+	Simon.
+	[a3ae6a47cb23]
+
+2007-05-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aclocal.m4, configure, configure.in:
+	Update long long checks to use AC_CHECK_TYPES and to cache values.
+	[047318eaaeb2]
+
+	* aclocal.m4, configure.in:
+	Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
+	use AC_REPLACE_FNMATCH since that assumes replacing with GNU
+	fnmatch.
+	[80513a1003ea]
+
+2007-05-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
+	need it for visudo now too.
+	[50837c7c2b5e]
+
+2007-04-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Attempt to clarify the bit talking about network numbers w/o
+	netmasks.
+	[211e68c1d034]
+
+	* sudo.pod:
+	Clarify timestamp dir ownership sentence.
+	[9178f132c7f7]
+
+2007-04-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
+	Dmitry V. Levin.
+	[81fce91667bc]
+
+2007-04-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	-i is also one of the mutually exclusive options to list it in the
+	warning message. Noted by Chris Pepper.
+	[7da73fb248e9]
+
+2007-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.pod:
+	The sudoers variable is env_editor, not enveditor. From Jean-
+	Francois Saucier.
+	[2a86ec09a6db]
+
+2007-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* redblack.c:
+	I tracked down the original author so credit him and include his
+	license info.
+	[3733553a1bba]
+
+2007-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
+	sudoers.pod:
+	Fix typos; from Jason McIntyre.
+	[1ee4ce2512f2]
+
+	* logging.c:
+	Restore signal mask before calling reapchild(). Fixes a possible
+	race condition that could prevent sudo from properly waiting for the
+	child.
+	[9ee4192385dc]
+
+2007-01-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c:
+	Don't declare pw_free() if we are not going to use it.
+	[adb79a4289ca]
+
+	* env.c:
+	Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
+	LDR_PRELOAD64. The 64-bit version is not currently supported.
+	Remove zero_env() prototype as it no longer exists.
+	[b4fe65027fb6]
+
+2006-12-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
+	[78002ad90f7b]
+
+2006-09-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	If the user enters ^C at the password prompt, abort instead of
+	trying to authenticate with an empty password (which causes an
+	annoying delay).
+	[da3f27b747c7]
+
+2006-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* closefrom.c, config.h.in, configure, configure.in:
+	Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
+	Darren Tucker.
+	[0331b7780759]
+
+	* pwutil.c:
+	pw_free() is only used by sudo_freepwcache() so ifdef it out too.
+	[0014c0d9eeba]
+
+2006-08-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.guess, config.sub:
+	Update to latest versions from cvs.savannah.gnu.org
+	[aa0143101c20]
+
+2006-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c, sudo_edit.c:
+	Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
+	we can close the passwd/group files early.
+	[559074bd7eb7]
+
+	* config.h.in, configure, configure.in, set_perms.c:
+	Add seteuid() flavor of set_perms() for systems without setreuid()
+	or setresuid() that have a working seteuid(). Tested on Darwin.
+	[508d8da99189]
+
+2006-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mon_systrace.c:
+	systrace_read() returns ssize_t
+	[9f97d1d1a59d]
+
+	* configure, configure.in:
+	Fix typo, -lldap vs. -ldap; from Tim Knox.
+	[a8cc43c3bb2a]
+
+2006-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* HISTORY:
+	Fix typo; Matt Ackeret
+	[86964ee3dfbd]
+
+2006-07-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Print sudoers path in -V mode for root.
+	[dc43f2d75bd9]
+
+2006-06-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Do a sub tree search instead of a base search (one level in the tree
+	only) for sudo right objects. This allows system administrators to
+	categorize the rights in a tree to make them easier to manage.
+	[6d2d9abf996e]
+
+2005-12-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod:
+	fix typo
+	[1473413bcbda]
+
+2005-12-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
+	bind_timelimit support; adapted from gentoo.
+	[afc816093026]
+
+2005-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Support comments that start in the middle of a line
+	[c25df6ee3db8]
+
+	* configure, configure.in:
+	Define LDAP_DEPRECATED until we start using ldap_get_values_len()
+	[ee249bfe230a]
+
+2005-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* closefrom.c:
+	Silence gcc -Wsign-compare; djm@openbsd.org
+	[28769ce6418d]
+
+	* error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
+	cleanup() now takes an int as an arg so it can be used as a signal
+	handler too.
+	[2bb0df34d09c]
+
+	* sudo.c:
+	Make a copy of the shell field in the passwd struct for NewArgv to
+	avoid a use after free situation after sudo_endpwent() is called.
+	[5dcc9ffd362e]
+
+2005-11-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in:
+	Add mkstemp() for those poor souls without it.
+	[5fdd02e863e0]
+
+	* mkstemp.c:
+	Add mkstemp() for those poor souls without it.
+	[c99401207860]
+
+	* Makefile.in:
+	Add mkstemp() for those poor souls without it.
+	[9c1cf2678f24]
+
+2005-11-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Add PERL5DB to list of environment variables to remove.
+	[7375c27ecf75]
+
+2005-11-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mon_systrace.c, mon_systrace.h:
+	Instead of calling the check function twice with a state cookie use
+	separate check/log functions.
+
+	Check more ioctl() calls for failure.
+
+	systrace_{read,write} now return the number of bytes read/written or
+	-1 on error.
+	[3dc8946d90e9]
+
+	* env.c:
+	Add more environment variables to remove; from gentoo linux Add some
+	comments about what bad env variables go to what (more to do)
+	[6918110a6b82]
+
+2005-11-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c, sudo_edit.c:
+	Move sudo_end{gr,pw}ent() until just before the exec since they free
+	up our cached copy of the passwd structs, including sudo_user and
+	sudo_runas. Fixes a use-after-free bug.
+	[54de3778bad0]
+
+	* visudo.c:
+	Close all fd's before executing editor.
+	[4fcc05e1bec8]
+
+	* sudo.c:
+	Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
+	[ef0e8ffa5c9f]
+
+	* check.c:
+	Fix fd leak when lecture file option is enabled. From Jerry Brown
+	[ce97f9207cd8]
+
+2005-11-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
+	environment variables to remove. From Charles Morris
+	[c96e1367d1c1]
+
+2005-11-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
+	[72a6a1571226]
+
+2005-10-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	add PS4 and SHELLOPTS to initial_badenv_table for bash
+	[89dfb3f318f3]
+
+2005-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Fix typo; Toby Peterson
+	[b7a3222b23f4]
+
+2005-08-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tsgetgrpw.c:
+	Make return buffers static so they don't get clobbered
+	[13323a39b9f5]
+
+2005-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/securid5.c:
+	Fix securid5 authentication, was not checking for ACM_OK. Also add
+	default cases for the two switch()es. Problem noted by ccon at
+	worldbank
+	[14091e418333]
+
+2005-06-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Remove ncat() in favor of just counting bytes and pre-allocating
+	what is needed.
+	[25b8712adb61]
+
+2005-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Fix up some comments Add missing fclose() for the rootbinddn case
+	[ae95c8a89711]
+
+	* ldap.c:
+	align struct ldap_config
+	[35d0d64c76f8]
+
+	* ldap.c:
+	use LINE_MAX for max conf file line size
+	[da116cb8853d]
+
+	* pathnames.h.in:
+	add _PATH_LDAP_SECRET
+	[128b04ecfab7]
+
+	* README.LDAP:
+	Mention rootbinddn Give example ou=SUDOers container
+	[852edc69bd1c]
+
+2005-06-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, configure, configure.in, ldap.c:
+	Support rootbinddn in ldap.conf
+	[1615c91522a1]
+
+	* env.c, sudo.pod, sudoers.pod:
+	Preserve DISPLAY environment variable by default.
+	[05f503d5f438]
+
+	* acsite.m4, configure:
+	set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
+	[18a04dea8d05]
+
+	* acsite.m4, configure:
+	set need_version=no for all cases; this is safe for LD_PRELOAD
+	[b542560e1a73]
+
+	* aclocal.m4:
+	typo
+	[c040df0fcd5a]
+
+	* configure, configure.in:
+	Add dragonfly
+	[f13794618636]
+
+	* auth/pam.c:
+	Fix call to pam_end() when pam_open_session() fails.
+	[0be47cdfdef1]
+
+	* configure:
+	regen
+	[7f5c13b4b800]
+
+	* acsite.m4:
+	rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
+	ltsugar.m4 ltversion.m4
+	[a7ba9fd1a2ab]
+
+	* config.guess, config.sub, ltmain.sh:
+	merge in local changes: config.guess: o better openbsd support
+	config.sub: o hiuxmpp support ltmain.sh o remove requirement that
+	libs must begin with "lib" o don't print a bunch of crap about
+	library installs o don't run ldconfig
+	[f4149f2c720f]
+
+	* config.guess, config.sub, ltmain.sh:
+	libtool 1.9f
+	[82a534e7121f]
+
+	* configure.in:
+	Update with autoupdate and make minor changes for libtool 1.9f
+	[11b5ae5c1428]
+
+2005-06-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	don't call sudo_ldap_display_cmnd if ldap not setup
+	[8bcf6c094ffe]
+
+	* sudo_edit.c, visudo.c:
+	Move declatation of struct timespec to its own include files for
+	systems without it since it needs time_t defined.
+	[b95c333299a0]
+
+	* gettime.c:
+	Move declatation of struct timespec to its own include files for
+	systems without it since it needs time_t defined.
+	[021b4569cc0c]
+
+	* fileops.c:
+	Move declatation of struct timespec to its own include files for
+	systems without it since it needs time_t defined.
+	[dd8573b2ee7d]
+
+	* emul/timespec.h:
+	Move declatation of struct timespec to its own include files for
+	systems without it since it needs time_t defined.
+	[f95137771564]
+
+	* check.c, compat.h:
+	Move declatation of struct timespec to its own include files for
+	systems without it since it needs time_t defined.
+	[2ef2ace8fe85]
+
+	* ldap.c:
+	Don't set safe_cmnd for the "sudo ALL" case.
+	[ad7fa9e07da0]
+
+2005-05-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	Call pam_open_session() and pam_close_session() to give pam_limits a
+	chance to run. Idea from Karel Zak.
+	[fed46d471350]
+
+2005-04-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c, sudo.c:
+	Add explicit cast from mode_t -> u_int in printf to silence warnings
+	on Solaris
+	[17bb961fe22d]
+
+	* parse.c:
+	include grp.h to silence a warning on Solaris
+	[14386fbab640]
+
+2005-04-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Fix printing of += and -= defaults.
+	[a667604c56cd]
+
+2005-04-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mon_systrace.c:
+	Sanity check number of syscall args with argsize. Not really needed
+	but a little paranoia never hurts.
+	[6bb455a2c2d6]
+
+	* mon_systrace.c, mon_systrace.h:
+	Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
+	for systrace lengths (since it uses int)
+	[3cafccffcffd]
+
+2005-04-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mon_systrace.c:
+	Add some memsets for paranoia Fix namespace collsion w/ error Check
+	rval of decode_args() and update_env() Remove improper setting of
+	validated variable
+	[3d385158354d]
+
+2005-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c, sudo.c, sudo.h:
+	In -l mode, only check local sudoers file if def_ignore_sudoers is
+	not set and call LDAP versions from display_privs() and
+	display_cmnd() instead of directly from main(). Because of this we
+	need to defer closing the ldap connection until after -l processing
+	has ocurred and we must pass in the ldap pointer to display_privs()
+	and display_cmnd().
+	[1dfc2e8c9f2b]
+
+	* ldap.c:
+	Reorganize LDAP code to better match normal sudoers parsing.
+	Instead of storing strings for later printing in -l mode we do
+	another query since the authenticating user and the user being
+	listed may not be the same (the new -U flag). Also add support for
+	"sudo -l command".
+
+	There is still a fair bit if duplicated code that can probably be
+	refactored.
+	[e9568f19bde5]
+
+2005-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Replace pass variable with do_netgr for better readability.
+	[1bba841b6e79]
+
+	* ldap.c:
+	use DPRINTF macro
+	[02b159b66bb5]
+
+	* ldap.c:
+	estrdup, not strdup
+	[22cdee7973c1]
+
+2005-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Add macro to test if the tag changed to improve readability.
+	[4e11b4819556]
+
+	* parse.c:
+	Avoid printing defaults header if there are no defaults to print...
+	[41a28627df03]
+
+	* glob.c:
+	Fix a warning on systems without strlcpy().
+	[6814e0f0e4f4]
+
+	* pwutil.c:
+	Use macros where possible for sudo_grdup() like sudo_pwdup().
+	[30f201ff35cd]
+
+2005-04-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* utimes.c:
+	It is possible for tv_usec to hold >= 1000000 usecs so add in
+	tv_usec / 1000000.
+	[794ac4d53a65]
+
+2005-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/kerb5.c:
+	The component in krb5_principal_get_comp_string() should be 1, not 0
+	for Heimdal. From Alex Plotnick.
+	[fefa351c5044]
+
+2005-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
+	interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
+	redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
+	Add efree() for consistency with emalloc() et al. Allows us to rely
+	on C89 behavior (free(NULL) is valid) even on K&R.
+	[7876bb80d87c]
+
+	* parse.c, sudo.c:
+	Move initgroups() for -U option into display_privs() so group
+	matching in sudoers works correctly.
+	[b074428ad2ca]
+
+2005-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Removed duplicate call to ldap_unbind_s introduced along with
+	sudo_ldap_close.
+	[19acc1c20f7c]
+
+	* parse.c:
+	Add missing space in Defaults printing
+	[95d2935bf6d4]
+
+2005-03-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c:
+	Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
+	and string copies.
+	[6b6b241495e5]
+
+2005-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c:
+	Zero old pw_passwd before replacing with version from shadow file.
+	[3251b349dfe1]
+
+	* configure, configure.in:
+	Only attempt shadow password detection if PAM is not being used Add
+	shadow_* variables to make shadow password detection more generic.
+	[d498a3423ac9]
+
+	* configure.in:
+	Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
+	[04d55bbd5e35]
+
+2005-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	use a non-breaking space to avoid a double space after e.g.
+	[11cdb54bdf7b]
+
+	* sudo.pod:
+	commna, not colon after e.g.
+	[8d5875ff72e0]
+
+2005-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_noexec.c:
+	Add __ variants of the exec functions. GNU libc at least uses
+	__execve() internally.
+	[d1880473d790]
+
+	* indent.pro:
+	Match reality a bit more.
+	[633e3fa875a7]
+
+	* pwutil.c:
+	Missed piece from rev. 1.6, fix sudo_getpwnam() too.
+	[128f7b21c2ee]
+
+	* pwutil.c:
+	Store shadow password after making a local copy of struct passwd in
+	case normal and shadow routines use the same internal buffer in
+	libc.
+	[f806052a6ffc]
+
+2005-03-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* alloc.c, logging.c:
+	Make varargs usage consistent with the rest of the code.
+	[3d45affc9851]
+
+2005-03-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_noexec.c:
+	Wrap more of the exec family since on Linux the others do not appear
+	to go through the normal execve() path.
+	[8167769b4e19]
+
+	* visudo.c:
+	make print_unused static like proto says
+	[ecf10e1bae55]
+
+	* glob.c:
+	silence a warning on K&R systems
+	[2e00425f1a5c]
+
+	* alias.c, error.c:
+	make this build in K&R land
+	[156f65f8525a]
+
+	* parse.c:
+	make this build in K&R land
+	[6fc9276889cb]
+
+2005-03-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c:
+	regen
+	[3b349748cd21]
+
+2005-03-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	return(foo) not return foo optimize _atobool() slightly
+	[11d09d154ed5]
+
+	* ldap.c:
+	Use TRUE/FALSE
+	[53999320d98f]
+
+	* ldap.c:
+	Reformat to match the rest of sudo's code.
+	[1bd0f2afa0e7]
+
+	* sudo.pod:
+	I am the primary author
+	[5d311ecd85c6]
+
+2005-02-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, README, RUNSON:
+	The RUNSON file is toast--it confused too many people and really
+	isn't needed in a configure-oriented world.
+	[96a6ef7bbc08]
+
+	* INSTALL:
+	alternate -> alternative
+	[b65015c5d0a2]
+
+	* tgetpass.c:
+	Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
+	TCSAFLUSH.
+	[c66b4763ffdc]
+
+	* toke.l:
+	Allow leading blanks before Defaults and Foo_Alias definitions
+	[2add513d9277]
+
+	* Makefile.in:
+	fix rules to build toke.o and gram.o in devel mode
+	[96cbb414ebd3]
+
+2005-02-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	env_keep overrides set_logname
+	[401877193a15]
+
+	* env.c:
+	Fix disabling set_logname and make env_keep override set_logname.
+	[0906e7a5ed93]
+
+	* compat.h, config.h.in, configure, configure.in:
+	No longer need memmove()
+	[43bdb6efe3f2]
+
+	* env.c, sudo.c:
+	Just clean the environment once. This assumes that any further
+	setenv/putenv will be able to handle the fact that we replaced
+	environ with our own malloc'd copy but all the implementations I've
+	checked do.
+	[11658fe92ba2]
+
+2005-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c, sudo.c:
+	In -i mode, base the value of insert_env()'s dupcheck flag on
+	DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
+	[8365b0bd0c71]
+
+2005-02-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c, sudo.c:
+	Move setting of user_path, user_shell, user_prompt and prev_user
+	into init_vars() since user_shell at least is needed there.
+	[37e22dce66e9]
+
+2005-02-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	fix devel builds
+	[9fbb15ef164c]
+
+	* sudo.c:
+	Fix some printf format mismatches on error.
+	[ffc1c3f11740]
+
+	* check.c:
+	Fix some printf format mismatches on error.
+	[7b3b508adf50]
+
+	* configure, gram.c, toke.c:
+	regen
+	[aa76f9d8b02a]
+
+	* Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
+	auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
+	auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+	auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
+	auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
+	closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
+	emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
+	getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
+	interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
+	parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
+	snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
+	sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
+	testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
+	visudo.pod, zero_bytes.c:
+	Update copyright years.
+	[0610c3654739]
+
+	* Makefile.binary.in:
+	Update copyright years.
+	[d78ffc9f2e2b]
+
+	* LICENSE:
+	Update copyright years.
+	[f60473bca4b1]
+
+	* BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
+	version 1.7
+	[aa977a544ca1]
+
+	* WHATSNEW:
+	What's new in sudo 1.7, based on the 1.7 CHANGES entries.
+	[ecfcf7269c14]
+
+2005-02-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat.h, logging.h, sudo.h:
+	Add __printflike and use it with gcc to warn about printf-like
+	format mismatches
+	[b192ad4a0548]
+
+2005-02-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, ChangeLog:
+	Replaced CHANGES file with ChangeLog generated from cvs logs
+	[d9ace9dab98f]
+
+	* set_perms.c:
+	Use warning/error instead of perror/fatal.
+	[e33259df7738]
+
+	* config.guess:
+	Update OpenBSD section
+	[9d2c23de6801]
+
+	* UPGRADE:
+	Add upgrading noted for 1.7
+	[1fb6b6d6df07]
+
+	* env.c, sudo.c, sudoers.pod:
+	Instead of zeroing out the environment, just prune out entries based
+	on the env_delete and env_check lists. Base building up the new
+	environment on the current environment and the variables we removed
+	initially.
+	[fc192df8fd15]
+
+	* config.h.in, configure, configure.in, sudo.c:
+	Set locale to "C" if locales are supported, just to be safe.
+	[91fbaa98f02e]
+
+	* toke.c, toke.l:
+	Cast?argument to ctype functions to unsigned char.
+	[e096b4d65796]
+
+2005-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	correct value for DID_USER
+	[b5b05d36ec15]
+
+	* error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
+	#include <compat.h> not "compat.h"
+	[7a0ad9a0ccd7]
+
+	* defaults.c:
+	Reset the environment by default.
+	[4ecc6423e0f0]
+
+	* sudo.c:
+	Alloc an extra slot in NewArgv. Removes the need to malloc an new
+	vector if execve() fails.
+	[83dfb6f584a7]
+
+2005-02-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, config.h.in, configure, configure.in, sudo.c:
+	Use execve(2) and wrap the command in sh if we get ENOEXEC.
+	[c0c6af4e2a21]
+
+2005-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_noexec.c:
+	Only include time.h on systems that lack struct timespec which gets
+	defind in compat.h (using time_t).
+	[e373e518b4cb]
+
+	* sudo_noexec.c:
+	Include time.h for time_t in compat.h for systems w/o struct
+	timespec.
+	[a34b5637e458]
+
+	* compat.h, config.h.in, configure, configure.in:
+	use bcopy on systems w/o memmove
+	[f835eafd78c6]
+
+	* compat.h:
+	__attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
+	use to gcc >= 2.8.
+	[1cb9a4e58566]
+
+	* Makefile.in:
+	Add explicit rule to build sudo_noexec.lo
+	[df1dfcf8dd77]
+
+2005-02-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL.configure, Makefile.in:
+	No longer depend on VPATH; pointed out a bunch of missed
+	dependencies.
+	[601a45d4af6b]
+
+	* TROUBLESHOOTING:
+	Help for PAM when account section is missing
+	[9b8221256756]
+
+	* auth/pam.c:
+	Give user a clue when there is a missing "account" section in the
+	PAM config.
+	[2529625c0495]
+
+	* auth/pam.c:
+	Better error handling.
+	[518c9bda23d8]
+
+	* config.h.in, configure, configure.in:
+	Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
+	possible. Silences a warning about isblank() on linux.
+	[19c94d7ecdc8]
+
+	* auth/pam.c:
+	Fix typo (missing comma) that caused an incorrect number of args to
+	be passed to log_error().
+	[0099dfec560f]
+
+2005-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c:
+	Don't try to destroy a tree we didn't create.
+	[d43c4fe03aa4]
+
+2005-01-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
+	auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+	auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+	auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
+	compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
+	fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
+	goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
+	match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
+	sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
+	strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
+	tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
+	Add __unused to rcsids
+	[ad6b4ac45705]
+
+2005-01-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Fix error message when mixing invalid auth types
+	[68069b3ff5bc]
+
+	* INSTALL:
+	PAM, AIX auth, BSD auth and login_cap are now on by default if the
+	OS supports them.
+	[4e44e9098cf0]
+
+	* auth/sudo_auth.h, config.h.in:
+	s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
+	[2d569b43b23e]
+
+	* configure.in:
+	Better checking for conflicting authentication methods Display the
+	authentication methods used at the end of configure Rename --with-
+	authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
+	--with-pam, --with-logincap by default on systems that support them
+	unless disabled. Add OSMAJOR variable that replaces old OSREV; now
+	OSREV has full version number
+	[a21115b6fe9f]
+
+2005-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* def_data.c, def_data.in, sudo.c, sudoers.pod:
+	s/-O/-C/
+	[ee73f1b81923]
+
+2005-01-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	Replace: test -n "$FOO" || FOO="bar"
+
+	With: : ${FOO='bar'}
+	[37552d9054fc]
+
+2005-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c, testsudoers.c, tsgetgrpw.c:
+	Use function pointers to only call private passwd/group routines
+	when using a nonstandard passwd/group file.
+	[215908681dfb]
+
+2005-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	sync
+	[2e55c03f5790]
+
+	* tsgetgrpw.c:
+	Can't use strtok() since it doesn't handle empty fields so add
+	getpwent()/getgrent() functions and call those.
+	[bdaa5b0db70e]
+
+2005-01-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Fix dummied out toke.c and gram.c dependencies.
+	[4b909c8b2ebe]
+
+	* Makefile.in:
+	Rename PARSESRCS -> GENERATED since it is only used in the clean
+	target Add devdir variable and use it to specify the path to parser
+	sources
+	[f27b3f41ca23]
+
+	* configure:
+	regen
+	[22c6435dbd46]
+
+	* configure.in:
+	Add a devdir variables that defaults to $(srcdir) and is set to . if
+	--devel was specified. Allows for proper dependecies building the
+	parser.
+	[a36d694c6d21]
+
+	* testsudoers.c:
+	Add support for custom passwd/group files.
+	[296549ff4b87]
+
+	* Makefile.in:
+	Build private copy of pwutil.o for testsudoers with MYPW defined so
+	it uses our own passwd/group routines.
+	[bafa54ec78ca]
+
+	* visudo.c:
+	Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
+	stubs instead. We can now just use the caching sudo_*{pw,gr}*
+	functions in pwutil.c Add comment about wanting to call
+	sudo_endpwent/sudo_endgrent in cleanup()
+	[7e59d6b5510d]
+
+	* tsgetgrpw.c:
+	Remove caching; we will just use what is in pwutil.c Use global
+	buffers for passwd/group structs Rename functions from sudo_* to
+	my_*
+	[8c1e068f574c]
+
+	* logging.c, sudo.c:
+	g/c pwcache_init/pwcache_destroy
+	[60a24909b947]
+
+	* sudo.h:
+	Undo last commit and add sudo_setspent and sudo_endspent instead.
+	[bac80db08296]
+
+	* getspwuid.c, pwutil.c:
+	Move all but the shadow stuff from getspwuid.c to pwutil.c and
+	pwcache_get and pwcache_put as they are no longer needed. Also add
+	preprocessor magic to use private versions of the passwd and group
+	routines if MYPW is defined (for use by testsudoers).
+	[a16b8678a426]
+
+	* tsgetgrpw.c:
+	zero out struct passwd/group before filling it in so if there are
+	fields we don't handle they end up as 0.
+	[274cb6a93301]
+
+	* logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
+	Adapt to pwutil.c
+	[43ebd04c8b82]
+
+	* Makefile.in:
+	Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
+	readability.
+	[7f88c6061e2d]
+
+	* tsgetgrpw.c:
+	Passwd and group lookup routines for testsudoers that support
+	alternate passwd and group files.
+	[d7803101d34e]
+
+	* getspwuid.c, pwutil.c:
+	Split off pw/gr cache and dup code into its own file. This allows
+	visudo and testsudoers to use the pw/gr cache too.
+	[ef333d3ffedf]
+
+2005-01-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Print Defaults info in "sudo -l" output and wrap lines based on the
+	terminal width.
+	[e559eae4250e]
+
+2005-01-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c, testsudoers.c, visudo.c:
+	Only check group vector in usergr_matches() if we are matching the
+	invoking or list user. Always check the group members, even if
+	there was a group vector.
+	[d0c7ceb2a041]
+
+2004-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE, Makefile.in, fnmatch.3:
+	No longer bundle fnmatch.3
+	[72db4a4ff4e1]
+
+	* CHANGES, TODO:
+	checkpoint
+	[e92781bfd99c]
+
+2004-12-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	sort usage
+	[15e3b876ec2c]
+
+	* sudo.pod:
+	Sort command line options
+	[c1fa56584bc4]
+
+	* def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
+	sudo.pod, sudoers.pod:
+	Add closefrom sudoers option to start closing at a point other than
+	3. Add closefrom_override sudoers option and -C sudo flag to allow
+	the user to specify a different closefrom starting point.
+	[370652b099d1]
+
+	* pathnames.h.in:
+	Add _PATH_DEVNULL for those without it.
+	[0c4c3e0ceb8b]
+
+	* LICENSE:
+	no more UCB strcasecmp
+	[397a6298e07f]
+
+	* strcasecmp.c:
+	replace BSD licensed one with version derived from pdksh
+	[d7cfda8c57a2]
+
+2004-12-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Fix last commit.
+	[7afb9a180532]
+
+	* sudo.c:
+	Make sure stdin, stdout and stderr are open and dup them to
+	/dev/null if not.
+	[590f387068bd]
+
+2004-12-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c, mon_systrace.c, sudo.c, sudo.h:
+	add sudo_ldap_close
+	[4273a36765a7]
+
+	* fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
+	Use TIME_WITH_SYS_TIME
+	[c32b59bf15fb]
+
+	* config.h.in, configure, configure.in:
+	Add TIME_WITH_SYS_TIME_H
+	[57cb146f451d]
+
+2004-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
+	unconditionally on darwin. From Toby Peterson.
+	[d69959681c87]
+
+	* getspwuid.c:
+	Check rbinsert() return value. In the case of faked up entries
+	there is usually a negative response cached that we need to
+	overwrite.
+
+	In pwfree() don't try to zero out a NULL pw_passwd pointer.
+	[00b32d1a48c1]
+
+	* mon_systrace.c:
+	Use the double fork trick to avoid the monitor process being waited
+	for by the main program run through sudo.
+	[e0ce556712ff]
+
+2004-11-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Call initgroups() in -U mode so group matches work normally.
+	[2235bea15283]
+
+	* def_data.h, mkdefaults:
+	Don't print a trailing comma for the last entry in enum def_tupple
+	[c43a96bb31df]
+
+2004-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Mention values when lecture, listpw and verifypw are used in boolean
+	context.
+	[a0b5c0abaccf]
+
+	* def_data.c, def_data.in:
+	verifypw when used in a boolean TRUE context should be "all", not
+	"any".
+	[2eb076ddd5e2]
+
+2004-11-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* def_data.in, defaults.c:
+	Allow tuples that can be used as booleans to be used as boolean
+	TRUE. In this case the 2nd possible value of the tuple is used for
+	TRUE.
+	[bd99aa77e88b]
+
+2004-11-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Correct the test for 2-parameter timespecsub
+	[d41c9cb26b97]
+
+	* sudo.h:
+	Add strub struct definitions for passwd, timeval and timespec
+	[c4ce5c43d8c5]
+
+	* config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
+	Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
+	and fix a typo in the gettimeofday check.
+	[8ac9893057ce]
+
+2004-11-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c, testsudoers.c:
+	Deal with user_stat being NULL as it is for visudo and testsudoers.
+	[3605a6ff64d0]
+
+	* parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
+	Add -U option to use in conjunction with -l instead of -u. Add
+	support for "sudo -l command" to test a specific command.
+	[99638789d415]
+
+	* gram.c, gram.y, sudo.c:
+	Set safe_cmnd after sudoers_lookup() if it has not been set.
+	Previously it was set by sudo "ALL" in the parser but at that point
+	the fully-qualified pathname has not yet been found.
+	[ac30d98f8225]
+
+2004-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c, testsudoers.c:
+	Correctly handle multiple privileges per userspec and runas
+	inheritence.
+	[a98a965181af]
+
+2004-11-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c:
+	Zero out sd_un for each entry in sudo_defs_table in init_defaults.
+	[031d3cd4a848]
+
+2004-11-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	make per-command defaults work with sudoedit
+	[e56fe33db916]
+
+	* ldap.c, parse.c, sudo.c, sudo.h:
+	Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
+	Instead, we just set the approriate defaults variable.
+	[756eeecc1d86]
+
+	* sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
+	Document per-command Defaults.
+	[92a0f84b91c1]
+
+	* defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
+	sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
+	Add support for command-specific Defaults entries. E.g.
+	Defaults!/usr/bin/vi noexec
+	[be3d52bf01cf]
+
+	* defaults.c, match.c, parse.c, parse.h, testsudoers.c:
+	Change an occurence of user_matches() -> runas_matches() missed
+	previously runas_matches(), host_matches() and cmnd_matches() only
+	really need to pass in a list of members. user_matches() still
+	needs to pass in a passwd struct because of "sudo -l"
+	[833b22fc6fa0]
+
+	* parse.c:
+	Check def_authenticate, def_noexec and def_monitor when setting
+	return flags. XXX May be better to just set the defaults directly
+	and get rid of those flags.
+	[b6db22b59d69]
+
+	* alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
+	auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+	auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+	auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
+	defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
+	getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
+	gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
+	mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
+	strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
+	sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
+	visudo.c, zero_bytes.c:
+	Use: #include <config.h> Not: #include "config.h" That way we get
+	the correct config.h when build dir != src dir
+	[97e5670a442b]
+
+	* Makefile.in:
+	Back out part of rev 1.263; fix -I order
+	[197ea01cad5d]
+
+	* toke.c, toke.l:
+	More robust parsing if #include; could be much better still.
+	[31bc3cd8f045]
+
+	* sudo_edit.c, visudo.c:
+	Make arg splitting in visudo and sudoedit consistent.
+	[7bc74485f246]
+
+	* Makefile.in, alias.c, gram.c, gram.y, parse.h:
+	Split alias routines out into their own file.
+	[d90f633cf9ae]
+
+	* error.h:
+	__attribute__ is already defined in compat.h
+	[676ed3fe9203]
+
+	* visudo.c:
+	quit() should not be __noreturn__ as it is non-void on some
+	platforms.
+	[e528c2b6ba10]
+
+	* auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
+	Add local error/warning functions like err/warn but that call an
+	additional cleanup routine in the error case. This means we no
+	longer need to compile a special version of alloc.o for visudo.
+	[e78e8aae882e]
+
+	* parse.h:
+	Clarify comments about the data structures
+	[ae894e266701]
+
+2004-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Add support for VISUAL and EDITOR containing command line args. If
+	env_editor is not set any args in VISUAL and EDITOR are ignored.
+	Arguments are also now supported in def_editor.
+	[ff7303b8e298]
+
+2004-11-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.h:
+	alias_matches() is no more
+	[b59825e28084]
+
+	* CHANGES, TODO:
+	sync
+	[2b8f5f63c1de]
+
+	* Makefile.in:
+	When regenerating the parser, don't replace gram.h unless it has
+	changed.
+	[819949668018]
+
+	* Makefile.in:
+	remove Makefile.binary for distclean
+	[351eec8d00b2]
+
+	* env.c:
+	Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
+	sure we can't overflow new_env.
+	[3284d17b9c6d]
+
+	* sudo_edit.c:
+	paranoia when stripping trailing slashes from tempdir.
+	[012f1aa2b81f]
+
+	* sudo.c:
+	Set user_ngroups to 0 if getgroups() returns an error.
+	[c46d43e9449a]
+
+2004-11-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, sudo.c:
+	Add configure check for getgroups()
+	[5d8a214e2cef]
+
+	* ldap.c:
+	Use supplementary group vector in struct sudo_user.
+	[3d0c463c034d]
+
+	* match.c:
+	Only do string comparisons on the group members if there is no
+	supplemental group list.
+	[be1c8362f7ef]
+
+	* CHANGES, TODO:
+	sync
+	[db188bc5b975]
+
+	* sudo_edit.c:
+	On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
+	chop off any trailing slashes we see and add an explicit one.
+	[e1b477dafee1]
+
+	* match.c:
+	remove bogus XXX comment
+	[8aecb8a28d40]
+
+	* match.c:
+	Get rid of alias_matches and correctly fall through to the non-alias
+	cases when there is no alias with the specified name.
+	[2cd555246f09]
+
+	* getspwuid.c:
+	Cache non-existent passwd/group entries too.
+	[8de9a467d271]
+
+	* gram.c:
+	regen
+	[9ece18c58f36]
+
+	* getspwuid.c:
+	fix typo
+	[9a7ae371eac1]
+
+	* check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
+	mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
+	Implement group caching and use the passwd and group caches
+	throughout.
+	[f1d8c5015169]
+
+2004-11-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	Properly negate the return value of alias_matches() when
+	appropriate.
+	[ce59c4ce77ad]
+
+	* match.c:
+	Make hostname_matches() return TRUE for a match, else FALSE like the
+	caller expects.
+	[1dc03902d3a2]
+
+	* Makefile.in:
+	Add missing dependencies on gram.h
+	[4f94bbb1d50c]
+
+	* match.c:
+	Use runas_matches in alias_matches() now that we have it.
+	[284d22e91178]
+
+	* parse.c, parse.h:
+	Expand aliases in "sudo -l" mode
+	[f67a38b79c44]
+
+	* gram.y, match.c:
+	Use ALIAS for the member type when storing an alias instead of
+	HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
+	more generic type. Expand runas_matches instead of calling
+	user_matches() inside of it since user_matches() looks up
+	USERALIASes, not RUNASALIASes.
+	[52004d75232b]
+
+	* CHANGES, getspwuid.c:
+	Paranoia; zero out pw_passwd before freeing passwd entry.
+	[bd1b22638f00]
+
+	* LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
+	configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
+	error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
+	sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
+	Add local error/warning functions like err/warn but that call an
+	additional cleanup routine in the error case. This means we no
+	longer need to compile a special version of alloc.o for visudo.
+	[25000b676cfe]
+
+	* match.c:
+	Use userpw_matches() to compare usernames, not strcmp(), since the
+	latter checks for "#uid".
+	[fcbe4b859f66]
+
+	* getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
+	Cache passwd db entries in 2 reb-black trees; one indexed by uid,
+	the other by user name. The data returned from the cache should be
+	considered read-only and is destroyed by sudo_endpwent().
+	[ee2418ff3f86]
+
+	* match.c:
+	add cast to uid_t
+	[eb6415302d84]
+
+	* gram.y:
+	missing free in alias_destroy
+	[572ecb680ad8]
+
+	* redblack.c:
+	Can't use rbapply() for rbdestroy since the destructor is passed a
+	data pointer, not a node pointer.
+	[11ce713830c0]
+
+	* getspwuid.c, logging.c, sudo.c, sudo.h:
+	Create and use private versions of setpwent() and endpwent() that
+	set/end the shadow password file too.
+	[616bc76d23bf]
+
+	* gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
+	Store aliases in a red-black tree.
+	[ce017d540416]
+
+	* Makefile.in, redblack.c, redblack.h:
+	red-black tree implementation
+	[cd5586e8f48b]
+
+	* visudo.c:
+	Edit all sudoers file if there were unused or undefined aliases and
+	we are in strict mode.
+	[b6d5f5bb7262]
+
+2004-11-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
+	find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
+	Bring back the "secure_path" Defaults option now that Defaults take
+	effect before the path is searched.
+	[2e52c0e27606]
+
+2004-11-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c, parse.c:
+	A user can always list their own entries, even with -u. Better error
+	message when failing to list another user's entries.
+	[e2e24deb0071]
+
+	* parse.c, sudo.c, sudo.h:
+	The syntax to list another user's entries is now "-u otheruser -l".
+	Only root or users with sudo "ALL" may list other user's entries.
+	[3c0657e8f5fe]
+
+	* sudo.cat, sudo.man.in, sudo.pod:
+	Update env variable info in SECURITY NOTES
+	[299716071024]
+
+	* env.c:
+	strip CDPATH too
+	[9b97643b26f9]
+
+	* env.c:
+	strip exported bash functions from the environment.
+	[9e5090c8284f]
+
+2004-10-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Only reset sudo_user.pw based on SUDO_USER environment variables for
+	real commands and sudoedit. This avoids a confusing message when a
+	user tries "sudo -l" or "sudo -v" and is denied.
+	[3ea6d0053274]
+
+	* gram.c, gram.y, parse.h:
+	Extend LIST_APPEND to deal with appending lists too
+	[d963e42f622f]
+
+2004-10-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	Convert some bitwise AND to ISSET
+	[130dc40d268e]
+
+	* lex.yy.c, toke.c:
+	toke.c replaces lex.yy.c
+	[048858df79e7]
+
+	* CHANGES, TODO:
+	sync
+	[d19e7abf251c]
+
+	* BUGS:
+	new parser fixes most of the outstanding bugs
+	[0891f66e3758]
+
+	* configure:
+	regen
+	[1a3358cc7283]
+
+	* visudo.c:
+	Rework for the new parser. Now checks for unused aliases in sudoers.
+	[ad462ede3094]
+
+	* testsudoers.c:
+	Rewrite for the new parser. Now supports a -d flag (dump) and adds
+	a -h flag (host). It now defaults to the local hostname unless
+	otherwise specified.
+	[1b69685cc601]
+
+	* sudo.h:
+	Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
+	[2e4fb3abfef0]
+
+	* sudo.c:
+	Update for new parse. We now call find_path() *after* we have
+	updated the global defaults based on sudoers. Also adds support for
+	listing other user's privs if you are root.
+	[cf3db9fc3024]
+
+	* mon_systrace.c:
+	Working LDAP support; also remove a now-unneeded rewind().
+	[649ecf1baf6b]
+
+	* logging.c, logging.h:
+	Add NO_STDERR flag.
+	[6cb935af94e0]
+
+	* ldap.c:
+	Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
+	udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
+	connecto to LDAP, apply the default options, find the command in the
+	user's path, and then check whether the user is allowed to run it.
+	The important thing here is that the default runas user may be
+	specified as a default option and that needs to be set before we
+	search for the command.
+	[fc0426abc6f1]
+
+	* ldap.c:
+	Add casts to unsigned char for isspace() to quiet a gcc warning.
+	[e5358e3df439]
+
+	* defaults.h:
+	Add prototype for update_defaults()
+	[564dac3db74e]
+
+	* defaults.c:
+	Don't warn about line numbers now that we operate on a set of data
+	structures (or LDAP) and not a file.
+	[bcd9ffb9b67c]
+
+	* config.h.in:
+	No long use lsearch()
+	[9d048c587319]
+
+	* Makefile.in:
+	Update for new and changed file names.
+	[6f424a7c4515]
+
+	* LICENSE:
+	no more BSD lsearch.c
+	[463a96d89026]
+
+	* match.c:
+	foo_matches() routines now live in match.c Added user_matches(),
+	runas_matches(), host_matches(), cmnd_matches() and alias_matches()
+	that operate on the parsed sudoers file.
+	[b14da8a0567e]
+
+	* parse.lex, toke.l:
+	Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
+	WORD no longer needs to exclude '@' kill yywrap()
+	[a922294eb7b7]
+
+	* gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
+	sudo.tab.h:
+	Rewritten parser that converts sudoers into a set of data
+	structures. This eliminates ordering issues and makes it possible to
+	apply sudoers Defaults entries before searching for the command.
+	[30d2ec4d203c]
+
+	* configure.in, emul/search.h, lsearch.c:
+	We won't be using lsearch() any longer.
+	[29c4d54bfac0]
+
+	* ldap.c:
+	sudo should not send mail if someone who runs 'sudo -l' has no
+	entry.
+	[6fc27a69fd9c]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+	visudo.man.in:
+	regen
+	[8166347917f3]
+
+	* visudo.pod:
+	Update warnings to match new visudo
+	[004c0766798f]
+
+	* sudoers.pod:
+	The new parser doesn't have the old ordering constraints.
+	[ffd43bd08661]
+
+	* sudo.pod:
+	Document that -l now takes an optional username argument
+	[278f9557de8b]
+
+2004-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON:
+	AIX 5.2.0.0 works
+	[523acd29d858]
+
+	* ldap.c:
+	If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
+	a compilation problem with Solaris 9's native LDAP.
+
+	Set FLAG_MONITOR when needed.
+	[35824ade672d]
+
+2004-10-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mon_systrace.c:
+	Call sudo_goodpath() *after* changing the cwd to match the traced
+	process. Fixes relative paths.
+	[12ee111d0ad7]
+
+2004-10-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* testsudoers.c:
+	Kill set_perms() stub--it is no longer needed.
+	[116ed702935d]
+
+2004-10-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	stay_setuid now requires set_reuid() or setresuid()
+	[8511f67e25d5]
+
+	* INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
+	configure.in, set_perms.c, sudo.c, sudo.h:
+	Kill use of POSIX saved uids; they aren't worth bothering with.
+	[b3b1f19f18c1]
+
+2004-10-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* glob.c:
+	remove call to issetugid()
+	[63f2e492c08f]
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Remove warning about wildcards. Now that we use glob() the bug is
+	fixed.
+	[b15729d32266]
+
+	* parse.c:
+	Use glob(3) instead of fnmatch(3) for matching pathnames and stat
+	each result that matches the basename of the user's command. This
+	makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
+	/usr/bin/blah. Fixes bug #143.
+	[e31eb6310340]
+
+	* config.h.in, configure, configure.in:
+	Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
+	GLOB_BRACE)
+	[677ed6661e17]
+
+	* config.h.in, configure, configure.in:
+	Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
+	[aaa2329dd266]
+
+	* LICENSE:
+	reference glob
+	[bedc9a923423]
+
+	* glob.c:
+	4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
+	removed.
+	[81799451473c]
+
+	* emul/glob.h:
+	4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
+	removed.
+	[0335cf31fb1e]
+
+2004-10-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mon_systrace.c:
+	Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
+	means we are out of space in the stack gap...
+	[5b02b702021e]
+
+	* CHANGES:
+	sync
+	[be3826273e56]
+
+	* mon_systrace.c:
+	Take a stab at ldap sudoers support here.
+	[9d023695b0de]
+
+	* mon_systrace.c, mon_systrace.h:
+	Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
+	doesn't cause reboot to inadvertanly kill itself.
+	[d4aab2365610]
+
+	* mon_systrace.c:
+	put "monitor" in the proctitle, not "systrace"
+	[9a9025767d86]
+
+	* mon_systrace.c:
+	When modifying the environment, don't replace envp when we can get
+	away with just rewriting pointers in the traced process.
+	[c03622f7a2e2]
+
+	* mon_systrace.c, mon_systrace.h:
+	Add environment updating via STRIOCINJECT (if available).
+	[037291016870]
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[869acc511046]
+
+2004-10-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* lex.yy.c:
+	regen
+	[4e61a9bd3c97]
+
+	* parse.lex:
+	Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
+	[b70d7bd6e147]
+
+	* mon_systrace.c:
+	Include file is now mon_systrace.h
+	[ead4e36d92ae]
+
+	* Makefile.in, configure, configure.in, def_data.c, def_data.h,
+	def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
+	sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
+	No longer call it tracing, it is now "monitoring" which should be
+	more a obvious name to non-hackers.
+	[aa811ded0789]
+
+2004-10-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mon_systrace.c, mon_systrace.h:
+	Fix some XXX
+	[a271072dacc6]
+
+	* mon_systrace.c, mon_systrace.h:
+	No need to include syscall.h, use 1024 as the max # of entries (the
+	max that systrace(4) allows).
+
+	Only need to use SYSTR_POLICY_ASSIGN once
+
+	Change check_syscall() -> find_handler() and have it return the
+	handler instead of just running it. We need this since handler now
+	have two parts: one part that generates and answer and another that
+	gets called after the answer is accepted (to do logging).
+
+	Add some missing check_exec for emul execv
+	[a89d243f0525]
+
+	* sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
+	Add $Sudo$ tags.
+	[6f3fedb0daba]
+
+	* config.h.in:
+	Add missing HAVE_LINUX_SYSTRACE_H
+	[ff75ab7bfc53]
+
+	* Makefile.in:
+	add trace_systrace.o dependency
+	[88a408668ab2]
+
+2004-09-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Also look for systrace.h in /usr/include/linux
+	[98b98b436cf3]
+
+	* mon_systrace.c, mon_systrace.h:
+	Move all struct defs and prototypes into trace_systrace.h and mark
+	all but systace_attach() static.
+	[85511253b570]
+
+	* mon_systrace.c, mon_systrace.h:
+	Add support for tracing emulations. At the moment, all emulations
+	are compiled in. It might make sense to #ifdef them in the future,
+	though this impeeds readability.
+	[87bb50abf277]
+
+	* Makefile.in, configure, configure.in:
+	rename systrace.c -> trace_systrace.c
+	[31cfa4407d93]
+
+	* parse.yacc, sudo.tab.c:
+	Allow this to build with a K&R compiler again
+	[32876af5bb98]
+
+	* TODO:
+	sync
+	[46865bd70f7c]
+
+	* compat.h, sudo.c, visudo.c:
+	Use __attribute__((__noreturn__))
+	[65bbad71fe89]
+
+	* visudo.c:
+	Exit() takes a negative value to indicate it was not called via
+	signal.
+	[b93032ed7b60]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+	visudo.man.in:
+	regen
+	[45bcf4661558]
+
+	* Makefile.in, visudo.c:
+	Define Err() and Errx() that are like err() and errx() but call
+	Exit() instead of exit(). Build private copy of alloc.o for visudo
+	that calls Err() and Errx().
+	[c6d02bf42edd]
+
+2004-09-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* lex.yy.c, sudo.tab.c:
+	regen
+	[39de7e7c59da]
+
+	* CHANGES:
+	sync
+	[ba481d9ed1aa]
+
+	* visudo.c:
+	Overhaul visudo for editing multiple files: o visudo has been
+	broken out into functions (more work needed here) o each file is
+	now edited before sudoers is re-parsed o if a #include line is
+	added that file will be edited too
+
+	TODO: o cleanup temp files when exiting via err() or errx() o
+	continue breaking things out into separate functions
+	[80c35cf534eb]
+
+	* parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
+	Add keepopen arg to open_sudoers that open_sudoers can use to
+	indicate to the caller that the fd should not be closed when it is
+	done with it. To be used by visudo to keep locked fds from being
+	closed prematurely (and thus losing the lock).
+	[f330fe632470]
+
+	* parse.yacc, sudo.c:
+	Add errorfile global that contains the name of the file that caused
+	the error.
+	[98079c7a37ed]
+
+	* parse.lex:
+	return COMMENT to yacc grammar for a #include line
+	[2024a8de4fa8]
+
+	* parse.lex:
+	Remove us of unput() in favor of yyless() which is cheaper.
+	[c61291902beb]
+
+	* parse.yacc:
+	Allow an empty sudoers file.
+	[62fb111db2e7]
+
+2004-09-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mon_systrace.c:
+	Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
+	[9e15869ef597]
+
+	* lex.yy.c, sudo.tab.c:
+	regen
+	[c29bdd43bfad]
+
+	* visudo.c:
+	Do signal setup before calling edit_sudoers(). Don't shadow the
+	"quiet" global.
+	[74252efd09ff]
+
+	* visudo.c:
+	If a sudoers file includes other files, edit those too. Does not yes
+	deal with creating the new includes files itself.
+	[06af7b9c173f]
+
+	* testsudoers.c:
+	init_parser now takes a path
+	[b5ee186eb192]
+
+	* parse.c, parse.h, parse.lex, parse.yacc:
+	More scaffolding for dealing with multiple sudoers files: o
+	init_parser() now takes a path used to populate the sudoers global
+	o the sudoers global is used to print the correct file in yyerror()
+	o when switching to a new sudoers file, perserve old file name and
+	line number
+	[d9be4970b8bd]
+
+	* Makefile.in, pathnames.h.in:
+	Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
+	multiple sudoers files.
+	[6ccc4e921c43]
+
+	* parse.c, sudo.c:
+	Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
+	we start at the right file position when reading include files.
+	[91fcb961e7a4]
+
+	* sudoers.pod:
+	document #include
+	[fbb92a25a726]
+
+	* lex.yy.c:
+	regen
+	[50cd7a4c9dff]
+
+	* parse.lex:
+	Add max depth of 128 for the include stack to avoid loops.
+
+	Since yyerror() doesn't stop parsing, pass return values back to
+	yylex and call yyterminate() on error.
+	[e79dbffb729d]
+
+2004-09-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	document tracing
+	[165a467eadd8]
+
+	* sudo.pod:
+	Mention PREVENTING SHELL ESCAPES section of sudoers man page
+	[3217ccecd834]
+
+	* lex.yy.c, sudo.tab.c:
+	regen
+	[fbd58d1d3a76]
+
+	* parse.lex:
+	Add support for #include in sudoers (visudo support TBD)
+	[a78015ca81af]
+
+	* parse.yacc:
+	make yyerror()'s argument const
+	[7d8e168c019a]
+
+	* testsudoers.c, visudo.c:
+	Add open_sudoers() stubs.
+	[087466787198]
+
+	* sudo.c, sudo.h:
+	Rename check_sudoers() open_sudoers() and make it return a FILE *
+	[142fc511fc65]
+
+2004-09-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
+	version.h:
+	Crank version
+	[1adc3f839480]
+
+	* Makefile.in, sudo.psf:
+	Better HP-UX depot construction
+	[2d952b000e63]
+
+2004-09-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mon_systrace.c:
+	o Made children global so check_exec() can lookup a child. o
+	Replaced uid in struct childinfo with struct passwd * (for runas) o
+	new_child() now takes a parent pid so the runas info can be
+	inherited o Added find_child() to lookup a child by its pid o
+	update_child() now fills in a struct passwd o Converted the big
+	if/else mess in set_policy to a switch o Syscalls that change uid
+	are now "ask" so we get SYSTR_MSG_UGID events
+	[29b9ea3f09a3]
+
+	* getspwuid.c:
+	Add flag to sudo_pwdup that indicates whether or not to lookup the
+	shadow password. Will be used to a struct passwd that has the
+	shadow password already filled in.
+	[e19d43dd7238]
+
+	* mon_systrace.c:
+	add missing increment of addr in read_string()
+	[f9eb0f060cb6]
+
+	* mon_systrace.c:
+	Remove bogus call to update_child() and some cosmetic fixes
+	[701ab0b97fef]
+
+	* mon_systrace.c:
+	Don't leak /dev/systrace fd to tracee Make initialized global for
+	simplicity If STRIOCATTACH returns EBUSY we are already being traced
+	Check for user_args == NULL in setproctitle() call Add missing calls
+	to STRIOCANSWER
+	[1956edf9bc3a]
+
+	* sudo.c:
+	g/c sudo_pwdup proto
+	[b7c4d6249ecb]
+
+	* Makefile.in, sudo.psf:
+	Add target for building a depot file
+	[357019efd99b]
+
+	* mon_systrace.c:
+	trim includes
+	[501534428471]
+
+2004-09-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* lex.yy.c, sudo.tab.c, sudo.tab.h:
+	regen
+	[52fd250c6986]
+
+	* INSTALL:
+	document --with-systrace
+	[79623927c94e]
+
+	* config.h.in, configure, configure.in:
+	Add check for setproctitle
+	[1730cf1c26ed]
+
+	* mon_systrace.c:
+	pass struct str_msg_ask in to syscall checker so it can set the
+	error code
+	[1703fd2fdef6]
+
+	* mon_systrace.c:
+	systrace(4) support for sudo. On systems with the systrace(4)
+	kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
+	intercept exec calls and check the exec args against the sudoers
+	file. In other words, sudo can now control subcommands and shell
+	escapes.
+	[928c9217c386]
+
+	* sudo.c, sudo.h:
+	Call systrace_attach() if FLAG_TRACE is set.
+	[014ba9402fa5]
+
+	* parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
+	Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
+	[a99904db5e56]
+
+	* parse.c, sudo.c:
+	Don't close sudoers_fp, keep it open and set close on exec flag
+	instead.
+	[43a9fec60bee]
+
+	* def_data.c, def_data.h, def_data.in:
+	Add trace option
+	[5b643b86730a]
+
+	* Makefile.in:
+	Add systrace
+	[47a0519c427c]
+
+	* INSTALL:
+	SunOS /bin/sh blows up with configure
+	[005a23cc5615]
+
+	* configure, configure.in:
+	Include sys/param.h before systrace.h
+	[9345bc8efecf]
+
+	* configure:
+	regen
+	[a8f53fcbb254]
+
+	* pathnames.h.in:
+	_PATH_DEV_SYSTRACE
+	[d2ad1e492a00]
+
+	* configure.in:
+	line up options in --help
+	[fa51f2821d09]
+
+	* config.h.in, configure.in:
+	Add --with-systrace
+	[a264d54bc413]
+
+2004-09-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[a4dad0bcc523]
+
+	* aclocal.m4, configure.in:
+	make this work with autoconf-2.59
+	[c4a92b6a684a]
+
+2004-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_edit.c:
+	Simplify logic around open & stat of files and do sanity on edited
+	file even if we lack fstat (still racable but worth doing).
+	[adda65ade70c]
+
+2004-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* HISTORY:
+	Add support url
+	[bf6590fbde9f]
+
+	* Makefile.in:
+	versino 1.6.8p1
+	[b84ebfaf1552] [SUDO_1_6_8p1]
+
+	* CHANGES:
+	more changes for 1.6.8p1
+	[e23a9c0393b6]
+
+	* version.h:
+	1.6.8p1
+	[872f14504b5f]
+
+	* CHANGES, sudo_edit.c:
+	Add sanity check so we don't try to edit something other than a
+	regular file.
+	[350134ec6d4e]
+
+2004-09-15  Aaron Spangler  <aaron777@gmail.com>
+
+	* CHANGES:
+	sync
+	[3091ca9eae00]
+
+	* INSTALL:
+	document --with-ldap-conf-file
+	[0e2cd6b896f1]
+
+2004-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, ins_csops.h:
+	political correctness strikes again
+	[428e8bc77f55]
+
+	* RUNSON:
+	sync
+	[27f44bd423dc]
+
+2004-09-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.binary.in, Makefile.in:
+	Install sudoedit man link
+	[19a55234fc1f]
+
+	* INSTALL:
+	Update PAM note and mention where HP-UX users can download gcc
+	binaries.
+	[d37cdbbabfd4]
+
+	* Makefile.in:
+	libtool wants to install stuff from .libs so fake one up for binary
+	installations.
+	[a681bc6fcfba]
+
+	* Makefile.binary.in:
+	rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
+	[3e0c4b3372cc]
+
+	* Makefile.in:
+	Deal with "uname -m" having slashes in it rm -f old sudoedit link
+	instead of using ln -f
+	[cff33fb97e5b]
+
+	* Makefile.binary, Makefile.binary.in:
+	Makefile.binary -> Makefile.binary.in for config.status substitution
+	Add support for installing noexec bits
+	[37d8bb3483c6]
+
+	* Makefile.in:
+	Copy noexec bits into binary dists too No longer use my old arch
+	script for making binary dists
+	[e7058bab9e33]
+
+	* Makefile.binary:
+	Install sudoedit link.
+	[417d1e101711]
+
+2004-09-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* emul/utime.h:
+	avoid __P so there is no need for compat.h to be included
+	[6d8d1f1abf7d]
+
+	* utimes.c:
+	Don't use HAVE_UTIME_H before including config.h.
+	[013b7bb61181]
+
+2004-09-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat.h:
+	Fix Solatis futimes macro
+	[d4eda2ca0d29]
+
+2004-09-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_edit.c:
+	Rename ots -> omtim for improved readability.
+	[127ca5bb297c]
+
+2004-09-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_edit.c:
+	Redo changes in revision 1.7. Don't really need to keep the temp
+	file open; re-opening it with the invoking user's euid is
+	sufficient.
+	[55a883165a95]
+
+	* CHANGES:
+	sync
+	[9015b291170d]
+
+	* sudo.cat, sudo.man.in:
+	regen
+	[c0313f6ed783]
+
+	* sudo.pod:
+	back out revision 1.70; it is no long applicable
+	[b641d503aff6]
+
+	* env.c:
+	Let the loader initialize nep
+	[bec192139b02]
+
+	* config.h.in, configure, configure.in:
+	Removed unneed check for fchown Add check for gettimeofday Move
+	autoheader template stuff into separate AH_TEMPLATE lines
+	[bfc0edbd43f2]
+
+	* check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
+	Use timespec throughout.
+	[1a178a23b69b]
+
+	* Makefile.in:
+	gettime.[co]
+	[6aeb48a7ab7f]
+
+	* gettime.c:
+	function to return the current time in a struct timespec
+	[bf8eb12cb63f]
+
+	* utimes.c:
+	Not a darpa-sponsored file.
+	[121ce5e2036c]
+
+2004-09-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat.h, config.h.in, configure, configure.in:
+	Add a check for struct timespec and provide it for those without.
+	[42124055030d]
+
+	* config.h.in, configure, configure.in, sudo_edit.c:
+	Add checks for st_mtim and st_mtimespec and add macros for pulling
+	the mtime sec and nsec out of struct stat. These are used in
+	sudo_edit() to better tell whether or not the file has changed.
+	[23debfbb3fab]
+
+	* check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
+	Add an extra param to touch() for nsec
+	[56f7a4ba8ddb]
+
+	* sudo_edit.c:
+	Call mkstemp() as the in invoking user so we don't have to chown the
+	file later. Only touch() the temp file if we can do it via the file
+	descriptor. Don't check for modification of the temp file if we lack
+	fstat(). Catch errors read()ing the temp file.
+	[665f52c70836]
+
+	* fileops.c:
+	If path is NULL and fd == -1 return -1.
+	[757a518a824c]
+
+	* sudo_edit.c:
+	closefrom() is overkill, the only extra fds are the ones we opened
+	so just close those in the child.
+	[f361c9d2a1f4]
+
+	* Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
+	configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
+	visudo.c:
+	Use utimes() and futimes() instead of utime() in touch(), emulating
+	as needed. Not all systems are able to support setting the times of
+	an fd so touch() takes both an fd and a file name as arguments.
+	[3d9276f29717]
+
+2004-09-07  Aaron Spangler  <aaron777@gmail.com>
+
+	* env.c:
+	Rare SEGV
+	[8995f828782d]
+
+2004-09-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+	visudo.man.in:
+	regen
+	[b8e9406711c5]
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	Add SUPPORT section and re-order some of the sections to match the
+	order we use in OpenBSD.
+	[fa37bd917e2c]
+
+2004-09-06  Aaron Spangler  <aaron777@gmail.com>
+
+	* env.c:
+	Openldap ~/.ldaprc fix
+	[1a37afe6850f]
+
+2004-09-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod:
+	Talk about how the editor must write its changes to the original
+	file and not just use rename(2).
+	[c55ed91c5ee9]
+
+	* CHANGES:
+	sync
+	[62af26bd37a2]
+
+	* sudo_edit.c:
+	Keep the temp file open instead of re-opening after the editor has
+	exited.
+	[de41eeb6dcf2]
+
+	* sample.pam:
+	Update for current redhat/fedora core.
+	[8cf083077333]
+
+2004-09-03  Aaron Spangler  <aaron777@gmail.com>
+
+	* README.LDAP:
+	tls_ examples
+	[ba783d88a034]
+
+2004-09-02  Aaron Spangler  <aaron777@gmail.com>
+
+	* ldap.c:
+	config tls_* options
+	[0b0e0797b3b9]
+
+2004-08-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	No need for -lcrypt when using pam.
+	[41fff3a53e68]
+
+2004-08-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[75820aecce2c]
+
+2004-08-27  Aaron Spangler  <aaron777@gmail.com>
+
+	* configure.in, ldap.c, pathnames.h.in:
+	Allow --with-ldap-conf-file option to override LDAP_CONF
+	[c9909bc484a5]
+
+	* ldap.c:
+	cleanup debug message
+	[1f6ca4824d8d]
+
+2004-08-26  Aaron Spangler  <aaron777@gmail.com>
+
+	* README.LDAP:
+	more config info
+	[f2e7147fd507]
+
+2004-08-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
+	Add cmnd_base to struct sudo_user and set it in init_vars(). Add
+	cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
+	longer use gross statics in command_matches(). Also rename some
+	variables for improved clarity.
+	[7169a6c7bea4]
+
+2004-08-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	document HP's crippled compiler deficiency.
+	[c405ea5a8d4c]
+
+	* INSTALL:
+	Fix some thinkos in --with-editor and --with-env-editor
+	descriptions. Noticed by Norihiko Murase.
+	[dd781de1c985]
+
+	* configure, configure.in:
+	--with-noexec takes an optional PATH argument.
+	[8f6ab77f22cc]
+
+	* INSTALL:
+	document --with-noexec
+	[50cb1fc627ce]
+
+2004-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON, TODO:
+	sync
+	[f2503bd13373] [SUDO_1_6_8]
+
+	* sudo_edit.c:
+	Better warning message when sudoedit is unable to write to the
+	destination file.
+	[f78c18f2ffa8]
+
+	* sudo.cat, sudo.man.in:
+	regen
+	[7e2bf63d6d9a]
+
+	* sudo.pod:
+	Don't italicize the string "sudoedit"
+	[c691643bd269]
+
+2004-08-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* HISTORY:
+	Mention GratiSoft.
+	[dc53de581b2d]
+
+2004-08-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.tab.c:
+	regen
+	[8ae0484dfc38]
+
+	* parse.yacc:
+	Reset used_runas to FALSE when re-intializing the parser.
+	[b7403f353a02]
+
+2004-08-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.guess:
+	Correct OpenBSD mips support
+	[314fc7afc165]
+
+	* config.guess:
+	Add OpenBSD/mips
+	[ac87d0a773ef]
+
+2004-08-07  Aaron Spangler  <aaron777@gmail.com>
+
+	* README.LDAP:
+	More behavior notes
+	[13be1d212b47]
+
+	* README.LDAP:
+	Updates on current behavior
+	[d498a8866d6f]
+
+2004-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	=back does not take an indentlevel (makes no difference to formatted
+	files).
+	[9c8523bb382a]
+
+	* sudo.pod:
+	=back does not take an indentlevel (makes no difference to formatted
+	files).
+	[e5f479e24fa8]
+
+	* CHANGES:
+	new
+	[2dbd9aba8b33]
+
+	* sudo.c:
+	Consistency. Use same error for bad -u #uid when targetpw is set as
+	we do when a bad -u username is specified.
+	[922961c4a9d6]
+
+	* TODO:
+	Add checksum idea from Steve Mancini
+	[e6ece1b766ba]
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[370d2317829f]
+
+	* sudo.cat, sudo.man.in:
+	regen
+	[f93d41fc38b1]
+
+	* sudo.pod, sudoers.pod:
+	Document the restriction on uids specified via -u when targetpw is
+	set.
+	[878fedb455db]
+
+	* sudo.c:
+	Error out when targetpw is enabled and sudo is run with -u #uid but
+	#uid does not exist in the passwd database. We can't do target
+	authentication when the target is not in passwd!
+	[27c5888c86eb]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+	regen
+	[ceb65711050c]
+
+	* TODO:
+	Some more todo for the next release.
+	[7b7417be7601]
+
+	* INSTALL:
+	Make it clear that PAM should be used for DCE support when possible.
+	[7502029fd385]
+
+	* sudoers.pod:
+	o Document problems with wildcards and relative paths. o Make the
+	order requirements more prominent. o Change a "set" to "reset" for
+	clarity.
+	[bacdd181b33f]
+
+2004-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod:
+	Mention --with-secure-path, not SECURE_PATH.
+	[41283ddde5e1]
+
+2004-08-03  Aaron Spangler  <aaron777@gmail.com>
+
+	* ldap.c:
+	reflect changes to parse.c
+	[8880fe9b724d]
+
+2004-08-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.tab.c:
+	regen
+	[a57658ca9177]
+
+	* parse.c, parse.h, testsudoers.c, visudo.c:
+	Don't pass user_cmnd and user_args to command_matches(), just use
+	the globals there. Since we keep state with statics anyway it is
+	misleading to pretend that passing in different cmnd and cmnd_args
+	will work.
+	[0a2544991fd6]
+
+	* parse.yacc:
+	Don't pass user_cmnd and user_args to command_matches(), just use
+	the globals there. Since we keep state with statics anyway it is
+	misleading to pretend that passing in different cmnd and cmnd_args
+	will work.
+	[a4910bf6032b]
+
+	* parse.c:
+	Fix a bug introduced in rev. 1.149. When checking for pseudo-
+	commands check for a '/' anywhere in cmnd, not just the first
+	character.
+	[ce98142f03ca]
+
+2004-07-31  Aaron Spangler  <aaron777@gmail.com>
+
+	* sudo.man.in, sudo.pod:
+	Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
+	[a91800e094b1]
+
+	* sudoers.man.in, sudoers.pod:
+	Add ignore_local_sudoers
+	[741ddcbf7083]
+
+	* README.LDAP:
+	Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
+	janth@moldung.no
+	[742c02e07cd9]
+
+2004-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	typo
+	[e7cdefbd7a9a]
+
+2004-07-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	sync
+	[734dafc4a85e]
+
+	* parse.c:
+	Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
+	PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
+	[151b7f593568]
+
+2004-07-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	PAM change
+	[d8fb6d6a22d0]
+
+2004-07-08  Aaron Spangler  <aaron777@gmail.com>
+
+	* ldap.c:
+	Better debugging of ALL command
+	[9db3e84029dc]
+
+2004-07-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	When matching for "sudoedit" in sudoers check both the command the
+	user typed *and* the command that is listed in the sudoers entry.
+	[f36ca1f94095]
+
+2004-07-04  Aaron Spangler  <aaron777@gmail.com>
+
+	* ldap.c:
+	Added !command feature
+	[ed539574611b]
+
+2004-06-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
+	[2be8e0e8813a]
+
+2004-06-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE:
+	License is ISC-style, not BSD-style
+	[ac0589e1dd5d]
+
+	* CHANGES:
+	sync
+	[16058a30f404]
+
+2004-06-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in:
+	regen
+	[8820eb9c809b]
+
+	* sudo.pod:
+	o Update some out of date bits to reality o Change the shell promt
+	in examples to bourne-shell style o Clarify some details o Add a
+	CAVEAT about "sudo cd /foo"
+	[b0af373214b6]
+
+	* check.c:
+	Don't ask for a password if invoking user == target user.
+	[dd5c96141132]
+
+	* sudo.c:
+	typo in comment
+	[278d20f9b249]
+
+2004-06-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[9036c6f39eff]
+
+	* sudoers.pod:
+	Expand on NOEXEC a little.
+	[9a13756aebe4]
+
+	* TODO:
+	sync
+	[8d2c1af48de8]
+
+	* visudo.cat, visudo.man.in:
+	regen
+	[3921f01607c8]
+
+	* sudo.tab.c:
+	regen
+	[9338c3d68250]
+
+	* visudo.pod:
+	Add a check in visudo for runas_default being set after it has
+	already been used.
+	[6700358d7ad8]
+
+	* CHANGES, parse.yacc, visudo.c:
+	Add a check in visudo for runas_default being set after it has
+	already been used.
+	[803560986a8a]
+
+	* sudo.tab.c:
+	regen
+	[b60636e2cf63]
+
+	* parse.yacc:
+	Add a MATCHED macro for testing whether foo_matches has been set to
+	TRUE or FALSE. This is more readable than checking for >=0 or < 0.
+	Doesn't change the actual code generated.
+	[f376da8ccdc8]
+
+2004-06-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat:
+	regen
+	[6cceb6d6c9bd]
+
+	* sudoers.man.in:
+	regen
+	[5acd12b730b3]
+
+	* sudoers.pod:
+	Correct description of where Defaults specs should go.
+	[6b11ff53d7ad]
+
+	* sudoers:
+	Correct description of where Defaults specs should go.
+	[868db857630d]
+
+	* testsudoers.c, visudo.c:
+	update (c) year
+	[272c8a53604c]
+
+	* logging.h:
+	update (c) year
+	[3cec76d400ce]
+
+	* ldap.c:
+	update (c) year
+	[f264632488a0]
+
+	* find_path.c:
+	update (c) year
+	[40c227af9227]
+
+	* auth/pam.c:
+	update (c) year
+	[87149e0eed50]
+
+	* auth/bsdauth.c, auth/kerb5.c:
+	update (c) year
+	[d72eb434c068]
+
+2004-06-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.tab.c:
+	regen
+	[83408d9e9d2e]
+
+	* auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
+	Remove trailing spaces, no actual code changes.
+	[4c3bf2819293]
+
+	* tgetpass.c:
+	Remove trailing spaces, no actual code changes.
+	[96f6e0a24c26]
+
+	* ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
+	Remove trailing spaces, no actual code changes.
+	[c7075d1cbed5]
+
+	* getcwd.c:
+	Remove trailing spaces, no actual code changes.
+	[776cc0374547]
+
+	* find_path.c:
+	Remove trailing spaces, no actual code changes.
+	[7ed7099f3c71]
+
+	* compat.h, defaults.c, env.c:
+	Remove trailing spaces, no actual code changes.
+	[893e83c33795]
+
+	* check.c:
+	Remove trailing spaces, no actual code changes.
+	[f77750f8803b]
+
+	* sudo.tab.c:
+	regen
+	[62e0ed883b31]
+
+	* parse.yacc:
+	Fix a >=0 that should be <0 that was improperly converted when
+	UNSPEC was added.
+	[ad1531a55a49]
+
+	* parse.yacc:
+	Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
+	NOMATCH when resetting it.
+	[ae017a12870a]
+
+	* parse.yacc:
+	Fix pastos introduced in SETNMATCH addition.
+	[6ea1c9d80681]
+
+2004-06-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README.LDAP:
+	Update for configure changes
+	[637a635da287]
+
+	* sudo.tab.c:
+	regen
+	[4753c2788713]
+
+	* sudo.h:
+	Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
+	these in parse.yacc. Also in parse.yacc initialize the *_matches
+	vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
+	when setting *_matches to a value that may be
+	NOMATCH/UNSPEC/TRUE/FALSE.
+	[2ba622e15a4d]
+
+	* parse.yacc:
+	Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
+	these in parse.yacc. Also in parse.yacc initialize the *_matches
+	vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
+	when setting *_matches to a value that may be
+	NOMATCH/UNSPEC/TRUE/FALSE.
+	[746b519e41a6]
+
+	* parse.yacc:
+	Initialize runas to -2, not -1 since we need to be able to
+	distinguish between the initialized value and the value of a non-
+	match when passing along the runas value to multiple commands.
+
+	The result of this is that an unmatched runas is now set to -1, not
+	0. This is required now that parse.c treats a FALSE value for runas
+	as being explicitly denied.
+	[7791ed3621f6]
+
+2004-06-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c, visudo.c:
+	Error out if argc < 1.
+	[ce6b2a9eda3c]
+
+	* getprogname.c:
+	Error out if argc < 1.
+	[c566cce8dc78]
+
+	* configure, configure.in:
+	Add tests for what libs we need to link with for ldap and for
+	whether or not lber.h needs to be explicitly included.
+	[b2e9729cc4e7]
+
+2004-06-03  Aaron Spangler  <aaron777@gmail.com>
+
+	* ldap.c:
+	Solaris native LDAP build fix
+	[39929e40eb11]
+
+2004-06-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
+	unset variable.
+	[6a4c20a66f98]
+
+	* sudo.h:
+	Add prototype for sudo_ldap_list_matches
+	[443b007a8dab]
+
+	* configure, configure.in:
+	Better check for dirfd macro--we now set HAVE_DIRFD for the macro
+	version too. Added check for dd_fd in `DIR' if no dirfd is found;
+	this is now used to confitionally define the dirfd macro in
+	compat.h.
+	[567656978f7e]
+
+	* config.h.in:
+	Better check for dirfd macro--we now set HAVE_DIRFD for the macro
+	version too. Added check for dd_fd in `DIR' if no dirfd is found;
+	this is now used to confitionally define the dirfd macro in
+	compat.h.
+	[34eace4faec8]
+
+	* compat.h:
+	Better check for dirfd macro--we now set HAVE_DIRFD for the macro
+	version too. Added check for dd_fd in `DIR' if no dirfd is found;
+	this is now used to confitionally define the dirfd macro in
+	compat.h.
+	[8d50ff1bbf2a]
+
+	* closefrom.c:
+	Only check /proc/$$/fd if we have the dirfd function/macro.
+	[15e3ccce7553]
+
+	* compat.h, config.h.in, configure, configure.in:
+	Add a check for a dirfd() function (like Linux) and add a dirfd
+	macro in compat.h if there is no dirfd() function or macro.
+	[1e95756edb50]
+
+	* closefrom.c, getcwd.c:
+	dirfd() is now defined in compat.h as needed.
+	[bb1d79271188]
+
+	* CHANGES:
+	Clarify closefrom() note.
+	[f4e4a5508dda]
+
+	* parse.c:
+	When checking for a command in the directory, only copy the base dir
+	once.
+	[7a3276808b87]
+
+	* closefrom.c:
+	If there is a /proc/$$/fd directory, behave like the Solaris
+	closefrom() and only close the descriptors listed therein.
+	[19de23779e84]
+
+	* alloc.c:
+	compat.h guarantees INT_MAX is defined.
+	[1bf0c79d4606]
+
+	* compat.h:
+	Add definitions of OPEN_MAX and INT_MAX for those without it and
+	remove definition of RLIM_INFINITY (now unused).
+	[f827d1ebf96e]
+
+	* CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
+	sudo.c, sudo.h, visudo.c:
+	Use PATH_MAX, not MAXPATHLEN since the former is standardized.
+	[59788f211c24]
+
+2004-05-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	sync
+	[d32fa124f1ad]
+
+	* RUNSON:
+	Add some entries that were mailed in a while ago
+	[ff8d5bfec54e]
+
+	* closefrom.c:
+	o sysconf returns a long, not an int. o check for negative return
+	value from sysconf/getdtablesize and use OPEN_MAX in this case. o
+	define OPEN_MAX to 256 for those without it (a fair guess...)
+	[ccf81ae6deb2]
+
+2004-05-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* UPGRADE:
+	Mention change in parse order for RunAs entries.
+	[dc73b0bca617]
+
+	* configure:
+	regen
+	[07cce8e0534e]
+
+2004-05-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, README.LDAP, config.h.in, configure.in:
+	o --with-ldap now takes an optional dir as a parameter o added
+	check for ldap_initialize() and start_tls_s()
+	[2b846c7974c6]
+
+	* README.LDAP:
+	Fix some typos, word choice and formatting issues.
+	[00dc8ca84b10]
+
+2004-05-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
+	read/write as it is simpler.
+	[30f5446ee8b0]
+
+	* configure, configure.in:
+	Remove hack overriding cross-compiler check. It should no longer be
+	needed.
+	[22a6cbd88608]
+
+	* compat.h:
+	Remove select() compat bits since we no longer use select().
+	[d7bbf7cd36f5]
+
+	* CHANGES, tgetpass.c:
+	Use alarm() instead of select() for the timeout for systems that
+	don't fully/properly implement select().
+	[d7cc60f15800]
+
+2004-05-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	synbc
+	[132a39788e07]
+
+	* RUNSON:
+	update
+	[61ef508380c6]
+
+	* set_perms.c:
+	Deal with systems that have no way of setting the effective uid such
+	as nsr-tandem-nsk.
+	[306e00e9b5a4]
+
+	* configure, configure.in:
+	Define NO_SAVED_IDS if we don't find seteuid()
+	[8588f18345cf]
+
+	* config.h.in, configure, configure.in:
+	Add back check for setreuid() since NSK doesn't have it.
+	[43127bd703d1]
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[af4f4b20e422]
+
+	* CHANGES:
+	sync
+	[29ca3b699c24]
+
+	* BUGS:
+	sync
+	[3593f17f72ed]
+
+	* parse.c:
+	In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
+	explicitly denied and the command matched. This fixes a long-
+	standing bug and makes: foo machine = (ALL) /usr/bin/blah
+	foo machine = (!bar) /usr/bin/blah
+
+	equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
+	[2f5ee244985a]
+
+	* sudoers.pod:
+	Clarify mail_noperm
+	[3238b2d41989]
+
+2004-05-20  Aaron Spangler  <aaron777@gmail.com>
+
+	* Makefile.in:
+	Missing DESTDIR in make install for sudo_noexec.la
+	[91431e821525]
+
+2004-05-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+	visudo.man.in:
+	regen
+	[cdfde0dcb556]
+
+	* TODO:
+	sync
+	[4799b7d8b62c]
+
+	* sudoers.pod:
+	Remove fastboot/fasthalt (who still remembers these?) and add a
+	minimal sudoedit example.
+	[19d299f233cd]
+
+	* sample.sudoers:
+	Remove fastboot/fasthalt (who still remembers these?) and add a
+	minimal sudoedit example.
+	[b1bca73d6250]
+
+	* UPGRADE, sudo.c, visudo.c:
+	filesystem -> file system
+	[1e1afaf30469]
+
+	* TROUBLESHOOTING:
+	filesystem -> file system
+	[39fb594e9338]
+
+	* CHANGES, INSTALL:
+	filesystem -> file system
+	[85948b608ffe]
+
+	* sudo.pod, sudoers.pod:
+	Fix some minor typos and formatting goofs
+	[e94d243a0b90]
+
+	* lex.yy.c:
+	regen
+	[2eed0ab1f4c4]
+
+	* visudo.pod:
+	remove my email addr
+	[b63262c0389b]
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	Use @mansectform@ and @mansectsu@ everywhere Make man page
+	references links with L<>
+	[f459f4b9ddb9]
+
+	* parse.lex:
+	Accept quoted globbing characters and pass them verbatim for
+	fnmatch()
+	[8248b86e9380]
+
+	* UPGRADE:
+	Document that /tmp/.odus is gone.
+	[3667b66af5bb]
+
+	* pathnames.h.in:
+	No longer use /tmp/.odus as a possible timestamp dir unless
+	specifically configured to do so. Instead, if no /var/run exists,
+	use /var/adm/sudo or /usr/adm/sudo.
+	[48d94c9f9ad4]
+
+	* configure:
+	No longer use /tmp/.odus as a possible timestamp dir unless
+	specifically configured to do so. Instead, if no /var/run exists,
+	use /var/adm/sudo or /usr/adm/sudo.
+	[058d7b8cf07b]
+
+	* aclocal.m4:
+	No longer use /tmp/.odus as a possible timestamp dir unless
+	specifically configured to do so. Instead, if no /var/run exists,
+	use /var/adm/sudo or /usr/adm/sudo.
+	[cf52c4c2803f]
+
+	* CHANGES:
+	No longer use /tmp/.odus as a possible timestamp dir unless
+	specifically configured to do so. Instead, if no /var/run exists,
+	use /var/adm/sudo or /usr/adm/sudo.
+	[6058c4cefcec]
+
+	* set_perms.c, sudo.c, tgetpass.c, visudo.c:
+	Preliminary changes to support nsr-tandem-nsk. Based on patches
+	from Tom Bates.
+	[2e5f81834383]
+
+	* logging.c:
+	Preliminary changes to support nsr-tandem-nsk. Based on patches
+	from Tom Bates.
+	[934bbe6872b6]
+
+	* check.c, compat.h:
+	Preliminary changes to support nsr-tandem-nsk. Based on patches
+	from Tom Bates.
+	[390b698b5924]
+
+2004-05-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	There was no 1.6.7p6.
+	[8013d2e6b062]
+
+	* BUGS, CHANGES:
+	sync
+	[c38b41f32857]
+
+	* Makefile.in:
+	add missing files to DISTFILES
+	[e6a80ad03039]
+
+	* sudo.cat, sudoers.cat, visudo.cat:
+	regen
+	[027bc9746dd5]
+
+	* sudoers.man.in:
+	regen
+	[f5e85ef686cf]
+
+	* Makefile.in:
+	Fix some line wrap and update (c) year
+	[bad1f46aa1ca]
+
+2004-04-28  Aaron Spangler  <aaron777@gmail.com>
+
+	* README.LDAP:
+	Build Note
+	[7a061248249b]
+
+2004-04-07  Aaron Spangler  <aaron777@gmail.com>
+
+	* Makefile.in:
+	Fix install-dirs
+	[be0726dd92e7]
+
+2004-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.tab.c:
+	regen
+	[3f4f0d1ab8b9]
+
+	* visudo.c:
+	In Exit() when used as a signal handler, emsg is a pointer so
+	sizeof() is wrong so make it a #define instead. Also avoid using a
+	negative exit value. Found by Aaron Campbell
+	[78716a3a3fdc]
+
+2004-03-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Remove bogus sentence about uids in a User_List. Document usernames
+	vs. uid parsing in a Runas_List.
+	[7ca510b5031c]
+
+	* parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
+	If the user specified a uid with the -u flag and the uid exists in
+	the passwd file, set runas_user to the name, not the uid.
+
+	When comparing usernames in sudoers, if a name is really a uid
+	(starts with '#') compare it numerically to pw_uid.
+	[8d6935d04673]
+
+2004-03-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/kerb5.c:
+	krb5_mcc_ops should be const; Johnny C. Lam
+	[aa8c753e426e]
+
+2004-02-28  Aaron Spangler  <aaron777@gmail.com>
+
+	* CHANGES, config.h.in, ldap.c:
+	Added start_tls support
+	[7ef864c15b69]
+
+2004-02-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Clean up libtool stuff for 'make distclean' and add def_data.c,
+	def_data.h to PARSESRCS.
+	[bf9bb6bb06ab]
+
+2004-02-14  Aaron Spangler  <aaron777@gmail.com>
+
+	* strlcat.c, strlcpy.c:
+	Un-Fix last license munge
+	[42654b77ac71]
+
+2004-02-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[e4de6b23a4dc]
+
+	* CHANGES, RUNSON, TODO:
+	checkpoint
+	[94e1ace84d5c]
+
+	* lex.yy.c, sudo.tab.c:
+	regen
+	[8ce784505643]
+
+	* auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+	auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
+	emul/search.h, emul/utime.h:
+	More to a less restrictive, ISC-style license.
+	[a31b20e48003]
+
+	* auth/kerb5.c, auth/pam.c:
+	More to a less restrictive, ISC-style license.
+	[e41f92b41216]
+
+	* auth/dce.c, auth/fwtk.c, auth/kerb4.c:
+	More to a less restrictive, ISC-style license.
+	[87534c164a52]
+
+	* auth/bsdauth.c:
+	More to a less restrictive, ISC-style license.
+	[e21be6594b58]
+
+	* auth/afs.c, auth/aix_auth.c, zero_bytes.c:
+	More to a less restrictive, ISC-style license.
+	[6d234be91c5e]
+
+	* sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
+	visudo.man.in, visudo.pod:
+	More to a less restrictive, ISC-style license.
+	[b02aea324fd6]
+
+	* sudo_noexec.c:
+	More to a less restrictive, ISC-style license.
+	[a6da7631e0b2]
+
+	* strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
+	sudo_edit.c:
+	More to a less restrictive, ISC-style license.
+	[71cdcc241e94]
+
+	* sigaction.c, strerror.c:
+	More to a less restrictive, ISC-style license.
+	[4bccdedca58a]
+
+	* ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
+	set_perms.c:
+	More to a less restrictive, ISC-style license.
+	[64d772d70ab3]
+
+	* getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+	ins_goons.h, insults.h, interfaces.c, interfaces.h:
+	More to a less restrictive, ISC-style license.
+	[520381c60a54]
+
+	* find_path.c, getprogname.c:
+	More to a less restrictive, ISC-style license.
+	[f605d5eab6f1]
+
+	* fileops.c:
+	More to a less restrictive, ISC-style license.
+	[4129a8b38a67]
+
+	* env.c:
+	More to a less restrictive, ISC-style license.
+	[d5bd859757de]
+
+	* defaults.h:
+	More to a less restrictive, ISC-style license.
+	[008f5d5743f5]
+
+	* LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
+	defaults.c:
+	More to a less restrictive, ISC-style license.
+	[d8d7bfc8a18b]
+
+	* utime.c, version.h:
+	More to a less restrictive, ISC-style license.
+	[e2e038ad8209]
+
+	* parse.lex, parse.yacc:
+	More to a less restrictive, ISC-style license.
+	[2f5942e847a1]
+
+	* Makefile.binary:
+	More to a less restrictive, ISC-style license.
+	[1ed561734535]
+
+2004-02-13  Aaron Spangler  <aaron777@gmail.com>
+
+	* sudoers2ldif:
+	Merged in LDAP Support
+	[3994c4d05947]
+
+	* ldap.c, sudo.c, sudo.h:
+	Merged in LDAP Support
+	[547eaa346fcc]
+
+	* def_data.c, def_data.h, def_data.in:
+	Merged in LDAP Support
+	[8fb255280e42]
+
+	* CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
+	Merged in LDAP Support
+	[1038092a161e]
+
+2004-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.h, sudo_noexec.c:
+	Only do "extern int errno" if errno is not a macro.
+	[b2e02a08be8b]
+
+2004-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
+	euid first, then just call setuid(0) to set the real uid too.
+	[f08546e2e0ee]
+
+	* set_perms.c:
+	Use setresuid() and setreuid() for PERM_RUNAS when appropriate
+	instead of seteuid() which may not exist.
+	[ba508581befb]
+
+2004-02-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE:
+	2004
+	[37425513a342]
+
+	* INSTALL, config.h.in, configure, configure.in, ins_classic.h:
+	Add --with-pc-insults configure option
+	[7daa5294c17b]
+
+	* visudo.man.in:
+	Prefer VISUAL over EDITOR like old vipw did.
+	[996252a4ab65]
+
+2004-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.man.in, sudoers.man.in:
+	regen
+	[a247f1c52eb9]
+
+	* sudoers.pod:
+	Add a note that noexec is not a cure-all.
+	[9e7fc535367d]
+
+	* sudoers.pod:
+	Mention that disabling "root_sudo" is pretty pointless.
+	[f38a415afba0]
+
+	* configure, configure.in:
+	Substitute for root_sudo in sudoers.pod
+	[ce483cfc86be]
+
+	* sudo.pod:
+	Add sudoedit to the NAME section
+	[51bc453ec2f6]
+
+	* sudoers.pod:
+	Document that fact that setting ignore_dot in sudoers has no effect
+	due to the fact that find_path() is called *before* sudoers is read.
+	[6808df7e417c]
+
+2004-01-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_edit.c:
+	Do not require _PATH_USRTMP to be set.
+	[546f3270dd10]
+
+	* BUGS, CHANGES, TODO:
+	sync
+	[4205ddeab781]
+
+	* sudo.man.in:
+	regen
+	[e2143690a88a]
+
+	* sudo.pod:
+	Clarify that when sudo is run by root with the SUDO_USER variable
+	set, the sudoers lookup happens for root and not the SUDO_USER user.
+	[47207bec1bdf]
+
+2004-01-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
+	set_perms.c, sigaction.c, sudo.c, tgetpass.c:
+	Use the SET, CLR and ISSET macros.
+	[a8b0d7f1e8fd]
+
+	* fnmatch.c:
+	Use the SET, CLR and ISSET macros.
+	[1afbcba22ba6]
+
+	* defaults.c, env.c:
+	Use the SET, CLR and ISSET macros.
+	[2f39431e0a49]
+
+	* interfaces.h:
+	MAIN was replaced with _SUDO_MAIN some time ago.
+	[ea1b38f2ac9d]
+
+	* sudo.c:
+	Don't look at prev_user until after we've parsed sudoers and done
+	the password check. That way, if sudo/sudoedit is run from a root
+	process that was invoked by sudo, we check sudoers for root, not the
+	previous user. This makes sudoedit much more useful and means that
+	for the sudo case, we get correct logging on who actually ran the
+	command.
+	[431dfbf20552]
+
+2004-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_edit.c:
+	Add a comment describing why we need to be notified about our child
+	stopping.
+	[0bec3ce4b49d]
+
+2004-01-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* def_data.c, def_data.in:
+	Update the noexec variable descriptions
+	[9cb7f1aa0e57]
+
+	* sudoers.man.in, sudoers.pod:
+	noexec now replaces more than just execve()
+	[23cbdc0ee95c]
+
+	* sudo_noexec.c:
+	Alas, all the world does not go through execve(2). Many systems
+	still have an execv(2) system call, Linux 2.6 provides fexecve(2)
+	and it is not uncommon for libc to have underscore ('_') versions of
+	the functions to be used internally by the library. Instead of
+	stubbing all these out by hand, define a macro and let it do the
+	work. Extra exec functions pointed out by Reznic Valery.
+	[9fa0cd871b0c]
+
+	* sudo.c, sudo_edit.c:
+	Fix suspending the editor in -e mode. Because we do a fork() first
+	we need to be notified when the child has been stopped and then send
+	that same signal to ourself so the shell can do its job control
+	thing.
+	[773165eb6057]
+
+	* visudo.c:
+	Use WIFEXITED and WEXITSTATUS macros. If there are systems out
+	there that want to run sudo that still don't support these we can
+	try to deal with that later.
+	[6af68e4aff60]
+
+	* lex.yy.c:
+	regen
+	[403435317d5d]
+
+	* sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
+	Document sudo -e / sudoedit
+	[a80f6ea910af]
+
+	* configure, configure.in:
+	fix typo
+	[5020fcdc27f4]
+
+	* config.h.in, configure.in:
+	Add SET/CLR/ISSET
+	[03ff57286e7e]
+
+2004-01-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Allow non-exclusive flags when invoked as sudoedit. Pretty print the
+	long usage() line to not wrap (assumes 80 char display)
+	[3941fa4004bb]
+
+	* Makefile.in, sudo.c:
+	If sudo is invoked as "sudoedit" the -e flag is implied and no other
+	flags are permitted.
+	[929670b01293]
+
+	* sudo.h:
+	Add a new flag, -e, that makes it possible to give users the ability
+	to edit files with the editor of their choice as the invoking user,
+	not the runas user. Temporary files are used for the actual edit
+	and the temp file is copied over the original after the editor is
+	done.
+	[c4051414c1f4]
+
+	* Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
+	Add a new flag, -e, that makes it possible to give users the ability
+	to edit files with the editor of their choice as the invoking user,
+	not the runas user. Temporary files are used for the actual edit
+	and the temp file is copied over the original after the editor is
+	done.
+	[37ac05c8ac3c]
+
+	* env.c, sudo.c:
+	If real uid == 0 and the SUDO_USER environment variables is set, use
+	that to determine the invoking user's true identity. That way the
+	proper info gets logged by someone who has done "sudo su" but still
+	uses sudo to as root. We can't do this for non-root users since
+	that would open up a security hole, though perhaps it would be
+	acceptable to use getlogin(2) on OSes where this a system call (and
+	doesn't just look in the utmp file).
+	[c2f9198708a1]
+
+	* pathnames.h.in:
+	Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
+	[7d9e5768df93]
+
+	* config.h.in, configure, configure.in:
+	Add check for fchown(2)
+	[a85df18798ed]
+
+2004-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Back out portions of the -i commit that set NewArgv[0] in
+	set_runaspw. It is far to late to set NewArgv[0] there and will have
+	no effect anyway as cmnd and safe_cmnd have already been set.
+	[c2d343430c1c]
+
+	* visudo.c, visudo.pod:
+	Prefer VISUAL over EDITOR like old vipw did.
+	[ae32f477cea3]
+
+2004-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c, sudo.c:
+	In -i mode always set new environment based on the runas user's
+	passwd entry.
+	[fa653b7887a8]
+
+2004-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.man.in, sudo.pod:
+	Document the new -i flag and sync SYNOPSIS section with usage() in
+	sudo.c. Also sort the flags in the OPTIONS section.
+	[6aabc0ffc47e]
+
+	* sudo.c, sudo.h:
+	o Add -i that acts similar to "su -", based on patches from David J.
+	MacKenzie o Sort the flags in the usage message
+	[c0fe7d6beffd]
+
+	* sudoers.man.in, sudoers.pod:
+	Add a missing @runas_default@ substitution.
+	[60516fe2d090]
+
+2004-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Change euid to runas user before calling find_path().
+	Unfortunately, though runas_user can be modified in sudoers we
+	haven't parsed sudoers yet.
+	[f469fdf2e313]
+
+	* sudoers.man.in, sudoers.pod:
+	Add missing defintion of Parameter_List and use single pipes in the
+	Defaults EBNF definition.
+	[f7bed6e909bf]
+
+	* sudo.c:
+	Fix a bug when set_runaspw() is used as a callback. We don't want
+	to reset the contents of runas_pw if the user specified a user via
+	the -u flag.
+
+	Avoid unnecessary passwd lookups in set_authpw(). In most cases we
+	already have the info in runas_pw.
+	[efc35623ba09]
+
+2004-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	Add Stan Lee / Uncle Ben quote to the lecture from RedHat
+	[ebd5a76ccd7e]
+
+	* sudo.h:
+	Update sudo_getepw() proto and add one for set_runaspw()
+	[6ed65795c17f]
+
+	* parse.c:
+	If we can't stat the command as root, try as the runas user instead.
+	[ae713fca0e15]
+
+	* testsudoers.c, visudo.c:
+	Add stub set_runaspw() function
+	[42aa37050053]
+
+	* sudo.c:
+	Add set_runaspw() function to fill in runas_pw. This will be used
+	as a callback to update runas_pw when the runas user changes.
+	[e570aa0088d0]
+
+	* env.c, sudo.c:
+	PERM_RUNAS -> PERM_FULL_RUNAS
+	[51eec6f9e89a]
+
+	* set_perms.c, sudo.h:
+	Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
+	changes the euid.
+	[877c6fe4d12c]
+
+	* getspwuid.c:
+	Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
+	one chunk for easy free()ing. Also change it from static to extern.
+	[ab503260a7ec]
+
+	* defaults.c, defaults.h:
+	Add callback support
+	[a61c4ca983fb]
+
+	* mkdefaults:
+	Add a callback field and use it for runas_default
+	[96b69c27df5e]
+
+	* def_data.c, def_data.in:
+	Add a callback field and use it for runas_default
+	[d3e9f06872b8]
+
+2004-01-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/fwtk.c:
+	Add support for chalnecho and display server responses used by fwtk
+	>= 2.0
+	[b1870f7aaf0d]
+
+2004-01-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.man.in, sudoers.pod:
+	ld.so is ld.so.1 on solaris
+	[2bf9a123fa4c]
+
+	* Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
+	Use closefrom() instead of doing the equivalent inline.
+	[7e3ef6072884]
+
+	* closefrom.c:
+	closefrom(3) for systems w/o it
+	[35caf58bb636]
+
+2004-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.man.in:
+	Update from .pod file.
+	[d4c94fc0e0c9]
+
+	* configure, configure.in:
+	Substitute noexec_file for the sudoers man page
+	[203d3376a551]
+
+	* sudo.man.in, sudo.pod:
+	Mention noexec
+	[014375ddbb06]
+
+	* sudoers.man.in, sudoers.pod:
+	Document noexec
+	[49a65d06201f]
+
+	* auth/pam.c, config.h.in, configure.in:
+	Move PAM_CONST macro definition from config.h to pam.c where it
+	belongs. We can't have this in config.h since that gets included too
+	early.
+	[e64748071637]
+
+	* auth/pam.c, config.h.in, configure, configure.in:
+	Some PAM implementations put their headers in /usr/include/pam
+	instead of /usr/include/security.
+	[8cc749e9575c]
+
+	* configure.in:
+	I missed changing the EXEC macro -> EXECV here when I changed this
+	in config.h.in and sudo.c a while ago.
+	[6f5afac7789f]
+
+	* acsite.m4:
+	OpenBSD vax/m88k/hppa don't do shared libs
+	[e4901d958bb7]
+
+	* configure, configure.in:
+	o merge the hpux case entries into a single entry w/ its own sub-
+	case statement. o HP-UX >= 11 support getspnam(), use it in
+	preference to getprpwuid()
+	[0caad428894e]
+
+	* configure, configure.in:
+	eval $shrext so that it expands nicely on MacOS X
+	[40419343eef8]
+
+	* Makefile.in:
+	Don't lie about making a module, it does the wrong thing on mach
+	[7629b28f5688]
+
+	* ltmain.sh:
+	Remove requirement that libs must begin with "lib". They don't when
+	we point directly at the lib using LD_PRELOAD or its equivalent.
+	[d66f3de6ec85]
+
+	* acsite.m4:
+	Disable support for c++, f77 and java. We don't need it, it takes a
+	lot of time, and it hosed our check for shared lib support.
+	[4f5749c52ce4]
+
+	* configure:
+	regen
+	[160865e9d15f]
+
+	* configure.in:
+	Call AC_ENABLE_SHARED and check the status of enable_shared to know
+	when shared libs are available.
+	[42504c1668fc]
+
+	* acsite.m4:
+	Duh, OpenBSD suports shared libs too
+	[8e3cd9417475]
+
+	* config.h.in, configure.in:
+	Only OpenPAM and Linux PAM use const qualifiers.
+	[b2f76476e866]
+
+	* configure, configure.in:
+	o No need to check for sed, libtool config does that for us o move
+	check for --with-noexec until after libtool magic is run so we can
+	use $can_build_shared and $shrext
+	[668c656e89cc]
+
+	* ltmain.sh:
+	Don't print a bunch of crap about library installs since we are not
+	really installing a library.
+	[83fbcad29fe4]
+
+	* env.c:
+	Make format_env() varargs Add noexec support for Darwin, MacOS X,
+	Irix, and Tru64
+	[468885d75d10]
+
+	* acsite.m4, ltconfig, ltmain.sh:
+	Update to libtool 1.5 with local changes: o no ldconfig in the
+	finish step o assume no libprefix or version is needed
+	[4961cffc3797]
+
+	* sudo_noexec.c:
+	Fix compilation under K&R
+	[8b309bf0b1b2]
+
+2004-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	checkpoint
+	[3c368badab32]
+
+	* sudo_noexec.c:
+	stub execve() that just returns EACCES; used for noexec
+	functionality
+	[1297acae283a]
+
+	* sudo.tab.h:
+	Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
+	generated code.
+	[dcab78c49273]
+
+	* sudo.tab.c:
+	Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
+	generated code.
+	[0a61c735eabe]
+
+2004-01-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* def_data.c, def_data.h, def_data.in:
+	Move the environment defaults to the end and shorten a few of the
+	descriptions.
+	[66787b9c612c]
+
+	* configure, configure.in:
+	no shared libs on ultris or convexos
+	[2c5f3c456e32]
+
+	* Makefile.in, configure, configure.in:
+	Build sudo_noexec shared object using libtool; could use some
+	cleanup.
+	[373f483555dd]
+
+	* acsite.m4, ltconfig, ltmain.sh:
+	libtool scaffolding
+	[c903a42e3d90]
+
+	* parse.yacc, sudo.tab.c:
+	Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
+	important.
+	[c6e8a34639a4]
+
+	* defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
+	parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
+	update copyright year
+	[a16372ae1711]
+
+	* configure, configure.in, defaults.c, env.c, pathnames.h.in:
+	Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
+	option. The default value of noexec_file is set to this.
+	[7d88e1d3c494]
+
+	* def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
+	parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
+	sudo.tab.h:
+	Add support for preloading a shared object containing a dummy
+	execve() function that just sets error and returns -1. This adds a
+	"noexec_file" option to load the filename as well as a "noexec" flag
+	to enable it unconditionally. There is also a NOEXEC tag that can
+	be attached to specific commands and an EXEC tag to disable it.
+	[c8b6712feb91]
+
+	* mkdefaults:
+	add missing newline to usage statement
+	[e84746618362]
+
+	* config.h.in, sudo.c:
+	Rename EXEC macro -> EXECV
+	[ddaa0c027299]
+
+	* logging.c:
+	Don't truncate usernames to 8 characters in the log message.
+	[f62a20f27075]
+
+	* check.c, sudoers.man.in, sudoers.pod:
+	Update copyright year
+	[ca9964054085]
+
+	* check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
+	sudoers.pod:
+	Add a new option, lecture_file, that can be used to point to a
+	custom sudo lecture.
+	[940133231216]
+
+2003-12-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+	auth/sudo_auth.c:
+	Add a zero_bytes() function to do the equivalent of bzero in such a
+	way that will heopfully not be optimized away by sneaky compilers.
+	[161b6d74bfb4]
+
+	* zero_bytes.c:
+	Add a zero_bytes() function to do the equivalent of bzero in such a
+	way that will heopfully not be optimized away by sneaky compilers.
+	[d035abf0af94]
+
+	* Makefile.in, sudo.h:
+	Add a zero_bytes() function to do the equivalent of bzero in such a
+	way that will heopfully not be optimized away by sneaky compilers.
+	[ff136de3e255]
+
+	* err.c:
+	Use #ifdef __STDC__, not #if __STDC__.
+	[6889dd6bc51a]
+
+2003-12-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mkdefaults:
+	Always put at least one space between the def_* macro name and its
+	definition.
+	[6b3ad0e6619a]
+
+	* configure, configure.in:
+	Adjust code for --without-lecture to match new values.
+	[062aa788a6b9]
+
+	* visudo.man.in:
+	regen after pasto fix
+	[3deec16906c0]
+
+	* sudoers.man.in, sudoers.pod:
+	Document that "lecture" has changed from a flag to a tuple.
+	[e2c03062b533]
+
+	* check.c, def_data.c, def_data.h, def_data.in, defaults.c,
+	defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
+	Add support for tuples in def_data.in; these are implemented as an
+	enum type. Currently there is only a single tuple enum but in the
+	future we may have one tuple enum per T_TUPLE entry in def_data.in.
+	Currently listpw, verifypw and lecture are tuples. This avoids the
+	need to have two entries (one ival, one str) for pwflags and syslog
+	values.
+
+	lecture is now a tuple with the following values: never, once,
+	always
+
+	We no longer use both an int and string entry for syslog facilities
+	and priorities. Instead, there are logfac2str() and logpri2str()
+	functions that get used when we need to print the string values.
+	[5293f946c836]
+
+	* auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+	auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
+	check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
+	logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
+	sudo.tab.c, visudo.c:
+	Create def_* macros for each defaults value so we no longer need the
+	def_{flag,ival,str,list,mode} macros (which have been removed). This
+	is a step toward more flexible data types in def_data.in.
+	[009c02934106]
+
+	* TODO:
+	checkpoint
+	[0a99a4bb5d15]
+
+2003-12-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	If we are in -k/-K mode, just spew to stderr. It is not unusual for
+	users to place "sudo -k" in a .logout file which can cause sudo to
+	be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
+	Previously, this would result in useless mail and logging.
+	[d282e7ed63af]
+
+2003-12-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.pod:
+	fix pasto in VISUAL description
+	[1c6a6148b5f9]
+
+2003-12-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[f44312c63799]
+
+	* CHANGES:
+	checkpoint
+	[0c42e38f78d5]
+
+	* TROUBLESHOOTING:
+	Some OSes (like Solaris) allow export w/ nosuid too
+	[973ce85ffa12]
+
+2003-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat.h:
+	We don't use FD_ZERO anymore so just define FD_SET (if not already
+	there).
+	[d1c8c11905cd]
+
+2003-06-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	Fix a core dump on Solaris by preserving the pam_handle_t we used
+	during authentication for pam_prep_user(). If we didn't
+	authenticate (ie: ticket still valid), we call pam_init() from
+	pam_prep_user(). This is something of a hack; it may be better to
+	change the auth API and add an auth_final() function that acts like
+	pam_prep_user().
+	[f787de49b175]
+
+2003-06-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	Add explicit declaration of printerr variable in function header
+	(was defaulting to int which is OK but oh so K&R :-). From Theo.
+	[492c2358783f]
+
+2003-06-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure.in:
+	s/HAVE_STOW/USE_STOW/
+	[4b99e1824ece]
+
+	* logging.c:
+	Also exit waitpid() loop when pid == 0. Fixes a problem where the
+	sudo process would spin eating up CPU until sendmail finished when
+	it has to send mail.
+	[ec3d5792b9b4]
+
+2003-05-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* fnmatch.c:
+	Remove advertising clause, UCB has disavowed it
+	[43a26bbd6628]
+
+	* fnmatch.3:
+	Remove advertising clause, UCB has disavowed it
+	[3ff24291bcfa]
+
+2003-05-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Don't assume that getgrnam() calls don't modify contents of struct
+	passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
+	Based on a patch from Kirk Webb.
+	[5574c68f60f3]
+
+2003-05-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	missing ;;
+	[22378f2a9d31]
+
+	* configure.in:
+	darwin has a broken setreuid() in at least some versions
+	[d572aed930d2]
+
+	* env.c:
+	Fix an off by one error when reallocating the environment; Kevin Pye
+	[3d98e7cf097a]
+
+2003-04-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Fix User_Spec definition; SEKINE Tatsuo
+	[49b0da65e090]
+
+2003-04-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* HISTORY:
+	More info on the early days from Coggs.
+	[9381ca10b06b]
+
+2003-04-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/kerb5.c:
+	remove errant semicolon that prevented compilation under heimdal
+	[d2f2bb73a598]
+
+2003-04-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
+	add DARPA credit on affected files
+	[7020785ee50d]
+
+	* sudoers.pod:
+	add DARPA credit on affected files
+	[83b46318750b]
+
+	* sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
+	sudoers.man.in:
+	add DARPA credit on affected files
+	[d8adf1c2ba22]
+
+	* set_perms.c:
+	add DARPA credit on affected files
+	[3d79fdabb582]
+
+	* pathnames.h.in:
+	add DARPA credit on affected files
+	[e334cdda422f]
+
+	* logging.c, parse.c:
+	add DARPA credit on affected files
+	[8f75f822755b]
+
+	* auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+	auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
+	find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
+	interfaces.h:
+	add DARPA credit on affected files
+	[da66e28fb3f5]
+
+	* auth/kerb5.c, auth/pam.c:
+	add DARPA credit on affected files
+	[15da3021b49c]
+
+	* auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+	auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
+	version.h:
+	add DARPA credit on affected files
+	[868d54cbddea]
+
+	* env.c:
+	add DARPA credit on affected files
+	[90239f51ef0a]
+
+	* defaults.c, defaults.h:
+	add DARPA credit on affected files
+	[6a64205fd1eb]
+
+	* compat.h:
+	add DARPA credit on affected files
+	[316a735783c4]
+
+	* Makefile.in, alloc.c, check.c:
+	add DARPA credit on affected files
+	[cd939e05c810]
+
+	* LICENSE:
+	slightly different wording for the darpa credit
+	[e468909c4a21]
+
+2003-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE:
+	Add DARPA credit
+	[8eb20e2cd63e]
+
+2003-04-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/kerb5.c:
+	Use krb5_princ_component() instead of krb5_princ_realm() for MIT
+	Kerberos like we did before I messed things up ;-)
+
+	Use krb5_principal_get_comp_string() to do the same thing w/
+	Heimdal. I'm not sure if the component should be 0 or 1 in this
+	case.
+
+	#define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
+	older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
+	should be a configure check for this I guess.
+	[74919a3933fe]
+
+2003-04-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sample.sudoers:
+	builtin -> built-in; Jason McIntyre
+	[027f2187923e]
+
+	* TROUBLESHOOTING, config.h.in, configure, configure.in:
+	builtin -> built-in; Jason McIntyre
+	[70b81ac48943]
+
+	* sudoers.pod:
+	built in -> built-in; Jason McIntyre
+	[da658ef5138d]
+
+2003-04-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	checkpoint for 1.6.7p3
+	[da85f989fadf]
+
+	* HISTORY:
+	Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
+	Amazingly, sudo source from 1985 is available via groups.google.com
+	[39e0fc85b89f]
+
+	* sudo.c:
+	Don't change rl.rlim_max for RLIMIT_CORE. We need only set
+	rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
+	RLIMIT_CORE restoration on some OSes.
+	[7e2c1a7adfd8]
+
+2003-04-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/kerb5.c:
+	Make this compile on Heimdal and MIT Kerberos 5
+	[44c07d615868]
+
+	* config.h.in, configure, configure.in:
+	Check for heimdal even if we found krb5-config and define
+	HAVE_HEIMDAL.
+	[aba0126f0059]
+
+	* auth/kerb5.c:
+	Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
+	no longer defined by MIT kerb5 (though it used to be and indeed
+	remains so in Heimdal).
+	[e5a6c64d7cd5]
+
+2003-04-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mkinstalldirs:
+	Remove newer stuff that passes multiple (possibly duplicate)
+	directories to "mkdir -p" since that seems to break on Tru64 Unix at
+	least. This basically brings back what shipped with sudo 1.6.6.
+	[f2a1abd872b3]
+
+2003-04-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/kerb5.c:
+	Correct number of args to krb5_principal_get_realm() and fix an
+	unclosed comment that hid the bug.
+	[0b37f8ce7824]
+
+	* configure:
+	regen
+	[1876cb840fe0]
+
+	* configure.in:
+	++version
+	[480aff7c048e]
+
+	* README:
+	++version
+	[488e0bbff613]
+
+	* Makefile.in:
+	++version
+	[97ef63cedc38]
+
+	* INSTALL.binary:
+	++version
+	[a506204e77d0]
+
+	* INSTALL:
+	++version
+	[555aeba5c2bf]
+
+	* CHANGES, version.h:
+	++version
+	[f66985a64063]
+
+	* BUGS:
+	++version
+	[ea3573432412]
+
+	* configure.in:
+	use krb5-config to determine Kerberos V details if it exists
+	[7b46bbdaf774]
+
+	* alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
+	auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
+	find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
+	testsudoers.c, visudo.c:
+	Use warn/err and getprogname() throughout. The main exception is
+	openlog(). Since the admin may be filtering logs based on the
+	program name in the log files, hard code this to "sudo".
+	[9f180d015cfa]
+
+	* Makefile.in:
+	Add getprogname.c and err.c
+	[d411c54a07dc]
+
+	* configure:
+	regen
+	[6d585d391acc]
+
+	* config.h.in, configure.in:
+	Add checks for getprognam(), __progname and err.h
+	[bcbccf61d34a]
+
+	* emul/err.h:
+	For systems withour err/warn functions.
+	[1b33118884d9]
+
+	* err.c:
+	For systems withour err/warn functions.
+	[26721f6b041f]
+
+	* getprogname.c:
+	For systems neither getprogname() nor __progname; uses Argv[0].
+	[841cf42af1eb]
+
+2003-04-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	checkpoint for 1.6.7p1
+	[5bfdaf441dce]
+
+	* sudo.c, testsudoers.c:
+	fix strlcpy() rval check (innocuous)
+	[e05ac7e0d1f3]
+
+	* check.c:
+	oflow detection in expand_prompt() was faulty (false positives). The
+	count was based on strlcat() return value which includes the length
+	of the entire string.
+	[086c5a0acb25]
+
+2003-03-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON, TODO:
+	checkpoint for the sudo 1.6.7 release
+	[096bab4da29a] [SUDO_1_6_7]
+
+	* CHANGES:
+	checkpoint for the sudo 1.6.7 release
+	[87322187ed78]
+
+2003-03-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	g/c unused variable
+	[c57cd4a17765]
+
+	* configure:
+	regen
+	[e7c1f581dfac]
+
+	* configure.in:
+	use man sections 8 and 5 for csops
+	[87de581bda88]
+
+2003-03-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[cb1433a9c7a1]
+
+	* configure.in:
+	Add -lskey or -lopie directly to SUDO_LIBS instead of having
+	AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
+	[ac5667978939]
+
+	* configure:
+	regen
+	[638459118a2a]
+
+	* configure.in:
+	Add --with-blibpath for AIX. An alternate libpath may be specified
+	or
+	-blibpath support can be disabled. Also change conifgure such that
+	-blibpath is not specified if no -L libpaths were added to
+	SUDO_LDFLAGS.
+	[c7d17b480cad]
+
+	* aclocal.m4:
+	Add --with-blibpath for AIX. An alternate libpath may be specified
+	or
+	-blibpath support can be disabled. Also change conifgure such that
+	-blibpath is not specified if no -L libpaths were added to
+	SUDO_LDFLAGS.
+	[37022e991575]
+
+	* INSTALL:
+	Add --with-blibpath for AIX. An alternate libpath may be specified
+	or
+	-blibpath support can be disabled. Also change conifgure such that
+	-blibpath is not specified if no -L libpaths were added to
+	SUDO_LDFLAGS.
+	[4b4bbe5bbe1b]
+
+	* configure.in:
+	add AIX blibpath support
+	[16ba788bf086]
+
+	* INSTALL, configure.in:
+	--with-skey and --with-opie now take an option directory argument
+	This obsoletes a --with-csops hack (/tools/cs/skey)
+
+	Also remove the remaining direct uses of "echo"
+	[5b4986a90c03]
+
+2003-03-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	Detect KTH Kerberos IV and deal with it. Also make -lroken optional
+	for KTH Kerberos IV and V.
+	[119f97b48e18]
+
+	* aclocal.m4:
+	Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
+	-R/path/to/dir if $with_rpath) to the specified variable.
+	[e55e49d076ce]
+
+	* INSTALL, configure.in:
+	Add -R/path/to/libs for Solaris and SVR4. There is a new configure
+	option, --with-rpath to control this behavior.
+	[d4730c5399ab]
+
+	* configure.in:
+	for kerb4 put libdes after libkrb on the link line
+	[5c566100eab6]
+
+	* auth/kerb4.c:
+	typo
+	[6541b72b64a3]
+
+	* configure.in:
+	fix kerberos lib check when a path is specified
+	[ae833a914c6f]
+
+	* logging.c:
+	Fix boolean thinko in SIGCHLD reaper and call reapchild after
+	sending mail instead of doing a conditional sudo_waitpid.
+	[86fa9a35df5a]
+
+2003-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[e6275cf528ba]
+
+	* configure.in:
+	replace =DIR with [=DIR] where sensible
+	[c39a59173b38]
+
+	* configure.in:
+	o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
+	detection based on openssh's configure.in
+	[5b7a340912df]
+
+	* INSTALL:
+	--with-kerb4 and --with-kerb5 now take an optional argument.
+	[71ed87fc9c64]
+
+2003-03-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/securid.c:
+	Kill remaining strcpy(), the programmer's guide says username is 32
+	bytes.
+	[bdba70fcd08d]
+
+	* auth/kerb4.c:
+	trat uid_t as unsigned long for printf and use snprintf, not sprintf
+	[8072f5f8966d]
+
+	* auth/rfc1938.c:
+	use snprintf
+	[fc0c70c665fe]
+
+2003-03-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+	auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+	auth/rfc1938.c, auth/sudo_auth.c:
+	update copyright year
+	[b0a10ccb1d0e]
+
+	* sudo.man.in, sudoers.man.in, visudo.man.in:
+	update copyright year
+	[8fce0034eb51]
+
+	* LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
+	configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
+	parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
+	sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
+	update copyright year
+	[d541e75fe520]
+
+	* check.c, env.c, sudo.c:
+	Cast [ug]ids to unsigned long and printf with %lu
+	[2ede64d3592b]
+
+	* configure:
+	regen
+	[c7c3245bdf3e]
+
+	* configure.in:
+	correct error messages for --with-sudoers-{mode,uid,gid}
+	[77fc15b1c9db]
+
+	* alloc.c:
+	make the malloc(0) error specific to each function to aid tracking
+	down bugs.
+	[a58c34374b4b]
+
+	* alloc.c:
+	deal with platforms where size_t is signed and there is no SIZE_MAX
+	or SIZE_T_MAX
+	[7192abb4ab4e]
+
+	* auth/kerb5.c:
+	Make this compile w/ Heimdal and fix some gcc warnings.
+	[f52f026f31c2]
+
+	* sudo.c:
+	Use stat_sudoers macro so --with-stow can work
+	[c3674735c139]
+
+	* INSTALL, config.h.in, configure, configure.in:
+	Add support for --with-stow based on patches from Robert Uhl
+	[b274cc1dd52c]
+
+	* env.c:
+	fix indentation
+	[110d9f1721b1]
+
+	* configure.in:
+	back out rev 1.352
+	[1eee91c83f11]
+
+	* lex.yy.c:
+	regen
+	[72fba1c9590b]
+
+	* parse.lex:
+	use strlcpy, not strncpy
+	[4faccbaeccef]
+
+	* set_perms.c:
+	Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
+	[33bf0d18fdc1]
+
+	* logging.c:
+	use pid_t
+	[3e0536993d2c]
+
+2003-03-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* strlcat.c, strlcpy.c:
+	Make gcc shutup about unused rcsid
+	[1669a0c74e9e]
+
+	* interfaces.c:
+	Move the n == 0 check for the non-getifaddrs cas
+	[2460be061b2a]
+
+	* auth/rfc1938.c:
+	skeychallenge() on NetBSD take a size parameter
+	[05acc2012801]
+
+	* configure:
+	regen
+	[24bccf4749e8]
+
+	* configure.in:
+	put -ldl after -lpam, not before; fixes static linking on Linux
+	[7f06b7b2b4d8]
+
+	* interfaces.c:
+	Avoid malloc(0) and fix the loop invariant for the getifaddrs()
+	case.
+	[239a55068646]
+
+	* sudo.cat, sudoers.cat, visudo.cat:
+	regen
+	[4a2eed3981ca]
+
+	* sudo.man.in, sudoers.man.in, visudo.man.in:
+	regen
+	[2c96ea2cf930]
+
+	* Makefile.in:
+	Preserve copyright notice from .pod file in .man.in file
+	[519fbd09aebc]
+
+	* visudo.pod:
+	Add sudoers(5) to SEE ALSO
+	[77ecfe3aedf1]
+
+2003-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* lex.yy.c:
+	regen
+	[6f5751ce0b74]
+
+	* parse.lex:
+	Don't assume libc can realloc() a NULL string. If malloc/realloc
+	fails, make sure we just return; yyerror() is not terminal.
+	[1b8618623708]
+
+	* lex.yy.c:
+	regen
+	[5d31b46191c6]
+
+	* parse.lex:
+	simplify fill_args a little and use strlcpy for paranoia
+	[0ea35a55542b]
+
+	* sudo.tab.c:
+	regen
+	[5a8d508d708b]
+
+	* check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
+	testsudoers.c:
+	Use strlc{at,py} for paranoia's sake and exit on overflow. In all
+	cases the strings were either pre-allocated to the correct size of
+	length checks were done before the copy but a little paranoia can go
+	a long way.
+	[e73d28f1d14e]
+
+	* sudo.h:
+	Add strlc{at,py} protos
+	[748ffc7fc7f4]
+
+	* env.c, interfaces.c:
+	Use erealloc3()
+	[47f2cb46aba8]
+
+	* configure:
+	regen
+	[e7e2fb79f935]
+
+	* alloc.c:
+	Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
+	memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
+	[7e0fa4d6fc1d]
+
+	* sudo.c:
+	snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
+	configure.
+	[09ea4d3959e9]
+
+	* aclocal.m4:
+	In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
+	[31b4fdfdb8bf]
+
+2003-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Use snprintf() for paranoia
+	[a2659ceb46de]
+
+	* parse.yacc:
+	Use emalloc2 and erealloc3
+	[90a069842401]
+
+	* Makefile.in:
+	strlc{at,py} for those w/o it
+	[bac82dc916ee]
+
+	* strlcat.c, strlcpy.c:
+	stlc{at,py} for those w/o it.
+	[ce7254f5db09]
+
+	* config.h.in, configure, configure.in:
+	Add stlc{at,py} for those w/o it.
+	[00f08219657a]
+
+	* alloc.c, sudo.h:
+	Add erealloc3(), a realloc() version of emalloc2().
+	[c96eaf08bbed]
+
+	* interfaces.c, sudo.c:
+	Use emalloc2() to allocate N things of a certain size.
+	[1e0aba365555]
+
+	* alloc.c, sudo.h:
+	Add emalloc2() -- like calloc() but w/o the bzero and with
+	error/oflow checking.
+	[292150bc4153]
+
+	* alloc.c:
+	Error out on malloc(0); suggested by theo
+	[995279e81326]
+
+2003-03-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	fix a typo; David Krause
+	[f161213a17ab]
+
+2003-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod:
+	fix typo
+	[3ae5ad9a351a]
+
+2003-03-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Remove DYLD_ from the environment for MacOS X; from bbraun
+	[38caad5a3935]
+
+2003-03-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure.in:
+	not not; Anil Madhavapeddy
+	[d4f4f0bfc66b]
+
+2003-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	typos; jmc@openbsd.org
+	[868c0f09bf9e]
+
+2003-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc:
+	Add some missing ';' rule terminators that bison warns about.
+	[535b0b8dcce5]
+
+	* config.sub:
+	fix typo I introduced in last merge
+	[81db4e4f43fe]
+
+	* configure:
+	regenerate with autoconf 2.57
+	[ca0c1e9564f8]
+
+	* config.h.in:
+	Add missing "$HOME"
+	[209186197ad1]
+
+	* configure.in:
+	Add some more square backets to make autoconf 2.57 happy
+	[b5639c14faf7]
+
+	* config.sub, mkinstalldirs:
+	Updates from autoconf-2.57
+	[36be35eb331b]
+
+	* config.guess:
+	Updates from autoconf-2.57
+	[ea0f8ca622af]
+
+2003-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.tab.h:
+	regen
+	[13a65a421567]
+
+	* lex.yy.c, sudo.tab.c:
+	regen
+	[0b529db7cb6d]
+
+	* parse.lex, parse.yacc, sudoers.pod:
+	Add support for Defaults>RunasUser
+	[20d726373175]
+
+2003-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	fclose() yyin after each yyparse() is done and use fopen() instead
+	of using freopen().
+	[587f8a2df857]
+
+	* parse.lex:
+	Better fix for sudoers files w/o a newline before EOF. It looks
+	like the issue is that yyrestart() does not reset the start
+	condition to INITIAL which is an issue since we parse sudoers
+	multiple times.
+	[920f8326968a]
+
+2003-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.lex:
+	Work around what appears to be a flex bug when dealing with files
+	that lack a final newline before EOF. This adds a rule to match EOF
+	in the non-initial states which resets the state to INITIAL and
+	throws an error.
+	[b94943bb1f81]
+
+	* visudo.c:
+	o The parser needs sudoers to end with a newline but some editors
+	(emacs) may not add one. Check for a missing newline at EOF and
+	add one if needed. o Set quiet flag during initial sudoers parse (to
+	get options) o Move yyrestart() call and always use freopen() to
+	open yyin after initial sudoers parse.
+	[12d12f9b07aa]
+
+2002-12-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	Fix pasto/thinko in setresgid()/setregid() usage. Want to set
+	effective gid, not real gid, when reading sudoers.
+	[c7d18b810fcd]
+
+	* set_perms.c:
+	don't compile set_perms_posix if we have setreuid or setresuid
+	[b9cea7a81a29]
+
+2002-12-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod, sudoers.pod:
+	document new prompt escapes
+	[2f088076b640]
+
+	* check.c:
+	Add %U and %H escapes and redo prompt rewriting. "%%" now gets
+	collapsed to "%" as was originally intended. This also gets rid of
+	lastchar (does lookahead instead of lookback) which should simplify
+	the logic slightly.
+	[4b707b77b3c7]
+
+2002-12-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	Write the prompt *after* turning off echo to avoid some password
+	characters being echoed on heavily-loaded machines with fast
+	typists.
+	[d38c57775915]
+
+	* config.sub:
+	Add support for mipseb; wiz@danbala.tuwien.ac.at
+	[cfdac87ed5c8]
+
+	* configure.in:
+	Fix IRIX fallout from name changes in man dir/sect Makefile
+	variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
+	[9a7618755c23]
+
+	* auth/pam.c:
+	Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
+	the global copy. Problem noted by Peter Pentchev.
+	[d0a3e189cb06]
+
+2002-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.tab.c:
+	regen
+	[23b931359087]
+
+	* parse.yacc:
+	Add missing yyerror() calls; YYERROR does not seem to call this for
+	us.
+	[0be7aeb3ac57]
+
+2002-11-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	fix typo in comment; Pedro Bastos
+	[d7406c460e99]
+
+2002-11-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	document --disable-setresuid
+	[fbd03d03a027]
+
+	* auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+	auth/sudo_auth.c:
+	Sprinkle some volatile qualifiers to prevent over-enthusiastic
+	optimizers from removing memset() calls.
+	[5370ac0e6129]
+
+	* logging.c, parse.yacc:
+	minor sign fixes pointed out by gcc -Wsign-compare
+	[db872438337f]
+
+	* set_perms.c, sudo.c, sudo.h:
+	Revamp set_perms. We now use a version based on setresuid() or
+	setreuid() when possible since that allows us to support the
+	stay_setuid option and we always know exactly what the semantics
+	will be (various Linux kernels have broken POSIX saved uid support).
+	[523bc212396c]
+
+	* config.h.in, configure:
+	regen from configure.in
+	[351877ea2624]
+
+	* configure.in:
+	Add checks for setresuid() and a way to disable using it
+	[a5b21653d169]
+
+	* compat.h:
+	No long need to emulate set*[ug]id() via setres[ug]id() or
+	setre[ug]id(). The new set_perms stuff only uses things it knows are
+	there.
+	[47884bd5d1d9]
+
+	* sudo.c:
+	Before exec, restore state of signal handlers to be the same as when
+	we were initialy invoked instead of just reseting to SIG_DFL. Fixes
+	a problem when using sudo with nohup. Based on a patch from Paul
+	Markham.
+	[f8f5a1484faa]
+
+	* sudo.c:
+	o timestamp_uid should be uid_t, not int o clarify error message
+	when sudo is run by root and no_root_sudo is set
+	[19dda0734264]
+
+2002-09-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README:
+	update ftp link for bison
+	[98bc191016e3]
+
+2002-07-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	Error out if setusercontext() fails and the runas user is not root.
+	[089f9ade4686]
+
+2002-05-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/securid5.c:
+	Fix rcsid
+	[07e9e85dcc2f]
+
+	* configure.in:
+	Fix SecurID API test
+	[5ec201f454a5]
+
+2002-05-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	typo in comment
+	[9d385c9ac533]
+
+	* configure.in:
+	securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
+	but I don't see a better way at the moment.
+	[f89e55cbb313]
+
+	* Makefile.in, auth/securid5.c:
+	SecurID API version 5 support from Michael Stroucken
+	[68500ac7e531]
+
+	* configure.in:
+	Add check for SecurID 5.0 API
+	[1ee242e6de6b]
+
+2002-05-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* strerror.c:
+	We actually do still need config.h to get the 'const' definition for
+	K&R C.
+	[d9c982032d85]
+
+2002-05-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen with autoconf 2.5.3
+	[c71fc086eef5]
+
+	* configure.in:
+	Don't set sysconfdir to '/etc' if the user has specified a --prefix.
+	[d90da1efafd9]
+
+	* configure.in:
+	Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
+	LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
+	[dd67afefa90d]
+
+	* env.c, sudo.c, sudo.h:
+	No need for dump_badenv() now that dump_defaults() knows how to dump
+	lists.
+	[6bcda468501d]
+
+	* BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
+	version.h:
+	++version
+	[44e3b8f95f0b]
+
+	* sudoers.pod:
+	document timestampowner
+	[37ebd69e9dd1]
+
+	* check.c:
+	Don't call set_perms() when doing timestamp stuff unless
+	timestamp_uid != 0.
+	[63a63d41d18c]
+
+	* auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
+	sudo.h, testsudoers.c:
+	g/c second arg to set_perms--it is no longer used
+	[7ac4ce50c612]
+
+2002-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c, set_perms.c, sudo.c, sudo.h:
+	Add support for non-root timestamp dirs. This allows the timestamp
+	dir to be shared via NFS (though this is not recommended).
+	[faa83dd2b7fb]
+
+	* def_data.c, def_data.h, def_data.in:
+	Add timestampowner, "Owner of the authentication timestamp dir"
+	[d47640d4c86a]
+
+2002-05-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Don't try to pre-compute the size of the new envp, just allocate
+	space up front and realloc as needed. Changes to the new env
+	pointer must all be made through insert_env() which now keeps track
+	of spaced used and allocates as needed.
+	[39bc934a9f2c]
+
+2002-04-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[0e12c09bb790]
+
+	* configure.in:
+	Fix two typo/pastos; from jrj@purdue.edu
+	[b718a4bf1181]
+
+2002-04-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL.binary, README:
+	++version
+	[a1e33027278c] [SUDO_1_6_6]
+
+	* configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
+	visudo.cat, visudo.man.in:
+	regen
+	[19eb2be283ef]
+
+	* CHANGES, RUNSON, TODO:
+	Sync with 1.6.6
+	[2ff9a9087f63]
+
+	* check.c:
+	The the loop used to expand %h and %u, the lastchar variable was not
+	being initialized. This means that if the last char in the prompt
+	is '%' and the first char is 'h' or 'u' a extra copy of the host or
+	user name would be copied, for which space had not been allocated.
+	[b2e27197857d]
+
+2002-04-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS, INSTALL, Makefile.in, configure.in, version.h:
+	crank version to 1.6.6
+	[cfd08689e597]
+
+	* auth/afs.c:
+	#undef VOID to get rid of an AFS warning
+	[b40760564dc1]
+
+	* env.c:
+	Use easprintf instead of emalloc + sprintf for some things.
+	[e7bfe2e69a03]
+
+2002-03-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* lex.yy.c, sudo.tab.c:
+	regen
+	[35327104383d]
+
+	* parse.c, parse.lex, parse.yacc, testsudoers.c:
+	Remove Chris Jepeway's email address so people don't bug him ;-)
+	[c03410747a69]
+
+2002-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
+	endgrent() at the same time.
+	[28b6097d5d1a]
+
+2002-02-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	Make it clear which configure options take arguments.
+	[38529e7efad0]
+
+2002-01-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat.h:
+	HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
+	RLIM_INFINITY, just pretend it is -1. This works because we only
+	check for RLIM_INFINITY and do not set anything to that value.
+	[53173d34e6eb]
+
+2002-01-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	Zero and free allocated memory when there is a conversation error.
+	[e342133db579]
+
+	* auth/bsdauth.c:
+	Use sigaction() not signal()
+	[126c2790561f]
+
+	* INSTALL:
+	Mention that some linux kernels have broken POSIX saved ID support
+	[571ef1a893d3]
+
+	* CHANGES:
+	checkpoint for 1.6.5p2
+	[9e9e456f7f43]
+
+	* configure:
+	regen
+	[d53703a46708]
+
+	* configure.in:
+	Add --disable-setreuid flag
+	[3b9f2679cb55]
+
+	* INSTALL:
+	Document new --disable-setreuid option and change description for
+	--disable-saved-ids to match new error message.
+	[14fd3e5f60a5]
+
+	* set_perms.c:
+	fatal() now takes an argument that determines whether or not to call
+	perror().
+	[d826b25e62ff]
+
+	* TROUBLESHOOTING:
+	Update for new error messages from set_perms()
+	[78007c3f76a9]
+
+	* PORTING:
+	Update for new error messages from set_perms()
+	[60c545a6bcff]
+
+2002-01-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	Make this compile w/o warnings
+	[b90843a29af5]
+
+	* auth/pam.c:
+	Mention that we can't use pam_acct_mgmt()
+	[1dfc5a6e0479]
+
+	* auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
+	The user's password was not zeroed after use when AIX
+	authentication, BSD authentication, FWTK or PAM was in use.
+	[b18fff30b1e7]
+
+2002-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	Avoid giving PAM a NULL password response, use the empty string
+	instead. This avoids a log warning when the user hits ^C at the
+	password prompt when PAM is in use.
+	[c3315805e4e4]
+
+	* auth/pam.c:
+	Don't check the return value of pam_setcred(). In Linux-PAM 0.75
+	pam_setcred() returns the last saved return code, not the return
+	code for the setcred module. Because we haven't called
+	pam_authenticate(), this is not set and so pam_setcred() returns
+	PAM_PERM_DENIED.
+	[73db145fa179]
+
+	* Makefile.in:
+	Don't need a '/' between $(DESTDIR) and a directory.
+	[0901ca618176]
+
+	* Makefile.binary:
+	Don't need a '/' between $(DESTDIR) and a directory.
+	[cd7eb6098b87]
+
+2002-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[41b12c039282]
+
+	* configure.in:
+	o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
+	setreuid() o new NetBSD has a real setreuid() o add check for
+	freeifaddrs() if getifaddrs() exists.
+	[a82ee3b01733]
+
+	* config.h.in, interfaces.c:
+	Older BSDi releases lack freeifaddrs() so add a test for that and if
+	it is not present just use free().
+	[6270671ea9d5]
+
+2002-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, RUNSON:
+	Checkpoint for 1.6.5p1
+	[26134ecf9b36]
+
+	* auth/passwd.c:
+	Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
+	to normal passwords, not AUTH_FATAL (which just causes an exit).
+	[785e0f4bc0e2]
+
+	* visudo.c:
+	Don't use memory after it has been freed.
+	[c60492739fdb]
+
+	* auth/passwd.c:
+	skeyaccess() wants a struct passwd * not a char *; Patch from
+	Phillip E. Lobbes
+	[65a1d3806fcd] [SUDO_1_6_5]
+
+	* BUGS:
+	++version
+	[b2e1825e692e]
+
+	* CHANGES, RUNSON, TODO:
+	checkpoint for sudo 1.6.5
+	[d730945622e7]
+
+2002-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[49744c403ac9]
+
+	* INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
+	version 1.6.5
+	[ec30a5f7fc45]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+	visudo.man.in:
+	sudo version 1.6.5
+	[458a3bed535d]
+
+	* logging.c:
+	o when invoking the mailer as root use a hard-coded environment that
+	doesn't include any info from the user's environment. Basically
+	paranoia.
+
+	o Add support for the NO_ROOT_MAILER compile-time option and run the
+	mailer as the user and not root if NO_ROOT_MAILER is defined.
+	[4df351ec92ce]
+
+	* set_perms.c, sudo.h:
+	Bring back PERM_FULL_USER
+	[edb6039bb284]
+
+	* configure:
+	regen
+	[3eb2943afa03]
+
+	* version.h:
+	version 1.6.5
+	[044fc9a0c72b]
+
+	* INSTALL, config.h.in, configure.in:
+	Add --disable-root-mailer option to run the mailer as the user and
+	not root.
+	[e9f805397963]
+
+	* CHANGES:
+	checkpoint for 1.6.4p2
+	[b58aae5aa98a]
+
+	* PORTING:
+	Mention the "seteuid(0): Operation not permitted" problem here too
+	just for good measure.
+	[90135b37a691]
+
+2002-01-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c, getspwuid.c, sudo.c:
+	The SHELL environment variable was preserved from the user's
+	environment instead of being reset based on the passwd database when
+	the "env_reset" option was used. Now it is reset as it should be.
+	[300066ef3c71]
+
+	* configure:
+	regen
+	[a47d779e6552]
+
+	* INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
+	sudo.c:
+	Add a configure option to turn off use of POSIX saved IDs
+	[fb18cc8e94d0]
+
+	* configure:
+	regen
+	[d4f2f20025b6]
+
+	* configure.in:
+	add --with-efence option
+	[45c4f33a8e88]
+
+	* sudo.c:
+	Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
+	"sudo -l" would not work if always_set_home was set.
+	[c3a6de6c4800]
+
+	* lex.yy.c:
+	regen
+	[417424452998]
+
+	* parse.lex:
+	Quoted commas were not being treated correctly in command line
+	arguments.
+	[753415541b37]
+
+	* sudo.c:
+	o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
+	Otherwise, the set_home option has no effect.
+
+	o Fix use of freed memory when the "fqdn" flag is set. This was
+	introduced by the fix for the "segv when gethostbynam() fails" bug.
+	Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
+	there is no need to check the "fqdn" flag in set_fqdn() itself.
+	[4b6a4245c04e]
+
+	* env.c:
+	Add 'continue' statements to optimize the switch statement. From
+	Solar.
+	[a82c76975ae5]
+
+2002-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in:
+	Regen from new sudoers.pod
+	[6ecc07b3d0e1] [SUDO_1_6_4]
+
+	* sudoers.pod:
+	Add caveat about stay_setuid flag
+	[9d228a7bea1b]
+
+	* sudo.c:
+	If set_perms == set_perms_posix and the stay_setuid flag is not set,
+	set all uids to 0 and use set_perms_fallback().
+	[c4e54d1ec86f]
+
+	* set_perms.c, sudo.h:
+	Remove PERM_FULL_USER (which is no longer used) and add
+	PERM_FULL_ROOT (used when exec'ing the mailer).
+	[15406c522ea2]
+
+	* logging.c:
+	Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
+	never want to run the mailer setuid.
+	[2294853e0666]
+
+2002-01-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
+	visudo.pod:
+	Use sudo.ws instead of courtesan.com in URLs
+	[55204002a308]
+
+	* Makefile.binary, Makefile.in:
+	Fix mansect substitution
+	[b7b5cbc3aa91]
+
+	* Makefile.in:
+	Substitute man sections in Makefile.binary
+	[040deb785e56]
+
+	* Makefile.binary:
+	Sync install targets with Makefile.in and substitute in man
+	sections.
+	[77882a275281]
+
+	* INSTALL, INSTALL.binary:
+	version is 1.6.4
+	[0f87aabbcb70]
+
+	* Makefile.in:
+	Repair bindist target
+	[8d43bfe7e2d1]
+
+	* CHANGES:
+	sync for 1.6.4
+	[13ca3d4a0a72]
+
+2002-01-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* install-sh:
+	Fix case where neither whoami nor id are found
+	[424dd270bc47]
+
+2002-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* install-sh:
+	If neither whoami nor id exists, just assume we are root.
+	[2d2644e42c53]
+
+	* alloc.c:
+	Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
+	on AIX which for some reason isn't pulling in the malloc prototype.
+	[231440d2ee3b]
+
+2002-01-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
+	(c) 2002
+	[700e3b41a68e]
+
+	* CHANGES:
+	checkpoint
+	[33e604bd8d5b]
+
+	* sudo.c:
+	Defer assigning new environment until right before the exec.
+	[f13c49e75c1c]
+
+	* parse.c:
+	kill extra blank line
+	[12ef22e9dae3]
+
+2002-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[a6cd2d788f74]
+
+	* configure.in:
+	Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
+	compiler doesn't recognise -O2.
+	[5234aa543692]
+
+	* HISTORY:
+	Clarify origins of Root Group sudo a bit based on info from
+	billp@rootgroup.com
+	[4deef01c4208]
+
+2002-01-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE:
+	2002
+	[6c8e089dbd1a]
+
+	* CHANGES:
+	checkpoint for 1.6.4rc1
+	[3349eb87a49f]
+
+2002-01-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	now generated via autoheader
+	[84657d303cb9]
+
+	* configure:
+	regen
+	[207bfa6a13f6]
+
+	* compat.h:
+	Move in some stuff that was previously in config.h.
+	[e576d8b6480f]
+
+	* aclocal.m4, configure.in:
+	Add info for autoheader.
+	[0549cd5da27c]
+
+2002-01-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
+	-g to facilitate non-root installs
+	[619216038f56]
+
+	* install-sh:
+	Add -M option (like -m but only for root) If we can't find "whoami",
+	use "id" w/ some sed.
+	[b39121c8b792]
+
+	* configure:
+	regen
+	[b39b93ff9804]
+
+	* configure.in:
+	allow user to always override mansectsu and mansectform
+	[0fca5e63bd90]
+
+2001-12-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mkinstalldirs:
+	update from autoconf 2.52
+	[07bd75a508c3]
+
+	* config.guess, config.sub:
+	Update from autoconf 2.52
+	[857b90fe31b7]
+
+	* configure:
+	regen with autoconf 2.52
+	[08e7d1ea2aeb]
+
+	* configure.in:
+	o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
+	mode o Remove compiler-specific checks for HP-UX now that we use
+	AC_PROG_CC_STDC
+	[d433a70b6208]
+
+	* RUNSON:
+	Checkpoint
+	[babf6d2235d1]
+
+	* auth/pam.c:
+	o Add pam_prep_user function to call pam_setcred() for the target
+	user; on Linux this often sets resource limits. o When calling
+	pam_end(), try to convert the auth->result to a PAM_FOO value.
+	This is a hack--we really need to stash the last PAM_FOO value
+	received and use that instead.
+	[6ad6f340dd2a]
+
+	* set_perms.c, sudo.h:
+	o Add pam_prep_user function to call pam_setcred() for the target
+	user; on Linux this often sets resource limits.
+	[67795421ac82]
+
+	* env.c:
+	Fix off by one error in number of bytes allocated via malloc (does
+	not affected any released version of sudo).
+	[5f5915360111]
+
+2001-12-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* lex.yy.c:
+	regen
+	[8208c0277775]
+
+	* parse.lex:
+	Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
+	requiring that they be quoted.
+	[ae59bc8f68dd]
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Mention that no double quotes are needed when
+	adding/deleting/assigning a single value to a list.
+	[25efc940a1f0]
+
+	* Makefile.in:
+	Don't rely on mkdefaults being executable, call perl explicitly.
+	[6edc97ba5f1d]
+
+	* sudo.tab.c:
+	regen
+	[49130b2e7e4d]
+
+	* parse.yacc:
+	Remove some XXX that are no longer relevant.
+	[d460ac0d3767]
+
+	* defaults.c:
+	o Roll our own loop instead of using strpbrk() for better
+	grokability o When adding to a list we must malloc() and use
+	memcpy(), not strdup() since we must only copy len bytes from str.
+	[649bef08e1f0]
+
+2001-12-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.tab.c:
+	regen
+	[f0bbf2c38c0e]
+
+	* parse.yacc:
+	typo in comment
+	[2563711ff593]
+
+2001-12-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	checkpoint
+	[a6d8a29fb30e]
+
+	* configure:
+	regen
+	[bdfcaaf3bd13]
+
+	* configure.in:
+	avoid the -g flag unless --with-devel was specified
+	[a976707bef30]
+
+	* Makefile.in:
+	mkdefaults, def_data.in and sigaction.c were missing from the
+	tarball
+	[6917ffbaa412]
+
+	* Makefile.in:
+	def_data.c was missing
+	[87c78b11453d]
+
+2001-12-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
+	allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
+	[fc8698e6a45e]
+
+	* TODO:
+	Another TODO item
+	[6f251d6cd466]
+
+	* sudoers:
+	Add comment for Default section so folks know where it should go.
+	[7edba626f392]
+
+2001-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	Use TCSETAF, not TCSETA to set terminal in termio case
+	[fbd172f6c5d3]
+
+	* sudoers.cat, sudoers.man.in:
+	regen from sudoers.pod
+	[64edd2de816e]
+
+	* sudoers.pod:
+	o Typo, Runas_User_List should be Runas_List o a User_List can not
+	contain a uid o mention that the Defaults section should come after
+	Alias definitions but before the user specifications
+	[54070ba2092b]
+
+2001-12-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[e62d1d97693c]
+
+	* sudoers.pod:
+	Fix listpw and verifypw sections, they were not being formatted
+	properly.
+	[123868c2f3e9]
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[f94841f8b374]
+
+	* sudoers.pod:
+	fix typos
+	[f278f1c1184e]
+
+	* configure:
+	regen
+	[d2270049ba9f]
+
+	* config.h.in, configure.in:
+	use AC_SYS_POSIX_TERMIOS instead of rolling our own
+	[c1a13f1354b9]
+
+	* README:
+	Reference sudo.ws not courtesan.com
+	[ca13be67ebd7]
+
+	* PORTING:
+	Add notes on shadow passwords
+	[aa13863f2314]
+
+	* BUGS:
+	In list mode (sudo -l), characters escaped with a backslash are
+	shown verbatim with the backslash.
+	[1a75a2858be2]
+
+	* sudoers:
+	Add simple examples from OpenBSD (Marc Espie)
+	[3ae9a9ae4125]
+
+	* tgetpass.c:
+	Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
+	[f8817699ee10]
+
+	* CHANGES:
+	minor prettyification
+	[f523587929b9]
+
+	* CHANGES:
+	Updated change log
+	[39d9010ee7a8]
+
+	* testsudoers.c:
+	Fix CIDR handling here too.
+	[c91db8344c32]
+
+	* auth/pam.c:
+	Apparently a NULL response is OK
+	[83bae61078d9]
+
+	* TODO:
+	Checkpoint for upcoming beta release
+	[efb95c09df2a]
+
+	* TROUBLESHOOTING:
+	Many people believe that adding a runas spec should obviate the need
+	for the -u flag. It does not.
+	[c698bad85b0e]
+
+	* RUNSON:
+	checkpoint update for upcoming 1.6.4 beta
+	[009e465a0a45]
+
+	* config.h.in:
+	o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
+	if HAVE_STRING_H is defined -- this is safe now
+	[d27c035f4e14]
+
+	* PORTING:
+	Add signals section
+	[2d24c13cb3c8]
+
+	* configure:
+	regen
+	[2b80a939e2ed]
+
+	* configure.in:
+	Fix check for sigaction_t
+	[6fa41c89ab20]
+
+	* sudo.c:
+	XXX - should call find_path() as runas user, not root. Can't do
+	that until the parser changes though.
+	[f0b4f85651bd]
+
+	* sudo.c:
+	If find_path() fails as root, try again as the invoking user (useful
+	for NFS). Idea from Chip Capelik.
+	[e03fa7872692]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+	Regenerate after pod file changes
+	[48e4bd75ec21]
+
+	* def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
+	sudo.pod, sudoers.pod:
+	Add new sudoers option "preserve_groups". Previously sudo would not
+	call initgroups() if the target user was root. Now it always calls
+	initgroups() unless the -P command line option or the
+	"preserve_groups" sudoers option is set. Idea from TJ Saunders.
+	[4f730359f101]
+
+2001-12-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat.h, config.h.in:
+	Use new HAVE_SIGACTION_T define
+	[dfb25f3cae5b]
+
+	* logging.c:
+	Fix compilation on K&C
+	[7355e3275e34]
+
+	* configure:
+	regen
+	[a710584f92f0]
+
+	* configure.in:
+	Add check for sigaction_t -- IRIX already defines this so don't
+	redefine it.
+	[df9c5737f6da]
+
+	* snprintf.c:
+	fix typo
+	[3d782b8134c8]
+
+	* interfaces.c:
+	need stdlib.h here too
+	[c789d8973ab2]
+
+	* configure:
+	regen
+	[44822856bf46]
+
+	* configure.in:
+	Remove redundant checks for string.h, strings.h and unistd.h
+	[933c94f8bbf4]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+	visudo.man.in:
+	Regen from pod files
+	[ad18c590f638]
+
+	* BUGS:
+	Update for 1.6.4
+	[26bc88b69d22]
+
+	* configure, lex.yy.c, sudo.tab.c:
+	regen
+	[bef89fd6fa2d]
+
+	* strerror.c:
+	Return EINVAL if errnum > sys_nerr
+	[0512374e6661]
+
+	* auth/sudo_auth.h:
+	o Update copyright year
+	[a877016db6e2]
+
+	* LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
+	config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
+	sudo.pod:
+	o Update copyright year
+	[e15a1b39039f]
+
+	* configure.in:
+	o Don't define STDC_HEADERS unconditionally for IRIX o Update
+	copyright year
+	[82a8cb819e07]
+
+	* README:
+	update version
+	[d82e523a16b4]
+
+	* auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+	auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+	auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
+	auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
+	set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
+	visudo.c:
+	o Reorder some headers and use STDC_HEADERS define properly o Update
+	copyright year
+	[fe39f76b3795]
+
+	* lsearch.c:
+	o Reorder some headers and use STDC_HEADERS define properly o Update
+	copyright year
+	[764ba3d4fa13]
+
+	* getspwuid.c, goodpath.c, interfaces.c:
+	o Reorder some headers and use STDC_HEADERS define properly o Update
+	copyright year
+	[fb46d46140d4]
+
+	* getcwd.c:
+	o Reorder some headers and use STDC_HEADERS define properly o Update
+	copyright year
+	[b199d70ac7ab]
+
+	* alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
+	fnmatch.c:
+	o Reorder some headers and use STDC_HEADERS define properly o Update
+	copyright year
+	[dab8f192a3ed]
+
+	* configure:
+	regen
+	[156658f25cea]
+
+	* tgetpass.c:
+	flags set in signal handlers should be volatile sig_atomic_t
+	[c22931a5535e]
+
+	* config.h.in, configure.in:
+	Add checks for volatile and sig_atomic_t
+	[b03b3341381d]
+
+	* configure, lex.yy.c:
+	regen
+	[ed9daba88217]
+
+	* def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
+	sudo.c, sudoers.pod:
+	Remove "secure_path" Defaults option since it cannot work with the
+	existing parser.
+	[c9e54a0f5971]
+
+	* find_path.c, sudo.c:
+	Unset "secure_path" if user_is_exempt()
+	[fb7544565ae8]
+
+	* env.c, pathnames.h.in:
+	o Remove assumption that PATH and TERM are not listed in env_keep o
+	If no PATH is in the environment use a default value o If TERM is
+	not set in the non-reset case also give it a default value.
+	[c987eb7df268]
+
+	* aclocal.m4, configure.in, defaults.c, pathnames.h.in:
+	_PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
+	systems that define in paths.h
+	[51865b0cdebf]
+
+	* auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
+	Add support for skeyaccess(3) if it is present in libskey.
+	[8add77c7d3e7]
+
+2001-12-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Only need to do 'lc = login_getclass(NULL)' if lc == NULL
+	[5a3d3cbf2c6d]
+
+	* parse.lex:
+	'\\' is a perfectly legal character to have in a command line
+	argument.
+	[c15a466ef00e]
+
+	* sudo.c:
+	o Defer call to set_fqdn() until it is safe to use log_error() o
+	Don't print errno string value if gethostbyname fails, it is not
+	relevant
+	[c0c6bcf08bcb]
+
+	* parse.c:
+	Fix CIDR -> in_addr_t conversion.
+	[2f307ebeb63f]
+
+2001-12-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Remove an extra "User_List" in the User_Spec definition From
+	ybertrand AT snoopymail.com
+	[97bde59ea280]
+
+	* parse.c:
+	Make 'listpw=never' work for users who are not explicitly mentioned
+	in sudoers.
+	[258f0f30a428]
+
+	* sudoers.pod:
+	Remove gratuitous '=' in EBNF grammar; era AT iki.fi
+	[4b0f03872ee1]
+
+	* sudoers.pod:
+	Document new list Defaults type and convert env_keep and env_delete
+	to lists. Document new env_check option.
+	[a07f1f079fe3]
+
+	* lex.yy.c, sudo.tab.c, sudo.tab.h:
+	regen parser
+	[e39ac6c6581b]
+
+	* parse.lex:
+	Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
+	to #[0-9-]+.
+	[69c5388908f3]
+
+	* configure:
+	regen
+	[0f1877b88cb3]
+
+	* aclocal.m4:
+	Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
+	[6545503ae361]
+
+	* config.h.in, configure.in:
+	Add check for skeyaccess(3)
+	[6caf69fe6359]
+
+	* visudo.pod:
+	Document new -c, -f, and -q options
+	[13d0203c21d3]
+
+	* visudo.c:
+	o Add -f option (alternate sudoers file) o Convert to use getopt(3)
+	[4c2b664d617d]
+
+	* configure:
+	regen
+	[6d5bd932e7b5]
+
+	* aclocal.m4, config.h.in, configure.in:
+	Add check for isblank and a replacement macro if it doesn't exist.
+	[b524f5e4f953]
+
+2001-12-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	In check-only mode, don't create sudoers if it does not already
+	exist.
+	[c748a2d5acad]
+
+	* parse.yacc:
+	o Add a new token, DEFVAR, to indicate a Defaults variable name o
+	Add support for "+=" and "-=" list operators o replace some 1 and 0
+	with TRUE and FALSE for greater legibility.
+	[554cb174b37e]
+
+	* parse.lex:
+	o Use exclusive start conditions to remove some ambiguity in the
+	lexer. Also reorder some things for clarity. o Add support for
+	"+=" and "-=" list operators. o Use the new DEFVAR token to denote
+	a Defaults variable name.
+	[3a2cf8323e26]
+
+	* sudo.h:
+	Prototype init_envtables()
+	[b74916469dab]
+
+	* env.c:
+	o Convert environment handling to use lists instead of strings.
+	This greatly simplifies routines that need to do "foreach" type
+	operations. o Add new init_envtables() function to set env_check
+	and env_delete defaults based on initial_badenv_table and
+	initial_checkenv_table (formerly sudo_badenv_table).
+	[0a8b404658b6]
+
+	* defaults.c, defaults.h:
+	o Add a new LIST type and functions to manipulate it. o This is for
+	use with environment handling variables. o Call new
+	init_envtables() routine inside init_defaults() to initialize the
+	environment lists.
+	[ae73e64f0902]
+
+	* def_data.c, def_data.h, def_data.in:
+	Convert environment options to use the new LIST type and add a new
+	one, env_check that only deletes if the sanity check fails.
+	[3019503936de]
+
+	* testsudoers.c:
+	Add dummy version of init_envtables()
+	[9d9e3ee609d9]
+
+	* parse.yacc:
+	honor quiet mode
+	[8330fba6167c]
+
+	* visudo.c:
+	Add check-only mode
+	[dab411bc8c35]
+
+	* mkdefaults:
+	Fix generation of entries with NULL descriptions.
+	[ea75b9fed02e]
+
+2001-12-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	Use sigaction_t and quiet a gcc warning.
+	[6f67d719c452]
+
+	* sudo.c:
+	Must reset signal handlers before we exec
+	[300418120e1a]
+
+	* auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+	auth/sudo_auth.c:
+	Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
+	version needs testing. Set SIGTSTP to SIG_DFL during password entry
+	so user can suspend us.
+	[00304aa58747]
+
+	* tgetpass.c:
+	Add support for interrupting/suspending tgetpass via keyboard input.
+	If you suspend sudo from the password prompt and resume it will re-
+	prompt you.
+	[4af2b5101d32]
+
+	* sudo.c:
+	Don't block keyboard interrupt signals, just set them to SIG_IGN.
+	[d46d7f67ef6b]
+
+2001-12-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	add back HAVE_SIGACTION
+	[c9c7702c603e]
+
+	* configure:
+	regen
+	[09fe669d337f]
+
+	* config.h.in, configure.in, logging.c, sudo.c, visudo.c:
+	Kill POSIX_SIGNALS define and old signal support now that we emulate
+	POSIX ones Also be sure to correctly initialize struct sigaction.
+	[4bc2a6dbb2be]
+
+	* strerror.c:
+	Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
+	[1ad64a19f328]
+
+	* compat.h:
+	Add scaffolding for POSIX signal emulation
+	[945861d4c93b]
+
+	* sigaction.c:
+	o Add missing ';' so this compiles o Can't use NULL since we don't
+	include stdio.h
+	[04d0cac7438f]
+
+	* sigaction.c:
+	Emulate sigaction() using sigvec()
+	[d0b54a989875]
+
+2001-11-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Document new behavior of negative values of timestamp_timeout Fix a
+	typo
+	[4c0716570d01]
+
+	* sudo.pod:
+	Add security note about command not being logged after 'sudo su' and
+	friends.
+	[43294851a33c]
+
+	* sudo.pod:
+	Mention that -V prints default values when run as root, including
+	the list of environment variables to clear.
+	[d9e5e550a8c3]
+
+	* Makefile.in:
+	Run pod2man with --quotes=none to avoid stupid quoting of C<>
+	entries.
+	[997b23c35dbe]
+
+2001-11-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
+	Add mail_badpass option Also modify mail_always behavior to also
+	send mail when the password is wrong
+	[838d40ccafce]
+
+	* env.c, sudo.c, sudo.h:
+	Dump default bad env table when 'sudo -V' is run by root.
+	[f67f1b8048b0]
+
+	* sudoers.pod:
+	document env_delete
+	[d74f893663a2]
+
+	* env.c:
+	Add support for '*' in env_keep when not resetting the environment
+	(ie: the normal case).
+	[fd4fb62ea8fd]
+
+	* env.c:
+	Add env_delete variable that lets the user replace/add to the
+	bad_env_table. Allow '*' wildcard in env_keep entries.
+	[aa728bc35e29]
+
+2001-11-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mkinstalldirs:
+	Force umask to 022 to guarantee sane directory permissions.
+	[9ab3cfe70569]
+
+2001-11-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
+	[671010465e6f]
+
+	* mkdefaults:
+	fix breakage in last commit
+	[8318f8851e56]
+
+	* Makefile.in:
+	acsite.m4 -> aclocal.m4
+	[30c146873a01]
+
+	* check.c:
+	fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
+	[4dc8b39954da]
+
+	* def_data.c:
+	regenerated from def_data.in
+	[915ea16ce1eb]
+
+	* check.c, defaults.c, defaults.h:
+	Add new T_UINT type that most things use instead of T_INT If
+	timestamp_timeout is < 0 then treat the ticket as never expiring (to
+	be expired manually by the user).
+	[3a3a636a2a5d]
+
+	* def_data.in:
+	change most T_INT -> T_UINT
+	[a2228d2457af]
+
+	* mkdefaults:
+	fix warning when no args
+	[ca70a5394af5]
+
+	* visudo.c:
+	Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
+	we are a signal handler. We no longer print the signal number but
+	the user can just check the exit value for that.
+	[dc424f631fef]
+
+2001-10-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	when setting up pipes in child process check for case where stdin ==
+	pipe fd 0
+	[518112d76184]
+
+2001-10-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Ignore editor exit value since XPG4 says vi's exit value is the
+	count of editing errors made (failed searches, etc).
+	[b9d952284865]
+
+2001-10-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[cb3aa586f03b]
+
+	* configure.in:
+	sco now is identified by config.guess as *-sco-*
+	[46664bbdea61]
+
+	* configure.in:
+	Check for getspnam() in -lgen if not in -lc for UnixWare.
+	[0f152ad1ba93]
+
+2001-09-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod, visudo.pod:
+	"upper case" -> "uppercase"
+	[f9151f232326]
+
+	* sudoers.pod:
+	fix typos and grammar; pjanzen@foatdi.harvard.edu
+	[2855d73d0237]
+
+2001-08-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Missing word (specify); krapht@secureops.com
+	[65523eb37a2c]
+
+2001-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	If we fail to lookup a login class, apply the default one.
+	[d4869faa6816]
+
+	* logging.c:
+	In log_error() free message, not logline unconditionally, then free
+	logline if it is not the same as message. No function change but
+	this mirrors how they are allocated.
+	[565e5f6cc643]
+
+2001-07-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regenerate
+	[834a48f548a2]
+
+	* configure.in:
+	remove some backslash quotes that are unneeded
+	[50d401d6e2ca]
+
+	* configure.in:
+	o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
+	instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
+	can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
+	to AC_DEFINE things manually.
+	[f502c5f15f92]
+
+	* config.guess, config.sub:
+	Updated from autoconf-2.50
+	[6140205915ef]
+
+2001-05-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README:
+	Update mailing list section. We use mailman now, not majordomo.
+	[b9a8ca45e6dc]
+
+2001-05-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* getspwuid.c, logging.c, sudo.c:
+	Use setpwent()/endpwent() + all the shadow variants to make sure we
+	don't inadvertantly leak an fd to the child. Apparently Linux's
+	shadow routines leave the fd open even if you don't call setspent().
+	Reported by mike@gistnet.com; different patch used.
+	[d33792ef6c01]
+
+2001-04-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	s/eg./e.g./
+	[bd32a0acaf93]
+
+	* tgetpass.c:
+	select() may return EAGAIN. If so, continue like we do for EINTR.
+	[5f202c943818]
+
+	* logging.c:
+	Fix a non-exploitable buffer overflow in the word splitting code.
+	This should really be rewritten.
+	[4c724363863a]
+
+	* Makefile.in:
+	FAQ link goes away
+	[1d26dd6c8972]
+
+	* INSTALL:
+	Tell people to look in sample.syslog.conf for examples, not FAQ
+	[affcae3f43ca]
+
+	* TROUBLESHOOTING:
+	Update list of env vars that are cleared
+	[234e56f1435a]
+
+	* sudo.c:
+	remove struct env_table decl since that stuff has all moved to env.c
+	[5dd923148777]
+
+2001-04-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* fileops.c:
+	Fix a pasto in flock-style unlocking and include <sys/file.h> for
+	flock on older systems; twetzel@gwdg.de
+	[d5420d9d2861]
+
+	* configure:
+	regen to get NeXT lockf/flock fix
+	[d3ba6ed70e15]
+
+	* configure.in:
+	force NeXT to use flock since lockf is broken
+	[bd5391dca1bb]
+
+2001-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	Use stashed user_gid when checking against exempt gid since sudo
+	sets its gid to a a value that makes sudoers readable. Previously
+	if you used gid 0 as the exempt group everyone would be exempt. From
+	Paul Kranenburg <pk@cs.few.eur.nl>
+	[0b140cc3a817]
+
+2001-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[cc455408f32b]
+
+	* aclocal.m4:
+	#include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
+	some types (such as ssize_t) therein.
+	[b6aee85ca331]
+
+2001-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c:
+	Fix negation of paths in a boolean context. Problem found by
+	apt@UH.EDU
+	[8aee217a7cdf]
+
+2001-02-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	pasto
+	[ad32b277bf68]
+
+2001-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	SA_RESETHAND means the opposite of what I was thinking--oops To
+	block all signals in old-style signals use ~0, not 0xffffffff
+	[6ecdd793590a]
+
+2001-02-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c:
+	coerce difference of pointers to int when used in a string length
+	printf format; deraadt@openbsd.org
+	[a9d10f07180d]
+
+2001-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Block all signals in Exit() to avoid a signal race. There is still
+	a tiny window but I'm not going to worry about it.
+	[6661805c0458]
+
+2001-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	glibc uses the LANGUAGE env var so clear that too; Solar Designer
+	[d4ba95628afb]
+
+	* lex.yy.c:
+	Regenerate with a fix to flex.skl that preserves errno from
+	clobbering by isatty().
+	[607eec736e19]
+
+2000-12-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+	auth/sia.c, auth/sudo_auth.c:
+	Some defaults I_ defines got renamed.
+	[ec19b23caaf3]
+
+	* Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
+	defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
+	set_perms.c, sudo.c, sudo.tab.c:
+	Move defaults info into its own files from which we generate .h and
+	.c files. This makes adding or rearranging variables much simpler.
+	[e91b880b5043]
+
+2000-12-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	fix typo in last commit
+	[10a6ee2bae71]
+
+	* compat.h, config.h.in, configure, configure.in:
+	Add check + emulation for setegid (like seteuid).
+	[29492092bd2f]
+
+	* env.c:
+	Make env_keep override badenv_table as documented Fix traversal of
+	badenv_table (broken in last commit)
+	[37c9f0d22673]
+
+	* set_perms.c, sudo.c, sudo.h:
+	Don't try and build saved uid version of set_perms on systems w/o
+	them. Rename set_perms_saved_uid() -> set_perms_posix() Make
+	set_perms_setreuid simply be set_perms_fallback() and simply include
+	the appropriate function at compile time (setreuid() vs. setuid()).
+	[3107333c062c]
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	PATH is also preserved when env_reset is in effect
+	[90e45c5711ff]
+
+	* CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
+	configure.in, defaults.c, defaults.h, env.c, find_path.c,
+	getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
+	sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
+	visudo.c, visudo.cat, visudo.man.in:
+	New Defaults options: o stay_setuid - sudo will remain setuid if
+	system has saved uids or setreuid(2) o env_reset - reset the
+	environment to a sane default o env_keep - preserve environment
+	variables that would otherwise be cleared
+
+	No longer use getenv/putenv/setenv functions--do environment munging
+	by hand. Potentially dangerous environment variables can be cleared
+	only if they contain '/' pr '%' characters to protect buggy
+	programs. Moved environment routines into env.c (new file)
+	[c2f97651db4c]
+
+	* INSTALL:
+	Clear up --without-passwd description
+	[2f336dab6733]
+
+	* putenv.c, sudo_setenv.c:
+	We now build up a new environment from scratch and assign it to
+	"environ".
+	[6ae6152f2238]
+
+2000-12-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod, visudo.pod:
+	Grammatical fixes from Paul Janzen
+	[e03ead2e56f8]
+
+2000-12-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	If there was a syntax error and the user just wants to quit, unlink
+	sudoers if it is zero length.
+	[74ba7921f520]
+
+	* visudo.c:
+	'Q' means ignore parse error, not 'q'
+	[e8d0e4491fe6]
+
+	* visudo.c:
+	Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
+	<dim@xs4all.nl>
+	[b24990a72491]
+
+2000-12-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
+	[41a8db10e076]
+
+2000-12-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.guess, config.sub:
+	Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
+	[6052da895d2e]
+
+2000-11-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c, visudo.c:
+	Use exit(127), not exit(-1)
+	[9ff0c3eada34]
+
+	* Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
+	Move set_perms() to its own file and use POSIX saved uid or
+	setreuid() if available.
+
+	Added stay_setuid option for systems that have libraries that
+	perform extra paranoia checks in system libraries for setuid
+	programs (ie: anything with issetugid(2)).
+	[28960f842698]
+
+	* sudo.c:
+	strip more bits from the environment and add a facility for
+	stripping things only if they contain '/' or '%' to address printf
+	format string vulnerabilities in other programs.
+	[b98d6375f299]
+
+2000-11-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[7e74e5c91049]
+
+	* configure.in:
+	For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
+	strcasecmp().
+	[a418e9e70442]
+
+	* configure:
+	regen
+	[bbff244a52bc]
+
+	* configure.in:
+	Check for strcasecmp(3) in -lc89 for NCR Unix
+	[361c99576681]
+
+2000-11-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	Define HAVE_INNETGR #ifdef HAVE__INNETGR
+	[473cdb92b6db]
+
+	* configure:
+	regen
+	[4e6364a195e0]
+
+	* compat.h, config.h.in, configure.in:
+	Add check for _innetgr(3) since NCR systems have that instead of
+	innetgr(3).
+	[25e6852e7494]
+
+2000-10-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/securid.c:
+	check return value of creadcfg() call sd_close() after sd_auth()
+	store username in sd->username so we don't rely on the USER env
+	variable
+	[d106b4f42722]
+
+2000-10-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	document --with-bsdauth
+	[f1518ecc2ee9]
+
+	* configure:
+	regen
+	[dceb35071ea8]
+
+	* configure.in:
+	--with-bsdauth assumes --with-logincap
+	[4200778083fd]
+
+	* auth/bsdauth.c, auth/fwtk.c:
+	When prompting for a response to a challenge, if the user just hits
+	return then reprompt with echo turned on.
+	[a539b6474a97]
+
+2000-10-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Remove debugging code that should not have been committed, oops.
+	[9862607b77a7]
+
+	* auth/bsdauth.c:
+	Use lower-level routines and get the password ourselves. Checks for
+	a challenge and if there is one echo is not turned off.
+	[2d8fcd166baa]
+
+	* auth/pam.c, auth/sudo_auth.h:
+	minor housekeeping, no real code changes
+	[d0074a277fb4]
+
+2000-10-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Fix a coredump in the logging functions if gethostname(2) fails by
+	deferring the call to log_error() until things are better setup.
+
+	Fix return value of set_loginclass() in non-BSD-auth case.
+
+	Hard-code 'sudo' in the usage message so we can fit more options on
+	a line
+	[d9d1b7579818]
+
+	* logging.c:
+	Fix errant ';' (typo) that broken MSG_ONLY
+	[849b2276a470]
+
+2000-10-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in:
+	regen
+	[bb3c8c6704d1]
+
+	* sudo.pod:
+	Document -a flag
+	[e18316cebaac]
+
+	* Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
+	configure, configure.in, getspwuid.c, sudo.c:
+	Add support for BSD authentication.
+	[f374cfd9ca0d]
+
+2000-10-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Fix typo; from sato@complex.eng.hokudai.ac.jp
+	[3085fee9766e]
+
+2000-10-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Mention negating umask
+	[c9e410294dae]
+
+	* defaults.c:
+	Allow user to specify umask of 0777 (same as !umask)
+	[bb771daa96fe]
+
+2000-10-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod, visudo.pod:
+	Fix a typo and give a URL for the sudo history.
+	[77f73199aedb]
+
+2000-10-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c, sudo.pod:
+	fix typos; pepper@reppep.com
+	[5532c7421340]
+
+2000-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c, sudo.h, sudo_setenv.c:
+	sudo_setenv() now exits on memory alloc failure instead of returning
+	-1.
+	[71f1cf18f47b]
+
+2000-09-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
+	and possibly others.
+	[b69d985b0d22]
+
+	* logging.c:
+	Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
+	that "%m" won't be expanded but we don't use that anyway since the
+	logging routines may splat to stderr as well.
+	[8d37a544d0c0]
+
+	* defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
+	sudoers.pod:
+	Add always_set_home variable
+	[dbcaff646e07]
+
+	* configure, configure.in:
+	Have to hard code default values in help since the defaults are set
+	_after_ the help stuff.
+	[7b5d6d72f55c]
+
+2000-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* lex.yy.c, parse.lex:
+	Allow special characters (including '#') to be embedded in pathnames
+	if quoted by a '\\'. The quoted chars will be dealt with by
+	fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
+	[3ed33cf09977]
+
+2000-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* install-sh:
+	Better path searching for programs we need.
+	[60517cb1f0d6]
+
+	* TROUBLESHOOTING:
+	Add section on "C compiler cannot create executables" errors.
+	[e4ada6eaee59]
+
+	* Makefile.binary, Makefile.in, version.h:
+	Crank version
+	[93d1bd5b7f5e]
+
+	* aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
+	sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
+	visudo.man.in, visudo.pod:
+	Substitute values from configure into man pages.
+	[619854c356c1]
+
+2000-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c, sudo.c:
+	The listpw and verifypw sudoers options would not take effect
+	because the value of the default was checked *before* sudoers was
+	parsed. Instead of passing in the value of PWCHECK_* to
+	sudoers_lookup(), pass in the arg for def_ival() so the check can be
+	deferred until after sudoers is parsed.
+	[4f596e358f72]
+
+2000-08-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	When writing prompt, no need to write the NUL as well;
+	hag@linnaean.org
+	[fbcdd7b431ee]
+
+2000-06-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* install-sh:
+	When looking for chown, check in /sbin too
+	[657ba6653f8c]
+
+2000-06-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Remove extraneous call to init_defaults() and set runas_user to NULL
+	betweem parses so init_defaults will reset it each time, thus
+	avoiding a reference to free()d data.
+	[7421fcd692af]
+
+2000-06-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, interfaces.c, interfaces.h, sudo.c:
+	Add support for using getifaddrs() to get the list of ip addr /
+	netmask pairs. Currently IPv4-only.
+	[a35bc4f7306d]
+
+	* visudo.c:
+	Add a missing check for UserEditor == NULL Add missing '+' before
+	line number when invoking editor to fix a syntax error
+	[f0d4635f6082]
+
+2000-05-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Call clean_env very early in main() for paranoia's sake. Idea from
+	Marc Esipovich.
+	[f8d72ebd0115]
+
+2000-05-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.h:
+	Update proto for evasprintf and easprintf
+	[d147d6e58419]
+
+	* alloc.c:
+	Make easprintf() and evasprintf() return an int.
+	[b2ca5d089667]
+
+	* check.c:
+	If the targetpw flag is set, use target username as part of the
+	timestamp path. If tty tickets are in effect cat the tty and the
+	target username with a ':' as the separator.
+	[de11abc693c2]
+
+2000-05-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	Backout part of last change; setting PAM_USER to the invoking user
+	breaks things like targetpw.
+	[427218a7387f]
+
+	* auth/pam.c:
+	set tty and username via pam_set_item
+	[85d1922dbcc9]
+
+	* auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
+	Fix root, runas, and target authentication for non-passwd file auth
+	methods.
+	[a14535e7b30c]
+
+2000-04-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
+	sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
+	Use B<-Z> not C<-Z> for command line flags in all places. This is
+	more consistent and works around a bug in Pod::Man.
+	[64b5a05f30c5]
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Fix an occurence of 'semicolon' that should be 'colon'
+	[4ea5aacae3fb]
+
+2000-04-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Fix --with-badpri help line
+	[3cc40977c043]
+
+2000-04-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c, logging.c, sudo.c:
+	Bracket calls to syslog with an openlog() and closelog() since some
+	authentication methods (like PAM) may do their own logging via
+	syslog. Since we don't use syslog much (usually just once per
+	session) this doesn't really incur a performance penalty. It also
+	Fixes a SEGV with pam_kafs.
+	[fe1cc28529f6]
+
+2000-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Fix -H flag. runas_homedir is only valid after
+	set_perms(PERM_RUNAS, mode)
+	[ce9b1c6f68a6]
+
+2000-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	Clarify the fact that insults are not enabled just by including them
+	in the binary.
+	[d5a31d48320c]
+
+2000-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+	visudo.man.in:
+	Regenerated with perl 5.6.0 pod2man
+	[21751433768b]
+
+	* Makefile.in:
+	Give date string to pod2man since its default is ugly and it ain't
+	got no alibi.
+	[0080b2f6298f]
+
+	* Makefile.in:
+	Do section substitution on the output of pod2man and remove hack
+	needed for old pod2man.
+	[1ef843d5c78b]
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	Put back real man sections, we will do the substitution later.
+	[f728c1abad7e]
+
+2000-04-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Don't bother checking for the path to vi if user specified --with-
+	editor
+	[bf698487e0d5]
+
+2000-04-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, visudo.c:
+	Visudo now does its own fork/exec instead of calling system(3).
+	[99bbcd88863b]
+
+	* CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
+	sudoers.pod, visudo.c:
+	Visudo now checks for the existence of an editor and gives a
+	sensible error if it does not exist.
+
+	The path to the editor for visudo is now a colon-separated list of
+	allowable editors. If the user has $EDITOR set and it matches one
+	of the allowed editors that editor will be used. If not, the first
+	editor in the list that actually exists is used.
+	[cc86eb9f5440]
+
+	* sudo.cat, sudo.man.in, sudo.pod:
+	Clear up confusion wrt sudo's return value.
+	[9385b12d8e79]
+
+2000-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Strip sudo and visudo for bindist target
+	[a995ddd79177]
+
+	* sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
+	sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
+	Use @mansectsu@ and @mansectform@ in the man page bodies as well.
+	[5eb9e60a726f] [SUDO_1_6_3]
+
+	* visudo.cat, visudo.man.in, visudo.pod:
+	Typo: @sysconf@ -> @sysconfdir@
+	[f07f52fcd099]
+
+	* Makefile.in:
+	'make dist' should not cause any files to be modified so remove its
+	dependencies.
+	[7f44a2666a9c]
+
+	* CHANGES:
+	Whoops, forgot to add release marker
+	[16c0f16b35b8]
+
+2000-03-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	Final change for 1.6.3 (or so I hope)
+	[473c89da6123]
+
+	* sudo.cat, sudoers.cat, visudo.cat:
+	Use SYSV man sections since BSD systems will have nroff...
+	[0a6bd154324e]
+
+2000-03-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc, sudo.tab.c:
+	When checking to see if the host/user matches in a defaults spec,
+	check against TRUE, not just non-zero since it might be -1.
+	[41f2b7ad3fdd]
+
+	* configure, configure.in:
+	OSF/1 puts file formats in section 4, not 5.
+	[d77c1301afa9]
+
+	* CHANGES, INSTALL, sudo.c:
+	Make login class support work on BSD/OS
+	[e9bbe3c08ade]
+
+	* RUNSON:
+	Update for 1.6.3
+	[c40ce1d76c4d]
+
+	* configure, configure.in:
+	If there is no inet_addr but there *is* an __inet_addr that's ok
+	since inet_addr is probably just a macro then. The better thing to
+	do would be to look for the macro, but this is fine for now.
+	[1b8865ae4d68]
+
+	* configure, configure.in:
+	Don't use shlicc for BSD/OS 4.x
+	[83fbf6dedd2c]
+
+	* Makefile.in, configure, configure.in:
+	*.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
+	configure variable so we can deal with this. Also, only remove *.man
+	for 'distclean' not 'clean'.
+	[30d56e6de214]
+
+	* sudo.c:
+	set_loginclass() should be static like the proto says
+	[d570a2d55fb8]
+
+2000-03-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* fnmatch.c:
+	Add #ifdef __STDC__ around the rangematch function header to avoid
+	promotion of test to int, thus violating the prototype. Gcc handles
+	this gracefully but more std ANSI compilers will complain.
+	[7d98c3e332b2]
+
+	* emul/fnmatch.h:
+	Pull in newer fnmatch(3) that supports FNM_CASEFOLD
+	[4e1320852f8b]
+
+	* aclocal.m4, configure, fnmatch.3, fnmatch.c:
+	Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
+	FNM_CASEFOLD in configure
+	[9ef952bf1896]
+
+	* CHANGES, TODO:
+	update for 1.6.3
+	[e4ba6368a0c5]
+
+	* sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
+	Fully qualified hosts w/ wildcards were not matching the FQHOST
+	token type. There's really no need for a separate token for fully-
+	qualified vs. unqualified anymore so FQHOST is now history and
+	hostname_matches now decides which hostname (short or long) to check
+	based on whether or not the pattern contains a '.'.
+	[fbd2887d9811]
+
+	* parse.h:
+	Fully qualified hosts w/ wildcards were not matching the FQHOST
+	token type. There's really no need for a separate token for fully-
+	qualified vs. unqualified anymore so FQHOST is now history and
+	hostname_matches now decides which hostname (short or long) to check
+	based on whether or not the pattern contains a '.'.
+	[dd7bbe223461]
+
+	* lex.yy.c, parse.c, parse.lex, parse.yacc:
+	Fully qualified hosts w/ wildcards were not matching the FQHOST
+	token type. There's really no need for a separate token for fully-
+	qualified vs. unqualified anymore so FQHOST is now history and
+	hostname_matches now decides which hostname (short or long) to check
+	based on whether or not the pattern contains a '.'.
+	[630d9d205397]
+
+	* parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
+	sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
+	Add support for wildcards in the hostname.
+	[d8d821ed4238]
+
+	* Makefile.in:
+	Add targets for *.man.in, using config.status to generate *.man from
+	*.man.in
+	[640e50ede485]
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Document set_logname option and enbolden refs to sudo and visudo.
+	[9622b3a48707]
+
+	* INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
+	sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
+	visudo.cat, visudo.man.in, visudo.pod:
+	Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
+	from Michael D. Marchionna. configure now does substitution on the
+	man pages, allowing us to fix up the paths and set the section
+	correctly. Based on an idea from Michael D. Marchionna.
+	[463e928a0a2f]
+
+	* auth/passwd.c:
+	Better fix for handling HP-UX aging info.
+	[3950f42d8549]
+
+	* sudo.c:
+	Add support for set_logname run-time default
+	[c6a7cc76b8b4]
+
+	* sudo.man.in, sudoers.man.in, visudo.man.in:
+	configure does substitution on these to produce *.man
+	[b83fc3c1bfc9]
+
+	* sudo.man, sudoers.man, visudo.man:
+	These files now get generated from *.man.in at configure time.
+	[c499061f79e0]
+
+2000-03-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c, defaults.h:
+	Add set_logname option so users can turn off setting of LOGNAME/USER
+	environment variables.
+	[6316869180b8]
+
+	* lsearch.c, parse.c, testsudoers.c:
+	kill register
+	[6e104e653748]
+
+2000-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/passwd.c:
+	HP-UX adds extra info at the end for password aging so when
+	comparing the result of crypt to pw_passwd we only compare the first
+	len(epass) bytes *unless* the user entered an empty string for a
+	password.
+	[3d24d4e4e889]
+
+	* logging.c:
+	Get rid of grandchild hack, it was causing problems and there is
+	really no need for it. This fixes a bug where we spin eating up CPU
+	when the user runs a long-running process like a shell.
+	[5743b10b1e81]
+
+2000-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	User can always specify a login class if he/she is already root.
+	[710d160cef9f]
+
+	* config.h.in, configure, configure.in, defaults.c, defaults.h,
+	sudo.c, sudo.h:
+	FreeBSD login class (login.conf) support.
+	[026b981d6328]
+
+2000-03-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/sudo_auth.c:
+	HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
+	[9cd4929f1a78]
+
+2000-03-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/passwd.c:
+	Truncate unencrypted password to 8 chars if encrypted password is
+	exactly 13 characters (indicateing standard a DES password). Many
+	versions of crypt() do this for you, but not all (like HP-UX's).
+	[a9d0259cb193]
+
+2000-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, RUNSON:
+	Mention that gcc on dynix may have problems
+	[77b97fa5bf1b]
+
+2000-02-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Link visudo with NET_LIBS since we now call syslog via defaults.c
+	[9e3830b277cc]
+
+	* defaults.c:
+	Use Argv[0] as the first arg to openlog() since visudo uses this
+	too.
+	[e61078f328ec]
+
+2000-02-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Stash coredumpsize resource limit and retsore it before the exec()
+	Otherwise the child ends up with a coredumpsize of 0.
+	[f6a4783835a3]
+
+2000-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man, sudo.pod:
+	document -S flag
+	[3ebd805b7142]
+
+	* sudo.c:
+	fix usage string
+	[66b2dfa47fe8]
+
+	* CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
+	auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
+	Added -S flag (read passwd from stdin) and tgetpass_flags global
+	that holds flags to be passed in to tgetpass(). Change echo_off
+	param to tgetpass() into a flags field. There are currently 2
+	possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
+	tgetpass(), abstract the echo set/clear via macros and if (flags &
+	TGP_ECHO) but echo is not set on the terminal, but sure to set it.
+	[a4fcbb712cd0]
+
+	* tgetpass.c:
+	Fixed a bug that caused an infinite loop when the password timeout
+	was disabled.
+	[2be1ffc5a39f]
+
+2000-02-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
+	sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
+	Add rootpw, runaspw, and targetpw options.
+	[2d4563e46df7]
+
+	* CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
+	visudo.c:
+	enveditor -> env_editor
+	[ddc5f856e583]
+
+2000-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS, INSTALL, Makefile.in, README, configure, configure.in,
+	sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
+	visudo.man:
+	crank versino to 1.6.3
+	[a5f7d3e74360]
+
+	* INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
+	sudoers.pod, visudo.c:
+	Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
+	them. This means that visudo will now parse the sudoers file
+	*before* it is edited so a bogus sudoers file will cause a warning
+	to go to stderr. Also, visudo checks the variables once--it does not
+	check them after each editor run since that could be confusing.
+	[9f5af18e9212]
+
+2000-02-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON:
+	1.6.2 -> 1.6.2p1
+	[e25b74f1d1af]
+
+	* check.c, sudo.c, sudo.h:
+	Move user_is_exempt prototype into sudo.h
+	[daf26a6ded8a]
+
+2000-02-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Fix thinko, some && should have been || in the last commit
+	[4b9b2d487ded]
+
+	* configure, configure.in:
+	Don't initialized Makefile variables to be NULL since the user may
+	want to import variables from their environment.
+	[7be019f4422c]
+
+2000-02-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	typo
+	[38f4d8971f0a]
+
+2000-01-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.tab.c:
+	fix a yacc (skeleton.c) warning
+	[a2da228a937b]
+
+2000-01-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, RUNSON, configure, configure.in:
+	Make pam work on HP-UX 11.0;jaearick@colby.edu
+	[b94de0ff6f42]
+
+	* CHANGES:
+	recent changes; prepare for 1.6.2p1
+	[b291635ea141]
+
+	* find_path.c:
+	Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
+	[4306285c4f6e]
+
+2000-01-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.tab.c:
+	Regen with yacc that has a memory leak plugged.
+	[e26383a04eb7]
+
+	* sudoers.cat, sudoers.man, sudoers.pod:
+	Expanded docs on sudoers 'defaults' options based on INSTALL file
+	info.
+	[54c3d62d6c74]
+
+	* INSTALL:
+	Fix some while lies
+	[d15311782150]
+
+2000-01-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	When making a bindist, link FAQ to TROUBLESHOOTING instead of
+	copying.
+	[2d88a6ac88cf]
+
+	* sudoers.cat, sudoers.man, sudoers.pod:
+	Add netgroup caveat
+	[28d119f466e3] [SUDO_1_6_2]
+
+	* RUNSON:
+	Last minute updates
+	[89fb4ed22d52]
+
+	* TROUBLESHOOTING:
+	PAM entry
+	[a9fd59f39457]
+
+	* auth/pam.c:
+	correct a comment
+	[a29627225ba9]
+
+	* CHANGES, RUNSON:
+	update for 1.6.2
+	[b7f1c40ea732]
+
+	* auth/pam.c:
+	Better detection of PAM errors and fix custom prompts with PAM.
+	Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
+	[ff69234b94a5]
+
+2000-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* snprintf.c:
+	Cast ULONG_MAX to unsigned long long when comparing to an unsigned
+	long long value.
+	[9d918c3a2ecd]
+
+2000-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, config.h.in, configure, configure.in, visudo.c:
+	Fix sudoers locking in visudo. We now lock the sudoers file itself,
+	not the temp file (since locking the temp file can foul up editors).
+	The previous locking scheme didn't work because the fd was closed
+	too early.
+	[de2011bb11ed]
+
+	* config.h.in, configure, configure.in:
+	Don't need test for ftruncate() any more.
+	[e5f71c848104]
+
+	* configure, configure.in:
+	Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
+	the unbundled HP-UX cc.
+	[2c373612c644]
+
+2000-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man, sudoers.pod:
+	"a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
+	[05360d2c314e]
+
+2000-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
+	parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
+	version.h, visudo.c:
+	update copyright year on changed files
+	[5792a2a28a4c]
+
+	* RUNSON:
+	updates
+	[edf8f19aa403]
+
+	* CHANGES:
+	aix fix
+	[4d4a243b31e2]
+
+	* INSTALL:
+	Crank version to 1.6.2
+	[bcb5cb411624]
+
+	* configure:
+	Crank version to 1.6.2
+	[32a19f33427f]
+
+	* sudo.c:
+	When using rlimit check for RLIM_INFINITY When computing the value
+	of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
+	[8c16166802e5]
+
+	* CHANGES:
+	recent changes
+	[09fc7112e44d]
+
+	* BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
+	sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
+	Crank version to 1.6.2
+	[055fa61a7c61]
+
+	* INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
+	Add 'shell_noargs' runtime option back in. We have to defer
+	checking until after the sudoers file has been parsed but since
+	there are now other options that operate that way this one can too.
+	Based on a patch from bguillory@email.com.
+	[231db7a007a6]
+
+	* defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
+	Add "listpw" and "verifypw" options.
+	[190683bac878]
+
+	* sudoers.cat, sudoers.man, sudoers.pod:
+	o Fix some typos/omissions o Add section on verifypw and listpw o
+	Define how NOPASSWD interacts with the -v and -l flags
+	[6feb7350eb79]
+
+2000-01-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
+	-D_HPUX_SOURCE to CPPFLAGS.
+	[06cc35d89dc8]
+
+	* defaults.c, defaults.h:
+	In struct sudo_defs_types, move the union to the end and don't
+	initialize the union member since that only works with an ANSI
+	compiler. We set the value of the union by hand in init_defaults()
+	anyway. This allows sudo to compile on a K&R compiler again.
+	[623487e1fcfa]
+
+2000-01-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
+	netgr_matches needs to check shost as well as host since they may be
+	different.
+	[3f43ace23d3e]
+
+	* tgetpass.c:
+	End on \r as well as \n
+	[cb7c6e6f4202]
+
+2000-01-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
+	from 0400 to whatever SUDOERS_MODE is (converting from the old
+	sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
+	0400 which should always be the case.
+	[34cd83d49d20]
+
+	* parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
+	Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
+	w/o a passwd if there is *any* entry for the user on the host with a
+	NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
+	the user on the host w/ the specified runas user have the NOPASSWD
+	flag set.
+	[4b3b85697653]
+
+	* Makefile.in:
+	add check target
+	[3d24d34a76fd]
+
+1999-12-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Treat EOF at whatnow prompt like 'x' instead of looping.
+	[5deffc27114c]
+
+1999-12-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	recent changes
+	[5836a9452568] [SUDO_1_6_1]
+
+1999-12-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, sudo.c:
+	Add check for initgroups() since old SYSV lacks this.
+	[657a6005a569]
+
+	* CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
+	parse.c, testsudoers.c:
+	o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
+	exists.
+	[17d081e917d6]
+
+1999-12-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/sudo_auth.c:
+	Don't allow insults to be enabled if the insults[] array is empty.
+	Otherwise there would be division by zero.
+	[b20c14db6029]
+
+	* insults.h:
+	Don't allow insults to be enabled if the insults[] array is empty.
+	Otherwise there would be division by zero.
+	[028f130204b0]
+
+	* CHANGES, RUNSON:
+	Don't allow insults to be enabled if the insults[] array is empty.
+	Otherwise there would be division by zero.
+	[974f4780254b]
+
+	* insults.h:
+	Don't care about USE_INSULTS #define since the insult stuff may be
+	overridden at runtime.
+	[b873df8b299c]
+
+	* auth/sudo_auth.c:
+	Honor insults flag.
+	[756111640fdc]
+
+	* CHANGES, parse.c:
+	Don't ask the user for a password if the user is not allowed to run
+	the command and the authenticate flag (in sudoers) is false.
+	[cea9fdc09c76]
+
+	* CHANGES, RUNSON, lex.yy.c, parse.lex:
+	o Whenever we get a bare newline we change to the INITIAL state. o
+	Enter GOTRUNAS when we see Runas_Alias
+
+	This allows #uid to work in a RunasAlias.
+	[a475513e7c7a]
+
+1999-12-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, parse.yacc, sudo.tab.c:
+	fix parsing of runas lists: o oprunasuser and runaslist now return a
+	value o in a runasspec, if a runaslist does not return TRUE, set
+	runas_matches to FALSE. Normally, a runaslist only returns FALSE
+	for explicitly denied users. o since runaslist does not modify the
+	stack there is no need for a push/pop in runasalias.
+	[82b305b34a8c]
+
+	* check.c, sudo.c:
+	Don't kill the user's tickets until after sudoers has been parsed
+	since tty_tickets and ticket_dir could be set in sudoers.
+	[f43e25367f3a]
+
+	* BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
+	configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
+	sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
+	crank version to 1.6
+	[95f8bdcf9bb2]
+
+	* testsudoers.c:
+	add set_fqdn() stub
+	[bbc81af5b41a]
+
+1999-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
+	sudoers.man, sudoers.pod, visudo.c:
+	o Kill shell_noargs option, it cannot work since the command needs
+	to be set before sudoers is parsed. o Fix the "set_home" sudoers
+	option (only worked at compile time). o Fix "fqdn" sudoers option.
+	We now set host/shost via set_fqdn which gets called when the
+	"fqdn" option is set in sudoers. o Move the openlog() to
+	store_syslogfac() so this gets overridden correctly from the
+	sudoers file.
+	[3dca861f0f5d]
+
+	* auth/securid.c:
+	SecurID support should compile now.
+	[a544e5c6ea34]
+
+1999-11-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
+	visudo.man, visudo.pod:
+	fix some syntactic goofs
+	[b3451f0d5239]
+
+1999-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, sudo.html, sudoers.html, visudo.html:
+	No longer need the .html files as they are generated automatically
+	on the web site.
+	[1b4aa4204584]
+
+	* CHANGES, LICENSE:
+	kill characters that made wml unhappy
+	[b988fbc6da56]
+
+	* HISTORY:
+	typo
+	[a418963f7fce]
+
+1999-11-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README:
+	majordomo@cs.colorado.edu -> majordomo@courtesan.com
+	[5d151e8ffd3b]
+
+	* Makefile.in, configure:
+	Wrap script execution w/ /bin/sh for the benefit of ctm
+	[3a9c4766b2c3]
+
+1999-11-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Make the -s flag be exclusive too. Also reorder the flags in the
+	exclusive usage message so they are alphabetical.
+	[4c7af200db34]
+
+1999-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	make pam errors other than PAM_PERM_DENIED fatal
+	[64bcb3fd2baf]
+
+	* auth/API:
+	fix typo
+	[f3134c88b12e]
+
+	* INSTALL:
+	make it clear that /etc/pam.d/sudo is required on linux
+	[213cc3eaad82]
+
+	* auth/pam.c:
+	fix a warning on redhat and spew an error if pam_authenticate()
+	returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
+	[7e46dd19da89]
+
+	* sudo.cat, sudo.html, sudo.man, sudo.pod:
+	Be very clear that the password required is the user's not root's
+	[a6da127347e5]
+
+1999-11-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	add sample.syslog.conf to DISTFILES and BINFILES
+	[8661c27c007e]
+
+1999-11-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON:
+	updates from Brian Jackson + some formatting
+	[6d31c6fa63f8]
+
+1999-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL.binary, Makefile.binary, README, RUNSON:
+	o One RUNSon update o Changes for automating real binary releases
+	[dd9585f4406c]
+
+	* Makefile.in:
+	Add bindist target
+	[546ed3fa94bb]
+
+1999-11-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TROUBLESHOOTING:
+	talk about run-time options in addition to compile-time options
+	[1eb813ff0a9a] [SUDO_1_6_0]
+
+	* CHANGES:
+	fix typos
+	[65e92bb70a7b]
+
+	* sudo.c:
+	need sys/time.h if HAVE_SETRLIMIT
+	[ce31655a8a60]
+
+	* PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
+	sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
+	get rid of references to sudo-bugs. Now mention the web site or the
+	sudo@ alias
+	[a9db861fd8c6]
+
+	* sudoers.html:
+	repair pod2html damage
+	[62ece4277f1f]
+
+	* RUNSON, TODO:
+	Update for 1.6 release
+	[98569c57ba2a]
+
+	* sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+	Add warning about using ALL in a command context.
+	[6c77685ab280]
+
+1999-11-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Call yyrestart() on a parse error to reset the lexer state.
+	[1370a27acdb2]
+
+	* lex.yy.c, parse.lex:
+	Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
+	since it might not get called in yywrap if we get a parse error
+	(and we only reread the file on error anyway).
+	[37f4b449e28e]
+
+	* lex.yy.c, parse.lex:
+	Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
+	might still exist. Call yyrestart() instead of using the deprecated
+	YY_NEW_FILE macro.
+	[7d0d873046c6]
+
+	* lex.yy.c, parse.lex:
+	flex doesn't need %N table size declarations
+	[268b020fd60a]
+
+	* sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+	Mention what characters need to be escaped in names.
+	[72ccbb6b0f31]
+
+1999-11-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[65827abb5c7b]
+
+	* INSTALL:
+	clarify Mac OS X entry
+	[8da1549a71f5]
+
+	* RUNSON:
+	update
+	[0cff8df7459f]
+
+	* configure.in:
+	o Use AC_MSG_ERROR throughout o Check syslog configure options for
+	danity
+	[4cb81e642e5c]
+
+1999-11-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c:
+	Fix printing of type T_MODE in dump_defaults()
+	[a868bb6f5515]
+
+	* strcasecmp.c:
+	missing sys/types.h
+	[ca694ca325b6]
+
+	* INSTALL:
+	Break out options that may be overridden at run time into their own
+	section. Add a not about Max OS X and correct some lies.
+	[d8bcfd120593]
+
+1999-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, config.h.in, configure, configure.in, sudo.c:
+	o Now use getrlimit to find the highest fd when closing all non-std
+	fd's o Turn off core dumps via setrlimit for the sake of paranoia
+	[dd9f651b6def]
+
+	* RUNSON:
+	updates
+	[f581841fe615]
+
+1999-11-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	updates
+	[553baa1d44c7]
+
+	* tgetpass.c:
+	When read()'ing, do a single character at a time to be sure we don't
+	go oast the newline.
+	[907d33f55bb4]
+
+	* sudo.c:
+	For the sudo_root option, check against user_uid, not getuid() since
+	at this point, ruid == euid == 0.
+	[92d5c51939b4]
+
+	* RUNSON:
+	some updates
+	[e3ed0c1f312b]
+
+	* logging.h:
+	Fix compilation problem when --with-logging=file was specified.
+	This means that syslog is now required to build sudo but that should
+	not be a problem. If it is it can be fixed trivially with a
+	configure check for syslog() or syslog.h.
+	[839a4b069190]
+
+	* tgetpass.c:
+	Make this work again for things like "sudo echo hi | more" where the
+	tty gets put into character at a time mode. We read until we read
+	end of line or we run out of space (similar to fgets(3)).
+	[c8f746df2e63]
+
+1999-10-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+	change ital to bold
+	[f860978e530a]
+
+	* RUNSON:
+	update
+	[9bcfbb405568]
+
+1999-10-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c:
+	Error out if syslog parameters are given without a value. For
+	Ultrix or 4.2BSD "syslog" is allowed without a value since there are
+	no facilities in the 4.2BSD syslog.
+	[69e7a686f5f0]
+
+1999-10-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c:
+	Ignore the syslog facility for systems w/ old syslog like Ultrix.
+	[5c250adbbb84]
+
+	* TROUBLESHOOTING:
+	people with "." early in their path can have problems running sudo
+	from the build dir ;-)
+	[20a1744a24a4]
+
+1999-10-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.html, sudo.man, sudo.pod:
+	Remove -r realm option
+	[127caa537f95]
+
+	* auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
+	configure.in, sudo.c:
+	New krb5 code from Frank Cusack <fcusack@iconnet.net>.
+	[7177a3893a62]
+
+	* CHANGES:
+	update to reality
+	[766cfbb512d6]
+
+1999-10-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/fwtk.c:
+	include <auth.h> to get function prototypes.
+	[d6c7c12d09fe]
+
+	* sudo.cat, sudo.html, sudo.man, sudo.pod:
+	document -L flag
+	[dc803e1ce0d7]
+
+1999-10-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	in set_perms(), always call setuid(0) before changing the ruid/euid
+	so we always know it will succeed.
+	[8cced1b862bf]
+
+	* defaults.h:
+	#undef T_FOO to avoid conflicts with system defines (like on
+	ULTRIX).
+	[d9f0aac092b0]
+
+	* TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
+	sudoers.pod:
+	Docuement "Defaults" lines in /etc/sudoers. Still needs some
+	fleshing out but this is a start.
+	[521a1e629bbc]
+
+1999-10-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* use strtol, not strtoul since not everyone has not strtoul
+	[988462f093cc]
+
+	* defaults.c:
+	use strtol, not strtoul since not everyone has not strtoul
+	[fce835ce62e3]
+
+	* lex.yy.c, parse.lex:
+	last {WORD} rule should only apply in the INITIAL state
+	[9b57570bfa83]
+
+	* lex.yy.c, parse.lex:
+	o Add support for escaped characters in the WORD macro o Modify
+	fill() to squash escape chars
+	[87572d59e4e0]
+
+	* defaults.c, defaults.h:
+	o Add T_PATH flag to allow simple sanity checks for default values
+	that are supposed to be pathnames. o Fix a duplicate free when
+	visudo finds an error.
+	[bdc6855a6c6d]
+
+1999-10-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c, defaults.h, logging.c:
+	mail_if_foo -> mail_foo
+	[cbee9415875d]
+
+1999-10-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
+	o Add requiretty option o Move O_NOCTTY to compat.h
+	[65b8bf0e1795]
+
+	* logging.c:
+	The exit() in log_error() was mistakenly removed in a previous
+	version. Put it back...
+	[9473449130a4]
+
+1999-10-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
+	auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
+	configure, configure.in, defaults.c, defaults.h, find_path.c,
+	getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
+	o Change defaults stuff to put the value right in the struct. o
+	Implement mailer_flags o Store syslog stuff both in int and string
+	form. Setting the string form magically updates the int version.
+	o Add boolean attribute to strings where it makes sense to say !foo
+	[4698953f9a36]
+
+	* tgetpass.c:
+	add O_NOCTTY when opening /dev/tty just in case
+	[4c6d1d1bb300]
+
+1999-10-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/API:
+	cleanup function no longer takes a status arg
+	[0819edbfe7f8]
+
+	* INSTALL:
+	the the
+	[19aadb65ea28]
+
+1999-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO, config.h.in, configure, configure.in, logging.c:
+	Use strftime() instead of ctime() if it is available.
+	[fb60ea63b514]
+
+1999-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c:
+	fix copyright date
+	[4a53b54aa72f]
+
+	* RUNSON:
+	update ReliantUNIX entry
+	[de618a4f67d9]
+
+	* defaults.c, defaults.h, logging.c:
+	add log_year option
+	[251a9e20568a]
+
+	* configure, configure.in:
+	add --without-sendmail to help output
+	[93162f199902]
+
+	* configure, configure.in:
+	enforce an otctal arg for --with-suoders-mode
+	[45e1b04ccad3]
+
+1999-09-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
+	auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
+	auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
+	defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
+	parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
+	testsudoers.c, version.c, visudo.c:
+	Add support for "Defaults" line in sudoers to make configuration
+	variables changable at runtime (and on a global, per-host and per-
+	user basis). Both the names and the internal representation are
+	still subject to change. It was necessary to make sudo_user.runas
+	but a char ** instead of a char * since this value can be changed by
+	a Defaults line. There is a similar (but more complicated) issue
+	with sudo_user.prompt but it is handled differently at the moment.
+
+	Add a "-L" flag to list the name of options with their descriptions.
+	This may only be temporary.
+
+	Move some prototypes to parse.h
+
+	Be much less restrictive on what is allowed for a username.
+	[f71abf7ba80c]
+
+	* sample.syslog.conf:
+	Add more info
+	[e952e6f42d4d]
+
+1999-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
+	strcasecmp.c:
+	UCB has dropped the advertising clause from their license.
+	[a5602b36a341]
+
+1999-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/sudo_auth.h:
+	move dce_verofy proto to correct section
+	[972c815af558]
+
+	* auth/dce.c:
+	remove XXX
+	[820631855be0]
+
+1999-08-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* emul/fnmatch.h:
+	Add fnmatch() prototype
+	[79e84576d92a]
+
+	* fnmatch.c, parse.c, testsudoers.c:
+	Move inclusion of emul/fnmatch.h to be after sudo.h for __P
+	[1182c89fa811]
+
+	* sudo.h:
+	add strcasecmp proto
+	[512d1d8a6a0c]
+
+	* auth/sudo_auth.c:
+	add check for case where there are no auth methods
+	[e4af2b91b43e]
+
+	* configure, configure.in:
+	Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
+	SunOS4 w/ gcc
+	[746ce8bcec23]
+
+	* getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
+	include strings.h everywhere we include string.h
+	[6f7d5d437e7b]
+
+	* version.c:
+	nicer output when showing auth methods
+	[0eac4b977f9d]
+
+	* version.c:
+	Add support for SEND_MAIL_WHEN_NO_HOST
+	[9f20a3a3fae6]
+
+	* config.h.in, configure, configure.in:
+	Add _GNU_SOURCE for Linux
+	[c7bd8c511847]
+
+	* lex.yy.c, parse.lex:
+	fix definition of OCTECT
+	[4af30e63244d]
+
+	* configure, configure.in:
+	aix_auth.o not authenticate.o
+	[fe95dfb08df4]
+
+1999-08-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
+	keyboard). Since we run with ruid/euid == 0 the user can't really
+	signal us in nasty ways.
+	[a7f6487c0f48]
+
+	* visudo.c:
+	Don't need to worry about catching too many signals since we do
+	locking on the tmp file. If a lockfile is really stale, it will be
+	detected and overwritten.
+	[28983db3e749]
+
+	* INSTALL, Makefile.in:
+	include auth/API in tarball
+	[014991600252]
+
+	* auth/sudo_auth.c:
+	move memset() of plaintext pw outside of verify loop and only do the
+	memset if we are *not* in standalone mode.
+	[66f8e87567e2]
+
+	* auth/sudo_auth.c, auth/sudo_auth.h:
+	DCE is not a standalone method
+	[34963e2d8a1b]
+
+	* sudo.c:
+	fix --enable-noargs-shell
+	[4234062abbb0]
+
+	* snprintf.c:
+	"#ifdef __STDC__" not "#if __STDC__" (I missed one)
+	[c430b80454c6]
+
+	* auth/fwtk.c, auth/sia.c:
+	_cleanup() function returns an int.
+	[d1a1cc071ec1]
+
+	* auth/dce.c:
+	there were still some return(0)'s hanging around, make them
+	AUTH_FAILURE
+	[1002aa1962c3]
+
+	* parse.c:
+	typo in comment
+	[5abc410dbfd2]
+
+	* version.c:
+	add missing semicolon
+	[a262283b52a5]
+
+	* auth/sudo_auth.h:
+	missing backslash
+	[bf89f6bd2900]
+
+1999-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, config.h.in, configure, configure.in:
+	Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
+	[f1a9bca0cf67]
+
+	* Makefile.in:
+	add parse.h to HDRS
+	[a3d054987766]
+
+	* Makefile.in, configure, configure.in:
+	Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
+	LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
+	network libs like -lsocket, -lnsl go in NET_LIBS. This allows
+	testsudoers to build on Solaris and is a bit cleaner in general.
+	[4e6239e97002]
+
+	* UPGRADE:
+	mention ptmp -> sudoers.tmp
+	[ec3baa0fe8a1]
+
+	* config.h.in, configure, configure.in:
+	Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
+	[6f93dc7f39f5]
+
+	* RUNSON:
+	add 2 reports
+	[ce0fcc00ee4e]
+
+	* auth/kerb5.c:
+	Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
+	return a value more like a system function
+	[0dd56aa21424]
+
+	* auth/dce.c:
+	Add an XXX
+	[58fc8562c212]
+
+	* TODO:
+	more things todo!
+	[5a459d0cf339]
+
+	* sample.sudoers:
+	update based on what is in the man page
+	[1a0477db96fa]
+
+	* parse.yacc, sudo.tab.c:
+	minor change to first line printed in -l mode
+	[69eb57d96952]
+
+	* sudo.cat, sudo.html, sudo.man, sudo.pod:
+	rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
+	standard and add "EXAMPLES" section
+	[7e543335ebe1]
+
+	* visudo.cat, visudo.html, visudo.man, visudo.pod:
+	rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
+	standard
+	[f82d87ed65c2]
+
+	* logging.c, parse.c, sudo.h:
+	add FLAG_NO_CHECK
+	[c7d69176a2d7]
+
+	* lex.yy.c, parse.lex:
+	make an OCTET really be limited to 0-255
+	[6ee568dd6a02]
+
+	* UPGRADE:
+	mention timestamp changes
+	[e44d5302bf60]
+
+	* PORTING:
+	cosmetic cleanup
+	[36fa3a2664dd]
+
+	* sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+	new sudoers(8) man page
+	[e674d06283d0]
+
+1999-08-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* version.c:
+	Update comments about syslog name tables
+	[63830a782dcb]
+
+	* CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
+	strcasecmp.c, sudo.tab.c:
+	include strcasecmp() for those without it
+	[a0d8e2488bbc]
+
+	* sample.sudoers:
+	Use the : operator some more and fix a typo
+	[18804c70da86]
+
+	* HISTORY:
+	update the history of sudo
+	[9d9b3d5279b3]
+
+	* parse.c, parse.lex, testsudoers.c:
+	CIDR-style netmask support
+	[768644467353]
+
+	* CHANGES:
+	recent changes
+	[a4319e9d07cb]
+
+	* sudo.tab.c, sudo.tab.h:
+	these should be generated with byacc, not bison
+	[f57b9489b752]
+
+	* lex.yy.c:
+	regen
+	[522461f95dfa]
+
+	* parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
+	In "sudo -l" mode, the type of the stored (expanded) alias was not
+	stored with the contents. This could lead to incorrect output if
+	the sudoers file had different alias types with the same name.
+	Normal parsing (ie: not in '-l' mode) is unaffected.
+	[823fe2bc4b79]
+
+1999-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	define _XOPEN_SOURCE to get at crypt() proto on some systems
+	[1b3769b86fb9]
+
+1999-08-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* snprintf.c:
+	fix comment
+	[fc1264df00f7]
+
+	* tgetpass.c:
+	don't need limits.h
+	[f1631829af45]
+
+	* snprintf.c:
+	kill bogus reference to vfprintf
+	[a0b99b25d389]
+
+	* sample.sudoers, sudoers:
+	better examples
+	[b4d87ea64cc8]
+
+	* snprintf.c:
+	Add some const in the K&R defs. This is safe since we define const
+	away if the compiler doesn't grok it.
+	[614d6e83d45e]
+
+	* aclocal.m4, configure:
+	Better test for working long long support. Ultrix compiler supports
+	basic long long but not all operations on them.
+	[5da1508710ed]
+
+	* aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
+	snprintf.c, sudo.c:
+	Add check for LONG_IS_QUAD #undef MAXINT before including
+	hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
+	in snprintf.c and use LONG_IS_QUAD
+	[a1f7993367fc]
+
+1999-08-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE, aclocal.m4, config.h.in, configure, configure.in,
+	snprintf.c:
+	UCB-derived snprintf + asprintf support. Supports quads if the
+	compiler does. No floating point yet, perhaps later...
+	[0caf05aba945]
+
+1999-08-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
+	goodpath.c, logging.c, parse.c, sudo.c:
+	Run most of the code as root, not the invoking user. It doesn't
+	really gain us anything to run as the user since an attacker can
+	just have an setuid(0) in their egg. Running as root solves
+	potential problems wrt signalling.
+	[408e530dda01]
+
+	* sudo.tab.c:
+	regen
+	[f8cfb37e37de]
+
+1999-08-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c, sudo.c:
+	Don't wait for child to finish in log_error(), let the signal
+	handler get it if we are still running, else let init reap it for
+	us. The extra time it takes to wait lets the user know that mail is
+	being sent.
+
+	Install SIGCHLD handler in main() and for POSIX signals, block
+	everything
+	*except* SIGCHLD.
+	[d2b6ab0ef3be]
+
+	* INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
+	parse.yacc, sudo.c, sudo.h:
+	sudoers_lookup() now returns a bitmap instead of an int. This makes
+	it possible to express things like "failed to validate because user
+	not listed for this host". Some thigns that were previously
+	VALIDATE_FOO are now FLAG_FOO. This may change later on.
+
+	Reorganized code in log_auth() and sudo.c to deal with above
+	changes.
+
+	Safer versions of push/pushcp with in the do { ... } while (0) style
+
+	parse.yacc now saves info on the stack to allow parse.c to determine
+	if a user was listed, but not for the host he/she tried to run on.
+
+	Added --with-mail-if-no-host option
+	[63326cb01efc]
+
+1999-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
+	visudo.man, visudo.pod:
+	o NewArgv and NewArgc don't need to be externally visible. o If
+	pedantic > 1, it is a parse error. o Add -s (strict) option to
+	visudo which sets pedantic to 2.
+	[5d7d81b55cd5]
+
+	* HISTORY, INSTALL:
+	Just have sudo-bugs contact info in one place
+	[e7f6588ea683]
+
+	* sudo.cat, sudo.html, sudo.man, sudo.pod:
+	Add BUGS section
+	[6607d96ea510]
+
+	* Makefile.in, configure, configure.in:
+	Add testsudoers to default build target if --with-devel Don't clean
+	generated parser files unless "distclean".
+	[5827b769dc57]
+
+	* parse.yacc, sudo.tab.c:
+	In pedantic mode we need to save *all* the aliases, not just those
+	that match, or we get spurious warnings.
+	[24f5b1f0e1de]
+
+	* TROUBLESHOOTING:
+	reference samples.sylog.conf
+	[11841668380a]
+
+1999-08-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sample.syslog.conf:
+	Sample entries for syslog.conf
+	[0f7697d878a1]
+
+	* CHANGES:
+	recent changes
+	[8bca8810c6bd]
+
+	* auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
+	auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+	auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
+	auth/sudo_auth.c, auth/sudo_auth.h:
+	In struct sudo_auth, turn need_root and configured into flags and
+	add a flag to specify an auth method is running alone (the only
+	one). Pass auth methods their sudo_auth pointer, not the data
+	pointer. This allows us to get at the flags and tell if we are the
+	only auth method. That, in turn, allows the method to be able to
+	decide what should/should not be a fatal error. Currently only
+	rfc1938 uses it this way, which allows us to kill the OTP_ONLY
+	define and te hackery that went with it. With access to the
+	sudo_auth struct, methods can also get at a string holding their
+	cannonical name (useful in error messages).
+	[b7e320fc6511]
+
+	* INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
+	getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
+	sudo.tab.h:
+	o --with-otp deprecated, use --without-passwd instead o real
+	dependencies in the Makefile o --with-devel option to enable yacc,
+	lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
+	back to being a token, not a string but don't leak memory o rename
+	hsotspec -> host in parse.yacc
+	[912c45226cb2]
+
+1999-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS, CHANGES:
+	recent changes
+	[801fa6e55687]
+
+	* auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
+	sudo.c, sudo.h:
+	o Digital UNIX needs to check for *snprintf() before -ldb is added
+	to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
+	for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
+	functions in snprintf.c to fix -Wall o Add missing includes to fix
+	more -Wall
+	[8d207203e126]
+
+	* INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
+	configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
+	visudo.c:
+	o Add a "pedentic" flag to the parser. This makes sudo warn in
+	cases where an alias may be used before it is defined. Only turned
+	on for visudo and testsudoers. o Add --disable-authentication option
+	that makes sudo not require authentication by default. The PASSWD
+	tag can be used to require authentication for an entry. We no
+	longer overload --without-passwd.
+	[f307e09adf98]
+
+	* lex.yy.c, parse.lex:
+	Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
+	username can contain just about anything so be very permissive. Also
+	drop the unused \. punctuation.
+	[06a50614ff89]
+
+1999-08-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc, sudo.tab.c:
+	o add a 'val' element to aliasinfo struct and move -> parse.h o
+	find_alias() now returns an aliasinfo * instead of boolean o
+	add_alias() now takes a value parameter to store in the
+	aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
+	return: 1) positive match 0) negative match (due to '!')
+	-1) no match This means setting $$ explicitly in all cases, which I
+	should have done in the first place. It also means that we always
+	store a value that is != -1 and when we see a '!' we can set
+	*_matches to !rv if rv != -1. The upshot of all of this is that '!'
+	now works the way it should in lists and some of the rules are more
+	uniform and sensible.
+	[ad8e73b5d581]
+
+	* Makefile.in:
+	add parse.h dependency
+	[4ccccd464d30]
+
+	* parse.h:
+	kill unused *_matched macros
+	[02cba6dcb732]
+
+	* parse.yacc:
+	Allow a list of users as the first thing in a user spec, not just a
+	single entry. This makes things more uniform, though it does allow
+	you to write user specs that are hard to read.
+	[3c4c91c508ca]
+
+	* sudo.tab.c:
+	parse.yacc
+	[feca81881bb6]
+
+	* configure:
+	regen
+	[6f247010bb3b]
+
+	* configure.in:
+	fix check for crypt() in libufc
+	[82770736f4b0]
+
+1999-08-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README:
+	sudo-users list now exists
+	[4716d2bb0bbf]
+
+	* INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
+	Update to reality.
+	[1eda2d57e42a]
+
+	* CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
+	config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
+	version.c, visudo.c:
+	o Move lock_file() and touch() into fileops.c so visudo can use them
+	o Visudo now locks the sudoers temp file instead of bailing when the
+	temp file already exists. This fixes the problem of stale temp
+	files but it does *require* that you not try to put the temp file in
+	a world-writable directory. This shoud not be an issue as the temp
+	file should live in the same dir as sudoers. o Visudo now only
+	installs the temp file as sudoers if it changed.
+	[2517cd06c070]
+
+1999-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	add fcntl locking
+	[c304adeaf515]
+
+	* config.h.in, configure, configure.in, logging.c:
+	Lock the log file.
+	[d8652704fbdf]
+
+	* Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
+	visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
+	o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
+	temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
+	-> _PATH_SUDOERS_TMP
+	[68cad8975807]
+
+1999-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, check.c, config.h.in, configure, configure.in, version.c:
+	o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
+	root sudo -V config reporting
+	[cdd2613a9dcf]
+
+	* configure, configure.in:
+	aix_auth.o not authenticate.o
+	[d972e35f6730]
+
+	* config.h.in:
+	Add --with-goodpri and --with-badpri configure options to specify
+	the syslog priority to use.
+	[2595ae50ab86]
+
+	* INSTALL, configure, configure.in, logging.h:
+	Add --with-goodpri and --with-badpri configure options to specify
+	the syslog priority to use.
+	[8276ee9b2b49]
+
+	* compat.h:
+	kill crufty AIX stuff
+	[a4f35ef9854e]
+
+	* Makefile.in:
+	Sigh, some versions of make (like Solaris's) don't deal with $< like
+	I would expect. Both GNU and BSD makes get this right but... So, we
+	just expand $< inline at the cost of some ugliness.
+	[b1b456f8801f]
+
+	* version.c:
+	If the invoking user is root, sudo will now print configure info in
+	-V mode. Currently just prints logging info, to be expanded later.
+	[392f7ed99267]
+
+	* logging.c, logging.h, sudo.c, sudo.h:
+	o new defines for syslog facility and priority o use new
+	print_version() functino for -V mode
+	[78abc5142985]
+
+	* check.c:
+	Don't need version.c
+	[db9a830ad893]
+
+	* aclocal.m4, config.h.in, configure, configure.in:
+	Add check for syslog facilities and priorities tables in syslog.h
+	[b86213e5fc5c]
+
+	* Makefile.in:
+	o authenticate -> aix_auth o add version.c
+	[44b6b9a8d0f5]
+
+	* auth/sudo_auth.c:
+	Missed a prompt -> user_prompt conversion
+	[e4c60b1f210c]
+
+1999-08-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO:
+	sudo should lock its logfile
+	[6d2830b28b07]
+
+	* parse.yacc, sudo.tab.c:
+	o Add '!' correctly when expanding Aliases. o Add shortcut macros
+	for append() to make things more readable. o The separator in
+	append() is now a string instead of a char. o In append(), only
+	prepend the separator if the last char is not a '!'. This is a
+	hack but it greatly simplifies '!' handling. o In -l mode, Runas
+	lists and NOPASSWD/PASSWD tags are now inherited across entries in
+	a list (matches current behavior). o Fix formatting in -l mode such
+	that items in a list are separated by a space. Greatlt improves
+	readability. o Space for name field in struct aliasinfo is now
+	allocated dyanically instead of using a (big) buffer. o In
+	add_alias(), only search the list once (lsearch instead of lfind +
+	lsearch)
+	[51f7e07addb9]
+
+	* lex.yy.c, sudo.tab.c, sudo.tab.h:
+	regen
+	[5c19bb05dc21]
+
+	* configure, configure.in:
+	Solais pam doesn't require anye xtra setup
+	[a25ba03d91d1]
+
+	* parse.yacc:
+	o Simpler '!' support now that the lexer deals with multiple !'s for
+	us. o In the case of opFOO, have FOO give a boolean return value and
+	set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
+	it gets fill()'d in parse.lex--fixes a small memory leak. In the
+	long run it may be better to just fix parse.lex and make ALL back
+	into a token. However, having it be a string is useful since it
+	can be easily passed back to the parent rule if we so desire.
+	[b3c64b443018]
+
+	* parse.lex:
+	o Remove some unnecessary backslashes o collapse multiple !'s by
+	using !+ and checking if yyleng is even or odd. this allows us to
+	simplify ! handling in parse.yacc
+	[76330e8da8e3]
+
+	* sudo.c:
+	-u flag was being ignored
+	[e30283207585]
+
+1999-08-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	correct fix
+	[a0e2377dec8f]
+
+	* Makefile.in:
+	work around pod2man stupididy
+	[7c755640b67f]
+
+	* Makefile.in:
+	correct dependencies for .cat
+	[5ed7b0653b68]
+
+	* sudo.cat, sudo.man, visudo.cat, visudo.man:
+	regen
+	[b74510dd6a0a]
+
+	* sudo.pod, visudo.pod:
+	Add copyright Update to reality
+	[188e9b046c15]
+
+	* parse.c, sudo.c, sudo.h:
+	rename validate() to the more descriptive sudoers_lookup()
+	[7a1cb652f379]
+
+	* auth/aix_auth.c:
+	use tgetpass
+	[b8ba5daec40a]
+
+1999-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	updates
+	[e61460cdf4a0]
+
+	* HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
+	configure, configure.in, sudo.c:
+	Sudo, not CU Sudo
+	[9061b3573c0c]
+
+	* LICENSE:
+	add 4th term to license similar to term 5 in the apache license
+	[92712e895afb]
+
+	* emul/search.h, emul/utime.h:
+	add 4th term to license similar to term 5 in the apache license
+	[4f93a8b9396e]
+
+	* auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
+	auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
+	auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
+	auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
+	logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
+	pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
+	sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+	visudo.c:
+	add 4th term to license similar to term 5 in the apache license
+	[afae9f2bf9ec]
+
+	* ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
+	add 4th term to license similar to term 5 in the apache license
+	[c389d3fdafac]
+
+	* Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
+	getspwuid.c, goodpath.c:
+	add 4th term to license similar to term 5 in the apache license
+	[969e63dbd38e]
+
+	* LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
+	insults.h, logging.c, sudo.c, sudo.h:
+	there was a 1995 release too
+	[5963fd89457a]
+
+1999-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	updates
+	[254b794f16ab]
+
+	* check.c:
+	Use dirs instead of files for timestamp. This allows tty and non-
+	tty schemes to coexist reasonably. Note, however, that when you
+	update a tty ticket, the mtime on the user dir gets updated as well.
+	[44bfac32f799]
+
+	* configure, configure.in:
+	Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
+	when linking test program, not just -lprot. Also add check for
+	getspnam(). The SCO docs indicate that /etc/shadow can be used but
+	this may be a lie.
+	[2ba21d36cc1e]
+
+1999-07-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/API:
+	first cut at auth API description
+	[3d10df021eb8]
+
+1999-07-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
+	auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
+	auth/sudo_auth.h:
+	auth API change. There is now an init method that gets run before
+	the main loop. This allows auth routines to differentiate between
+	initialization that happens once vs. setup that needs to run each
+	time through the loop.
+	[76df1c0d3478]
+
+	* auth/kerb5.c, logging.c:
+	use easprintf() and evasprintf()
+	[fd97d96dc12f]
+
+	* alloc.c, sudo.h:
+	add easprintf() and evasprintf(), error checking versions of
+	asprintf() and vasprintf()
+	[f54385de20b7]
+
+	* TODO:
+	remove 2 items. One done, one won't do.
+	[64513b47bc7a]
+
+	* lex.yy.c, sudo.tab.c:
+	regen
+	[4aa299de2752]
+
+	* configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
+	visudo.html, visudo.man:
+	regen
+	[553c0d1209be]
+
+	* CHANGES:
+	new changes
+	[d7be00b7e36b]
+
+	* sudo.pod:
+	o Document -K flag and update meaning of -k flag. o BSD-style
+	copyright o Document clearing of BIND resolver environment variables
+	o Clarify bit about shared libs o suggest rc files create /tmp/.odus
+	if your OS gives away files
+	[4a4092be1455]
+
+	* visudo.pod:
+	BSD license
+	[ad0bfd0a4630]
+
+	* version.h:
+	BSD-style copyright
+	[ecc6479325be]
+
+	* tgetpass.c:
+	o BSD copyright o no need to block signals, we now do that in main()
+	o cosmetic changes
+	[61958beda7ab]
+
+	* testsudoers.c, visudo.c:
+	o BSD-style copyright o Use "struct sudo_user" instead of old
+	globals. o some cometic cleanup
+	[88c0c6924082]
+
+	* sudo_setenv.c:
+	BSD-style copyright
+	[df20290129a0]
+
+	* sudo.h:
+	o BSD copyright o logging and parser bits moved to their own .h
+	files o new "struct sudo_user" to encapsulate many of the old
+	globals.
+	[50fc86bf25cb]
+
+	* sudo.c:
+	o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
+	logging routines o simplified flow of control o BIND resolver
+	additions to badenv_table
+	[8c53f15bfcb0]
+
+	* strerror.c:
+	BSD-style copyright
+	[7c906c3a82ac]
+
+	* snprintf.c:
+	Now compiles on more K&R compilers
+	[07ab1d3231c7]
+
+	* putenv.c:
+	BSD-style copyright, cosmetic changes
+	[c42371295881]
+
+	* pathnames.h.in:
+	BSD-style copyright
+	[e5c34ebd4cf1]
+
+	* parse.c, parse.h, parse.lex, parse.yacc:
+	BSD-style copyright. Move parser-specific defines and structs into
+	parse.h + other cosmetic changes
+	[d3088efb6228]
+
+	* logging.h:
+	defines for logging routines
+	[13147941c02d]
+
+	* find_path.c, getspwuid.c, goodpath.c, interfaces.c:
+	BSD-style copyright, cosmetic changes
+	[e8205e91a4fa]
+
+	* ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+	interfaces.h:
+	BSD-style copyright
+	[b9499da7cdce]
+
+	* configure.in:
+	o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
+	kill --disable-tgetpass o add --without-passwd o changes to fill in
+	AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
+	v?asprintf() o replace --with-AuthSRV with --with-fwtk
+	[9a3f39b9c128]
+
+	* config.h.in:
+	BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
+	HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
+	HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
+	[9a09054db53a]
+
+	* compat.h:
+	BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
+	[25509c566975]
+
+	* alloc.c:
+	BSD-style copyright
+	[4967be892363]
+
+	* TROUBLESHOOTING:
+	no more --with-getpass
+	[afd5b670c196]
+
+	* TODO:
+	Take out things I've done...
+	[375420c8270e]
+
+	* README:
+	Refer to LICENSE
+	[c486c8db30f6]
+
+	* PORTING:
+	--with-getpass no longer exists
+	[db48202df1bb]
+
+	* Makefile.in:
+	BSD-style copyright. Update to reflect reality wrt new files and
+	new auth modules.
+	[61a2ca7940fb]
+
+	* INSTALL:
+	Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
+	--without-passwd.
+	[64e8f9e1c05e]
+
+	* HISTORY:
+	Update history a bit
+	[df60c0a871b8]
+
+	* COPYING, LICENSE:
+	Now distributed under a BSD-style license
+	[d1a184ccabe1]
+
+	* auth/sudo_auth.c:
+	o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
+	options. o skey/opie replaced by rfc1938 code o new struct sudo_user
+	global
+	[891b57060868]
+
+	* auth/pam.c, auth/sia.c:
+	BSD-style copyright and use new log functions
+	[65c44445ea84]
+
+	* auth/kerb5.c:
+	o BSD-style copyright o Use new log functiongs o Use asprintf() and
+	snprintf() where sensible.
+	[1ff0feaacf95]
+
+	* check.c:
+	Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
+	done more reasonably--better sanity checks and tty-based stamps are
+	now done as files in a directory with the same name as the invoking
+	user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
+	to mix tty and non-tty based ticket schemes but this may change in
+	the future (it requires sudo to use a directory instead of a file in
+	the non-tty case). Also, ``sudo -k'' now sets the ticket back to
+	the epoch and ``sudo -K'' really deletes the file. That way you
+	don't get the lecture again just because you killed your ticket in
+	.logout. BSD-style copyright now.
+	[ec3460f85be8]
+
+	* logging.c:
+	o rewritten logging routines. log_error() now takes printf-style
+	varargs and log_auth() for the return value of validate(). o BSD-
+	style copyright
+	[438292025c4e]
+
+	* auth.c, check_sia.c, dce_pwent.c, secureware.c:
+	superceded by new auth API
+	[412060590da7]
+
+	* auth/kerb4.c:
+	BSD-style copyright
+	[cc4e800833c7]
+
+	* auth/fwtk.c:
+	Use snprintf() where it makes sense and add a BSD-style copyright
+	[1b7502388a74]
+
+	* auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
+	auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
+	BSD-style copyright
+	[42583bedae5c]
+
+	* emul/utime.h, utime.c:
+	BSD-style copyright
+	[3985c90aba47]
+
+	* emul/search.h:
+	this has been rewritten so use my BSD-style copyright
+	[176df1b0de6f]
+
+1999-07-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* snprintf.c:
+	include malloc.h if no stdlib.h
+	[7b123f1d1d03]
+
+	* snprintf.c:
+	KTH snprintf()/asprintf() for systems w/o them
+	[3ca9aefb9d01]
+
+	* strerror.c:
+	strerror() for systems w/o it
+	[7f0bd8a1c1b4]
+
+1999-07-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	stylistic changes
+	[6f99aceb7170]
+
+	* parse.c, parse.lex, parse.yacc:
+	Add contribution info in the main comment
+	[e50cec10acd6]
+
+1999-07-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	remove missed ref to PAM_nullpw
+	[a43e59692cdb]
+
+	* auth/sudo_auth.h:
+	pasto
+	[891ff138ab89]
+
+	* auth/kerb5.c:
+	more or less complete now--still untested
+	[21036732faa0]
+
+	* auth/afs.c, auth/pam.c:
+	don't use user_name macro, it will go away
+	[def7cf727349]
+
+	* auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
+	combine skey/opie code into rfc1938.c
+	[44d88ca93d3e]
+
+	* auth/dce.c, auth/sudo_auth.h:
+	DCE authentication method; basically unchanged from dce_pwent.c
+	[4d468473dd6f]
+
+	* auth/aix_auth.c, auth/sudo_auth.h:
+	AIX authenticate() support. Could probably be much better
+	[000013321a33]
+
+	* auth/sia.c:
+	Fix an uninitialized variable and some cleanup. Now works (tested)
+	[fd6ad88ff055]
+
+	* auth/sia.c, auth/sudo_auth.h:
+	SIA support for digital unix
+	[5335f3e70eab]
+
+	* auth/pam.c:
+	don't use prompt global, it will go away
+	[fadd22dd6ce4]
+
+	* auth/secureware.c:
+	correct copyright years
+	[6aa07c49f51b]
+
+	* auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
+	auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
+	auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
+	New authentication API and methods
+	[9debe9b59c79]
+
+1999-07-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.tab.c:
+	regen
+	[84578e82c1a6]
+
+	* parse.yacc:
+	only save an entry if user_matches && host_matches, even if the
+	stack is empty (fix for previous commit)
+	[00984b078d8a]
+
+	* sudo.tab.c:
+	regen
+	[66acf160b4b7]
+
+	* parse.yacc:
+	1) Always save an entry on the stack if it is empty. This fixes the
+	-l and -v flags that were broken by earlier parser changes.
+
+	2) In a Runas list, don't negate FALSE -> TRUE since that would make
+	!foo match any time the user specified a runas user (via -u) other
+	than foo.
+	[f322eb54b015]
+
+	* testsudoers.c:
+	interfaces and num_interfaces are now auto, not extern
+	[113add5c6518]
+
+1999-07-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth.c:
+	use a static global to keep stae about empty passwords
+	[bc02e30807d8]
+
+	* check_sia.c:
+	make PASSWORD_NOT_CORRECT logging consistent with other modules
+	[21962549d5fd]
+
+1999-07-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth.c:
+	PAM prompt code was wrong, looks like we have to kludge it after
+	all.
+	[91f246155ead]
+
+	* auth.c:
+	In the PAM code, when a user hits return at the first password
+	prompt, exit without a warning just like the normal auth code
+	[918f59bacdb7]
+
+	* configure, configure.in:
+	kludge around cross-compiler false positives
+	[5e5fc8356400]
+
+	* auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
+	New (correct) PAM code Tgetpass now takes an echo flag for use with
+	PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
+	useless umask setting Change error from BAD_ALLOCATION ->
+	BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
+	for consistency
+	[e71397f09dd8]
+
+	* sudo.c:
+	Some -Wall and kill some trailing spaces
+	[8229b43d5c4e]
+
+	* configure.in:
+	define -D__EXTENSIONS__ for solaris so we get crypt() proto
+	[7533e4436cab]
+
+1999-06-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON:
+	add Dynix 4.4.4
+	[b69f773efbce]
+
+	* INSTALL, config.h.in, configure, configure.in:
+	for kerberos V < version, fall back on old kerb4 auth code
+	[d685ed3a1d8e]
+
+	* INSTALL:
+	clarify some things
+	[2f5ba2e8e53a]
+
+	* UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
+	typos
+	[8925a109c093]
+
+1999-06-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	mention why DONT_LEAK_PATH_INFO is not the default
+	[0346260cb4ec]
+
+1999-06-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	Fix open(2) return value checking, was NULL for fopen, should be -1
+	for open
+	[355878bf6d8a]
+
+	* configure:
+	regen
+	[68bf82871862]
+
+	* configure.in:
+	better wording for solaris pam notice
+	[04e88c7a6c42]
+
+	* CHANGES:
+	document recent changes
+	[7c922c5622ef]
+
+	* TROUBLESHOOTING:
+	Update shadow password section
+	[e8448bae7d66]
+
+	* auth.c:
+	move authentication code from check.c to auth.c
+	[e9f6ecae2399]
+
+	* Makefile.in, check.c, sudo.h:
+	move authentication code to auth.c
+	[124cded85f46]
+
+1999-05-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
+	getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
+	logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
+	sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
+	visudo.c:
+	Move interface-related defines to interfaces.h so we don't have to
+	include <netinet/in.h> everywhere.
+	[e7599d8ea0bf]
+
+1999-05-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
+	parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
+	o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
+	turns out the old DES crypt does the right thing with passwords
+	longert than 8 characters. o Fix common typo (necesary ->
+	necessary) o Update TODO list
+	[ad75007a6f13]
+
+1999-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	set $LOGNAME when we set $USER
+	[391596210fd7]
+
+1999-04-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	add comment about digital unix and interfaces.c warning with gcc
+	[e20f815901cc]
+
+1999-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sample.sudoers:
+	use modern paths and give examples for some of the new parser
+	features
+	[e7b2e507c695]
+
+1999-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	fix comment
+	[5eb0d005a65f]
+
+	* alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
+	getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
+	parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
+	sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
+	Function names should be flush with the start of the line so they
+	can be found trivially in an editor and with grep
+	[3c400abde574]
+
+	* find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
+	sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
+	free(3) is already void, no need to cast it
+	[6981e1ebda0f]
+
+	* logging.c, sudo.c, sudo.h:
+	catch case where cmnd_safe is not set (this should not be possible)
+	[3e1e3038546c]
+
+	* CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
+	testsudoers.c, visudo.c:
+	Stash the "safe" path (ie: the one listed in sudoers) to the command
+	instead of stashing the struct stat. Should be safer.
+	[aa2883fcf57e]
+
+1999-04-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, Makefile.in, UPGRADE:
+	notes on updating from an earlier release
+	[df9fffa4ab2c]
+
+	* CHANGES:
+	updated
+	[574f5065d15a]
+
+1999-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
+	sudoers.man, sudoers.pod:
+	You can now specifiy a host list instead of just a host or alias.
+	Ie: user = host1,host2,ALIAS,!host3 my_command now works.
+	[e3942bb78021]
+
+	* testsudoers.c:
+	Quiet -Wall
+	[a3edc8b08c3a]
+
+	* parse.yacc, sudo.tab.c:
+	Move the push from the beginning of cmndspec to the end. This means
+	we no longer have to do a push at the end of privilege, just reset
+	some values.
+	[8ea66e5860c6]
+
+	* sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+	runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
+	use "!" most everywhere
+	[aadae4d1c9d5]
+
+1999-04-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	modernize paths and update su example based on sample.sudoers one
+	[3f6a37e16c83]
+
+	* sample.sudoers:
+	New runas semantics
+	[756ee92865b7]
+
+	* CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
+	strdup.c, sudo.h:
+	In estrdup(), do the malloc ourselves so we don't need to rely on
+	the system strdup(3) which may or may not exist. There is now no
+	need to provide strdup() for those w/o it. Also, the prototype for
+	estrdup() was wrong, it returns char * and its param is const.
+	[5f1f984da8e3]
+
+	* getcwd.c:
+	$Sudo tag
+	[e4188a35e68c]
+
+	* check.c:
+	buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
+	[2aec87c86cde]
+
+	* CHANGES, TODO, parse.yacc, sudo.tab.c:
+	It is now possible to use the '!' operator in a runas list as well
+	as in a Cmnd_Alias, Host_Alias and User_Alias.
+	[a4fdaabda990]
+
+	* logging.c, sudo.h:
+	Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
+	[73d0376785ae]
+
+	* sudo.h:
+	Definitions of *_matched were wrong--user top, not top-2 as
+	subscript.
+	[5f8350a57362]
+
+	* logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
+	Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
+	command but the NOPASSWD flag was set. Make runasspec, runaslist,
+	runasuser, and nopasswd typeless in parse.yacc Add support for '!'
+	in the runas list Fix double printing of '%' and '+' for groups and
+	netgroups respectively Add *_matched macros (no need for local stack
+	variable). Should only be used directly after a pop (since top must
+	be >= 2).
+	[392b1400c4e6]
+
+	* aclocal.m4, configure.in:
+	Add copyright, somewhat silly
+	[55c2cdd82dca]
+
+1999-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
+	compat.h, config.h.in, configure, configure.in, dce_pwent.c,
+	emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
+	ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
+	lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
+	putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
+	sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
+	testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
+	visudo.man:
+	Crank version to 1.6 and combine copyright statements
+	[0e1c791658ae]
+
+	* sample.sudoers:
+	Use ! not ^ to do negation
+	[1480a0761730]
+
+	* lex.yy.c, sudo.tab.c:
+	regen
+	[89ca5a46684b]
+
+	* parse.lex, parse.yacc:
+	Make runas and NOPASSWD tags persistent across entris in a command
+	list. Add a PASSWD tag to reverse NOPASSWD. When you override a
+	runas or *PASSWD tag the value given becomes the new default for the
+	rest of the command list.
+	[f1bbb4066542]
+
+1999-04-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, RUNSON:
+	update for 1.5.9
+	[a1ae9d4a7d54] [SUDO_1_5_9]
+
+	* visudo.c:
+	Shift return value of system(3) by 8 to get real exit value and if
+	it is not 1 or 0 print the retval along with the error message.
+	[c1ff50d743fb]
+
+1999-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	testsudoers needs LIBOBJS too
+	[972571b4e4bf]
+
+	* parse.c, parse.yacc, sudo.tab.c:
+	Fix another parser bug. For a sudoers entry like this: millert
+	ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
+	as root.
+	[51968e1eb33d]
+
+	* CHANGES:
+	new change
+	[271c6110bb62]
+
+	* parse.yacc, sudo.tab.c:
+	Save entries that match a ! command on the matching stack too
+	[5afb5107116c]
+
+	* sudo.c:
+	Make sudo's usage info better when mutually exclusive args are given
+	and don't rely on argument order to detect this; nick@zeta.org.au
+	[2422753c88fd]
+
+1999-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, Makefile.in, RUNSON:
+	updates from CU
+	[b37381e3dafb]
+
+	* Makefile.in:
+	use gzip
+	[94a64e52a166]
+
+	* parse.yacc, sudo.tab.c:
+	Fix off by one error introduced in *alloc changes
+	[95ede581153a]
+
+	* BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
+	check_sia.c, compat.h, config.h.in, configure, configure.in,
+	dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
+	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+	interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
+	pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
+	sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
+	sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
+	visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
+	++version
+	[c6d88f024e37]
+
+	* Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
+	interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
+	putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
+	sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
+	Use emalloc/erealloc/estrdup
+	[44221d97361a]
+
+	* alloc.c:
+	error checking memory allocation routines
+	[5f8c1e7bbc71]
+
+	* parse.yacc, sudo.tab.c:
+	Still not right, this fixes it for real
+	[ad553b6f5339]
+
+	* parse.yacc, sudo.tab.c:
+	Fix for previous commit
+	[4d6f989f9bf2]
+
+	* CHANGES, INSTALL, parse.yacc:
+	Fix a parser bug that was exposed when mixing different runas specs
+	and ! commands. For example: millert ALL=(daemon)
+	/usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
+	as well as daemon when it should just allow daemon. The problem was
+	that comma-separated commands in a list shared the same entry on the
+	matching stack. Now they get their own entry iff there is a full
+	match. It may be better to just make the runas spec persistent
+	across all commands in a list like the user and host entries of the
+	matching stack. However, since that is a fairly major change it
+	should gets its own minor rev increase.
+	[c4b939cdcc8e]
+
+1999-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c, config.h.in:
+	Simplify PAM code and fix a PAM-related warning on Linux
+	[2468399523b6]
+
+1999-03-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	updates
+	[29d4a997769c]
+
+	* sample.sudoers:
+	better su entry
+	[76d8285a72ba]
+
+	* configure:
+	regen
+	[b7450cc6975d]
+
+	* check.c, configure.in:
+	new pam code that works on solaris, should work on linux too;
+	aelberg@home.com
+	[84c16c0ff259]
+
+1999-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON:
+	more entries
+	[b6bef8660759]
+
+	* config.h.in:
+	only include strings.h if there is no string.h
+	[b66054a32b00]
+
+1999-03-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.guess:
+	Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
+	[c086d2fe63af]
+
+1999-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	shost must be set before log functions are called #ifdef HOST_IN_LOG
+	[d49a7944358f]
+
+1999-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, lex.yy.c, parse.lex:
+	Fix a bug wrt quoting characters in command args. Stop processing
+	an arg when you hit a backslash so the quoted-character detection
+	can catch it.
+	[2281438d7f41]
+
+1999-02-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* interfaces.c:
+	include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
+	[31118a9e9916]
+
+1999-02-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	add missing case statement so --without-sendmail works
+	[ca25614f7dd9]
+
+1999-02-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	more
+	[4d70e44f7f93]
+
+1999-02-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	only search for -lsun in irix <= 4.x
+	[e604238317b1]
+
+	* configure, configure.in:
+	back out last configure.in change now that I've hacked autoconf to
+	fix the real problem and add a missing newline
+	[2dabf59a79b5]
+
+	* CHANGES:
+	updated
+	[bb35d526552f]
+
+	* getcwd.c:
+	add def of dirfd() for those without it
+	[95f0173d8441]
+
+	* configure, configure.in:
+	When falling back to checking for socket() when linking with
+	"-lsocket -lnsl" check for main() instead since autoconf has already
+	cached the results of checking for socket() in -lsocket. This is
+	really an autoconf bug as it should use the extra libs as part of
+	the cache variable name.
+	[a845f8b710ad]
+
+	* configure.in:
+	typo
+	[a7d62f62a478]
+
+1999-02-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	fix occurrence of $with_timeout that should be
+	$with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
+	bochum.de
+	[8c4da2cf73d1]
+
+1999-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.html, sudo.man, sudo.pod:
+	fix grammar; espie@openbsd.org
+	[7031d9dfbc3e] [SUDO_1_5_8]
+
+1999-02-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc, sudo.c, testsudoers.c:
+	add cast for strdup in places it does not have it
+	[7ce4478d3b0f]
+
+1999-02-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	define for_BSD_TYPES irix
+	[858337ff4af8]
+
+1999-02-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
+	Make it clear that it is the user's password, not root's, that we
+	want.
+	[ae0f51b35ee4]
+
+	* check.c, sudo.h:
+	If the user enters an empty password and really has no password,
+	accept the empty password they entered. Perviously, they could
+	enter anything
+	*but* an empty password. Also, add GETPASS macro that calls either
+	tgetpass() or getpass() depending on how sudo was configured.
+	Problem noted by jdg@maths.qmw.ac.uk
+	[2fde21ce94c1]
+
+1999-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
+	dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
+	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+	interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
+	pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
+	sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+	visudo.c:
+	add explicate copyright
+	[d3b4449834a5]
+
+	* CHANGES:
+	mention -lsocket, -lnsl configure changes
+	[9140af4ad8ae]
+
+1999-02-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Don't clobber errno after calling check_sudoers().
+	[59bd581b2654]
+
+1999-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	When linking with both -lsocket and -lnsl be sure to do so in that
+	order. Also, when we can't find socket() or inet_addr() and have to
+	try linking with both libs, issue a warning.
+	[0ee547163067]
+
+	* sudo.cat, sudo.man, sudo.pod:
+	clarify bad timestamp and fmt
+	[70e42cf56c75]
+
+1999-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, RUNSON:
+	be clear that pam is linux-only and add a RUNSON entry
+	[7fdeab875e0d]
+
+1999-01-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, INSTALL, configure, configure.in:
+	fix and correctly document --with-umask; problem noted by
+	adap@adap.org
+	[11cd0481d63a]
+
+1999-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	only use /usr/{man,catman}/local to store man pages if suer didn't
+	override prefix or mandir
+	[781ad2cbe9be]
+
+	* INSTALL, configure, configure.in:
+	fix typo, make --with-SecurID take an arg
+	[026a9b4014fc]
+
+1999-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON:
+	updates from users
+	[2286982b31e6]
+
+	* CHANGES, INSTALL, check.c, configure, configure.in:
+	FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
+	[23aa4e5c6b02]
+
+	* configure, configure.in:
+	better fix for the problem of unresolved symbols in -lnsl or
+	-lsocket
+	[82fe70fc287f]
+
+	* configure, configure.in:
+	when checking for functions in -lnsl and -lsocket link with both of
+	them to avoid unresolved symbols on some weirdo systems
+	[1734a591808e]
+
+1999-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS, CHANGES, RUNSON, TODO:
+	old changes that didn't make it into RCS before the RCS->CVS switch
+	[846eb2b8f9aa]
+
+1999-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
+	configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
+	getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+	ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
+	lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
+	secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
+	sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
+	visudo.pod:
+	add sudo tags
+	[962f81eaa5ab]
+
+	* sudo.h:
+	testing Sudo tag
+	[e84cbc521129]
+
+	* version.h:
+	testing Sudo tag
+	[a8c3a3998b88]
+
+	* BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
+	config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
+	find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
+	ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
+	logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
+	secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
+	sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
+	utime.c, version.h, visudo.c, visudo.cat, visudo.man:
+	crank version and regen files
+	[23eacf00a1a4]
+
+	* Makefile.in:
+	kill rcs goop in update_version and fix now that version is a const
+	[e6e50bd8d1e1]
+
+	* INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
+	sudo.c, sudo.h, sudo.pod:
+	kerb5 support from fcusack@iconnet.net
+	[8134027986e2]
+
+	* realpath.c, sudo_realpath.c:
+	we no longer use realpath
+	[0f5f64abc646]
+
+	* qualify.c:
+	replaced by find_path.c
+	[9e32a87e09c4]
+
+	* options.h:
+	all options are now configure flags
+	[ee6bd9610102]
+
+	* lex.yy.c:
+	regen
+	[bdbf8a18161f]
+
+	* getwd.c:
+	superceded by getcwd.c
+	[1e54ee0990b4]
+
+	* getpass.c:
+	superceded by tgetpass.c
+	[4e0d1edc30e3]
+
+	* SUPPORTED:
+	superceded by RUNSON
+	[854c5a21cb53]
+
+	* OPTIONS:
+	No longer used now that we have configure options for everything.
+	[9b1ae1c89259]
+
+	* configure:
+	regen based on configure.in
+	[3a4d73936973]
+
+	* sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
+	sudoers.man, visudo.cat, visudo.html, visudo.man:
+	regen based on sudo.pod, sudoers.pod, and visudo.pod
+	[c267beb90778]
+
+1998-12-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	fix tty tickets in remove_timestamp (didn't use ':')
+	[fd964a74a32b]
+
+1998-12-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* interfaces.c:
+	close sock when we are done with it
+	[95de0380f8a4]
+
+1998-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc:
+	never say "error on line -1"
+	[361db1491121]
+
+1998-11-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	check for -lnsl before -lsocket
+	[8e966d6bbcb5]
+
+	* configure.in:
+	quote '[', ']' used in ranges correctly
+	[fa4f9c6ff651]
+
+1998-11-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	add missing NO_ROOT_SUDO noted by drno@tsd.edu
+	[c969f25d1667]
+
+1998-11-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* version.h:
+	1.5.7
+	[7a22de0bc148]
+
+	* INSTALL:
+	more info for 1.5.7
+	[30ad9e784799]
+
+	* README:
+	update for 1.5.7
+	[cd03a0a27cd2]
+
+	* parse.yacc:
+	make increases of cm_list_size and ga_list_size be similar to
+	increases of stacksize (ie: >= not > in initial compare).
+	[6bd450a896c7]
+
+	* parse.yacc:
+	when we get a syntax error, report it for the previous line since
+	that's generally where the error occurred.
+	[c4ac84058f0b]
+
+1998-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure.in, interfaces.c:
+	add back check for sys/sockio.h but only use it if SIOCGIFCONF is
+	not defined
+	[d197f31fd1e4] [SUDO_1_5_7]
+
+	* config.h.in:
+	define BSD_COMP for svr4
+	[87ac1147ff79]
+
+	* check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
+	goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
+	parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
+	testsudoers.c, tgetpass.c, utime.c, visudo.c:
+	more -Wall
+	[d98e2d32db2a]
+
+	* configure.in:
+	kill check for sockio,h
+	[4399779014c1]
+
+	* config.h.in:
+	no more HAVE_SYS_SOCKIO_H
+	[67484528e347]
+
+	* check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
+	goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
+	parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
+	testsudoers.c, tgetpass.c, utime.c, visudo.c:
+	-Wall
+	[2b7e83976788]
+
+1998-11-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	add missing inform_user()
+	[8689528c6d55]
+
+1998-11-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* find_path.c:
+	return NOT_FOUND if given fully qualified path and it does not exist
+	previously it would perror(ENOENT) which bypasses the option to not
+	leak path info
+	[ccbc3d0130ae]
+
+	* configure.in:
+	for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
+	-ldes
+	[c77d3b484ece]
+
+1998-11-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	tty tickets are user:tty now
+	[a53a303a614d]
+
+	* check.c:
+	when using tty tickets make it user:tty not user.tty as a username
+	could have a '.' in it
+	[3160b3f5c890]
+
+1998-11-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	add "ignoring foo found in ." for auth successful case
+	[24257169e0bd]
+
+1998-11-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	add missing printf param
+	[8c905124f777]
+
+1998-11-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
+	go back to printing "command not found" unless --disable-path-info
+	specified. Also, tell user when we ignore '.' in their path and it
+	would have been used but for --with-ignore-dot.
+	[066e118c11e4]
+
+	* check.c, sudo.c:
+	Only one space after a colon, not two, in printf's
+	[38452f4c8007]
+
+1998-11-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod:
+	document setting $USER
+	[80557fe6aede]
+
+	* check.c:
+	fix bugs with prompt expansion
+	[44c4fca5f009]
+
+	* sudo.c:
+	set $USER for root too
+	[4b525e1c6269]
+
+1998-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* getspwuid.c:
+	typo
+	[5107446f43e0]
+
+	* configure.in:
+	HP-UX's iscomsec is in -lsec, not libc
+	[03c9f700b795]
+
+	* configure.in:
+	remove some entries in the OS case statement that did nothing
+	[ea96e7e0f624]
+
+	* TROUBLESHOOTING:
+	add "cd" section and flush out syslog section
+	[5107f7363b78]
+
+	* Makefile.in:
+	no more sudo-lex.yy.c
+	[ed50826efbbc]
+
+	* check_sia.c:
+	add custom prompt support
+	[6a285cea10b7]
+
+	* testsudoers.c:
+	kill perror("malloc") since we already have a good error messages
+	pw_ent -> pw for brevity
+	[eee31052921e]
+
+	* sudo.c:
+	kill perror("malloc") since we already have a good error messages
+	pw_ent -> pw for brevity set $USER if -u specified
+	[9f3753461f8a]
+
+	* parse.yacc:
+	kill perror("malloc") since we already have a good error messages
+	[849459088ac3]
+
+	* parse.c:
+	kill perror("malloc") since we already have a good error messages
+	pw_ent -> pw for brevity when checking if %group matches, look up
+	user in password file so that %groups works in a RunAs spec.
+	[0489b4ecc59a]
+
+	* logging.c:
+	kill perror("malloc") since we already have a good error messages
+	[3191a18b3526]
+
+	* check.c, getspwuid.c, interfaces.c:
+	kill perror("malloc") since we already have a good error messages
+	pw_ent -> pw for brevity
+	[7193fdb38cf9]
+
+1998-11-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	the prompt is expanded before tgetpass is called
+	[0f408f508041]
+
+	* sudo.h:
+	tgetpass now has the same args as getpass again
+	[b6778cd9d79f]
+
+	* getspwuid.c:
+	add iscomsec, issecure support
+	[007be7ec7ae7]
+
+	* check.c:
+	we now expand any %h or %u in the prompt before passing to tgetpass
+	[f3db8c9ee387]
+
+	* configure.in:
+	add check for syslog(3) in -lsocket, -lnsl, -linet
+	[5a96f902ce00]
+
+	* config.h.in:
+	add HAVE_ISCOMSEC and HAVE_ISSECURE
+	[f640b0d4cf05]
+
+	* configure.in:
+	add check for iscomsec in HP-UX
+	[b28b249040f0]
+
+	* configure.in:
+	check for issecure if we have getpwanam on SunOS some options are
+	incompatible with DUNIX SIA check for dispcrypt on DUNIX
+	[a49d05d9c913]
+
+1998-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	add HAVE_DISPCRYPT
+	[7376d543d8d6]
+
+	* secureware.c:
+	add back support for non-dispcrypt based checking for older DUNIX
+	[977b98e936be]
+
+	* INSTALL:
+	sia changes
+	[c5387c06e30f]
+
+	* configure.in:
+	SIA becomes the default on Digital UNIX now havbe --disable-sia to
+	turn it off...
+	[3b647558ea13]
+
+	* check.c:
+	move local includes after system ones
+	[b2abad4c4aef]
+
+1998-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c, check_sia.c, sudo.h:
+	add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
+	stderr
+	[547cbf299661]
+
+	* check_sia.c:
+	fix while loop in sia_attempt_auth() that checks the password. Only
+	the first iteration was working.
+	[1886fd1ac831]
+
+1998-10-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aclocal.m4:
+	don't trust UID_MAX or MAXUID
+	[2aeddb1654d8]
+
+	* configure.in:
+	fix two pastos
+	[c18f0a10b75d]
+
+	* configure.in:
+	fix typo
+	[1eb3190ef12d]
+
+	* getspwuid.c, secureware.c:
+	init crypt_type to INT_MAX since it is legal to be negative in DUNX
+	5.0
+	[cefbde04822d]
+
+	* configure.in:
+	for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
+	-ldb since DUNX < 4.0 lacks it
+	[e6b11d971068]
+
+1998-10-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c, compat.h, config.h.in, configure.in, getspwuid.c,
+	secureware.c, sudo.c, tgetpass.c:
+	getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
+	minutes if the shadow files don't exist).
+	[2f297d095004]
+
+1998-10-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	updated --with-editor blurb
+	[77d8a3ea7328]
+
+	* TROUBLESHOOTING:
+	tell how to put sudoers in a different dir
+	[456cd20eb1d0]
+
+	* configure.in:
+	add missing quotes around $with_editor
+	[22881748ab1b]
+
+	* configure.in:
+	typo in --with-editor bits
+	[ab6964580681]
+
+	* INSTALL:
+	I don't expect it to work on Solaris
+	[1c2fceaaf56e]
+
+	* check.c:
+	add back security/pam_misc.h
+	[6ffd30033c1e]
+
+1998-10-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	remove dunix note since configure checks for this now
+	[e9904512b8e8]
+
+	* configure.in:
+	add check for broken dunix prot.h (4.0 < 4.0D is bad)
+	[8a4c1e6aef3b]
+
+	* getspwuid.c, secureware.c, tgetpass.c:
+	new dunix shadow code, use dispcrypt(3)
+	[1b936bc7268c]
+
+	* config.h.in:
+	add HAVE_INITPRIVS
+	[4369f4c4f914]
+
+	* sudo.c:
+	call initprivs() if we have it for getprpwuid later on
+	[11cf5915d826]
+
+	* Makefile.in:
+	clean pathnames.h too
+	[5f1df3262613]
+
+	* configure.in:
+	quote "Sorry, try again." with [] since it has a comma in it set
+	LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
+	getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
+	initprivs later.
+	[e226b0a3f250]
+
+	* INSTALL:
+	update Digital UNIX note about acl.h
+	[80132b71d73a]
+
+	* INSTALL:
+	add --with-sia
+	--without-root-sudo -> --disable-root-sudo some reordering
+	[198386358818]
+
+	* secureware.c:
+	add whitespace
+	[4aadaf1a54b0]
+
+	* Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
+	add SIA support
+	[fa3ddbb9cc51]
+
+	* check_sia.c:
+	Initial revision
+	[2968551d40e4]
+
+1998-10-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	when checking for -lsocket, -lnsl, and -linet, check for the
+	specific functions we need from them.
+	[8d33e64362a3]
+
+	* config.h.in, sudo.h:
+	move Syslog_* defs into sudo.h
+	[03d1774f25c7]
+
+	* Makefile.in, sudo.h:
+	added check_secureware
+	[e46e3cbb9a97]
+
+	* configure.in:
+	finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
+	[dbefe1856503]
+
+	* insults.h:
+	don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
+	defined. configure now does that for us
+	[e4520ea0581f]
+
+	* configure.in:
+	move some --with options around change a bunch of echo's to
+	AC_MSG_CHECKING, AC_MSG_RESULT pairs
+	[ffdf6869fdd7]
+
+	* configure.in:
+	change $with_foo-bar -> $with_foo_bar kill extra " that caused a
+	syntax error add some echo verbage
+	[3278c49bf74b]
+
+1998-10-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	moved SecureWare stuff into secureware.c
+	[42d3d3ac35dc]
+
+	* secureware.c:
+	Initial revision
+	[aa7f72a249cf]
+
+	* INSTALL:
+	update url to solaris gcc bins
+	[36a3eb668777]
+
+	* INSTALL:
+	change option formatter and flesh out someentries
+	[6fbd1db4a8ad]
+
+	* TROUBLESHOOTING, sudo.pod, visudo.pod:
+	environmental variable -> environment variable
+	[6f14d708e32d]
+
+	* BUGS:
+	everything is now done via configure
+	[c217858f58ab]
+
+	* README:
+	prev rev was 1.5.6
+	[7b4177103c35]
+
+	* Makefile.in:
+	passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
+	[31c6b0a5e0e2]
+
+	* config.h.in:
+	SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
+	[d406a1ef6d25]
+
+	* Makefile.in:
+	merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
+	sudoers_mode from configure
+	[1c509500655a]
+
+	* configure.in:
+	SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
+	the Makefile, not config.h
+	[d4482f1492fe]
+
+	* INSTALL:
+	document all --with/--enable options
+	[22d81b312d7f]
+
+1998-10-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* insults.h:
+	options.h is no more
+	[560946a33f7f]
+
+	* config.h.in:
+	assimilated options.h
+	[dd8ce74613c1]
+
+	* configure.in:
+	moved options from options.h to configure
+	[d39662f71b4e]
+
+	* check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
+	logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
+	sudo_setenv.c, visudo.c:
+	no more options.h
+	[43924bf0858d]
+
+	* INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
+	remove references to options.h
+	[ef3474295395]
+
+	* dce_pwent.c, interfaces.c, sudo.c:
+	kill sys/time.h
+	[4d833f0034e4]
+
+	* tgetpass.c:
+	if select return < -1 still prompt for pw
+	[e0009e5c93a2]
+
+	* options.h:
+	convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
+	configure options
+	[e60a1e546516]
+
+	* parse.c:
+	FAST_MATCH is no longer an optino
+	[c448dbb3464b]
+
+	* check.c:
+	remove_timestamp() if timestamp is preposterous
+	[70d9a86c6ecd]
+
+	* options.h:
+	convert more options to --with/--enable
+	[34646d9b09dc]
+
+	* INSTALL, aclocal.m4:
+	logfile -> logpath
+	[42de502bc637]
+
+	* configure.in:
+	convert more options into --with and --enable
+	[92d0898c9844]
+
+	* tgetpass.c:
+	catch EINTR in select and restart
+	[f045d2f234d7]
+
+	* logging.c:
+	sys/errno -> errno
+	[7f0c5beab6f2]
+
+1998-09-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	UMASK -> SUDO_UMASK.
+	[48f308661514]
+
+	* check.c, logging.c:
+	time.h, not sys/time.h
+	[91de049c79e4]
+
+1998-09-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	MAILER -> _PATH_SENDMAIL
+	[df65d6896639]
+
+	* INSTALL, configure.in:
+	no more --with-C2, now it is --disable-shadow
+	[18bfcab3b9ab]
+
+	* aclocal.m4, check.c, compat.h, config.h.in, configure.in,
+	getspwuid.c, sudo.c, tgetpass.c:
+	new shadow password scheme. Always include shadow support if the
+	platform supports it and the user did not disable it via configure
+	[2135d93bb4a9]
+
+1998-09-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	--with-getpass -> --{enable,disable}-tgetpass
+	[451b33fdd4c7]
+
+	* Makefile.in:
+	pathnames.h -> pathnames.h.in
+	[b109022eca69]
+
+	* check.c:
+	fix version string
+	[761b25c314ea]
+
+	* check.c:
+	move pam_conv to be static to auth function remove pam_misc.h
+	(solaris doesn't have one)
+	[a682e4da987a]
+
+	* aclocal.m4:
+	_CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
+	[e6005d0599b5]
+
+	* configure.in:
+	munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
+	[24c0ac2155ef]
+
+	* pathnames.h.in:
+	convert to pathnames.h.in
+	[013bddf7f684]
+
+1998-09-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	fix typo in sysv4 matching case /.
+	[2994c4f88cf5]
+
+1998-09-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	pam stuff needs to run as root, not user, for shadow passwords
+	[d94ff75de503]
+
+1998-09-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS, INSTALL, README, configure.in:
+	updated version
+	[775adc7de7ac]
+
+	* Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+	emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
+	ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
+	logging.c, options.h, parse.c, parse.lex, parse.yacc,
+	pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+	testsudoers.c, tgetpass.c, utime.c, visudo.c:
+	updated version
+	[5ca599fb6b93]
+
+	* check.c:
+	user version.h for long message
+	[47a52ac7e542]
+
+	* check.c:
+	this is version 1.5.6
+	[8451ac79eee2]
+
+1998-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	remove errant backslash
+	[0222a8a650ff]
+
+1998-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* options.h, parse.yacc, pathnames.h.in:
+	fix version string
+	[fdee73255d64] [SUDO_1_5_6]
+
+	* BUGS, CHANGES, TODO:
+	updtaed for 1.5.6
+	[752443bf7f26]
+
+	* RUNSON:
+	updated for 1.5.6
+	[0f878123fe6a]
+
+1998-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* interfaces.c:
+	kill unused localhost_mask var copy if name to ifr_tmp after we zero
+	it
+	[8e89c364cef2]
+
+1998-09-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	Better description of new vs. old sudoers modes fix some typos
+	better description of /usr/ucb/cc gotchas on slowaris
+	[c00b2a6fc1e8]
+
+	* Makefile.in:
+	add sample.pam
+	[ec7f6cc19b00]
+
+	* sudo.c:
+	set NewArgv[0] to user_shell, not basename(user_shell)
+	[1e907cbc9f7b]
+
+1998-09-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README:
+	mention TROUBLESHOOTING more fix some typos
+	[2c2e6907d4a4]
+
+	* configure.in:
+	move --enable/--disable to be after --with
+	[9b30097f76c1]
+
+	* INSTALL:
+	document --enable/--disable
+	[c522362e38a8]
+
+	* INSTALL:
+	document --with-pam
+	[7e38932c78ac]
+
+1998-09-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	Add message for pam users
+	[d224f277e3cd]
+
+	* sample.pam:
+	Initial revision
+	[3a84d7045f54]
+
+	* config.h.in:
+	fix HAVE_PAM
+	[2f0f303ebd88]
+
+	* check.c, config.h.in, configure.in:
+	pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
+	[ea3e0a72d707]
+
+1998-09-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	add HOST_IN_LOG and WRAP_LOG
+	[822c36eeb6a8]
+
+	* logging.c:
+	add WRAP_LOG and HOST_IN_LOG
+	[3cf6052bd27e]
+
+	* configure.in:
+	add --enable-log-host and --enable-log-wrap
+	[c968cc12b353]
+
+	* aclocal.m4:
+	use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
+	[915fef7e11a1]
+
+1998-09-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat.h:
+	add howmany macro
+	[9107a057a7c8]
+
+	* tgetpass.c:
+	include sys/param.h to get howmany macro
+	[7e908b5e1f32]
+
+1998-09-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
+	add RUNAS_DEFAULT
+	[1e76398ea3fd]
+
+1998-09-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* fnmatch.c:
+	bring in stdio.h for NULL
+	[69c016610cbb]
+
+	* aclocal.m4:
+	allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
+	[15ab2972f8d0]
+
+	* sudo.c:
+	use HAVE_SET_AUTH_PARAMETERS
+	[8abfdc8c80f7]
+
+	* config.h.in:
+	add HAVE_SET_AUTH_PARAMETERS
+	[673a5ebd5539]
+
+	* configure.in:
+	add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
+	[a401f5a7469a]
+
+	* config.sub:
+	add support for HI-UX/MPP SR220001 02-03 0 SR2201
+	[cb657b7acaae]
+
+	* interfaces.c:
+	initialize previfname
+	[26a1902f56dc]
+
+	* interfaces.c:
+	Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
+	it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
+	kludging it
+	[fa5c890c313b]
+
+	* configure.in:
+	typo
+	[bff579fbe95c]
+
+	* Makefile.in:
+	don't need special build line for sudo.tab.o
+	[10c0a0a912e4]
+
+	* Makefile.in:
+	don't clean sudo.tab.[ch]
+	[c40d5968efbb]
+
+	* sudo.c:
+	Sudo should prompt for a password before telling the user that a
+	command could not be found.
+	[d718c85a0047]
+
+	* BUGS:
+	for 1.5.6
+	[0cc1fe5b9129]
+
+	* INSTALL, README:
+	no longer require yacc
+	[d9096fc5b8b6]
+
+	* Makefile.in:
+	typo
+	[70feb1aefbd5]
+
+	* Makefile.in:
+	y.tab -> sudo.tab include pre-yacc'd parse.yacc
+	[cc802025fd44]
+
+	* parse.lex:
+	include sudo.tab.h, not y.tab.h don't break out of command args if
+	you get a '='
+	[728ad26dbda5]
+
+	* insults.h:
+	fix version ,
+	[242bbce1b2d4]
+
+	* ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
+	fix version
+	[2bb9086fea1e]
+
+	* compat.h:
+	fix version
+	[7e634d498ce6]
+
+	* getcwd.c:
+	getcwd(3) from OpenBSD for those without it.
+	[6c68d0df8f6c]
+
+	* sudo.h:
+	HAVE_GETWD -> HAVE_GETCWD
+	[2ad1e64d60c0]
+
+	* configure.in:
+	pretend sunos doesn't have getcwd(3) since it opens a pipe to
+	getpwd!
+	[677992ba5a6a]
+
+	* parse.c:
+	use NAMLEN() macro
+	[8f5685aa3165]
+
+	* fnmatch.c:
+	remove duplicate include of string.h
+	[6024f3051ac3]
+
+	* configure.in:
+	call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
+	[3d82a9c22cc2]
+
+	* aclocal.m4:
+	add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
+	[53fbc47282f9]
+
+	* config.h.in:
+	add dev_t and ino_t
+	[5929bb0c7e1a]
+
+1998-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	fix OTP_ONLY for opie
+	[7edcfa78f2ec]
+
+1998-06-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* testsudoers.c, tgetpass.c:
+	include stdlib.h for malloc proto
+	[c9f4b99a2fe9]
+
+1998-05-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	make update_version saner
+	[d522f93ee04a]
+
+	* config.h.in:
+	add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
+	[c9a2d21dc608]
+
+	* configure.in:
+	check for waitpid and wait3 or no waitpid
+	[1f18c3224184]
+
+	* logging.c:
+	used waitpid or wait3 if we have 'em
+	[391c3279ee65]
+
+1998-05-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
+	[fbf53b18178f]
+
+1998-04-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	don't need to explicately mention -lsocket -lnsl for sequent
+	[1898dc055352]
+
+1998-04-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	dynix should not link with -linet
+	[278a4b9cfe2a]
+
+1998-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	mention that HP-UX doesn't ship with yacc
+	[bde5147198c0]
+
+1998-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	ignore kerberos if we can't get the local realm
+	[1e311a091a27]
+
+1998-04-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS, INSTALL, README, configure.in:
+	++version
+	[499ffc746018]
+
+	* version.h:
+	++
+	[35ba1ee01bd3]
+
+	* Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
+	find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
+	logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
+	sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
+	updated version
+	[b4990a513f31]
+
+	* check.c, sudo.h:
+	fix version
+	[5710795834e8]
+
+	* getcwd.c:
+	don't use popen/pclose. Do it inline.
+	[29e57b0646a4]
+
+	* lsearch.c:
+	add rcsid
+	[b2b55c39858d]
+
+	* sudo.c:
+	typo
+	[d381ac39ed0f]
+
+	* check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
+	ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
+	sudo.h:
+	updated version
+	[462d6e1a2d75]
+
+	* check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
+	MAX* + 1 -> MAX*
+	[2c2eeb78d34f]
+
+	* Makefile.in:
+	getwd.c -> getcwd.c
+	[7d718c32fc02]
+
+	* config.h.in:
+	kill HAVE_GETWD
+	[6ad3d702343f]
+
+	* configure.in:
+	getcwd, not getwd
+	[33e5b9841f58]
+
+	* getcwd.c:
+	use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
+	purpose
+	[24e58d340161]
+
+1998-03-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* OPTIONS, options.h:
+	add STUB_LOAD_INTERFACES
+	[d747cb23ca83]
+
+	* Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+	emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+	interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+	pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+	testsudoers.c, tgetpass.c, utime.c, visudo.c:
+	updated version
+	[0798229312cc]
+
+	* configure.in:
+	support *-ccur-sysv4 and fix two typos
+	[24a823ad7cc9]
+
+1998-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	don't echo about with_logfile and with_timedir
+	[31e4a1e2d9ad]
+
+	* INSTALL:
+	document --with-logfile and --with-timedir
+	[674f811a40e0]
+
+	* aclocal.m4:
+	support --with-logfile and --with-timedir
+	[2fc36b35db12]
+
+	* configure.in:
+	Add --with-logfile and --with-timedir
+	[09045bf07e29]
+
+	* sudo.c:
+	change size computation of NewArgv for UNICOS
+	[b50df07da3a1]
+
+1998-02-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	treate -*-sysv4* like *-*-svr4
+	[471b7ef4dbf2]
+
+1998-02-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	fix spacing for --with-authenticate help
+	[8321cb37c410]
+
+	* Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+	emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+	interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+	pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+	testsudoers.c, tgetpass.c, utime.c, visudo.c:
+	updated version
+	[dc1ab97312eb]
+
+	* parse.yacc:
+	fix off by one error in push macro
+	[bece59c8c3a9]
+
+1998-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	removed bogus alloca hack
+	[a68dd720462d]
+
+	* check.c:
+	added AIX 4.x authenticate() support
+	[12985eb448a0]
+
+	* parse.yacc:
+	include alloca.h if using bison and not gcc and it exists. fixes an
+	alloca problem on hpux 10.x
+	[e3b5c4f26072]
+
+	* INSTALL:
+	mention --with-authenticate
+	[78a1c96820e7]
+
+	* configure.in:
+	added AIX authenticate() support
+	[c983193ec252]
+
+	* config.h.in:
+	add HAVE_AUTHENTICATE
+	[7b0e5f5db5d9]
+
+	* interfaces.c:
+	dynamically size ifconf buffer
+	[10afb0e9b2f9]
+
+	* configure.in:
+	quote '[' and ']'
+	[8fc38a4defad]
+
+	* Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+	emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+	logging.c, options.h, parse.c, parse.lex, parse.yacc,
+	pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+	testsudoers.c, tgetpass.c, utime.c, visudo.c:
+	updated version
+	[5f66de71ec61]
+
+	* visudo.pod:
+	add ERRORS section
+	[3df3edb73cf6]
+
+1998-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TROUBLESHOOTING:
+	add busy stmp file explanation
+	[6c555d469b6f]
+
+1998-02-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	the name of the cached var that signals whether or not you are cross
+	compiling changed. It is now ac_cv_prog_cc_cross
+	[123911c0658c]
+
+1998-02-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	mention glibc 2.07 is fixed wrt lsearch()\.
+	[ded758524582]
+
+1998-02-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sample.sudoers, sudoers.pod:
+	better example of su but not root su
+	[b3199610be21]
+
+1998-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+	emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+	interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+	pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+	testsudoers.c, tgetpass.c, utime.c, visudo.c:
+	updated version
+	[46922b84e86b]
+
+	* Makefile.in:
+	correct regexp for updating version
+	[8032728b2a8a]
+
+	* tgetpass.c:
+	remove bogus flush of stderr spew prompt before turning off echo.
+	Seems to fix a weird problem where if sudo complained about a bogus
+	stamp file the user would sometimes not have a chance to enter a
+	password
+	[7aa1493cc141]
+
+	* check.c:
+	fix bogus flush of stderr
+	[6d047871c5e8]
+
+	* sudo.c:
+	close fd's <=2 not <=3 and move that chunk of code up
+	[553e4faac195]
+
+	* configure.in:
+	support hpux1[0-9] not just hpux10
+	[5a34a000ff8a]
+
+1998-01-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	set sudoers_fp to nil after closing
+	[221a8b4bbf34]
+
+1998-01-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.guess, config.sub:
+	updated from autoconf 2.12
+	[6fc86a0fc61b]
+
+	* configure.in:
+	add *-*-svr4 rule
+	[38f0427f7c9d]
+
+1998-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	fix select usage for high fd's (dynamically allocate readfds)
+	[c2d1f76e0321]
+
+	* check.c:
+	kill extra whitespace
+	[d784b6c9c514]
+
+	* sudo.c:
+	do an initgroups() before running a command, unless the target user
+	is root.
+	[4ca561287480]
+
+1998-01-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TROUBLESHOOTING:
+	tell people to use tabs, not spaces, in syslog.conf
+	[8ae90a205134]
+
+1998-01-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
+	parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
+	updated version
+	[4d855ff5de26]
+
+	* check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
+	logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
+	updated version
+	[8e007e178b33]
+
+	* compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+	insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
+	updated version
+	[9ddea5c8814d]
+
+	* Makefile.in:
+	more tweaks to update_version
+	[047698752855]
+
+	* Makefile.in:
+	fixed up update_version rule
+	[47b6fa34b77f]
+
+	* configure.in:
+	++version
+	[c1ca664e30b7]
+
+	* Makefile.in:
+	removed supe of check.c
+	[8f340a05296a]
+
+	* INSTALL:
+	++version I missed
+	[a298e6c17491]
+
+	* RUNSON:
+	updated
+	[a14f6057bc15]
+
+	* BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
+	dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
+	goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+	insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
+	parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
+	sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+	visudo.c:
+	updated version
+	[02231b1a3ab3]
+
+	* CHANGES:
+	updated for 1.5.5
+	[634e5fcaf40b]
+
+	* Makefile.in:
+	add rules to update version stuff in files so I don't need to do it
+	by hand
+	[3620ad60485a]
+
+	* sudo.h:
+	sudoers_fp is now extern
+	[88c6e9b9ea84]
+
+	* sudo.c:
+	in check_sudoers, cache the sudoers file handle in sudoers_fp so we
+	don't have to open it again in the parse. This may help with weird
+	solaris problems where EAGAIN sometime occurrs.
+	[d3c26451ed1d]
+
+	* parse.c:
+	sudoers file open is now done only in check_sudoers() so we just do
+	a rewind() instead of an open. May help people on solaris who were
+	getting EAGAIN.
+	[c8b8c7722fa5]
+
+1998-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	mention that newer glibc is fixed
+	[20f06f5d3ef3]
+
+1998-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
+	_RLD* instead of _RLD_*
+	[1e22c588d602]
+
+	* parse.c:
+	typo
+	[d0b7cb85f08a]
+
+	* parse.c:
+	fix that bug for real
+	[5a6eeca6d04b]
+
+	* INSTALL:
+	document Linux's libc6 brokenness.
+	[0246c1aa64ee]
+
+	* parse.yacc:
+	-Wall
+	[d0e452fb1e2d]
+
+	* RUNSON:
+	updated
+	[4949a1bbd0a9] [SUDO_1_5_4]
+
+	* TROUBLESHOOTING:
+	remind people to HUP syslogd
+	[590962faa4f0]
+
+	* Makefile.in:
+	add -O flag to tar
+	[622d02de339d]
+
+	* RUNSON:
+	updated
+	[a72930d6e615]
+
+	* TODO:
+	updated
+	[4a51bd458390]
+
+	* sudo.pod:
+	remove author's email addr. people should mail sudo-bugs
+	[9b6bbdb3a6d9]
+
+	* INSTALL:
+	fix version
+	[246274c6c8af]
+
+	* README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
+	find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
+	ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
+	logging.c, options.h, parse.c, parse.lex, parse.yacc,
+	pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+	testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
+	++version
+	[f532ff4ee766]
+
+	* RUNSON:
+	updated
+	[62d5c71358b5]
+
+	* INSTALL, Makefile.in:
+	++version
+	[1a7c7628edfc]
+
+	* CHANGES:
+	updated fort 1.5.4
+	[7e4873508c99]
+
+	* check.c:
+	exit(1) if user enters no passwd
+	[f382c0e35e4e]
+
+	* BUGS:
+	++version
+	[fab6a867ab67]
+
+	* parse.c:
+	commands can start with ./* not just /* -- fixes a serious security
+	hole.
+	[244d2fe35ee3]
+
+1997-12-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Don't set the tty variable to NULL when we lack a tty, leave it as
+	"unknown".
+	[193b26daba03]
+
+1997-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sample.sudoers:
+	fix usage of (username) in conjunction with , and !
+	[7ae68607f68f]
+
+	* visudo.c:
+	catch the case where the user is not in the passwd file
+	[31650258deb0]
+
+	* tgetpass.c:
+	use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
+	select(2)
+	[60ab2d9a9ee8]
+
+	* sudo.c:
+	define tty global to an initial value to avoid dumping core in
+	logging functions when passwd file is unavailable.
+	[77056c7bc908]
+
+	* sudo.c:
+	do the set_perms(PERM_USER, sudo_mode) after we have gotten the
+	passwd entry
+	[1fdb8e579a5a]
+
+	* sudo.pod:
+	talk about problem of ALL
+	[1cd1905c9f6f]
+
+1997-10-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README:
+	new web location
+	[d24dc26f6da5]
+
+	* INSTALL:
+	fdesc bug is fixed in Open/Net BSD
+	[7d4d81b08ac3]
+
+	* HISTORY:
+	updates from Nieusma
+	[3a43769a1b78]
+
+1997-10-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* dce_pwent.c:
+	move compat.h after the system includes
+	[5ea43a5968ac]
+
+1997-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	save errno from being clobbered by wait(). From Theo
+	[f2d1c48cd592]
+
+1997-05-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat.h:
+	fix an occurence of setresuid -> setreuid (typo)
+	[394de35c9b1c]
+
+1997-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* install-sh:
+	check for path to strip
+	[2b7ef824bd55]
+
+1997-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	deal with maxfilelen < 0 case
+	[f0af095178d7]
+
+	* OPTIONS:
+	fixed descriptin
+	[629f60bd4b5f]
+
+1996-12-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	correct error message if mode/owner wrong and not statable by owner
+	but is statable by root.
+	[cb631ce2e85e]
+
+1996-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.guess, config.sub:
+	autoconf 2.11
+	[f3cbe59e0756]
+
+1996-11-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, RUNSON, TODO:
+	sudo 1.5.3.
+	[2be3229b8626]
+
+1996-11-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc, sudo.h:
+	command_alias -> generic_alias
+	[c404ca8c510d] [SUDO_1_5_3]
+
+	* sample.sudoers:
+	added Runas_Alias example and fixed syntax errors
+	[c304053f4a8a]
+
+	* OPTIONS, options.h:
+	updated MAILSUBJECT
+	[18d1573fcd2a]
+
+	* logging.c:
+	added %h expansion
+	[a4bff9b284fd]
+
+	* INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
+	configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
+	goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+	insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
+	parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
+	sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+	visudo.c:
+	++version
+	[211ff20f956f]
+
+	* BUGS, emul/utime.h:
+	++version
+	[cde5376579e3]
+
+	* sudoers.pod:
+	document Runas_Alias
+	[b1a58f28fb2c]
+
+	* visudo.pod:
+	q (uid) -> Q
+	[d256649a0e6b]
+
+	* visudo.c:
+	buffer oflow checking q (uit) -> Q if yyparse() fails drop into
+	whatnow
+	[1cb183d15626]
+
+	* parse.yacc:
+	add size params to sprintf
+	[9228f698921f]
+
+	* parse.lex:
+	allow trailing space after '\\' but before '\n'
+	[f51dbbf69fdf]
+
+	* find_path.c:
+	off by one error in path size check
+	[a6d75ccd7632]
+
+	* check.c:
+	sprintf paranoia
+	[3ffb12d198dd]
+
+1996-11-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc:
+	fixed more_aliases
+	[aab12f2a50af]
+
+	* visudo.c:
+	now warns if killed by signal ./
+	[310c186a0fd7]
+
+1996-11-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc:
+	fix Runas_Alias stuff Alias's in runas list now get expanded (but it
+	is gross)
+	[45590b83120f]
+
+	* sudo.c:
+	Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
+	[d53e01c14c58]
+
+	* parse.yacc:
+	add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
+	[7a4a040aae2d]
+
+	* parse.lex:
+	Add Runas_Alias and simplify a rule.
+	[6f794a769a37]
+
+	* parse.yacc:
+	always store User_Alias's since they can be used inside of a runas
+	list. Sigh. Really need a Runas_Alias instead.
+	[3bab058a873e]
+
+1996-10-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	deal with case where there is no sudoers file
+	[fa38b3bb244d]
+
+1996-10-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TROUBLESHOOTING:
+	added one
+	[e61346d06725]
+
+1996-10-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* HISTORY, testsudoers.c:
+	developement -> development
+	[4df55e293941]
+
+	* INSTALL:
+	added a note
+	[3845fb83dbc0]
+
+	* RUNSON:
+	for 1.5.2
+	[5489b7298942]
+
+	* CHANGES:
+	updated
+	[0741834929e6]
+
+1996-10-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* PORTING:
+	removed seteuid() notes
+	[1010a60f281d] [SUDO_1_5_2]
+
+1996-10-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat.h:
+	better seteuid() emulatino
+	[e807623b662c]
+
+	* configure.in:
+	added check for seteuid
+	[8cf9fabc6f4f]
+
+	* config.h.in:
+	added HAVE_SETEUID
+	[596db46aa828]
+
+1996-10-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	first stab at sequent support
+	[b85a7bfcac76]
+
+	* config.h.in:
+	added HAVE_SYS_SELECT_H
+	[93ecdd042463]
+
+	* compat.h:
+	sequent -> _SEQUENT_
+	[63a38b6da98c]
+
+	* compat.h:
+	added seteuid() macro for DYNIX
+	[695bd63c5ea6]
+
+	* tgetpass.c:
+	_AIX -> HAVE_SYS_SELECT_H
+	[b31221211bc2]
+
+1996-10-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
+	parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
+	testsudoers.c, tgetpass.c, utime.c, visudo.c:
+	++version
+	[8052992fd453]
+
+	* check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
+	getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
+	ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
+	pathnames.h.in, version.h:
+	++version
+	[f7ad15e1598a]
+
+	* sudo.pod:
+	added -H and SUDO_PS1
+	[bb965241e30c]
+
+	* configure.in:
+	use SUDO_FUNC_FNMATCH
+	[6a8350d85fb2]
+
+	* aclocal.m4:
+	added SUDO_FUNC_FNMATCH
+	[45b32c91c4ba]
+
+	* sudo.c:
+	added -H flag
+	[11ebc6872fd6]
+
+	* sudo.h:
+	added MODE_RESET_HOME /
+	[67a7f8bcbbd6]
+
+1996-10-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	mention OPIE
+	[5723515d5bbd]
+
+	* options.h:
+	SKEY -> OTP
+	[c1d268130bc4]
+
+	* configure.in:
+	added opie support
+	[123872b41b20]
+
+	* compat.h, config.h.in:
+	added HAVE_OPIE
+	[528c71afc1e5]
+
+	* check.c:
+	added HAVE_OPIE and changed to *_OTP_*
+	[4c62f5db872a]
+
+	* OPTIONS:
+	SKEY -> OTP
+	[bd858e5e9652]
+
+1996-10-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	moved fclose() in skey stuff.
+	[11f7dc8431a6]
+
+1996-10-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* putenv.c:
+	index -> strchr remove unnecesary stuff
+	[af2d05238062]
+
+	* check.c:
+	now call skeychallenge() to get challenge instead of making one up
+	ourselves. this way, we get extra goodies in the prompt.
+	[49b770d98d3a]
+
+1996-09-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	added one
+	[3f5149357e2a] [SUDO_1_5_1]
+
+	* parse.lex:
+	allow logins to start with a number (YUCK!)
+	[7ed7ef324741]
+
+1996-09-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TROUBLESHOOTING:
+	added soalris 2.5 vs 2.4 note
+	[16160a251aae]
+
+	* configure.in:
+	DUNIX doesn't need -lnsl
+	[be924cc322c3]
+
+	* CHANGES:
+	*** empty log message ***
+	[1b2937521981]
+
+	* check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
+	getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
+	ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
+	options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
+	strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
+	utime.c, version.h, visudo.c:
+	courtesan
+	[5f203589bbfe]
+
+	* PORTING, README, RUNSON:
+	courtesan
+	[d72517f4937e]
+
+	* INSTALL, Makefile.in, TROUBLESHOOTING:
+	courtesan
+	[5c007e3c7a71]
+
+	* visudo.pod:
+	*** empty log message ***
+	[37ebe85bd4e1]
+
+	* sudo.pod, visudo.pod:
+	courtesan
+	[37f02e2130ea]
+
+1996-09-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* HISTORY:
+	added courtesan ./
+	[b01435226276]
+
+1996-09-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	added $SUDO_PROMPT support
+	[cb1fa72c093d]
+
+1996-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	print long skey challemged to stderr, not stdout
+	[750fc775b3b2]
+
+1996-09-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	updated for 1.5.1
+	[9b615f393057]
+
+	* emul/utime.h:
+	++version
+	[a94de18deafb]
+
+1996-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON:
+	updated for 1.5.1
+	[4092f20ab634]
+
+1996-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	use shost, not host for tgetpass
+	[6061c49ff9be]
+
+	* sudo.pod:
+	documented %u and %h
+	[6d2922d29897]
+
+	* OPTIONS:
+	documented %u and %h
+	[1a71da13a864]
+
+	* configure.in:
+	fixed typo
+	[1230dec2b062]
+
+	* INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
+	dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+	interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+	pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+	testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
+	++version
+	[65ce8eabf77a]
+
+	* BUGS:
+	++version
+	[afecab53aab7]
+
+1996-08-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, configure.in, version.h:
+	++version
+	[fb3ff940d672]
+
+	* sudo.h:
+	new tgetpass() params
+	[9eccc5b0f8ae]
+
+	* check.c:
+	pass use and host to tgetpass
+	[c56d9d13c401]
+
+	* tgetpass.c:
+	added %u and %h escapes
+	[04ae775d3e5d]
+
+	* OPTIONS, check.c, options.h:
+	added NO_MESSAGE
+	[3927dad19057]
+
+	* configure.in:
+	added cray (unicos) support
+	[1122210c5fb1]
+
+1996-08-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* OPTIONS, options.h, sudo.c:
+	added SHELL_SETS_HOME
+	[0b26909b0929]
+
+1996-08-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	added note about "make install"
+	[7e56ea76d4b4]
+
+	* parse.yacc:
+	changed length/size params from int to size_t
+	[5654e5ceb1b3]
+
+	* OPTIONS:
+	now get CSOPS insults as well by default
+	[297323d0179a]
+
+	* insults.h:
+	use csops insults too by default
+	[07fafc136169]
+
+	* INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
+	version = 1.5
+	[4b8772b11e3b]
+
+	* sudo.c:
+	added runas_homedir
+	[b0e0d4417a15]
+
+	* TODO:
+	updated for 1.5
+	[66259df825d5]
+
+	* RUNSON:
+	updated for 1.5
+	[e08bc9ebfe95]
+
+	* CHANGES:
+	1.5 release
+	[8c16942fea41]
+
+	* INSTALL:
+	added "upgrading" notes
+	[210d968964ff]
+
+1996-08-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	now do chmod and chown after edit of temp file and before rename
+	[de174e34faa7] [SUDO_1_5_0]
+
+1996-08-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	++version added INSTALL.configure
+	[c9e9214f52ae]
+
+	* configure.in, version.h:
+	++version
+	[5985abed3eb2]
+
+	* TROUBLESHOOTING:
+	*** empty log message ***
+	[d65c540ec52e]
+
+	* parse.yacc:
+	added missing cast
+	[e7247319a7d5]
+
+	* sudo.c:
+	sets $HOME to pw_dir of runas user
+	[d3f7f4d05752]
+
+	* sudo.pod:
+	document $HOME change
+	[854454d458c4]
+
+1996-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod:
+	fixed up some wording
+	[b0c8582f2c97]
+
+	* check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+	interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
+	strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
+	visudo.c:
+	++version
+	[748be723fd8b]
+
+	* compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+	insults.h, options.h, pathnames.h.in, sudo.h:
+	++version
+	[acdf8b1b2a1b]
+
+	* emul/utime.h:
+	++version
+	[b3f35298ab8d]
+
+	* sudo.h:
+	name nad type changes
+	[db24ab3da141]
+
+	* testsudoers.c:
+	now works with new sudo
+	[379346c42cc2]
+
+	* parse.yacc:
+	fixed some XXX
+	[f5fe4c990052]
+
+	* parse.yacc:
+	some variable name changes + comment headers for functions.
+	[3dc3bd9aa73d]
+
+	* tgetpass.c:
+	added extra paren's to make compilers happy
+	[9e4968a34d56]
+
+	* sudo.c:
+	*** empty log message ***
+	[70c924c1ed69]
+
+	* parse.c:
+	now uses init_parser() if not in sudoers and tries "list" or
+	"validate" scold but don't be nasty.
+	[c0d8fb3f8c9e]
+
+	* TROUBLESHOOTING:
+	now can use upper case login names
+	[c772fffcefe5]
+
+	* visudo.c:
+	now uses init_parser()
+	[b9efae7243fd]
+
+	* INSTALL, README:
+	updated
+	[27dc8283fdc8]
+
+	* PORTING:
+	added info about PASSWORD_TIMEOUT
+	[980e15d892f8]
+
+	* INSTALL.configure:
+	Initial revision
+	[8292e89a08d3]
+
+	* BUGS:
+	fixed a bug ,
+	[c6e46f5624f9]
+
+	* parse.yacc:
+	now dynamically allocates memory for the stacks -- no more
+	overflows!
+	[8615c35b6ad3]
+
+	* sudo.pod:
+	-l now explands command aliases
+	[39f45605935d]
+
+	* parse.yacc:
+	hacks to expand command aliases for `sudo -l'
+	[e4eb752608f9]
+
+	* sudo.c:
+	remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
+	[01327ca5084b]
+
+	* sudo.h:
+	added struct command_alias
+	[dd2f32764082]
+
+	* sudo.pod:
+	fixed a bug
+	[e708ff08d2eb]
+
+	* lsearch.c:
+	in compar() key should be first arg
+	[fc14c3fa62ee]
+
+1996-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS:
+	fixed some bugs
+	[639dfe425bd5]
+
+	* parse.yacc:
+	can now deal with upcase HOST and USER names
+	[c6aa7bcfb00d]
+
+	* sudo.c:
+	don't yell too loudly at non-sudoers if they do "sudo -l"
+	[4ef146128d89]
+
+	* sudo.pod:
+	fixed thinko
+	[830f2f0f22e7]
+
+	* parse.c:
+	fix comment
+	[d20ce9e17ddc]
+
+1996-08-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c, parse.yacc:
+	added support for new `sudo -l' stuff
+	[7dceaef3c733]
+
+	* sudo.c:
+	now uses list_matches()
+	[293364821b61]
+
+	* sudo.h:
+	added struct sudo_match
+	[b2684179d179]
+
+	* configure.in:
+	now more -lgnumalloc
+	[4f8ae42617d8]
+
+1996-08-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* install-sh:
+	added more paths for chown and whoami
+	[6e685a19426c]
+
+1996-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	typo
+	[3adfa01c04bc]
+
+1996-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aclocal.m4:
+	fixed DUNIX check for shadow pw
+	[c25324bcd27b]
+
+	* tgetpass.c:
+	now only turn off echo if it is already on. this fixes a race when
+	you use sudo in a pipelin
+	[28388c2de21c]
+
+	* INSTALL:
+	updated
+	[b45ac9366b7e]
+
+	* configure.in:
+	changed "test -z $foo && do_this" to if; then construct
+	[2183c4426bca]
+
+1996-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	added missing defines of SHADOW_TYPE
+	[be89ea68a7f3]
+
+1996-07-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
+	only in dunix 4.x
+	[1e7c1c677263]
+
+	* getspwuid.c:
+	added AUTH_CRYPT_C1CRYPT support
+	[88d6b0058b20]
+
+	* parse.c:
+	no longer return VALIDATE_NOT_OK if there was a runas that didn't
+	match. Now we can have runas stuff on more than one line.
+	[52b68920d7b7]
+
+	* getspwuid.c, sudo.c, tgetpass.c:
+	use SHADOW_TYPE instead of HAVE_C2_SECURITY
+	[cf401dfcbc06]
+
+	* configure.in:
+	got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
+	something
+	[c7a233c4dd93]
+
+	* config.h.in:
+	removed HAVE_C2_SECURITY added SPW_BSD
+	[8314405e9754]
+
+	* compat.h:
+	use SHADOW_TYPE instead of HAVE_C2_SECURITY
+	[6f94870df17f]
+
+	* check.c:
+	SHADOW_TYPE is always defined so just against its value
+	[72c69a55d02f]
+
+	* aclocal.m4:
+	added SUDO_CHECK_SHADOW_DUNIX
+	[ef025ae9d496]
+
+1996-07-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	* -> ?* in one example added another instance of (runas) and one of
+	NOPASSWD:
+	[d74fe1dcbe7d]
+
+1996-07-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	added back check for config.cache from other host type
+	[0ba87871f585]
+
+	* parse.lex:
+	removed an instance of \"
+	[1e008d3709f6]
+
+	* sample.sudoers:
+	added an example
+	[dbfcf68ee330]
+
+	* sudoers.pod:
+	updated wrt new wildcard matching
+	[193fa44a475b]
+
+	* configure.in:
+	new check for shadow passwords if we don't know anything
+	[67465df7dc9a]
+
+	* aclocal.m4:
+	new SUDO_CHECK_SHADOW_GENERIC
+	[3563b16a41b8]
+
+	* configure.in:
+	added back check for -lsocket (oops)
+	[a80882ee1cb6]
+
+	* configure.in:
+	better (working) check for shadow passwd type if we know to use C2.
+	[3cdd2a59a641]
+
+	* configure.in:
+	now uses AC_CANONICAL_HOST to figure out os type
+	[80db7fe6e704]
+
+	* Makefile.in:
+	added config.{guess,sub}
+	[c6be7e3ca384]
+
+	* aclocal.m4:
+	removed unused stuff to figure out os type
+	[c9a0f3b57123]
+
+	* config.sub:
+	added openbsd
+	[bfc6bfec3668]
+
+	* config.sub:
+	Initial revision
+	[e6e06ce0d17d]
+
+	* config.guess:
+	Initial revision
+	[99dd06f79199]
+
+	* testsudoers.c:
+	don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
+	pathname. need to check against sudoers_args even if user_args is
+	nil
+	[66e6cf77f5d6]
+
+	* parse.c:
+	don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
+	pathname need to check against sudoers_args even if user_args is nil
+	[74374df17311]
+
+1996-07-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
+	[cbb00261c415]
+
+	* testsudoers.c:
+	now takes command line args and uses cmnd_args
+	[f0c2fd35a527]
+
+	* parse.lex:
+	fill_args was adding an extra leading space
+	[692fc999b2e8]
+
+1996-07-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	fixed dummy command_matches()
+	[93d9543db6e2]
+
+	* parse.yacc:
+	fixed prototype
+	[7b0addfbd429]
+
+	* sudo.h:
+	added cmnd_args
+	[8f47c4ae65ef]
+
+	* parse.yacc:
+	now uses flat args string
+	[016e65877da3]
+
+	* parse.c, parse.lex:
+	now uses flat arg string
+	[5b5f2e3f4c09]
+
+	* visudo.c:
+	added cmnd_args def
+	[876867134775]
+
+	* sudo.c:
+	now sets cmnd_args global
+	[e6fee70cb59b]
+
+	* logging.c:
+	cmnd_args is now exported from sudo.[ch]
+	[7a9cd36e356f]
+
+1996-07-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc:
+	can't rely on cmnd_matches as much as I thought -- added some $$
+	stuff back in to prevent namespace pollution problems.
+	[3c45fedb5af3]
+
+	* parse.yacc:
+	Simplified parse rules wrt runas and NOPASSWD (more consistent).
+	[e6d838c8a4c7]
+
+1996-07-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.lex:
+	NOPASSWD may now have blanks before the ':' '(' only starts a
+	'runas' if in the initial state to avoid collision with command args
+	[c5c01172f499]
+
+	* configure.in:
+	added checks for specific shadow passwd schemes
+	[b7e3d1f7b84f]
+
+	* aclocal.m4:
+	added routines to check for specific shadow passwd types
+	[e5e1d19960a6]
+
+1996-07-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	added support for ncr boxen
+	[bea9dc5aae7f]
+
+	* aclocal.m4:
+	added support for detecting ncr boxen
+	[8653a158a924]
+
+1996-07-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	added sinix support
+	[5de2b2173ee1]
+
+1996-07-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TROUBLESHOOTING:
+	added info about "config.cache from other other" error.
+	[845b10198e0b]
+
+	* aclocal.m4:
+	now makes sure you don't have a config.cache file from another OS
+	[4fe32571c021]
+
+	* configure.in:
+	now sets $LIBS when needed to configure links with libs when doing
+	tests hpux10 now uses SPW_SECUREWARE for C2 added check for
+	bigcrypt(3) if SPW_SECUREWARE
+	[2df6b8ca538f]
+
+	* getspwuid.c:
+	fixed typo
+	[fe1cb1d792d6]
+
+	* tgetpass.c:
+	now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
+	[f71138372c07]
+
+	* getspwuid.c:
+	no more SPW_HPUX10
+	[cfdeb18bc16b]
+
+	* config.h.in:
+	no more SPW_HPUX10 added HAVE_BIGCRYPT
+	[00d296479a61]
+
+	* compat.h:
+	now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
+	[6c6d9e680417]
+
+	* check.c:
+	SPW_SECUREWARE now uses bigcrypt
+	[be71fc66690f]
+
+1996-07-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sample.sudoers:
+	fixed 2 syntax errors
+	[45eee19ef4ac]
+
+	* sudoers:
+	root may now run ALL as ALL
+	[1b54c6b9b212]
+
+1996-07-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* interfaces.c:
+	fixed a typo/thinko that broke BSD's with sa_len
+	[603438360126]
+
+1996-07-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c, configure.in:
+	updated AFS support
+	[e572eb8d177a]
+
+	* TROUBLESHOOTING:
+	added entry about /usr/ucb/cc
+	[025b353aa9d3]
+
+	* INSTALL:
+	prep no longer holds gcc binaries
+	[8b0942958049]
+
+	* INSTALL:
+	updated AFS note
+	[7af6efd5abe4]
+
+	* Makefile.in:
+	added @AFS_LIBS@
+	[97b6fe6ad7d6]
+
+	* compat.h:
+	AFS allows long passwords
+	[5fb17122c302]
+
+	* testsudoers.c:
+	fixed -u user support
+	[b1a0c1648639]
+
+	* parse.c:
+	sudo -v now groks VALIDATE_OK_NOPASS
+	[74fc03fffe7e]
+
+	* parse.yacc:
+	fixed no_passwd vs. runas_matched
+	[549a9b791a6a]
+
+	* TROUBLESHOOTING:
+	took out stuff about NFS-mounting since it is no longer an issue
+	[d95ab7fbbc61]
+
+	* INSTALL:
+	added --with-libraries > --with-libpath --with-incpath
+	[d5d15a7a0f4c]
+
+	* parse.yacc:
+	was setting runas_matches to -1 in wrong place
+	[db2b1deb8d33]
+
+	* check.c:
+	removed usersec.h which is not present in new AFS versions
+	[618b016dd17f]
+
+	* tgetpass.c:
+	now deals with timeout <= 0
+	[ba53a1257255]
+
+	* OPTIONS:
+	updated
+	[75093bd8fdca]
+
+	* configure.in:
+	BSD/OS >= 2.0 now uses shlicc instead of just gcc
+	[ff6dbf7825c2]
+
+	* sudo.c:
+	fixed backwards compatibility with sudo 1.4 sudoers mode for root
+	readable/writable filesystems
+	[2694ed627221]
+
+	* Makefile.in:
+	now gives INSTALL -c flag
+	[63db055a2fd1]
+
+	* parse.yacc:
+	slightly simpler initialization of no_passwd and runas_matches
+	[463a1b5fa323]
+
+	* testsudoers.c:
+	added -u username support
+	[38b072fcd6b3]
+
+	* configure.in:
+	improved --with-libraries support
+	[047dbc5f0af2]
+
+1996-07-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	added --with-incpath, --with-libpath, --with-libraries
+	[20f20d6c718c]
+
+	* parse.yacc:
+	now initializes some fields that weren't getting set to -1 pretty
+	gross -- need a rewrite.
+	[021c160390c6]
+
+1996-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* alloca.c:
+	removed emacs'isms
+	[9d4ec2efe057]
+
+	* configure.in:
+	no longer add -lPW to *_LIBS since we include alloca.c
+	[a626d1bbea80]
+
+	* config.h.in:
+	added HAVE_ALLOCA_H
+	[15491e2a6cff]
+
+	* Makefile.in:
+	added alloca.c
+	[0400f25e1fe4]
+
+	* alloca.c:
+	Initial revision
+	[06d033aa4882]
+
+	* configure.in:
+	++version
+	[f52c0fb98f90]
+
+1996-06-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
+	not always set to a valid uid.
+	[c2669f77704d]
+
+	* OPTIONS:
+	fixed entry for SUDO_MODE
+	[d7272f6035b8]
+
+	* sudo.c:
+	Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
+	being set to -2. Now beat NFS to the punch and set uid to "nobody"
+	ourselves, preserving group 0 to read sudoers.
+	[b1fbc5dd1e34]
+
+	* parse.c:
+	moved set_perms(PERM_ROOT) to be before yyparse()
+	[7619d8080735]
+
+	* logging.c:
+	fixed a typo
+	[318acc48cde0]
+
+	* configure.in:
+	no longer need AC_PROG_INSTALL
+	[de01b1336dc8]
+
+	* Makefile.in:
+	always use install-sh to avoid install(1)'s that use get{pw,gr}nam
+	[ea2351986406]
+
+	* INSTALL:
+	make clean -> make distclean
+	[704a98e8ba10]
+
+1996-06-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc:
+	removed some unnecsary if's
+	[f00db6508132]
+
+	* Makefile.in, version.h:
+	++version
+	[bdb6740b24c8]
+
+	* parse.c, testsudoers.c:
+	now includes netgroup.h
+	[93f5a06352bc]
+
+	* interfaces.c:
+	removed cats of ioctl to int since they didn't shut up -Wall
+	[83e9f912cd7a]
+
+	* interfaces.c:
+	explicately cast ioctl() to int since it it not always declared
+	[2ff9294e469e]
+
+	* sudo.h:
+	added declarations for yyparse() and yylex()
+	[6071321ab771]
+
+	* parse.yacc:
+	fixed an occurence of '==' -> '='
+	[2c46d2e11d57]
+
+	* config.h.in, configure.in:
+	added check for netgroup.h
+	[73403050f4e3]
+
+	* sudo.c:
+	fixed 2 compiler warnings
+	[680929b0bd97]
+
+	* sudo.c:
+	SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
+	initialized
+	[18707ecd07c2]
+
+1996-06-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod:
+	fixed a typo
+	[e4b5c12aa130]
+
+1996-06-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc:
+	fixed a formatting thingie
+	[c79327b6f19b]
+
+	* parse.c, parse.yacc:
+	fixed -u support with multiple user lists on a line
+	[e4d1066adca2]
+
+	* configure.in:
+	unixware needs -lgen
+	[b5bf9bca63cc]
+
+	* README:
+	updated ftp location
+	[b25a033f7921]
+
+	* sudoers.pod:
+	add net_addr/netmask support
+	[674e83516d1e]
+
+	* sample.sudoers:
+	added net_addr/mask example
+	[774878e89b28]
+
+	* parse.c, parse.lex:
+	added support for net_addr/netmask
+	[e33de27325d8]
+
+1996-06-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	^ -> !
+	[1a084950d6ef]
+
+1996-06-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON:
+	updated for 1.4.3
+	[c82019025d09]
+
+	* CHANGES:
+	udpated for 1.4.3
+	[ceaa81adb8f0]
+
+	* BUGS, TODO, TROUBLESHOOTING:
+	updated
+	[ff94fae4b853]
+
+	* sample.sudoers:
+	updated with examples of new stuff
+	[99d0b4cb4c9c]
+
+	* INSTALL, README:
+	++version
+	[b763b80fe836]
+
+	* sudoers.pod:
+	updated wrt -u and NOPASSWD
+	[0b5b722ea0f4]
+
+	* sudo.pod:
+	updated wrt -u and CAVEATS
+	[71d5d53b5d18]
+
+1996-06-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	fixed usage()
+	[114c7d09b550]
+
+	* parse.lex:
+	now use :foo: character classes (makes no diff for generated lexer)
+	[7b0aeb737a02]
+
+1996-06-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	fixed LONG_SKEY_PROMPT stuff
+	[0efe78b4bdda]
+
+1996-06-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	fixed a comment
+	[3d289017104b]
+
+	* lsearch.c:
+	make more like NetBSD one -- now compiles w/o warnings
+	[932206296a54]
+
+	* emul/search.h:
+	fixed decls of lsearch()
+	[c58cf4584c45]
+
+	* config.h.in, configure.in, getspwuid.c:
+	added SPW_HPUX10
+	[d74e5eaa5f17]
+
+	* check.c:
+	hpux 10 uses bigcrypt() if C2
+	[359eb63f4021]
+
+1996-06-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	now always uses fnmatch to match args
+	[a9d91f35256a]
+
+	* tgetpass.c:
+	back to using stdio instead of raw i/o since that caused some
+	problems
+	[e7ce2bc92974]
+
+1996-05-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	now give usage warning if use -l,-v,-k with args
+	[6b48180c4fea]
+
+1996-05-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	NewArgc is now set to 1 for -l, -v, -k
+	[7497cb1416a8]
+
+	* sudo.c:
+	now sets sudoers to correct group if mode is 0400
+	[484c43d99718]
+
+	* install-sh:
+	updated to version used by inn and bind
+	[28683ad8725a]
+
+	* configure.in:
+	now uses -lgnumalloc if it exists
+	[3651ca4415a2]
+
+	* Makefile.in:
+	"make install" now sets uid/gid and mode on sudoers if it exists
+	[1f5216191ae9]
+
+	* sudo.c:
+	rmeoved debugging statements
+	[aeda278e2c26]
+
+	* parse.yacc:
+	added a missing free()
+	[592c9482a159]
+
+	* sudo.c:
+	now uses user_gid instead of getegid (which was wrong anyway) to set
+	SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
+	(logging.c depends on args being in the environment)
+	[9f5328a3b942]
+
+	* logging.c:
+	now uses SUDO_COMMAND envariable to get command args rather than
+	building it up again.
+	[7f8edc5bccb7]
+
+	* parse.c:
+	now uses user_gid
+	[4b9303ae45fe]
+
+	* sudo.c:
+	fixed off by one error in allocation NewArgv
+	[921ea1a4e7c6]
+
+	* parse.c:
+	in sudoers, 'command ""' now means command with no args
+	[a5273648ace2]
+
+	* configure.in:
+	added check for fnmatch(3) and fnmatch.h
+	[258916a7866f]
+
+	* config.h.in:
+	added HAVE_FNMATCH
+	[b9860d361e93]
+
+	* Makefile.in:
+	replaced wildcat.* with fnmatch.*
+	[03ad9ee21a1c]
+
+	* testsudoers.c:
+	now uses fnmatch()
+	[5a7f7de987a9]
+
+1996-05-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	now uses fnmatch() instead of wildmat a trailing star (*) by itself
+	now matches multiple args added support for wildcards in the
+	pathname in sudoers
+	[1f7fb950b868]
+
+1996-05-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* fnmatch.c:
+	now includes compat.h and config.h
+	[090206b95cf8]
+
+	* config.h.in:
+	added HAVE_FNMATCH_H
+	[90eb42150173]
+
+	* configure.in:
+	now checks for alloca() (if needed by bison or dce) and links with
+	-lPW if it contains alloca() and libv and compiler do not.
+	[cfa2b3cef49a]
+
+	* emul/fnmatch.h, fnmatch.3, fnmatch.c:
+	Initial revision
+	[20b1f762a32a]
+
+1996-04-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	now fixes mode on sudoers if set to 0400 to aid in upgrade
+	[d4bdfd521820]
+
+1996-04-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	fixed pod2man usage
+	[5adf2ec77b27]
+
+	* Makefile.in, configure.in, version.h:
+	++version
+	[b4029de876d0]
+
+	* testsudoers.c, visudo.c:
+	runas_user is now initialized to "root"
+	[8537d97bff39]
+
+	* sudo.h:
+	removed PERM_FULL_ROOT
+	[241f8bbf647f]
+
+	* sudo.c:
+	runas_user defaults to "root" so no more need to PERM_RUNAS
+	[fc0c0dfc72ba]
+
+	* parse.c:
+	will now only running commands as root if there was no runas list
+	(or if root is in the runas list)
+	[40c587666c81]
+
+	* logging.c:
+	now logs "USER=%s"
+	[b733504c87fd]
+
+	* parse.yacc:
+	runas_matches is now set to false if we get a negative match
+	[5495b150b300]
+
+	* parse.lex:
+	make #uid work + some minor cleanup
+	[07851bbce03a]
+
+	* sample.sudoers:
+	added support for NOPASSWD and "runas" from garp@opustel.com /
+	[7a9c67b51fa5]
+
+	* visudo.c:
+	added support for "runas" from garp@opustel.com replaced
+	SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
+	SUDOERS_MODE
+	[e714209b9885]
+
+	* testsudoers.c:
+	added support for "runas" from garp@opustel.com
+	[b837f856da10]
+
+	* sudo.h:
+	added support for NO_PASSWD and runas from garp@opustel.com replaced
+	SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
+	fro SUDOERS_MODE
+	[cea6f26679b7]
+
+	* sudo.c:
+	added support for NO_PASSWD and runas from garp@opustel.com replaced
+	SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
+	SUDOERS_MODE
+	[61b5434237c5]
+
+	* parse.yacc:
+	added support for NO_PASSWD and runas from garp@opustel.com
+	[72ebd3056f22]
+
+	* parse.c, parse.lex:
+	added support for NO_PASSWD and runas from garp@opustel.com
+	[fef6dbdd114d]
+
+	* logging.c:
+	added support for SUDOERS_WRONG_MODE and "runas"
+	[e794efc2b443]
+
+	* configure.in:
+	added --with-CC only link with -lshadow on linux (with shadow pw) if
+	libc lacks getspnam()
+	[3ecf4ae21002]
+
+	* OPTIONS, options.h:
+	removed NO_PASSWD since it is not possible to do this in the sudoers
+	file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
+	SUDOERS_GID. Added SUDOERS_MODE.
+	[2eaa4891ef48]
+
+	* Makefile.in:
+	now uses SUDOERS_UID and SUDOERS_GID
+	[8d615f0fdb2a]
+
+1996-04-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	added --with-CC
+	[a1b8286a81b8]
+
+1996-04-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.lex:
+	added double quote support
+	[a5e4fc7e3a2b]
+
+	* sudoers.pod:
+	documented double quoting
+	[c6ea47969a44]
+
+1996-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mkinstalldirs:
+	Initial revision
+	[dcb86d65ad8f]
+
+	* check.c:
+	fixed some indentation
+	[4d1c5ab8072b]
+
+	* Makefile.in:
+	fixed a typo
+	[0d27eebc7227]
+
+	* Makefile.in:
+	added install-dirs .
+	[f499b99b8be7]
+
+1996-04-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* dce_pwent.c:
+	new version from "Jeff A. Earickson" <jaearick@colby.edu>
+	[422481be5fbd]
+
+1996-04-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	$CSOPS -> $with_csops (whoops, missed one)
+	[b04c6948130e]
+
+	* BUGS:
+	updated
+	[c4d5713e227d]
+
+	* parse.lex:
+	FQHOST now has same constraints as non-FQHOST
+	[e1c3bf2381d1]
+
+	* INSTALL:
+	added note about OS's w/ shadow passwords turned on by default
+	[166257f43be4]
+
+1996-04-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	fixed a typo
+	[e5c3e2e9a359]
+
+	* configure.in:
+	added support for --without-THING sanitized shadow pw situtation by
+	adding support for
+	--without-C2
+	[65dc6bf64cce]
+
+	* tgetpass.c:
+	fixed a typo wrt placement of an end paren
+	[a8780f818231]
+
+	* check.c:
+	was closing an fd that may not have been opened
+	[760271c7bdc9]
+
+1996-03-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* OPTIONS, options.h, sudo.c:
+	added NO_PASSWD
+	[28ff1dc93d7a]
+
+1996-03-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	now always use shadow pw on some arches
+	[069161ccffda]
+
+1996-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	added pyramid support
+	[a0eb57a3a531]
+
+	* configure.in:
+	no longer check for C2 if alternate passwd method is used no longer
+	check for some libs twice
+	[2d0c3c902b40]
+
+	* parse.yacc:
+	moved fqdn stuff into parse.lex (FQHOST)
+	[d9c9abd481d8]
+
+	* parse.lex:
+	added FQHOST rules
+	[4a1695acff6d]
+
+	* tgetpass.c:
+	now define TCSASOFT in necesary
+	[3fac2e21c9ab]
+
+	* tgetpass.c:
+	now uses read/write instead of stdio string goop to avoid problems
+	with select(2)
+	[67fd174e518c]
+
+	* OPTIONS, find_path.c, options.h:
+	-DNO_DOT_PATH -> -DIGNORE_DOT_PATH
+	[d05ba5100d28]
+
+1996-03-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	added note about no shadow auto-detect if using alternate auth
+	schemes
+	[b425592232a3]
+
+	* configure.in:
+	don't check for C2 if AFS or DCE (unless they said --with-C2)
+	[61342962171a]
+
+	* testsudoers.c:
+	now groks shost
+	[85dda17303f6]
+
+	* OPTIONS, find_path.c, options.h:
+	added NO_DOT_PATH
+	[c261ca1fb196]
+
+1996-03-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* find_path.c:
+	checkdot now works correctly
+	[3bc4835bb3e9]
+
+1996-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	can't have DCE and C2 passwords both...
+	[fb9a8ab7ca66]
+
+1996-03-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc, sudo.c, sudo.h, visudo.c:
+	now uses shost even if not FQDN
+	[87f7498b3a1f]
+
+	* configure.in:
+	now looks for skey in /usr/lib and doesn't require libskey to be in
+	/usr/local/lib just because skey.h is (for my netbsd box :-)
+	[ceb1763e37d2]
+
+	* aclocal.m4, config.h.in, pathnames.h.in:
+	_SUDO_PATH_ -> _CONFIG_PATH_
+	[84d97ad13d75]
+
+	* aclocal.m4, sudo.pod:
+	/var/run/.odus -> /var/run/sudo
+	[922da220b8f5]
+
+	* pathnames.h.in:
+	now uses _SUDO_PATH_TIMEDIR
+	[5ecab0155fdf]
+
+	* OPTIONS:
+	udpated FQDN
+	[361b6f7440c0]
+
+	* aclocal.m4, configure.in:
+	added SUDO_TIMEDIR
+	[368c95c8c950]
+
+	* config.h.in:
+	added _SUDO_PATH_TIMEDIR
+	[3879864d808c]
+
+	* sudo.pod:
+	updated wrt /var/run/sudo
+	[9e14f2a429d3]
+
+	* sudo.c, sudo.h:
+	added support for shost if FQDN
+	[51a3f51a09a1]
+
+	* parse.yacc, visudo.c:
+	now uses shost if FQDN
+	[d19da2e92b42]
+
+	* check.c:
+	Now use skeylookup() instead off skeychallenge()
+	[4c7438bb2ae0]
+
+1996-02-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	mail_argv should not contain ALERTMAIL as it includes "-t"
+	[67ffaaa8f843]
+
+1996-02-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, Makefile.in, README, configure.in, version.h:
+	++version
+	[e08fd4a809fc]
+
+	* compat.h:
+	added more _PASSWD_LEN stuff -- now uses PASS_MAX too
+	[2f20c3153689]
+
+	* tgetpass.c:
+	now includes limits.h moved _PASSWD_LEN -> compat.h
+	[b1ca3cafdacc]
+
+1996-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, README:
+	++version
+	[3eacf32803f5]
+
+	* Makefile.in:
+	++versoin
+	[3b91c317630a]
+
+	* Makefile.in:
+	fixed a typo
+	[3661ac4a7803]
+
+	* configure.in:
+	++version
+	[60e842973745]
+
+1996-02-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON:
+	updated
+	[def2c3c24195]
+
+	* CHANGES:
+	done for 1.4.1 (I hope)
+	[2ab543769a40]
+
+	* sudoers.pod:
+	added info on wildcards
+	[ce3bd41bc063]
+
+	* sample.sudoers:
+	added wildcard example
+	[762feb0577bd]
+
+	* Makefile.in:
+	now uses *.pod to build *.man and *.cat & *.html
+	[3ec14962028b]
+
+	* configure.in:
+	addedSUDO_PROG_BSHELL !ll
+	[3c80b320bf16]
+
+	* visudo.pod:
+	fixed up some formatting
+	[12166c434526]
+
+	* sudoers.pod:
+	redid section describing sample sudoers stuff
+	[b8065cceec71]
+
+	* sudo.pod:
+	fixed some formatting
+	[aa9a681add0f]
+
+	* getspwuid.c:
+	now treats "" as bourne shell
+	[30194a72ad56]
+
+	* Makefile.in:
+	TESTOBJS nwo includes wildmat.o
+	[86cc6500f84d]
+
+	* testsudoers.c:
+	now works with NewArg[cv]
+	[2f72674ce942]
+
+	* sudo.c:
+	removed an XXX (fixed it in getspwuid.c)
+	[e791ee0d1a68]
+
+	* aclocal.m4:
+	added check for bourne shell
+	[a2fd51676b8a]
+
+	* pathnames.h.in:
+	added _PATH_BSHELL
+	[e7c10011d47b]
+
+	* config.h.in:
+	added _SUDO_PATH_BSHELL
+	[6a1182898de9]
+
+1996-02-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	unixware vi returns 256 instead of 0
+	[234ffc7c6786]
+
+	* INSTALL:
+	added Linux note
+	[5f85efcd2b58]
+
+	* logging.c:
+	fixed up some XXX's. file log format now looks a little more like
+	real syslog(3) format.
+	[6df55707bfc3]
+
+	* README, TROUBLESHOOTING:
+	updated wrt lex/flex
+	[eb787d69156b]
+
+	* Makefile.in:
+	commented out rule to build lex.yy.c from parse.lex since we ship
+	with a pre-flex'd parser
+	[7507e2ce4a95]
+
+	* parse.c, parse.yacc, visudo.c:
+	path_matches -> command_matches
+	[0bd469424f86]
+
+	* logging.c:
+	eliminated some strcat()'s
+	[9878a79bc374]
+
+	* configure.in:
+	no longer checks for lex/flex (now assumes flex)
+	[a086ccc73798]
+
+	* configure.in:
+	now checks for $kerb_dir_candidate/krb.h instead of just
+	kerb_dir_candidate
+	[9133bc3c5208]
+
+1996-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc:
+	now use a 'hook' expression instead of an iffy one :-)
+	[9560df01b8c0]
+
+1996-02-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	now works with new sudo arg stuff
+	[310a0d43ddad]
+
+	* parse.yacc:
+	fixed dereferencing deadbeef
+	[474ef8a8006b]
+
+	* sudo.c:
+	changed an occurrence of Argv to NewArgv
+	[205b012b7691]
+
+	* parse.lex:
+	took out support for quoted commands since there is no need...
+	[5c5036d353b1]
+
+	* parse.c:
+	fixed a typo in a for() loop
+	[7e8d5283c43b]
+
+	* logging.c:
+	protected against dereferencing rogue pointers
+	[56debd517717]
+
+	* sudo.c:
+	now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
+	also allows us to eliminate some kludges in parse_args() and
+	eliminate superfluous code.
+	[5122f66ad150]
+
+	* logging.c:
+	no longer uses cmnd_args, now uses NewArgv instead.
+	[abddd23cf068]
+
+	* sudo.h:
+	added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
+	(no longer used)
+	[78410984fb05]
+
+	* Makefile.in:
+	added wildmat.c to SRCS & SUDOBJS
+	[3800efb41794]
+
+	* parse.yacc:
+	COMMAND is now a struct containing the path and args
+	[5c32822c5b94]
+
+	* parse.lex:
+	replaced append() with fill_cmnd() and fill_args. command args from
+	a sudoers entry are now stored in an arrary for easy matching.
+	[a981d7f4eb0d]
+
+	* parse.c:
+	command line args from sudoers file are now in an array like ones
+	passed in from the command line
+	[1d9e37e84519]
+
+1996-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	wildwat stuff now works
+	[49d16488531f]
+
+1996-01-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* version.h:
+	++version
+	[53e55463ef89]
+
+	* Makefile.in:
+	++version added wildmat.*
+	[0508297a4711]
+
+1996-01-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.lex:
+	added support for quoted commands (w/ or w/o args)
+	[b9a637155673]
+
+1996-01-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod, visudo.pod:
+	cleaned up formatting
+	[4591d4195437]
+
+	* sudo.pod, visudo.pod:
+	Initial revision
+	[7564a8242750]
+
+1996-01-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	looks reasonable, could be mroe readable
+	[a5be2d19d9e0]
+
+	* sudoers.pod:
+	Initial revision
+	[957888be31a6]
+
+1996-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON:
+	updated
+	[633743aa924b]
+
+	* OPTIONS:
+	updated NO_ROOT_SUDO entry
+	[f1c15b1dec9e]
+
+1996-01-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON:
+	*** empty log message ***
+	[5b63de579ff7] [SUDO_1_4_0]
+
+	* sudo.c:
+	fixed SECURE_PATH
+	[6002889f606d]
+
+	* RUNSON:
+	udpa`ted for 1.4
+	[6014a8592815]
+
+	* configure.in:
+	AIX aixcrypt.exp now uses $(srcdir)
+	[b0d57674fef4]
+
+	* TROUBLESHOOTING:
+	added entry for anal ansi compilers
+	[4193cec1c6b1]
+
+1996-01-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	added info on libcrypt_i for SCO
+	[575497d56698]
+
+	* TODO:
+	*** empty log message ***
+	[d0aaf67b9913]
+
+	* sample.sudoers:
+	added comments
+	[a7773f7eda8d]
+
+	* TODO:
+	1.4 release
+	[1dade29e9fd9]
+
+	* CHANGES:
+	++version
+	[67241be40780]
+
+	* INSTALL, OPTIONS, README, config.h.in, configure.in:
+	++version
+	[2e0a37897f68]
+
+	* BUGS:
+	++version and fixed ISC
+	[78963f01a0e3]
+
+	* check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
+	goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
+	insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
+	sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
+	visudo.c:
+	++version
+	[b6227f29b3d9]
+
+	* interfaces.c:
+	added STUB_LOAD_INTERFACES ++version
+	[d8150a3fd577]
+
+	* Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
+	version.h:
+	++version
+	[da9e90e69bdc]
+
+	* PORTING:
+	added info about fd_set in tgetpass added info on interfaces.c
+	[a39902febd17]
+
+1996-01-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* dce_pwent.c:
+	added sudo header
+	[fc0f2c48682e]
+
+	* tgetpass.c:
+	fixed a typo
+	[43d40b72ee8f]
+
+	* Makefile.in:
+	tgetpass.o is now only linked in with sudo (not visudo)
+	[7407c5ff11f8]
+
+1996-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
+	configure.in:
+	++version
+	[9b82ad805d6b]
+
+	* emul/utime.h:
+	added copyright notice
+	[4380f16cd075]
+
+	* check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+	interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+	pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+	testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
+	++version
+	[32717fdb5d05]
+
+	* tgetpass.c:
+	minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
+	[326864428da2]
+
+	* configure.in:
+	ISC now gets -lcrypt now check for sys/bsdtypes.h
+	[e064799c054b]
+
+	* config.h.in:
+	added check for sys/bsdtypes.h
+	[9adb9533c363]
+
+1996-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc:
+	removed debugging stuff (setting freed ptr to NULL)
+	[02fe8eec63a0]
+
+	* TROUBLESHOOTING:
+	added 2 entries
+	[02884e2733e2]
+
+	* Makefile.in:
+	added FAQ
+	[074d8dfcf28d]
+
+	* TROUBLESHOOTING:
+	added section on syslog
+	[e6bc02a22b86]
+
+	* configure.in:
+	added AC_ISC_POSIX for better ISC support
+	[8436b3e12af2]
+
+	* config.h.in:
+	fixed typo
+	[f1b3922babf4]
+
+	* config.h.in:
+	added define for _POSIX_SOURCE
+	[ded6d92b34f9]
+
+1996-01-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	fixed check for lsearch()
+	[75baa5bc28a3]
+
+1995-12-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* interfaces.c:
+	fixed for AIX now deal if num_interfaces == 0 (should not happen)
+	[ae450e859227]
+
+1995-12-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	now only define HAVE_LSEARCH if there is a corresponding search.h
+	[8ce645c5d17f]
+
+	* interfaces.c:
+	works on ISC again
+	[ccac920d424c]
+
+1995-12-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	now define HAVE_LSEARCH if we find lsearch() in libcompat
+	[7343e4313a87]
+
+	* lsearch.c:
+	char * -> const char *
+	[1c0b11c2300a]
+
+	* configure.in:
+	now looks in -lcompat for lsearch()
+	[a1cc1d6fcd09]
+
+	* Makefile.in:
+	remove sudo.core visudo.core for clan target
+	[b523456a85df]
+
+	* aclocal.m4:
+	added UID_MAX support in check for MAX_UID_T_LEN
+	[7ab262b1173f]
+
+	* Makefile.in:
+	fixed another occurence of sudo_getpwuid.*
+	[fb5809c07da2]
+
+	* Makefile.in, getspwuid.c:
+	sudo_getpwuid.c -> getspwuid.c
+	[875f2ef808b4]
+
+	* configure.in:
+	moved the "echo"
+	[ad7b8f966076]
+
+	* BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
+	compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
+	getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+	ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
+	parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
+	sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
+	version.h, visudo.c:
+	++version
+	[ee57c6410ffa]
+
+	* testsudoers.c:
+	added group support
+	[54d8097df8bd]
+
+	* sample.sudoers:
+	added group entry
+	[50994d31fd49]
+
+	* sudoers.man:
+	documented group support
+	[0a16707f8fed]
+
+	* parse.c, parse.lex, parse.yacc, visudo.c:
+	added group support
+	[427218c879c8]
+
+1995-12-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	tkfile was too short and overflowed the kerberos realm
+	[53823a1ff5af]
+
+1995-12-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	now copy command args directly from Argv
+	[77408278b6fd]
+
+	* sudo.c:
+	replaced code to copy cmnd_args so that is does not use realloc
+	since most realloc()'s really stink
+	[b29a0ff73fb6]
+
+1995-12-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	syslog() fixed in hpux 10.01
+	[2648e6f0cdb0]
+
+1995-12-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
+	[8f108b8d8711]
+
+	* configure.in:
+	better error if cannot find skey incs or libs
+	[5887662ee9d3]
+
+	* aclocal.m4:
+	now use a temp file for determining max len of uid_t in string form.
+	the old hacky way broke on netbsd
+	[b68f470fa9f8]
+
+	* sudo.c:
+	added set of parens and a space
+	[8a3d4826d022]
+
+1995-12-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* dce_pwent.c:
+	fixes from Jeff Earickson <jaearick@colby.edu> ,
+	[bde0f0b756ec]
+
+	* check.c:
+	modified a comment
+	[e2a97f1afbbe]
+
+	* Makefile.in:
+	fixed up testsudoers target
+	[d39c4e7bb609]
+
+	* configure.in:
+	DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
+	SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
+	[da7a1c433828]
+
+	* Makefile.in:
+	LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
+	VISUDO_LDFLAGS
+	[4b69503e8487]
+
+1995-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	fix for C2 on hpux 10 now uses -linet if it exists
+	[8d300112263d]
+
+	* check.c:
+	LONG_SKEY_PROMPT is less of a klusge /
+	[dcc144abaac3]
+
+	* configure.in:
+	fixed typos w/ dce stuff
+	[f7dfd6d4e149]
+
+	* Makefile.in:
+	added dce_pwent.c
+	[79047acdc516]
+
+1995-11-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	amended section on combining authentication mechanisms
+	[dc5138c7c716]
+
+	* PORTING:
+	minor updates for 1.3.6
+	[fe80c13bd994]
+
+	* TROUBLESHOOTING:
+	added 2 more entries
+	[c7201439a0f5]
+
+	* BUGS:
+	updated for 1.3.6
+	[979b414d2a2d]
+
+	* README:
+	overhauled
+	[3af8b60eb594]
+
+	* INSTALL:
+	rewrote for sudo 1.3.6
+	[b16027b9c726]
+
+	* TROUBLESHOOTING:
+	added 3 entries
+	[934c9ee3f153]
+
+1995-11-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* find_path.c, getspwuid.c, sudo.c:
+	added explict casts for strdup since many includes don't prototype
+	it. gag me.
+	[3e19a11f2fcc]
+
+	* sudo.h:
+	removed prototype for sudo_getpwuid() since convex C compiler choked
+	on it.
+	[c3ea74ca67b0]
+
+	* sudo.c:
+	added prototype for sudo_getpwuid()
+	[4a8e3cdc2b98]
+
+	* lsearch.c:
+	now compiles on strict ANSI compilers
+	[3ce5d72d0b08]
+
+	* check.c:
+	added LONG_SKEY_PROMPT support
+	[48a18b8a2332]
+
+	* Makefile.in:
+	added extra $'s for make to eat up, yum.
+	[2995b214e12b]
+
+	* OPTIONS, options.h:
+	added LONG_SKEY_PROMPT
+	[f23ae799b5a4]
+
+1995-11-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	s/key support now works with normal s/key as well as logdaemon
+	[d67573f523bf]
+
+	* OPTIONS, options.h:
+	added SKEY_ONLY
+	[bbf07654e0de]
+
+	* compat.h:
+	set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
+	[205895b96a36]
+
+	* INSTALL:
+	added DCE note added more AIX notes
+	[6345403b3522]
+
+	* sudo.c:
+	now include pthread.h for DCE support
+	[6fe02865f679]
+
+	* check.c:
+	dce_pwent() is ok after all .,
+	[d26a8746a55d]
+
+	* logging.c:
+	now uses SYSLOG() macro that equates to either syslog() or
+	syslog_wrapper
+	[42ac4cff8045]
+
+	* dce_pwent.c:
+	minor formatting changes. renamed check() to somthing less generic
+	[71859f217be1]
+
+	* check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
+	visudo.c:
+	now uses user_pw_ent and simple macros to get at the contents
+	[f4cbf3e7145a]
+
+1995-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	simpler dec unix C2 support
+	[86bc8f75250e]
+
+	* getspwuid.c:
+	now sets crypt_type for DEC unix C2
+	[99aeadd18266]
+
+1995-11-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	added csops paths for skey
+	[b8ca672e2117]
+
+	* getspwuid.c:
+	now includes string.h for strdup() prototype
+	[3605259c3620]
+
+	* getspwuid.c:
+	fixed a few typos
+	[46c97e4ea417]
+
+	* check.c:
+	now includes skey.h
+	[11e611ce1b61]
+
+	* getspwuid.c:
+	fixed up comments
+	[223dac56f0c8]
+
+	* check.c:
+	moved a lot of the shadow passwd crap to sudo_getpwuid()
+	[97d8887fb7d3]
+
+	* sudo.c:
+	now uses sudo_pw_ent
+	[d014dadbef48]
+
+	* testsudoers.c:
+	now uses sudo_pw_ent
+	[d92936ed7e34]
+
+	* visudo.c:
+	now sets sudo_pw_ent
+	[ff75cdfcf8b3]
+
+	* getspwuid.c:
+	Initial revision
+	[6deb6df9d7bc]
+
+	* tgetpass.c:
+	moved dce stuff into compat.h
+	[1124284396e7]
+
+	* logging.c, sudo.h:
+	now uses sudo_pw_ent
+	[404ff20a5067]
+
+	* Makefile.in:
+	added sudo_getpwuid.c
+	[6666d0644512]
+
+	* compat.h:
+	added dce support
+	[3c3b36a7ce0e]
+
+	* parse.yacc:
+	now uses sudo_pw_ent
+	[9f5e8d11bd68]
+
+1995-11-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	fixed exempt_group stuff for OS's that don't put base gid in group
+	vector
+	[003f153bd396]
+
+	* check.c:
+	S/Key support now works with sunos4 shadow passwords
+	[1eb64a5efff1]
+
+	* Makefile.in:
+	fixed clean rule
+	[5695a2c62816]
+
+	* config.h.in, configure.in:
+	added DCE support
+	[f53c766c1947]
+
+	* tgetpass.c:
+	DCE & KERB support
+	[904cf436506a]
+
+	* check.c:
+	first stab at dce support
+	[aea5ca07b1e3]
+
+	* dce_pwent.c:
+	now smells like sudo
+	[8b3d609b49cd]
+
+	* dce_pwent.c:
+	Initial revision
+	[b573555f2399]
+
+	* check.c:
+	skey'd sudo now works w/ normal password as well
+	[8d038f9f6e94]
+
+1995-11-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
+	getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+	ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
+	parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
+	sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
+	version.h, visudo.c:
+	updated version number
+	[ba7e346d7904]
+
+	* README:
+	updated to reflect version change
+	[1d15cf1d8cc8]
+
+	* configure.in:
+	--with options now line up ++version
+	[08ebf625fbca]
+
+	* sudo.h:
+	removed unecesary S/Key stuff
+	[68188cba90af]
+
+	* configure.in:
+	fixed S/Key support
+	[f6d9cbc36618]
+
+	* Makefile.in:
+	-I stuff now goes in CPPFLAGS
+	[7b8e53c5b046]
+
+	* check.c:
+	fixed SKey support
+	[52c1a5cf4435]
+
+	* README:
+	updated version
+	[bed6498a10bb]
+
+	* OPTIONS:
+	fixed description of EXEMPTGROUP
+	[cfeead55edc2]
+
+	* sudo.c:
+	more people use _RLD_ than just alphas...
+	[6a3c7090a6f6]
+
+	* Makefile.in:
+	replaced $man_prefix with $mandir
+	[dc4b36a550e2]
+
+	* configure.in:
+	fixed a typo
+	[a38a4acddcaf]
+
+	* Makefile.in:
+	now use more GNU'ish dir names
+	[c5498391a520]
+
+	* configure.in:
+	now set *dir correctly (can override from command line)
+	[523ff98fd438]
+
+	* sudo.c:
+	now deal with situations where we getwd() fails
+	[88a9e61dccbb]
+
+1995-11-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	added etc_dir, bin_dir, sbin_dir
+	[75fd08d92842]
+
+	* configure.in:
+	added sbin_dir
+	[3cb318c0d8d1]
+
+	* Makefile.in:
+	now ship a flex-generated lex.yy.c
+	[4d083ed70dce]
+
+	* Makefile.in:
+	now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
+	[4d51dc9c3780]
+
+	* pathnames.h.in:
+	_PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
+	[773fd163d52f]
+
+	* options.h:
+	no more error for redefining SUDOERS_OWNER
+	[4ba336644c6a]
+
+	* OPTIONS:
+	expanded SUDOERS_OWNER section
+	[12fae405759e]
+
+1995-11-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	now warn if chown(2) failed
+	[d0d1db6e3a1f]
+
+	* logging.c:
+	better default warning for NO_SUDOERS_FILE
+	[5260b458ac64]
+
+	* sudo.c:
+	added missing set_perms() no more cryptic message if the sudoers
+	file is zero length, now just give a parse error
+	[b81ea724838a]
+
+	* logging.c:
+	better diagnostics if NO_SUDOERS_FILE
+	[877e878663c5]
+
+	* sudo.c:
+	check_sudoers() now catches sudoers files that are not readable (but
+	are stat'able).
+	[fea05663b3de]
+
+1995-11-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	now add -D__STDC__ for convex cc (not gcc)
+	[c80fc53ff51b]
+
+	* configure.in:
+	MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
+	[fe238226a057]
+
+	* Makefile.in:
+	now uses exec_prefix & prefix from configure
+	[f62fca5f56bd]
+
+	* find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
+	parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
+	utime.c, visudo.c:
+	options.h is now <> instead of "" so shadow build trees can have a
+	custom copy of options.h
+	[e6782676099c]
+
+	* check.c:
+	user_is_exempt() is no longer a hack, it now uses getgrnam()
+	[287f8d5356f7]
+
+	* options.h:
+	EXEMPTGROUP is now "sudo"
+	[61487304dbe1]
+
+	* configure.in:
+	MAN_POSTINSTALL now contains a leading space
+	[eaad4ac34012]
+
+	* Makefile.in:
+	removed leading tab if @MAN_POSTINSTALL@ not defined now removes
+	testsudoers in clean:
+	[e01711baceb8]
+
+	* tgetpass.c:
+	includes pwd.h to get _PASSWD_LEN definition
+	[8ec174f263f1]
+
+1995-10-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	unset the KRB_CONF envariable if using kerberos so we don't get
+	spoofed into using a bogus server
+	[2561a0274fca]
+
+1995-09-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc:
+	now explicately initialize match[] tp be FALSE
+	[0e45e5c47766]
+
+1995-09-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	removed unused variable now passes -Wall
+	[3452508bc16d]
+
+	* parse.yacc:
+	yyerror and dumpaliases are now void's now passes -Wall
+	[2769dfb51993]
+
+	* parse.lex:
+	added prototype for yyerror
+	[1f3f0c1b4ab4]
+
+	* check.c, logging.c, parse.c:
+	now passes -Wall
+	[eab57e5e81d2]
+
+	* interfaces.c:
+	rmeoved unused cruft now passes -Wall
+	[7a47e1866f4b]
+
+	* Makefile.in:
+	fixed headers that moved to emul dir
+	[e680c1e5049b]
+
+	* logging.c:
+	fixed deref of nil pointer if no args
+	[973b9bea432f]
+
+1995-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* OPTIONS:
+	added a caveat to FQDN section
+	[dcf6e2a5fff4]
+
+1995-09-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	more $srcdir support for install targets
+	[f6eac78436dd]
+
+	* find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
+	strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
+	don't include malloc.h if we include stdlib.h
+	[fca2ff307cd8]
+
+	* parse.yacc:
+	local search.h now lives in emul
+	[51c458904424]
+
+	* check.c, utime.c:
+	local utime.h now lives in emul dir
+	[f92fc9e8c8de]
+
+	* lsearch.c:
+	local search.h now lives in emul
+	[579efc407439]
+
+	* Makefile.in:
+	added support for building in other than the sourcedir
+	[2ab53a43f7d4]
+
+1995-09-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* OPTIONS:
+	annotated CSOPS_INSULTS option
+	[9e57d45a0afa]
+
+	* TROUBLESHOOTING:
+	updated shadow passwords blurb
+	[39b785bc7253]
+
+	* sudo.c:
+	if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
+	passes along foo as the arguments
+	[a91077aa8fc5]
+
+1995-09-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.lex:
+	collapsed pathname and dir sections into one -- its now less
+	expensive
+	[89caa03bec25]
+
+	* parse.lex:
+	fixed spacing quoting [,:\\=] now works correctly append() and
+	fill() now take args to make the above work
+	[09d023d9ef3a]
+
+	* sudo.c:
+	fixed a typo that caused commands with no tty on fd 0 but a tty on
+	fd 1 to erroneously have "none" as their tty
+	[07d2c0e7977c]
+
+1995-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	timestampfile is now a global static removed decl of timestampfile
+	in remove_timestamp since we can just use the global one
+	[f0cbdc6aab1c]
+
+	* check.c:
+	created touch() to update timestamps added USE_TTY_TICKETS support
+	(bit of a kludge)
+	[cee1dd0318f8]
+
+	* compat.h:
+	added _S_IFDIR and S_ISDIR
+	[b4a51cc9628e]
+
+	* OPTIONS, options.h:
+	added USE_TTY_TICKETS
+	[b4e22f81f25e]
+
+	* parse.yacc:
+	removed const from casts for lsearch() & lfind() to placate irix 4.x
+	C compiler
+	[5003081f76ea]
+
+1995-09-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	now only strip '/dev/' off of a tty if it starts with '/dev/'
+	[7f62bcd24039]
+
+	* pathnames.h.in:
+	added _PATH_DEV
+	[6375f44d1910]
+
+	* configure.in:
+	AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
+	have termios.h
+	[9c60391235fd]
+
+	* tgetpass.c:
+	fixed incorrect #ifdef termio uses "unsigned short" not int for
+	c_?flag
+	[d032e6a29845]
+
+	* parse.lex, parse.yacc:
+	fixed a spelling error
+	[cad6a944c7b1]
+
+	* Makefile.in:
+	fixed typo
+	[204a65403e7c]
+
+1995-09-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	fixed a comment
+	[268f760e57ad]
+
+	* parse.yacc:
+	added dotcat() to cat 2 strings w/ a dot effeciently now that we
+	dynamically allocate strings they need to be free()'d
+	[ec2e2152f415]
+
+	* parse.lex:
+	dynamically allocates space for strings
+	[d10ac3533d66]
+
+	* sudo.h:
+	no more MAXCOMMANDLENGTH
+	[e2e1219bff8a]
+
+	* sudo.h:
+	added decl of tty
+	[c8ae81303ee5]
+
+	* logging.c, sudo.c:
+	moved tty stuff into sudo.c
+	[e028abefeb07]
+
+1995-09-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	fixed a logic bug. Was denying a command if user gave command line
+	args but there were none in the sudoers file which is wrong.
+	[7489a99b8e8a]
+
+	* sudo.h:
+	MAXCOMMMANDLEN dropped down to 1K
+	[38ef54ba290b]
+
+	* parse.lex:
+	return foo; -> return(foo);
+	[0e8be1b57001]
+
+	* parse.yacc:
+	fixed netgr_matches() prototype
+	[e69f15910464]
+
+	* parse.lex:
+	added support for escaping "termination" characters
+	[8bd4ef50f35c]
+
+	* parse.c:
+	buf is now of size MAXPATHLEN+1 since it never holds command args
+	[2ce4b763058c]
+
+	* sudo.c:
+	fixed comments
+	[0c74a3d2ebb0]
+
+	* goodpath.c:
+	fixed negation problem (doh!)
+	[782814e3a2d1]
+
+	* parse.yacc:
+	fixed 2nd parameter to lfind()
+	[63d7b1623c08]
+
+	* parse.lex:
+	now do bounds checking in fill() and append()
+	[54381b563251]
+
+	* sudo.c:
+	include netdb.h as we should added a missing void cast added
+	SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
+	realloc actually moved the string instead of shrinking it
+	[897ccdec9c06]
+
+	* sample.sudoers:
+	updated with examples of new features
+	[9b3ed00e8aa6]
+
+	* goodpath.c:
+	now set errno to EACCES if not a regular file or not executable
+	[2d069548a5ea]
+
+	* find_path.c:
+	if given a fully-qualified or relative path we now check it with
+	sudo_goodpath() and error out with the appropriate error message if
+	the file does not exist or is not executable
+	[590f89dd8dec]
+
+	* emul/search.h, lsearch.c:
+	now use correct args for lfind
+	[fccdcdbf020e]
+
+	* logging.c:
+	added a comment
+	[fab9f49708ea]
+
+	* insults.h:
+	added in CSOps insults
+	[ad8eb1862adc]
+
+	* ins_csops.h:
+	Initial revision
+	[de5a475ec018]
+
+	* tgetpass.c:
+	added RCS id
+	[c3ffd550a482]
+
+	* sudo.h:
+	increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
+	[aba25c90d08a]
+
+	* OPTIONS:
+	added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
+	[e27bd62e9ccf]
+
+	* sudo.c:
+	fixed -k load_interfaces() now gets called if FQDN is set
+	-p now works with -s
+	[07ca2a34bae8]
+
+	* parse.c:
+	don't try to stat() "pseudo commands" like "validate"
+	[75527045984b]
+
+	* options.h:
+	added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
+	[07b157a0eafd]
+
+	* configure.in:
+	added SecurID support added other insults to --with-csops
+	[6c992ceb244c]
+
+	* config.h.in:
+	added HAVE_SECURID
+	[e734ff617fe8]
+
+	* Makefile.in:
+	added clobber target added ins_csops.h now gets CFLAGS from
+	configure
+	[d1e29c7cec25]
+
+	* aclocal.m4:
+	relaxed SUDO_FULL_VOID
+	[fb4084f27406]
+
+	* visudo.c:
+	function comment blocks are now in same style as rest of code
+	[04a2931354c5]
+
+	* testsudoers.c:
+	added support for command line args in /etc/sudoers
+	[bfe4e1bcc655]
+
+	* sudoers.man:
+	updated to have command args in the sudoers file
+	[1cd34355e9ea]
+
+	* sudo.man:
+	added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
+	[930b48023b68]
+
+1995-08-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc:
+	PATH renamed to COMMAND
+	[4e109a6de3cd]
+
+	* parse.lex:
+	it is now a parse error for directories to have args attached to
+	them
+	[2ab10a146b54]
+
+	* logging.c:
+	now say command args if telling user to buzz off
+	[933de26ded8b]
+
+	* sudo.c:
+	-s no longer indicates end of args sped up loading on cmnd_args in
+	load_cmnd()
+	[eac99a4da862]
+
+	* parse.c:
+	removed an unreachable statement
+	[634302623c49]
+
+	* parse.lex:
+	made more efficient by pulling out the terminators when in GOTCMND
+	state and making them their own rule
+	[80798f1e1166]
+
+1995-08-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.h:
+	removed MAXLOGLEN since it is no longer used
+	[102824196b71]
+
+	* parse.lex:
+	now allows command args
+	[d29dfa1e5254]
+
+	* parse.c:
+	now groks command arguments
+	[6c414cb7f105]
+
+	* logging.c:
+	now sets tty correctly when piped input
+	[de46a30c0406]
+
+	* sudo.c:
+	fixed loading of cmnd_args (was including command name too)
+	[15319a425ea6]
+
+	* logging.c:
+	fixed a core dump due to incorrect if construct
+	[582363c7d7fa]
+
+1995-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
+	[da591fe9b931]
+
+	* aclocal.m4:
+	fixed check for ISC
+	[52e59f2082a7]
+
+	* sudo.c:
+	now sets cmnd_args used by log_error() and that will be used by the
+	parse to check against command args
+	[c6804389723b]
+
+	* sudo.h:
+	added cmnd_args
+	[4d00446b4a8d]
+
+	* logging.c:
+	now dynamically allocate logline since we can guess at its size
+	[4bed8c8446aa]
+
+1995-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
+	"register" since the compiler knows more than I do now do a
+	"basename" of the tty
+	[3b1bbf0b3da1]
+
+1995-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	++version
+	[5ce552f9a5f1]
+
+	* sudo.h:
+	added shell extern changed MODE_* to be bit masks to allow for
+	several options together
+	[06f9dc4f400c]
+
+	* sudo.c:
+	added -s (shell) option made MODE_* masks so we can do bitwise & and
+	| to see if multiple flags are set.
+	[01f8143010ad]
+
+	* check.c:
+	added securid support
+	[909e078005fe]
+
+1995-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	removed a bunch of unnecesary strncpy()'s and replaced with strcat()
+	[644506b57d61]
+
+1995-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, version.h:
+	++version
+	[3cd6f1fbc3d9]
+
+1995-07-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc:
+	fixed free() of an uninitialized pointer (yuck)
+	[8c404ee502ee]
+
+	* testsudoers.c:
+	added netgr_matches
+	[e7c9fa2f774c]
+
+	* parse.c:
+	cleaned up netgr_matches
+	[8108f00b810e]
+
+1995-07-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON:
+	updated for 1.3.4
+	[4741704310a1]
+
+1995-07-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	now installs sudoers.man -- really should clean this up though.
+	[455631d45a1d]
+
+	* Makefile.in:
+	added sudoers.cat and sudoers.man
+	[0bdedd6c7363]
+
+	* sudo.man:
+	pulled out stuff on the sudoers file format into a separate man page
+	[de215d999cb9]
+
+	* sudoers.man:
+	Initial revision
+	[f25eafbb7095]
+
+	* HISTORY:
+	fixed up my email address
+	[254fbf80be74]
+
+	* configure.in:
+	added checks for innetgr and getdomainname
+	[24a99cb7e97e]
+
+	* visudo.c:
+	added dummy netgr_matches function
+	[1841ff2c01da]
+
+	* parse.c:
+	added netgr_matches
+	[ec90db6a97b8]
+
+	* parse.lex, parse.yacc:
+	added NETGROUP support
+	[c9dd93e3bc4b]
+
+	* config.h.in:
+	added HAVE_INNETGR & HAVE_GETDOMAINNAME
+	[14abd494d875]
+
+1995-07-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	rewrote clean_env() that has rm_env() builtin
+	[55cb43818a95]
+
+1995-07-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	now cast uid to long in sprintf
+	[b549eea40aeb]
+
+	* OPTIONS:
+	added _INSULTS suffix to HAL & GOONS end
+	[ed620d0aad30]
+
+	* options.h:
+	added _INSULTS suffix to HAL & GOONS
+	[9f72e9b83afd]
+
+	* ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
+	converted to new scheme of insult "unions" end
+	[2f6d2b412132]
+
+	* sudo.c:
+	now uses MAX_UID_T_LEN
+	[c1df79e0f389]
+
+	* configure.in:
+	added SUDO_UID_T_LEN !l
+	[195f0b9f5f84]
+
+	* config.h.in:
+	added MAX_UID_T_LEN
+	[73f42ae4f14d]
+
+	* check.c:
+	now use MAX_UID_T_LEN
+	[df9c063234cb]
+
+	* aclocal.m4:
+	added check for max len of uid_t fixed sco vs. isc check
+	[d558f36d2223]
+
+1995-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	corrected version
+	[828dd1571e86]
+
+	* configure.in:
+	added sco support
+	[af1e2f616638]
+
+	* aclocal.m4:
+	hack to check for sco
+	[549ab99a9a43]
+
+	* interfaces.c:
+	removed #include <net/route.h> since it was hosing some OS's
+	[ac78a7c04005]
+
+1995-07-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* find_path.c:
+	fixed prreadlink() prototype
+	[b380fe1f2b11]
+
+	* check.c:
+	added parens in #if's
+	[e96ade691b82]
+
+	* configure.in:
+	added SPW_ prefix
+	[a302683a1483]
+
+	* sudo.h:
+	moved SPW_* to config.h.in
+	[6b3be70e34cf]
+
+	* sudo.c:
+	added a set of parens
+	[8188d735d695]
+
+	* config.h.in:
+	added SPW_*
+	[5ead6371cf60]
+
+	* sudo.h:
+	added SPW_* reordered error codes
+	[dead25b4ed0a]
+
+	* check.c:
+	moved SPW_* to sudo.h
+	[ca51fb04caf4]
+
+1995-07-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	SPW_AUTH -> SPW_SECUREWARE
+	[6b512b2bc5dc]
+
+	* logging.c:
+	GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
+	[defdd0944e2f]
+
+	* configure.in:
+	AUTH -> SECUREWARE
+	[d1f8a17001dd]
+
+	* check.c:
+	SPW_AUTH -> SPW_SECUREWARE
+	[af0e8d8b89b2]
+
+	* check.c:
+	now uses SHADOW_TYPE to make shadow pw support more readable and
+	modular. It's a start...
+	[8c2a59667014]
+
+	* configure.in:
+	added autodetection of shadow passwords
+	[85f81fa54b1b]
+
+	* sudo.c:
+	now uses SHADOW_TYPE define
+	[355e5dc09b07]
+
+	* config.h.in:
+	added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
+	[c0c06e83e483]
+
+	* aclocal.m4:
+	added SUDO_CHECK_SHADOW
+	[464301301639]
+
+1995-07-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
+	memmove() since we dno longer use it...
+	[8aefa87d7d31]
+
+	* CHANGES:
+	updated
+	[ce97b3fd7182]
+
+	* logging.c:
+	added BROKEN_SYSLOG support
+	[a45c3bca36f6]
+
+	* config.h.in:
+	added BROKEN_SYSLOG
+	[6f6abf0a6268]
+
+	* check.c:
+	now only bitch it timestamp > time_now + 2 * timeout to allow for a
+	machine udpating its time from a server
+	[546bc8d35325]
+
+	* sudo.man:
+	added 2 security notes updated Nieusma's email addr
+	[616756c56977]
+
+	* lsearch.c:
+	changed a memmove() to memcpy() since we don't have to worry about
+	overlapping segments.
+	[30baa478526b]
+
+1995-07-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* interfaces.c:
+	cleanup up the loop when interfaces are groped in so that it is
+	readable
+	[1fa39446bd69]
+
+	* Makefile.in, version.h:
+	++version
+	[b46bd2b1770f]
+
+1995-07-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	annotated 124-126
+	[b82a2b3ec7ce]
+
+1995-07-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	fixed permissions check on /tmp/.odus
+	[cc2431a65468]
+
+1995-07-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	fixed some comments
+	[8896d09b4fda]
+
+	* check.c:
+	now checks owner & mode of timedir also checks for bogus dates on
+	timestamp file
+	[a0fad5df5b0a]
+
+	* OPTIONS:
+	updated TIMEOUT info
+	[033cc22d9e04]
+
+	* logging.c, sudo.h:
+	added BAD_STAMPDIR and BAD_STAMPFILE
+	[31d9ce691101]
+
+	* compat.h:
+	added definition of S_IRWXU
+	[ff2dab091a9b]
+
+	* CHANGES:
+	updated
+	[a40df90284f1]
+
+1995-07-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* interfaces.c:
+	added #ifdef to make it compile on strange arches
+	[4a127f12afce]
+
+1995-07-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aclocal.m4:
+	fixed check for fulkl void impl.
+	[b6f2a4a361d8]
+
+	* check.c:
+	added mssing "static"
+	[520552f2772b]
+
+	* insults.h:
+	replaced #elif with #else #if constructs for ancient C compilers
+	[39ab2d365b57]
+
+	* INSTALL:
+	updated irix c2 & kerb5 info
+	[ae79b99b4905]
+
+	* configure.in:
+	added shadow pw support for irix
+	[632469d9c528]
+
+1995-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS, TODO:
+	updated
+	[2a96bb18ac30]
+
+	* CHANGES:
+	last changes for sudo 1.3.3
+	[c1c0cd1034b8]
+
+	* configure.in:
+	now calls SUDO_SOCK_SA_LEN
+	[14ea78159d45]
+
+	* config.h.in:
+	added HAVE_SA_LEN
+	[cc2a346aa905]
+
+	* aclocal.m4:
+	added SUDO_SOCK_SA_LEN
+	[456a2025644a]
+
+	* interfaces.c:
+	now works with ip implementations that use sa_len in sockaddr
+	[90be6e028077]
+
+	* INSTALL:
+	added note about buggy AIX compiler
+	[c0f6d427e4e4]
+
+	* interfaces.c:
+	now include sys/time.h for AIX
+	[2510858ab38b]
+
+1995-06-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	getcwd -> getwd
+	[66085ebca98e]
+
+	* interfaces.c:
+	now works for ISC and others. yay.
+	[f336d4ffc927]
+
+1995-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, version.h:
+	version++
+	[836cffc2078d]
+
+1995-06-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aclocal.m4:
+	fixed test for full void impl
+	[fb004107e7b9]
+
+	* sudo.c:
+	now check to see that st_dev is non-zero before assuming that we are
+	being spoofed
+	[1b0e1c30c506]
+
+1995-06-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aclocal.m4, configure.in:
+	SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
+	[4953379bfb01]
+
+1995-06-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aclocal.m4:
+	fixed include file order for SUDO_FUNC_UTIME_POSIX
+	[ff64ab7df44f]
+
+	* logging.c:
+	added cast for ttyname()
+	[444f05f56758]
+
+	* configure.in:
+	fixed typo
+	[de068e748431]
+
+	* check.c:
+	now deal correctly with all known variation of utime() -- yippe
+	[b778a4195a89]
+
+	* configure.in:
+	added SUDO_FUNC_UTIME_POSIX
+	[cf635f2269d6]
+
+	* aclocal.m4:
+	added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
+	[d79593be4b73]
+
+	* config.h.in:
+	added HAVE_UTIME_POSIX
+	[c67b4ac0dca5]
+
+	* check.c:
+	fixed a typo
+	[b14df5680f59]
+
+	* check.c:
+	no longer assume !HAVE_UTIME_NULL means old BSD utime()
+	[0aeaf4b2f38b]
+
+	* check.c:
+	fixed fascist C compiler warning
+	[c61ddf2f1f93]
+
+	* interfaces.c:
+	now set strioctl.ic_timout in STRSET() now initialize num_interfaces
+	to 0 (just to be anal)
+	[c54cc2ba0052]
+
+1995-06-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.h:
+	increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
+	[74cf585a54fb]
+
+	* logging.c:
+	added tty logging
+	[e27d8dcfbd78]
+
+	* interfaces.c:
+	reworked the ISC code
+	[bcf57ce8ae69]
+
+	* Makefile.in, version.h:
+	updated version
+	[032941c9b94d]
+
+	* check.c:
+	now expect old-style utime(3) if utime() can't take NULL as an arg
+	[018dd4a73030]
+
+	* configure.in:
+	added check for utime.h
+	[0b76e8feb618]
+
+	* config.h.in:
+	added HAVE_UTIME_H
+	[62ee42feda46]
+
+	* Makefile.in:
+	added CPPFLAGS STATIC_FLAGS -> LDFLAGS
+	[fa3201d294e1]
+
+	* configure.in:
+	now search for kerb libs and includes
+	[cc332401e571]
+
+	* check.c:
+	added support for utime(2)'s that can't take a NULL parameter
+	[98797fedf69f]
+
+	* utime.c:
+	moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
+	[6ce6d825fb44]
+
+	* configure.in:
+	added utime(s) stuff
+	[a2afb744403e]
+
+	* check.c:
+	now use utime()
+	[48902240a51e]
+
+	* config.h.in:
+	added HAVE_UTIME and HAVE_UTIME_NULL
+	[9a56ab65d4f4]
+
+1995-06-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* utime.c:
+	now use HAVE_UTIME_NULL
+	[e3944de09a92]
+
+	* emul/utime.h, utime.c:
+	Initial revision
+	[a2cbf2ef3427]
+
+	* check.c:
+	need to setuid(0) to make kerb4 stuff work.
+	[c6cfda4039d7]
+
+	* tgetpass.c:
+	no more special case for kerberos
+	[4a5c33145be9]
+
+	* config.h.in:
+	took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
+	emulation)
+	[a607ee43e650]
+
+	* compat.h:
+	no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
+	kerberos
+	[02fb274cc136]
+
+	* check.c:
+	now use private ticket file for kerberos support to avoid trouncing
+	on system one
+	[28d8b6b812c7]
+
+1995-06-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.h:
+	added SPOOF_ATTEMPT & cmnd_st
+	[d3b42a1f4d0d]
+
+	* sudo.c:
+	added anti-spoofing support
+	[ab1e2aa44a57]
+
+	* parse.c:
+	now use global cmnd_st
+	[47018265a1a6]
+
+	* logging.c:
+	added SPOOF_ATTEMPT suypport
+	[7bbe9dd2a021]
+
+	* testsudoers.c, visudo.c:
+	added void casts where appropriate
+	[f191441ba333]
+
+	* parse.yacc:
+	fixed up spacing and added void casts where appropriate
+	[15d886fc809c]
+
+	* sudo.c:
+	fixed problem with "-p prompt" but no args
+	[6fc048261a3e]
+
+1995-06-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.man:
+	added BUGS and annotated -l description
+	[e5c506de2603]
+
+	* sudo.h:
+	validate() now takes a flag
+	[26627becc60a]
+
+	* sudo.c:
+	validate() now takes a flag added -l
+	[a4f7bb97fe54]
+
+	* parse.yacc:
+	added support for -l
+	[e7a9b10b0ad3]
+
+	* parse.c:
+	validate() now takes a flag that says whether or not to check the
+	command
+	[9e1e67f4e281]
+
+1995-06-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	now deals with Argv == 1
+	[0acb637ab635]
+
+	* sudo.man:
+	added -p option
+	[e60382fc0561]
+
+	* sudo.c:
+	added prompt support reworked parse_args()
+	[2f605267ed4a]
+
+	* sudo.h:
+	added prompt
+	[5ab021bdb419]
+
+	* options.h:
+	added PASSPROMPT
+	[614727ff44a2]
+
+	* check.c:
+	now use BUFSIZ as length of kerb password added kpass so pass is
+	always a char * now use prompt global when asking for a password
+	[76be09af784f]
+
+	* tgetpass.c:
+	now use BUFSIZ as _PASSWD_LEN if using kerberos
+	[1e907eed312b]
+
+	* OPTIONS:
+	added PASSPROMPT
+	[ddb2f405ce40]
+
+1995-06-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	only look for -lufc or -lcrypt if crypt() not in libc
+	[9717d315661f]
+
+	* check.c:
+	don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
+	(unknown user) silently fail
+	[2b48693d4ee9]
+
+	* INSTALL:
+	added kerb4 note
+	[986e393f740c]
+
+	* tgetpass.c:
+	HAVE_KERBEROS -> HAVE_KERB4
+	[e438bfb5e6aa]
+
+	* check.c:
+	removed debugging printf
+	[1cf9f5cbffa5]
+
+	* configure.in:
+	KERBEROS -> KERB4 added checks for setreuid & setresuid
+	[01e9945beb1e]
+
+	* config.h.in:
+	HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
+	[0e0bb5b8ac3e]
+
+	* compat.h:
+	added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
+	with setresuid if applic
+	[9dae24c47696]
+
+	* check.c:
+	HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
+	no setreuid() or a broken one
+	[1fca642bdb8e]
+
+1995-06-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	added kerberos support
+	[da5639b9b8e7]
+
+	* config.h.in:
+	added HAVE_KERBEROS
+	[fcc5be550e65]
+
+	* tgetpass.c:
+	added KERBEROS support (long passwords)
+	[303ba6924dd2]
+
+	* check.c:
+	added kerberos support
+	[e40afe98fc1d]
+
+1995-06-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.h:
+	added MODE_BACKGROUND
+	[9b483c932016]
+
+	* sudo.man:
+	escaped dashes added -b option
+	[62e84f1a7714]
+
+	* sudo.c:
+	added -b option
+	[7e78aaefeb95]
+
+	* check.c:
+	added crypt() for osf/1 3.x enhanced secuiry
+	[e9aa5abdb7d5]
+
+	* configure.in:
+	now check for -lcrypt
+	[5cb9c67e9fa2]
+
+	* interfaces.c:
+	added ENXIO like EADDRNOTAVAIL
+	[74223bb1ba75]
+
+1995-05-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	now emulate getwd(), not getcwd()
+	[3e5439d9a5f4]
+
+	* sudo.c:
+	getcwd() -> getwd()
+	[6392a96a658e]
+
+	* getwd.c:
+	getcwd -> getwd
+	[1b0ab9bae11e]
+
+1995-05-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ins_2001.h, ins_classic.h, ins_goons.h:
+	Initial revision
+	[86db60d8cf00]
+
+	* insults.h:
+	broke out insults into separate include files
+	[0a01993bd38a]
+
+	* OPTIONS, options.h:
+	added GOONS
+	[e283203c6515]
+
+	* Makefile.in:
+	added ins_2001.h ins_classic.h ins_goons.h
+	[2a39cd6a4cd2]
+
+	* Makefile.in, version.h:
+	++version
+	[05ebf4f5e41a]
+
+	* visudo.c:
+	moved signal handler setup to setup_signals()
+	[3dd976c04540]
+
+	* sudo.h:
+	added load_interfaces()
+	[af2d473b09e2]
+
+	* sudo.c:
+	moved load_interfaces to interfaces.c
+	[5c8c138e5d4c]
+
+	* parse.yacc:
+	added clearaliases
+	[aeb4ff301daa]
+
+	* OPTIONS, options.h:
+	added FAST_MATCH
+	[f49ea3d1b525]
+
+	* parse.lex:
+	now uses clearaliases variable
+	[a2dda415bf61]
+
+	* interfaces.c:
+	Initial revision
+	[a1990e3f5c69]
+
+	* Makefile.in:
+	added interfaces.[co]
+	[1e8e5984de97]
+
+	* testsudoers.c:
+	now uses ip addrs and netmasks via load_interfaces()
+	[54b8f7a6835e]
+
+	* sudo.c:
+	now remove IFS instead of setting to "sane" value
+	[ce7eec9f115e]
+
+1995-05-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	added FAST_MATCH
+	[816d4f5fe81a]
+
+1995-04-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	sudo_goodpath.c-> goodpath.c
+	[a5072c4e1de2]
+
+	* sudo.c:
+	added Andy's new ISC changes
+	[caa6bbee358e]
+
+1995-04-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* OPTIONS:
+	added a sentence to SECURE_PATH info
+	[cad6e1569d15]
+
+	* BUGS:
+	added one
+	[4b35cf699a83]
+
+	* CHANGES:
+	updated
+	[5fded9dc62f0]
+
+	* RUNSON:
+	updated
+	[33cb993cfd39]
+
+1995-04-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON:
+	updated for beta3
+	[a05dc6a91995]
+
+	* Makefile.in, version.h:
+	++version
+	[54aaf3fadc75]
+
+	* aclocal.m4:
+	sendmail is now looked for in /usr/ucblib
+	[231ac1a4662f]
+
+	* sudo.c:
+	fixed indentation
+	[fb137400c8c2]
+
+	* aclocal.m4:
+	fixed a typo
+	[e03f1acc468b]
+
+	* sudo.c:
+	updated ISC mods
+	[070290d4754b]
+
+	* configure.in:
+	added unixware case
+	[e90250bae0d9]
+
+	* check.c:
+	user_is_exempt is no longer hidden
+	[1a341765b8af]
+
+	* RUNSON:
+	updated
+	[a9c4898b26dd]
+
+	* aclocal.m4:
+	isc and riscos changes
+	[98b5d86585d1]
+
+	* OPTIONS:
+	added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
+	[e1ecc464ce4b]
+
+	* Makefile.in:
+	fixed a typo and added testsudoers stuff
+	[435d60e163dc]
+
+	* testsudoers.c:
+	Initial revision
+	[6ce14a448662]
+
+1995-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc:
+	applied fixed patch from Chris
+	[cd6144203d13]
+
+1995-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	fixed a typo
+	[34f8a54ba041]
+
+	* parse.yacc:
+	added a set of braces for bison
+	[f0e43b938914]
+
+	* parse.yacc:
+	merged in Chris' changes to dekludge the parser.
+	[82d6e373ab1c]
+
+	* logging.c:
+	send_mail() was calling find_path() which is wrong since find_path()
+	stores cmnd in a static var. Anyhow, it doesn't make much sense
+	since MAILER should always be fully qualified
+	[6eae6a0b8098]
+
+1995-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sample.sudoers:
+	added User_Alias stuff
+	[aaba8c8e918d]
+
+	* aclocal.m4:
+	SUDO_NEXT now looks for /usr/lib/NextStep/software_version
+	[52bd81f34b32]
+
+	* RUNSON:
+	added DEC UNIX 3.0 w/ gcc
+	[7daf570775b5]
+
+	* visudo.c:
+	Exit was being used in places where exit should be used
+	[6026a89c07ed]
+
+	* sudoers:
+	added "User alias specification"
+	[a487b6e234f8]
+
+	* parse.yacc:
+	fixed probs caused by making nslots and naliases a size_t
+	[0be919384f3f]
+
+	* RUNSON:
+	added KSR, upped rev to 1.3.1b2
+	[ce04ee6faadf]
+
+	* logging.c, parse.yacc:
+	1024 -> BUFSIZ
+	[cd6dda45fa11]
+
+	* parse.yacc:
+	void * -> VOID * naliases and nslots are now size_t to appease
+	lsearch on 64-bit machines
+	[bf2f807c0dc1]
+
+1995-04-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO:
+	did a bunch of things and added a bunch :-)
+	[42afd957b829]
+
+	* PORTING:
+	updated
+	[972f95c85776]
+
+	* visudo.man:
+	closer to BSD manpage style
+	[07ae88f50325]
+
+	* sudo.man:
+	closer to standard BSD man format
+	[372c28dcc135]
+
+	* compat.h, config.h.in, emul/search.h, insults.h, options.h,
+	pathnames.h.in, sudo.h, version.h:
+	added RCS id
+	[c0ec90b81002]
+
+	* sudo.h:
+	removed crufty #defines that are no longer used
+	[35e2b4b477f0]
+
+	* BUGS:
+	fixed a bug
+	[5bb3e1bee85e]
+
+	* sudo.man:
+	updated based on sudo changes
+	[e65de1cae438]
+
+	* parse.yacc:
+	now allow ALL keyword in User_Aliases now allow ALL keyword as well
+	as a NAME or ALIAS
+	[1fb31404dd0f]
+
+	* CHANGES:
+	updated
+	[b24018ac610b]
+
+	* sudo.c:
+	now sets SUDO_COMMAND and SUDO_GID envariables.
+	[e9d791557fb7]
+
+	* aclocal.m4:
+	fixed bug with full void impl check
+	[35715301023c]
+
+	* parse.yacc:
+	fixed User_Alias supoprt
+	[4c30dfbaaa07]
+
+	* parse.yacc:
+	added stubs for User_Alias support
+	[f4afbd247edf]
+
+	* sudo.c:
+	now sets removes # bogus interfaces from num_interfaces
+	[6f077fac9ab1]
+
+	* parse.lex:
+	added User_Alias support
+	[bc7997e5df85]
+
+1995-04-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	removed extraneous TODO
+	[bc87a3b14d6d]
+
+1995-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	ntwk_matches -> addr_matches
+	[475044e288b8]
+
+	* parse.yacc:
+	ntwk_matches -> addr_matches
+	[dd1f4093fd2d]
+
+	* parse.c:
+	ntwk_matches -> addr_matches now use inet_addr() not inet_network()
+	(which expects octet boundaries) fixes for OSF (sizeof(int) !=
+	sizeof(long))
+	[acd2f556940f]
+
+	* sudo.c:
+	took out debugging info
+	[044023063eca]
+
+	* aclocal.m4:
+	OS was being set to unknown before non-uname based host checks.
+	This caused no checks to happen since $OS was not zero-length.
+	[335a7267479d]
+
+	* sudo.c:
+	fixed loading of interfaces struct still has debugging info in
+	though
+	[2d1a18998c1e]
+
+	* parse.c:
+	fixed typo
+	[175674a3a9fa]
+
+1995-04-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	++version
+	[55d191b5daa3]
+
+	* version.h:
+	++
+	[d7d1f115696a]
+
+	* visudo.c:
+	removed extraneous extern decl of "top
+	[50355621047d]
+
+	* visudo.c:
+	now zeros "top"
+	[4e683210345b]
+
+	* parse.yacc:
+	removed parser_cleanup (no need for it now)
+	[afa59f222b6c]
+
+	* parse.lex:
+	now calls reset_aliases() directly
+	[3a23cbd60fc0]
+
+1995-04-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* OPTIONS:
+	added a sentence to SECURE_PATH description
+	[c5bf75b85af0]
+
+	* parse.c:
+	fixed my stupid bug where I used NAMLEN on something I wanted to
+	just get the name from. argh.
+	[111f460f6540]
+
+1995-04-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* lsearch.c:
+	fixed argument order of memmove() that i hosed when converting from
+	bcopy(). arghh.
+	[2f5336045c8b]
+
+	* Makefile.in:
+	finally fixed DISTFILES line
+	[a1b419e73a63]
+
+	* Makefile.in:
+	tabs -> spaces
+	[280fb03e5764]
+
+	* Makefile.in:
+	added missing files to DISTFILES
+	[991fc1cd2263]
+
+	* Makefile.in:
+	SUPPORTED -> RUNSON
+	[7580e65b05fb]
+
+1995-04-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO:
+	updated
+	[fe764a29c1cc]
+
+	* RUNSON:
+	updated for pl5b1 release
+	[aefc35bd2291]
+
+	* BUGS, TODO:
+	updated
+	[8f0ea249b687]
+
+	* check.c:
+	fixed bug where if you hit return at first sudo prompt it would
+	still log as a failure
+	[24539c854692]
+
+	* CHANGES:
+	updated
+	[251cc7b3ede4]
+
+	* aclocal.m4:
+	better test for bogus void * implementation
+	[efe23180cb88]
+
+	* logging.c:
+	added PASSWORDS_NOT_CORRECT
+	[bd12c73f83f7]
+
+	* check.c:
+	added PASSWORDS_NOT_CORRECT stuff]
+	[90de391a979f]
+
+	* sudo.h:
+	added PASSWORDS_NOT_CORRECT
+	[727fbeb76fc5]
+
+	* tgetpass.c:
+	moved pathnames.h
+	[4f910e5a8df7]
+
+	* sudo.c:
+	removed some unused vars and fixed up uid2str
+	[70e92c7f9076]
+
+	* putenv.c:
+	moved compat.h
+	[b271091586f6]
+
+	* getcwd.c, getwd.c:
+	added pathnames.h
+	[6f25218f133f]
+
+1995-03-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc:
+	fixed a typo I introduced in the last checkin :-(
+	[62c3af75c4fe]
+
+	* parse.lex:
+	can't have #ifdef's where N is defined so just do this the broken
+	way for AIX
+	[c5648a5594e4]
+
+	* parse.yacc:
+	better hack from Chris (but still a hack)
+	[6b6d8aed93f3]
+
+	* parse.lex:
+	stupid hack for broken aix lex
+	[efc3f9e5280e]
+
+	* tgetpass.c:
+	now includes compat.h 
+	[401822173f77]
+
+	* visudo.c:
+	now includes fcntl.h
+	[63865c2f8ac6]
+
+	* compat.h:
+	added FD_SET and FD_ZERO for 4.2BSD
+	[00c5597c0bb0]
+
+	* parse.yacc:
+	dirty hack to fix parser bug. i don't really like this but it works
+	for now...
+	[5b8bbdc81569]
+
+	* sudo.c:
+	uid2str is now static like the prototype says
+	[f2a97b5cb870]
+
+1995-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
+	updated
+	[6f79c3e92716]
+
+	* RUNSON:
+	Initial revision
+	[12a09ef9e884]
+
+	* sudo.c:
+	check_sudoers now returns an error code and sudo calls inform_user
+	and log_error based on the return value.
+	[340eca188d9a]
+
+	* logging.c, sudo.h:
+	added entries for new errors
+	[6050d8542e1f]
+
+	* parse.c:
+	now set uid to that of SUDOERS_OWNER while parsing sudoers file
+	[3683c42bc9b0]
+
+	* Makefile.in:
+	took out testsudoers 
+	[65317d49db48]
+
+	* sudo.c:
+	now explicately checks that it is setuid root
+	[2fe1be60ef6a]
+
+	* sudo.c:
+	If a user has no passwd entry sudo would segv (writing to a garbage
+	pointer). Now allocate space before writing :-)
+	[d08e7eb5e5ef]
+
+	* configure.in:
+	reordered AC_CHECK_FUNCS
+	[4c82e56c6f4f]
+
+	* config.h.in:
+	fixed memset macro
+	[77ede6b714ab]
+
+	* tgetpass.c, visudo.c:
+	bzero -> memset
+	[1a005bb322c8]
+
+	* logging.c:
+	bzero -> memset when a parse error is logged the line number of the
+	error is now logged too
+	[a42d68047723]
+
+	* INSTALL:
+	added Sunos to blurb about c2 security
+	[af750a1d131e]
+
+	* configure.in:
+	added a SUN4 define for C2 security
+	[6ad5b23a3eb0]
+
+	* config.h.in:
+	bcopy -> memmove bzero -> memset
+	[5494460c8464]
+
+	* lsearch.c:
+	bcopy -> memmove char * -> VOID *
+	[a15f5c316e16]
+
+	* check.c:
+	added support for sunos with C2 security
+	[03fea5bb21e6]
+
+	* OPTIONS, options.h:
+	reordered
+	[1686265af3e1]
+
+	* pathnames.h.in:
+	_PATH_SUDO_LOGFILE now set based on configure
+	[5867b58e4a04]
+
+	* configure.in:
+	added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
+	[1984d9fd1b5c]
+
+	* config.h.in:
+	added _SUDO_PATH_LOGFILE
+	[dd3eebe62580]
+
+	* aclocal.m4:
+	added SUDO_LOGFILE to find where to put sudo.log added
+	SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
+	SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
+	[c589a515a99a]
+
+1995-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TROUBLESHOOTING:
+	Initial revision
+	[f42f1baba3a8]
+
+	* sudo.c:
+	now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
+	to work around a problem is trusted hpux shadow passwords. yuck.
+	[ae1f13b54687]
+
+	* parse.yacc:
+	backed out a change in malloc/realloc
+	[ab868db0ad69]
+
+	* parse.yacc:
+	now include stdlib.h
+	[957eef0631eb]
+
+	* visudo.c:
+	now do an freopen() of the stmp file so that yyin will always point
+	to the same thing. This is important for flex since we are doing a
+	YY_NEWFILE
+	[44558922fd3e]
+
+	* parse.yacc:
+	replaced yywrap() with parser_cleanup() since yywrap() needs to be
+	in parse.lex to be able to use YY_NEW_FILE. sigh.
+	[12dd09921074]
+
+	* parse.lex:
+	now have a rule that matches anything that doesn't match an
+	explicite rule. well, you know what i mean (. matches anything not
+	yet matched). However, this means that there is input still queued
+	up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
+	into parse.lex and it calls parser_cleanup() which is most of the
+	old yywrap() sigh.
+	[7f4042bc48d6]
+
+	* SUPPORTED:
+	no longer used
+	[8f220be4da94]
+
+	* getcwd.c, getwd.c:
+	moved compat.h to be the last include file
+	[9f3a65e2d485]
+
+	* parse.yacc:
+	fixed type of aliascmp() args
+	[1c27eb989bdf]
+
+	* find_path.c:
+	NULL -> '\0'
+	[5c8d8cf1692e]
+
+	* parse.yacc:
+	added casts to lfind and lsearch args for irix
+	[61027ddeecf8]
+
+	* Makefile.in:
+	bsdinstall -> install-sh
+	[61de6612c5a5]
+
+	* INSTALL:
+	added info about make realclean
+	[29c6324d727f]
+
+	* Makefile.in:
+	updated VERSION added dependencies for visudo.cat
+	[09077d7229d4]
+
+	* version.h:
+	-> pl5b1
+	[5d21c7ad1a41]
+
+	* sudo.c:
+	took out -l
+	[fc1478d81b38]
+
+	* Makefile.in:
+	now there is a real visudo.man and visudo.cat
+	[58aeac43a6dd]
+
+	* sudo.man:
+	took out visudo stuff
+	[4a6ac4393343]
+
+	* visudo.man:
+	Initial revision
+	[cba348843db8]
+
+	* parse.c, parse.lex, parse.yacc:
+	updated copyright
+	[ffa16b70944a]
+
+	* README:
+	updated for pl5
+	[a26e423e9e5f]
+
+	* sudo.man:
+	updated Nieusma & Hieb email addresses
+	[f0083e71989d]
+
+	* INSTALL:
+	updated to include options.h and OPTIONS
+	[ee59e2b76c94]
+
+	* CHANGES, TODO:
+	updated
+	[51e011ad5220]
+
+	* BUGS:
+	eliminated bug #1 (yay)
+	[e7e88515494e]
+
+	* configure.in:
+	sunos no longer gets linked statically
+	[2e5b3ff3108f]
+
+1995-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.lex:
+	prototype now uses __P()
+	[68ecdcab4c70]
+
+	* parse.lex:
+	make fill() non-ansi
+	[d6509972260b]
+
+	* parse.c:
+	made -v (validate) work
+	[13c9d520638c]
+
+	* logging.c:
+	now gives host
+	[f04859cdba5a]
+
+	* find_path.c:
+	don't check for execute/statable if fq or relative path given
+	[4bbe851f3973]
+
+	* parse.c:
+	added a cast
+	[345c308f72f3]
+
+	* visudo.c:
+	now include ctype.h for islower and tolower macros
+	[582c0aa332d5]
+
+	* goodpath.c:
+	moved _S_IFMT & _S_ISREG to compat.h
+	[828e4ca4e7b4]
+
+	* sudo.c:
+	moved a set of parens
+	[5783474ecf37]
+
+	* strdup.c:
+	now include compat.h
+	[75e2036b94af]
+
+	* emul/search.h:
+	void * -> VOID *
+	[cedcfaf04161]
+
+	* parse.yacc:
+	now cast malloc & realloc return vals added search for HAVE_LSEARCH
+	now use strcmp if no strcasecmp available
+	[d6a42bc3d4ae]
+
+	* lsearch.c:
+	void * -> VOID *
+	[886adc44f607]
+
+	* config.h.in:
+	removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
+	HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
+	[3b50d7fb4349]
+
+	* compat.h:
+	added _S_IFMT, _S_IFREG, and S_ISREG
+	[73d506c7d53c]
+
+	* aclocal.m4:
+	took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
+	to most SUDO_* macros
+	[8442155f5936]
+
+	* Makefile.in:
+	no more -I.
+	[63462f195bd4]
+
+	* configure.in:
+	various 1.x ro 2.x autoconf changes now check for strcasecmp now use
+	AC_INSTALL_PROG instead of custom one added check for fully woorking
+	void implementation
+	[5ac6b6e6230f]
+
+	* Makefile.in:
+	added lsearch & search.h visudo links into $(LIBOBJS)
+	[bc119cda4598]
+
+	* aclocal.m4:
+	partial 1.x to 2.x changes added SUDO_FULL_VOID
+	[1194d01fa5c5]
+
+	* visudo.c:
+	whatnow_help was prototyped to be static be was not declared as
+	such
+	[0f85489dd426]
+
+	* configure.in:
+	autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
+	for dirent/dir/ndir.h
+	[7408f3854948]
+
+	* parse.c:
+	now use groovy gnu autoconf macro AC_HEADER_DIRENT
+	[e465db9f5dfa]
+
+	* getcwd.c, getwd.c:
+	MAXPATHLEN -> MAXPATHLEN+1
+	[714d87424e21]
+
+	* emul/search.h, lsearch.c:
+	Initial revision
+	[55d79482c535]
+
+1995-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc:
+	eliminated bison warnings
+	[61ca0a96da22]
+
+	* parse.lex:
+	added missing case
+	[6be0f849747c]
+
+	* visudo.c:
+	now iincludes signal.h
+	[221e0fcc144f]
+
+	* parse.yacc:
+	only clear data structures on a parse error
+	[7b1c0f1a4527]
+
+	* visudo.c:
+	whatnow() now gives help on invalid input
+	[e5a4cd88c587]
+
+	* visudo.c:
+	added a whatnow() function (sort of like mh)
+	[932d9b145f1c]
+
+	* parse.yacc:
+	kill_aliases -> reset_aliases yywrap() now cleans up by calling
+	reset_aliases() and clearing top took reset stuff out of yyerror()
+	since it doesn't beling there (and doesn't work anyway). errorlineno
+	is now initially set to -1 so we can set it to the first error that
+	occurrs (it was getting set to the last)
+	[2f71f95a974c]
+
+	* parse.lex:
+	added a void cast
+	[18ae6042dce4]
+
+	* visudo.c:
+	rewrote from scratch based on 4.3BSD vipw.c
+	[2f6814f18576]
+
+1995-03-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c, sudo.h:
+	removed ocmnd
+	[a31735f41ad4]
+
+	* sudo.h:
+	no more sudo_realpath() and find_path() changed params
+	[8e85c3b39159]
+
+	* sudo.c:
+	find_path() changed since no more realpath()
+	[b25366c7f2ee]
+
+	* parse.yacc:
+	on error, errorlineno is set to the line where the error occurred
+	added kill_aliases() to free the aliases struct now clean up in
+	yyerror() so we can reparse cleanly
+	[2342f578c27a]
+
+	* options.h, parse.c:
+	no more USE_REALPATH
+	[cfc59babeaff]
+
+	* logging.c:
+	changed to use new find_path()
+	[91c7a38e7751]
+
+	* find_path.c:
+	removed all the realpath() stuff
+	[cc21a43a8562]
+
+	* Makefile.in:
+	sudo_realpath.c -> sudo_goodpath.c
+	[03a9b1ddec2f]
+
+	* visudo.c:
+	now works correctly with utk parser
+	[08aa554a0ce8]
+
+	* goodpath.c:
+	Initial revision
+	[1ea607e1ffb2]
+
+	* sudo_realpath.c:
+	eliminated a compiler warning
+	[198bcccc55b6]
+
+	* sudo.c:
+	elinated compiler warning
+	[e2384f9a878b]
+
+	* sudo_realpath.c:
+	added sudo_goodpath()
+	[43878c4cc540]
+
+	* sudo.h:
+	added prototype for sudo_goodpath
+	[23e8627a2265]
+
+	* parse.c:
+	added support for /sys/dir.h
+	[eca897087741]
+
+	* options.h:
+	USE_REALPATH turned off
+	[620ac8b63d85]
+
+	* find_path.c:
+	added calls to sudo_goodpath()
+	[ad170904fbcd]
+
+	* configure.in:
+	added check for dirent.h
+	[7964a8c26855]
+
+	* config.h.in:
+	added HAVE_DIRENT_H
+	[1f785fec7e19]
+
+	* configure.in:
+	added in linux shadow pass stuff 
+	[e585a5785f50]
+
+1995-03-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	added back host, user, cmnd, parse_error
+	[0ec19f3d64f4]
+
+	* visudo.c:
+	added in utk changes plus some minor cosmetic changes
+	[c5c1921c8a58]
+
+	* sudo.c, sudo_realpath.c:
+	added void casts for printf's
+	[9c6ff11c0082]
+
+	* options.h:
+	added a define of USE_REALPATH
+	[db3711c9efc5]
+
+	* configure.in:
+	there is no more visudoers/Makefile
+	[36e1bc1f78d0]
+
+	* Makefile.in:
+	added in utk changes (visudo is now built from the toplevel)
+	[76203d4b345d]
+
+	* find_path.c:
+	added (void) casts to printf's
+	[dd5cb1e060ac]
+
+	* parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
+	merged in utk changes
+	[35563307fd8e]
+
+1995-03-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* find_path.c:
+	now check to see that what we are trying to run is a file (or a link
+	to a file, we do a stat(2) so there is no diff)
+	[05889c4bcace]
+
+1995-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	updated
+	[3e8047bb26fb]
+
+	* Makefile.in:
+	aclocal.m4 -> acsite.m4 make realclean updated for new autoconf 
+	[0bdbaa7c4c7d]
+
+	* sudo.man:
+	added myself as maintainer
+	[77a9d75aab84]
+
+1995-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	changed setegid -> setgid
+	[7f4788d73b6f]
+
+1995-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	fixed the test for irix 5.x to skip bad libs
+	[bfef896de013]
+
+	* aclocal.m4:
+	now initialize OS and OSREV
+	[cc302756e440]
+
+1995-01-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	irix5 changes
+	[ac985b23f5f2]
+
+	* configure.in:
+	AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
+	compatibility
+	[0cf8c92a06d7]
+
+1995-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
+	thing wrt yyrestart (grrrr)
+	[18e8eabfbb82]
+
+1995-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	added visudoers/compat.h to DISTFILES
+	[db23b574b034]
+
+	* configure.in:
+	fixed an echo
+	[7cbc0462b89d]
+
+	* sudo.c:
+	added ocmnd declaration adjusted for find_path()'s new parameters
+	[d929cd156474]
+
+	* sudo.h:
+	added ocmnd extern adjusted find_path() prototype
+	[e0004daf5d3c]
+
+	* parse.c:
+	cmndcmp() now takes 3 arguments and checks against the qualified as
+	well as the unqualified pathname. more code that should use
+	cmndcmp() but did not, now does
+	[6f70a8c17bee]
+
+	* options.h:
+	added to a comment
+	[7a78680426b2]
+
+	* logging.c:
+	changed to use new find_path() parameter passing
+	[840981d30db4]
+
+	* find_path.c:
+	find_path() now takes 2 copyout parameters (one for the qualified
+	pathname and one for the unqualified pathname). The third parameter
+	may be NULL.
+	[851503b005e9]
+
+	* configure.in:
+	no longer munge pathnames.h
+	[427d8796c5a9]
+
+	* pathnames.h.in:
+	changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
+	as a result, pathnames.h does not need to be run through configure
+	and the user can override the configured values easily.
+	[2e378f2ebe88]
+
+	* config.h.in:
+	added _SUDO_PATH_* entries
+	[0857de7cebab]
+
+	* aclocal.m4:
+	_PATH* -> _SUDO_PATH_*
+	[7601193f56cc]
+
+	* Makefile.in:
+	updated DISTFILES and HDRS .o's now depend on config.h
+	[39d8601965cf]
+
+1995-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat.h:
+	removed extraneous #endif
+	[27d4c5f2ce7e]
+
+	* aclocal.m4:
+	added SUDO_PROG_MV
+	[76dda3bdd816]
+
+	* configure.in:
+	added SUDO_PROG_MV added riscos and isc os types took out
+	-DSHORT_MESSAGE from --with-csops since it is now the default
+	[68c206ad976e]
+
+	* sudo.c:
+	move the include of id.h to compat.h now includes options.h
+	[45a1eaafb3a8]
+
+	* sudo.h:
+	moved compatibility #defines to compat.h
+	[0eee27057698]
+
+	* pathnames.h.in:
+	added _PATH_MV
+	[e830797ab320]
+
+	* config.h.in:
+	move __P to compat.h
+	[188e12e0ba93]
+
+	* getcwd.c, getwd.c, putenv.c:
+	now includes compat.h
+	[c72cb6d73981]
+
+	* compat.h:
+	Initial revision
+	[d4d2f359ae03]
+
+1995-01-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.h:
+	pull user-configurable stuff out and put in options.h
+	[ef929467b070]
+
+1995-01-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.lex, parse.yacc, visudo.c:
+	now includes options.h
+	[e36d7c82add1]
+
+	* check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
+	sudo_setenv.c:
+	now includes options.h
+	[f186ba03de07]
+
+	* Makefile.in:
+	added visudoers/options.h
+	[e5350c476494]
+
+	* OPTIONS, options.h:
+	Initial revision
+	[9b6b5001e318]
+
+	* Makefile.in:
+	added OPTIONS and options.h
+	[25448341e16a]
+
+	* logging.c:
+	changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
+	[5dd6385dd1d3]
+
+	* check.c, sudo.h:
+	changed PASSWORD_TIMEOUT to minutes
+	[0ec6aab98738]
+
+1994-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	now only do Editor +line_num if line_num != 0
+	[b69f04b5e3c7]
+
+1994-12-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	now use mv if rename(2) fails
+	[83210dca1bab]
+
+	* BUGS:
+	added a visudo bug
+	[d61a806f9aa7]
+
+	* check.c:
+	expanded comment
+	[641f2cba94cb]
+
+1994-11-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
+	[7a11135039a8]
+
+1994-11-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	added mips & isc support
+	[e258dc053119]
+
+	* parse.c:
+	added support for non-root owned sudoers file
+	[fea07e65a0fc]
+
+	* check.c:
+	added exempt group support
+	[928fb4bd9ad5]
+
+	* sudo.h:
+	added set_perms() support added SUDOERS_OWNER so can have non-root
+	own sudoers file added exempt group support added isc support
+	[61c578d31fc1]
+
+	* visudo.c:
+	now copy sudoers to temp file via read/write (not stdio) now chown
+	new sudoers file to SUDOERS_OWNER
+	[a5176c59df70]
+
+1994-11-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	added skey support
+	[35a8d2fabdb7]
+
+	* sudo_realpath.c:
+	be_* -> setperms()
+	[a1631d686e1c]
+
+	* sudo.h:
+	fixed typo added set_perms support added skey support added
+	seteuid()/setegid() emulation for AIX
+	[c0c8d6771406]
+
+	* sudo.c:
+	be_* -> setperms() now check to make sure sudoers file is owned by
+	root nread/write by only root
+	[13ab1e261f1a]
+
+	* logging.c, parse.c:
+	be_* -> setperms()
+	[21499d845c8f]
+
+	* check.c:
+	be_* -> set_perms() added skey support
+	[df51b56871c1]
+
+1994-11-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	++version
+	[3c1abbe4e43c]
+
+	* version.h:
+	++
+	[1d2f9b540a95]
+
+1994-10-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	now sets IFS
+	[eabbb41b9f08]
+
+	* insults.h:
+	fixed typo
+	[c7997f19216e]
+
+1994-10-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	added HAVE_SKEY
+	[da948ec4186b]
+
+1994-10-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	updated
+	[f4b55ab007ea]
+
+	* Makefile.in:
+	++version
+	[0489068b8c95]
+
+	* version.h:
+	++
+	[d189faedf423]
+
+	* sudo.c:
+	now bail if ARgv[1] > MAXPATHLEN
+	[0cea8ecc9dc2]
+
+	* configure.in:
+	added function check for tcgetattr(3)
+	[e03289b22c2f]
+
+	* config.h.in:
+	only define HAVE_TERMIOS_H if you have tcgetattr(3)
+	[757eab83d1a2]
+
+	* config.h.in:
+	added check for tcgetattr
+	[c5ae92715930]
+
+1994-09-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	updated
+	[cbc419883108]
+
+1994-09-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.lex:
+	now only include unistd.h for linux
+	[e9adeab95ef0]
+
+1994-09-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	added visudo.8 generation
+	[d6a3f0f887f8]
+
+	* configure.in:
+	added -Wl,-bI:./aixcrypt.exp to aix flags
+	[72594a21edcf]
+
+1994-09-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS:
+	added one
+	[9993a349e096]
+
+	* CHANGES:
+	updated
+	[297b31ec4cdd]
+
+	* README:
+	added mailing list info
+	[10372f94a2b2]
+
+	* parse.yacc:
+	now use sudolineno instead of yylineno fixed bison warnings
+	[25a83e62057b]
+
+	* configure.in:
+	now use -no_library_replacement for osf don't make a static binary
+	for hpux >= 9.0
+	[1fa7b892f1a3]
+
+	* tgetpass.c:
+	added string.h/strings.h inclusion
+	[71faa98fc0a1]
+
+	* config.h.in:
+	added ssize_t def
+	[406284bd1ac0]
+
+	* parse.lex:
+	added inclusion of string.h/strings.h
+	[6985b1df5d09]
+
+	* aclocal.m4:
+	fixed uname | sed (needed to quote the '[')
+	[4cd2d3415c1a]
+
+	* parse.lex:
+	replaced yylineno with sudolineno fixed bison syntax errors
+	[0bd31a5fab26]
+
+	* visudo.c:
+	changed yylineno to sudolineno since yylineno cannot be counted
+	upon.
+	[38c30104d0ae]
+
+	* TODO:
+	updated
+	[5d4746f1a752]
+
+	* parse.c:
+	added code to support command listings
+	[030172e133fd]
+
+	* sudo.c:
+	added code for -l flag
+	[801dbbc82778]
+
+	* sudo.man:
+	fixed typo added info for -l flag
+	[8916ca945d65]
+
+	* configure.in:
+	AC_SSIZE_T -> SUDO_SSIZE_T
+	[c61f7f47013f]
+
+	* aclocal.m4:
+	added SUDO_SSIZE_T
+	[0ccdb77be84d]
+
+	* sudo.h:
+	added MODE_LIST
+	[9b2bd844c76c]
+
+	* configure.in:
+	added AC_SSIZE_T
+	[35cca208f9b5]
+
+	* find_path.c, sudo_realpath.c:
+	readlink() is now declared as returning ssize~_t
+	[0640a08d1407]
+
+	* configure.in:
+	added -laud for OSF c2
+	[b7539c905efc]
+
+1994-09-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, visudo.c:
+	changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
+	[067fd9bcb5e1]
+
+	* config.h.in, parse.lex, parse.yacc, pathnames.h.in:
+	changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
+	[fc46e7c7110a]
+
+	* check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
+	parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
+	sudo_setenv.c, tgetpass.c, version.h:
+	changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
+	[d1d4fbc53a98]
+
+1994-09-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	++version
+	[b7066d97633f]
+
+	* version.h:
+	++
+	[65ec69d88110]
+
+	* logging.c:
+	added host to alertmail messages
+	[d973c19ce777]
+
+	* CHANGES, TODO:
+	udpated
+	[5a65eb16faeb]
+
+	* logging.c:
+	fixed logging problem where mail would not say which user it was
+	[35723edcc5d2]
+
+	* configure.in:
+	added -laud for gcc if osf & c2
+	[18f1e0ae5548]
+
+	* check.c:
+	moved set_auth_parameters to sudo.c
+	[d23112fe01db]
+
+	* sudo.c:
+	added set_auth_parameters for osf
+	[eb70f65214ac]
+
+	* configure.in:
+	cleaned up -static stuff
+	[01e9575f0422]
+
+	* Makefile.in:
+	++version
+	[7ac3bff5c770]
+
+	* version.h:
+	++
+	[10a4ff478469]
+
+	* sudo.c:
+	changed setenv() to sudo_setenv()
+	[40a78abb9946]
+
+	* check.c:
+	fixed osf problem
+	[3d69b118efb8]
+
+	* configure.in:
+	added OSF C2 stuff
+	[38cff3ad4093]
+
+	* CHANGES:
+	updated
+	[cd341dd0581a]
+
+	* check.c:
+	added osf auth support & removed some extra spaces
+	[a448cdd81514]
+
+	* INSTALL, SUPPORTED:
+	added osf C2 stuff
+	[f70484796146]
+
+1994-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO:
+	added 2 suggestions
+	[695fbdbd86e6]
+
+	* Makefile.in:
+	removed README.v1.3.1 and added VERSION stuff
+	[f69403eb04c6]
+
+	* version.h:
+	pl1
+	[21580c0f8cb1]
+
+1994-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* version.h:
+	1.3.1final
+	[630114970298]
+
+	* Makefile.in:
+	added HISTORY
+	[901bff251614]
+
+	* sudo.man:
+	mention HISTPRY file
+	[86dbcfd4326e]
+
+	* sudo.c:
+	use sizeof instead of a constant in 1 place
+	[d819604c68ca]
+
+	* parse.yacc:
+	added unistd.h
+	[6f9500f9fe7e]
+
+	* parse.lex:
+	added unistd.h
+	[468b81a276eb]
+
+	* README:
+	udpated
+	[7e275618923a]
+
+	* HISTORY:
+	Initial revision
+	[5db1b0a3939b]
+
+1994-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* version.h:
+	++
+	[7dfbb4a810bb] [SUDO_1_3_1]
+
+	* CHANGES:
+	updated
+	[7820ee610bf8]
+
+	* sudo_setenv.c:
+	added unistd.h include
+	[30cf2b654525]
+
+1994-08-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	added sys/time.h for AIX
+	[199fc8caf3a3]
+
+1994-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	added check for -lsocket and sys/sockio.h
+	[f9abfbb31031]
+
+	* config.h.in:
+	took out libshadow check and added in sys/sockio.h check
+	[0c4b0393ac80]
+
+	* sudo.c:
+	now include sockio.h instead of ioctl.h if it exists "sudo -" now
+	gets a better error message
+	[53041bea5483]
+
+	* sample.sudoers:
+	now has a dir and subnet entry
+	[56b820f65438]
+
+1994-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	removed if_ether.h
+	[b4f64507493e]
+
+	* TODO:
+	added an item
+	[ea2a1bb6922a]
+
+	* sudo.man:
+	added network and ip addresses to man page
+	[01c85016511f]
+
+	* sudo.c:
+	no error if can't get interfaces or netmask since networking may not
+	be in the kernel.
+	[50b8890e2134]
+
+	* parse.c:
+	nwo check for interfaces == NULL
+	[dc1b3eef0db2]
+
+	* parse.c:
+	fixed a bug that caused directory specs in a Cmnd_Alias to fail if
+	the last entry in the spec failed (ie: it was only looking at the
+	last entry). CLeaned things up by adding the cmndcmp() function--all
+	neat & tidy
+	[007e93578e5e]
+
+	* CHANGES:
+	added one
+	[40e8a2cef497]
+
+1994-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	now do two passes to skip bogus interfaces (lo0, etc)
+	[465e30aecaf7]
+
+	* parse.lex, parse.yacc, visudo.c:
+	added include of netinet/in.h
+	[11e3816ed362]
+
+	* logging.c, sudo_realpath.c, sudo_setenv.c:
+	added ninclude of netinet/in.h
+	[daccfa40fe1e]
+
+	* check.c, find_path.c, getcwd.c, getwd.c:
+	added include of netinet/in.h
+	[0222f95e06ad]
+
+	* version.h:
+	++
+	[d6b0cfa35a38]
+
+	* sudo.h:
+	added interfaces global
+	[ba52fa8ad75e]
+
+	* parse.c:
+	now uses new interfaces global
+	[17473ad5ecba]
+
+	* sudo.c:
+	now ip addresses are gleaned fw/o dns
+	[8828bb2007e0]
+
+1994-08-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	added load_ip_addrs() to load the ip_addrs global var
+	[60c825f04238]
+
+	* parse.c:
+	added hostcmp() to compare hostnames, ip addrs, and network addrs
+	[ab0e40e37537]
+
+	* sudo.h:
+	added ip_addrs def added load_ip_addrs prototype
+	[c41c565d0777]
+
+1994-08-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	updated
+	[2a128dbe9bcb]
+
+	* Makefile.in:
+	removed multiple entries in DISTFILES
+	[2490f4f371e6]
+
+	* visudo.c:
+	ansified the !STDC_HEADERS decls
+	[646ba06d17ae]
+
+	* find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
+	don't do malloc decl if gnuc
+	[f1bad1925f98]
+
+	* sudo.c:
+	can't use getopt(3) since it munges args to the command to be run as
+	root don't do malloc decl if gnuc
+	[38e78f6da14e]
+
+	* find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
+	sudo_realpath.c, sudo_setenv.c:
+	ansi-fied !STDC_HEADER function prottypes
+	[51d8cad89976]
+
+	* getcwd.c, getwd.c:
+	added missing paren
+	[6a1fae70e27e]
+
+	* Makefile.in:
+	added putenv.c to DISTFILES
+	[a5e4523eabbb]
+
+	* sudo_setenv.c:
+	added params to func decls when STDC_HEADERS is not defined now can
+	count on putenv() being there
+	[fd587796189b]
+
+	* sudo_realpath.c:
+	took out errno decl since sudo.h does it for us fixed up a next cc
+	warning added params to func decls when STDC_HEADERS is not defined
+	[70fa5152ace6]
+
+	* sudo.h:
+	took out environ extern added local declaratio of putenv() if local
+	version is needed
+	[a84bae6c020d]
+
+	* find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
+	added params to func decls when STDC_HEADERS is not defined
+	[f406f0e47ac0]
+
+	* config.h.in:
+	added memcpy check check to see that ansi vs bsd macros are ntot
+	already defiend before defining (ie: avoid redefinition)
+	[879ae026e19f]
+
+	* configure.in:
+	removed fluff setenv check plus check w/ replace for putenv if also
+	no setenv
+	[e3c03814ad4b]
+
+	* putenv.c:
+	Initial revision
+	[3cff63e2dc1b]
+
+1994-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_setenv.c:
+	Initial revision
+	[4d637631fa6b]
+
+	* sudo.h:
+	rm'd s realp[ath added sudo_realpath and sudo_setenv
+	[07ba001ff57e]
+
+	* sudo.c:
+	now use sudo_setenvc
+	[fd81e04d5ef0]
+
+	* configure.in:
+	added puteenv and setenv, removed realpath
+	[27bfacfb513b]
+
+	* config.h.in:
+	added putenv & setenv
+	[515f14eaf6e4]
+
+	* Makefile.in:
+	added sudo_setenv
+	[217731a717c5]
+
+	* version.h:
+	++
+	[eadb346d7129]
+
+1994-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	added MAN_POSTINSTALL and /usr/share/catman for irix
+	[2a9496c1bdba]
+
+	* Makefile.in:
+	added MAN_POSTINSTALL
+	[89b0d4695529]
+
+	* CHANGES:
+	added
+	[48c021ba8a70]
+
+	* sudo.man:
+	added SUDO_* plus new options
+	[c0759cff5683]
+
+	* CHANGES:
+	added one
+	[7d44a3922d56]
+
+	* configure.in:
+	took out shadow lib
+	[07cf3de18701]
+
+	* TODO:
+	adde done
+	[a27a578e8afe]
+
+	* visudo.c:
+	now use yyrestart() if flex now reset yylineno to 0
+	[77d67ce0b677]
+
+	* Makefile.in:
+	support for installing a cat page instead of a man page if no nroff
+	[44671c0fc0fa]
+
+	* configure.in:
+	now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
+	to determine whether or not to install a cat or man page
+	[0562d069c135]
+
+	* config.h.in:
+	added HAVE_FLEX
+	[c5490bae39d3]
+
+	* sudo.c:
+	not set ret to MODE_RUN initially
+	[88b4983c195b]
+
+	* find_path.c:
+	made command (and therefor cmnd dynamically allocated)
+	[95b82e32b6de]
+
+	* TODO:
+	did #8
+	[fb6f41308cdf]
+
+	* version.h:
+	++
+	[14112ecab5ae]
+
+	* sudo_realpath.c:
+	changed bufs from MAXPATHLEN to MAXPATHLEN+1
+	[0ad4f34e55c0]
+
+	* sudo.h:
+	added MODE_ removed validate_only and added remove_timestamp()
+	[dd5f99c57728]
+
+	* sudo.c:
+	usage() now takes an int (exit value) added parse_args() to parse
+	command line arguments moved call to find_path() from load_globals
+	to new function load_cmnd() removed validate_only global -- now use
+	the concept of "modes" added -h and -k options
+	[c3887090b28a]
+
+	* parse.c:
+	no longer use global validate_only now checks for command called
+	"validate" removed check for non-fully qualified commands since that
+	is done by find_path
+	[7d56fbd26369]
+
+	* find_path.c:
+	changed MAXPATHLEN r to MAXPATHLEN+1
+	[a86e8664d971]
+
+	* find_path.c:
+	fixed off by one error with MAXPATHLEN and fixed a comment
+	[58adcef8c981]
+
+	* check.c:
+	check_timestamp no longer runs reminder(), it is implied in the
+	return val added remove_timestamp()
+	[42ab5a77066f]
+
+	* CHANGES:
+	updated
+	[8e69b31df024]
+
+1994-08-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS:
+	fixed on
+	[bc34f1ac4280]
+
+	* sudo_realpath.c:
+	took out old_errno
+	[a168d00a0768]
+
+	* CHANGES:
+	updated
+	[04ba80922df7]
+
+1994-08-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	moved send_mail to after syslog
+	[4d4188087834]
+
+	* sudo.c:
+	now set SUDO_ envariables
+	[e5963f1bd3bb]
+
+1994-08-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* version.h:
+	++
+	[2a4534845d8c]
+
+	* sudo_realpath.c:
+	now print error if chdir fails
+	[0d75c8973d49]
+
+	* find_path.c:
+	removed an XXX
+	[e2077bcb35aa]
+
+1994-07-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	updated
+	[e30a2b39b41a]
+
+	* configure.in:
+	no more static binaries for aix
+	[77a0beb6bd80]
+
+1994-07-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	fixed typo
+	[ba5e0d391bc4]
+
+	* sudo_realpath.c:
+	took out stuff not needed for sudo now does be_root/be_user itself
+	now uses cwd global
+	[4f6d4641d793]
+
+	* version.h:
+	+=2
+	[97da927b297c]
+
+	* logging.c, sudo.c:
+	be_root/be_user is now down in sudo_realpath()
+	[f331662fa50f]
+
+	* logging.c, sudo.h:
+	now works with 4.2BSD syslog (blech)
+	[98e39d89dd36]
+
+	* find_path.c:
+	now use sudo_realpath()
+	[ab436a8ebd02]
+
+	* config.h.in:
+	took out realpth() stuff since we now use sudo_realpath()
+	[8de5ef9f6044]
+
+	* configure.in:
+	ultrix enhanced sec
+	[815fb7fffcc0]
+
+	* SUPPORTED:
+	added ultrix enhanced sec.
+	[6466766c8062]
+
+	* INSTALL:
+	updated
+	[d681a634297a]
+
+	* check.c:
+	ultrix enhanced security suport
+	[f10c8decbcc2]
+
+	* Makefile.in:
+	added sudo_realpath.c
+	[6b9bcd3be022]
+
+	* CHANGES:
+	updated
+	[2fa8084c1b53]
+
+	* tgetpass.c:
+	increased passwd len to 24 for c2 security
+	[ec64838be62d]
+
+	* BUGS:
+	updated BUGS
+	[ca00d8fec2ce]
+
+1994-07-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	now use user global var
+	[568769719013]
+
+	* configure.in:
+	took out -ls
+	[490a44180d5f]
+
+1994-07-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	added AFS libs
+	[4fb40c8c01ba]
+
+	* sudo.h:
+	user is now a char * added epasswd
+	[27a919fafdfb]
+
+	* sudo.c:
+	added tzset() to load_globals added epasswd (encrypted password)
+	global made user dynamically allocated
+	[b99ef9bdbfce]
+
+	* configure.in:
+	added tzset test
+	[27592dd1214b]
+
+	* config.h.in:
+	added HAVE_TZSET
+	[b13f4213f3d0]
+
+	* check.c:
+	cleaned up encrypted passwd grab somewhat
+	[c8ba9a4db38a]
+
+	* configure.in:
+	fixed AFS typo
+	[2bfcbce237b6]
+
+	* INSTALL:
+	added AFS not
+	[80c67329393c]
+
+	* CHANGES:
+	udpated
+	[2f09ecdd5d31]
+
+	* logging.c:
+	can now log to both syslog & a file
+	[4d5c0932bc01]
+
+	* sudo.h:
+	added BOTH_LOGS
+	[623c539be824]
+
+	* CHANGES:
+	updated
+	[a1c7f5ef3616]
+
+	* configure.in:
+	--with-AFS
+	[28718d8f5daf]
+
+	* config.h.in:
+	added HAVE_AFS
+	[2e32bb4e63e4]
+
+	* check.c:
+	added afs changes
+	[fe4d0ff320a2]
+
+	* sudo.h:
+	removed AFS stuff :-)
+	[a40387e6fa27]
+
+	* tgetpass.c:
+	include sys/select for AIX
+	[f32c5a8f2c84]
+
+	* sudo.h:
+	added AFS
+	[da2ab3dd0348]
+
+	* version.h:
+	++
+	[452d4dfe25af]
+
+1994-07-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, SUPPORTED:
+	updated
+	[e7dfe6f23a37]
+
+	* logging.c:
+	can now have MAILER undefined
+	[1d33b98b35e1]
+
+	* INSTALL:
+	new sub-note about MAILER
+	[d35c636a0574]
+
+	* sudo.man:
+	added blurb about password timeout
+	[70c2ee50de20]
+
+	* configure.in:
+	convex c2 changes
+	[367138a6232e]
+
+	* aclocal.m4:
+	took out duplicate define of _CONVEX_SOURCE
+	[647182138450]
+
+	* Makefile.in:
+	added OSDEFS
+	[7fdcd50602d1]
+
+	* config.h.in:
+	added spaces
+	[f2b8a05e48f3]
+
+	* tgetpass.c:
+	added a goto if fgets fails
+	[68a6586d9c45]
+
+	* sudo.h:
+	use __hpux not hpux convex c2 stuff
+	[5c377a8d5f34]
+
+	* sudo.c:
+	use __hpux not hpux
+	[9363bc0f9f9e]
+
+	* logging.c:
+	convex c2 stuff
+	[ea5630975ac4]
+
+	* config.h.in:
+	define ansi-ish cpp os defines if non-ansi are defined for hpux &
+	convex
+	[664f53a5e786]
+
+	* INSTALL:
+	updated to say we support sonvex C2
+	[5f2f8b87013e]
+
+	* check.c:
+	added convex c2 support
+	[9a665d4918fa]
+
+1994-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	no more ioctl never returns NULL uses fgets() and select() to
+	timeout
+	[b333e6d63e97]
+
+1994-06-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	things were testing -n "$GCC" instead of -z "$GCC"
+	[059a9b15ede2]
+
+	* tgetpass.c:
+	now works + uses fgets()
+	[353d7ebcb7bb]
+
+1994-06-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	select doesn't seem to recognize a single '\n' as input waiting so
+	we can;t use it, sigh.
+	[f76e3218b835]
+
+1994-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* PORTING:
+	updated tgetpass() blurb
+	[95baac736b49]
+
+	* configure.in:
+	added --with-getpass
+	[42ac0bdf58ed]
+
+	* Makefile.in:
+	added tgetpass stuff
+	[e2b38c635663]
+
+	* tgetpass.c:
+	now uses stdio
+	[36af8ff66e35]
+
+	* version.h:
+	++
+	[4e81c9db19bd]
+
+1994-06-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* PORTING:
+	updated ,.
+	[54f523770a05]
+
+	* config.h.in:
+	added USE_GETPASS && HAVE_C2_SECURITY
+	[86b355cb2953]
+
+	* configure.in:
+	fixed a test aded --with-C2 and --with-tgetpass
+	[abf6181588ef]
+
+	* check.c:
+	added hpux C2 shit
+	[20d4177ffa88]
+
+	* Makefile.in:
+	took out tgetpass.*
+	[cc82fd9984b4]
+
+	* INSTALL:
+	added C2 blurb
+	[1d2bfc35e4b6]
+
+1994-06-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	no termio(s) for ultrix since it is broken
+	[d3e82e835350]
+
+	* check.c:
+	added a space (yeah, anal)
+	[05e4b31ca68c]
+
+	* realpath.c, sudo_realpath.c:
+	fixed it (duh, rtfm)
+	[f13097cb8cb6]
+
+1994-06-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	took out bsd signal stuff for irix
+	[e179cdafc97a]
+
+	* visudo.c:
+	comments in #endif
+	[e3a629190f5e]
+
+	* configure.in:
+	don't define BSD signals for irix
+	[3ce57bffb7f0]
+
+	* TODO:
+	did some...
+	[274241cd0f74]
+
+	* CHANGES:
+	updated
+	[8f29fc755faf]
+
+	* realpath.c, sudo_realpath.c:
+	took out unneeded code by changing where a strings was terminated
+	[b5564d62d30e]
+
+1994-06-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* realpath.c, sudo_realpath.c:
+	fix bug where /dirname would return NULL
+	[b85f470daf26]
+
+	* sudo.h:
+	move __P to config.h
+	[7763c0ff3f28]
+
+	* getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
+	added errno definition
+	[4cc9d2d9782a]
+
+	* config.h.in:
+	added __P
+	[ca06f5aa58f3]
+
+	* config.h.in:
+	added HAVE_FCHDIR
+	[206d714641e0]
+
+	* strdup.c:
+	now include stdio
+	[0d8458da0e1d]
+
+	* realpath.c, sudo_realpath.c:
+	now works if no fchdir
+	[e035911b6722]
+
+	* visudo.c:
+	define SA_RESETHAND to null if not defined
+	[afec03e84342]
+
+	* configure.in:
+	added check & replace
+	[c1a65481441c]
+
+	* configure.in:
+	took out -static for nextstep -- it doesn't work
+	[fa1a1a611743]
+
+1994-06-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	moved #endif to where it belongs
+	[07d3a8972097]
+
+	* SUPPORTED:
+	correction
+	[0c1ecba3e5a3]
+
+	* configure.in:
+	now checks for strdup realpath getcwd bzero
+	[f029a1917515]
+
+	* config.h.in:
+	emulate bzero
+	[d792352e44a3]
+
+	* visudo.c:
+	added posic signals
+	[2ed0005f90fc]
+
+	* tgetpass.c:
+	bzero cast
+	[6d91b1a1526f]
+
+	* logging.c:
+	added posix signals
+	[67ede9c22a05]
+
+	* configure.in:
+	removed BROKEN_GETPASS added new srcs toreplace missing functions
+	[cf44274bb1c8]
+
+	* config.h.in:
+	added posix signal stuff
+	[a3c1c98fe8ef]
+
+	* Makefile.in:
+	added new srcs
+	[b6a079afee47]
+
+	* visudo.c:
+	updated useag
+	[589ed091c44f]
+
+	* tgetpass.c:
+	now uses posix signals
+	[30f74964074f]
+
+	* PORTING:
+	updated sto reflect major changes
+	[bcfc309e017b]
+
+	* CHANGES, TODO:
+	updated
+	[23aacbd54278]
+
+	* tgetpass.c:
+	uses sysconf() if available
+	[a27431c90bab]
+
+	* sudo.h:
+	added PASSWORD_TIMEOUT + prototypes for new functions
+	[d7473c2f77c4]
+
+	* realpath.c, sudo_realpath.c:
+	for those w/o this in libc
+	[1e47aa7a9d46]
+
+	* getcwd.c, getwd.c:
+	Initial revision
+	[c90dea57a84f]
+
+	* find_path.c:
+	rewrote to use realpath(3) - nis now all my code
+	[d2c3bb8fb37d]
+
+	* config.h.in:
+	added HAVE_REALPATH
+	[02c10352a8c7]
+
+	* check.c:
+	now use tgetpass
+	[b5c021fc179f]
+
+	* Makefile.in:
+	added LIBOBJS use tgetpass.c
+	[230a7b3eeaa3]
+
+1994-06-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	works now :-)
+	[025e7a3875ba]
+
+	* tgetpass.c:
+	Initial revision
+	[3316ab33b230]
+
+	* pathnames.h.in:
+	added /dev/tty
+	[29242585e53f]
+
+1994-06-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* version.h:
+	incremented
+	[f2e54b48280f]
+
+	* sudo.c:
+	always use getcwd
+	[c6068e8a4029]
+
+	* config.h.in:
+	added check for getwd
+	[ab1e102ad673]
+
+	* configure.in:
+	replace strdup & realpath & getcwd if missing
+	[b0eb14f2a1c3]
+
+	* pathnames.h.in:
+	added _PATH_PWD
+	[309d2388f69a]
+
+	* aclocal.m4:
+	added SUDO_PROG_PWD
+	[e16e85deb96c]
+
+	* strdup.c:
+	Initial revision
+	[810efdc15007]
+
+	* realpath.c, sudo_realpath.c:
+	Initial revision
+	[d85eee438e09]
+
+1994-06-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	quoted quare brackets
+	[d0e7ca111d98]
+
+1994-06-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	no need to strdup() a constant
+	[a8c44712df9a]
+
+	* CHANGES:
+	updated
+	[71364129cca0]
+
+	* sudo.man:
+	added validate
+	[0bb198095a26]
+
+	* sudo.c:
+	added -v to usage
+	[31ea71f11dbb]
+
+	* parse.c, sudo.c, sudo.h:
+	added validate_only stuff
+	[9bcd853d3c90]
+
+1994-05-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	now finds sed
+	[6374bb0d3f28]
+
+	* aclocal.m4:
+	$OSREV is now an int
+	[ace0666d66cf]
+
+1994-05-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	added mtxinu to caser
+	[73a776887b16]
+
+	* sudo.h:
+	added EXEC macro
+	[2e8eb28b710a]
+
+	* sudo.c:
+	now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
+	[56afb4f658d5]
+
+	* logging.c:
+	changed mail_argv[] def now use EXEC() macro
+	[ddcabd28edb1]
+
+	* check.c:
+	took out crypt() definition
+	[0e657724cf5f]
+
+	* version.h:
+	upped the version
+	[62c5d66119fc]
+
+	* configure.in:
+	always look for -lnsl
+	[d7b594f0313b]
+
+	* aclocal.m4:
+	added an echo
+	[1caae3491dc5]
+
+	* sudo.h:
+	SHORT_MESSAGE is now the default
+	[cfce35c3119a]
+
+	* config.h.in:
+	fixed typo
+	[6499a564bf75]
+
+	* configure.in:
+	added missing AC_DEFINE(SVR4) for solaris
+	[feef0b17b94f]
+
+	* sudo.man:
+	documented the -v flag
+	[a6429f2bc2cf]
+
+	* SUPPORTED:
+	updated
+	[088886e79540]
+
+	* check.c:
+	proto-ized crypt()
+	[801e4ff5b121]
+
+	* config.h.in:
+	added LIBSHADOW undef
+	[8df588e9ee2b]
+
+	* configure.in:
+	nwo set OS to be lowercase
+	[561ebed833e4]
+
+1994-05-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	now use SUDO_OSTYPE to set $OS
+	[0e60aee23098]
+
+	* aclocal.m4:
+	now use uname to determine os
+	[99705e58d400]
+
+	* visudo.c:
+	added prototypes & moved sig handler around
+	[1f0bc8d23b51]
+
+	* sudo.h:
+	added prototyppes
+	[be3935a2b163]
+
+	* check.c, logging.c, sudo.c:
+	added prototypes
+	[2079b4605ab8]
+
+	* parse.c:
+	added comment
+	[a34d147d8399]
+
+	* config.h.in:
+	nwo use _BSD_SIGNALS not _BSD_COMPAT
+	[63663195f047]
+
+	* aixcrypt.exp:
+	Initial revision
+	[890aed08357e]
+
+	* Makefile.in:
+	added aixcrypt.exp
+	[1005a183105f]
+
+	* parse.lex, parse.yacc:
+	moved config.h to top of includes
+	[9569c49aa5f3]
+
+1994-05-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* find_path.c:
+	now don't bitch if get EACCESS (treat like EPERM)
+	[dbeffb638de4]
+
+	* visudo.c:
+	added -v flag and usage()
+	[4d44ed60ed75]
+
+	* version.h:
+	fixed a typo
+	[cf3f9347ae41]
+
+	* sudo.c:
+	cast Argv to a const for exec added -v flag
+	[d11b6efc0e45]
+
+	* logging.c:
+	mail_argv is now a const
+	[93bb5d90bb6f]
+
+	* configure.in:
+	only set RETSIGTYPE if it is not set already
+	[c97aac260b77]
+
+	* aclocal.m4:
+	now defines & STDC_HEADERS for Irix
+	[9c2b24ad1fc5]
+
+	* Makefile.in:
+	added version.h
+	[9f79e880229a]
+
+	* insults.h, sudo.h:
+	prevent multiple inclusion
+	[d68c8a9243ce]
+
+	* version.h:
+	Initial revision
+	[dbb39c5ef8d9]
+
+	* parse.lex, parse.yacc:
+	now includes config.h
+	[f117e036a56b]
+
+	* aclocal.m4:
+	now talks about sunos 4.x
+	[c9054aa92d4e]
+
+	* visudo.c:
+	calls to Exit now pass an arg
+	[a92104670551]
+
+1994-05-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	signal handler now takes an int argument
+	[26f480c41523]
+
+	* CHANGES:
+	updated
+	[8c166a9d796b]
+
+	* sudo.c:
+	ok, the getcwd() is now *really* done as the user
+	[ab86cf85134a]
+
+	* configure.in:
+	changed AIX STATIC_FLAGS
+	[b9c0a3ba5663]
+
+	* aclocal.m4:
+	solaris now defines SVR4
+	[c3e20cac96f5]
+
+	* sudo.h:
+	added cwd and fixed stupid core dump that makes no sense. sigh.
+	[7a9755436dbb]
+
+	* sudo.c:
+	moved getcwd stuff into load_globals
+	[ec2bc90df1f3]
+
+	* parse.c:
+	took out externs that are in suod.h
+	[93c4b3f856d7]
+
+	* logging.c:
+	moved cwd into load_globals
+	[050de754d228]
+
+	* find_path.c:
+	moved cwd stuff
+	[22f3f3b4c34d]
+
+	* Makefile.in:
+	fixed make distclean & realclean
+	[c9964d89bcef]
+
+	* TODO:
+	updated .,
+	[e513581ef0e3]
+
+	* CHANGES:
+	added solaris changes
+	[505d930daf27]
+
+	* aclocal.m4:
+	added solaris changes, need to rework
+	[33f20fb16c49]
+
+	* configure.in:
+	cleaned up for solaris
+	[2fb8cfa05d0f]
+
+	* logging.c:
+	reinstall reapchild signal handler for non-bsd signals
+	[3d1dc545113d]
+
+	* sudo.h:
+	took out getdtablesize() emulation for HP-UX (no longer needed)
+	[1fc83d170f34]
+
+	* sudo.c:
+	support for HAVE_SYSCONF
+	[50ca2a7a224a]
+
+	* visudo.c:
+	added <fcntl.h> for solaris & reorg'd the includes + minor prettying
+	up /
+	[0a570e826dd4]
+
+	* config.h.in:
+	added HAVE_SYSCONF
+	[2b9a9f3a4e94]
+
+1994-05-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	now tells you what os you are running /.
+	[06c6332a895b]
+
+	* aclocal.m4:
+	took out extra ','
+	[e8c75ce59f4a]
+
+1994-05-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	added _BSD_COMPAT
+	[73c5099806c2]
+
+	* aclocal.m4:
+	fixed for irix5
+	[1047d1f6c0eb]
+
+	* CHANGES:
+	updated
+	[1bc4969fee96]
+
+	* sudo.c:
+	uid seinitialized to -2
+	[8d7812b1878b]
+
+1994-04-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	now removes LIBPATH for AIX
+	[075392eb1dd9]
+
+1994-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	now uses ufc if it finds it
+	[ab6ce30a5958]
+
+1994-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.h:
+	no longer define yyval & yylval since yacc does it
+	[09d250aea50a]
+
+	* parse.lex:
+	now defines yylval as extenr
+	[8ec2b88952bc]
+
+	* configure.in:
+	BROKEN_GETPASS is now an OPTION
+	[3714f4bb8312]
+
+	* config.h.in:
+	took out BROKEN_GETPASS
+	[9c4f6aa50137]
+
+	* Makefile.in:
+	took out big comment
+	[4c13cff0e556]
+
+	* README:
+	updated
+	[b8b9902b620d]
+
+	* Makefile.in:
+	took out README.beta
+	[ed2cd861e82b]
+
+	* SUPPORTED:
+	Initial revision
+	[2fffc51e6606]
+
+	* INSTALL:
+	now reference SUPPORTED .,
+	[d112c30be1f2]
+
+	* config.h.in:
+	now check for convex OR __convex__
+	[a0e5701a3069]
+
+	* aclocal.m4:
+	now check for convex or __convex__
+	[5dae2bfbe3bc]
+
+	* Makefile.in:
+	added dist target
+	[400a54de57db]
+
+	* aclocal.m4:
+	use __convex__
+	[58a19470ed0b]
+
+	* find_path.c:
+	now use _S_* stat stuff to be ansi-like
+	[28cce560e048]
+
+	* INSTALL:
+	updated for configure directions
+	[a034ccc7c30a]
+
+	* Makefile.in:
+	distclean now removes config.h and pathnames.h
+	[300f2349b4ab]
+
+	* CHANGES:
+	updated
+	[646f7e9430c1]
+
+	* TODO:
+	fixed typoe
+	[70fd6361b2bc]
+
+	* visudo.c:
+	updated version
+	[cf13d87d789f]
+
+	* Makefile.in:
+	updated version
+	[8c5dacc27a7a]
+
+	* config.h.in, pathnames.h.in:
+	added copyright header
+	[747ce3d3d6b7]
+
+	* check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
+	parse.yacc, sudo.c, sudo.h:
+	udpated version
+	[4751c39bad18]
+
+	* visudo.c:
+	udpated to use configure + pathnames.h
+	[d45dff76a1cd]
+
+	* aclocal.m4:
+	updated
+	[f05a367a55be]
+
+	* Makefile.in, config.h.in, configure.in:
+	updated
+	[524778598879]
+
+	* sudo.h:
+	now works with configure
+	[83fc40e533f4]
+
+	* check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
+	updated to work with configure + pathnames.h
+	[cb67fa6ab52d]
+
+	* Makefile.in:
+	added LEXLIB
+	[f43cad4ab0a2]
+
+1994-03-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* COPYING:
+	updated gnu general licence to versio 2
+	[2b0b56112ddc]
+
+	* config.h.in, pathnames.h.in:
+	Initial revision
+	[4b586f39ec2d]
+
+	* sudo.h:
+	changed to work with configure
+	[13f3506ddf16]
+
+1994-03-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, aclocal.m4, configure.in:
+	Initial revision
+	[a8636ae77371]
+
+	* visudo.c:
+	now uses defines used by configure
+	[de438d118993]
+
+1994-03-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* find_path.c:
+	sudo won't bitch about EPERM now, for real
+	[ce26d9ef7e3f]
+
+1994-02-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	renamed exec_argv to eliminate a libc name clash with ksros
+	[bcb4350d8411]
+
+	* CHANGES:
+	corrected
+	[dae68d422efd]
+
+	* logging.c, sudo.c, sudo.h:
+	execve -> execv
+	[40cc2c4bdb15]
+
+	* TODO:
+	upated
+	[9275a8b8fc45]
+
+	* PORTING:
+	added 2 mroe items
+	[6cbb5c56993c]
+
+	* CHANGES:
+	updated
+	[73f34f8e571a]
+
+	* sudo.h:
+	added UMASK and mode_t declaration
+	[7c2015e1d171]
+
+	* sudo.c:
+	added UMASK
+	[d37be7523680]
+
+	* logging.c:
+	now opens log file with mode 077
+	[0825cc3ee841]
+
+	* check.c:
+	saved current umask ans restores it
+	[659c1aaae8e8]
+
+	* sudo.h:
+	added MAXLOGFILELEN
+	[34331c7dee90]
+
+	* logging.c:
+	split long log lines. FOr syslog, split into multiple entries, for
+	a log file, indent the extra for readability
+	[72c9e4cdba6e]
+
+1994-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	added changes
+	[81196833673d]
+
+	* sudo.h:
+	MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
+	[1aa69e903840]
+
+1994-02-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO:
+	added input from Brett M Hogden <hogden@rge.com>
+	[80f01fc88ce9]
+
+1994-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	added rmenv() to remove stuff from environ. can now uses execvp()
+	OR execve() becuase of this.
+	[e7fc2535bd67]
+
+	* logging.c:
+	now uses execvp() OR execve()
+	[56391aa1f99d]
+
+	* sudo.h:
+	added USE_EXECVE
+	[f21f38050b95]
+
+	* sudo.h:
+	added environ
+	[6b805e23c6f6]
+
+	* find_path.c:
+	now ignore EPERM
+	[c8fd7117a1d7]
+
+	* sudo.h:
+	moved some func decls out of sudo.h and into sudo.c as statics /.
+	[5f555c267d27]
+
+	* CHANGES:
+	updated
+	[431f478af320]
+
+	* sudo.h:
+	took out Envp
+	[6f722be7793d]
+
+1994-02-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS:
+	Initial revision
+	[4a8ecf0da95c]
+
+1994-02-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	added SECURE_PATH
+	[1c72cb222609]
+
+	* sudo.c, sudo.h:
+	added SECURE_PATH
+	[5bf5357a63c5]
+
+	* sudo.h:
+	added SECURE_PATH
+	[3976a74405ac]
+
+	* INSTALL:
+	added sample.sudoers note
+	[1b395d29aaeb]
+
+	* sudoers:
+	Initial revision
+	[485888d07477]
+
+1994-02-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* find_path.c:
+	fixed typo
+	[bfc3cc4d41ca]
+
+	* PORTING:
+	took out SAVED_UID garbage
+	[b7c2d3469661] [SUDO_1_3_0]
+
+	* INSTALL:
+	mentioned HAL
+	[253d6695df90]
+
+	* sudo.h:
+	added HAL line
+	[29ec1a4ac6de]
+
+	* insults.h:
+	added HAL insults
+	[7d7c96d77c74]
+
+	* TODO:
+	updated
+	[aa2ed9790586]
+
+	* logging.c:
+	more verbose error if mailer not found
+	[fca47fd00cb6]
+
+	* check.c:
+	now do getpwent as root for soem shadow password systems (bsdi)
+	[e0339e110d46]
+
+1994-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.h:
+	took out SAVED_UID garbade
+	[fcb0e81dcdb5]
+
+	* sudo.c:
+	took out SAVED_UID garbage since it don't work
+	[507e9513e9c2]
+
+1994-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README:
+	updated
+	[d2b6b253dae5]
+
+	* insults.h:
+	added a missing space :-)
+	[8940ea991f87]
+
+	* sudo.c, sudo.h:
+	took out multimax cruft
+	[c2606b365181]
+
+	* INSTALL:
+	minor update
+	[05fb6ee73131]
+
+	* PORTING:
+	finished
+	[c4ac47c84dc5]
+
+	* sudo.c:
+	fixed a typo + indentation
+	[7eab40aae8fa]
+
+1994-02-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.h:
+	took outumoved some defines to the config file ,. ,.
+	[defff05beb52]
+
+	* PORTING:
+	Initial revision
+	[c803e9127959]
+
+	* TODO:
+	did #6
+	[c6fa1c946c31]
+
+	* sudo.h:
+	added HAS_SAVED_UID
+	[6a88a39c0a07]
+
+	* sudo.c:
+	put back AIX cruft
+	[a24d2507ddd4]
+
+1994-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	aix changes
+	[1663915f754a]
+
+1994-02-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	updated
+	[a8cc73747cae]
+
+	* check.c, logging.c, parse.c, sudo.c, sudo.h:
+	now is only root when abs necesary
+	[3c9d12c5cdfe]
+
+	* check.c:
+	added missing %s\n
+	[609320b72d89]
+
+1994-01-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* install-sh:
+	Initial revision
+	[b5bba140a175]
+
+	* TODO:
+	updated
+	[c9d2eba602af]
+
+	* CHANGES:
+	updated
+	[932f1fc3bb14]
+
+	* sudo.c:
+	now removed _RLD_* for alphas
+	[54a36e648158]
+
+	* INSTALL:
+	updated for new config scheme
+	[61c8ae800444]
+
+	* find_path.c:
+	more verbose eror messages
+	[b4fd123db42d]
+
+1994-01-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO:
+	now have solaris
+	[371002fbf266]
+
+	* sudo.h:
+	define __svr4__ for SOLARIS
+	[0b5cf5ed936d]
+
+	* check.c:
+	added svr4 junk for shadow pws for solaris 2.x
+	[91ed58f21618]
+
+	* check.c, sudo.c:
+	took out setuid(0) and setreuid(udi) garbage. Its not needed since
+	we start out setuid with the correct perms.
+	[07689e782b0b]
+
+	* check.c, sudo.c, sudo.h:
+	now use setreuid()
+	[7d64d685d78e]
+
+1994-01-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.man:
+	revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
+	sectoin
+	[b26967b1e19b]
+
+	* visudo.c:
+	now uses ENV_EDITOR if you want to use the EDITOR envar
+	[a4f8fcb9bd1d]
+
+	* sudo.h:
+	now uses ENV_EDITOR if you want to use the EDITOR envar >> .
+	[028cc55c4328]
+
+1993-12-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	rewrote most of this
+	[a6750923f9c9]
+
+	* README:
+	minor update + spell fix
+	[a411717a7249]
+
+	* sudo.h:
+	added all options that are in the Makefile
+	[6db3b3b841b3]
+
+	* getpass.c:
+	now use USE_TERMIO #define for sgi & hpux
+	[b91f89ae6be1]
+
+	* TODO:
+	todo: posix sigs
+	[4548a56eb2ef]
+
+1993-12-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c, find_path.c:
+	always include strings.h
+	[1fc20bda92c0]
+
+	* visudo.c:
+	added STATICEDITOR
+	[0596f820716e]
+
+	* sudo.h:
+	sgi has vi in /usr/bin too
+	[94203b62bfd9]
+
+	* sudo.man:
+	added VISUAL
+	[87c2844c4cac]
+
+1993-12-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.h:
+	sue /usr/bin/vi on some systems
+	[e3ad9190f35e]
+
+	* sudo.c:
+	fixed warning (include strings.h)
+	[0b896de4d8a0]
+
+	* sudo.man:
+	added John_Rouillard@dl5000.bc.edu's changes (new features)
+	[f41b4205a8cf]
+
+	* CHANGES:
+	changes from John_Rouillard@dl5000.bc.edu
+	[6bdef8e948d5]
+
+	* visudo.c:
+	added EDITOR envar
+	[5c4bf716de21]
+
+	* check.c, find_path.c, parse.c, sudo.c:
+	added patches from John_Rouillard directory spec
+	uses EDITOR
+	[f62a435f8c41]
+
+1993-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* getpass.c:
+	added flush for hpux
+	[07cfdd6a7b55]
+
+1993-11-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	no longer assume malloc returns a char *
+	[7480bd2756f3]
+
+	* sudo.c:
+	alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
+	gets removed correctly
+	[8587166c6ac8]
+
+	* sudo.h:
+	added STD_HEADERS macro
+	[480f5a9a516c]
+
+	* sudo.c:
+	now uses STD_HEADERS macor for ansi
+	[c5018806fd59]
+
+	* find_path.c:
+	now uses STD_HEADERS macro
+	[ad821e0788ea]
+
+	* check.c:
+	niceties for C compiler bitches -- no real change
+	[0fc0b1a5fb64]
+
+1993-11-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	now doesn't fclose a file never opened.
+	[ee888ec9427d]
+
+1993-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.man:
+	added visudo line
+	[698d51c66407]
+
+	* sudo.man:
+	added error stuff added me in there...
+	[d202fd34b906]
+
+	* CHANGES:
+	noted insults
+	[998a22c2230c]
+
+	* INSTALL:
+	added blurb about reading stuff
+	[e71db100798f]
+
+	* sudo.h:
+	added insults
+	[c110431cec56]
+
+	* insults.h:
+	corrected somments and removed newlines
+	[493706fd488c]
+
+	* check.c:
+	now uses insults
+	[6d23cf06a0ef]
+
+	* insults.h:
+	Initial revision
+	[83153c26b4a3]
+
+	* INSTALL:
+	added dec syslog note
+	[555437273237]
+
+	* sample.sudoers:
+	added real stuff in there
+	[53442a7fba78]
+
+	* TODO:
+	added a todo
+	[c630472bd4dc]
+
+	* TODO:
+	added one
+	[806464453284]
+
+1993-11-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sample.sudoers:
+	Initial revision
+	[7db0a9f1ca8f]
+
+	* sudo.man:
+	updated with changes
+	[d9bf254c6c08]
+
+	* sudo.man:
+	Initial revision
+	[dd6f11174ac6]
+
+	* indent.pro:
+	Initial revision
+	[dbfbb494fad9]
+
+	* CHANGES, COPYING, INSTALL, README, TODO:
+	Initial revision
+	[6d98f489a079]
+
+	* visudo.c:
+	updated version number and took out jeff's old addr since it is no
+	good
+	[ee47c24818cb]
+
+	* check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
+	sudo.c, sudo.h:
+	updated version number and took out jeff's email (since it is
+	invalid)
+	[54616458a52e]
+
+1993-10-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	added fflush()
+	[145c881f4fb4]
+
+1993-10-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* find_path.c:
+	now return NULL instead pfof exiting for nopnn-fatal errors
+	[8bc74f8cb1ae]
+
+1993-10-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	new banner
+	[5387ab2af516]
+
+	* parse.lex:
+	now sudo.h gets included first
+	[2acb01c18e18]
+
+1993-10-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.lex:
+	now can use flex
+	[164d3839adf0]
+
+	* sudo.h:
+	linux patch
+	[f1b6b1b1a2ca]
+
+	* sudo.c:
+	hpux 9 fix, removes SHLIB_PATH linux patch
+	[67611dc1737f]
+
+	* check.c:
+	linux diff
+	[c24536682397]
+
+1993-10-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* find_path.c:
+	stat now ignores EINVAL
+	[c7761a5dc642]
+
+1993-10-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* find_path.c, sudo.c:
+	now declare strdup as extern
+	[6b7d6f8784b5]
+
+1993-10-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	reformatted with indent + by hand
+	[9d43084e4990]
+
+	* check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
+	used indent to "fix" coding style
+	[489ffacbdc70]
+
+	* find_path.c:
+	now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
+	move the code that does this into the loop body. makes it messier
+	tho. hmmm.
+	[c4d22b48da9a]
+
+1993-09-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* find_path.c:
+	redid the fix for non-executable files in an easier to read way plus
+	some minor aethetic changes
+	[84fe337f1426]
+
+	* find_path.c:
+	fixed bug with non-executable tings of same name in path introduced
+	by checkig errno after stat(2).
+	[c2a812cfcbc1]
+
+1993-09-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	fixed off by one error
+	[fabb7cee0041]
+
+	* find_path.c:
+	now handles decending below '/' correctly
+	[5d2ddfc0b220]
+
+	* sudo.c:
+	now actually builds Envp instead of munging envp
+	[bdc4b08f6898]
+
+1993-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc:
+	now includes sys/param.h
+	[efbb494ab4de]
+
+	* visudo.c:
+	now includes sys/param.h
+	[ad6c91d59958]
+
+	* sudo.h:
+	fixed ifndef -> ifdef
+	[7aebe822d863]
+
+	* qualify.c:
+	make more like find_path.c
+	[853b2dab2e03]
+
+	* find_path.c:
+	rewritten by millert
+	[c6a043cc11b3]
+
+	* sudo.h:
+	fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
+	about new defines in the comment
+	[39ffefce3aec]
+
+	* logging.c:
+	now uses USE_CWD
+	[fa0f3b118bb3]
+
+	* sudo.h:
+	added delc for clean_envp() and Envp
+	[a12034e300c2]
+
+	* sudo.c:
+	now rips LD_* env vars out of envp and passed sanitized Envp to exec
+	[d201a218e056]
+
+	* logging.c:
+	now uses execve()
+	[f3e01032cd33]
+
+	* find_path.c:
+	ENOTDIR is ok now too (in case part of the path is bogus)
+	[b5cbbb201bb5]
+
+	* qualify.c:
+	now works correctly (ttaltotal rewrite)
+	[0c25d64a5c68]
+
+	* parse.lex:
+	now includes sys/param.h didn't match trailing / -- fix from
+	rouilj@cs.umb.edu
+	[b6363ba110af]
+
+1993-06-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	moved around the #ifndef _AIX
+	[7d4330950c20]
+
+	* check.c, logging.c, parse.c:
+	Initial revision
+	[c101e9572d7f]
+
+1993-03-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* qualify.c:
+	Initial revision
+	[5a5f21d0e0bf]
+
+1993-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* find_path.c:
+	now works if you do sudo bin/test
+	[07835120ce43]
+
+	* find_path.c:
+	works
+	[c3da8b5efa20]
+
+1993-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.h:
+	Initial revision
+	[28a1caa38b72]
+
+	* visudo.c:
+	Initial revision
+	[0e5cd7c3cdbe]
+
+	* parse.lex, parse.yacc:
+	Initial revision
+	[5f2d0cccb06b]
+
+1993-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	took out errno.h
+	[7466431a2655]
+
+	* sudo.c:
+	now spews error if exec fails and exits with -1
+	[e5c41ea725c1]
+
+	* sudo.c:
+	Initial revision
+	[8aeabe39a0c2]
+
+	* find_path.c:
+	now only execs files with (an) executable bit set.
+	[0a451f9c0e58]
+
+	* find_path.c:
+	Initial revision
+	[02a534891a35]
+
+1993-02-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* getpass.c:
+	added nice comment
+	[ea8b2aaa9389]
+
+	* getpass.c:
+	now works on sgi's
+	[bf2b7c6d0960]
+
+	* getpass.c:
+	Initial revision
+	[9f4de251c1b5]
+
diff --git a/sudo-1.7.4p4/HISTORY b/sudo-1.7.4p4/HISTORY
new file mode 100644
index 0000000..63c7f9f
--- /dev/null
+++ b/sudo-1.7.4p4/HISTORY
@@ -0,0 +1,56 @@
+A brief history of sudo:
+
+Sudo was first conceived and implemented by Bob Coggeshall and Cliff Spencer
+around 1980 at the Department of Computer Science at SUNY/Buffalo. It ran on
+a VAX-11/750 running 4.1BSD. An updated version, credited to Phil Betchel,
+Cliff Spencer, Gretchen Phillips, John LoVerso and Don Gworek, was posted to
+the net.sources Usenet newsgroup in December of 1985.
+
+In the Summer of 1986, Garth Snyder released an enhanced version of sudo.
+For the next 5 years, sudo was fed and watered by a handful of folks at
+CU-Boulder, including Bob Coggeshall, Bob Manchek, and Trent Hein.
+
+In 1991, Dave Hieb and Jeff Nieusma wrote a new version of sudo with an
+enhanced sudoers format under contract to a consulting firm called "The Root
+Group". This version was later released under the GNU public license.
+
+In 1994, after maintaining sudo informally within CU-Boulder for some time,
+Todd Miller made a public release of "CU sudo" (version 1.3) with bug fixes
+and support for more operating systems. The "CU" was added to differentiate
+it from the "official" version from "The Root Group".
+
+In 1995, a new parser for the sudoers file was contributed by Chris Jepeway.
+The new parser was a proper grammar (unlike the old one) and could work with
+both sudo and visudo (previously they had slightly different parsers).
+
+In 1996, Todd, who had been maintaining sudo for several years in his spare
+time, moved distribution of sudo from a CU-Boulder ftp site to his domain,
+courtesan.com.
+
+In 1999, the "CU" prefix was dropped from the name since there had been no
+formal release of sudo from "The Root Group" since 1991 (the original
+authors now work elsewhere). As of version 1.6, Sudo no longer contains any
+of the original "Root Group" code and is available under an ISC-style
+license.
+
+In 2001, the sudo web site, ftp site and mailing lists were moved from
+courtesan.com to the sudo.ws domain (sudo.org was already taken).
+
+In 2003, Nationwide Mutual Insurance Company contributed code written by
+Aaron Spangler to store the sudoers data in LDAP. These changes were
+incorporated into Sudo 1.6.8.
+
+In 2005, Todd rewrote the sudoers parser to better support the features that
+had been added in the past ten years. This new parser removes some
+limitations of the previous one, removes ordering constraints and adds
+support for including multiple sudoers files.
+
+In 2010, Quest Software began sponsoring Sudo development by hiring Todd to
+work on Sudo as part of his full-time job.
+
+sudo, in its current form, is maintained by:
+
+        Todd Miller <Todd.Miller@courtesan.com>
+
+Todd continues to enhance sudo and fix bugs.
+
diff --git a/sudo-1.7.4p4/INSTALL b/sudo-1.7.4p4/INSTALL
new file mode 100644
index 0000000..8d92b4c
--- /dev/null
+++ b/sudo-1.7.4p4/INSTALL
@@ -0,0 +1,774 @@
+Installation instructions for Sudo 1.7
+======================================
+
+Sudo uses a `configure' script to probe the capabilities and type
+of the system in question.  In this release, `configure' takes many
+more options than it did before.  Please read this document fully
+before configuring and building sudo.  You may also wish to read the
+file INSTALL.configure which explains more about the `configure' script.
+
+Simple sudo installation
+========================
+
+For most systems and configurations it is possible simply to:
+
+    0) If you are upgrading from a previous version of sudo
+       please read the info in the UPGRADE file before proceeding.
+
+    1) Read the `OS dependent notes' section for any particular
+       "gotchas" relating to your operating system.
+
+    2) `cd' to the source or build directory and type `./configure'
+       to generate a Makefile and config.h file suitable for
+       building sudo.  Before you actually run configure you
+       should read the `Available configure options' section
+       to see if there are any special options you may want
+       or need.
+
+    3) Edit the configure-generated Makefile if you wish to
+       change any of the default paths (alternatively, you could
+       have changed the paths via options to `configure'.
+
+    5) Type `make' to compile sudo.  If you are building sudo
+       in a separate build tree (apart from the sudo source)
+       GNU make will probably be required.  If `configure' did
+       its job properly (and you have a supported configuration)
+       there won't be any problems.  If this doesn't work, take
+       a look at the files TROUBLESHOOTING and PORTING for tips
+       on what might have gone wrong.  Please mail us if you have a
+       fix or if you are unable to come up with a fix (address at EOF).
+
+    6) Type `make install' (as root) to install sudo, visudo, the
+       man pages, and a skeleton sudoers file.  Note that the install
+       will not overwrite an existing sudoers file.  You can also
+       install various pieces the package via the install-binaries,
+       install-doc, and install-sudoers make targets.
+
+    7) Edit the sudoers file with `visudo' as necessary for your
+       site.  You will probably want to refer the sample.sudoers
+       file and sudoers man page included with the sudo package.
+
+    8) If you want to use syslogd(8) to do the logging, you'll need
+       to update your /etc/syslog.conf file.  See the sample.syslog.conf
+       file included in the distribution for an example.
+
+Available configure options
+===========================
+
+This section describes flags accepted by the sudo's `configure' script.
+Defaults are listed in brackets after the description.
+
+Configuration:
+  --cache-file=FILE
+	Cache test results in FILE
+
+  --config-cache, -C
+	Alias for `--cache-file=config.cache'
+
+  --help, -h
+	Print the usage/help info
+
+  --no-create, -n
+	Do not create output files
+
+  --quiet, --silent, -q
+	Do not print `checking...' messages
+
+Directory and file names:
+  --prefix=PREFIX
+	Install architecture-independent files in PREFIX This really only
+	applies to man pages.  [/usr/local]
+
+  --exec-prefix=EPREFIX
+	Install architecture-dependent files in EPREFIX This includes the
+	sudo and visudo executables.  [same as prefix]
+
+  --bindir=DIR
+	Install `sudo' in DIR [EPREFIX/bin]
+
+  --sbindir=DIR
+	Install `visudo' in DIR [EPREFIX/sbin]
+
+  --sysconfdir=DIR
+	Install `sudoers' file in DIR [/etc]
+
+  --mandir=DIR
+	Install man pages in DIR [PREFIX/man]
+
+  --srcdir=DIR
+	Find the sources in DIR [configure dir or ..]
+
+Special features/options:
+  --with-CC=PATH
+	Specifies path to C compiler you wish to use.
+
+  --with-incpath=DIR
+	Adds the specified directory (or directories) to CPPFLAGS
+	so configure and the compiler will look there for include
+	files.  Multiple directories may be specified as long as
+	they are space separated.
+	Eg: --with-incpath="/usr/local/include /opt/include"
+
+  --with-libpath=DIR
+	Adds the specified directory (or directories) to LDFLAGS
+	so configure and the compiler will look there for libraries.
+	Multiple directories may be specified as with --with-incpath.
+
+  --with-rpath
+	Tells configure to use -Rpath in addition to -Lpath when
+	passing library paths to the loader.  This option is on
+	by default for Solaris and SVR4.
+
+  --with-blibpath[=PATH]
+	Tells configure to construct a -blibpath argument to the
+	loader.  If a PATH is specified, it will be used as the
+	base.  Otherwise, "/usr/lib:/lib:/usr/local/lib" will be
+	used for gcc and "/usr/lib:/lib" for non-gcc.  Additional
+	library paths will be appended as needed by configure.
+	This option is only valid for AIX where it is on by default.
+
+  --with-libraries=LIBRARY
+	Adds the specified library (or libaries) to SUDO_LIBS and
+	and VISUDO_LIBS so sudo will link against them.  If the
+	library doesn't start with `-l' or end in `.a' or `.o' a
+	`-l' will be prepended to it.  Multiple libraries may be
+	specified as long as they are space separated.
+
+  --with-efence
+	Link with the "electric fence" debugging malloc.
+
+  --with-bsm-audit
+	Enable support for sudo BSM audit logs on systems that support
+	it.  Currently only supported under FreeBSD and Mac OS X.
+
+  --with-linux-audit
+	Enable audit support for Linux systems.  Audits attempts
+	to run a command as well as SELinux role changes.
+
+  --with-csops
+	Add CSOps standard options.  You probably aren't interested in this.
+
+  --with-skey[=DIR]
+	Enable S/Key OTP (One Time Password) support.  If specified,
+	DIR should contain include and lib directories with skey.h
+	and libskey.a respectively.
+
+  --with-opie[=DIR]
+	Enable NRL OPIE OTP (One Time Password) support.  If specified,
+	DIR should contain include and lib directories with opie.h
+	and libopie.a respectively.
+
+  --with-SecurID[=DIR]
+	Enable SecurID support.  If specified, DIR is directory containing
+	sdiclient.a, sdi_athd.h, sdconf.h, and sdacmvls.h.
+
+  --with-fwtk[=DIR]
+	Enable TIS Firewall Toolkit (FWTK) 'authsrv' support. If specified,
+	DIR is the base directory containing the compiled FWTK package
+	(or at least the library and header files).
+
+  --with-kerb4[=DIR]
+	Enable Kerberos IV support.  If specified, DIR is the base
+	directory containing the Kerberos IV include and lib dirs.
+	This uses Kerberos passphrases for authentication but does
+	not use the Kerberos cookie scheme.
+
+  --with-kerb5[=DIR]
+	Enable Kerberos V support.  If specified, DIR is the base
+	directory containing the Kerberos V include and lib dirs.
+	This This uses Kerberos passphrases for authentication but
+	does not use the Kerberos cookie scheme.  Will not work for
+	Kerberos V older than version 1.1.
+
+  --with-ldap[=DIR]
+	Enable LDAP support.  If specified, DIR is the base directory
+	containing the LDAP include and lib directories.  Please see
+	README.LDAP for more information.
+
+  --with-ldap-conf-file=PATH
+	Path to LDAP configuration file.  If specified, sudo reads
+	this file instead of /etc/ldap.conf to locate the LDAP server.
+
+  --with-ldap-secret-file=PATH
+	Path to LDAP secret password file.  If specified, sudo uses
+	this file instead of /etc/ldap.secret to read the secret password
+	when rootbinddn is specified in the ldap config file.
+
+  --with-nsswitch[=PATH]
+	Path to nsswitch.conf or "no" to disable nsswitch support.
+	If specified, sudo uses this file instead of /etc/nsswitch.conf.
+	If nsswitch is disabled but LDAP is enabled, sudo will check
+	LDAP first, then the sudoers file.
+
+  --with-netsvc[=PATH]
+        Path to netsvc.conf or "no" to disable netsvc.conf support.
+        If specified, sudo uses this file instead of /etc/netsvc.conf
+        on AIX systems.
+
+  --with-aixauth
+	Enable support for the AIX 4.x general authentication function.
+	This will use the authentication scheme specified for the user
+	on the machine.  It is on by default for AIX systems that
+	support it.
+
+  --with-pam
+	Enable PAM support.  This is on by default for Darwin, FreeBSD,
+	Linux, Solaris and HP-UX (version 11 and higher).
+
+	NOTE: on RedHat Linux and Fedora you *must* have an /etc/pam.d/sudo
+	file install.  You may either use the sample.pam file included with
+	sudo or use /etc/pam.d/su as a reference.  The sample.pam file
+	included with sudo may or may not work with other Linux distributions.
+	On Solaris and HP-UX 11 systems you should check (and understand)
+	the contents of /etc/pam.conf.  Do a "man pam.conf" for more
+	information and consider using the "debug" option, if available,
+	with your PAM libraries in /etc/pam.conf to obtain syslog output
+	for debugging purposes.
+
+  --with-pam-login
+        Enable a specific PAM session when sudo is given the -i option.
+	This changes the PAM service name when sudo is run with the -i
+	option from "sudo" to "sudo-i", allowing for a separate pam
+	configuration for sudo's initial login mode.
+
+  --with-AFS
+	Enable AFS support with Kerberos authentication.  Should work under
+	AFS 3.3.  If your AFS doesn't have -laudit you should be able to
+	link without it.
+
+  --with-DCE
+	Enable DCE support for systems without PAM.  Known to work on
+	HP-UX 9.X, 10.X, and 11.0; other systems may require source
+	code and/or `configure' changes.  On systems with PAM support
+	(such as HP-UX 11.0 and higher, Solaris, FreeBSD and Linux), the
+	DCE PAM module (usually libpam_dce) should be used instead.
+
+  --with-logincap
+	This adds support for login classes specified in /etc/login.conf.
+	It is enabled by default on BSD/OS, Darwin, FreeBSD, OpenBSD and
+	NetBSD (where available).  By default, a login class is not applied
+	unless the 'use_loginclass' option is defined in sudoers or the user
+	specifies a class on the command line.
+
+  --with-bsdauth
+	Enable support for BSD authentication.  This is the default
+	for BSD/OS and OpenBSD systems that support it.
+	It is not possible to mix BSD authentication with other
+	authentication methods (and there really should be no need
+	to do so).  Note that only the newer BSD authentication API
+	is supported.  If you don't have /usr/include/bsd_auth.h
+	then you cannot use this.
+
+  --with-project
+	Enable support for Solaris project resource limits.
+	This option is only available on Solaris 9 and above.
+
+  --with-noexec[=PATH]
+	Enable support for the "noexec" functionality which prevents
+	a dynamically-linked program being run by sudo from executing
+	another program (think shell escapes).  Please see the
+	"PREVENTING SHELL ESCAPES" section in the sudoers man page
+	for details.  If specified, PATH should be a fully qualified
+	path name, e.g. /usr/local/libexec/sudo_noexec.so.  If PATH
+	is "no", noexec support will not be compiled in.  The default
+	is to compile noexec support if libtool supports building
+	shared objects on your OS.
+
+  --disable-pam-session
+        Disable sudo's PAM session support.  This may be needed on
+        older PAM implementations or on operating systems where
+        opening a PAM session changes the utmp or wtmp files.  If
+        PAM session support is disabled, resource limits may not
+        be updatedin for command being run.
+
+  --disable-root-mailer
+	By default sudo will run the mailer as root when tattling
+	on a user so as to prevent that user from killing the mailer.
+	With this option, sudo will run the mailer as the invoking
+	user which some people consider to be safer.
+
+  --disable-setreuid
+	Disable use of the setreuid() function for operating systems
+	where it is broken.  Mac OS X has setreuid() but it doesn't
+	really work.
+
+  --disable-setresuid
+	Disable use of the setresuid() function for operating systems
+	where it is broken (none currently known).
+
+  --disable-sia
+	Disable SIA support.  This is the "Security Integration
+	Architecture" on Digital UNIX. If you disable SIA sudo will
+	use its own authentication routines.
+
+  --disable-shadow
+	Disable shadow password support.  Normally, sudo will compile
+	in shadow password support and use a shadow password if it
+	exists.
+
+  --with-sudoers-mode=MODE
+	File mode for the sudoers file (octal).  Note that if you
+	wish to NFS-mount the sudoers file this must be group
+	readable.  Also note that this is actually set in the
+	Makefile.  The default mode is 0440.
+
+  --with-sudoers-uid=UID
+	User id that "owns" the sudoers file.  Note that this is
+	the numeric id, *not* the symbolic name.  Also note that
+	this is actually set in the Makefile.  The default is 0.
+
+  --with-sudoers-gid=GID
+	Group id that "owns" the sudoers file.  Note that this is
+	the numeric id, *not* the symbolic name.  Also note that
+	this is actually set in the Makefile.  The default is 0.
+
+  --without-interfaces
+	This option keeps sudo from trying to glean the ip address
+	from each attached ethernet interface.  It is only useful
+	on a machine where sudo's interface reading support does
+	not work, which may be the case on some SysV-based OS's
+	using STREAMS.
+
+  --without-passwd
+	This option excludes authentication via the passwd (or
+	shadow) file.  It should only be used when another, alternative,
+	authentication scheme is in use.
+
+  --with-otp-only
+	This option is now just an alias for --without-passwd.
+
+  --with-stow
+	Properly handle GNU stow packaging.  The sudoers file will
+	physically live in ${prefix}/etc and /etc/sudoers will be
+	a symbolic link.
+
+  --with-selinux 
+	Enable support for role based access control (RBAC) on
+	systems that support SELinux.
+
+  --with-libvas=[NAME]
+        Enable non-Unix group support using Quest Authentication
+        Services.  If NAME is specified, it should be the name of
+	the shared library providing QAS support (libvas.so by default).
+
+  --with-libvas-rpath=[PATH]
+	The path to search when loading libvas.so (or an alternate
+	name as specified by --with-libvas).  This option only has
+	an effect when --with-libvas is specified.
+
+The following options are also configurable at runtime:
+
+  --with-long-otp-prompt
+	When validating with a One Time Password scheme (S/Key or
+	OPIE), a two-line prompt is used to make it easier to cut
+	and paste the challenge to a local window.  It's not as
+	pretty as the default but some people find it more convenient.
+
+  --with-logging=TYPE
+	How you want to do your logging.  You may choose "syslog",
+	"file", or "both".  Setting this to "syslog" is nice because
+	you can keep all of your sudo logs in one place (see the
+	sample.syslog.conf file).  The default is "syslog".
+
+  --with-logfac=FACILITY
+	Determines which syslog facility to log to.  This requires
+	a 4.3BSD or later version of syslog.  You can still set
+	this for ancient syslogs but it will have no effect.  The
+	following facilities are supported: authpriv (if your OS
+	supports it), auth, daemon, user, local0, local1, local2,
+	local3, local4, local5, local6, and local7.
+
+  --with-goodpri=PRIORITY
+	Determines which syslog priority to log successfully
+	authenticated commands.  The following priorities are
+	supported: alert, crit, debug, emerg, err, info, notice,
+	and warning.
+
+  --with-badpri=PRIORITY
+	Determines which syslog priority to log unauthenticated
+	commands and errors.  The following priorities are supported:
+	alert, crit, debug, emerg, err, info, notice, and warning.
+
+  --with-logpath=PATH
+	Override the default location of the sudo log file and use
+	"path" instead.  By default will use /var/log/sudo.log if
+	there is a /var/log dir, falling back to /var/adm/sudo.log
+	or /usr/adm/sudo.log if not.
+
+  --with-loglen=NUMBER
+	Number of characters per line for the file log.  This is only used if
+	you are to "file" or "both".  This value is used to decide when to wrap
+	lines for nicer log files.  The default is 80.  Setting this to 0
+	will disable the wrapping.
+
+  --with-ignore-dot
+	If set, sudo will ignore '.' or '' (current dir) in $PATH.
+	The $PATH itself is not modified.
+
+  --with-mailto=USER|MAIL_ALIAS
+	User (or mail alias) that mail from sudo is sent to.
+	This should go to a sysadmin at your site.  The default is "root".
+
+  --with-mailsubject="SUBJECT OF MAIL"
+	Subject of the mail sent to the "mailto" user. The token "%h"
+	will expand to the hostname of the machine.
+	Default is "*** SECURITY information for %h ***".
+
+  --without-mail-if-no-user
+	Normally, sudo will mail to the "alertmail" user if the user invoking
+	sudo is not in the sudoers file.  This option disables that behavior.
+
+  --with-mail-if-no-host
+	Send mail to the "alermail" user if the user exists in the sudoers
+	file, but is not allowed to run commands on the current host.
+
+  --with-mail-if-noperms
+	Send mail to the "alermail" user if the user is allowed to use sudo but
+	the command they are trying is not listed in their sudoers file entry.
+
+  --with-passprompt="PASSWORD PROMPT"
+	Default prompt to use when asking for a password; can be overridden
+	via the -p option and the SUDO_PROMPT environment variable. Supports
+	the "%H", "%h", "%U" and "%u" escapes as documented in the sudo
+	manual page.  The default value is "Password:".
+
+  --with-badpass-message="BAD PASSWORD MESSAGE"
+	Message that is displayed if a user enters an incorrect password.
+	The default is "Sorry, try again." unless insults are turned on.
+
+  --with-fqdn
+	Define this if you want to put fully qualified hostnames in the sudoers
+	file.  Ie: instead of myhost you would use myhost.mydomain.edu.  You may
+	still use the short form if you wish (and even mix the two).  Beware
+	that turning FQDN on requires sudo to make DNS lookups which may make
+	sudo unusable if your DNS is totally hosed.  Also note that you must
+	use the host's official name as DNS knows it.  That is, you may not use
+	a host alias (CNAME entry) due to performance issues and the fact that
+	there is no way to get all aliases from DNS.
+
+  --with-timedir=PATH
+	Override the default location of the sudo timestamp directory and
+	use "path" instead.
+
+  --with-sendmail=PATH
+	Override configure's guess as to the location of sendmail.
+
+  --without-sendmail
+	Do not use sendmail to mail messages to the "mailto" user.
+	Use only if don't run sendmail or the equivalent.
+
+  --with-umask=MASK
+	Umask to use when running the root command.  The default is 0022.
+
+  --without-umask
+	Preserves the umask of the user invoking sudo.
+
+  --with-runas-default=USER
+	The default user to run commands as if the -u flag is not specified
+	on the command line.  This defaults to "root".
+
+  --with-exempt=GROUP
+	Users in the specified group don't need to enter a password when
+	running sudo.  This may be useful for sites that don't want their
+	"core" sysadmins to have to enter a password but where Jr. sysadmins
+	need to.  You should probably use NOPASSWD in sudoers instead.
+
+  --with-passwd-tries=NUMBER
+	Number of tries a user gets to enter his/her password before sudo logs
+	the failure and exits.  The default is 3.
+
+  --with-timeout=NUMBER
+	Number of minutes that can elapse before sudo will ask for a passwd
+	again.  The default is 5, set this to 0 to always prompt for a password.
+
+  --with-password-timeout=NUMBER
+	Number of minutes before the sudo password prompt times out.
+	The default is 5, set this to 0 for no password timeout.
+
+  --without-tty-tickets
+	By default, sudo uses a different ticket file for each user/tty combo.
+	With this option disabled, a single ticket will be used for all
+	of a user's login sessions.
+
+  --with-insults
+	Define this if you want to be insulted for typing an incorrect password
+	just like the original sudo(8).  This is off by default.
+
+  --with-insults=disabled
+        Include support for insults but disable them unless explicitly
+        enabled in sudoers.
+
+  --with-all-insults
+	Include all the insult sets listed below.  You must either specify
+	--with-insults or enable insults in the sudoers file for this to
+	have any effect.
+
+  --with-classic-insults
+	Uses insults from sudo "classic."  If you just specify --with-insults
+	you will get the classic and CSOps insults.  This is on by default if
+	--with-insults is given.
+
+  --with-csops-insults
+	Insults the user with an extra set of insults (some quotes, some
+	original) from a sysadmin group at CU (CSOps).  You must specify
+	--with-insults as well for this to have any effect.  This is on by
+	default if --with-insults is given.
+
+  --with-hal-insults
+	Uses 2001-like insults when an incorrect password is entered.
+	You must either specify --with-insults or enable insults in the
+	sudoers file for this to have any effect.
+
+  --with-goons-insults
+	Insults the user with lines from the "Goon Show" when an incorrect
+	password is entered.  You must either specify --with-insults or
+	enable insults in the sudoers file for this to have any effect.
+
+  --with-pc-insults
+	Replace politically incorrect insults with less objectionable ones.
+
+  --with-secure-path[=PATH]
+	Path used for every command run from sudo(8).  If you don't trust the
+	people running sudo to have a sane PATH environment variable you may
+	want to use this.  Another use is if you want to have the "root path"
+	be separate from the "user path."  You will need to customize the path
+	for your site.  NOTE: this is not applied to users in the group
+	specified by --with-exemptgroup.  If you do not specify a path,
+	"/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" is used.
+
+  --without-lecture
+	Don't print the lecture the first time a user runs sudo.
+
+  --with-editor=PATH
+	Specify the default editor path for use by visudo.  This may be a
+	single path name or a colon-separated list of editors.  In the latter
+	case, visudo will choose the editor that matches the user's VISUAL
+	or EDITOR environment variables or the first editor in the list that
+	exists.  The default is the path to vi on your system.
+
+  --with-env-editor
+	Makes visudo consult the VISUAL and EDITOR environment variables before
+	falling back on the default editor list (as specified by --with-editor).
+	Note that this may create a security hole as it allows the user to
+	run any arbitrary command as root without logging.  A safer alternative
+	is to use a colon-separated list of editors with the --with-editor
+	option.  visudo will then only use the VISUAL or EDITOR variables
+	if they match a value specified via --with-editor.
+
+  --with-askpass=PATH
+        Set PATH as the "askpass" program to use when no tty is
+        available.  Typically, this is a graphical password prompter,
+        similar to the one used by ssh.  The program must take a
+        prompt as an argument and print the received password to
+        the standard output.
+
+  --disable-authentication
+	By default, sudo requires the user to authenticate via a
+	password or similar means.  This options causes sudo to
+	*not* require authentication.  It is possible to turn
+	authentication back on in sudoers via the PASSWD attribute.
+
+  --disable-root-sudo
+	Don't let root run sudo.  This can be used to prevent people from
+	"chaining" sudo commands to get a root shell by doing something
+	like "sudo sudo /bin/sh".
+
+  --enable-gss-krb5-ccache-name
+        Use the gss_krb5_ccache_name() function to set the Kerberos
+        V credential cache file name.  By default, sudo will use
+        the KRB5CCNAME environment variable to set this.  While
+        gss_krb5_ccache_name() provides a better API to do this it
+        is not supported by all Kerberos V and SASL combinations.
+
+  --enable-log-host
+	Log the hostname in the log file.
+
+  --enable-noargs-shell
+	If sudo is invoked with no arguments it acts as if the "-s" flag had
+	been given.  That is, it runs a shell as root (the shell is determined
+	by the SHELL environment variable, falling back on the shell listed
+	in the invoking user's /etc/passwd entry).
+
+  --enable-shell-sets-home
+	If sudo is invoked with the "-s" flag the HOME environment variable
+	will be set to the home directory of the target user (which is root
+	unless the "-u" option is used).  This option effectively makes the
+	"-s" flag imply "-H".
+
+  --disable-path-info
+	Normally, sudo will tell the user when a command could not be found
+	in their $PATH.  Some sites may wish to disable this as it could
+	be used to gather information on the location of executables that
+	the normal user does not have access to.  The disadvantage is that
+	if the executable is simply not in the user's path, sudo will tell
+	the user that they are not allowed to run it, which can be confusing.
+
+  --disable-iologdir
+	Disable sudo's I/O logging support.  This can be used to allow sudo
+	to be compiled on systems without pseudo-tty support.
+
+  --enable-iologdir[=DIR]
+	By default, sudo stores I/O log files in either /var/log/sudo-io,
+	/var/adm/sudo-sudo-io or /usr/log/sudo-io.  If DIR is
+	specified, I/O logs will be stored in the indicated directory
+	instead.
+
+  --enable-zlib[=DIR]
+	Enable the use of the zlib compress library when storing
+	I/O log files.  If specified, DIR is the base directory
+	containing the zlib include and lib directories.  By default
+	zlib is used if it is found on the system and I/O logging
+	support is not disabled.
+
+  --disable-zlib
+        Disable the use of the zlib compress library when storing
+        I/O log files.
+
+  --enable-warnings
+	Enable compiler warnings when building sudo with gcc.
+
+  --enable-admin-flag
+	Enable the creation of an Ubuntu-style admin flag file
+	the first time sudo is run.
+
+Shadow password and C2 support
+==============================
+
+Shadow passwords (also included with most C2 security packages) are
+supported on most major platforms for which they exist.  The
+`configure' script will attempt to determine if your system can use
+shadow passwords and include support for them if so.  Shadow password
+support is now compiled in by default (it doesn't hurt anything if you
+don't have them configured).  To disable the shadow password support,
+use the --disable-shadow option to configure.
+
+Shadow passwords are known to work on the following platforms:
+
+    SunOS 4.x
+    Solaris 2.x
+    HP-UX >= 9.x
+    Ultrix 4.x
+    Digital UNIX
+    IRIX >= 5.x
+    AIX >= 3.2.x
+    Linux
+    SCO >= 3.2.2
+    Pyramid DC/OSx
+    UnixWare
+    SVR4 (and variants using standard SVR4 shadow passwords)
+    4.4BSD based systems (including OpenBSD, NetBSD, FreeBSD, and Mac OS X)
+    Systems using SecureWare's C2 security.
+
+OS dependent notes
+==================
+
+Linux:
+    PAM and LDAP headers are not installed by default on most Linux
+    systems.  You will need to install the "pam-dev" package if
+    /usr/include/security/pam_appl.h is not present on your system.
+    If you wish to build with LDAP support you will also need the
+    openldap-devel package.
+
+    Versions of glibc 2.x previous to 2.0.7 have a broken lsearch().
+    You will need to either upgrade to glibc-2.0.7 or use sudo's
+    version of lsearch().  To use sudo's lsearch(), comment out
+    the "#define HAVE_LSEARCH 1" line in config.h and add lsearch.o
+    to the LIBOBJS line in the Makefile.
+
+    If you are using a Linux kernel older than 2.4 it is not possible
+    to access the sudoers file via NFS.  This is due to a bug in
+    the Linux client-side NFS implementation that has since been
+    fixed.  There is a workaround on the sudo ftp site, linux_nfs.patch,
+    if you need to NFS-mount sudoers on older Linux kernels.
+
+Solaris 2.x:
+    You need to have a C compiler in order to build sudo.  Since
+    Solaris 2.x does not come with one by default this means that
+    you either need to install the Sun Studio compiler suite,
+    available for free from www.sun.com, or have a copy of the GNU
+    C compiler (gcc) which is distributed on the Solaris Companion
+    CD.  You can also get them from various places on the net,
+    including http://www.sunfreeware.com/
+    NOTE: sudo will *not* build with the sun C compiler in BSD
+	  compatibility mode (/usr/ucb/cc).  Sudo is designed to
+	  compile with the standard C compiler (or gcc) and will
+	  not build correctly with /usr/ucb/cc.  You can use the
+	  `--with-CC' option to point `configure' to the non-ucb
+	  compiler if it is not the first cc in your path.  Some
+	  sites link /usr/ucb/cc to gcc; configure will not notice
+	  this and still refuse to use /usr/ucb/cc, so make sure gcc
+	  is also in your path if your site is setup this way.
+    Also: Older versions of Solaris come with a broken syslogd.
+	  If you have having problems with sudo logging you should
+	  make sure you have the latest syslogd patch installed.
+	  This is a problem for Solaris 2.4 and 2.5 at least.
+
+Mac OS X:
+    The pseudo-tty support in the Mac OS X kernel has bugs related
+    to its handling of the SIGTSTP, SIGTTIN and SIGTTOU signals.
+    It does not restart reads and writes when those signals are
+    delivered.  This may cause problems for some commands when I/O
+    logging is enabled.  The issue has been reported to Apple and
+    is bug id #7952709.
+
+HP-UX:
+    The default C compiler shipped with HP-UX does not support
+    creating position independent code and so is unable to support
+    sudo's "noexec" functionality.  You must use either the HP ANSI
+    C compiler or gcc for noexec to work.  Binary packages of gcc
+    are available http://hpux.connect.org.uk/.
+
+    To prevent PAM from overriding the value of umask on HP-UX 11,
+    you will need to add a line like the following to /etc/pam.conf:
+
+    sudo	session	required	libpam_hpsec.so.1 bypass_umask
+
+Digital UNIX:
+    By default, sudo will use SIA (Security Integration Architecture)
+    to validate a user.  If you want to use an alternative authentication
+    method that does not go through SIA, you need to use the
+    --disable-sia option to configure.  If you use gcc to compile
+    you will get warnings when building interfaces.c.  These are
+    harmless but if they really bug you, you can edit
+    /usr/include/net/if.h around line 123, right after the comment:
+	/* forward decls for C++ */
+    change the line:
+	#ifdef __cplusplus
+    to:
+	#if defined(__cplusplus) || defined(__GNUC__)
+    If you don't like the idea of editing the system header file
+    you can just make a copy in gcc's private include tree and
+    edit that.
+
+AIX 3.2.x:
+    I've had various problems with the AIX C compiler producing
+    incorrect code when the -O flag was used.  When optimization
+    is not used, the problems go away.  Gcc does not appear
+    to have this problem.
+
+SCO ODT:
+    You'll probably need libcrypt_i.a available via anonymous ftp
+    from sosco.sco.com.  The necessary files are /SLS/lng225b.Z
+    and /SLS/lng225b.ltr.Z.
+
+SunOS 4.x:
+    The /bin/sh shipped with SunOS blows up while running configure.
+    You can work around this by installing bash or zsh.  If you
+    have bash or zsh in your path, configure will use it instead
+    automatically.
+
+ULTRIX 4.x:
+    The /bin/sh shipped with ULTRIX blows up while running configure.
+    You can work around this by installing bash or zsh.  If you
+    have bash or zsh in your path, configure will use it instead
+    automatically.
+
+    ULTRIX ships with the 4.2BSD syslog(3) which does not
+    allow things like logging different facilities to different
+    files, redirecting logs to a single loghost and other niceties.
+    You may want to just grab and install:
+	ftp://www.sudo.ws/pub/sudo/misc/jtkohl-syslog-complete.tar.gz
+    (available via anonymous ftp) which is a port if the 4.3BSD
+    syslog/syslogd that is backwards compatible with the Ultrix version.
+    I recommend it highly.  If you do not do this you probably want
+    to run configure with --with-logging=file
diff --git a/sudo-1.7.4p4/INSTALL.configure b/sudo-1.7.4p4/INSTALL.configure
new file mode 100644
index 0000000..9053561
--- /dev/null
+++ b/sudo-1.7.4p4/INSTALL.configure
@@ -0,0 +1,174 @@
+Basic Installation
+==================
+
+   These are generic installation instructions.
+
+   The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation.  It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions.  Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, a file
+`config.cache' that saves the results of its tests to speed up
+reconfiguring, and a file `config.log' containing compiler output
+(useful mainly for debugging `configure').
+
+   If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release.  If at some point `config.cache'
+contains results you don't want to keep, you may remove or edit it.
+
+   The file `configure.in' is used to create `configure' by a program
+called `autoconf'.  You only need `configure.in' if you want to change
+it or regenerate `configure' using a newer version of `autoconf'.
+
+The simplest way to compile this package is:
+
+  1. `cd' to the directory containing the package's source code and type
+     `./configure' to configure the package for your system.  If you're
+     using `csh' on an old version of System V, you might need to type
+     `sh ./configure' instead to prevent `csh' from trying to execute
+     `configure' itself.
+
+     Running `configure' takes awhile.  While running, it prints some
+     messages telling which features it is checking for.
+
+  2. Type `make' to compile the package.
+
+  3. Optionally, type `make check' to run any self-tests that come with
+     the package.
+
+  4. Type `make install' to install the programs and any data files and
+     documentation.
+
+  5. You can remove the program binaries and object files from the
+     source code directory by typing `make clean'.  To also remove the
+     files that `configure' created (so you can compile the package for
+     a different kind of computer), type `make distclean'.  There is
+     also a `make maintainer-clean' target, but that is intended mainly
+     for the package's developers.  If you use it, you may have to get
+     all sorts of other programs in order to regenerate files that came
+     with the distribution.
+
+Compilers and Options
+=====================
+
+   Some systems require unusual options for compilation or linking that
+the `configure' script does not know about.  You can give `configure'
+initial values for variables by setting them in the environment.  Using
+a Bourne-compatible shell, you can do that on the command line like
+this:
+     CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
+
+Or on systems that have the `env' program, you can do it like this:
+     env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
+
+Compiling For Multiple Architectures
+====================================
+
+   You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory.  `cd' to the directory where you want the object files
+and executables to go and run the `configure' script.  `configure'
+automatically checks for the source code in the directory that `configure'
+is in and in `..'.
+
+Installation Names
+==================
+
+   By default, `make install' will install the package's files in
+`/usr/local/bin', `/usr/local/man', etc.  You can specify an
+installation prefix other than `/usr/local' by giving `configure' the
+option `--prefix=PATH'.
+
+   You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files.  If you
+give `configure' the option `--exec-prefix=PATH', the package will use
+PATH as the prefix for installing programs and libraries.
+Documentation and other data files will still use the regular prefix.
+
+   In addition, if you use an unusual directory layout you can give
+options like `--bindir=PATH' to specify different values for particular
+kinds of files.  Run `configure --help' for a list of the directories
+you can set and what kinds of files go in them.
+
+   If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+Optional Features
+=================
+
+   Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System).  The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+   For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+Specifying the System Type
+==========================
+
+   There may be some features `configure' can not figure out
+automatically, but needs to determine by the type of host the package
+will run on.  Usually `configure' can figure that out, but if it prints
+a message saying it can not guess the host type, give it the
+`--host=TYPE' option.  TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name with three fields:
+     CPU-COMPANY-SYSTEM
+
+See the file `config.sub' for the possible values of each field.  If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the host type.
+
+   If you are building compiler tools for cross-compiling, you can also
+use the `--target=TYPE' option to select the type of system they will
+produce code for and the `--build=TYPE' option to select the type of
+system on which you are compiling the package.
+
+Sharing Defaults
+================
+
+   If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `config.site' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists.  Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Operation Controls
+==================
+
+   `configure' recognizes the following options to control how it
+operates.
+
+`--cache-file=FILE'
+     Use and save the results of the tests in FILE instead of
+     `./config.cache'.  Set FILE to `/dev/null' to disable caching, for
+     debugging `configure'.
+
+`--help'
+     Print a summary of the options to `configure', and exit.
+
+`--quiet'
+`--silent'
+`-q'
+     Do not print messages saying which checks are being made.
+
+`--srcdir=DIR'
+     Look for the package's source code in directory DIR.  Usually
+     `configure' can determine that directory automatically.
+
+`--version'
+     Print the version of Autoconf used to generate the `configure'
+     script, and exit.
+
+`configure' also accepts some other, not widely useful, options.
+
diff --git a/sudo-1.7.4p4/LICENSE b/sudo-1.7.4p4/LICENSE
new file mode 100644
index 0000000..6e9a547
--- /dev/null
+++ b/sudo-1.7.4p4/LICENSE
@@ -0,0 +1,78 @@
+Sudo is distributed under the following ISC-style license:
+
+   Copyright (c) 1994-1996, 1998-2010
+        Todd C. Miller <Todd.Miller@courtesan.com>
+
+   Permission to use, copy, modify, and distribute this software for any
+   purpose with or without fee is hereby granted, provided that the above
+   copyright notice and this permission notice appear in all copies.
+
+   THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+   WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+   MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+   ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+   Sponsored in part by the Defense Advanced Research Projects
+   Agency (DARPA) and Air Force Research Laboratory, Air Force
+   Materiel Command, USAF, under agreement number F39502-99-1-0512.
+
+Additionally, fnmatch.c, fnmatch.h, getcwd.c, glob.c, glob.h and snprintf.c
+bear the following UCB license:
+
+   Copyright (c) 1987, 1989, 1990, 1991, 1992, 1993, 1994
+        The Regents of the University of California.  All rights reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+   1. Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+   2. Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+   3. Neither the name of the University nor the names of its contributors
+      may be used to endorse or promote products derived from this software
+      without specific prior written permission.
+
+   THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+   ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+   IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+   ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+   FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+   DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+   OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+   HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+   LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+   OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+   SUCH DAMAGE.
+
+nonunix.h and vasgroups.c bear the following license:
+
+   Copyright (c) 2006 Quest Software, Inc.  All rights reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions are met:
+
+   1. Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+   2. Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+   3. Neither the name of Quest Software, Inc. nor the names of its
+      contributors may be used to endorse or promote products derived from
+      this software without specific prior written permission.
+
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+   AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+   IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+   ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+   LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+   CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+   SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+   INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+   CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+   ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+   POSSIBILITY OF SUCH DAMAGE.
diff --git a/sudo-1.7.4p4/Makefile.in b/sudo-1.7.4p4/Makefile.in
new file mode 100644
index 0000000..0114ca7
--- /dev/null
+++ b/sudo-1.7.4p4/Makefile.in
@@ -0,0 +1,563 @@
+#
+# Copyright (c) 1996, 1998-2005, 2007-2010
+#	Todd C. Miller <Todd.Miller@courtesan.com>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# Sponsored in part by the Defense Advanced Research Projects
+# Agency (DARPA) and Air Force Research Laboratory, Air Force
+# Materiel Command, USAF, under agreement number F39502-99-1-0512.
+#
+# @configure_input@
+#
+
+#### Start of system configuration section. ####
+
+srcdir = @srcdir@
+devdir = @devdir@
+authdir = $(srcdir)/auth
+top_builddir = .
+
+# Compiler & tools to use
+CC = @CC@
+FLEX = @FLEX@
+YACC = @YACC@
+NROFF = @NROFFPROG@ -Tascii
+LIBTOOL = @LIBTOOL@
+AR=@AR@
+RANLIB=@RANLIB@
+
+# Our install program supports extra flags...
+INSTALL = $(SHELL) $(srcdir)/install-sh -c
+
+# Libraries
+LIBS = @LIBS@
+NET_LIBS = @NET_LIBS@
+SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS)
+
+# C preprocessor flags
+CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@
+
+# Usually -O and/or -g
+CFLAGS = @CFLAGS@
+
+# Flags to pass to the link stage
+LDFLAGS = -L. @LDFLAGS@
+SUDO_LDFLAGS = @SUDO_LDFLAGS@ $(LDFLAGS)
+
+# Where to install things...
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+bindir = @bindir@
+sbindir = @sbindir@
+sysconfdir = @sysconfdir@
+libexecdir = @libexecdir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+mandir = @mandir@
+timedir = @timedir@
+noexecfile = @NOEXECFILE@
+noexecdir = @NOEXECDIR@
+
+# Directory in which to install sudo.
+sudodir = $(bindir)
+
+# Directory in which to install visudo
+visudodir = $(sbindir)
+
+# Directory in which to install the sudoers file
+sudoersdir = $(sysconfdir)
+
+# Directory in which to install the man page
+mantype = @MANTYPE@
+mansectsu = @mansectsu@
+mansectform = @mansectform@
+mandirsu = $(mandir)/$(mantype)$(mansectsu)
+mandirform = $(mandir)/$(mantype)$(mansectform)
+
+# User and group ids the installed files should be "owned" by
+install_uid = 0
+install_gid = 0
+
+# User, group, and mode the sudoers file should be "owned" by (configure)
+sudoers_uid = @SUDOERS_UID@
+sudoers_gid = @SUDOERS_GID@
+sudoers_mode = @SUDOERS_MODE@
+
+# Pass in paths and uid/gid + OS dependent defined
+DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode)
+
+#### End of system configuration section. ####
+
+SHELL = @SHELL@
+
+PROGS = @PROGS@
+
+SRCS = aix.c alias.c alloc.c audit.c boottime.c bsm_audit.c check.c \
+       closefrom.c def_data.c defaults.c env.c error.c exec.c exec_pty.c \
+       fileops.c find_path.c fnmatch.c get_pty.c getcwd.c getprogname.c \
+       getspwuid.c gettime.c glob.c goodpath.c gram.c gram.y interfaces.c \
+       iolog.c isblank.c lbuf.c ldap.c linux_audit.c list.c logging.c match.c \
+       mksiglist.c mkstemps.c memrchr.c nanosleep.c parse.c parse_args.c \
+       pwutil.c set_perms.c setsid.c sigaction.c snprintf.c strcasecmp.c \
+       strerror.c strlcat.c strlcpy.c strsignal.c sudo.c sudo_noexec.c \
+       sudo_edit.c sudo_nss.c term.c testsudoers.c tgetpass.c toke.c toke.l \
+       tsgetgrpw.c utimes.c vasgroups.c visudo.c zero_bytes.c redblack.c \
+       selinux.c sesh.c sudoreplay.c getdate.c getdate.y getline.c \
+       timestr.c $(AUTH_SRCS)
+
+AUTH_SRCS = auth/afs.c auth/aix_auth.c auth/bsdauth.c auth/dce.c auth/fwtk.c \
+	    auth/kerb4.c auth/kerb5.c auth/pam.c auth/passwd.c auth/rfc1938.c \
+	    auth/secureware.c auth/securid.c auth/securid5.c auth/sia.c \
+	    auth/sudo_auth.c
+
+HDRS = alloc.h bsm_audit.h compat.h def_data.h defaults.h error.h ins_2001.h \
+       ins_classic.h ins_csops.h ins_goons.h insults.h interfaces.h lbuf.h \
+       linux_audit.h list.h logging.h missing.h mksiglist.h nonunix.h \
+       redblack.h parse.h sudo.h sudo_exec.h sudo_nss.h gram.h \
+       auth/sudo_auth.h emul/charclass.h emul/fnmatch.h emul/glob.h \
+       emul/timespec.h emul/utime.h
+
+AUTH_OBJS = sudo_auth.o @AUTH_OBJS@
+
+COMMON_OBJS = alias.o alloc.o defaults.o error.o gram.o \
+	      list.o match.o pwutil.o timestr.o toke.o redblack.o \
+	      term.o zero_bytes.o @COMMON_OBJS@
+
+SUDO_OBJS = $(AUTH_OBJS) @SUDO_OBJS@ audit.o boottime.o check.o env.o \
+	    exec.o getspwuid.o gettime.o goodpath.o fileops.o find_path.o \
+	    interfaces.o lbuf.o logging.o parse.o parse_args.o set_perms.o \
+	    sudo.o sudo_edit.o sudo_nss.o tgetpass.o
+
+VISUDO_OBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o
+
+REPLAY_OBJS = getdate.o sudoreplay.o
+
+TEST_OBJS = interfaces.o testsudoers.o tsgetgrpw.o
+
+LIB_OBJS = @LIBOBJS@
+
+VERSION = @PACKAGE_VERSION@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+
+DISTFILES = $(SRCS) $(HDRS) ChangeLog HISTORY INSTALL INSTALL.configure \
+	    LICENSE Makefile.in NEWS PORTING README README.LDAP \
+	    TROUBLESHOOTING UPGRADE aclocal.m4 aixcrypt.exp config.guess \
+	    config.h.in config.sub configure configure.in def_data.in \
+	    indent.pro install-sh ltmain.sh m4 mkdefaults mkinstalldirs \
+	    mkpkg pathnames.h.in pp sample.pam sample.syslog.conf \
+	    sample.sudoers schema.ActiveDirectory schema.OpenLDAP \
+	    schema.iPlanet siglist.in sudo.cat sudo.man.in sudo.pod sudo.pp \
+	    sudo_usage.h.in sudoers.in sudoers.cat sudoers.man.in sudoers.pod \
+	    sudoers.ldap.cat sudoers.ldap.man.in sudoers.ldap.pod \
+	    sudoers2ldif sudoreplay.cat sudoreplay.man.in sudoreplay.pod \
+	    visudo.cat visudo.man.in visudo.pod auth/API sudo.man.pl \
+	    sudoers.man.pl
+
+SUDODEP = $(srcdir)/sudo.h $(srcdir)/alloc.h $(srcdir)/compat.h \
+	  $(srcdir)/defaults.h $(srcdir)/error.h $(srcdir)/list.h \
+	  $(srcdir)/logging.h $(srcdir)/missing.h $(srcdir)/sudo_nss.h \
+	  $(devdir)/def_data.h pathnames.h config.h
+
+AUTHDEP = $(SUDODEP) $(authdir)/sudo_auth.h
+
+INSDEP = $(srcdir)/ins_2001.h $(srcdir)/ins_classic.h $(srcdir)/ins_csops.h \
+	 $(srcdir)/ins_goons.h $(srcdir)/insults.h
+
+all: $(PROGS)
+
+.SUFFIXES: .o .c .h .l .y .lo
+
+.c.o:
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $<
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $<
+
+libsudo.a: $(LIB_OBJS) $(COMMON_OBJS)
+	$(AR) rv $@ $(LIB_OBJS) $(COMMON_OBJS)
+	$(RANLIB) $@
+
+sudo: libsudo.a $(SUDO_OBJS)
+	$(CC) -o $@ $(SUDO_OBJS) $(SUDO_LDFLAGS) -lsudo $(SUDO_LIBS) @ZLIB@
+
+visudo: libsudo.a $(VISUDO_OBJS)
+	$(CC) -o $@ $(VISUDO_OBJS) $(LDFLAGS) -lsudo $(LIBS) $(NET_LIBS)
+
+sudoreplay: libsudo.a $(REPLAY_OBJS)
+	$(CC) -o $@ $(REPLAY_OBJS) $(LDFLAGS) -lsudo $(LIBS) @ZLIB@
+
+testsudoers: $(TEST_OBJS)
+	$(CC) -o $@ $(TEST_OBJS) $(LDFLAGS) -lsudo $(LIBS) $(NET_LIBS)
+
+sudo_noexec.lo: $(srcdir)/sudo_noexec.c
+	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c
+
+libsudo_noexec.la: sudo_noexec.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir)
+
+# Uncomment the following if you want "make distclean" to clean the parser
+@DEV@GENERATED = gram.h gram.c toke.c def_data.c def_data.h getdate
+
+# Uncomment the lines before -@true if you intend to modify gram.y
+$(devdir)/gram.c $(devdir)/gram.h: $(srcdir)/gram.y
+@DEV@	$(YACC) -d $(srcdir)/gram.y
+@DEV@	mv -f y.tab.c gram.c
+@DEV@	if cmp -s y.tab.h gram.h; then rm -f y.tab.h; else mv -f y.tab.h gram.h; fi
+	-@true
+
+# Uncomment the lines before -@true if you intend to modify toke.l
+$(devdir)/toke.c: $(srcdir)/toke.l
+@DEV@	$(FLEX) $(srcdir)/toke.l
+@DEV@	mv -f lex.yy.c toke.c
+	-@true
+
+# Uncomment the lines before -@true if you intend to modify getdate.y
+$(devdir)/getdate.c: $(srcdir)/getdate.y
+@DEV@	echo "expect 10 shift/reduce conflicts"
+@DEV@	$(YACC) $(srcdir)/getdate.y
+@DEV@	mv -f y.tab.c getdate.c
+	-@true
+
+# Uncomment the following if you intend to modify def_data.in
+@DEV@$(devdir)/def_data.h $(devdir)/def_data.c: $(srcdir)/def_data.in
+@DEV@	perl $(srcdir)/mkdefaults -o def_data $(srcdir)/def_data.in
+
+siglist.c: mksiglist
+	./mksiglist > $@
+
+mksiglist: $(srcdir)/mksiglist.c $(srcdir)/mksiglist.h $(srcdir)/compat.h $(top_builddir)/config.h
+	$(CC) $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/mksiglist.c -o $@
+
+@DEV@$(srcdir)/mksiglist.h: $(srcdir)/siglist.in
+@DEV@	awk 'BEGIN {print "/* public domain */\n"} /^    [A-Z]/ {printf("#ifdef SIG%s\n    if (my_sys_siglist[SIG%s] == NULL)\n\tmy_sys_siglist[SIG%s] = \"%s\";\n#endif\n", $$1, $$1, $$1, substr($$0, 13))}' < $(srcdir)/siglist.in > $@
+
+# Dependencies (not counting auth functions)
+aix.o: $(srcdir)/aix.c
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/aix.c
+alias.o: $(srcdir)/alias.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(srcdir)/redblack.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/alias.c
+alloc.o: $(srcdir)/alloc.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/alloc.c
+audit.o: $(srcdir)/audit.c $(SUDODEP) $(srcdir)/bsm_audit.h $(srcdir)/linux_audit.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/audit.c
+boottime.o: $(srcdir)/boottime.c config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/boottime.c
+bsm_audit.o: $(srcdir)/bsm_audit.c $(SUDODEP) $(srcdir)/bsm_audit.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/bsm_audit.c
+check.o: $(srcdir)/check.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/check.c
+closefrom.o: $(srcdir)/closefrom.c config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/closefrom.c
+defaults.o: $(srcdir)/defaults.c $(SUDODEP) $(srcdir)/def_data.c $(authdir)/sudo_auth.h $(devdir)/gram.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/defaults.c
+env.o: $(srcdir)/env.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/env.c
+error.o: $(srcdir)/error.c $(srcdir)/compat.h $(srcdir)/error.h config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/error.c
+exec.o: $(srcdir)/exec.c $(SUDODEP) $(srcdir)/sudo_exec.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/exec.c
+exec_pty.o: $(srcdir)/exec.c $(SUDODEP) $(srcdir)/sudo_exec.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/exec_pty.c
+fileops.o: $(srcdir)/fileops.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/fileops.c
+find_path.o: $(srcdir)/find_path.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/find_path.c
+fnmatch.o: $(srcdir)/fnmatch.c $(srcdir)/emul/fnmatch.h $(srcdir)/compat.h config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/fnmatch.c
+get_pty.o: $(srcdir)/get_pty.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/get_pty.c
+getcwd.o: $(srcdir)/getcwd.c $(srcdir)/compat.h config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getcwd.c
+getdate.o: $(srcdir)/getdate.c $(srcdir)/compat.h config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getdate.c
+getline.o: $(srcdir)/getline.c config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getline.c
+getprogname.o: $(srcdir)/getprogname.c config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getprogname.c
+getspwuid.o: $(srcdir)/getspwuid.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/getspwuid.c
+gettime.o: $(srcdir)/gettime.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/gettime.c
+glob.o: $(srcdir)/glob.c $(srcdir)/emul/glob.h $(srcdir)/compat.h config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/glob.c
+goodpath.o: $(srcdir)/goodpath.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/goodpath.c
+gram.o: $(devdir)/gram.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(devdir)/gram.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(devdir)/gram.c
+interfaces.o: $(srcdir)/interfaces.c $(SUDODEP) $(srcdir)/interfaces.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/interfaces.c
+iolog.o: $(srcdir)/iolog.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/iolog.c
+isblank.o: $(srcdir)/isblank.c $(srcdir)/compat.h config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/isblank.c
+lbuf.o: $(srcdir)/lbuf.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/lbuf.c
+ldap.o: $(srcdir)/ldap.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/ldap.c
+linux_audit.o: $(srcdir)/linux_audit.c $(SUDODEP) $(srcdir)/linux_audit.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/linux_audit.c
+list.o: $(srcdir)/list.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/list.c
+logging.o: $(srcdir)/logging.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/logging.c
+match.o: $(srcdir)/match.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(srcdir)/interfaces.h $(devdir)/gram.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/match.c
+memrchr.o: $(srcdir)/memrchr.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/memrchr.c
+mkstemps.o: $(srcdir)/mkstemps.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/mkstemps.c
+nanosleep.o: $(srcdir)/nanosleep.c $(srcdir)/compat.h config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/nanosleep.c
+parse.o: $(srcdir)/parse.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(devdir)/gram.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/parse.c
+parse_args.o: $(srcdir)/parse_args.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/parse_args.c
+pwutil.o: $(srcdir)/pwutil.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/pwutil.c
+redblack.o: $(srcdir)/redblack.c $(SUDODEP) $(srcdir)/redblack.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/redblack.c
+set_perms.o: $(srcdir)/set_perms.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/set_perms.c
+setsid.o: $(srcdir)/setsid.c $(srcdir)/compat.h config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/setsid.c
+sigaction.o: $(srcdir)/sigaction.c $(srcdir)/compat.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sigaction.c
+siglist.o: siglist.c $(srcdir)/compat.h config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/siglist.c
+snprintf.o: $(srcdir)/snprintf.c $(srcdir)/compat.h config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/snprintf.c
+strcasecmp.o: $(srcdir)/strcasecmp.c $(srcdir)/compat.h  config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strcasecmp.c
+strerror.o: $(srcdir)/strerror.c $(srcdir)/compat.h config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strerror.c
+strlcat.o: $(srcdir)/strlcat.c $(srcdir)/compat.h config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strlcat.c
+strlcpy.o: $(srcdir)/strlcpy.c $(srcdir)/compat.h config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strlcpy.c
+strsignal.o: $(srcdir)/strsignal.c $(srcdir)/compat.h config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/strsignal.c
+selinux.o: $(srcdir)/selinux.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/selinux.c
+sudo.o: $(srcdir)/sudo.c $(SUDODEP) sudo_usage.h $(srcdir)/interfaces.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo.c
+sudoreplay.o: $(srcdir)/sudoreplay.c $(srcdir)/alloc.h $(srcdir)/compat.h $(srcdir)/error.h $(srcdir)/missing.h config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudoreplay.c
+sudo_edit.o: $(srcdir)/sudo_edit.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_edit.c
+sudo_noexec.o: $(srcdir)/sudo_noexec.c $(srcdir)/compat.h config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c
+sudo_nss.o: $(srcdir)/sudo_nss.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_nss.c
+term.o: $(srcdir)/term.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/term.c
+testsudoers.o: $(srcdir)/testsudoers.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(srcdir)/interfaces.h $(devdir)/gram.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/testsudoers.c
+tgetpass.o: $(srcdir)/tgetpass.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/tgetpass.c
+timestr.o: $(srcdir)/timestr.c $(srcdir)/compat.h config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/timestr.c
+toke.o: $(devdir)/toke.c $(SUDODEP) $(srcdir)/parse.h $(srcdir)/list.h $(devdir)/gram.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(devdir)/toke.c
+tsgetgrpw.o: $(srcdir)/tsgetgrpw.c $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/tsgetgrpw.c
+utimes.o: $(srcdir)/utimes.c $(srcdir)/compat.h $(srcdir)/emul/utime.h config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/utimes.c
+vasgroups.o: $(srcdir)/vasgroups.c $(srcdir)/nonunix.h $(SUDODEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/vasgroups.c
+visudo.o: $(srcdir)/visudo.c $(SUDODEP) $(devdir)/gram.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/visudo.c
+zero_bytes.o: $(srcdir)/zero_bytes.c $(srcdir)/compat.h config.h
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/zero_bytes.c
+sudo_auth.o: $(authdir)/sudo_auth.c $(AUTHDEP) $(INSDEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sudo_auth.c
+afs.o: $(authdir)/afs.c $(AUTHDEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/afs.c
+aix_auth.o: $(authdir)/aix_auth.c $(AUTHDEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/aix_auth.c
+bsdauth.o: $(authdir)/bsdauth.c $(AUTHDEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/bsdauth.c
+dce.o: $(authdir)/dce.c $(AUTHDEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/dce.c
+fwtk.o: $(authdir)/fwtk.c $(AUTHDEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/fwtk.c
+kerb4.o: $(authdir)/kerb4.c $(AUTHDEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/kerb4.c
+kerb5.o: $(authdir)/kerb5.c $(AUTHDEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/kerb5.c
+pam.o: $(authdir)/pam.c $(AUTHDEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/pam.c
+passwd.o: $(authdir)/passwd.c $(AUTHDEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/passwd.c
+rfc1938.o: $(authdir)/rfc1938.c $(AUTHDEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/rfc1938.c
+secureware.o: $(authdir)/secureware.c $(AUTHDEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/secureware.c
+securid.o: $(authdir)/securid.c $(AUTHDEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/securid.c
+securid5.o: $(authdir)/securid5.c $(AUTHDEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/securid5.c
+sia.o: $(authdir)/sia.c $(AUTHDEP)
+	$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sia.c
+
+@DEV@varsub: $(srcdir)/configure.in
+@DEV@	printf 's#@%s@#1#\ns#@%s@#1#\ns#@%s@#1#\ns#@%s@#/etc#g\ns#@%s@#/usr/local#g\ns#@%s@#4#g\ns#@%s@#1m#g\n' SEMAN BAMAN LCMAN sysconfdir prefix mansectform mansectsu > $@; sed -n '/Begin initial values for man page substitution/,/End initial values for man page substitution/{;p;}' $(srcdir)/configure.in | sed -e '/^#/d' -e 's/^/s#@/' -e 's/=[\\"]*/@#/' -e 's/[\\"]*$$/#g/' >> $@
+
+@DEV@$(srcdir)/sudo.man.in: $(srcdir)/sudo.pod
+@DEV@	mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' $(srcdir)/sudo.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectsu --release=$(VERSION) --center="MAINTENANCE COMMANDS" $(srcdir)/sudo.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" | perl -p $(srcdir)/sudo.man.pl >> $@
+
+sudo.man: $(srcdir)/sudo.man.in
+	$(SHELL) config.status --file=$@
+
+@DEV@$(srcdir)/sudo.cat: varsub $(srcdir)/sudo.man.in
+@DEV@	sed -f varsub $(srcdir)/sudo.man.in | $(NROFF) -man > $@
+
+@DEV@$(srcdir)/visudo.man.in: $(srcdir)/visudo.pod
+@DEV@	mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' $(srcdir)/visudo.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectsu --release=$(VERSION) --center="MAINTENANCE COMMANDS" $(srcdir)/visudo.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" -e 's|\\fI\\f\((CW*\)*I@\([^@]*\)\\fI@|\\fI@\2@|g' >> $@
+
+visudo.man: $(srcdir)/visudo.man.in
+	$(SHELL) config.status --file=$@
+
+@DEV@$(srcdir)/visudo.cat: varsub $(srcdir)/visudo.man.in
+@DEV@	sed -f varsub $(srcdir)/visudo.man.in | $(NROFF) -man > $@
+
+@DEV@$(srcdir)/sudoers.man.in: $(srcdir)/sudoers.pod
+@DEV@	mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' $(srcdir)/sudoers.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectform --release=$(VERSION) --center="MAINTENANCE COMMANDS" $(srcdir)/sudoers.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" | perl -p $(srcdir)/sudoers.man.pl >> $@
+
+sudoers.man: $(srcdir)/sudoers.man.in
+	$(SHELL) config.status --file=$@
+
+@DEV@$(srcdir)/sudoers.cat: varsub $(srcdir)/sudoers.man.in
+@DEV@	sed -f varsub $(srcdir)/sudoers.man.in | $(NROFF) -man > $@
+
+@DEV@$(srcdir)/sudoers.ldap.man.in: $(srcdir)/sudoers.ldap.pod
+@DEV@	mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' $(srcdir)/sudoers.ldap.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectform --release=$(VERSION) --center="MAINTENANCE COMMANDS" $(srcdir)/sudoers.ldap.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" -e 's|\\fI\\f\((CW*\)*I@\([^@]*\)\\fI@|\\fI@\2@|g' >> $@
+
+sudoers.ldap.man: $(srcdir)/sudoers.ldap.man.in
+	$(SHELL) config.status --file=$@
+
+@DEV@$(srcdir)/sudoers.ldap.cat: varsub $(srcdir)/sudoers.ldap.man.in
+@DEV@	sed -f varsub $(srcdir)/sudoers.ldap.man.in | $(NROFF) -man > $@
+
+@DEV@$(srcdir)/sudoreplay.man.in: $(srcdir)/sudoreplay.pod
+@DEV@	mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' $(srcdir)/sudoreplay.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectsu --release=$(VERSION) --center="MAINTENANCE COMMANDS" $(srcdir)/sudoreplay.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" -e 's|\\fI\\f\((CW*\)*I@\([^@]*\)\\fI@|\\fI@\2@|g' >> $@
+
+sudoreplay.man: $(srcdir)/sudoreplay.man.in
+	$(SHELL) config.status --file=$@
+
+@DEV@$(srcdir)/sudoreplay.cat: varsub $(srcdir)/sudoreplay.man.in
+@DEV@	sed -f varsub $(srcdir)/sudoreplay.man.in | $(NROFF) -man > $@
+
+@DEV@HISTORY: $(srcdir)/history.pod
+@DEV@	pod2text -l -i0 $(srcdir)/history.pod > $@
+@DEV@
+@DEV@LICENSE: $(srcdir)/license.pod
+@DEV@	pod2text -l -i0 $(srcdir)/license.pod | sed '1,2d' > $@
+
+sudoers: $(srcdir)/sudoers.in
+	(cd $(top_builddir) && $(SHELL) config.status --file=plugins/sudoers/$@)
+
+# The 1.7 branch started Jan 18, 2010
+ChangeLog:
+	if test -d $(srcdir)/.hg; then \
+	    hg log --style=changelog -b 1.7 > $@; \
+	    hg log --style=changelog -b default --date '<2010-01-18 00:00:00' >> $@; \
+	fi
+
+install: install-dirs install-binaries @INSTALL_NOEXEC@ install-sudoers install-doc
+
+install-dirs:
+	$(SHELL) $(srcdir)/mkinstalldirs $(DESTDIR)$(sudodir) \
+	    $(DESTDIR)$(visudodir) $(DESTDIR)$(noexecdir) \
+	    $(DESTDIR)$(sudoersdir) $(DESTDIR)$(docdir) \
+	    $(DESTDIR)$(mandirsu) $(DESTDIR)$(mandirform)
+	$(SHELL) $(srcdir)/mkinstalldirs -m 0700 $(DESTDIR)$(timedir)
+
+install-binaries: install-dirs $(PROGS)
+	$(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 04111 sudo $(DESTDIR)$(sudodir)/sudo
+	rm -f $(DESTDIR)$(sudodir)/sudoedit
+	ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit
+	if [ -f sudoreplay ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 sudoreplay $(DESTDIR)$(sudodir)/sudoreplay; fi
+	$(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 visudo $(DESTDIR)$(visudodir)/visudo
+	if [ -f sesh ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0111 sesh $(DESTDIR)$(libexecdir)/sesh; fi
+
+install-noexec: install-dirs libsudo_noexec.la
+	if [ -f .libs/lib$(noexecfile) ]; then $(INSTALL) -b~ -O $(install_uid) -G $(install_gid) -M 0755 .libs/lib$(noexecfile) $(DESTDIR)$(noexecdir)/$(noexecfile); fi
+
+install-sudoers: install-dirs
+	$(INSTALL) -d -O $(sudoers_uid) -G $(sudoers_gid) -M 0750 \
+	    $(DESTDIR)$(sudoersdir)/sudoers.d
+	test -f $(DESTDIR)$(sudoersdir)/sudoers || \
+	    $(INSTALL) -O $(sudoers_uid) -G $(sudoers_gid) -M $(sudoers_mode) \
+		sudoers $(DESTDIR)$(sudoersdir)/sudoers
+
+install-doc: install-dirs ChangeLog
+	(cd $(srcdir) && for f in ChangeLog HISTORY LICENSE NEWS README TROUBLESHOOTING UPGRADE sample.*; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done)
+	@LDAP@(cd $(srcdir) && for f in README.LDAP schema.* sudoers2ldif; do $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 $$f $(DESTDIR)$(docdir); done)
+	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudo.$(mantype) $(DESTDIR)$(mandirsu)/sudo.$(mansectsu)
+	@rm -f $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)
+	ln $(DESTDIR)$(mandirsu)/sudo.$(mansectsu) $(DESTDIR)$(mandirsu)/sudoedit.$(mansectsu)
+	@REPLAY@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoreplay.$(mantype) $(DESTDIR)$(mandirsu)/sudoreplay.$(mansectsu)
+	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/visudo.$(mantype) $(DESTDIR)$(mandirsu)/visudo.$(mansectsu)
+	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.$(mantype) $(DESTDIR)$(mandirform)/sudoers.$(mansectform)
+	@LDAP@$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0444 @mansrcdir@/sudoers.ldap.$(mantype) $(DESTDIR)$(mandirform)/sudoers.ldap.$(mansectform)
+@MAN_POSTINSTALL@
+
+check:
+	@echo nothing to check
+
+clean:
+	-rm -f *.a *.o *.lo stamp-* varsub $(PROGS) testsudoers core *.core core.*
+
+mostlyclean: clean
+
+distclean: clean
+	-rm -rf Makefile pathnames.h config.h config.status config.cache \
+		config.log libtool sudoers sudo_noexec.lo .libs $(GENERATED) \
+		sudo.man sudoers.man sudoers.ldap.man sudoreplay.man \
+		visudo.man sudo_usage.h Makefile.binary
+
+clobber: distclean
+
+realclean: distclean
+	rm -f TAGS tags
+
+cleandir: realclean
+
+dist: ChangeLog
+	pax -w -x ustar -s '/^/$(PACKAGE_TARNAME)-$(VERSION)\//' \
+	    -f ../$(PACKAGE_TARNAME)-$(VERSION).tar $(DISTFILES)
+	gzip -9f ../$(PACKAGE_TARNAME)-$(VERSION).tar
+	ls -l ../$(PACKAGE_TARNAME)-$(VERSION).tar.gz
+
+package: sudo.pp
+	DESTDIR=`cd $(top_builddir) && pwd`/destdir; rm -rf $$DESTDIR; \
+	$(MAKE) install DESTDIR=$$DESTDIR && \
+	$(SHELL) $(srcdir)/pp $(PPFLAGS) \
+	    --destdir=$$DESTDIR \
+	    $(srcdir)/sudo.pp \
+	    bindir=$(bindir) \
+	    sbindir=$(sbindir) \
+	    libexecdir=$(libexecdir) \
+	    timedir=$(timedir) \
+	    mandir=$(mandir) \
+	    docdir=$(docdir) \
+	    sysconfdir=$(sysconfdir) \
+	    sudoersdir=$(sudoersdir) \
+	    sudoers_uid=$(sudoers_uid) \
+	    sudoers_gid=$(sudoers_gid) \
+	    sudoers_mode=$(sudoers_mode) \
+	    version=$(VERSION) $(PPVARS)
+
+.PHONY:	ChangeLog
diff --git a/sudo-1.7.4p4/NEWS b/sudo-1.7.4p4/NEWS
new file mode 100644
index 0000000..21d4e61
--- /dev/null
+++ b/sudo-1.7.4p4/NEWS
@@ -0,0 +1,259 @@
+What's new in Sudo 1.7.4?
+
+ * Sudoedit will now preserve the file extension in the name of the
+   temporary file being edited.  The extension is used by some
+   editors (such as emacs) to choose the editing mode.
+
+ * Time stamp files have moved from /var/run/sudo to either /var/db/sudo,
+   /var/lib/sudo or /var/adm/sudo.  The directories are checked for
+   existence in that order.  This prevents users from receiving the
+   sudo lecture every time the system reboots.  Time stamp files older
+   than the boot time are ignored on systems where it is possible to
+   determine this.
+
+ * The tty_tickets sudoers option is now enabled by default.
+
+ * Ancillary documentation (README files, LICENSE, etc) is now installed
+   in a sudo documentation directory.
+
+ * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile"
+   in ldap.conf.
+
+ * Defaults settings that are tied to a user, host or command may
+   now include the negation operator.  For example:
+	Defaults:!millert lecture
+   will match any user but millert.
+
+ * The default PATH environment variable, used when no PATH variable
+    exists, now includes /usr/sbin and /sbin.
+
+ * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/)
+   for cross-platform packing.
+
+ * On Linux, sudo will now restore the nproc resource limit before
+   executing a command, unless the limit appears to have been modified
+   by pam_limits.  This avoids a problem with bash scripts that open
+   more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
+   will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).
+
+ * The HOME and MAIL environment variables are now reset based on the
+   target user's password database entry when the env_reset sudoers option
+   is enabled (which is the case in the default configuration).  Users
+   wishing to preserve the original values should use a sudoers entry like:
+	Defaults env_keep += HOME
+   to preserve the old value of HOME and
+	Defaults env_keep += MAIL
+   to preserve the old value of MAIL.
+
+ * Fixed a problem in the restoration of the AIX authdb registry setting.
+
+ * Sudo will now fork(2) and wait until the command has completed before
+   calling pam_close_session().
+
+ * The default syslog facility is now "authpriv" if the operating system
+   supports it, else "auth".
+
+What's new in Sudo 1.7.3?
+
+ * Support for logging I/O for the command being run.
+   For more information, see the documentation for the "log_input"
+   and "log_output" Defaults options in the sudoers manual.  Also
+   see the sudoreplay manual for how to replay I/O log sessions.
+
+ * The use_pty sudoers option can be used to force a command to be
+   run in a pseudo-pty, even when I/O logging is not enabled.
+
+ * On some systems, sudo can now detect when a user has logged out
+   and back in again when tty-based time stamps are in use.  Supported
+   systems include Solaris systems with the devices file system,
+   Mac OS X, and Linux systems with the devpts filesystem (pseudo-ttys
+   only).
+
+ * On AIX systems, the registry setting in /etc/security/user is
+   now taken into account when looking up users and groups.  Sudo
+   now applies the correct the user and group ids when running a
+   command as a user whose account details come from a different
+   source (e.g. LDAP or DCE vs.  local files).
+
+ * Support for multiple 'sudoers_base' and 'uri' entries in ldap.conf.
+   When multiple entries are listed, sudo will try each one in the
+   order in which they are specified.
+
+ * Sudo's SELinux support should now function correctly when running
+   commands as a non-root user and when one of stdin, stdout or stderr
+   is not a terminal.
+
+ * Sudo will now use the Linux audit system with configure with
+   the --with-linux-audit flag.
+
+ * Sudo now uses mbr_check_membership() on systems that support it
+   to determine group membership.  Currently, only Darwin (Mac OS X)
+   supports this.
+
+ * When the tty_tickets sudoers option is enabled but there is no
+   terminal device, sudo will no longer use or create a tty-based
+   ticket file.  Previously, sudo would use a tty name of "unknown".
+   As a consequence, if a user has no terminal device, sudo will
+   now always prompt for a password.
+
+ * The passwd_timeout and timestamp_timeout options may now be
+   specified as floating point numbers for more granular timeout
+   values.
+
+ * Negating the fqdn option in sudoers now works correctly when sudo
+   is configured with the --with-fqdn option.  In previous versions
+   of sudo the fqdn was set before sudoers was parsed.
+
+What's new in Sudo 1.7.2?
+
+ * A new #includedir directive is available in sudoers.  This can be
+   used to implement an /etc/sudo.d directory.  Files in an includedir
+   are not edited by visudo unless they contain a syntax error.
+
+ * The -g option did not work properly when only setting the group
+   (and not the user).  Also, in -l mode the wrong user was displayed
+   for sudoers entries where only the group was allowed to be set.
+
+ * Fixed a problem with the alias checking in visudo which
+   could prevent visudo from exiting.
+
+ * Sudo will now correctly parse the shell-style /etc/environment
+   file format used by pam_env on Linux.
+
+ * When doing password and group database lookups, sudo will only
+   cache an entry by name or by id, depending on how the entry was
+   looked up.  Previously, sudo would cache by both name and id
+   from a single lookup, but this breaks sites that have multiple
+   password or group database names that map to the same uid or
+   gid.
+
+ * User and group names in sudoers may now be enclosed in double
+   quotes to avoid having to escape special characters.
+
+ * BSM audit fixes when changing to a non-root uid.
+
+ * Experimental non-Unix group support.  Currently only works with
+   Quest Authorization Services and allows Active Directory groups
+   fixes for Minix-3.
+
+ * For Netscape/Mozilla-derived LDAP SDKs the certificate and key
+   paths may be specified as a directory or a file.  However, version
+   5.0 of the SDK only appears to support using a directory (despite
+   documentation to the contrary).  If SSL client initialization
+   fails and the certificate or key paths look like they could be
+   default file name, strip off the last path element and try again.
+
+ * A setenv() compatibility fix for Linux systems, where a NULL
+   value is treated the same as an empty string and the variable
+   name is checked against the NULL pointer.
+
+What's new in Sudo 1.7.1?
+
+ * A new Defaults option "pwfeedback" will cause sudo to provide visual
+   feedback when the user is entering a password.
+
+ * A new Defaults option "fast_glob" will cause sudo to use the fnmatch()
+   function for file name globbing instead of glob().  When this option
+   is enabled, sudo will not check the file system when expanding wildcards.
+   This is faster but a side effect is that relative paths with wildcard
+   will no longer work.
+
+ * New BSM audit support for systems that support it such as FreeBSD
+   and Mac OS X.
+
+ * The file name specified with the #include directive may now include
+   a %h escape which is expanded to the short form of hostname.
+
+ * The -k flag may now be specified along with a command, causing the
+   user's timestamp file to be ignored.
+
+ * New support for Tivoli-based LDAP START_TLS, present in AIX.
+
+ * New support for /etc/netsvc.conf on AIX.
+
+ * The unused alias checks in visudo now handle the case of an alias
+   referring to another alias.
+
+What's new in Sudo 1.7.0?
+
+ * Rewritten parser that converts sudoers into a set of data structures.
+   This eliminates a number of ordering issues and makes it possible to
+   apply sudoers Defaults entries before searching for the command.
+   It also adds support for per-command Defaults specifications.
+
+ * Sudoers now supports a #include facility to allow the inclusion of other
+   sudoers-format files.
+
+ * Sudo's -l (list) flag has been enhanced:
+    o applicable Defaults options are now listed
+    o a command argument can be specified for testing whether a user
+      may run a specific command.
+    o a new -U flag can be used in conjunction with "sudo -l" to allow
+      root (or a user with "sudo ALL") list another user's privileges.
+
+ * A new -g flag has been added to allow the user to specify a
+   primary group to run the command as.  The sudoers syntax has been
+   extended to include a group section in the Runas specification.
+
+ * A uid may now be used anywhere a username is valid.
+
+ * The "secure_path" run-time Defaults option has been restored.
+
+ * Password and group data is now cached for fast lookups.
+
+ * The file descriptor at which sudo starts closing all open files is now
+   configurable via sudoers and, optionally, the command line.
+
+ * Visudo will now warn about aliases that are defined but not used.
+
+ * The -i and -s command line flags now take an optional command
+   to be run via the shell.  Previously, the argument was passed
+   to the shell as a script to run.
+
+ * Improved LDAP support.  SASL authentication may now be used in
+   conjunction when connecting to an LDAP server.  The krb5_ccname
+   parameter in ldap.conf may be used to enable Kerberos.
+
+ * Support for /etc/nsswitch.conf.  LDAP users may now use nsswitch.conf
+   to specify the sudoers order.  E.g.:
+	sudoers: ldap files
+   to check LDAP, then /etc/sudoers.  The default is "files", even
+   when LDAP support is compiled in.  This differs from sudo 1.6
+   where LDAP was always consulted first.
+
+ * Support for /etc/environment on AIX and Linux.  If sudo is run
+   with the -i flag, the contents of /etc/environment are used to
+   populate the new environment that is passed to the command being
+   run.
+
+ * If no terminal is available or if the new -A flag is specified,
+   sudo will use a helper program to read the password if one is
+   configured.  Typically, this is a graphical password prompter
+   such as ssh-askpass.
+
+ * A new Defaults option, "mailfrom" that sets the value of the
+   "From:" field in the warning/error mail.  If unspecified, the
+   login name of the invoking user is used.
+
+ * A new Defaults option, "env_file" that refers to a file containing
+   environment variables to be set in the command being run.
+
+ * A new flag, -n, may be used to indicate that sudo should not
+   prompt the user for a password and, instead, exit with an error
+   if authentication is required.
+
+ * If sudo needs to prompt for a password and it is unable to disable
+   echo (and no askpass program is defined), it will refuse to run
+   unless the "visiblepw" Defaults option has been specified.
+
+ * Prior to version 1.7.0, hitting enter/return at the Password: prompt
+   would exit sudo.  In sudo 1.7.0 and beyond, this is treated as
+   an empty password.  To exit sudo, the user must press ^C or ^D
+   at the prompt.
+
+ * visudo will now check the sudoers file owner and mode in -c (check)
+   mode when the -s (strict) flag is specified.
+
+ * A new Defaults option "umask_override" will cause sudo to set the
+   umask specified in sudoers even if it is more permissive than the
+   invoking user's umask.
diff --git a/sudo-1.7.4p4/PORTING b/sudo-1.7.4p4/PORTING
new file mode 100644
index 0000000..861e0c0
--- /dev/null
+++ b/sudo-1.7.4p4/PORTING
@@ -0,0 +1,85 @@
+Sudo porting hints
+==================
+
+Before trying to port sudo to a new architecture, please join the
+sudo-workers mailing list (see the README file) and ask if anyone
+has a port working or in-progress.  Sudo should be fairly easy to
+port.  Since it uses a configure script, most of the work is often
+done for you.  As long as your operating system is reasonably POSIX
+compliant porting should be easy.  If your operating system has a
+separate library for POSIX compatibility you may need to add it by
+using configure's --with-libraries option.
+
+If your OS is an SVR4 derivative (or some approximation thereof), it may
+be sufficient to tell configure you are runnng SVR4, something like:
+    configure foo-bar-sysv4
+where foo is the hardware architecture and bar is the vendor.
+
+A possible pitfall is getdtablesize(2) which is used to get the
+maximum number of open files the process can have.  If an OS has
+the POSIX sysconf(2) it will be used instead of getdtablesize(2).
+ulimit(2) or getrlimit(2) can also be used on some OS's.  If all
+else fails you can use the value of NOFILE in <sys/param.h>.
+
+Sudo tries to clear the environment of dangerous environment variables
+such as LD_* to prevent shared library spoofing.  If you are porting
+sudo to a new OS that has shared libraries you'll want to mask out
+the variables that allow one to change the shared library path.
+See initial_badenv_table() in env.c to see how this is done for
+various operating systems.
+
+It is possible that on a really weird system, tgetpass() may not
+compile.  (The most common cause for this is that the "fd_set" type
+is not defined in a place that sudo expects it to be.  If you can
+find the header file where "fd_set" is typedef'd, have tgetpass.c
+include it and send in a bug report.)
+Alternately, tgetpass.c may compile but not work (nothing happens
+at the Password: prompt).  It is possible that your C library
+contains a broken or unusable crypt() function--try linking with
+-lcrypt if that exists.  Another possibility is that select() is
+not fully functional; running configure with --with-password-timeout=0
+will disable the use of select().  If sudo prompts you for a
+password but never accepts it, see below.
+
+Sudo detects and recognizes most common shadow password schemes
+automatically.  If you find that sudo is not accepting your password
+and you are sure that it has been typed in correctly there are two
+likely problems.  One possibility is that your C library has a
+broken crypt() function (see above).  The other is that your operating
+system is using shadow passwords and sudo has not detected that
+fact.  Look in config.h to see what, if any, shadow password scheme
+was detected.  The most common are SVR4 (HAVE_GETSPNAM will be
+defined) and SecureWare (HAVE_GETPRPWNAM will be defined).  Check
+the manual pages on your system for "getspnam" and "getprpwnam".
+If one of those exist but the appropriate define does not exist in
+config.h then the problem is most likely that those routines live
+in a library that sudo does not know to link against.  The manual
+page should tell you what library this is.  You can then use the
+--with-libraries option to configure to tell sudo to link with the
+library in question.  For example:
+    --with-libraries='-lgen'
+would cause sudo to link in libgen which contains "getspnam" on SCO
+systems.
+
+If you are trying to port to a system without standard Berkeley
+networking you may find that interfaces.c will not compile.  This
+is most likely on OS's with STREAMS-based networking.  It should
+be possible to make it work by modifying the ISC streams support
+(see the _ISC #ifdef's).  However, if you don't care about ip address
+and network address support, you can just run configure with the
+--without-interfaces flag to get a do-nothing load_interfaces()
+stub function.
+
+Sudo wants POSIX signals (sigaction and friends).  If your system
+lacks sigaction but has the 4.3BSD sigvec() function, sigvec() will
+be used instead via the wrapper functions in sigaction.c.  It is
+not currently possible to use the old SVR3 and 4.2BSD signals, but
+this is due more to my lack of a test machine than anything else.
+
+If you port sudo to a new architecture, please send the output of
+"configure", the config.log file and your changes to:
+    sudo@courtesan.com
+
+If you are unable to get sudo working, and you are willing to
+give me an account on a machine, send mail to sudo@courtesan.com.
+Note, however, that I can't make any promises.
diff --git a/sudo-1.7.4p4/README b/sudo-1.7.4p4/README
new file mode 100644
index 0000000..4f6f454
--- /dev/null
+++ b/sudo-1.7.4p4/README
@@ -0,0 +1,97 @@
+This is Sudo version 1.7.4
+
+The sudo philosophy
+===================
+Sudo is a program designed to allow a sysadmin to give limited root privileges
+to users and log root activity.  The basic philosophy is to give as few
+privileges as possible but still allow people to get their work done.
+
+Where to find sudo
+==================
+Before you try and build sudo, *please* make sure you have the current
+version.  The latest sudo may always be gotten via anonymous ftp from
+ftp.sudo.ws in the directory /pub/sudo/ or from the sudo web site,
+http://www.sudo.ws/
+
+The distribution is sudo-M.m.tar.gz where `M' is the major
+version number and `m' is the minor version number.
+BETA versions of sudo may also be available.  If you join
+the `sudo-workers' mailing list you will get the BETA announcements
+(see the `Mailing lists' section below).
+
+What's new
+==========
+See the NEWS file for a list of major changes in this release.
+For a complete list of changes, see the ChangeLog file.  For a
+summary of major changes to the current stable release, see the web
+page, http://www.sudo.ws/sudo/stable.html.
+
+If you are upgrading from an earlier version of Sudo, please see
+the UPGRADE file.
+
+For a history of sudo please see the HISTORY file.
+
+System requirements
+===================
+To build sudo from the source distribution you need a machine running
+Unix (most flavors of BSD, SYSV, or POSIX will do), a working C
+compiler, and the make utility.
+
+If you wish to modify the parser then you will need flex version
+2.5.2 or later and either bison or byacc (sudo comes with a pre-flex'd
+tokenizer and pre-yacc'd grammar parser).  You'll also have to
+uncomment a few lines from the Makefile or run configure with the
+--with-devel option.  You can get flex via anonymous ftp from
+ftp://ftp.ee.lbl.gov/pub/flex* as well as any GNU mirror.  You can
+get GNU bison from ftp://ftp.gnu.org/pub/gnu/bison/ or any GNU
+mirror.
+
+Building the release
+====================
+Please read the installation guide in the `INSTALL' file before
+trying to build sudo.  Pay special attention to the "OS dependent notes"
+section.
+
+Copyright
+=========
+Sudo is distributed under an ISC-style license.
+Please refer to the `LICENSE' file included with the release for details.
+
+Mailing lists
+=============
+sudo-announce	This list receives announcements whenever a new version
+		of sudo is released.
+		http://www.sudo.ws/mailman/listinfo/sudo-announce
+
+sudo-users	This list is for questions and general discussion about sudo.
+		http://www.sudo.ws/mailman/listinfo/sudo-users
+
+sudo-workers	This list is for people working on and porting sudo.
+		http://www.sudo.ws/mailman/listinfo/sudo-workers
+
+sudo-commits	This list receives a message for each commit made to
+		the sudo source repository.
+		http://www.sudo.ws/mailman/listinfo/sudo-commits
+
+To subscribe to a list, visit its url (as listed above) and enter
+your email address to subscribe.  Digest versions are available but
+these are fairly low traffic lists so the digest versions are not
+a significant win.
+
+Mailing list archives are also available.  See the mailing list web sites
+for the appropriate links.
+
+Web page
+========
+There is a sudo web page at http://www.sudo.ws/ that contains
+an overview of sudo, documentation, downloads, information about
+beta versions and other useful info.
+
+Bug reports
+===========
+If you have found what you believe to be a bug, you can file a bug
+report in the sudo bug database, on the web at http://www.sudo.ws/bugs/.
+
+Please read over the `TROUBLESHOOTING' file *before* submitting a bug
+report.  When reporting bugs, please be sure to include the version of
+sudo you are using as well as the platform you are running it on.
diff --git a/sudo-1.7.4p4/README.LDAP b/sudo-1.7.4p4/README.LDAP
new file mode 100644
index 0000000..5b7f6d8
--- /dev/null
+++ b/sudo-1.7.4p4/README.LDAP
@@ -0,0 +1,178 @@
+This file explains how to build the optional LDAP functionality of SUDO to
+store /etc/sudoers information.  This feature is distinct from LDAP passwords.
+
+For general sudo LDAP configuration details, see the sudoers.ldap manual that
+comes with the sudo distribution.  A pre-formatted version of the manual may
+be found in the sudoers.ldap.cat file.
+
+The sudo binary compiled with LDAP support should be totally backward
+compatible and be syntactically and source code equivalent to its
+non LDAP-enabled build.
+
+LDAP philosophy
+===============
+As times change and servers become cheap, an enterprise can easily have 500+
+UNIX servers.  Using LDAP to synchronize Users, Groups, Hosts, Mounts, and
+others across an enterprise can greatly reduce the administrative overhead.
+
+In the past, sudo has used a single local configuration file, /etc/sudoers.
+While the same sudoers file can be shared among machines, no built-in
+mechanism exists to distribute it.  Some have attempted to workaround this
+by synchronizing changes via CVS/RSYNC/RDIST/RCP/SCP and even NFS.
+
+By using LDAP for sudoers we gain a centrally administered, globally
+available configuration source for sudo.
+
+For information on OpenLDAP, please see http://www.openldap.org/.
+
+Definitions
+===========
+Many times the word 'Directory' is used in the document to refer to the LDAP
+server, structure and contents.
+
+Many times 'options' are used in this document to refer to sudoer 'defaults'.
+They are one and the same.
+
+Build instructions
+==================
+The simplest way to build sudo with LDAP support is to include the
+'--with-ldap' option.
+
+  $ ./configure --with-ldap
+
+If your ldap libraries and headers are in a non-standard place, you will need
+to specify them at configure time.  E.g.
+
+  $ ./configure --with-ldap=/usr/local/ldapsdk
+
+Sudo is developed using OpenLDAP but Netscape-based LDAP libraries
+(such as those present in Solaris) are also known to work.
+
+Your mileage may vary.  Please let the sudo workers mailing list
+<sudo-workers@sudo.ws> know if special configuration was required
+to build an LDAP-enabled sudo so we can improve sudo.
+
+Schema Changes
+==============
+You must add the appropriate schema to your LDAP server before it
+can store sudoers content.
+
+For OpenLDAP, copy the file schema.OpenLDAP to the schema directory
+(e.g. /etc/openldap/schema).  You must then edit your slapd.conf and
+add an include line the new schema, e.g.
+
+    # Sudo LDAP schema
+    include	/etc/openldap/schema/sudo.schema
+
+In order for sudoRole LDAP queries to be efficient, the server must index
+the attribute 'sudoUser', e.g.
+
+    # Indices to maintain
+    index	sudoUser	eq
+
+After making the changes to slapd.conf, restart slapd.
+
+For Netscape-derived LDAP servers such as SunONE, iPlanet or Fedora Directory,
+copy the schema.iPlanet file to the schema directory with the name 99sudo.ldif.
+
+On Solaris, schemas are stored in /var/Sun/mps/slapd-`hostname`/config/schema/.
+For Fedora Directory Server, they are stored in /etc/dirsrv/schema/.
+
+After copying the schema file to the appropriate directory, restart
+the LDAP server.
+
+Finally, using an LDAP browser/editor, enable indexing by editing the
+client profile to provide a Service Search Descriptor (SSD) for sudoers,
+replacing example.com with your domain:
+
+    serviceSearchDescriptor: sudoers: ou=sudoers,dc=example,dc=com
+
+If using an Active Directory server, copy schema.ActiveDirectory
+to your Windows domain controller and run the following command:
+
+    ldifde -i -f schema.ActiveDirectory -c dc=X dc=example,dc=com
+
+Importing /etc/sudoers into LDAP
+================================
+Importing sudoers is a two-step process.
+
+Step 1:
+Ask your LDAP Administrator where to create the ou=SUDOers container.
+
+For instance, if using OpenLDAP:
+
+  dn: ou=SUDOers,dc=example,dc=com
+  objectClass: top
+  objectClass: organizationalUnit
+  ou: SUDOers
+
+(An example location is shown below).  Then use the provided script to convert
+your sudoers file into LDIF format.  The script will also convert any default
+options.
+
+  # SUDOERS_BASE=ou=SUDOers,dc=example,dc=com
+  # export SUDOERS_BASE
+  # ./sudoers2ldif /etc/sudoers > /tmp/sudoers.ldif
+
+Step 2:
+Import into your directory server.  The following example is for
+OpenLDAP.  If you are using another directory, provide the LDIF
+file to your LDAP Administrator.
+
+  # ldapadd -f /tmp/sudoers.ldif -h ldapserver \
+    -D cn=Manager,dc=example,dc=com -W -x
+
+Managing LDAP entries
+=====================
+Doing a one-time bulk load of your ldap entries is fine.  However what if you
+need to make minor changes on a daily basis?  It doesn't make sense to delete
+and re-add objects.  (You can, but this is tedious).
+
+I recommend using any of the following LDAP browsers to administer your SUDOers.
+  * GQ - The gentleman's LDAP client - Open Source - I use this a lot on Linux
+    and since it is Schema aware, I don't need to create a sudoRole template.
+	http://biot.com/gq/
+
+  * LDAP Browser/Editor - by Jarek Gawor - I use this a lot on Windows
+    and Solaris.  It runs anywhere in a Java Virtual Machine including
+    web pages.  You have to make a template from an existing sudoRole entry.
+	http://www.iit.edu/~gawojar/ldap
+	http://www.mcs.anl.gov/~gawor/ldap
+	http://ldapmanager.com
+
+  * Apache Directory Studio - Open Source - an Eclipse-based LDAP
+    development platform.  Includes an LDAP browser, and LDIF editor,
+    a schema editor and more.
+    http://directory.apache.org/studio
+
+  There are dozens of others, some Open Source, some free, some not.
+
+Configure your /etc/ldap.conf and /etc/nsswitch.conf
+====================================================
+The /etc/ldap.conf file is meant to be shared between sudo, pam_ldap, nss_ldap
+and other ldap applications and modules.  IBM Secureway unfortunately uses
+the same file name but has a different syntax.  If you need to change where
+this file is stored, re-run configure with the --with-ldap-conf-file=PATH
+option.
+
+See the "Configuring ldap.conf" section in the sudoers.ldap manual
+for a list of supported ldap.conf parameters and an example ldap.conf
+
+Make sure you sudoers_base matches the location you specified when you
+imported the sudoers ldif data.
+
+After configuring /etc/ldap.conf, you must add a line in /etc/nsswitch.conf
+to tell sudo to look in LDAP for sudoers.  See the "Configuring nsswitch.conf"
+section in the sudoers.ldap manual for details.  Note that sudo will use
+/etc/nsswitch.conf even if the underlying operating system does not support it.
+To disable nsswitch support, run configure with the --with-nsswitch=no option.
+This will cause sudo to consult LDAP first and /etc/sudoers second, unless the
+ignore_sudoers_file flag is set in the global LDAP options.
+
+Debugging your LDAP configuration
+=================================
+Enable debugging if you believe sudo is not parsing LDAP the way you think it
+should.  Setting the 'sudoers_debug' parameter to a value of 1 shows moderate
+debugging.  A value of 2 shows the results of the matches themselves.  Make
+sure to set the value back to zero so that other users don't get confused by
+the debugging messages.
diff --git a/sudo-1.7.4p4/TROUBLESHOOTING b/sudo-1.7.4p4/TROUBLESHOOTING
new file mode 100644
index 0000000..57e2012
--- /dev/null
+++ b/sudo-1.7.4p4/TROUBLESHOOTING
@@ -0,0 +1,191 @@
+Troubleshooting tips and FAQ for Sudo
+=====================================
+
+Q) When I run configure, it says "C compiler cannot create executables".
+A) This usually means you either don't have a working compiler.  This
+   could be due to the lack of a license or that some component of the
+   compiler suite could not be found.  Check config.log for clues as
+   to why this is happening.  On many systems, compiler components live
+   in /usr/ccs/bin which may not be in your PATH environment variable.
+
+Q) Sudo compiles but when I run it I get "Sorry, sudo must be setuid root."
+   and sudo quits.
+A) Sudo must be setuid root to do its work.  You need to do something like
+   `chmod 4111 /usr/local/bin/sudo'.  Also, the file system sudo resides
+   on must *not* be mounted (or exported) with the nosuid option or sudo
+   will not be able to work.  Another possibility is you may have '.' in
+   your $PATH before the directory containing sudo.  If you are going
+   to have '.' in your path you should make sure it is at the end.
+
+Q) Sudo never gives me a chance to enter a password using PAM, it just
+   says 'Sorry, try again.' three times and exits.
+A) You didn't setup PAM to work with sudo.  On Redhat Linux or Fedora
+   Core this generally means installing sample.pam as /etc/pam.d/sudo.
+   See the sample.pam file for hints on what to use for other Linux
+   systems.
+
+Q) Sudo says 'Account expired or PAM config lacks an "account"
+   section for sudo, contact your system administrator' and exits
+   but I know my account has not expired.
+A) Your PAM config lacks an "account" specification.  On Linux this
+   usually means you are missing a line like:
+	account    required    pam_unix.so
+   in /etc/pam.d/sudo.
+
+Q) Sudo is setup to log via syslog(3) but I'm not getting any log
+   messages.
+A) Make sure you have an entry in your syslog.conf file to save
+   the sudo messages (see the sample.syslog.conf file).  The default
+   log facility is authpriv (changeable via configure or in sudoers).
+   Don't forget to send a SIGHUP to your syslogd so that it re-reads
+   its conf file.  Also, remember that syslogd does *not* create
+   log files, you need to create the file before syslogd will log
+   to it (ie: touch /var/log/sudo).
+   Note:  the facility (e.g. "auth.debug") must be separated from the 
+	  destination (e.g. "/var/log/auth" or "@loghost") by
+	  tabs, *not* spaces.  This is a common error.
+
+Q) When sudo asks me for my password it never accepts what I enter even
+   though I know I entered my password correctly.
+A) If your system uses shadow passwords, it is possible that sudo
+   didn't detect this.  Take a look at the generated config.h file
+   and verify that the C function used for shadow password lookups
+   was detected.  For instance, for SVR4-style shadow passwords,
+   HAVE_GETSPNAM should be defined (you can search for the string
+   "shadow passwords" in config.h with your editor).  Note that
+   there is no define for 4.4BSD-based shadow passwords since that
+   just uses the standard getpw* routines.
+
+Q) I don't want the sudoers file in /etc, how can I specify where it
+   should go?
+A) Use the --sysconfdir option to configure.  Ie:
+   configure --sysconfdir=/dir/you/want/sudoers/in
+
+Q) Can I put the sudoers file in NIS/NIS+ or do I have to have a
+   copy on each machine?
+A) There is no support for making an NIS/NIS+ map/table out of
+   the sudoers file at this time.  A good way to distribute the
+   sudoers file is via rdist(1).  It is also possible to NFS-mount
+   the sudoers file.
+
+Q) I don't run sendmail on my machine.  Does this mean that I cannot
+   use sudo?
+A) No, you just need to run use the --without-sendmail argument to configure
+   or add "!mailerpath" to the Defaults line in /etc/sudoers.
+
+Q) When I run visudo it uses vi as the editor and I hate vi.  How
+   can I make it use another editor?
+A) Your best bet is to run configure with the --with-env-editor switch.
+   This will make visudo use the editor specified by the user's
+   EDITOR environment variable.  Alternately, you can run configure
+   with the --with-editor=/path/to/another/editor.
+
+Q) Sudo appears to be removing some variables from my environment, why?
+A) Sudo removes the following "dangerous" environment variables
+   to guard against shared library spoofing, shell voodoo, and
+   kerberos server spoofing.
+     IFS
+     LOCALDOMAIN
+     RES_OPTIONS
+     HOSTALIASES
+     NLSPATH
+     PATH_LOCALE
+     TERMINFO
+     TERMINFO_DIRS
+     TERMPATH
+     TERMCAP
+     ENV
+     BASH_ENV
+     LC_ (if it contains a '/' or '%')
+     LANG (if it contains a '/' or '%')
+     LANGUAGE (if it contains a '/' or '%')
+     LD_*
+     _RLD_*
+     SHLIB_PATH (HP-UX only)
+     LIBPATH (AIX only)
+     KRB_CONF (kerb4 only)
+     KRBCONFDIR (kerb4 only)
+     KRBTKFILE (kerb4 only)
+     KRB5_CONFIG (kerb5 only)
+     VAR_ACE (SecurID only)
+     USR_ACE (SecurID only)
+     DLC_ACE (SecurID only)
+
+Q) How can I keep sudo from asking for a password?
+A) To specify this on a per-user (and per-command) basis, use the 'NOPASSWD'
+   tag right before the command list in sudoers.  See the sudoers man page
+   and sample.sudoers for details.  To disable passwords completely,
+   run configure with the --without-passwd option or add "!authenticate"
+   to the Defaults line in /etc/sudoers.  You can also turn off authentication
+   on a per-user or per-host basis using a user or host-specific Defaults
+   entry in sudoers.
+
+Q) When I run configure, it dies with the following error:
+   "no acceptable cc found in $PATH".
+A) /usr/ucb/cc was the only C compiler that configure could find.
+   You need to tell configure the path to the "real" C compiler
+   via the --with-CC option.  On Solaris, the path is probably
+   something like "/opt/SUNWspro/SC4.0/bin/cc".  If you have gcc
+   that will also work.
+
+Q) When I run configure, it dies with the following error:
+   Fatal Error: config.cache exists from another platform!
+   Please remove it and re-run configure.
+A) configure caches the results of its tests in a file called
+   config.cache to make re-running configure speedy.  However,
+   if you are building sudo for a different platform the results
+   in config.cache will be wrong so you need to remove config.cache.
+   You can do this by "rm config.cache" or "make realclean".
+   Note that "make realclean" will also remove any object files
+   and configure temp files that are laying around as well.
+
+Q) I built sudo on a Solaris >= 2.6 machine but the resulting binary
+   doesn't work on Solaris <= 2.5.1.  Why?
+A) Starting with Solaris 2.6, snprintf(3) is included in the standard
+   C library.  To build a version of sudo on a >= 2.6 machine that
+   will run on a <= 2.5.1 machine, edit config.h and comment out the lines:
+	#define HAVE_SNPRINTF 1
+	#define HAVE_VSNPRINTF 1
+   and run make.
+
+Q) When I run "visudo" it says "sudoers file busy, try again later."
+   and doesn't do anything.
+A) Someone else is currently editing the sudoers file with visudo.
+
+Q) When I try to use "cd" with sudo it says "cd: command not found".
+A) "cd" is a shell built-in command, you can't run it as a command
+   since a child process (sudo) cannot affect the current working
+   directory of the parent (your shell).
+
+Q) When I try to use "cd" with sudo the command completes without
+   errors but nothing happens.
+A) Even though "cd" is a shell built-in command, some operating systems
+   include a /usr/bin/cd command for some reason.  A standalone
+   "cd" command is totally useless since a child process (cd) cannot
+   affect the current working directory of the parent (your shell).
+   Thus, "sudo cd /foo" will start a child process, change the
+   directory and immediately exit without doing anything useful.
+
+Q) When I run sudo it says I am not allowed to run the command as root
+   but I don't want to run it as root, I want to run it as another user.
+   My sudoers file entry looks like:
+    bob	ALL=(oracle) ALL
+A) The default user sudo tries to run things as is always root, even if
+   the invoking user can only run commands as a single, specific user.
+   This may change in the future but at the present time you have to
+   work around this using the 'runas_default' option in sudoers.
+   For example:
+    Defaults:bob	runas_default=oracle
+   would achieve the desired result ofr the preceding sudoers fragment.
+
+Q) When I try to run sudo via ssh, I get the error:
+    sudo: no tty present and no askpass program specified
+A) ssh does not allocate a tty by default when running a remote command.
+   Without a tty, sudo cannot disable echo when prompting for a password.
+   You can use ssh's "-t" option to force it to allocate a tty.
+   Alternately, if you do not mind your password being echoed to the
+   screen, you can use the "visiblepw" sudoers option to allow this.
+
+Q) How do you pronounce `sudo'?
+A) The official pronunciation is soo-doo (for su "do").  However, an
+   alternate pronunciation, a homophone of "pseudo", is also common.
diff --git a/sudo-1.7.4p4/UPGRADE b/sudo-1.7.4p4/UPGRADE
new file mode 100644
index 0000000..fb27119
--- /dev/null
+++ b/sudo-1.7.4p4/UPGRADE
@@ -0,0 +1,176 @@
+Notes on upgrading from an older release
+========================================
+
+o Upgrading from a version prior to 1.7.4:
+
+    Starting with sudo 1.7.4, the time stamp files have moved from
+    /var/run/sudo to either /var/db/sudo, /var/lib/sudo or /var/adm/sudo.
+    The directories are checked for existence in that order.  This
+    prevents users from receiving the sudo lecture every time the
+    system reboots.  Time stamp files older than the boot time are
+    ignored on systems where it is possible to determine this.
+
+    Additionally, the tty_tickets sudoers option is now enabled by
+    default.  To restore the old behavior (single time stamp per user),
+    add a line like:
+	Defaults !tty_tickets
+    to sudoers or use the --without-tty-tickets configure option.
+
+    The HOME and MAIL environment variables are now reset based on the
+    target user's password database entry when the env_reset sudoers option
+    is enabled (which is the case in the default configuration).  Users
+    wishing to preserve the original values should use a sudoers entry like:
+        Defaults env_keep += HOME
+    to preserve the old value of HOME and
+        Defaults env_keep += MAIL
+    to preserve the old value of MAIL.
+
+    NOTE: preserving HOME has security implications since many programs
+    use when searching for configuration files.  Adding HOME to env_keep
+    may enable a user to run unrestricted commands via sudo.
+
+    The default syslog facility has changed from "local2" to "authpriv"
+    (or "auth" if the operating system doesn't have "authpriv").
+    The --with-logfac configure option can be used to change this
+    or it can be changed in the sudoers file.
+
+o Upgrading from a version prior to 1.7.0:
+
+    Starting with sudo 1.7.0, comments in the sudoers file must not
+    have a digit or minus sign immediately after the comment character
+    ('#').  Otherwise, the comment may be interpreted as a user or
+    group ID.
+
+    When sudo is build with LDAP support the /etc/nsswitch.conf file is
+    now used to determine the sudoers seach order.  sudo will default to
+    only using /etc/sudoers unless /etc/nsswitch.conf says otherwise.
+    This can be changed with an nsswitch.conf line, e.g.:
+        sudoers:        ldap files
+    Would case LDAP to be searched first, then the sudoers file.
+    To restore the pre-1.7.0 behavior, run configure with the
+    --with-nsswitch=no flag.
+
+    Sudo now ignores user .ldaprc files as well as system LDAP defaults.
+    All LDAP configuration is now in /etc/ldap.conf (or whichever file
+    was specified by configure's --with-ldap-conf-file option).
+    If you are using TLS, you may now need to specify:
+	tls_checkpeer no
+    in sudo's ldap.conf unless ldap.conf references a valid certificate
+    authority file(s).
+
+    Please also see the NEWS file for a list of new features in
+    sudo 1.7.0.
+
+o Upgrading from a version prior to 1.6.9:
+
+    Starting with sudo 1.6.9, if an OS supports a modular authentication
+    method such as PAM, it will be used by default by configure.
+
+    Environment variable handling has changed significantly in sudo
+    1.6.9.  Prior to version 1.6.9, sudo would preserve the user's
+    environment, pruning out potentially dangerous variables.
+    Beginning with sudo 1.6.9, the envionment is reset to a default
+    set of values with only a small number of "safe" variables
+    preserved.  To preserve specific environment variables, add
+    them to the "env_keep" list in sudoers.  E.g.
+
+	Defaults env_keep += "EDITOR"
+
+    The old behavior can be restored by negating the "env_reset"
+    option in sudoers.  E.g.
+
+	Defaults !env_reset
+
+    There have  also been changes to how the "env_keep" and
+    "env_check" options behave.
+
+    Prior to sudo 1.6.9, the TERM and PATH environment variables
+    would always be preserved even if the env_keep option was
+    redefined.  That is no longer the case.  Consequently, if
+    env_keep is set with "=" and not simply appended to (i.e. using
+    "+="), PATH and TERM must be explicitly included in the list
+    of environment variables to keep.  The LOGNAME, SHELL, USER,
+    and USERNAME environment variables are still always set.
+
+    Additionally, the env_check setting previously had no effect
+    when env_reset was set (which is now on by default).  Starting
+    with sudo 1.6.9, environment variables listed in env_check are
+    also preserved in the env_reset case, provided that they do not
+    contain a '/' or '%' character.  Note that it is not necessary
+    to also list a variable in env_keep--having it in env_check is
+    sufficent.
+
+    The default lists of variables to be preserved and/or checked
+    are displayed when sudo is run by root with the -V flag.
+
+o Upgrading from a version prior to 1.6.8:
+
+    Prior to sudo 1.6.8, if /var/run did not exist, sudo would put
+    the time stamp files in /tmp/.odus.  As of sudo 1.6.8, the
+    time stamp files will be placed in /var/adm/sudo or /usr/adm/sudo
+    if there is no /var/run directory.  This directory will be
+    created if it does not already exist.
+
+    Previously, a sudoers entry that explicitly prohibited running
+    a command as a certain user did not override a previous entry
+    allowing the same command.  This has been fixed in sudo 1.6.8
+    such that the last match is now used (as it is documented).
+    Hopefully no one was depending on the previous (buggy) beghavior.
+
+o Upgrading from a version prior to 1.6:
+
+    As of sudo 1.6, parsing of runas entries and the NOPASSWD tag
+    has changed.  Prior to 1.6, a runas specifier applied only to
+    a single command directly following it.  Likewise, the NOPASSWD
+    tag only allowed the command directly following it to be run
+    without a password.  Starting with sudo 1.6, both the runas
+    specifier and the NOPASSWD tag are "sticky" for an entire
+    command list.  So, given the following line in sudo < 1.6
+
+	millert ALL=(daemon) NOPASSWD:/usr/bin/whoami,/bin/ls
+
+    millert would be able to run /usr/bin/whoami as user daemon
+    without a password and /bin/ls as root with a password.
+
+    As of sudo 1.6, the same line now means that millert is able
+    to run run both /usr/bin/whoami and /bin/ls as user daemon
+    without a password.  To expand on this, take the following
+    example:
+
+	millert ALL=(daemon) NOPASSWD:/usr/bin/whoami, (root) /bin/ls, \
+	    /sbin/dump
+
+    millert can run /usr/bin/whoami as daemon and /bin/ls and
+    /sbin/dump as root.  No password need be given for either
+    command.  In other words, the "(root)" sets the default runas
+    user to root for the rest of the list.  If we wanted to require
+    a password for /bin/ls and /sbin/dump the line could be written
+    thusly:
+
+	millert ALL=(daemon) NOPASSWD:/usr/bin/whoami, \
+	    (root) PASSWD:/bin/ls, /sbin/dump
+
+    Additionally, sudo now uses a per-user time stamp directory
+    instead of a time stamp file.  This allows tty time stamps to
+    simply be files within the user's time stamp dir.  For the
+    default, non-tty case, the time stamp on the directory itself
+    is used.
+
+    Also, the temporary file used by visudo is now /etc/sudoers.tmp
+    since some versions of vipw on systems with shadow passwords use
+    /etc/stmp for the temporary shadow file.
+
+o Upgrading from a version prior to 1.5:
+
+    By default, sudo expects the sudoers file to be mode 0440 and
+    to be owned by user and group 0.  This differs from version 1.4
+    and below which expected the sudoers file to be mode 0400 and
+    to be owned by root.  Doing a `make install' will set the sudoers
+    file to the new mode and group.  If sudo encounters a sudoers
+    file with the old permissions it will attempt to update it to
+    the new scheme.  You cannot, however, use a sudoers file with
+    the new permissions with an old sudo binary.  It is suggested
+    that if have a means of distributing sudo you distribute the
+    new binaries first, then the new sudoers file (or you can leave
+    sudoers as is and sudo will fix the permissions itself as long
+    as sudoers is on a local file system).
diff --git a/sudo-1.7.4p4/aclocal.m4 b/sudo-1.7.4p4/aclocal.m4
new file mode 100644
index 0000000..1276746
--- /dev/null
+++ b/sudo-1.7.4p4/aclocal.m4
@@ -0,0 +1,375 @@
+dnl Local m4 macros for autoconf (used by sudo)
+dnl
+dnl Copyright (c) 1994-1996, 1998-2005, 2007-2009
+dnl	Todd C. Miller <Todd.Miller@courtesan.com>
+dnl
+dnl XXX - should cache values in all cases!!!
+dnl
+dnl checks for programs
+
+dnl
+dnl check for sendmail in well-known locations
+dnl
+AC_DEFUN(SUDO_PROG_SENDMAIL, [AC_MSG_CHECKING([for sendmail])
+found=no
+for p in "/usr/sbin/sendmail" "/usr/lib/sendmail" "/usr/etc/sendmail" "/usr/ucblib/sendmail" "/usr/local/lib/sendmail" "/usr/local/bin/sendmail"; do
+    if test -f "$p"; then
+	found=yes
+	AC_MSG_RESULT([$p])
+	SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$p")
+	break
+    fi
+done
+if test X"$found" != X"yes"; then
+    AC_MSG_RESULT([not found])
+fi
+])dnl
+
+dnl
+dnl check for vi in well-known locations
+dnl
+AC_DEFUN(SUDO_PROG_VI, [AC_MSG_CHECKING([for vi])
+found=no
+for editor in "/usr/bin/vi" "/bin/vi" "/usr/ucb/vi" "/usr/bsd/vi" "/usr/local/bin/vi"; do
+    if test -f "$editor"; then
+	found=yes
+	AC_MSG_RESULT([$editor])
+	SUDO_DEFINE_UNQUOTED(_PATH_VI, "$editor")
+	break
+    fi
+done
+if test X"$found" != X"yes"; then
+    AC_MSG_RESULT([not found])
+fi
+])dnl
+
+dnl
+dnl check for mv in well-known locations
+dnl
+AC_DEFUN(SUDO_PROG_MV, [AC_MSG_CHECKING([for mv])
+found=no
+for p in "/usr/bin/mv" "/bin/mv" "/usr/ucb/mv" "/usr/sbin/mv"; do
+    if test -f "$p"; then
+	found=yes
+	AC_MSG_RESULT([$p])
+	SUDO_DEFINE_UNQUOTED(_PATH_MV, "$p")
+	break
+    fi
+done
+if test X"$found" != X"yes"; then
+    AC_MSG_RESULT([not found])
+fi
+])dnl
+
+dnl
+dnl check for bourne shell in well-known locations
+dnl
+AC_DEFUN(SUDO_PROG_BSHELL, [AC_MSG_CHECKING([for bourne shell])
+found=no
+for p in "/bin/sh" "/usr/bin/sh" "/sbin/sh" "/usr/sbin/sh" "/bin/ksh" "/usr/bin/ksh" "/bin/bash" "/usr/bin/bash"; do
+    if test -f "$p"; then
+	found=yes
+	AC_MSG_RESULT([$p])
+	SUDO_DEFINE_UNQUOTED(_PATH_BSHELL, "$p")
+	break
+    fi
+done
+if test X"$found" != X"yes"; then
+    AC_MSG_RESULT([not found])
+fi
+])dnl
+
+dnl
+dnl Where the log file goes, use /var/log if it exists, else /{var,usr}/adm
+dnl
+AC_DEFUN(SUDO_LOGFILE, [AC_MSG_CHECKING(for log file location)
+if test -n "$with_logpath"; then
+    AC_MSG_RESULT($with_logpath)
+    SUDO_DEFINE_UNQUOTED(_PATH_SUDO_LOGFILE, "$with_logpath")
+elif test -d "/var/log"; then
+    AC_MSG_RESULT(/var/log/sudo.log)
+    SUDO_DEFINE(_PATH_SUDO_LOGFILE, "/var/log/sudo.log")
+elif test -d "/var/adm"; then
+    AC_MSG_RESULT(/var/adm/sudo.log)
+    SUDO_DEFINE(_PATH_SUDO_LOGFILE, "/var/adm/sudo.log")
+elif test -d "/usr/adm"; then
+    AC_MSG_RESULT(/usr/adm/sudo.log)
+    SUDO_DEFINE(_PATH_SUDO_LOGFILE, "/usr/adm/sudo.log")
+else
+    AC_MSG_RESULT(unknown, you will have to set _PATH_SUDO_LOGFILE by hand)
+fi
+])dnl
+
+dnl
+dnl Where the timestamp files go.
+dnl
+AC_DEFUN(SUDO_TIMEDIR, [AC_MSG_CHECKING(for timestamp file location)
+timedir="$with_timedir"
+if test -z "$timedir"; then
+    for d in /var/db /var/lib /var/adm /usr/adm; do
+	if test -d "$d"; then
+	    timedir="$d/sudo"
+	    break
+	fi
+    done
+fi
+AC_MSG_RESULT([$timedir])
+SUDO_DEFINE_UNQUOTED(_PATH_SUDO_TIMEDIR, "$timedir")
+])dnl
+
+dnl
+dnl Where the I/O log files go, use /var/log/sudo-io if
+dnl /var/log exists, else /{var,usr}/adm/sudo-io
+dnl
+AC_DEFUN(SUDO_IO_LOGDIR, [
+    AC_MSG_CHECKING(for I/O log dir location)
+    if test "${with_iologdir-yes}" != "yes"; then
+	:
+    elif test -d "/var/log"; then
+	with_iologdir="/var/log/sudo-io"
+    elif test -d "/var/adm"; then
+	with_iologdir="/var/adm/sudo-io"
+    else
+	with_iologdir="/usr/adm/sudo-io"
+    fi
+    if test "${with_iologdir-yes}" != "no"; then
+	SUDO_DEFINE_UNQUOTED(_PATH_SUDO_IO_LOGDIR, "$with_iologdir")
+    fi
+    AC_MSG_RESULT($with_iologdir)
+])dnl
+
+dnl
+dnl SUDO_CHECK_TYPE(TYPE, DEFAULT)
+dnl XXX - should require the check for unistd.h...
+dnl
+AC_DEFUN(SUDO_CHECK_TYPE,
+[AC_REQUIRE([AC_HEADER_STDC])dnl
+AC_MSG_CHECKING(for $1)
+AC_CACHE_VAL(sudo_cv_type_$1,
+[AC_EGREP_CPP($1, [#include <sys/types.h>
+#include <stdio.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#endif
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif], sudo_cv_type_$1=yes, sudo_cv_type_$1=no)])dnl
+AC_MSG_RESULT($sudo_cv_type_$1)
+if test $sudo_cv_type_$1 = no; then
+  AC_DEFINE($1, $2, [Define if your system lacks the $1 type.])
+fi
+])
+
+dnl
+dnl Check for size_t declation
+dnl
+AC_DEFUN(SUDO_TYPE_SIZE_T,
+[SUDO_CHECK_TYPE(size_t, int)])
+
+dnl
+dnl Check for ssize_t declation
+dnl
+AC_DEFUN(SUDO_TYPE_SSIZE_T,
+[SUDO_CHECK_TYPE(ssize_t, int)])
+
+dnl
+dnl Check for dev_t declation
+dnl
+AC_DEFUN(SUDO_TYPE_DEV_T,
+[SUDO_CHECK_TYPE(dev_t, int)])
+
+dnl
+dnl Check for ino_t declation
+dnl
+AC_DEFUN(SUDO_TYPE_INO_T,
+[SUDO_CHECK_TYPE(ino_t, unsigned int)])
+
+dnl
+dnl check for working fnmatch(3)
+dnl
+AC_DEFUN(SUDO_FUNC_FNMATCH,
+[AC_MSG_CHECKING([for working fnmatch with FNM_CASEFOLD])
+AC_CACHE_VAL(sudo_cv_func_fnmatch,
+[rm -f conftestdata; > conftestdata
+AC_TRY_RUN([#include <fnmatch.h>
+main() { exit(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", FNM_CASEFOLD)); }], [sudo_cv_func_fnmatch=yes], [sudo_cv_func_fnmatch=no],
+  [sudo_cv_func_fnmatch=no])
+rm -f core core.* *.core])
+AC_MSG_RESULT($sudo_cv_func_fnmatch)
+AS_IF([test $sudo_cv_func_fnmatch = yes], [$1], [$2])])
+
+dnl
+dnl check for isblank(3)
+dnl
+AC_DEFUN([SUDO_FUNC_ISBLANK],
+  [AC_CACHE_CHECK([for isblank], [sudo_cv_func_isblank],
+    [AC_TRY_LINK([#include <ctype.h>], [return (isblank('a'));],
+    sudo_cv_func_isblank=yes, sudo_cv_func_isblank=no)])
+] [
+  if test "$sudo_cv_func_isblank" = "yes"; then
+    AC_DEFINE(HAVE_ISBLANK, 1, [Define if you have isblank(3).])
+  else
+    AC_LIBOBJ(isblank)
+  fi
+])
+
+dnl
+dnl check unsetenv() return value
+dnl
+AC_DEFUN([SUDO_FUNC_UNSETENV_VOID],
+  [AC_CACHE_CHECK([whether unsetenv returns void], [sudo_cv_func_unsetenv_void],
+    [AC_RUN_IFELSE([AC_LANG_PROGRAM(
+      [AC_INCLUDES_DEFAULT
+        int unsetenv();
+      ], [
+        [return unsetenv("FOO") != 0;]
+      ])
+    ],
+    [sudo_cv_func_unsetenv_void=no],
+    [sudo_cv_func_unsetenv_void=yes],
+    [sudo_cv_func_unsetenv_void=no])])
+    if test $sudo_cv_func_unsetenv_void = yes; then
+      AC_DEFINE(UNSETENV_VOID, 1,
+        [Define to 1 if the `unsetenv' function returns void instead of `int'.])
+    fi
+  ])
+
+dnl
+dnl check putenv() argument for const
+dnl
+AC_DEFUN([SUDO_FUNC_PUTENV_CONST],
+[AC_CACHE_CHECK([whether putenv has a const argument],
+sudo_cv_func_putenv_const,
+[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT
+int putenv(const char *string) {return 0;}], [])],
+    [sudo_cv_func_putenv_const=yes],
+    [sudo_cv_func_putenv_const=no])
+  ])
+  if test $sudo_cv_func_putenv_const = yes; then
+    AC_DEFINE(PUTENV_CONST, 1, [Define to 1 if the `putenv' has a const argument.])
+  fi
+])
+
+dnl
+dnl check for sa_len field in struct sockaddr
+dnl
+AC_DEFUN(SUDO_SOCK_SA_LEN, [
+    AC_CHECK_MEMBER([struct sockaddr.sa_len], 
+	[AC_DEFINE(HAVE_SA_LEN, 1, [Define if your struct sockadr has an sa_len field.])],    
+	[],
+	[ #include <sys/types.h>
+	  #include <sys/socket.h>] 
+    )]
+)
+dnl
+dnl check for max length of uid_t in string representation.
+dnl we can't really trust UID_MAX or MAXUID since they may exist
+dnl only for backwards compatibility.
+dnl
+AC_DEFUN(SUDO_UID_T_LEN,
+[AC_REQUIRE([AC_TYPE_UID_T])
+AC_MSG_CHECKING(max length of uid_t)
+AC_CACHE_VAL(sudo_cv_uid_t_len,
+[rm -f conftestdata
+AC_TRY_RUN(
+[#include <stdio.h>
+#include <pwd.h>
+#include <limits.h>
+#include <sys/types.h>
+#include <sys/param.h>
+main() {
+  FILE *f;
+  char b[1024];
+  uid_t u = (uid_t) -1;
+
+  if ((f = fopen("conftestdata", "w")) == NULL)
+    exit(1);
+
+  (void) sprintf(b, "%lu", (unsigned long) u);
+  (void) fprintf(f, "%d\n", strlen(b));
+  (void) fclose(f);
+  exit(0);
+}], sudo_cv_uid_t_len=`cat conftestdata`, sudo_cv_uid_t_len=10, sudo_cv_uid_t_len=10)
+])
+rm -f conftestdata
+AC_MSG_RESULT($sudo_cv_uid_t_len)
+AC_DEFINE_UNQUOTED(MAX_UID_T_LEN, $sudo_cv_uid_t_len, [Define to the max length of a uid_t in string context (excluding the NUL).])
+])
+
+dnl
+dnl append a libpath to an LDFLAGS style variable
+dnl
+AC_DEFUN(SUDO_APPEND_LIBPATH, [
+    if test X"$with_rpath" = X"yes"; then
+	case "$host" in
+	    *-*-hpux*)	$1="${$1} -L$2 -Wl,+b,$2"
+			;;
+	    *)		$1="${$1} -L$2 -Wl,-R$2"
+			;;
+	esac
+    else
+	$1="${$1} -L$2"
+    fi
+    if test X"$blibpath" != X"" -a "$1" = "SUDO_LDFLAGS"; then
+	blibpath_add="${blibpath_add}:$2"
+    fi
+])
+
+dnl
+dnl Determine the mail spool location
+dnl NOTE: must be run *after* check for paths.h
+dnl
+AC_DEFUN(SUDO_MAILDIR, [
+maildir=no
+if test X"$ac_cv_header_paths_h" = X"yes"; then
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT
+#include <paths.h>
+int main() {char *p = _PATH_MAILDIR;}], [])], [maildir=yes], [])
+fi
+if test $maildir = no; then
+    # Solaris has maillock.h which defines MAILDIR
+    AC_CHECK_HEADERS(maillock.h, [
+	SUDO_DEFINE(_PATH_MAILDIR, MAILDIR)
+	maildir=yes
+    ])
+    if test $maildir = no; then
+	for d in /var/mail /var/spool/mail /usr/spool/mail; do
+	    if test -d "$d"; then
+		maildir=yes
+		SUDO_DEFINE_UNQUOTED(_PATH_MAILDIR, "$d")
+		break
+	    fi
+	done
+	if test $maildir = no; then
+	    # unable to find mail dir, hope for the best
+	    SUDO_DEFINE_UNQUOTED(_PATH_MAILDIR, "/var/mail")
+	fi
+    fi
+fi
+])
+
+dnl
+dnl private versions of AC_DEFINE and AC_DEFINE_UNQUOTED that don't support
+dnl tracing that we use to define paths for pathnames.h so autoheader doesn't
+dnl put them in config.h.in.  An awful hack.
+dnl
+m4_define([SUDO_DEFINE],
+[cat >>confdefs.h <<\EOF
+[@%:@define] $1 m4_if($#, 2, [$2], $#, 3, [$2], 1)
+EOF
+])
+
+m4_define([SUDO_DEFINE_UNQUOTED],
+[cat >>confdefs.h <<EOF
+[@%:@define] $1 m4_if($#, 2, [$2], $#, 3, [$2], 1)
+EOF
+])
+
+dnl
+dnl Pull in libtool macros
+dnl
+m4_include([libtool.m4])
+m4_include([ltoptions.m4])
+m4_include([ltsugar.m4])
+m4_include([ltversion.m4])
+m4_include([lt~obsolete.m4])
diff --git a/sudo-1.7.4p4/aix.c b/sudo-1.7.4p4/aix.c
new file mode 100644
index 0000000..5735ec9
--- /dev/null
+++ b/sudo-1.7.4p4/aix.c
@@ -0,0 +1,191 @@
+/*
+ * Copyright (c) 2008, 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/resource.h>
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#include <usersec.h>
+#include <uinfo.h>
+
+#include "compat.h"
+#include "alloc.h"
+#include "error.h"
+
+#ifdef HAVE_GETUSERATTR
+
+#ifndef HAVE_SETRLIMIT64
+# define setrlimit64(a, b) setrlimit(a, b)
+# define rlimit64 rlimit
+# define rlim64_t rlim_t
+# define RLIM64_INFINITY RLIM_INFINITY
+#endif /* HAVE_SETRLIMIT64 */
+
+#ifndef RLIM_SAVED_MAX
+# define RLIM_SAVED_MAX	RLIM64_INFINITY
+#endif
+
+struct aix_limit {
+    int resource;
+    char *soft;
+    char *hard;
+    int factor;
+};
+
+static struct aix_limit aix_limits[] = {
+    { RLIMIT_FSIZE, S_UFSIZE, S_UFSIZE_HARD, 512 },
+    { RLIMIT_CPU, S_UCPU, S_UCPU_HARD, 1 },
+    { RLIMIT_DATA, S_UDATA, S_UDATA_HARD, 512 },
+    { RLIMIT_STACK, S_USTACK, S_USTACK_HARD, 512 },
+    { RLIMIT_RSS, S_URSS, S_URSS_HARD, 512 },
+    { RLIMIT_CORE, S_UCORE, S_UCORE_HARD, 512 },
+    { RLIMIT_NOFILE, S_UNOFILE, S_UNOFILE_HARD, 1 }
+};
+
+static int
+aix_getlimit(user, lim, valp)
+    char *user;
+    char *lim;
+    rlim64_t *valp;
+{
+    int val;
+
+    if (getuserattr(user, lim, &val, SEC_INT) != 0 &&
+	getuserattr("default", lim, &val, SEC_INT) != 0) {
+	return(-1);
+    }
+    *valp = val;
+    return(0);
+}
+
+static void
+aix_setlimits(user)
+    char *user;
+{
+    struct rlimit64 rlim;
+    rlim64_t val;
+    int n;
+
+    if (setuserdb(S_READ) != 0)
+	error(1, "unable to open userdb");
+
+    /*
+     * For each resource limit, get the soft/hard values for the user
+     * and set those values via setrlimit64().  Must be run as euid 0.
+     */
+    for (n = 0; n < sizeof(aix_limits) / sizeof(aix_limits[0]); n++) {
+	/*
+	 * We have two strategies, depending on whether or not the
+	 * hard limit has been defined.
+	 */
+	if (aix_getlimit(user, aix_limits[n].hard, &val) == 0) {
+	    rlim.rlim_max = val == -1 ? RLIM64_INFINITY : val * aix_limits[n].factor;
+	    if (aix_getlimit(user, aix_limits[n].soft, &val) == 0)
+		rlim.rlim_cur = val == -1 ? RLIM64_INFINITY : val * aix_limits[n].factor;
+	    else
+		rlim.rlim_cur = rlim.rlim_max;	/* soft not specd, use hard */
+	} else {
+	    /* No hard limit set, try soft limit. */
+	    if (aix_getlimit(user, aix_limits[n].soft, &val) == 0)
+		rlim.rlim_cur = val == -1 ? RLIM64_INFINITY : val * aix_limits[n].factor;
+
+	    /* Set hard limit per AIX /etc/security/limits documentation. */
+	    switch (aix_limits[n].resource) {
+		case RLIMIT_CPU:
+		case RLIMIT_FSIZE:
+		    rlim.rlim_max = rlim.rlim_cur;
+		    break;
+		case RLIMIT_STACK:
+		    rlim.rlim_max = RLIM_SAVED_MAX;
+		    break;
+		default:
+		    rlim.rlim_max = RLIM64_INFINITY;
+		    break;
+	    }
+	}
+	(void)setrlimit64(aix_limits[n].resource, &rlim);
+    }
+    enduserdb();
+}
+
+#ifdef HAVE_SETAUTHDB
+/*
+ * Look up administrative domain for user (SYSTEM in /etc/security/user) and
+ * set it as the default for the process.  This ensures that password and
+ * group lookups are made against the correct source (files, NIS, LDAP, etc).
+ */
+void
+aix_setauthdb(user)
+    char *user;
+{
+    char *registry;
+
+    if (user != NULL) {
+	if (setuserdb(S_READ) != 0)
+	    error(1, "unable to open userdb");
+	if (getuserattr(user, S_REGISTRY, &registry, SEC_CHAR) == 0) {
+	    if (setauthdb(registry, NULL) != 0)
+		error(1, "unable to switch to registry \"%s\" for %s",
+		    registry, user);
+	}
+	enduserdb();
+    }
+}
+
+/*
+ * Restore the saved administrative domain, if any.
+ */
+void
+aix_restoreauthdb()
+{
+    if (setauthdb(NULL, NULL) != 0)
+	error(1, "unable to restore registry");
+}
+#endif
+
+void
+aix_prep_user(user, tty)
+    char *user;
+    char *tty;
+{
+    char *info;
+    int len;
+
+    /* set usrinfo, like login(1) does */
+    len = easprintf(&info, "NAME=%s%cLOGIN=%s%cLOGNAME=%s%cTTY=%s%c",
+	user, '\0', user, '\0', user, '\0', tty ? tty : "", '\0');
+    (void)usrinfo(SETUINFO, info, len);
+    efree(info);
+
+#ifdef HAVE_SETAUTHDB
+    /* set administrative domain */
+    aix_setauthdb(user);
+#endif
+
+    /* set resource limits */
+    aix_setlimits(user);
+}
+#endif /* HAVE_GETUSERATTR */
diff --git a/sudo-1.7.4p4/aixcrypt.exp b/sudo-1.7.4p4/aixcrypt.exp
new file mode 100644
index 0000000..5ee024e
--- /dev/null
+++ b/sudo-1.7.4p4/aixcrypt.exp
@@ -0,0 +1,4 @@
+#!
+__setkey
+__encrypt
+__crypt
diff --git a/sudo-1.7.4p4/alias.c b/sudo-1.7.4p4/alias.c
new file mode 100644
index 0000000..b1f57e7
--- /dev/null
+++ b/sudo-1.7.4p4/alias.c
@@ -0,0 +1,201 @@
+/*
+ * Copyright (c) 2004-2005, 2007-2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+
+#include "sudo.h"
+#include "parse.h"
+#include "redblack.h"
+#include <gram.h>
+
+/*
+ * Globals
+ */
+struct rbtree *aliases;
+unsigned int alias_seqno;
+
+/*
+ * Comparison function for the red-black tree.
+ * Aliases are sorted by name with the type used as a tie-breaker.
+ */
+int
+alias_compare(v1, v2)
+    const void *v1, *v2;
+{
+    const struct alias *a1 = (const struct alias *)v1;
+    const struct alias *a2 = (const struct alias *)v2;
+    int res;
+
+    if (v1 == NULL)
+	res = -1;
+    else if (v2 == NULL)
+	res = 1;
+    else if ((res = strcmp(a1->name, a2->name)) == 0)
+	res = a1->type - a2->type;
+    return(res);
+}
+
+/*
+ * Search the tree for an alias with the specified name and type.
+ * Returns a pointer to the alias structure or NULL if not found.
+ */
+struct alias *
+alias_find(name, type)
+    char *name;
+    int type;
+{
+    struct alias key;
+    struct rbnode *node;
+    struct alias *a = NULL;
+
+    key.name = name;
+    key.type = type;
+    if ((node = rbfind(aliases, &key)) != NULL) {
+	    /*
+	     * Compare the global sequence number with the one stored
+	     * in the alias.  If they match then we've seen this alias
+	     * before and found a loop.
+	     */
+	    a = node->data;
+	    if (a->seqno == alias_seqno)
+		return(NULL);
+	    a->seqno = alias_seqno;
+    }
+    return(a);
+}
+
+/*
+ * Add an alias to the aliases redblack tree.
+ * Returns NULL on success and an error string on failure.
+ */
+char *
+alias_add(name, type, members)
+    char *name;
+    int type;
+    struct member *members;
+{
+    static char errbuf[512];
+    struct alias *a;
+
+    a = emalloc(sizeof(*a));
+    a->name = name;
+    a->type = type;
+    a->seqno = 0;
+    list2tq(&a->members, members);
+    if (rbinsert(aliases, a)) {
+	snprintf(errbuf, sizeof(errbuf), "Alias `%s' already defined", name);
+	alias_free(a);
+	return(errbuf);
+    }
+    return(NULL);
+}
+
+/*
+ * Apply a function to each alias entry and pass in a cookie.
+ */
+void
+alias_apply(func, cookie)
+    int (*func) __P((void *, void *));
+    void *cookie;
+{
+    rbapply(aliases, func, cookie, inorder);
+}
+
+/*
+ * Returns TRUE if there are no aliases, else FALSE.
+ */
+int
+no_aliases()
+{
+    return(rbisempty(aliases));
+}
+
+/*
+ * Free memory used by an alias struct and its members.
+ */
+void
+alias_free(v)
+    void *v;
+{
+    struct alias *a = (struct alias *)v;
+    struct member *m;
+    struct sudo_command *c;
+    void *next;
+
+    efree(a->name);
+    for (m = a->members.first; m != NULL; m = next) {
+	next = m->next;
+	if (m->type == COMMAND) {
+		c = (struct sudo_command *) m->name;
+		efree(c->cmnd);
+		efree(c->args);
+	}
+	efree(m->name);
+	efree(m);
+    }
+    efree(a);
+}
+
+/*
+ * Find the named alias, remove it from the tree and return it.
+ */
+struct alias *
+alias_remove(name, type)
+    char *name;
+    int type;
+{
+    struct rbnode *node;
+    struct alias key, *a;
+
+    key.name = name;
+    key.type = type;
+    if ((node = rbfind(aliases, &key)) == NULL)
+	return(NULL);
+    a = rbdelete(aliases, node);
+    return(a);
+}
+
+void
+init_aliases()
+{
+    if (aliases != NULL)
+	rbdestroy(aliases, alias_free);
+    aliases = rbcreate(alias_compare);
+}
diff --git a/sudo-1.7.4p4/alloc.c b/sudo-1.7.4p4/alloc.c
new file mode 100644
index 0000000..8e6a7e2
--- /dev/null
+++ b/sudo-1.7.4p4/alloc.c
@@ -0,0 +1,223 @@
+/*
+ * Copyright (c) 1999-2005, 2007, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRING_H */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+# include <malloc.h>
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#ifdef HAVE_INTTYPES_H
+# include <inttypes.h>
+#endif
+
+#include "sudo.h"
+
+/*
+ * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t
+ * could be signed (as it is on SunOS 4.x).  This just means that
+ * emalloc2() and erealloc3() cannot allocate huge amounts on such a
+ * platform but that is OK since sudo doesn't need to do so anyway.
+ */
+#ifndef SIZE_MAX
+# ifdef SIZE_T_MAX
+#  define SIZE_MAX	SIZE_T_MAX
+# else
+#  define SIZE_MAX	INT_MAX
+# endif /* SIZE_T_MAX */
+#endif /* SIZE_MAX */
+
+/*
+ * emalloc() calls the system malloc(3) and exits with an error if
+ * malloc(3) fails.
+ */
+void *
+emalloc(size)
+    size_t size;
+{
+    void *ptr;
+
+    if (size == 0)
+	errorx(1, "internal error, tried to emalloc(0)");
+
+    if ((ptr = malloc(size)) == NULL)
+	errorx(1, "unable to allocate memory");
+    return(ptr);
+}
+
+/*
+ * emalloc2() allocates nmemb * size bytes and exits with an error
+ * if overflow would occur or if the system malloc(3) fails.
+ */
+void *
+emalloc2(nmemb, size)
+    size_t nmemb;
+    size_t size;
+{
+    void *ptr;
+
+    if (nmemb == 0 || size == 0)
+	errorx(1, "internal error, tried to emalloc2(0)");
+    if (nmemb > SIZE_MAX / size)
+	errorx(1, "internal error, emalloc2() overflow");
+
+    size *= nmemb;
+    if ((ptr = malloc(size)) == NULL)
+	errorx(1, "unable to allocate memory");
+    return(ptr);
+}
+
+/*
+ * erealloc() calls the system realloc(3) and exits with an error if
+ * realloc(3) fails.  You can call erealloc() with a NULL pointer even
+ * if the system realloc(3) does not support this.
+ */
+void *
+erealloc(ptr, size)
+    void *ptr;
+    size_t size;
+{
+
+    if (size == 0)
+	errorx(1, "internal error, tried to erealloc(0)");
+
+    ptr = ptr ? realloc(ptr, size) : malloc(size);
+    if (ptr == NULL)
+	errorx(1, "unable to allocate memory");
+    return(ptr);
+}
+
+/*
+ * erealloc3() realloc(3)s nmemb * size bytes and exits with an error
+ * if overflow would occur or if the system malloc(3)/realloc(3) fails.
+ * You can call erealloc() with a NULL pointer even if the system realloc(3)
+ * does not support this.
+ */
+void *
+erealloc3(ptr, nmemb, size)
+    void *ptr;
+    size_t nmemb;
+    size_t size;
+{
+
+    if (nmemb == 0 || size == 0)
+	errorx(1, "internal error, tried to erealloc3(0)");
+    if (nmemb > SIZE_MAX / size)
+	errorx(1, "internal error, erealloc3() overflow");
+
+    size *= nmemb;
+    ptr = ptr ? realloc(ptr, size) : malloc(size);
+    if (ptr == NULL)
+	errorx(1, "unable to allocate memory");
+    return(ptr);
+}
+
+/*
+ * estrdup() is like strdup(3) except that it exits with an error if
+ * malloc(3) fails.  NOTE: unlike strdup(3), estrdup(NULL) is legal.
+ */
+char *
+estrdup(src)
+    const char *src;
+{
+    char *dst = NULL;
+    size_t size;
+
+    if (src != NULL) {
+	size = strlen(src) + 1;
+	dst = (char *) emalloc(size);
+	(void) memcpy(dst, src, size);
+    }
+    return(dst);
+}
+
+/*
+ * easprintf() calls vasprintf() and exits with an error if vasprintf()
+ * returns -1 (out of memory).
+ */
+int
+#ifdef __STDC__
+easprintf(char **ret, const char *fmt, ...)
+#else
+easprintf(ret, fmt, va_alist)
+    char **ret;
+    const char *fmt;
+    va_dcl
+#endif
+{
+    int len;
+    va_list ap;
+#ifdef __STDC__
+    va_start(ap, fmt);
+#else
+    va_start(ap);
+#endif
+    len = vasprintf(ret, fmt, ap);
+    va_end(ap);
+
+    if (len == -1)
+	errorx(1, "unable to allocate memory");
+    return(len);
+}
+
+/*
+ * evasprintf() calls vasprintf() and exits with an error if vasprintf()
+ * returns -1 (out of memory).
+ */
+int
+evasprintf(ret, format, args)
+    char **ret;
+    const char *format;
+    va_list args;
+{
+    int len;
+
+    if ((len = vasprintf(ret, format, args)) == -1)
+	errorx(1, "unable to allocate memory");
+    return(len);
+}
+
+/*
+ * Wrapper for free(3) so we can depend on C89 semantics.
+ */
+void
+efree(ptr)
+    void *ptr;
+{
+    if (ptr != NULL)
+	free(ptr);
+}
diff --git a/sudo-1.7.4p4/alloc.h b/sudo-1.7.4p4/alloc.h
new file mode 100644
index 0000000..d3e1b07
--- /dev/null
+++ b/sudo-1.7.4p4/alloc.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_ALLOC_H
+#define _SUDO_ALLOC_H
+
+#ifdef __STDC__
+# include <stdarg.h>
+int	 easprintf(char **, const char *, ...) __printflike(2, 3);
+int	 evasprintf(char **, const char *, va_list) __printflike(2, 0);
+void	 efree(void *);
+void	*emalloc(size_t);
+void	*emalloc2(size_t, size_t);
+void	*erealloc(void *, size_t);
+void	*erealloc3(void *, size_t, size_t);
+char	*estrdup(const char *);
+#else
+# include <varargs.h>
+int	 easprintf();
+int	 evasprintf();
+void	 efree();
+void	*emalloc();
+void	*emalloc2();
+void	*erealloc();
+void	*erealloc3();
+char	*estrdup();
+#endif /* __STDC__ */
+
+#endif /* _SUDO_ALLOC_H */
diff --git a/sudo-1.7.4p4/audit.c b/sudo-1.7.4p4/audit.c
new file mode 100644
index 0000000..9226d30
--- /dev/null
+++ b/sudo-1.7.4p4/audit.c
@@ -0,0 +1,85 @@
+/*
+ * Copyright (c) 2009 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef __STDC__
+# include <stdarg.h>
+#else
+# include <varargs.h>
+#endif
+
+#include "compat.h"
+#include "logging.h"
+
+#ifdef HAVE_BSM_AUDIT
+# include "bsm_audit.h"
+#endif
+#ifdef HAVE_LINUX_AUDIT
+# include "linux_audit.h"
+#endif
+
+void
+#ifdef __STDC__
+audit_success(char *exec_args[])
+#else
+audit_success(exec_args)
+    const char *exec_args[];
+#endif
+{
+#ifdef HAVE_BSM_AUDIT
+    bsm_audit_success(exec_args);
+#endif
+#ifdef HAVE_LINUX_AUDIT
+    linux_audit_command(exec_args, 1);
+#endif
+}
+
+void
+#ifdef __STDC__
+audit_failure(char *exec_args[], char const *const fmt, ...)
+#else
+audit_failure(exec_args, fmt, va_alist)
+    const char *exec_args[];
+    char const *const fmt;
+    va_dcl
+#endif
+{
+    va_list ap;
+
+#ifdef __STDC__
+    va_start(ap, fmt);
+#else
+    va_start(ap);
+#endif
+#ifdef HAVE_BSM_AUDIT
+    bsm_audit_failure(exec_args, fmt, ap);
+#endif
+#ifdef HAVE_LINUX_AUDIT
+    linux_audit_command(exec_args, 0);
+#endif
+    va_end(ap);
+}
diff --git a/sudo-1.7.4p4/auth/API b/sudo-1.7.4p4/auth/API
new file mode 100644
index 0000000..fd183fe
--- /dev/null
+++ b/sudo-1.7.4p4/auth/API
@@ -0,0 +1,128 @@
+NOTE: the Sudo auth API is subject to change
+
+Purpose: to provide a simple API for authentication methods that
+         encapsulates things nicely without turning into a maze
+	 of #ifdef's
+
+The sudo_auth struct looks like this:
+
+typedef struct sudo_auth {
+    short flags;                /* various flags, see below */
+    short status;               /* status from verify routine */
+    char *name;			/* name of the method in string form */
+    void *data;                 /* method-specific data pointer */
+
+    int (*init) __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+    int (*setup) __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+    int (*verify) __P((struct passwd *pw, char *p, sudo_auth *auth));
+    int (*cleanup) __P((struct passwd *pw, sudo_auth *auth));
+} sudo_auth;
+
+The variables in the struct are as follows:
+    flags	Bitwise binary flags, see below.
+
+    status	Contains the return value from the last run of
+		the "verify" function.  Starts out as AUTH_FAILURE.
+
+    name	The name of the authentication method as a C string.
+
+    data	A pointer to method-specific data.  This is passed to
+		all the functions of an auth method and is usually
+		initialized in the "init" or "setup" routines.
+
+Possible values of sudo_auth.flags:
+    FLAG_USER		Whether or not the auth functions should run with
+			the euid of the invoking user instead of 0.
+
+    FLAG_CONFIGURED	If set then the auth method is assumed to have been
+			configured successfully.  All auth methods start out
+			with this set.  If an "init" or "setup" function
+			fails, this bit is cleared.
+
+    FLAG_ONEANDONLY	If set, this indicates that the method is the
+			only one in use.  Can be used by auth functions
+			to determine whether to return a fatal or nonfatal
+			error.
+
+The member functions can return the following values:
+    AUTH_SUCCESS	Function succeeded.  For a ``verify'' function
+			this means the user correctly authenticated.
+
+    AUTH_FAILURE	Function failed.  If this is an ``init'' or
+			``setup'' routine, the auth method will be
+			marked as !configured.
+
+    AUTH_FATAL		A fatal error occurred.  The routine should have
+			written an error message to stderr and optionally
+			sent mail to the administrator.  (If log_error()
+			is called to do this, the NO_EXIT flag must be used.)
+			When verify_user() gets AUTH_FATAL from an auth
+			function it does an exit(1).
+
+The functions in the struct are as follows:
+
+    int init(struct passwd *pw, char **prompt, sudo_auth *auth)
+        Function to do any one-time initialization for the auth
+        method.  All of the "init" functions are run before anything
+        else.  A pointer to the prompt string may be used to add
+        method-specific info to the prompt.
+
+    int setup(struct passwd *pw, char **prompt, sudo_auth *auth)
+        Function to do method-specific setup.  All the "setup"
+        routines are run before any of the "verify" routines.  A
+        pointer to the prompt string may be used to add method-specific
+        info to the prompt.
+
+    int verify(struct passwd *pw, char *p, sudo_auth *auth)
+        Function to do user verification for this auth method.  For
+        standalone auth methods ``p'' is the prompt string.  For
+        normal auth methods, ``p'' is the password the user entered.
+        Note that standalone auth methods are responsible for
+        rerading the password themselves.
+
+    int cleanup(struct passwd *pw, sudo_auth *auth)
+        Function to do per-auth method cleanup.  This is only run
+        at the end of the authentication process, after the user
+        has completely failed or succeeded to authenticate.
+	The ``auth->status'' variable contains the result of the
+	last authentication attempt which may be interesting.
+
+A note about standalone methods.  Some authentication methods can't
+coexist with any others.  This may be because they encapsulate other
+methods (pam, sia) or because they have a special way of interacting
+with the user (securid).
+
+Adding a new authentication method:
+
+Each method should live in its own file.  Add prototypes for the functions
+in sudo_auth.h.
+
+If this is a standalone method, add it to the standalone #if cascade
+in sudo_auth.h.  For instance, for a method, ``fooauth'', add:
+
+#elif defined(HAVE_FOOAUTH)
+#  define AUTH_STANDALONE \
+        AUTH_ENTRY(0, "foo", \
+	    foo_init, foo_setup, foo_verify, foo_cleanup)
+
+If the method needs to run as the user, not root, replace the first
+parameter to AUTH_ENTRY (0) with FLAG_USER.  If you don't have a
+init/setup/cleanup routine, just use a NULL for that field.
+
+For a normal authentication method, add it to the ``auth_switch'' in
+sudo_auth.c.  If ``fooauth'' is a normal auth method, its entry
+would look like:
+
+#  ifdef HAVE_FOOAUTH
+    AUTH_ENTRY(0, "foo", foo_init, foo_setup, foo_verify, foo_cleanup)
+#  endif
+
+Again, if the method doesn't need to run as root, replace the 0 with
+FLAG_USER.  Likewise, if you don't have a init/setup/cleanup routine,
+just use a NULL for that field.
+
+NOTE:  You should not make a method both ``standalone'' and
+       ``normal''.  Just use the --without-passwd configure argument
+       to disable passwd/shadow file checking and then have your
+       auth routines check the FLAG_ONEANDONLY flag to see if
+       they are running standalone and act accordingly.
diff --git a/sudo-1.7.4p4/auth/afs.c b/sudo-1.7.4p4/auth/afs.c
new file mode 100644
index 0000000..2b9d7b9
--- /dev/null
+++ b/sudo-1.7.4p4/auth/afs.c
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 1999, 2001-2005, 2007, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+#include <afs/stds.h>
+#include <afs/kautils.h>
+
+int
+afs_verify(pw, pass, auth)
+    struct passwd *pw;
+    char *pass;
+    sudo_auth *auth;
+{
+    struct ktc_encryptionKey afs_key;
+    struct ktc_token afs_token;
+
+    /* Try to just check the password */
+    ka_StringToKey(pass, NULL, &afs_key);
+    if (ka_GetAdminToken(pw->pw_name,		/* name */
+			 NULL,			/* instance */
+			 NULL,			/* realm */
+			 &afs_key,		/* key (contains password) */
+			 0,			/* lifetime */
+			 &afs_token,		/* token */
+			 0) == 0)		/* new */
+	return(AUTH_SUCCESS);
+
+    /* Fall back on old method XXX - needed? */
+    setpag();
+    if (ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION+KA_USERAUTH_DOSETPAG,
+				   pw->pw_name,	/* name */
+				   NULL,	/* instance */
+				   NULL,	/* realm */
+				   pass,	/* password */
+				   0,		/* lifetime */
+				   NULL,	/* expiration ptr (unused) */
+				   0,		/* spare */
+				   NULL) == 0)	/* reason */
+	return(AUTH_SUCCESS);
+
+    return(AUTH_FAILURE);
+}
diff --git a/sudo-1.7.4p4/auth/aix_auth.c b/sudo-1.7.4p4/auth/aix_auth.c
new file mode 100644
index 0000000..7a776be
--- /dev/null
+++ b/sudo-1.7.4p4/auth/aix_auth.c
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 1999-2005, 2007-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <usersec.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+/*
+ * For a description of the AIX authentication API, see
+ * http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/libs/basetrf1/authenticate.htm
+ */
+int
+aixauth_verify(pw, prompt, auth)
+    struct passwd *pw;
+    char *prompt;
+    sudo_auth *auth;
+{
+    char *pass;
+    char *message = NULL;
+    int reenter = 1;
+    int rval = AUTH_FAILURE;
+
+    pass = tgetpass(prompt, def_passwd_timeout * 60, tgetpass_flags);
+    if (pass) {
+	/* XXX - should probably print message on failure. */
+	if (authenticate(pw->pw_name, pass, &reenter, &message) == 0)
+	    rval = AUTH_SUCCESS;
+	free(message);
+	zero_bytes(pass, strlen(pass));
+    }
+    return(rval);
+}
+
+int
+aixauth_cleanup(pw, auth)
+    struct passwd *pw;
+    sudo_auth *auth;
+{
+    /* Unset AUTHSTATE as it may not be correct for the runas user. */
+    unsetenv("AUTHSTATE");
+
+    return(AUTH_SUCCESS);
+}
diff --git a/sudo-1.7.4p4/auth/bsdauth.c b/sudo-1.7.4p4/auth/bsdauth.c
new file mode 100644
index 0000000..2539713
--- /dev/null
+++ b/sudo-1.7.4p4/auth/bsdauth.c
@@ -0,0 +1,169 @@
+/*
+ * Copyright (c) 2000-2005, 2007-2008, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <ctype.h>
+#include <pwd.h>
+#include <signal.h>
+
+#include <login_cap.h>
+#include <bsd_auth.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+extern char *login_style;		/* from sudo.c */
+
+int
+bsdauth_init(pw, promptp, auth)
+    struct passwd *pw;
+    char **promptp;
+    sudo_auth *auth;
+{
+    static auth_session_t *as;
+    extern login_cap_t *lc;			/* from sudo.c */
+
+    if ((as = auth_open()) == NULL) {
+	log_error(USE_ERRNO|NO_EXIT|NO_MAIL,
+	    "unable to begin bsd authentication");
+	return(AUTH_FATAL);
+    }
+
+    /* XXX - maybe sanity check the auth style earlier? */
+    login_style = login_getstyle(lc, login_style, "auth-sudo");
+    if (login_style == NULL) {
+	log_error(NO_EXIT|NO_MAIL, "invalid authentication type");
+	auth_close(as);
+	return(AUTH_FATAL);
+    }
+
+     if (auth_setitem(as, AUTHV_STYLE, login_style) < 0 ||
+	auth_setitem(as, AUTHV_NAME, pw->pw_name) < 0 ||
+	auth_setitem(as, AUTHV_CLASS, login_class) < 0) {
+	log_error(NO_EXIT|NO_MAIL, "unable to setup authentication");
+	auth_close(as);
+	return(AUTH_FATAL);
+    }
+
+    auth->data = (void *) as;
+    return(AUTH_SUCCESS);
+}
+
+int
+bsdauth_verify(pw, prompt, auth)
+    struct passwd *pw;
+    char *prompt;
+    sudo_auth *auth;
+{
+    char *pass;
+    char *s;
+    size_t len;
+    int authok = 0;
+    sigaction_t sa, osa;
+    auth_session_t *as = (auth_session_t *) auth->data;
+
+    /* save old signal handler */
+    sigemptyset(&sa.sa_mask);
+    sa.sa_flags = SA_RESTART;
+    sa.sa_handler = SIG_DFL;
+    (void) sigaction(SIGCHLD, &sa, &osa);
+
+    /*
+     * If there is a challenge then print that instead of the normal
+     * prompt.  If the user just hits return we prompt again with echo
+     * turned on, which is useful for challenge/response things like
+     * S/Key.
+     */
+    if ((s = auth_challenge(as)) == NULL) {
+	pass = tgetpass(prompt, def_passwd_timeout * 60, tgetpass_flags);
+    } else {
+	pass = tgetpass(s, def_passwd_timeout * 60, tgetpass_flags);
+	if (pass && *pass == '\0') {
+	    if ((prompt = strrchr(s, '\n')))
+		prompt++;
+	    else
+		prompt = s;
+
+	    /*
+	     * Append '[echo on]' to the last line of the challenge and
+	     * reprompt with echo turned on.
+	     */
+	    len = strlen(prompt) - 1;
+	    while (isspace(prompt[len]) || prompt[len] == ':')
+		prompt[len--] = '\0';
+	    easprintf(&s, "%s [echo on]: ", prompt);
+	    pass = tgetpass(s, def_passwd_timeout * 60,
+		tgetpass_flags | TGP_ECHO);
+	    free(s);
+	}
+    }
+
+    if (pass) {
+	authok = auth_userresponse(as, pass, 1);
+	zero_bytes(pass, strlen(pass));
+    }
+
+    /* restore old signal handler */
+    (void) sigaction(SIGCHLD, &osa, NULL);
+
+    if (authok)
+	return(AUTH_SUCCESS);
+
+    if (!pass)
+	return(AUTH_INTR);
+
+    if ((s = auth_getvalue(as, "errormsg")) != NULL)
+	log_error(NO_EXIT|NO_MAIL, "%s", s);
+    return(AUTH_FAILURE);
+}
+
+int
+bsdauth_cleanup(pw, auth)
+    struct passwd *pw;
+    sudo_auth *auth;
+{
+    auth_session_t *as = (auth_session_t *) auth->data;
+
+    auth_close(as);
+
+    return(AUTH_SUCCESS);
+}
diff --git a/sudo-1.7.4p4/auth/dce.c b/sudo-1.7.4p4/auth/dce.c
new file mode 100644
index 0000000..76b43b3
--- /dev/null
+++ b/sudo-1.7.4p4/auth/dce.c
@@ -0,0 +1,202 @@
+/*
+ * Copyright (c) 1996, 1998-2005, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+/*
+ *  The code below basically comes from the examples supplied on
+ *  the OSF DCE 1.0.3 manpages for the sec_login routines, with
+ *  enough additional polishing to make the routine work with the
+ *  rest of sudo.
+ *
+ *  This code is known to work on HP 700 and 800 series systems
+ *  running HP-UX 9.X and 10.X, with either HP's version 1.2.1 of DCE.
+ *  (aka, OSF DCE 1.0.3) or with HP's version 1.4 of DCE (aka, OSF
+ *  DCE 1.1).
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+
+#include <dce/rpc.h>
+#include <dce/sec_login.h>
+#include <dce/dce_error.h> /* required to call dce_error_inq_text routine */
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+static int check_dce_status __P((error_status_t, char *));
+
+int
+dce_verify(pw, plain_pw, auth)
+    struct passwd *pw;
+    char *plain_pw;
+    sudo_auth *auth;
+{
+    struct passwd		temp_pw;
+    sec_passwd_rec_t		password_rec;
+    sec_login_handle_t		login_context;
+    boolean32			reset_passwd;
+    sec_login_auth_src_t	auth_src;
+    error_status_t		status;
+
+    /*
+     * Create the local context of the DCE principal necessary
+     * to perform authenticated network operations.  The network
+     * identity set up by this operation cannot be used until it
+     * is validated via sec_login_validate_identity().
+     */
+    if (sec_login_setup_identity((unsigned_char_p_t) pw->pw_name,
+	sec_login_no_flags, &login_context, &status)) {
+
+	if (check_dce_status(status, "sec_login_setup_identity(1):"))
+	    return(AUTH_FAILURE);
+
+	password_rec.key.key_type = sec_passwd_plain;
+	password_rec.key.tagged_union.plain = (idl_char *) plain_pw;
+	password_rec.pepper = NULL;
+	password_rec.version_number = sec_passwd_c_version_none;
+
+	/* Validate the login context with the password */
+	if (sec_login_validate_identity(login_context, &password_rec,
+	    &reset_passwd, &auth_src, &status)) {
+
+	    if (check_dce_status(status, "sec_login_validate_identity(1):"))
+		return(AUTH_FAILURE);
+
+	    /*
+	     * Certify that the DCE Security Server used to set
+	     * up and validate a login context is legitimate.  Makes
+	     * sure that we didn't get spoofed by another DCE server.
+	     */
+	    if (!sec_login_certify_identity(login_context, &status)) {
+		(void) fprintf(stderr, "Whoa! Bogus authentication server!\n");
+		(void) check_dce_status(status,"sec_login_certify_identity(1):");
+		return(AUTH_FAILURE);
+	    }
+	    if (check_dce_status(status, "sec_login_certify_identity(2):"))
+		return(AUTH_FAILURE);
+
+	    /*
+	     * Sets the network credentials to those specified
+	     * by the now validated login context.
+	     */
+	    sec_login_set_context(login_context, &status);
+	    if (check_dce_status(status, "sec_login_set_context:"))
+		return(AUTH_FAILURE);
+
+	    /*
+	     * Oops, your credentials were no good. Possibly
+	     * caused by clock times out of adjustment between
+	     * DCE client and DCE security server...
+	     */
+	    if (auth_src != sec_login_auth_src_network) {
+		    (void) fprintf(stderr,
+			"You have no network credentials.\n");
+		    return(AUTH_FAILURE);
+	    }
+	    /* Check if the password has aged and is thus no good */
+	    if (reset_passwd) {
+		    (void) fprintf(stderr,
+			"Your DCE password needs resetting.\n");
+		    return(AUTH_FAILURE);
+	    }
+
+	    /*
+	     * We should be a valid user by this point.  Pull the
+	     * user's password structure from the DCE security
+	     * server just to make sure.  If we get it with no
+	     * problems, then we really are legitimate...
+	     */
+	    sec_login_get_pwent(login_context, (sec_login_passwd_t) &temp_pw,
+		&status);
+	    if (check_dce_status(status, "sec_login_get_pwent:"))
+		return(AUTH_FAILURE);
+
+	    /*
+	     * If we get to here, then the pwent above properly fetched
+	     * the password structure from the DCE registry, so the user
+	     * must be valid.  We don't really care what the user's
+	     * registry password is, just that the user could be
+	     * validated.  In fact, if we tried to compare the local
+	     * password to the DCE entry at this point, the operation
+	     * would fail if the hidden password feature is turned on,
+	     * because the password field would contain an asterisk.
+	     * Also go ahead and destroy the user's DCE login context
+	     * before we leave here (and don't bother checking the
+	     * status), in order to clean up credentials files in
+	     * /opt/dcelocal/var/security/creds.  By doing this, we are
+	     * assuming that the user will not need DCE authentication
+	     * later in the program, only local authentication.  If this
+	     * is not true, then the login_context will have to be
+	     * returned to the calling program, and the context purged
+	     * somewhere later in the program.
+	     */
+	    sec_login_purge_context(&login_context, &status);
+	    return(AUTH_SUCCESS);
+	} else {
+	    if(check_dce_status(status, "sec_login_validate_identity(2):"))
+		return(AUTH_FAILURE);
+	    sec_login_purge_context(&login_context, &status);
+	    if(check_dce_status(status, "sec_login_purge_context:"))
+		return(AUTH_FAILURE);
+	}
+    }
+    (void) check_dce_status(status, "sec_login_setup_identity(2):");
+    return(AUTH_FAILURE);
+}
+
+/* Returns 0 for DCE "ok" status, 1 otherwise */
+static int
+check_dce_status(input_status, comment)
+    error_status_t input_status;
+    char *comment;
+{
+    int error_stat;
+    unsigned char error_string[dce_c_error_string_len];
+
+    if (input_status == rpc_s_ok)
+	return(0);
+    dce_error_inq_text(input_status, error_string, &error_stat);
+    (void) fprintf(stderr, "%s %s\n", comment, error_string);
+    return(1);
+}
diff --git a/sudo-1.7.4p4/auth/fwtk.c b/sudo-1.7.4p4/auth/fwtk.c
new file mode 100644
index 0000000..fba99e8
--- /dev/null
+++ b/sudo-1.7.4p4/auth/fwtk.c
@@ -0,0 +1,159 @@
+/*
+ * Copyright (c) 1999-2005, 2008, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+
+#include <auth.h>
+#include <firewall.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+int
+fwtk_init(pw, promptp, auth)
+    struct passwd *pw;
+    char **promptp;
+    sudo_auth *auth;
+{
+    static Cfg *confp;			/* Configuration entry struct */
+    char resp[128];			/* Response from the server */
+
+    if ((confp = cfg_read("sudo")) == (Cfg *)-1) {
+	warningx("cannot read fwtk config");
+	return(AUTH_FATAL);
+    }
+
+    if (auth_open(confp)) {
+	warningx("cannot connect to authentication server");
+	return(AUTH_FATAL);
+    }
+
+    /* Get welcome message from auth server */
+    if (auth_recv(resp, sizeof(resp))) {
+	warningx("lost connection to authentication server");
+	return(AUTH_FATAL);
+    }
+    if (strncmp(resp, "Authsrv ready", 13) != 0) {
+	warningx("authentication server error:\n%s", resp);
+	return(AUTH_FATAL);
+    }
+
+    return(AUTH_SUCCESS);
+}
+
+int
+fwtk_verify(pw, prompt, auth)
+    struct passwd *pw;
+    char *prompt;
+    sudo_auth *auth;
+{
+    char *pass;				/* Password from the user */
+    char buf[SUDO_PASS_MAX + 12];	/* General prupose buffer */
+    char resp[128];			/* Response from the server */
+    int error;
+
+    /* Send username to authentication server. */
+    (void) snprintf(buf, sizeof(buf), "authorize %s 'sudo'", pw->pw_name);
+restart:
+    if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
+	warningx("lost connection to authentication server");
+	return(AUTH_FATAL);
+    }
+
+    /* Get the password/response from the user. */
+    if (strncmp(resp, "challenge ", 10) == 0) {
+	(void) snprintf(buf, sizeof(buf), "%s\nResponse: ", &resp[10]);
+	pass = tgetpass(buf, def_passwd_timeout * 60, tgetpass_flags);
+	if (pass && *pass == '\0') {
+	    pass = tgetpass("Response [echo on]: ",
+		def_passwd_timeout * 60, tgetpass_flags | TGP_ECHO);
+	}
+    } else if (strncmp(resp, "chalnecho ", 10) == 0) {
+	pass = tgetpass(&resp[10], def_passwd_timeout * 60, tgetpass_flags);
+    } else if (strncmp(resp, "password", 8) == 0) {
+	pass = tgetpass(prompt, def_passwd_timeout * 60,
+	    tgetpass_flags);
+    } else if (strncmp(resp, "display ", 8) == 0) {
+	fprintf(stderr, "%s\n", &resp[8]);
+	strlcpy(buf, "response dummy", sizeof(buf));
+	goto restart;
+    } else {
+	warningx("%s", resp);
+	return(AUTH_FATAL);
+    }
+    if (!pass) {			/* ^C or error */
+	return(AUTH_INTR);
+    }
+
+    /* Send the user's response to the server */
+    (void) snprintf(buf, sizeof(buf), "response '%s'", pass);
+    if (auth_send(buf) || auth_recv(resp, sizeof(resp))) {
+	warningx("lost connection to authentication server");
+	error = AUTH_FATAL;
+	goto done;
+    }
+
+    if (strncmp(resp, "ok", 2) == 0) {
+	error = AUTH_SUCCESS;
+	goto done;
+    }
+
+    /* Main loop prints "Permission Denied" or insult. */
+    if (strcmp(resp, "Permission Denied.") != 0)
+	warningx("%s", resp);
+    error = AUTH_FAILURE;
+done:
+    zero_bytes(pass, strlen(pass));
+    zero_bytes(buf, strlen(buf));
+    return(error);
+}
+
+int
+fwtk_cleanup(pw, auth)
+    struct passwd *pw;
+    sudo_auth *auth;
+{
+
+    auth_close();
+    return(AUTH_SUCCESS);
+}
diff --git a/sudo-1.7.4p4/auth/kerb4.c b/sudo-1.7.4p4/auth/kerb4.c
new file mode 100644
index 0000000..f3107a0
--- /dev/null
+++ b/sudo-1.7.4p4/auth/kerb4.c
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 1999-2005, 2007, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <krb.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+int
+kerb4_init(pw, promptp, auth)
+    struct passwd *pw;
+    char **promptp;
+    sudo_auth *auth;
+{
+    static char realm[REALM_SZ];
+
+    /* Don't try to verify root */
+    if (pw->pw_uid == 0)
+	return(AUTH_FAILURE);
+
+    /* Get the local realm, or retrun failure (no krb.conf) */
+    if (krb_get_lrealm(realm, 1) != KSUCCESS)
+	return(AUTH_FAILURE);
+
+    /* Stash a pointer to the realm (used in kerb4_verify) */
+    auth->data = (void *) realm;
+
+    return(AUTH_SUCCESS);
+}
+
+int
+kerb4_verify(pw, pass, auth)
+    struct passwd *pw;
+    char *pass;
+    sudo_auth *auth;
+{
+    char tkfile[sizeof(_PATH_SUDO_TIMEDIR) + 4 + MAX_UID_T_LEN];
+    char *realm = (char *) auth->data;
+    int error;
+
+    /*
+     * Set the ticket file to be in sudo sudo timedir so we don't
+     * wipe out other (real) kerberos tickets.
+     */
+    (void) snprintf(tkfile, sizeof(tkfile), "%s/tkt%lu",
+	_PATH_SUDO_TIMEDIR, (unsigned long) pw->pw_uid);
+    (void) krb_set_tkt_string(tkfile);
+
+    /* Convert the password to a ticket given. */
+    error = krb_get_pw_in_tkt(pw->pw_name, "", realm, "krbtgt", realm,
+	DEFAULT_TKT_LIFE, pass);
+
+    switch (error) {
+	case INTK_OK:
+	    dest_tkt();			/* we are done with the temp ticket */
+	    return(AUTH_SUCCESS);
+	    break;
+	case INTK_BADPW:
+	case KDC_PR_UNKNOWN:
+	    break;
+	default:
+	    (void) fprintf(stderr, "Warning: Kerberos error: %s\n",
+		krb_err_txt[error]);
+    }
+
+    return(AUTH_FAILURE);
+}
diff --git a/sudo-1.7.4p4/auth/kerb5.c b/sudo-1.7.4p4/auth/kerb5.c
new file mode 100644
index 0000000..230898f
--- /dev/null
+++ b/sudo-1.7.4p4/auth/kerb5.c
@@ -0,0 +1,319 @@
+/*
+ * Copyright (c) 1999-2005, 2007-2008, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <krb5.h>
+#ifdef HAVE_HEIMDAL
+#include <com_err.h>
+#endif
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+#ifdef HAVE_HEIMDAL
+# define extract_name(c, p)		krb5_principal_get_comp_string(c, p, 1)
+# define krb5_free_data_contents(c, d)	krb5_data_free(d)
+#else
+# define extract_name(c, p)		(krb5_princ_component(c, p, 1)->data)
+#endif
+
+#ifndef HAVE_KRB5_VERIFY_USER
+static int verify_krb_v5_tgt __P((krb5_context, krb5_creds *, char *));
+#endif
+static struct _sudo_krb5_data {
+    krb5_context	sudo_context;
+    krb5_principal	princ;
+    krb5_ccache		ccache;
+} sudo_krb5_data = { NULL, NULL, NULL };
+typedef struct _sudo_krb5_data *sudo_krb5_datap;
+
+#ifndef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
+static krb5_error_code
+krb5_get_init_creds_opt_alloc(context, opts)
+    krb5_context		context;
+    krb5_get_init_creds_opt   **opts;
+{
+    *opts = emalloc(sizeof(krb5_get_init_creds_opt));
+    krb5_get_init_creds_opt_init(*opts);
+    return 0;
+}
+
+static void
+krb5_get_init_creds_opt_free(opts)
+    krb5_get_init_creds_opt *opts;
+{
+    free(opts);
+}
+#endif
+
+int
+kerb5_init(pw, promptp, auth)
+    struct passwd *pw;
+    char **promptp;
+    sudo_auth *auth;
+{
+    krb5_context	sudo_context;
+    krb5_ccache		ccache;
+    krb5_principal	princ;
+    krb5_error_code 	error;
+    char		cache_name[64];
+    char		*pname;
+
+    auth->data = (void *) &sudo_krb5_data; /* Stash all our data here */
+
+#ifdef HAVE_KRB5_INIT_SECURE_CONTEXT
+    error = krb5_init_secure_context(&(sudo_krb5_data.sudo_context));
+#else
+    error = krb5_init_context(&(sudo_krb5_data.sudo_context));
+#endif
+    if (error)
+	return(AUTH_FAILURE);
+    sudo_context = sudo_krb5_data.sudo_context;
+
+    if ((error = krb5_parse_name(sudo_context, pw->pw_name,
+	&(sudo_krb5_data.princ)))) {
+	log_error(NO_EXIT|NO_MAIL,
+		  "%s: unable to parse '%s': %s", auth->name, pw->pw_name,
+		  error_message(error));
+	return(AUTH_FAILURE);
+    }
+    princ = sudo_krb5_data.princ;
+
+    /*
+     * Really, we need to tell the caller not to prompt for password.
+     * The API does not currently provide this unless the auth is standalone.
+     */
+#if 1
+    if ((error = krb5_unparse_name(sudo_context, princ, &pname))) {
+	log_error(NO_EXIT|NO_MAIL,
+		  "%s: unable to unparse princ ('%s'): %s", auth->name,
+		  pw->pw_name, error_message(error));
+	return(AUTH_FAILURE);
+    }
+
+    /* Only rewrite prompt if user didn't specify their own. */
+    /*if (!strcmp(prompt, PASSPROMPT)) { */
+	easprintf(promptp, "Password for %s: ", pname);
+    /*}*/
+    free(pname);
+#endif
+
+    (void) snprintf(cache_name, sizeof(cache_name), "MEMORY:sudocc_%ld",
+		    (long) getpid());
+    if ((error = krb5_cc_resolve(sudo_context, cache_name,
+	&(sudo_krb5_data.ccache)))) {
+	log_error(NO_EXIT|NO_MAIL,
+		  "%s: unable to resolve ccache: %s", auth->name,
+		  error_message(error));
+	return(AUTH_FAILURE);
+    }
+    ccache = sudo_krb5_data.ccache;
+
+    return(AUTH_SUCCESS);
+}
+
+#ifdef HAVE_KRB5_VERIFY_USER
+int
+kerb5_verify(pw, pass, auth)
+    struct passwd *pw;
+    char *pass;
+    sudo_auth *auth;
+{
+    krb5_context	sudo_context;
+    krb5_principal	princ;
+    krb5_ccache		ccache;
+    krb5_error_code	error;
+
+    sudo_context = ((sudo_krb5_datap) auth->data)->sudo_context;
+    princ = ((sudo_krb5_datap) auth->data)->princ;
+    ccache = ((sudo_krb5_datap) auth->data)->ccache;
+
+    error = krb5_verify_user(sudo_context, princ, ccache, pass, 1, NULL);
+    return (error ? AUTH_FAILURE : AUTH_SUCCESS);
+}
+#else
+int
+kerb5_verify(pw, pass, auth)
+    struct passwd *pw;
+    char *pass;
+    sudo_auth *auth;
+{
+    krb5_context	sudo_context;
+    krb5_principal	princ;
+    krb5_creds		credbuf, *creds = NULL;
+    krb5_ccache		ccache;
+    krb5_error_code	error;
+    krb5_get_init_creds_opt *opts = NULL;
+
+    sudo_context = ((sudo_krb5_datap) auth->data)->sudo_context;
+    princ = ((sudo_krb5_datap) auth->data)->princ;
+    ccache = ((sudo_krb5_datap) auth->data)->ccache;
+
+    /* Set default flags based on the local config file. */
+    error = krb5_get_init_creds_opt_alloc(sudo_context, &opts);
+    if (error) {
+	log_error(NO_EXIT|NO_MAIL,
+		  "%s: unable to allocate options: %s", auth->name,
+		  error_message(error));
+	goto done;
+    }
+#ifdef HAVE_HEIMDAL
+    krb5_get_init_creds_opt_set_default_flags(sudo_context, NULL,
+	krb5_principal_get_realm(sudo_context, princ), opts);
+#endif
+
+    /* Note that we always obtain a new TGT to verify the user */
+    if ((error = krb5_get_init_creds_password(sudo_context, &credbuf, princ,
+					     pass, krb5_prompter_posix,
+					     NULL, 0, NULL, opts))) {
+	/* Don't print error if just a bad password */
+	if (error != KRB5KRB_AP_ERR_BAD_INTEGRITY)
+	    log_error(NO_EXIT|NO_MAIL,
+		      "%s: unable to get credentials: %s", auth->name,
+		      error_message(error));
+	goto done;
+    }
+    creds = &credbuf;
+
+    /* Verify the TGT to prevent spoof attacks. */
+    if ((error = verify_krb_v5_tgt(sudo_context, creds, auth->name)))
+	goto done;
+
+    /* Store cred in cred cache. */
+    if ((error = krb5_cc_initialize(sudo_context, ccache, princ))) {
+	log_error(NO_EXIT|NO_MAIL,
+		  "%s: unable to initialize ccache: %s", auth->name,
+		  error_message(error));
+    } else if ((error = krb5_cc_store_cred(sudo_context, ccache, creds))) {
+	log_error(NO_EXIT|NO_MAIL,
+		  "%s: unable to store cred in ccache: %s", auth->name,
+		  error_message(error));
+    }
+
+done:
+    if (opts) {
+#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS
+	krb5_get_init_creds_opt_free(sudo_context, opts);
+#else
+	krb5_get_init_creds_opt_free(opts);
+#endif
+    }
+    if (creds)
+	krb5_free_cred_contents(sudo_context, creds);
+    return (error ? AUTH_FAILURE : AUTH_SUCCESS);
+}
+#endif
+
+int
+kerb5_cleanup(pw, auth)
+    struct passwd *pw;
+    sudo_auth *auth;
+{
+    krb5_context	sudo_context;
+    krb5_principal	princ;
+    krb5_ccache		ccache;
+
+    sudo_context = ((sudo_krb5_datap) auth->data)->sudo_context;
+    princ = ((sudo_krb5_datap) auth->data)->princ;
+    ccache = ((sudo_krb5_datap) auth->data)->ccache;
+
+    if (sudo_context) {
+	if (ccache)
+	    krb5_cc_destroy(sudo_context, ccache);
+	if (princ)
+	    krb5_free_principal(sudo_context, princ);
+	krb5_free_context(sudo_context);
+    }
+
+    return(AUTH_SUCCESS);
+}
+
+#ifndef HAVE_KRB5_VERIFY_USER
+/*
+ * Verify the Kerberos ticket-granting ticket just retrieved for the
+ * user.  If the Kerberos server doesn't respond, assume the user is
+ * trying to fake us out (since we DID just get a TGT from what is
+ * supposedly our KDC).
+ *
+ * Returns 0 for successful authentication, non-zero for failure.
+ */
+static int
+verify_krb_v5_tgt(sudo_context, cred, auth_name)
+    krb5_context	sudo_context;
+    krb5_creds		*cred;
+    char		*auth_name; /* For error reporting */
+{
+    krb5_error_code	error;
+    krb5_principal	server;
+    krb5_verify_init_creds_opt vopt;
+
+    /*
+     * Get the server principal for the local host.
+     * (Use defaults of "host" and canonicalized local name.)
+     */
+    if ((error = krb5_sname_to_principal(sudo_context, NULL, NULL,
+					KRB5_NT_SRV_HST, &server))) {
+	log_error(NO_EXIT|NO_MAIL,
+		  "%s: unable to get host principal: %s", auth_name,
+		  error_message(error));
+	return(-1);
+    }
+
+    /* Initialize verify opts and set secure mode */
+    krb5_verify_init_creds_opt_init(&vopt);
+    krb5_verify_init_creds_opt_set_ap_req_nofail(&vopt, 1);
+
+    /* verify the Kerberos ticket-granting ticket we just retrieved */
+    error = krb5_verify_init_creds(sudo_context, cred, server, NULL,
+				   NULL, &vopt);
+    krb5_free_principal(sudo_context, server);
+    if (error)
+	log_error(NO_EXIT|NO_MAIL,
+		  "%s: Cannot verify TGT! Possible attack!: %s", auth_name,
+		  error_message(error));
+    return(error);
+}
+#endif
diff --git a/sudo-1.7.4p4/auth/pam.c b/sudo-1.7.4p4/auth/pam.c
new file mode 100644
index 0000000..ca2ef10
--- /dev/null
+++ b/sudo-1.7.4p4/auth/pam.c
@@ -0,0 +1,350 @@
+/*
+ * Copyright (c) 1999-2005, 2007-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <errno.h>
+
+#ifdef HAVE_PAM_PAM_APPL_H
+# include <pam/pam_appl.h>
+#else
+# include <security/pam_appl.h>
+#endif
+
+#ifdef HAVE_DGETTEXT
+# include <libintl.h>
+# if defined(__LINUX_PAM__)
+#  define PAM_TEXT_DOMAIN	"Linux-PAM"
+# elif defined(__sun__)
+#  define PAM_TEXT_DOMAIN	"SUNW_OST_SYSOSPAM"
+# endif
+#endif
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+/* Only OpenPAM and Linux PAM use const qualifiers. */
+#if defined(_OPENPAM) || defined(OPENPAM_VERSION) || \
+    defined(__LIBPAM_VERSION) || defined(__LINUX_PAM__)
+# define PAM_CONST	const
+#else
+# define PAM_CONST
+#endif
+
+static int sudo_conv __P((int, PAM_CONST struct pam_message **,
+			  struct pam_response **, void *));
+static char *def_prompt = "Password:";
+static int gotintr;
+
+#ifndef PAM_DATA_SILENT
+#define PAM_DATA_SILENT	0
+#endif
+
+static pam_handle_t *pamh;	/* global due to pam_prep_user() */
+
+int
+pam_init(pw, promptp, auth)
+    struct passwd *pw;
+    char **promptp;
+    sudo_auth *auth;
+{
+    static struct pam_conv pam_conv;
+    static int pam_status;
+
+    /* Initial PAM setup */
+    if (auth != NULL)
+	auth->data = (void *) &pam_status;
+    pam_conv.conv = sudo_conv;
+#ifdef HAVE_PAM_LOGIN
+    if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
+	pam_status = pam_start("sudo-i", pw->pw_name, &pam_conv, &pamh);
+    else
+#endif
+	pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
+
+    if (pam_status != PAM_SUCCESS) {
+	log_error(USE_ERRNO|NO_EXIT|NO_MAIL, "unable to initialize PAM");
+	return(AUTH_FATAL);
+    }
+
+    /*
+     * Set PAM_RUSER to the invoking user (the "from" user).
+     * We set PAM_RHOST to avoid a bug in Solaris 7 and below.
+     */
+    (void) pam_set_item(pamh, PAM_RUSER, user_name);
+#ifdef __sun__
+    (void) pam_set_item(pamh, PAM_RHOST, user_host);
+#endif
+
+    /*
+     * Some versions of pam_lastlog have a bug that
+     * will cause a crash if PAM_TTY is not set so if
+     * there is no tty, set PAM_TTY to the empty string.
+     */
+    if (user_ttypath == NULL)
+	(void) pam_set_item(pamh, PAM_TTY, "");
+    else
+	(void) pam_set_item(pamh, PAM_TTY, user_ttypath);
+
+    return(AUTH_SUCCESS);
+}
+
+int
+pam_verify(pw, prompt, auth)
+    struct passwd *pw;
+    char *prompt;
+    sudo_auth *auth;
+{
+    const char *s;
+    int *pam_status = (int *) auth->data;
+
+    def_prompt = prompt;	/* for sudo_conv */
+
+    /* PAM_SILENT prevents the authentication service from generating output. */
+    *pam_status = pam_authenticate(pamh, PAM_SILENT);
+    switch (*pam_status) {
+	case PAM_SUCCESS:
+	    *pam_status = pam_acct_mgmt(pamh, PAM_SILENT);
+	    switch (*pam_status) {
+		case PAM_SUCCESS:
+		    return(AUTH_SUCCESS);
+		case PAM_AUTH_ERR:
+		    log_error(NO_EXIT|NO_MAIL, "pam_acct_mgmt: %d",
+			*pam_status);
+		    return(AUTH_FAILURE);
+		case PAM_NEW_AUTHTOK_REQD:
+		    log_error(NO_EXIT|NO_MAIL, "%s, %s",
+			"Account or password is expired",
+			"reset your password and try again");
+		    *pam_status = pam_chauthtok(pamh,
+			PAM_CHANGE_EXPIRED_AUTHTOK);
+		    if (*pam_status == PAM_SUCCESS)
+			return(AUTH_SUCCESS);
+		    if ((s = pam_strerror(pamh, *pam_status)))
+			log_error(NO_EXIT|NO_MAIL, "pam_chauthtok: %s", s);
+		    return(AUTH_FAILURE);
+		case PAM_AUTHTOK_EXPIRED:
+		    log_error(NO_EXIT|NO_MAIL,
+			"Password expired, contact your system administrator");
+		    return(AUTH_FATAL);
+		case PAM_ACCT_EXPIRED:
+		    log_error(NO_EXIT|NO_MAIL, "%s %s",
+			"Account expired or PAM config lacks an \"account\"",
+			"section for sudo, contact your system administrator");
+		    return(AUTH_FATAL);
+	    }
+	    /* FALLTHROUGH */
+	case PAM_AUTH_ERR:
+	    if (gotintr) {
+		/* error or ^C from tgetpass() */
+		return(AUTH_INTR);
+	    }
+	case PAM_MAXTRIES:
+	case PAM_PERM_DENIED:
+	    return(AUTH_FAILURE);
+	default:
+	    if ((s = pam_strerror(pamh, *pam_status)))
+		log_error(NO_EXIT|NO_MAIL, "pam_authenticate: %s", s);
+	    return(AUTH_FATAL);
+    }
+}
+
+int
+pam_cleanup(pw, auth)
+    struct passwd *pw;
+    sudo_auth *auth;
+{
+    int *pam_status = (int *) auth->data;
+
+    /* If successful, we can't close the session until pam_prep_user() */
+    if (auth->status == AUTH_SUCCESS)
+	return(AUTH_SUCCESS);
+
+    *pam_status = pam_end(pamh, *pam_status | PAM_DATA_SILENT);
+    return(*pam_status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE);
+}
+
+int
+pam_begin_session(pw)
+    struct passwd *pw;
+{
+    int status =  PAM_SUCCESS;
+
+    /* If the user did not have to authenticate there is no pam handle yet. */
+    if (pamh == NULL)
+	pam_init(pw, NULL, NULL);
+
+    /*
+     * Update PAM_USER to reference the user we are running the command
+     * as, as opposed to the user we authenticated as.
+     */
+    (void) pam_set_item(pamh, PAM_USER, pw->pw_name);
+
+    /*
+     * Set credentials (may include resource limits, device ownership, etc).
+     * We don't check the return value here because in Linux-PAM 0.75
+     * it returns the last saved return code, not the return code
+     * for the setcred module.  Because we haven't called pam_authenticate(),
+     * this is not set and so pam_setcred() returns PAM_PERM_DENIED.
+     * We can't call pam_acct_mgmt() with Linux-PAM for a similar reason.
+     */
+    (void) pam_setcred(pamh, PAM_ESTABLISH_CRED);
+
+#ifndef NO_PAM_SESSION
+    status = pam_open_session(pamh, 0);
+     if (status != PAM_SUCCESS) {
+	(void) pam_end(pamh, status | PAM_DATA_SILENT);
+	pamh = NULL;
+    }
+#endif
+    return(status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE);
+}
+
+int
+pam_end_session()
+{
+    int status = PAM_SUCCESS;
+
+    if (pamh != NULL) {
+#ifndef NO_PAM_SESSION
+	(void) pam_close_session(pamh, 0);
+#endif
+	status = pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT);
+    }
+    return(status == PAM_SUCCESS ? AUTH_SUCCESS : AUTH_FAILURE);
+}
+
+/*
+ * ``Conversation function'' for PAM.
+ * XXX - does not handle PAM_BINARY_PROMPT
+ */
+static int
+sudo_conv(num_msg, msg, response, appdata_ptr)
+    int num_msg;
+    PAM_CONST struct pam_message **msg;
+    struct pam_response **response;
+    void *appdata_ptr;
+{
+    struct pam_response *pr;
+    PAM_CONST struct pam_message *pm;
+    const char *prompt;
+    char *pass;
+    int n, flags, std_prompt;
+
+    if ((*response = malloc(num_msg * sizeof(struct pam_response))) == NULL)
+	return(PAM_SYSTEM_ERR);
+    zero_bytes(*response, num_msg * sizeof(struct pam_response));
+
+    for (pr = *response, pm = *msg, n = num_msg; n--; pr++, pm++) {
+	flags = tgetpass_flags;
+	switch (pm->msg_style) {
+	    case PAM_PROMPT_ECHO_ON:
+		SET(flags, TGP_ECHO);
+	    case PAM_PROMPT_ECHO_OFF:
+		prompt = def_prompt;
+
+		/* Error out if the last password read was interrupted. */
+		if (gotintr)
+		    goto err;
+
+		/* Is the sudo prompt standard? (If so, we'l just use PAM's) */
+		std_prompt =  strncmp(def_prompt, "Password:", 9) == 0 &&
+		    (def_prompt[9] == '\0' ||
+		    (def_prompt[9] == ' ' && def_prompt[10] == '\0'));
+
+		/* Only override PAM prompt if it matches /^Password: ?/ */
+#if defined(PAM_TEXT_DOMAIN) && defined(HAVE_DGETTEXT)
+		if (!def_passprompt_override && (std_prompt ||
+		    (strcmp(pm->msg, dgettext(PAM_TEXT_DOMAIN, "Password: ")) &&
+		    strcmp(pm->msg, dgettext(PAM_TEXT_DOMAIN, "Password:")))))
+		    prompt = pm->msg;
+#else
+		if (!def_passprompt_override && (std_prompt ||
+		    strncmp(pm->msg, "Password:", 9) || (pm->msg[9] != '\0'
+		    && (pm->msg[9] != ' ' || pm->msg[10] != '\0'))))
+		    prompt = pm->msg;
+#endif
+		/* Read the password unless interrupted. */
+		pass = tgetpass(prompt, def_passwd_timeout * 60, flags);
+		if (pass == NULL) {
+		    /* We got ^C instead of a password; abort quickly. */
+		    if (errno == EINTR)
+			gotintr = 1;
+#if defined(__darwin__) || defined(__APPLE__)
+		    pass = "";
+#else
+		    goto err;
+#endif
+		}
+		pr->resp = estrdup(pass);
+		zero_bytes(pass, strlen(pass));
+		break;
+	    case PAM_TEXT_INFO:
+		if (pm->msg)
+		    (void) puts(pm->msg);
+		break;
+	    case PAM_ERROR_MSG:
+		if (pm->msg) {
+		    (void) fputs(pm->msg, stderr);
+		    (void) fputc('\n', stderr);
+		}
+		break;
+	    default:
+		goto err;
+	}
+    }
+
+    return(PAM_SUCCESS);
+
+err:
+    /* Zero and free allocated memory and return an error. */
+    for (pr = *response, n = num_msg; n--; pr++) {
+	if (pr->resp != NULL) {
+	    zero_bytes(pr->resp, strlen(pr->resp));
+	    free(pr->resp);
+	    pr->resp = NULL;
+	}
+    }
+    zero_bytes(*response, num_msg * sizeof(struct pam_response));
+    free(*response);
+    *response = NULL;
+    return(gotintr ? PAM_AUTH_ERR : PAM_CONV_ERR);
+}
diff --git a/sudo-1.7.4p4/auth/passwd.c b/sudo-1.7.4p4/auth/passwd.c
new file mode 100644
index 0000000..4f9efb8
--- /dev/null
+++ b/sudo-1.7.4p4/auth/passwd.c
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 1999-2005, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+#define DESLEN			13
+#define HAS_AGEINFO(p, l)	(l == 18 && p[DESLEN] == ',')
+
+int
+passwd_init(pw, promptp, auth)
+    struct passwd *pw;
+    char **promptp;
+    sudo_auth *auth;
+{
+#ifdef HAVE_SKEYACCESS
+    if (skeyaccess(pw, user_tty, NULL, NULL) == 0)
+	return(AUTH_FAILURE);
+#endif
+    return(AUTH_SUCCESS);
+}
+
+int
+passwd_verify(pw, pass, auth)
+    struct passwd *pw;
+    char *pass;
+    sudo_auth *auth;
+{
+    char sav, *epass;
+    size_t pw_len;
+    int error;
+
+    pw_len = strlen(pw->pw_passwd);
+
+#ifdef HAVE_GETAUTHUID
+    /* Ultrix shadow passwords may use crypt16() */
+    error = strcmp(pw->pw_passwd, (char *) crypt16(pass, pw->pw_passwd));
+    if (!error)
+	return(AUTH_SUCCESS);
+#endif /* HAVE_GETAUTHUID */
+
+    /*
+     * Truncate to 8 chars if standard DES since not all crypt()'s do this.
+     * If this turns out not to be safe we will have to use OS #ifdef's (sigh).
+     */
+    sav = pass[8];
+    if (pw_len == DESLEN || HAS_AGEINFO(pw->pw_passwd, pw_len))
+	pass[8] = '\0';
+
+    /*
+     * Normal UN*X password check.
+     * HP-UX may add aging info (separated by a ',') at the end so
+     * only compare the first DESLEN characters in that case.
+     */
+    epass = (char *) crypt(pass, pw->pw_passwd);
+    pass[8] = sav;
+    if (HAS_AGEINFO(pw->pw_passwd, pw_len) && strlen(epass) == DESLEN)
+	error = strncmp(pw->pw_passwd, epass, DESLEN);
+    else
+	error = strcmp(pw->pw_passwd, epass);
+
+    return(error ? AUTH_FAILURE : AUTH_SUCCESS);
+}
diff --git a/sudo-1.7.4p4/auth/rfc1938.c b/sudo-1.7.4p4/auth/rfc1938.c
new file mode 100644
index 0000000..3bc39c3
--- /dev/null
+++ b/sudo-1.7.4p4/auth/rfc1938.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright (c) 1994-1996, 1998-2005, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+
+#if defined(HAVE_SKEY)
+# include <skey.h>
+# define RFC1938				skey
+#  ifdef __NetBSD__
+#   define rfc1938challenge(a,b,c,d)	skeychallenge((a),(b),(c),(d))
+#  else
+#   define rfc1938challenge(a,b,c,d)	skeychallenge((a),(b),(c))
+#  endif
+# define rfc1938verify(a,b)		skeyverify((a),(b))
+#elif defined(HAVE_OPIE)
+# include <opie.h>
+# define RFC1938			opie
+# define rfc1938challenge(a,b,c,d)	opiechallenge((a),(b),(c))
+# define rfc1938verify(a,b)		opieverify((a),(b))
+#endif
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+int
+rfc1938_setup(pw, promptp, auth)
+    struct passwd *pw;
+    char **promptp;
+    sudo_auth *auth;
+{
+    char challenge[256];
+    static char *orig_prompt = NULL, *new_prompt = NULL;
+    static int op_len, np_size;
+    static struct RFC1938 rfc1938;
+
+    /* Stash a pointer to the rfc1938 struct if we have not initialized */
+    if (!auth->data)
+	auth->data = &rfc1938;
+
+    /* Save the original prompt */
+    if (orig_prompt == NULL) {
+	orig_prompt = *promptp;
+	op_len = strlen(orig_prompt);
+
+	/* Ignore trailing colon (we will add our own) */
+	if (orig_prompt[op_len - 1] == ':')
+	    op_len--;
+	else if (op_len >= 2 && orig_prompt[op_len - 1] == ' '
+	    && orig_prompt[op_len - 2] == ':')
+	    op_len -= 2;
+    }
+
+#ifdef HAVE_SKEY
+    /* Close old stream */
+    if (rfc1938.keyfile)
+	(void) fclose(rfc1938.keyfile);
+#endif
+
+    /*
+     * Look up the user and get the rfc1938 challenge.
+     * If the user is not in the OTP db, only post a fatal error if
+     * we are running alone (since they may just use a normal passwd).
+     */
+    if (rfc1938challenge(&rfc1938, pw->pw_name, challenge, sizeof(challenge))) {
+	if (IS_ONEANDONLY(auth)) {
+	    warningx("you do not exist in the %s database", auth->name);
+	    return(AUTH_FATAL);
+	} else {
+	    return(AUTH_FAILURE);
+	}
+    }
+
+    /* Get space for new prompt with embedded challenge */
+    if (np_size < op_len + strlen(challenge) + 7) {
+	np_size = op_len + strlen(challenge) + 7;
+	new_prompt = (char *) erealloc(new_prompt, np_size);
+    }
+
+    if (def_long_otp_prompt)
+	(void) snprintf(new_prompt, np_size, "%s\n%s", challenge, orig_prompt);
+    else
+	(void) snprintf(new_prompt, np_size, "%.*s [ %s ]:", op_len,
+	    orig_prompt, challenge);
+
+    *promptp = new_prompt;
+    return(AUTH_SUCCESS);
+}
+
+int
+rfc1938_verify(pw, pass, auth)
+    struct passwd *pw;
+    char *pass;
+    sudo_auth *auth;
+{
+
+    if (rfc1938verify((struct RFC1938 *) auth->data, pass) == 0)
+	return(AUTH_SUCCESS);
+    else
+	return(AUTH_FAILURE);
+}
diff --git a/sudo-1.7.4p4/auth/secureware.c b/sudo-1.7.4p4/auth/secureware.c
new file mode 100644
index 0000000..e7148d3
--- /dev/null
+++ b/sudo-1.7.4p4/auth/secureware.c
@@ -0,0 +1,97 @@
+/*
+ * Copyright (c) 1998-2005, 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#ifdef __hpux
+#  undef MAXINT
+#  include <hpsecurity.h>
+#else
+#  include <sys/security.h>
+#endif /* __hpux */
+#include <prot.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+int
+secureware_init(pw, promptp, auth)
+    struct passwd *pw;
+    char **promptp;
+    sudo_auth *auth;
+{
+#ifdef __alpha
+    extern int crypt_type;
+
+    if (crypt_type == INT_MAX)
+	return(AUTH_FAILURE);			/* no shadow */
+#endif
+    return(AUTH_SUCCESS);
+}
+
+int
+secureware_verify(pw, pass, auth)
+    struct passwd *pw;
+    char *pass;
+    sudo_auth *auth;
+{
+#ifdef __alpha
+    extern int crypt_type;
+
+#  ifdef HAVE_DISPCRYPT
+    if (strcmp(user_passwd, dispcrypt(pass, user_passwd, crypt_type)) == 0)
+	return(AUTH_SUCCESS);
+#  else
+    if (crypt_type == AUTH_CRYPT_BIGCRYPT) {
+	if (strcmp(user_passwd, bigcrypt(pass, user_passwd)) == 0)
+	    return(AUTH_SUCCESS);
+    } else if (crypt_type == AUTH_CRYPT_CRYPT16) {
+	if (strcmp(user_passwd, crypt(pass, user_passwd)) == 0)
+	    return(AUTH_SUCCESS);
+    }
+#  endif /* HAVE_DISPCRYPT */
+#elif defined(HAVE_BIGCRYPT)
+    if (strcmp(user_passwd, bigcrypt(pass, user_passwd)) == 0)
+	return(AUTH_SUCCESS);
+#endif /* __alpha */
+
+	return(AUTH_FAILURE);
+}
diff --git a/sudo-1.7.4p4/auth/securid.c b/sudo-1.7.4p4/auth/securid.c
new file mode 100644
index 0000000..6aec109
--- /dev/null
+++ b/sudo-1.7.4p4/auth/securid.c
@@ -0,0 +1,108 @@
+/*
+ * Copyright (c) 1999-2005, 2007, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+
+#include <sdi_athd.h>
+#include <sdconf.h>
+#include <sdacmvls.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+union config_record configure;
+
+int
+securid_init(pw, promptp, auth)
+    struct passwd *pw;
+    char **promptp;
+    sudo_auth *auth;
+{
+    static struct SD_CLIENT sd_dat;		/* SecurID data block */
+
+    auth->data = (void *) &sd_dat;		/* For method-specific data */
+
+    if (creadcfg() == 0)
+	return(AUTH_SUCCESS);
+    else
+	return(AUTH_FATAL);
+}
+
+int
+securid_setup(pw, promptp, auth)
+    struct passwd *pw;
+    char **promptp;
+    sudo_auth *auth;
+{
+    struct SD_CLIENT *sd = (struct SD_CLIENT *) auth->data;
+
+    /* Re-initialize SecurID every time. */
+    if (sd_init(sd) == 0) {
+	/* The programmer's guide says username is 32 bytes */
+	strlcpy(sd->username, pw->pw_name, 32);
+	return(AUTH_SUCCESS);
+    } else {
+	warningx("unable to contact the SecurID server");
+	return(AUTH_FATAL);
+    }
+}
+
+int
+securid_verify(pw, pass, auth)
+    struct passwd *pw;
+    char *pass;
+    sudo_auth *auth;
+{
+    struct SD_CLIENT *sd = (struct SD_CLIENT *) auth->data;
+    int rval;
+
+    rval = sd_auth(sd);
+    sd_close();
+    if (rval == ACM_OK)
+	return(AUTH_SUCCESS);
+    else
+	return(AUTH_FAILURE);
+}
diff --git a/sudo-1.7.4p4/auth/securid5.c b/sudo-1.7.4p4/auth/securid5.c
new file mode 100644
index 0000000..ef9e228
--- /dev/null
+++ b/sudo-1.7.4p4/auth/securid5.c
@@ -0,0 +1,232 @@
+/*
+ * Copyright (c) 1999-2005, 2007, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2002 Michael Stroucken <michael@stroucken.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+
+/* Needed for SecurID v5.0 Authentication on UNIX */
+#define UNIX 1
+#include <acexport.h>
+#include <sdacmvls.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+/*
+ * securid_init - Initialises communications with ACE server
+ * Arguments in:
+ *     pw - UNUSED
+ *     promptp - UNUSED
+ *     auth - sudo authentication structure
+ *
+ * Results out:
+ *     auth - auth->data contains pointer to new SecurID handle
+ *     return code - Fatal if initialization unsuccessful, otherwise
+ *                   success.
+ */
+int
+securid_init(pw, promptp, auth)
+    struct passwd *pw;
+    char **promptp;
+    sudo_auth *auth;
+{
+    static SDI_HANDLE sd_dat;			/* SecurID handle */
+
+    auth->data = (void *) &sd_dat;		/* For method-specific data */
+
+    /* Start communications */
+    if (AceInitialize() != SD_FALSE)
+	return(AUTH_SUCCESS);
+
+    warningx("failed to initialise the ACE API library");
+    return(AUTH_FATAL);
+}
+
+/*
+ * securid_setup - Initialises a SecurID transaction and locks out other
+ *     ACE servers
+ *
+ * Arguments in:
+ *     pw - struct passwd for username
+ *     promptp - UNUSED
+ *     auth - sudo authentication structure for SecurID handle
+ *
+ * Results out:
+ *     return code - Success if transaction started correctly, fatal
+ *                   otherwise
+ */
+int
+securid_setup(pw, promptp, auth)
+    struct passwd *pw;
+    char **promptp;
+    sudo_auth *auth;
+{
+    SDI_HANDLE *sd = (SDI_HANDLE *) auth->data;
+    int retval;
+
+    /* Re-initialize SecurID every time. */
+    if (SD_Init(sd) != ACM_OK) {
+	warningx("unable to contact the SecurID server");
+	return(AUTH_FATAL);
+    }
+
+    /* Lock new PIN code */
+    retval = SD_Lock(*sd, pw->pw_name);
+
+    switch (retval) {
+	case ACM_OK:
+		warningx("User ID locked for SecurID Authentication");
+		return(AUTH_SUCCESS);
+
+        case ACE_UNDEFINED_USERNAME:
+		warningx("invalid username length for SecurID");
+		return(AUTH_FATAL);
+
+	case ACE_ERR_INVALID_HANDLE:
+		warningx("invalid Authentication Handle for SecurID");
+		return(AUTH_FATAL);
+
+	case ACM_ACCESS_DENIED:
+		warningx("SecurID communication failed");
+		return(AUTH_FATAL);
+
+	default:
+		warningx("unknown SecurID error");
+		return(AUTH_FATAL);
+	}
+}
+
+/*
+ * securid_verify - Authenticates user and handles ACE responses
+ *
+ * Arguments in:
+ *     pw - struct passwd for username
+ *     pass - UNUSED
+ *     auth - sudo authentication structure for SecurID handle
+ *
+ * Results out:
+ *     return code - Success on successful authentication, failure on
+ *                   incorrect authentication, fatal on errors
+ */
+int
+securid_verify(pw, pass, auth)
+    struct passwd *pw;
+    char *pass;
+    sudo_auth *auth;
+{
+    SDI_HANDLE *sd = (SDI_HANDLE *) auth->data;
+    int rval;
+
+    pass = (char *) tgetpass("Enter your PASSCODE: ",
+	def_passwd_timeout * 60, tgetpass_flags);
+
+    /* Have ACE verify password */
+    switch (SD_Check(*sd, pass, pw->pw_name)) {
+	case ACM_OK:
+		rval = AUTH_SUCESS;
+		break;
+
+	case ACE_UNDEFINED_PASSCODE:
+		warningx("invalid passcode length for SecurID");
+		rval = AUTH_FATAL;
+		break;
+
+	case ACE_UNDEFINED_USERNAME:
+		warningx("invalid username length for SecurID");
+		rval = AUTH_FATAL;
+		break;
+
+	case ACE_ERR_INVALID_HANDLE:
+		warningx("invalid Authentication Handle for SecurID");
+		rval = AUTH_FATAL;
+		break;
+
+	case ACM_ACCESS_DENIED:
+		rval = AUTH_FAILURE;
+		break;
+
+	case ACM_NEXT_CODE_REQUIRED:
+                /* Sometimes (when current token close to expire?)
+                   ACE challenges for the next token displayed
+                   (entered without the PIN) */
+        	pass = (char *) tgetpass("\
+!!! ATTENTION !!!\n\
+Wait for the token code to change, \n\
+then enter the new token code.\n", \
+		def_passwd_timeout * 60, tgetpass_flags);
+
+		if (SD_Next(*sd, pass) == ACM_OK) {
+			rval = AUTH_SUCCESS;
+			break;
+		}
+
+		rval = AUTH_FAILURE;
+		break;
+
+	case ACM_NEW_PIN_REQUIRED:
+                /*
+		 * This user's SecurID has not been activated yet,
+                 * or the pin has been reset
+		 */
+		/* XXX - Is setting up a new PIN within sudo's scope? */
+		SD_Pin(*sd, "");
+		fprintf(stderr, "Your SecurID access has not yet been set up.\n");
+		fprintf(stderr, "Please set up a PIN before you try to authenticate.\n");
+		rval = AUTH_FATAL;
+		break;
+
+	default:
+		warningx("unknown SecurID error");
+		rval = AUTH_FATAL;
+		break;
+    }
+
+    /* Free resources */
+    SD_Close(*sd);
+
+    /* Return stored state to calling process */
+    return(rval);
+}
diff --git a/sudo-1.7.4p4/auth/sia.c b/sudo-1.7.4p4/auth/sia.c
new file mode 100644
index 0000000..188676a
--- /dev/null
+++ b/sudo-1.7.4p4/auth/sia.c
@@ -0,0 +1,137 @@
+/*
+ * Copyright (c) 1999-2005, 2007, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <siad.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+
+static int sudo_collect	__P((int, int, uchar_t *, int, prompt_t *));
+
+static char *def_prompt;
+
+/*
+ * Collection routine (callback) for limiting the timeouts in SIA
+ * prompts and (possibly) setting a custom prompt.
+ */
+static int
+sudo_collect(timeout, rendition, title, nprompts, prompts)
+    int timeout;
+    int rendition;
+    uchar_t *title;
+    int nprompts;
+    prompt_t *prompts;
+{
+    switch (rendition) {
+	case SIAFORM:
+	case SIAONELINER:
+	    if (timeout <= 0 || timeout > def_passwd_timeout * 60)
+		timeout = def_passwd_timeout * 60;
+	    /*
+	     * Substitute custom prompt if a) the sudo prompt is not "Password:"
+	     * and b) the SIA prompt is "Password:" (so we know it is safe).
+	     * This keeps us from overwriting things like S/Key challenges.
+	     */
+	    if (strcmp((char *)prompts[0].prompt, "Password:") == 0 &&
+		strcmp(def_prompt, "Password:") != 0)
+		prompts[0].prompt = (unsigned char *)def_prompt;
+	    break;
+	default:
+	    break;
+    }
+
+    return sia_collect_trm(timeout, rendition, title, nprompts, prompts);
+}
+
+int
+sia_setup(pw, promptp, auth)
+    struct passwd *pw;
+    char **promptp;
+    sudo_auth *auth;
+{
+    SIAENTITY *siah = NULL;
+    extern int Argc;
+    extern char **Argv;
+
+    if (sia_ses_init(&siah, Argc, Argv, NULL, pw->pw_name, ttyname(0), 1, NULL)
+	!= SIASUCCESS) {
+
+	log_error(USE_ERRNO|NO_EXIT|NO_MAIL,
+	    "unable to initialize SIA session");
+	return(AUTH_FATAL);
+    }
+
+    auth->data = (void *) siah;
+    return(AUTH_SUCCESS);
+}
+
+int
+sia_verify(pw, prompt, auth)
+    struct passwd *pw;
+    char *prompt;
+    sudo_auth *auth;
+{
+    SIAENTITY *siah = (SIAENTITY *) auth->data;
+
+    def_prompt = prompt;		/* for sudo_collect */
+
+    /* XXX - need a way to detect user hitting return or EOF at prompt */
+    if (sia_ses_reauthent(sudo_collect, siah) == SIASUCCESS)
+	return(AUTH_SUCCESS);
+    else
+	return(AUTH_FAILURE);
+}
+
+int
+sia_cleanup(pw, auth)
+    struct passwd *pw;
+    sudo_auth *auth;
+{
+    SIAENTITY *siah = (SIAENTITY *) auth->data;
+
+    (void) sia_ses_release(&siah);
+    return(AUTH_SUCCESS);
+}
diff --git a/sudo-1.7.4p4/auth/sudo_auth.c b/sudo-1.7.4p4/auth/sudo_auth.c
new file mode 100644
index 0000000..69b0a3a
--- /dev/null
+++ b/sudo-1.7.4p4/auth/sudo_auth.c
@@ -0,0 +1,266 @@
+/*
+ * Copyright (c) 1999-2005, 2008-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <time.h>
+#include <signal.h>
+
+#include "sudo.h"
+#include "sudo_auth.h"
+#include "insults.h"
+
+sudo_auth auth_switch[] = {
+#ifdef AUTH_STANDALONE
+    AUTH_STANDALONE
+#else
+#  ifndef WITHOUT_PASSWD
+    AUTH_ENTRY(0, "passwd", passwd_init, NULL, passwd_verify, NULL)
+#  endif
+#  if defined(HAVE_GETPRPWNAM) && !defined(WITHOUT_PASSWD)
+    AUTH_ENTRY(0, "secureware", secureware_init, NULL, secureware_verify, NULL)
+#  endif
+#  ifdef HAVE_AFS
+    AUTH_ENTRY(0, "afs", NULL, NULL, afs_verify, NULL)
+#  endif
+#  ifdef HAVE_DCE
+    AUTH_ENTRY(0, "dce", NULL, NULL, dce_verify, NULL)
+#  endif
+#  ifdef HAVE_KERB4
+    AUTH_ENTRY(0, "kerb4", kerb4_init, NULL, kerb4_verify, NULL)
+#  endif
+#  ifdef HAVE_KERB5
+    AUTH_ENTRY(0, "kerb5", kerb5_init, NULL, kerb5_verify, kerb5_cleanup)
+#  endif
+#  ifdef HAVE_SKEY
+    AUTH_ENTRY(0, "S/Key", NULL, rfc1938_setup, rfc1938_verify, NULL)
+#  endif
+#  ifdef HAVE_OPIE
+    AUTH_ENTRY(0, "OPIE", NULL, rfc1938_setup, rfc1938_verify, NULL)
+#  endif
+#endif /* AUTH_STANDALONE */
+    AUTH_ENTRY(0, NULL, NULL, NULL, NULL, NULL)
+};
+
+void
+verify_user(pw, prompt)
+    struct passwd *pw;
+    char *prompt;
+{
+    int counter = def_passwd_tries + 1;
+    int success = AUTH_FAILURE;
+    int status;
+    int flags;
+    char *p;
+    sudo_auth *auth;
+    sigaction_t sa, osa;
+#ifdef HAVE_BSM_AUDIT
+    extern char **NewArgv;
+#endif
+
+    /* Enable suspend during password entry. */
+    sigemptyset(&sa.sa_mask);
+    sa.sa_flags = SA_RESTART;
+    sa.sa_handler = SIG_DFL;
+    (void) sigaction(SIGTSTP, &sa, &osa);
+
+    /* Make sure we have at least one auth method. */
+    if (auth_switch[0].name == NULL) {
+#ifdef HAVE_BSM_AUDIT
+	audit_failure(NewArgv, "no authentication methods");
+#endif
+    	log_error(0, "%s  %s %s",
+	    "There are no authentication methods compiled into sudo!",
+	    "If you want to turn off authentication, use the",
+	    "--disable-authentication configure option.");
+    }
+
+    /* Set FLAG_ONEANDONLY if there is only one auth method. */
+    if (auth_switch[1].name == NULL)
+	SET(auth_switch[0].flags, FLAG_ONEANDONLY);
+
+    /* Initialize auth methods and unconfigure the method if necessary. */
+    for (auth = auth_switch; auth->name; auth++) {
+	if (auth->init && IS_CONFIGURED(auth)) {
+	    if (NEEDS_USER(auth))
+		set_perms(PERM_USER);
+
+	    status = (auth->init)(pw, &prompt, auth);
+	    if (status == AUTH_FAILURE)
+		CLR(auth->flags, FLAG_CONFIGURED);
+	    else if (status == AUTH_FATAL) {	/* XXX log */
+#ifdef HAVE_BSM_AUDIT
+		audit_failure(NewArgv, "authentication failure");
+#endif
+		exit(1);		/* assume error msg already printed */
+	    }
+
+	    if (NEEDS_USER(auth))
+		set_perms(PERM_ROOT);
+	}
+    }
+
+    while (--counter) {
+	/* Do any per-method setup and unconfigure the method if needed */
+	for (auth = auth_switch; auth->name; auth++) {
+	    if (auth->setup && IS_CONFIGURED(auth)) {
+		if (NEEDS_USER(auth))
+		    set_perms(PERM_USER);
+
+		status = (auth->setup)(pw, &prompt, auth);
+		if (status == AUTH_FAILURE)
+		    CLR(auth->flags, FLAG_CONFIGURED);
+		else if (status == AUTH_FATAL) {/* XXX log */
+#ifdef HAVE_BSM_AUDIT
+		    audit_failure(NewArgv, "authentication failure");
+#endif
+		    exit(1);		/* assume error msg already printed */
+		}
+
+		if (NEEDS_USER(auth))
+		    set_perms(PERM_ROOT);
+	    }
+	}
+
+	/* Get the password unless the auth function will do it for us */
+#ifdef AUTH_STANDALONE
+	p = prompt;
+#else
+	p = (char *) tgetpass(prompt, def_passwd_timeout * 60,
+	    tgetpass_flags);
+#endif /* AUTH_STANDALONE */
+
+	/* Call authentication functions. */
+	for (auth = auth_switch; p && auth->name; auth++) {
+	    if (!IS_CONFIGURED(auth))
+		continue;
+
+	    if (NEEDS_USER(auth))
+		set_perms(PERM_USER);
+
+	    success = auth->status = (auth->verify)(pw, (char *)p, auth);
+
+	    if (NEEDS_USER(auth))
+		set_perms(PERM_ROOT);
+
+	    if (auth->status != AUTH_FAILURE)
+		goto cleanup;
+	}
+#ifndef AUTH_STANDALONE
+	if (p == NULL)
+	    break;
+	zero_bytes(p, strlen(p));
+#endif
+	if (!ISSET(tgetpass_flags, TGP_ASKPASS))
+	    pass_warn(stderr);
+    }
+
+cleanup:
+    /* Call cleanup routines. */
+    for (auth = auth_switch; auth->name; auth++) {
+	if (auth->cleanup && IS_CONFIGURED(auth)) {
+	    if (NEEDS_USER(auth))
+		set_perms(PERM_USER);
+
+	    status = (auth->cleanup)(pw, auth);
+	    if (status == AUTH_FATAL) {	/* XXX log */
+#ifdef HAVE_BSM_AUDIT
+		audit_failure(NewArgv, "authentication failure");
+#endif
+		exit(1);		/* assume error msg already printed */
+	    }
+
+	    if (NEEDS_USER(auth))
+		set_perms(PERM_ROOT);
+	}
+    }
+
+    switch (success) {
+	case AUTH_SUCCESS:
+	    (void) sigaction(SIGTSTP, &osa, NULL);
+	    return;
+	case AUTH_INTR:
+	case AUTH_FAILURE:
+	    if (counter != def_passwd_tries) {
+		if (def_mail_badpass || def_mail_always)
+		    flags = 0;
+		else
+		    flags = NO_MAIL;
+#ifdef HAVE_BSM_AUDIT
+		audit_failure(NewArgv, "authentication failure");
+#endif
+		log_error(flags, "%d incorrect password attempt%s",
+		    def_passwd_tries - counter,
+		    (def_passwd_tries - counter == 1) ? "" : "s");
+	    }
+	    /* FALLTHROUGH */
+	case AUTH_FATAL:
+#ifdef HAVE_BSM_AUDIT
+	    audit_failure(NewArgv, "authentication failure");
+#endif
+	    exit(1);
+    }
+    /* NOTREACHED */
+}
+
+void
+pass_warn(fp)
+    FILE *fp;
+{
+
+#ifdef INSULT
+    if (def_insults)
+	(void) fprintf(fp, "%s\n", INSULT);
+    else
+#endif
+	(void) fprintf(fp, "%s\n", def_badpass_message);
+}
+
+void
+dump_auth_methods()
+{
+    sudo_auth *auth;
+
+    (void) fputs("Authentication methods:", stdout);
+    for (auth = auth_switch; auth->name; auth++)
+        (void) printf(" '%s'", auth->name);
+    (void) putchar('\n');
+}
diff --git a/sudo-1.7.4p4/auth/sudo_auth.h b/sudo-1.7.4p4/auth/sudo_auth.h
new file mode 100644
index 0000000..a4efe14
--- /dev/null
+++ b/sudo-1.7.4p4/auth/sudo_auth.h
@@ -0,0 +1,113 @@
+/*
+ * Copyright (c) 1999-2005, 2007-2009 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef SUDO_AUTH_H
+#define SUDO_AUTH_H
+
+/* Auth function return values.  */
+#define AUTH_SUCCESS	0
+#define AUTH_FAILURE	1
+#define AUTH_INTR	2
+#define AUTH_FATAL	3
+
+typedef struct sudo_auth {
+    short flags;		/* various flags, see below */
+    short status;		/* status from verify routine */
+    char *name;			/* name of the method as a string */
+    void *data;			/* method-specific data pointer */
+    int (*init) __P((struct passwd *pw, char **prompt, struct sudo_auth *auth));
+    int (*setup) __P((struct passwd *pw, char **prompt, struct sudo_auth *auth));
+    int (*verify) __P((struct passwd *pw, char *p, struct sudo_auth *auth));
+    int (*cleanup) __P((struct passwd *pw, struct sudo_auth *auth));
+} sudo_auth;
+
+/* Values for sudo_auth.flags.  */
+/* XXX - these names are too long for my liking */
+#define FLAG_USER	0x01	/* functions must run as the user, not root */
+#define FLAG_CONFIGURED	0x02	/* method configured ok */
+#define FLAG_ONEANDONLY	0x04	/* one and only auth method */
+
+/* Shortcuts for using the flags above. */
+#define NEEDS_USER(x)		((x)->flags & FLAG_USER)
+#define IS_CONFIGURED(x)	((x)->flags & FLAG_CONFIGURED)
+#define IS_ONEANDONLY(x)	((x)->flags & FLAG_ONEANDONLY)
+
+/* Prototypes for standalone methods */
+int fwtk_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int fwtk_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth));
+int fwtk_cleanup __P((struct passwd *pw, sudo_auth *auth));
+int pam_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int pam_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth));
+int pam_cleanup __P((struct passwd *pw, sudo_auth *auth));
+int sia_setup __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int sia_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth));
+int sia_cleanup __P((struct passwd *pw, sudo_auth *auth));
+int aixauth_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
+int aixauth_cleanup __P((struct passwd *pw, sudo_auth *auth));
+int bsdauth_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int bsdauth_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth));
+int bsdauth_cleanup __P((struct passwd *pw, sudo_auth *auth));
+
+/* Prototypes for normal methods */
+int passwd_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int passwd_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
+int secureware_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int secureware_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
+int rfc1938_setup __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int rfc1938_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
+int afs_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
+int dce_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
+int kerb4_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int kerb4_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
+int kerb5_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int kerb5_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
+int kerb5_cleanup __P((struct passwd *pw, sudo_auth *auth));
+int securid_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int securid_setup __P((struct passwd *pw, char **prompt, sudo_auth *auth));
+int securid_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
+
+/* Fields: need_root, name, init, setup, verify, cleanup */
+#define AUTH_ENTRY(r, n, i, s, v, c) \
+	{ (r|FLAG_CONFIGURED), AUTH_FAILURE, n, NULL, i, s, v, c },
+
+/* Some methods cannots (or should not) interoperate with any others */
+#if defined(HAVE_PAM)
+#  define AUTH_STANDALONE \
+	AUTH_ENTRY(0, "pam", \
+	    pam_init, NULL, pam_verify, pam_cleanup)
+#elif defined(HAVE_SECURID)
+#  define AUTH_STANDALONE \
+	AUTH_ENTRY(0, "SecurId", \
+	    securid_init, securid_setup, securid_verify, NULL)
+#elif defined(HAVE_SIA_SES_INIT)
+#  define AUTH_STANDALONE \
+	AUTH_ENTRY(0, "sia", \
+	    NULL, sia_setup, sia_verify, sia_cleanup)
+#elif defined(HAVE_AIXAUTH)
+#  define AUTH_STANDALONE \
+	AUTH_ENTRY(0, "aixauth", \
+	    NULL, NULL, aixauth_verify, aixauth_cleanup)
+#elif defined(HAVE_FWTK)
+#  define AUTH_STANDALONE \
+	AUTH_ENTRY(0, "fwtk", \
+	    fwtk_init, NULL, fwtk_verify, fwtk_cleanup)
+#elif defined(HAVE_BSD_AUTH_H)
+#  define AUTH_STANDALONE \
+	AUTH_ENTRY(0, "bsdauth", \
+	    bsdauth_init, NULL, bsdauth_verify, bsdauth_cleanup)
+#endif
+
+#endif /* SUDO_AUTH_H */
diff --git a/sudo-1.7.4p4/boottime.c b/sudo-1.7.4p4/boottime.c
new file mode 100644
index 0000000..f75af3e
--- /dev/null
+++ b/sudo-1.7.4p4/boottime.c
@@ -0,0 +1,149 @@
+/*
+ * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/time.h>
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+#  include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#include <limits.h>
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+
+#ifdef HAVE_SYSCTL
+# include <sys/sysctl.h>
+#endif
+
+#include "compat.h"
+#include "missing.h"
+
+/*
+ * Fill in a struct timeval with the time the system booted.
+ * Returns 1 on success and 0 on failure.
+ */
+
+#if defined(__linux__)
+int
+get_boottime(tv)
+    struct timeval *tv;
+{
+    char *line = NULL;
+    size_t linesize = 0;
+    ssize_t len;
+    FILE * fp;
+
+    /* read btime from /proc/stat */
+    fp = fopen("/proc/stat", "r");
+    if (fp != NULL) {
+	while ((len = getline(&line, &linesize, fp)) != -1) {
+	    if (strncmp(line, "btime ", 6) == 0) {
+		tv->tv_sec = atoi(line + 6);
+		tv->tv_usec = 0;
+		return 1;
+	    }
+	}
+	fclose(fp);
+	free(line);
+    }
+
+    return 0;
+}
+
+#elif defined(HAVE_SYSCTL) && defined(KERN_BOOTTIME)
+
+int
+get_boottime(tv)
+    struct timeval *tv;
+{
+    size_t size;
+    int mib[2];
+
+    mib[0] = CTL_KERN;
+    mib[1] = KERN_BOOTTIME;
+    size = sizeof(*tv);
+    if (sysctl(mib, 2, tv, &size, NULL, 0) != -1)
+	return 1;
+
+    return 0;
+}
+
+#elif defined(HAVE_GETUTXID)
+
+#include <utmpx.h>
+int
+get_boottime(tv)
+    struct timeval *tv;
+{
+    struct utmpx *ut, key;
+
+    memset(&key, 0, sizeof(key));
+    key.ut_type = BOOT_TIME;
+    if ((ut = getutxid(&key)) != NULL) {
+	tv->tv_sec = ut->ut_tv.tv_sec;
+	tv->tv_usec = ut->ut_tv.tv_usec;
+	endutxent();
+    }
+    return ut != NULL;
+}
+
+#elif defined(HAVE_GETUTID)
+
+#include <utmp.h>
+int
+get_boottime(tv)
+    struct timeval *tv;
+{
+    struct utmp *ut, key;
+
+    memset(&key, 0, sizeof(key));
+    key.ut_type = BOOT_TIME;
+    if ((ut = getutid(&key)) != NULL) {
+	tv->tv_sec = ut->ut_time;
+	tv->tv_usec = 0;
+	endutent();
+    }
+    return ut != NULL;
+}
+
+#else
+
+int
+get_boottime(tv)
+    struct timeval *tv;
+{
+    return 0;
+}
+#endif
diff --git a/sudo-1.7.4p4/bsm_audit.c b/sudo-1.7.4p4/bsm_audit.c
new file mode 100644
index 0000000..b388b86
--- /dev/null
+++ b/sudo-1.7.4p4/bsm_audit.c
@@ -0,0 +1,175 @@
+/*
+ * Copyright (c) 2009 Christian S.J. Peron
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+
+#include <bsm/audit.h>
+#include <bsm/libbsm.h>
+#include <bsm/audit_uevents.h>
+
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <pwd.h>
+#include <errno.h>
+#include <unistd.h>
+
+#include "bsm_audit.h"
+
+void log_error(int flags, const char *fmt, ...) __attribute__((__noreturn__));
+
+static int
+audit_sudo_selected(int sf)
+{
+	auditinfo_addr_t ainfo_addr;
+	struct au_mask *mask;
+	auditinfo_t ainfo;
+	int rc, sorf;
+
+	if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) < 0) {
+		if (errno == ENOSYS) {
+			if (getaudit(&ainfo) < 0)
+				log_error(0, "getaudit: failed");
+			mask = &ainfo.ai_mask;
+		} else
+			log_error(0, "getaudit: failed");
+        } else
+		mask = &ainfo_addr.ai_mask;
+	sorf = (sf == 0) ? AU_PRS_SUCCESS : AU_PRS_FAILURE;
+	rc = au_preselect(AUE_sudo, mask, sorf, AU_PRS_REREAD);
+        return (rc);
+}
+
+void
+bsm_audit_success(char **exec_args)
+{
+	auditinfo_addr_t ainfo_addr;
+	auditinfo_t ainfo;
+	token_t *tok;
+	au_id_t auid;
+	long au_cond;
+	int aufd;
+	pid_t pid;
+
+	pid = getpid();
+	/*
+	 * If we are not auditing, don't cut an audit record; just return.
+	 */
+	if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) {
+		if (errno == ENOSYS)
+			return;
+		log_error(0, "Could not determine audit condition");
+	}
+	if (au_cond == AUC_NOAUDIT)
+		return;
+	/*
+	 * Check to see if the preselection masks are interested in seeing
+	 * this event.
+	 */
+	if (!audit_sudo_selected(0))
+		return;
+	if (getauid(&auid) < 0)
+		log_error(0, "getauid failed");
+	if ((aufd = au_open()) == -1)
+		log_error(0, "au_open: failed");
+	if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) {
+		tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(),
+		    getuid(), pid, pid, &ainfo_addr.ai_termid);
+	} else if (errno == ENOSYS) {
+		/*
+		 * NB: We should probably watch out for ERANGE here.
+		 */
+		if (getaudit(&ainfo) < 0)
+			log_error(0, "getaudit: failed");
+		tok = au_to_subject(auid, geteuid(), getegid(), getuid(),
+		    getuid(), pid, pid, &ainfo.ai_termid);
+	} else
+		log_error(0, "getaudit: failed");
+	if (tok == NULL)
+		log_error(0, "au_to_subject: failed");
+	au_write(aufd, tok);
+	tok = au_to_exec_args(exec_args);
+	if (tok == NULL)
+		log_error(0, "au_to_exec_args: failed");
+	au_write(aufd, tok);
+	tok = au_to_return32(0, 0);
+	if (tok == NULL)
+		log_error(0, "au_to_return32: failed");
+	au_write(aufd, tok);
+	if (au_close(aufd, 1, AUE_sudo) == -1)
+		log_error(0, "unable to commit audit record");
+}
+
+void
+bsm_audit_failure(char **exec_args, char const *const fmt, va_list ap)
+{
+	auditinfo_addr_t ainfo_addr;
+	auditinfo_t ainfo;
+	char text[256];
+	token_t *tok;
+	long au_cond;
+	au_id_t auid;
+	pid_t pid;
+	int aufd;
+
+	pid = getpid();
+	/*
+	 * If we are not auditing, don't cut an audit record; just return.
+	 */
+	if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
+		if (errno == ENOSYS)
+			return;
+		log_error(0, "Could not determine audit condition");
+	}
+	if (au_cond == AUC_NOAUDIT)
+		return;
+	if (!audit_sudo_selected(1))
+		return;
+	if (getauid(&auid) < 0)
+		log_error(0, "getauid: failed");
+	if ((aufd = au_open()) == -1)
+		log_error(0, "au_open: failed");
+	if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { 
+		tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(),
+		    getuid(), pid, pid, &ainfo_addr.ai_termid);
+	} else if (errno == ENOSYS) {
+		if (getaudit(&ainfo) < 0) 
+			log_error(0, "getaudit: failed");
+		tok = au_to_subject(auid, geteuid(), getegid(), getuid(),
+		    getuid(), pid, pid, &ainfo.ai_termid);
+	} else
+		log_error(0, "getaudit: failed");
+	if (tok == NULL)
+		log_error(0, "au_to_subject: failed");
+	au_write(aufd, tok);
+	tok = au_to_exec_args(exec_args);
+	if (tok == NULL)
+		log_error(0, "au_to_exec_args: failed");
+	au_write(aufd, tok);
+	(void) vsnprintf(text, sizeof(text), fmt, ap);
+	tok = au_to_text(text);
+	if (tok == NULL)
+		log_error(0, "au_to_text: failed");
+	au_write(aufd, tok);
+	tok = au_to_return32(EPERM, 1);
+	if (tok == NULL)
+		log_error(0, "au_to_return32: failed");
+	au_write(aufd, tok);
+	if (au_close(aufd, 1, AUE_sudo) == -1)
+		log_error(0, "unable to commit audit record");
+}
diff --git a/sudo-1.7.4p4/bsm_audit.h b/sudo-1.7.4p4/bsm_audit.h
new file mode 100644
index 0000000..37be345
--- /dev/null
+++ b/sudo-1.7.4p4/bsm_audit.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2009 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2009 Christian S.J. Peron
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_BSM_AUDIT_H
+#define	_SUDO_BSM_AUDIT_H
+
+void	bsm_audit_success(char **);
+void	bsm_audit_failure(char **, char const * const, va_list);
+
+#endif /* _SUDO_BSM_AUDIT_H */
diff --git a/sudo-1.7.4p4/check.c b/sudo-1.7.4p4/check.c
new file mode 100644
index 0000000..d6efa6d
--- /dev/null
+++ b/sudo-1.7.4p4/check.c
@@ -0,0 +1,694 @@
+/*
+ * Copyright (c) 1993-1996,1998-2005, 2007-2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/time.h>
+#include <sys/stat.h>
+#ifdef __linux__
+# include <sys/vfs.h>
+#endif
+#if defined(__sun) && defined(__SVR4)
+# include <sys/statvfs.h>
+#endif
+#ifndef __TANDEM
+# include <sys/file.h>
+#endif
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <pwd.h>
+#include <grp.h>
+
+#include "sudo.h"
+
+/* Status codes for timestamp_status() */
+#define TS_CURRENT		0
+#define TS_OLD			1
+#define TS_MISSING		2
+#define TS_NOFILE		3
+#define TS_ERROR		4
+
+/* Flags for timestamp_status() */
+#define TS_MAKE_DIRS		1
+#define TS_REMOVE		2
+
+/*
+ * Info stored in tty ticket from stat(2) to help with tty matching.
+ */
+static struct tty_info {
+    dev_t dev;			/* ID of device tty resides on */
+    dev_t rdev;			/* tty device ID */
+    ino_t ino;			/* tty inode number */
+    struct timeval ctime;	/* tty inode change time */
+} tty_info;
+
+static void  build_timestamp	__P((char **, char **));
+static int   timestamp_status	__P((char *, char *, char *, int));
+static char *expand_prompt	__P((char *, char *, char *));
+static void  lecture		__P((int));
+static void  update_timestamp	__P((char *, char *));
+static int   tty_is_devpts	__P((const char *));
+
+/*
+ * This function only returns if the user can successfully
+ * verify who he/she is.
+ */
+void
+check_user(validated, mode)
+    int validated;
+    int mode;
+{
+    char *timestampdir = NULL;
+    char *timestampfile = NULL;
+    char *prompt;
+    struct stat sb;
+    int status;
+
+    /* Stash the tty's ctime for tty ticket comparison. */
+    if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) {
+	tty_info.dev = sb.st_dev;
+	tty_info.ino = sb.st_ino;
+	tty_info.rdev = sb.st_rdev;
+	if (tty_is_devpts(user_ttypath))
+	    ctim_get(&sb, &tty_info.ctime);
+    }
+
+    /* Always prompt for a password when -k was specified with the command. */
+    if (ISSET(mode, MODE_INVALIDATE)) {
+	SET(validated, FLAG_CHECK_USER);
+    } else {
+	if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt())
+	    return;
+    }
+
+    build_timestamp(&timestampdir, &timestampfile);
+    status = timestamp_status(timestampdir, timestampfile, user_name,
+	TS_MAKE_DIRS);
+
+    if (status != TS_CURRENT || ISSET(validated, FLAG_CHECK_USER)) {
+	/* Bail out if we are non-interactive and a password is required */
+	if (ISSET(mode, MODE_NONINTERACTIVE))
+	    errorx(1, "sorry, a password is required to run %s", getprogname());
+
+	/* If user specified -A, make sure we have an askpass helper. */
+	if (ISSET(tgetpass_flags, TGP_ASKPASS)) {
+	    if (user_askpass == NULL)
+		log_error(NO_MAIL,
+		    "no askpass program specified, try setting SUDO_ASKPASS");
+	} else if (!ISSET(tgetpass_flags, TGP_STDIN)) {
+	    /* If no tty but DISPLAY is set, use askpass if we have it. */
+	    if (!user_ttypath && !tty_present()) {
+		if (user_askpass && user_display && *user_display != '\0') {
+		    SET(tgetpass_flags, TGP_ASKPASS);
+		} else if (!def_visiblepw) {
+		    log_error(NO_MAIL,
+			"no tty present and no askpass program specified");
+		}
+	    }
+	}
+
+	if (!ISSET(tgetpass_flags, TGP_ASKPASS))
+	    lecture(status);
+
+	/* Expand any escapes in the prompt. */
+	prompt = expand_prompt(user_prompt ? user_prompt : def_passprompt,
+	    user_name, user_shost);
+
+	verify_user(auth_pw, prompt);
+    }
+    /* Only update timestamp if user was validated. */
+    if (ISSET(validated, VALIDATE_OK) && !ISSET(mode, MODE_INVALIDATE) && status != TS_ERROR)
+	update_timestamp(timestampdir, timestampfile);
+    efree(timestampdir);
+    efree(timestampfile);
+}
+
+/*
+ * Standard sudo lecture.
+ */
+static void
+lecture(status)
+    int status;
+{
+    FILE *fp;
+    char buf[BUFSIZ];
+    ssize_t nread;
+
+    if (def_lecture == never ||
+	(def_lecture == once && status != TS_MISSING && status != TS_ERROR))
+	return;
+
+    if (def_lecture_file && (fp = fopen(def_lecture_file, "r")) != NULL) {
+	while ((nread = fread(buf, sizeof(char), sizeof(buf), fp)) != 0)
+	    fwrite(buf, nread, 1, stderr);
+	fclose(fp);
+    } else {
+	(void) fputs("\n\
+We trust you have received the usual lecture from the local System\n\
+Administrator. It usually boils down to these three things:\n\
+\n\
+    #1) Respect the privacy of others.\n\
+    #2) Think before you type.\n\
+    #3) With great power comes great responsibility.\n\n",
+    stderr);
+    }
+}
+
+/*
+ * Update the time on the timestamp file/dir or create it if necessary.
+ */
+static void
+update_timestamp(timestampdir, timestampfile)
+    char *timestampdir;
+    char *timestampfile;
+{
+    /* If using tty timestamps but we have no tty there is nothing to do. */
+    if (timestampfile && !user_ttypath)
+	return;
+
+    if (timestamp_uid != 0)
+	set_perms(PERM_TIMESTAMP);
+    if (timestampfile) {
+	/*
+	 * Store tty info in timestamp file
+	 */
+	int fd = open(timestampfile, O_WRONLY|O_CREAT, 0600);
+	if (fd == -1)
+	    log_error(NO_EXIT|USE_ERRNO, "Can't open %s", timestampfile);
+	else {
+	    lock_file(fd, SUDO_LOCK);
+	    write(fd, &tty_info, sizeof(tty_info));
+	    close(fd);
+	}
+    } else {
+	if (touch(-1, timestampdir, NULL) == -1) {
+	    if (mkdir(timestampdir, 0700) == -1)
+		log_error(NO_EXIT|USE_ERRNO, "Can't mkdir %s", timestampdir);
+	}
+    }
+    if (timestamp_uid != 0)
+	set_perms(PERM_ROOT);
+}
+
+/*
+ * Expand %h and %u escapes in the prompt and pass back the dynamically
+ * allocated result.  Returns the same string if there are no escapes.
+ */
+static char *
+expand_prompt(old_prompt, user, host)
+    char *old_prompt;
+    char *user;
+    char *host;
+{
+    size_t len, n;
+    int subst;
+    char *p, *np, *new_prompt, *endp;
+
+    /* How much space do we need to malloc for the prompt? */
+    subst = 0;
+    for (p = old_prompt, len = strlen(old_prompt); *p; p++) {
+	if (p[0] =='%') {
+	    switch (p[1]) {
+		case 'h':
+		    p++;
+		    len += strlen(user_shost) - 2;
+		    subst = 1;
+		    break;
+		case 'H':
+		    p++;
+		    len += strlen(user_host) - 2;
+		    subst = 1;
+		    break;
+		case 'p':
+		    p++;
+		    if (def_rootpw)
+			    len += 2;
+		    else if (def_targetpw || def_runaspw)
+			    len += strlen(runas_pw->pw_name) - 2;
+		    else
+			    len += strlen(user_name) - 2;
+		    subst = 1;
+		    break;
+		case 'u':
+		    p++;
+		    len += strlen(user_name) - 2;
+		    subst = 1;
+		    break;
+		case 'U':
+		    p++;
+		    len += strlen(runas_pw->pw_name) - 2;
+		    subst = 1;
+		    break;
+		case '%':
+		    p++;
+		    len--;
+		    subst = 1;
+		    break;
+		default:
+		    break;
+	    }
+	}
+    }
+
+    if (subst) {
+	new_prompt = (char *) emalloc(++len);
+	endp = new_prompt + len;
+	for (p = old_prompt, np = new_prompt; *p; p++) {
+	    if (p[0] =='%') {
+		switch (p[1]) {
+		    case 'h':
+			p++;
+			n = strlcpy(np, user_shost, np - endp);
+			if (n >= np - endp)
+			    goto oflow;
+			np += n;
+			continue;
+		    case 'H':
+			p++;
+			n = strlcpy(np, user_host, np - endp);
+			if (n >= np - endp)
+			    goto oflow;
+			np += n;
+			continue;
+		    case 'p':
+			p++;
+			if (def_rootpw)
+				n = strlcpy(np, "root", np - endp);
+			else if (def_targetpw || def_runaspw)
+				n = strlcpy(np, runas_pw->pw_name, np - endp);
+			else
+				n = strlcpy(np, user_name, np - endp);
+			if (n >= np - endp)
+				goto oflow;
+			np += n;
+			continue;
+		    case 'u':
+			p++;
+			n = strlcpy(np, user_name, np - endp);
+			if (n >= np - endp)
+			    goto oflow;
+			np += n;
+			continue;
+		    case 'U':
+			p++;
+			n = strlcpy(np,  runas_pw->pw_name, np - endp);
+			if (n >= np - endp)
+			    goto oflow;
+			np += n;
+			continue;
+		    case '%':
+			/* convert %% -> % */
+			p++;
+			break;
+		    default:
+			/* no conversion */
+			break;
+		}
+	    }
+	    *np++ = *p;
+	    if (np >= endp)
+		goto oflow;
+	}
+	*np = '\0';
+    } else
+	new_prompt = old_prompt;
+
+    return(new_prompt);
+
+oflow:
+    /* We pre-allocate enough space, so this should never happen. */
+    errorx(1, "internal error, expand_prompt() overflow");
+}
+
+/*
+ * Checks if the user is exempt from supplying a password.
+ */
+int
+user_is_exempt()
+{
+    if (!def_exempt_group)
+	return(FALSE);
+    return(user_in_group(sudo_user.pw, def_exempt_group));
+}
+
+/*
+ * Fills in timestampdir as well as timestampfile if using tty tickets.
+ */
+static void
+build_timestamp(timestampdir, timestampfile)
+    char **timestampdir;
+    char **timestampfile;
+{
+    char *dirparent;
+    int len;
+
+    dirparent = def_timestampdir;
+    len = easprintf(timestampdir, "%s/%s", dirparent, user_name);
+    if (len >= PATH_MAX)
+	log_error(0, "timestamp path too long: %s", *timestampdir);
+
+    /*
+     * Timestamp file may be a file in the directory or NUL to use
+     * the directory as the timestamp.
+     */
+    if (def_tty_tickets) {
+	char *p;
+
+	if ((p = strrchr(user_tty, '/')))
+	    p++;
+	else
+	    p = user_tty;
+	if (def_targetpw)
+	    len = easprintf(timestampfile, "%s/%s/%s:%s", dirparent, user_name,
+		p, runas_pw->pw_name);
+	else
+	    len = easprintf(timestampfile, "%s/%s/%s", dirparent, user_name, p);
+	if (len >= PATH_MAX)
+	    log_error(0, "timestamp path too long: %s", *timestampfile);
+    } else if (def_targetpw) {
+	len = easprintf(timestampfile, "%s/%s/%s", dirparent, user_name,
+	    runas_pw->pw_name);
+	if (len >= PATH_MAX)
+	    log_error(0, "timestamp path too long: %s", *timestampfile);
+    } else
+	*timestampfile = NULL;
+}
+
+/*
+ * Check the timestamp file and directory and return their status.
+ */
+static int
+timestamp_status(timestampdir, timestampfile, user, flags)
+    char *timestampdir;
+    char *timestampfile;
+    char *user;
+    int flags;
+{
+    struct stat sb;
+    struct timeval boottime, mtime;
+    time_t now;
+    char *dirparent = def_timestampdir;
+    int status = TS_ERROR;		/* assume the worst */
+
+    if (timestamp_uid != 0)
+	set_perms(PERM_TIMESTAMP);
+
+    /*
+     * Sanity check dirparent and make it if it doesn't already exist.
+     * We start out assuming the worst (that the dir is not sane) and
+     * if it is ok upgrade the status to ``no timestamp file''.
+     * Note that we don't check the parent(s) of dirparent for
+     * sanity since the sudo dir is often just located in /tmp.
+     */
+    if (lstat(dirparent, &sb) == 0) {
+	if (!S_ISDIR(sb.st_mode))
+	    log_error(NO_EXIT, "%s exists but is not a directory (0%o)",
+		dirparent, (unsigned int) sb.st_mode);
+	else if (sb.st_uid != timestamp_uid)
+	    log_error(NO_EXIT, "%s owned by uid %lu, should be uid %lu",
+		dirparent, (unsigned long) sb.st_uid,
+		(unsigned long) timestamp_uid);
+	else if ((sb.st_mode & 0000022))
+	    log_error(NO_EXIT,
+		"%s writable by non-owner (0%o), should be mode 0700",
+		dirparent, (unsigned int) sb.st_mode);
+	else {
+	    if ((sb.st_mode & 0000777) != 0700)
+		(void) chmod(dirparent, 0700);
+	    status = TS_MISSING;
+	}
+    } else if (errno != ENOENT) {
+	log_error(NO_EXIT|USE_ERRNO, "can't stat %s", dirparent);
+    } else {
+	/* No dirparent, try to make one. */
+	if (ISSET(flags, TS_MAKE_DIRS)) {
+	    if (mkdir(dirparent, S_IRWXU))
+		log_error(NO_EXIT|USE_ERRNO, "can't mkdir %s",
+		    dirparent);
+	    else
+		status = TS_MISSING;
+	}
+    }
+    if (status == TS_ERROR) {
+	if (timestamp_uid != 0)
+	    set_perms(PERM_ROOT);
+	return(status);
+    }
+
+    /*
+     * Sanity check the user's ticket dir.  We start by downgrading
+     * the status to TS_ERROR.  If the ticket dir exists and is sane
+     * this will be upgraded to TS_OLD.  If the dir does not exist,
+     * it will be upgraded to TS_MISSING.
+     */
+    status = TS_ERROR;			/* downgrade status again */
+    if (lstat(timestampdir, &sb) == 0) {
+	if (!S_ISDIR(sb.st_mode)) {
+	    if (S_ISREG(sb.st_mode)) {
+		/* convert from old style */
+		if (unlink(timestampdir) == 0)
+		    status = TS_MISSING;
+	    } else
+		log_error(NO_EXIT, "%s exists but is not a directory (0%o)",
+		    timestampdir, (unsigned int) sb.st_mode);
+	} else if (sb.st_uid != timestamp_uid)
+	    log_error(NO_EXIT, "%s owned by uid %lu, should be uid %lu",
+		timestampdir, (unsigned long) sb.st_uid,
+		(unsigned long) timestamp_uid);
+	else if ((sb.st_mode & 0000022))
+	    log_error(NO_EXIT,
+		"%s writable by non-owner (0%o), should be mode 0700",
+		timestampdir, (unsigned int) sb.st_mode);
+	else {
+	    if ((sb.st_mode & 0000777) != 0700)
+		(void) chmod(timestampdir, 0700);
+	    status = TS_OLD;		/* do date check later */
+	}
+    } else if (errno != ENOENT) {
+	log_error(NO_EXIT|USE_ERRNO, "can't stat %s", timestampdir);
+    } else
+	status = TS_MISSING;
+
+    /*
+     * If there is no user ticket dir, AND we are in tty ticket mode,
+     * AND the TS_MAKE_DIRS flag is set, create the user ticket dir.
+     */
+    if (status == TS_MISSING && timestampfile && ISSET(flags, TS_MAKE_DIRS)) {
+	if (mkdir(timestampdir, S_IRWXU) == -1) {
+	    status = TS_ERROR;
+	    log_error(NO_EXIT|USE_ERRNO, "can't mkdir %s", timestampdir);
+	}
+    }
+
+    /*
+     * Sanity check the tty ticket file if it exists.
+     */
+    if (timestampfile && status != TS_ERROR) {
+	if (status != TS_MISSING)
+	    status = TS_NOFILE;			/* dir there, file missing */
+	if (!user_ttypath)
+	    goto done;				/* no tty, always prompt */
+	if (lstat(timestampfile, &sb) == 0) {
+	    if (!S_ISREG(sb.st_mode)) {
+		status = TS_ERROR;
+		log_error(NO_EXIT, "%s exists but is not a regular file (0%o)",
+		    timestampfile, (unsigned int) sb.st_mode);
+	    } else {
+		/* If bad uid or file mode, complain and kill the bogus file. */
+		if (sb.st_uid != timestamp_uid) {
+		    log_error(NO_EXIT,
+			"%s owned by uid %lu, should be uid %lu",
+			timestampfile, (unsigned long) sb.st_uid,
+			(unsigned long) timestamp_uid);
+		    (void) unlink(timestampfile);
+		} else if ((sb.st_mode & 0000022)) {
+		    log_error(NO_EXIT,
+			"%s writable by non-owner (0%o), should be mode 0600",
+			timestampfile, (unsigned int) sb.st_mode);
+		    (void) unlink(timestampfile);
+		} else {
+		    /* If not mode 0600, fix it. */
+		    if ((sb.st_mode & 0000777) != 0600)
+			(void) chmod(timestampfile, 0600);
+
+		    /*
+		     * Check for stored tty info.  If the file is zero-sized
+		     * it is an old-style timestamp with no tty info in it.
+		     * If removing, we don't care about the contents.
+		     * The actual mtime check is done later.
+		     */
+		    if (ISSET(flags, TS_REMOVE)) {
+			status = TS_OLD;
+		    } else if (sb.st_size != 0) {
+			struct tty_info info;
+			int fd = open(timestampfile, O_RDONLY, 0644);
+			if (fd != -1) {
+			    if (read(fd, &info, sizeof(info)) == sizeof(info) &&
+				memcmp(&info, &tty_info, sizeof(info)) == 0) {
+				status = TS_OLD;
+			    }
+			    close(fd);
+			}
+		    }
+		}
+	    }
+	} else if (errno != ENOENT) {
+	    log_error(NO_EXIT|USE_ERRNO, "can't stat %s", timestampfile);
+	    status = TS_ERROR;
+	}
+    }
+
+    /*
+     * If the file/dir exists and we are not removing it, check its mtime.
+     */
+    if (status == TS_OLD && !ISSET(flags, TS_REMOVE)) {
+	mtim_get(&sb, &mtime);
+	/* Negative timeouts only expire manually (sudo -k). */
+	if (def_timestamp_timeout < 0 && mtime.tv_sec != 0)
+	    status = TS_CURRENT;
+	else {
+	    now = time(NULL);
+	    if (def_timestamp_timeout &&
+		now - mtime.tv_sec < 60 * def_timestamp_timeout) {
+		/*
+		 * Check for bogus time on the stampfile.  The clock may
+		 * have been set back or someone could be trying to spoof us.
+		 */
+		if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) {
+		    time_t tv_sec = (time_t)mtime.tv_sec;
+		    log_error(NO_EXIT,
+			"timestamp too far in the future: %20.20s",
+			4 + ctime(&tv_sec));
+		    if (timestampfile)
+			(void) unlink(timestampfile);
+		    else
+			(void) rmdir(timestampdir);
+		    status = TS_MISSING;
+		} else if (get_boottime(&boottime) && timevalcmp(&mtime, &boottime, <)) {
+		    status = TS_OLD;
+		} else {
+		    status = TS_CURRENT;
+		}
+	    }
+	}
+    }
+
+done:
+    if (timestamp_uid != 0)
+	set_perms(PERM_ROOT);
+    return(status);
+}
+
+/*
+ * Remove the timestamp ticket file/dir.
+ */
+void
+remove_timestamp(remove)
+    int remove;
+{
+    struct timeval tv;
+    char *timestampdir, *timestampfile, *path;
+    int status;
+
+    build_timestamp(&timestampdir, &timestampfile);
+    status = timestamp_status(timestampdir, timestampfile, user_name,
+	TS_REMOVE);
+    if (status == TS_OLD || status == TS_CURRENT) {
+	path = timestampfile ? timestampfile : timestampdir;
+	if (remove) {
+	    if (timestampfile)
+		status = unlink(timestampfile);
+	    else
+		status = rmdir(timestampdir);
+	    if (status == -1 && errno != ENOENT) {
+		log_error(NO_EXIT, "can't remove %s (%s), will reset to Epoch",
+		    path, strerror(errno));
+		remove = FALSE;
+	    }
+	} else {
+	    timevalclear(&tv);
+	    if (touch(-1, path, &tv) == -1 && errno != ENOENT)
+		error(1, "can't reset %s to Epoch", path);
+	}
+    }
+
+    efree(timestampdir);
+    efree(timestampfile);
+}
+
+/*
+ * Returns TRUE if tty lives on a devpts or /devices filesystem, else FALSE.
+ * Unlike most filesystems, the ctime of devpts nodes is not updated when
+ * the device node is written to, only when the inode's status changes,
+ * typically via the chmod, chown, link, rename, or utimes system calls.
+ * Since the ctime is "stable" in this case, we can stash it the tty ticket
+ * file and use it to determine whether the tty ticket file is stale.
+ */
+static int
+tty_is_devpts(tty)
+    const char *tty;
+{
+    int retval = FALSE;
+#ifdef __linux__
+    struct statfs sfs;
+
+#ifndef DEVPTS_SUPER_MAGIC
+# define DEVPTS_SUPER_MAGIC 0x1cd1
+#endif
+
+    if (statfs(tty, &sfs) == 0) {
+	if (sfs.f_type == DEVPTS_SUPER_MAGIC)
+	    retval = TRUE;
+    }
+#elif defined(__sun) && defined(__SVR4)
+    struct statvfs sfs;
+
+    if (statvfs(tty, &sfs) == 0) {
+	if (strcmp(sfs.f_fstr, "devices") == 0)
+	    retval = TRUE;
+    }
+#endif /* __linux__ */
+    return retval;
+}
diff --git a/sudo-1.7.4p4/closefrom.c b/sudo-1.7.4p4/closefrom.c
new file mode 100644
index 0000000..fb9958e
--- /dev/null
+++ b/sudo-1.7.4p4/closefrom.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright (c) 2004-2005, 2007
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <unistd.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#include <fcntl.h>
+#ifdef HAVE_DIRENT_H
+# include <dirent.h>
+# define NAMLEN(dirent) strlen((dirent)->d_name)
+#else
+# define dirent direct
+# define NAMLEN(dirent) (dirent)->d_namlen
+# ifdef HAVE_SYS_NDIR_H
+#  include <sys/ndir.h>
+# endif
+# ifdef HAVE_SYS_DIR_H
+#  include <sys/dir.h>
+# endif
+# ifdef HAVE_NDIR_H
+#  include <ndir.h>
+# endif
+#endif
+
+#include "sudo.h"
+
+#ifndef HAVE_FCNTL_CLOSEM
+# ifndef HAVE_DIRFD
+#   define closefrom_fallback	closefrom
+# endif
+#endif
+
+/*
+ * Close all file descriptors greater than or equal to lowfd.
+ * This is the expensive (ballback) method.
+ */
+void
+closefrom_fallback(lowfd)
+    int lowfd;
+{
+    long fd, maxfd;
+
+    /*
+     * Fall back on sysconf() or getdtablesize().  We avoid checking
+     * resource limits since it is possible to open a file descriptor
+     * and then drop the rlimit such that it is below the open fd.
+     */
+#ifdef HAVE_SYSCONF
+    maxfd = sysconf(_SC_OPEN_MAX);
+#else
+    maxfd = getdtablesize();
+#endif /* HAVE_SYSCONF */
+    if (maxfd < 0)
+	maxfd = OPEN_MAX;
+
+    for (fd = lowfd; fd < maxfd; fd++)
+	(void) close((int) fd);
+}
+
+/*
+ * Close all file descriptors greater than or equal to lowfd.
+ * We try the fast way first, falling back on the slow method.
+ */
+#ifdef HAVE_FCNTL_CLOSEM
+void
+closefrom(lowfd)
+    int lowfd;
+{
+    if (fcntl(lowfd, F_CLOSEM, 0) == -1)
+	closefrom_fallback(lowfd);
+}
+#else
+# ifdef HAVE_DIRFD
+void
+closefrom(lowfd)
+    int lowfd;
+{
+    struct dirent *dent;
+    DIR *dirp;
+    char *endp;
+    long fd;
+
+    /* Use /proc/self/fd directory if it exists. */
+    if ((dirp = opendir("/proc/self/fd")) != NULL) {
+	while ((dent = readdir(dirp)) != NULL) {
+	    fd = strtol(dent->d_name, &endp, 10);
+	    if (dent->d_name != endp && *endp == '\0' &&
+		fd >= 0 && fd < INT_MAX && fd >= lowfd && fd != dirfd(dirp))
+		(void) close((int) fd);
+	}
+	(void) closedir(dirp);
+    } else
+	closefrom_fallback(lowfd);
+}
+#endif /* HAVE_DIRFD */
+#endif /* HAVE_FCNTL_CLOSEM */
diff --git a/sudo-1.7.4p4/compat.h b/sudo-1.7.4p4/compat.h
new file mode 100644
index 0000000..c01924d
--- /dev/null
+++ b/sudo-1.7.4p4/compat.h
@@ -0,0 +1,312 @@
+/*
+ * Copyright (c) 1996, 1998-2005, 2008-2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#ifndef _SUDO_COMPAT_H
+#define _SUDO_COMPAT_H
+
+/*
+ * Macros that may be missing on some Operating Systems
+ */
+
+/* Deal with ANSI stuff reasonably.  */
+#ifndef  __P
+# if defined (__cplusplus) || defined (__STDC__)
+#  define __P(args)		args
+# else
+#  define __P(args)		()
+# endif
+#endif /* __P */
+
+/* Define away __attribute__ for non-gcc or old gcc */
+#if !defined(__GNUC__) || __GNUC__ < 2 || __GNUC__ == 2 && __GNUC_MINOR__ < 5
+# define __attribute__(x)
+#endif
+
+/* For silencing gcc warnings about rcsids */
+#ifndef __unused
+# if defined(__GNUC__) && (__GNUC__ > 2 || __GNUC__ == 2 && __GNUC_MINOR__ > 7)
+#  define __unused	__attribute__((__unused__))
+# else
+#  define __unused
+# endif
+#endif
+
+/* For catching format string mismatches */
+#ifndef __printflike
+# if defined(__GNUC__) && (__GNUC__ > 2 || __GNUC__ == 2 && __GNUC_MINOR__ >= 7)
+#  define __printflike(f, v) 	__attribute__((__format__ (__printf__, f, v)))
+# else
+#  define __printflike(f, v)
+# endif
+#endif
+
+/*
+ * Some systems lack full limit definitions.
+ */
+#ifndef OPEN_MAX
+# define OPEN_MAX	256
+#endif
+
+#ifndef INT_MAX
+# define INT_MAX	0x7fffffff
+#endif
+
+#ifndef PATH_MAX
+# ifdef MAXPATHLEN
+#  define PATH_MAX		MAXPATHLEN
+# else
+#  ifdef _POSIX_PATH_MAX
+#   define PATH_MAX		_POSIX_PATH_MAX
+#  else
+#   define PATH_MAX		1024
+#  endif
+# endif
+#endif
+
+#ifndef MAXHOSTNAMELEN
+# define MAXHOSTNAMELEN		64
+#endif
+
+/*
+ * Posix versions for those without...
+ */
+#ifndef _S_IFMT
+# define _S_IFMT		S_IFMT
+#endif /* _S_IFMT */
+#ifndef _S_IFREG
+# define _S_IFREG		S_IFREG
+#endif /* _S_IFREG */
+#ifndef _S_IFDIR
+# define _S_IFDIR		S_IFDIR
+#endif /* _S_IFDIR */
+#ifndef _S_IFLNK
+# define _S_IFLNK		S_IFLNK
+#endif /* _S_IFLNK */
+#ifndef S_ISREG
+# define S_ISREG(m)		(((m) & _S_IFMT) == _S_IFREG)
+#endif /* S_ISREG */
+#ifndef S_ISDIR
+# define S_ISDIR(m)		(((m) & _S_IFMT) == _S_IFDIR)
+#endif /* S_ISDIR */
+
+/*
+ * Some OS's may not have this.
+ */
+#ifndef S_IRWXU
+# define S_IRWXU		0000700		/* rwx for owner */
+#endif /* S_IRWXU */
+
+/*
+ * These should be defined in <unistd.h> but not everyone has them.
+ */
+#ifndef STDIN_FILENO
+# define	STDIN_FILENO	0
+#endif
+#ifndef STDOUT_FILENO
+# define	STDOUT_FILENO	1
+#endif
+#ifndef STDERR_FILENO
+# define	STDERR_FILENO	2
+#endif
+
+/*
+ * These should be defined in <unistd.h> but not everyone has them.
+ */
+#ifndef SEEK_SET
+# define	SEEK_SET	0
+#endif
+#ifndef SEEK_CUR
+# define	SEEK_CUR	1
+#endif
+#ifndef SEEK_END
+# define	SEEK_END	2
+#endif
+
+/*
+ * BSD defines these in <sys/param.h> but others may not.
+ */
+#ifndef MIN
+# define MIN(a,b) (((a)<(b))?(a):(b))
+#endif
+#ifndef MAX
+# define MAX(a,b) (((a)>(b))?(a):(b))
+#endif
+
+/*
+ * Simple isblank() macro and function for systems without it.
+ */
+#ifndef HAVE_ISBLANK
+int isblank __P((int));
+# define isblank(_x)	((_x) == ' ' || (_x) == '\t')
+#endif
+
+/*
+ * Old BSD systems lack strchr(), strrchr(), memset() and memcpy()
+ */
+#if !defined(HAVE_STRCHR) && !defined(strchr)
+# define strchr(_s, _c)	index(_s, _c)
+#endif
+#if !defined(HAVE_STRRCHR) && !defined(strrchr)
+# define strrchr(_s, _c)	rindex(_s, _c)
+#endif
+#if !defined(HAVE_MEMCPY) && !defined(memcpy)
+# define memcpy(_d, _s, _n)	(bcopy(_s, _d, _n))
+#endif
+#if !defined(HAVE_MEMSET) && !defined(memset)
+# define memset(_s, _x, _n)	(bzero(_s, _n))
+#endif
+
+/*
+ * NCR's SVr4 has _innetgr(3) instead of innetgr(3) for some reason.
+ */
+#ifdef HAVE__INNETGR
+# define innetgr(n, h, u, d)	(_innetgr(n, h, u, d))
+# define HAVE_INNETGR 1
+#endif /* HAVE__INNETGR */
+
+/*
+ * On POSIX systems, O_NOCTTY is the default so some OS's may lack this define.
+ */
+#ifndef O_NOCTTY
+# define O_NOCTTY	0
+#endif /* O_NOCTTY */
+
+/*
+ * Emulate POSIX signals via sigvec(2)
+ */
+#ifndef HAVE_SIGACTION
+# define SA_ONSTACK	SV_ONSTACK
+# define SA_RESTART	SV_INTERRUPT		/* opposite effect */
+# define SA_RESETHAND	SV_RESETHAND
+# define sa_handler	sv_handler
+# define sa_mask	sv_mask
+# define sa_flags	sv_flags
+typedef struct sigvec sigaction_t;
+typedef int sigset_t;
+int sigaction __P((int sig, const sigaction_t *act, sigaction_t *oact));
+int sigemptyset __P((sigset_t *));
+int sigfillset __P((sigset_t *));
+int sigaddset __P((sigset_t *, int));
+int sigdelset __P((sigset_t *, int));
+int sigismember __P((sigset_t *, int));
+int sigprocmask __P((int, const sigset_t *, sigset_t *));
+#endif
+
+/*
+ * Extra sugar for POSIX signals to deal with the above emulation
+ * as well as the fact that SunOS has a SA_INTERRUPT flag.
+ */
+#ifdef HAVE_SIGACTION
+# ifndef HAVE_SIGACTION_T
+typedef struct sigaction sigaction_t;
+# endif
+# ifndef SA_INTERRUPT
+#  define SA_INTERRUPT	0
+# endif
+# ifndef SA_RESTART
+#  define SA_RESTART	0
+# endif
+#endif
+
+/*
+ * If dirfd() does not exists, hopefully dd_fd does.
+ */
+#if !defined(HAVE_DIRFD) && defined(HAVE_DD_FD)
+# define dirfd(_d)	((_d)->dd_fd)
+# define HAVE_DIRFD
+#endif
+
+/*
+ * Define futimes() in terms of futimesat() if needed.
+ */
+#if !defined(HAVE_FUTIMES) && defined(HAVE_FUTIMESAT)
+# define futimes(_f, _tv)	futimesat(_f, NULL, _tv)
+# define HAVE_FUTIMES
+#endif
+
+#if !defined(HAVE_KILLPG) && !defined(killpg)
+# define killpg(s)	kill(-(s))
+#endif
+
+/*
+ * If we lack getprogname(), emulate with __progname if possible.
+ * Otherwise, add a prototype for use with our own getprogname.c.
+ */
+#ifndef HAVE_GETPROGNAME
+# ifdef HAVE___PROGNAME
+extern const char *__progname;
+#  define getprogname()          (__progname)
+# else
+const char *getprogname __P((void));
+#endif /* HAVE___PROGNAME */
+#endif /* !HAVE_GETPROGNAME */
+
+#ifndef timevalclear
+# define timevalclear(tv)	((tv)->tv_sec = (tv)->tv_usec = 0)
+#endif
+#ifndef timevalisset
+# define timevalisset(tv)	((tv)->tv_sec || (tv)->tv_usec)
+#endif
+#ifndef timevalcmp
+# define timevalcmp(tv1, tv2, op)					       \
+    (((tv1)->tv_sec == (tv2)->tv_sec) ?					       \
+	((tv1)->tv_usec op (tv2)->tv_usec) :				       \
+	((tv1)->tv_sec op (tv2)->tv_sec))
+#endif
+#ifndef timevaladd
+# define timevaladd(tv1, tv2)						       \
+    do {								       \
+	(tv1)->tv_sec += (tv2)->tv_sec;					       \
+	(tv1)->tv_usec += (tv2)->tv_usec;				       \
+	if ((tv1)->tv_usec >= 1000000) {				       \
+	    (tv1)->tv_sec++;						       \
+	    (tv1)->tv_usec -= 1000000;					       \
+	}								       \
+    } while (0)
+#endif
+#ifndef timevalsub
+# define timevalsub(tv1, tv2)						       \
+    do {								       \
+	(tv1)->tv_sec -= (tv2)->tv_sec;					       \
+	(tv1)->tv_usec -= (tv2)->tv_usec;				       \
+	if ((tv1)->tv_usec < 0) {					       \
+	    (tv1)->tv_sec--;						       \
+	    (tv1)->tv_usec += 1000000;					       \
+	}								       \
+    } while (0)
+#endif
+
+/* Not all systems define NSIG in signal.h */
+#if !defined(NSIG)
+# if defined(_NSIG)
+#  define NSIG _NSIG
+# elif defined(__NSIG)
+#  define NSIG __NSIG
+# else
+#  define NSIG 64
+# endif
+#endif
+
+#ifndef WCOREDUMP
+# define WCOREDUMP(x)	((x) & 0x80)
+#endif
+
+#endif /* _SUDO_COMPAT_H */
diff --git a/sudo-1.7.4p4/config.guess b/sudo-1.7.4p4/config.guess
new file mode 100644
index 0000000..d53e309
--- /dev/null
+++ b/sudo-1.7.4p4/config.guess
@@ -0,0 +1,1498 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
+#   Free Software Foundation, Inc.
+
+timestamp='2009-11-19'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner.  Please send patches (context
+# diff format) to <config-patches@gnu.org> and include a ChangeLog
+# entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub.  If it succeeds, it prints the system name on stdout, and
+# exits with 0.  Otherwise, it exits with 1.
+#
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int x;" > $dummy.c ;
+	for c in cc gcc c89 c99 ; do
+	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	sysctl="sysctl -n hw.machine_arch"
+	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+	    /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+	case "${UNAME_MACHINE_ARCH}" in
+	    armeb) machine=armeb-unknown ;;
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
+	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently, or will in the future.
+	case "${UNAME_MACHINE_ARCH}" in
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep -q __ELF__
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+	        os=netbsd
+		;;
+	esac
+	# The OS release
+	# Debian GNU/NetBSD machines have a different userland, and
+	# thus, need a distinct triplet. However, they do not need
+	# kernel version information, so it can be replaced with a
+	# suitable tag, in the style of linux-gnu.
+	case "${UNAME_VERSION}" in
+	    Debian*)
+		release='-gnu'
+		;;
+	    *)
+		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+		;;
+	esac
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit ;;
+    *:OpenBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+	exit ;;
+    *:ekkoBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+	exit ;;
+    *:SolidBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+	exit ;;
+    macppc:MirBSD:*:*)
+	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    *:MirBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    alpha:OSF1:*:*)
+	case $UNAME_RELEASE in
+	*4.0)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+		;;
+	*5.*)
+	        UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case "$ALPHA_CPU_TYPE" in
+	    "EV4 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE="alphaev5" ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE="alphaev56" ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE="alphapca56" ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE="alphapca57" ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE="alphaev6" ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE="alphaev67" ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE="alphaev69" ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE="alphaev7" ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE="alphaev79" ;;
+	esac
+	# A Pn.n version is a patched version.
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
+	exit ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit ;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-morphos
+	exit ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit ;;
+    *:OS400:*:*)
+        echo powerpc-ibm-os400
+	exit ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit ;;
+    arm:riscos:*:*|arm:RISCOS:*:*)
+	echo arm-unknown-riscos
+	exit ;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit ;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit ;;
+    DRS?6000:unix:4.0:6*)
+	echo sparc-icl-nx6
+	exit ;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+	case `/usr/bin/uname -p` in
+	    sparc) echo sparc-icl-nx7; exit ;;
+	esac ;;
+    s390x:SunOS:*:*)
+	echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
+	eval $set_cc_for_build
+	SUN_ARCH="i386"
+	# If there is a compiler, see if it is configured for 64-bit objects.
+	# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+	# This test works for both compilers.
+	if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+	    if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+		(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+		grep IS_64BIT_ARCH >/dev/null
+	    then
+		SUN_ARCH="x86_64"
+	    fi
+	fi
+	echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit ;;
+    m68k:machten:*:*)
+	echo m68k-apple-machten${UNAME_RELEASE}
+	exit ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c &&
+	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`$dummy $dummyarg` &&
+	    { echo "$SYSTEM_NAME"; exit; }
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit ;;
+    Motorola:*:4.3:PL8-*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit ;;
+    AViiON:dgux:*:*)
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	    else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
+	fi
+ 	exit ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
+	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		eval $set_cc_for_build
+		sed 's/^		//' << EOF >$dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+		then
+			echo "$SYSTEM_NAME"
+		else
+			echo rs6000-ibm-aix3.2.5
+		fi
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit ;;
+    *:AIX:*:[456])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit ;;                             # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+                        esac ;;
+                    esac
+		fi
+		if [ "${HP_ARCH}" = "" ]; then
+		    eval $set_cc_for_build
+		    sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
+		fi ;;
+	esac
+	if [ ${HP_ARCH} = "hppa2.0w" ]
+	then
+	    eval $set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep -q __LP64__
+	    then
+		HP_ARCH="hppa2.0w"
+	    else
+		HP_ARCH="hppa64"
+	    fi
+	fi
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit ;;
+    3050*:HI-UX:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+		{ echo "$SYSTEM_NAME"; exit; }
+	echo unknown-hitachi-hiuxwe2
+	exit ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+        exit ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+        exit ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+        exit ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+        exit ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+        exit ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    *:UNICOS/mp:*:*)
+	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit ;;
+    5000:UNIX_System_V:4.*:*)
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+        echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:FreeBSD:*:*)
+	case ${UNAME_MACHINE} in
+	    pc98)
+		echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    amd64)
+		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    *)
+		echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	esac
+	exit ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit ;;
+    *:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit ;;
+    i*:windows32*:*)
+    	# uname -m includes "-pc" on this system.
+    	echo ${UNAME_MACHINE}-mingw32
+	exit ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit ;;
+    *:Interix*:*)
+    	case ${UNAME_MACHINE} in
+	    x86)
+		echo i586-pc-interix${UNAME_RELEASE}
+		exit ;;
+	    authenticamd | genuineintel | EM64T)
+		echo x86_64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	    IA64)
+		echo ia64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	esac ;;
+    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+	echo i${UNAME_MACHINE}-pc-mks
+	exit ;;
+    8664:Windows_NT:*)
+	echo x86_64-pc-mks
+	exit ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i586-pc-interix
+	exit ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit ;;
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+	echo x86_64-unknown-cygwin
+	exit ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin
+	exit ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    *:GNU:*:*)
+	# the GNU system
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit ;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+	exit ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+        esac
+	objdump --private-headers /bin/sh | grep -q ld.so.1
+	if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+	exit ;;
+    arm*:Linux:*:*)
+	eval $set_cc_for_build
+	if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
+	    | grep -q __ARM_EABI__
+	then
+	    echo ${UNAME_MACHINE}-unknown-linux-gnu
+	else
+	    echo ${UNAME_MACHINE}-unknown-linux-gnueabi
+	fi
+	exit ;;
+    avr32*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    cris:Linux:*:*)
+	echo cris-axis-linux-gnu
+	exit ;;
+    crisv32:Linux:*:*)
+	echo crisv32-axis-linux-gnu
+	exit ;;
+    frv:Linux:*:*)
+    	echo frv-unknown-linux-gnu
+	exit ;;
+    i*86:Linux:*:*)
+	LIBC=gnu
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#ifdef __dietlibc__
+	LIBC=dietlibc
+	#endif
+EOF
+	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
+	echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+	exit ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m32r*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    mips:Linux:*:* | mips64:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef ${UNAME_MACHINE}
+	#undef ${UNAME_MACHINE}el
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=${UNAME_MACHINE}el
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=${UNAME_MACHINE}
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    or32:Linux:*:*)
+	echo or32-unknown-linux-gnu
+	exit ;;
+    padre:Linux:*:*)
+	echo sparc-unknown-linux-gnu
+	exit ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-gnu
+	exit ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-gnu ;;
+	  PA8*) echo hppa2.0-unknown-linux-gnu ;;
+	  *)    echo hppa-unknown-linux-gnu ;;
+	esac
+	exit ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-gnu
+	exit ;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-gnu
+	exit ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux
+	exit ;;
+    sh64*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    vax:Linux:*:*)
+	echo ${UNAME_MACHINE}-dec-linux-gnu
+	exit ;;
+    x86_64:Linux:*:*)
+	echo x86_64-unknown-linux-gnu
+	exit ;;
+    xtensa*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit ;;
+    i*86:XTS-300:*:STOP)
+	echo ${UNAME_MACHINE}-unknown-stop
+	exit ;;
+    i*86:atheos:*:*)
+	echo ${UNAME_MACHINE}-unknown-atheos
+	exit ;;
+    i*86:syllable:*:*)
+	echo ${UNAME_MACHINE}-pc-syllable
+	exit ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit ;;
+    i*86:*:5:[678]*)
+    	# UnixWare 7.x, OpenUNIX and OpenServer 6.
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i586.
+	# Note: whatever this is, it MUST be the same as what config.sub
+	# prints for the "djgpp" host, or else GDB configury will decide that
+	# this is a cross-build.
+	echo i586-pc-msdosdjgpp
+        exit ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit ;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+	echo m68k-convergent-sysv
+	exit ;;
+    M680?0:D-NIX:5.3:*)
+	echo m68k-diab-dnix
+	exit ;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && { echo i486-ncr-sysv4; exit; } ;;
+    NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+	OS_REL='.3'
+	test -r /etc/.relid \
+	    && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	    && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	    && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+	    && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit ;;
+    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                      # says <Richard.M.Bartel@ccMail.Census.GOV>
+        echo i586-unisys-sysv4
+        exit ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <hewes@openmarket.com>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit ;;
+    *:*:*:FTX*)
+	# From seanf@swdc.stratus.com.
+	echo i860-stratus-sysv4
+	exit ;;
+    i*86:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit ;;
+    *:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo hppa1.1-stratus-vos
+	exit ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+	        echo mips-nec-sysv${UNAME_RELEASE}
+	else
+	        echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+        exit ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit ;;
+    BePC:Haiku:*:*)	# Haiku running on Intel PC compatible.
+	echo i586-pc-haiku
+	exit ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-6:SUPER-UX:*:*)
+	echo sx6-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-7:SUPER-UX:*:*)
+	echo sx7-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8:SUPER-UX:*:*)
+	echo sx8-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8R:SUPER-UX:*:*)
+	echo sx8r-nec-superux${UNAME_RELEASE}
+	exit ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Darwin:*:*)
+	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+	case $UNAME_PROCESSOR in
+	    i386)
+		eval $set_cc_for_build
+		if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+		  if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
+		      (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+		      grep IS_64BIT_ARCH >/dev/null
+		  then
+		      UNAME_PROCESSOR="x86_64"
+		  fi
+		fi ;;
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+	exit ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	UNAME_PROCESSOR=`uname -p`
+	if test "$UNAME_PROCESSOR" = "x86"; then
+		UNAME_PROCESSOR=i386
+		UNAME_MACHINE=pc
+	fi
+	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+	exit ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    NSR-?:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit ;;
+    SEI:*:*:SEIUX)
+        echo mips-sei-seiux${UNAME_RELEASE}
+	exit ;;
+    *:DragonFly:*:*)
+	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
+    *:*VMS:*:*)
+    	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case "${UNAME_MACHINE}" in
+	    A*) echo alpha-dec-vms ; exit ;;
+	    I*) echo ia64-dec-vms ; exit ;;
+	    V*) echo vax-dec-vms ; exit ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit ;;
+    i*86:skyos:*:*)
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+	exit ;;
+    i*86:rdos:*:*)
+	echo ${UNAME_MACHINE}-pc-rdos
+	exit ;;
+    i*86:AROS:*:*)
+	echo ${UNAME_MACHINE}-pc-aros
+	exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+          "4"
+#else
+	  ""
+#endif
+         ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+  printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+  printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+    struct utsname un;
+
+    uname(&un);
+
+    if (strncmp(un.version, "V2", 2) == 0) {
+	printf ("i386-sequent-ptx2\n"); exit (0);
+    }
+    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+	printf ("i386-sequent-ptx1\n"); exit (0);
+    }
+    printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+	{ echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+    case `getsysinfo -f cpu_type` in
+    c1*)
+	echo c1-convex-bsd
+	exit ;;
+    c2*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit ;;
+    c34*)
+	echo c34-convex-bsd
+	exit ;;
+    c38*)
+	echo c38-convex-bsd
+	exit ;;
+    c4*)
+	echo c4-convex-bsd
+	exit ;;
+    esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+and
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches@gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/sudo-1.7.4p4/config.h.in b/sudo-1.7.4p4/config.h.in
new file mode 100644
index 0000000..af5653b
--- /dev/null
+++ b/sudo-1.7.4p4/config.h.in
@@ -0,0 +1,865 @@
+/* config.h.in.  Generated from configure.in by autoheader.  */
+
+#ifndef _SUDO_CONFIG_H
+#define _SUDO_CONFIG_H
+
+/* Define to 1 if the `syslog' function returns a non-zero int to denote
+   failure. */
+#undef BROKEN_SYSLOG
+
+/* Define to 1 if you want the insults from the "classic" version sudo. */
+#undef CLASSIC_INSULTS
+
+/* Define to 1 if you want insults culled from the twisted minds of CSOps. */
+#undef CSOPS_INSULTS
+
+/* Define to 1 if you want sudo to display "command not allowed" instead of
+   "command not found" when a command cannot be found. */
+#undef DONT_LEAK_PATH_INFO
+
+/* A colon-separated list of pathnames to be used as the editor for visudo. */
+#undef EDITOR
+
+/* Define to 1 to enable environment function debugging. */
+#undef ENV_DEBUG
+
+/* Define to 1 if you want visudo to honor the EDITOR and VISUAL env
+   variables. */
+#undef ENV_EDITOR
+
+/* If defined, users in this group need not enter a passwd (ie "sudo"). */
+#undef EXEMPTGROUP
+
+/* Define to 1 if you want to require fully qualified hosts in sudoers. */
+#undef FQDN
+
+/* Define to the type of elements in the array set by `getgroups'. Usually
+   this is either `int' or `gid_t'. */
+#undef GETGROUPS_T
+
+/* Define to 1 if you want insults from the "Goon Show". */
+#undef GOONS_INSULTS
+
+/* Define to 1 if you want 2001-like insults. */
+#undef HAL_INSULTS
+
+/* Define to 1 if you use AFS. */
+#undef HAVE_AFS
+
+/* Define to 1 if you use AIX general authentication. */
+#undef HAVE_AIXAUTH
+
+/* Define to 1 if you have the `asprintf' function. */
+#undef HAVE_ASPRINTF
+
+/* Define to 1 if you have the `authenticate' function. */
+#undef HAVE_AUTHENTICATE
+
+/* Define to 1 if you have the `auth_challenge' function. */
+#undef HAVE_AUTH_CHALLENGE
+
+/* Define to 1 if you have the `bigcrypt' function. */
+#undef HAVE_BIGCRYPT
+
+/* Define to 1 if you use BSD authentication. */
+#undef HAVE_BSD_AUTH_H
+
+/* Define to 1 to enable BSM audit support. */
+#undef HAVE_BSM_AUDIT
+
+/* Define to 1 if you have the `closefrom' function. */
+#undef HAVE_CLOSEFROM
+
+/* Define to 1 if you use OSF DCE. */
+#undef HAVE_DCE
+
+/* Define to 1 if your `DIR' contains dd_fd. */
+#undef HAVE_DD_FD
+
+/* Define to 1 if you have the declaration of `sys_siglist', and to 0 if you
+   don't. */
+#undef HAVE_DECL_SYS_SIGLIST
+
+/* Define to 1 if you have the declaration of `_sys_siglist', and to 0 if you
+   don't. */
+#undef HAVE_DECL__SYS_SIGLIST
+
+/* Define to 1 if you have the declaration of `__sys_siglist', and to 0 if you
+   don't. */
+#undef HAVE_DECL___SYS_SIGLIST
+
+/* Define to 1 if you have the `dgettext' function. */
+#undef HAVE_DGETTEXT
+
+/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'.
+   */
+#undef HAVE_DIRENT_H
+
+/* Define to 1 if you have the `dirfd' function or macro. */
+#undef HAVE_DIRFD
+
+/* Define to 1 if you have the `dispcrypt' function. */
+#undef HAVE_DISPCRYPT
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
+/* Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags. */
+#undef HAVE_EXTENDED_GLOB
+
+/* Define to 1 if your system has the F_CLOSEM fcntl. */
+#undef HAVE_FCNTL_CLOSEM
+
+/* Define to 1 if you have the `fgetln' function. */
+#undef HAVE_FGETLN
+
+/* Define to 1 if you have the `flock' function. */
+#undef HAVE_FLOCK
+
+/* Define to 1 if you have the `fnmatch' function. */
+#undef HAVE_FNMATCH
+
+/* Define to 1 if you have the `freeifaddrs' function. */
+#undef HAVE_FREEIFADDRS
+
+/* Define to 1 if you have the `fstat' function. */
+#undef HAVE_FSTAT
+
+/* Define to 1 if you have the `futime' function. */
+#undef HAVE_FUTIME
+
+/* Define to 1 if you have the `futimes' function. */
+#undef HAVE_FUTIMES
+
+/* Define to 1 if you have the `futimesat' function. */
+#undef HAVE_FUTIMESAT
+
+/* Define to 1 if you use the FWTK authsrv daemon. */
+#undef HAVE_FWTK
+
+/* Define to 1 if you have the `getaddrinfo' function. */
+#undef HAVE_GETADDRINFO
+
+/* Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow
+   passwords) */
+#undef HAVE_GETAUTHUID
+
+/* Define to 1 if you have the `getcwd' function. */
+#undef HAVE_GETCWD
+
+/* Define to 1 if you have the `getdomainname' function. */
+#undef HAVE_GETDOMAINNAME
+
+/* Define to 1 if you have the `getgroups' function. */
+#undef HAVE_GETGROUPS
+
+/* Define to 1 if you have the `getifaddrs' function. */
+#undef HAVE_GETIFADDRS
+
+/* Define to 1 if you have the `getline' function. */
+#undef HAVE_GETLINE
+
+/* Define to 1 if you have the `getprogname' function. */
+#undef HAVE_GETPROGNAME
+
+/* Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow
+   passwords) */
+#undef HAVE_GETPRPWNAM
+
+/* Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow
+   passwords) */
+#undef HAVE_GETPWANAM
+
+/* Define to 1 if you have the `getspnam' function (SVR4-style shadow
+   passwords) */
+#undef HAVE_GETSPNAM
+
+/* Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow
+   passwords) */
+#undef HAVE_GETSPWUID
+
+/* Define to 1 if you have the `gettimeofday' function. */
+#undef HAVE_GETTIMEOFDAY
+
+/* Define to 1 if you have the `getuserattr' function. */
+#undef HAVE_GETUSERATTR
+
+/* Define to 1 if you have the `getutid' function. */
+#undef HAVE_GETUTID
+
+/* Define to 1 if you have the `getutxid' function. */
+#undef HAVE_GETUTXID
+
+/* Define to 1 if you have the `glob' function. */
+#undef HAVE_GLOB
+
+/* Define to 1 if you have the `grantpt' function. */
+#undef HAVE_GRANTPT
+
+/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */
+#undef HAVE_GSSAPI_GSSAPI_KRB5_H
+
+/* Define to 1 if you have the `gss_krb5_ccache_name' function. */
+#undef HAVE_GSS_KRB5_CCACHE_NAME
+
+/* Define to 1 if your Kerberos is Heimdal. */
+#undef HAVE_HEIMDAL
+
+/* Define to 1 if <netinet/in.h> contains struct in6_addr. */
+#undef HAVE_IN6_ADDR
+
+/* Define to 1 if you have the `initgroups' function. */
+#undef HAVE_INITGROUPS
+
+/* Define to 1 if you have the `initprivs' function. */
+#undef HAVE_INITPRIVS
+
+/* Define to 1 if you have the `innetgr' function. */
+#undef HAVE_INNETGR
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define if you have isblank(3). */
+#undef HAVE_ISBLANK
+
+/* Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for
+   shadow enabled) */
+#undef HAVE_ISCOMSEC
+
+/* Define to 1 if you have the `issecure' function. (SunOS 4.x check for
+   shadow enabled) */
+#undef HAVE_ISSECURE
+
+/* Define to 1 if you use Kerberos IV. */
+#undef HAVE_KERB4
+
+/* Define to 1 if you use Kerberos V. */
+#undef HAVE_KERB5
+
+/* Define to 1 if you have the `killpg' function. */
+#undef HAVE_KILLPG
+
+/* Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function. */
+#undef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
+
+/* Define to 1 if your `krb5_get_init_creds_opt_free' function takes two
+   arguments. */
+#undef HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS
+
+/* Define to 1 if you have the `krb5_init_secure_context' function. */
+#undef HAVE_KRB5_INIT_SECURE_CONTEXT
+
+/* Define to 1 if you have the `krb5_verify_user' function. */
+#undef HAVE_KRB5_VERIFY_USER
+
+/* Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not) */
+#undef HAVE_LBER_H
+
+/* Define to 1 if you use LDAP for sudoers. */
+#undef HAVE_LDAP
+
+/* Define to 1 if you have the `ldapssl_init' function. */
+#undef HAVE_LDAPSSL_INIT
+
+/* Define to 1 if you have the `ldapssl_set_strength' function. */
+#undef HAVE_LDAPSSL_SET_STRENGTH
+
+/* Define to 1 if you have the `ldap_create' function. */
+#undef HAVE_LDAP_CREATE
+
+/* Define to 1 if you have the `ldap_initialize' function. */
+#undef HAVE_LDAP_INITIALIZE
+
+/* Define to 1 if you have the `ldap_sasl_bind_s' function. */
+#undef HAVE_LDAP_SASL_BIND_S
+
+/* Define to 1 if you have the `ldap_sasl_interactive_bind_s' function. */
+#undef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
+
+/* Define to 1 if you have the `ldap_search_ext_s' function. */
+#undef HAVE_LDAP_SEARCH_EXT_S
+
+/* Define to 1 if you have the `ldap_ssl_client_init' function. */
+#undef HAVE_LDAP_SSL_CLIENT_INIT
+
+/* Define to 1 if you have the <ldap_ssl.h> header file. */
+#undef HAVE_LDAP_SSL_H
+
+/* Define to 1 if you have the `ldap_start_tls_s' function. */
+#undef HAVE_LDAP_START_TLS_S
+
+/* Define to 1 if you have the `ldap_start_tls_s_np' function. */
+#undef HAVE_LDAP_START_TLS_S_NP
+
+/* Define to 1 if you have the `ldap_str2dn' function. */
+#undef HAVE_LDAP_STR2DN
+
+/* Define to 1 if you have the `ldap_unbind_ext_s' function. */
+#undef HAVE_LDAP_UNBIND_EXT_S
+
+/* Define to 1 if you have the `dl' library (-ldl). */
+#undef HAVE_LIBDL
+
+/* Define to 1 to enable Linux audit support. */
+#undef HAVE_LINUX_AUDIT
+
+/* Define to 1 if you have the `lockf' function. */
+#undef HAVE_LOCKF
+
+/* Define to 1 if you have the <login_cap.h> header file. */
+#undef HAVE_LOGIN_CAP_H
+
+/* Define to 1 if the system has the type `long long int'. */
+#undef HAVE_LONG_LONG_INT
+
+/* Define to 1 if you have the `lrand48' function. */
+#undef HAVE_LRAND48
+
+/* Define to 1 if you have the <maillock.h> header file. */
+#undef HAVE_MAILLOCK_H
+
+/* Define to 1 if you have the <malloc.h> header file. */
+#undef HAVE_MALLOC_H
+
+/* Define to 1 if you have the `mbr_check_membership' function. */
+#undef HAVE_MBR_CHECK_MEMBERSHIP
+
+/* Define to 1 if you have the `memchr' function. */
+#undef HAVE_MEMCHR
+
+/* Define to 1 if you have the `memcpy' function. */
+#undef HAVE_MEMCPY
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the `memrchr' function. */
+#undef HAVE_MEMRCHR
+
+/* Define to 1 if you have the `memset' function. */
+#undef HAVE_MEMSET
+
+/* Define to 1 if you have the `mkstemps' function. */
+#undef HAVE_MKSTEMPS
+
+/* Define to 1 if you have the <mps/ldap_ssl.h> header file. */
+#undef HAVE_MPS_LDAP_SSL_H
+
+/* Define to 1 if you have the `nanosleep' function. */
+#undef HAVE_NANOSLEEP
+
+/* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */
+#undef HAVE_NDIR_H
+
+/* Define to 1 if you have the <netgroup.h> header file. */
+#undef HAVE_NETGROUP_H
+
+/* Define to 1 if you have the `openpty' function. */
+#undef HAVE_OPENPTY
+
+/* Define to 1 if you use NRL OPIE. */
+#undef HAVE_OPIE
+
+/* Define to 1 if you use PAM authentication. */
+#undef HAVE_PAM
+
+/* Define to 1 if you use a specific PAM session for sudo -i. */
+#undef HAVE_PAM_LOGIN
+
+/* Define to 1 if you have the <pam/pam_appl.h> header file. */
+#undef HAVE_PAM_PAM_APPL_H
+
+/* Define to 1 if you have the <paths.h> header file. */
+#undef HAVE_PATHS_H
+
+/* Define to 1 if you have the `posix_openpt' function. */
+#undef HAVE_POSIX_OPENPT
+
+/* Define to 1 if you have the <project.h> header file. */
+#undef HAVE_PROJECT_H
+
+/* Define to 1 if you have the <pty.h> header file. */
+#undef HAVE_PTY_H
+
+/* Define to 1 if you have the `random' function. */
+#undef HAVE_RANDOM
+
+/* Define to 1 if you have the `regcomp' function. */
+#undef HAVE_REGCOMP
+
+/* Define to 1 if you have the `revoke' function. */
+#undef HAVE_REVOKE
+
+/* Define to 1 if you have the <sasl.h> header file. */
+#undef HAVE_SASL_H
+
+/* Define to 1 if you have the <sasl/sasl.h> header file. */
+#undef HAVE_SASL_SASL_H
+
+/* Define if your struct sockadr has an sa_len field. */
+#undef HAVE_SA_LEN
+
+/* Define to 1 if you use SecurID for authentication. */
+#undef HAVE_SECURID
+
+/* Define to 1 if you have the <security/pam_appl.h> header file. */
+#undef HAVE_SECURITY_PAM_APPL_H
+
+/* Define to 1 to enable SELinux RBAC support. */
+#undef HAVE_SELINUX
+
+/* Define to 1 if you have the `setauthdb' function. */
+#undef HAVE_SETAUTHDB
+
+/* Define to 1 if you have the `setenv' function. */
+#undef HAVE_SETENV
+
+/* Define to 1 if you have the `seteuid' function. */
+#undef HAVE_SETEUID
+
+/* Define to 1 if you have the `setkeycreatecon' function. */
+#undef HAVE_SETKEYCREATECON
+
+/* Define to 1 if you have the `setlocale' function. */
+#undef HAVE_SETLOCALE
+
+/* Define to 1 if you have the `setresuid' function. */
+#undef HAVE_SETRESUID
+
+/* Define to 1 if you have the `setreuid' function. */
+#undef HAVE_SETREUID
+
+/* Define to 1 if you have the `setrlimit' function. */
+#undef HAVE_SETRLIMIT
+
+/* Define to 1 if you have the `setrlimit64' function. */
+#undef HAVE_SETRLIMIT64
+
+/* Define to 1 if you have the `setsid' function. */
+#undef HAVE_SETSID
+
+/* Define to 1 if you have the `set_auth_parameters' function. */
+#undef HAVE_SET_AUTH_PARAMETERS
+
+/* Define to 1 if you have the `sia_ses_init' function. */
+#undef HAVE_SIA_SES_INIT
+
+/* Define to 1 if you have the `sigaction' function. */
+#undef HAVE_SIGACTION
+
+/* Define to 1 if <signal.h> has the sigaction_t typedef. */
+#undef HAVE_SIGACTION_T
+
+/* Define to 1 if you use S/Key. */
+#undef HAVE_SKEY
+
+/* Define to 1 if your S/Key library has skeyaccess(). */
+#undef HAVE_SKEYACCESS
+
+/* Define to 1 if you have the `snprintf' function. */
+#undef HAVE_SNPRINTF
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the `strcasecmp' function. */
+#undef HAVE_STRCASECMP
+
+/* Define to 1 if you have the `strchr' function. */
+#undef HAVE_STRCHR
+
+/* Define to 1 if you have the `strerror' function. */
+#undef HAVE_STRERROR
+
+/* Define to 1 if you have the `strftime' function. */
+#undef HAVE_STRFTIME
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the `strlcat' function. */
+#undef HAVE_STRLCAT
+
+/* Define to 1 if you have the `strlcpy' function. */
+#undef HAVE_STRLCPY
+
+/* Define to 1 if you have the `strrchr' function. */
+#undef HAVE_STRRCHR
+
+/* Define to 1 if you have the `strsignal' function. */
+#undef HAVE_STRSIGNAL
+
+/* Define to 1 if the system has the type `struct in6_addr'. */
+#undef HAVE_STRUCT_IN6_ADDR
+
+/* Define to 1 if your struct stat has an st_mtim member */
+#undef HAVE_ST_MTIM
+
+/* Define to 1 if your struct stat has an st_mtimespec member */
+#undef HAVE_ST_MTIMESPEC
+
+/* Define to 1 if your struct stat uses an st__tim union */
+#undef HAVE_ST__TIM
+
+/* Define to 1 if you have the `sysconf' function. */
+#undef HAVE_SYSCONF
+
+/* Define to 1 if you have the `sysctl' function. */
+#undef HAVE_SYSCTL
+
+/* Define to 1 if you have the <sys/bsdtypes.h> header file. */
+#undef HAVE_SYS_BSDTYPES_H
+
+/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'.
+   */
+#undef HAVE_SYS_DIR_H
+
+/* Define to 1 if you have the <sys/ndir.h> header file, and it defines `DIR'.
+   */
+#undef HAVE_SYS_NDIR_H
+
+/* Define to 1 if you have the <sys/select.h> header file. */
+#undef HAVE_SYS_SELECT_H
+
+/* Define to 1 if you have the <sys/sockio.h> header file. */
+#undef HAVE_SYS_SOCKIO_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/stropts.h> header file. */
+#undef HAVE_SYS_STROPTS_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the `tcsetpgrp' function. */
+#undef HAVE_TCSETPGRP
+
+/* Define to 1 if you have the <termios.h> header file and the `tcgetattr'
+   function. */
+#undef HAVE_TERMIOS_H
+
+/* Define to 1 if you have the <termio.h> header file. */
+#undef HAVE_TERMIO_H
+
+/* Define to 1 if you have struct timespec in sys/time.h */
+#undef HAVE_TIMESPEC
+
+/* Define to 1 if you have the `tzset' function. */
+#undef HAVE_TZSET
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to 1 if you have the `unsetenv' function. */
+#undef HAVE_UNSETENV
+
+/* Define to 1 if you have the <util.h> header file. */
+#undef HAVE_UTIL_H
+
+/* Define to 1 if you have the `utimes' function. */
+#undef HAVE_UTIMES
+
+/* Define to 1 if you have the <utime.h> header file. */
+#undef HAVE_UTIME_H
+
+/* Define to 1 if you have the `vasprintf' function. */
+#undef HAVE_VASPRINTF
+
+/* Define to 1 if you have the `vhangup' function. */
+#undef HAVE_VHANGUP
+
+/* Define to 1 if you have the `vsnprintf' function. */
+#undef HAVE_VSNPRINTF
+
+/* Define to 1 if you have the `wait3' function. */
+#undef HAVE_WAIT3
+
+/* Define to 1 if you have the `waitpid' function. */
+#undef HAVE_WAITPID
+
+/* Define to 1 if you have the <zlib.h> header file. */
+#undef HAVE_ZLIB_H
+
+/* Define to 1 if you have the `_getpty' function. */
+#undef HAVE__GETPTY
+
+/* Define to 1 if you have the `_innetgr' function. */
+#undef HAVE__INNETGR
+
+/* Define to 1 if your crt0.o defines the __progname symbol for you. */
+#undef HAVE___PROGNAME
+
+/* Define to 1 if you want the hostname to be entered into the log file. */
+#undef HOST_IN_LOG
+
+/* Define to 1 if you want to ignore '.' and empty PATH elements */
+#undef IGNORE_DOT_PATH
+
+/* The message given when a bad password is entered. */
+#undef INCORRECT_PASSWORD
+
+/* The name of libvas.so */
+#undef LIBVAS_SO
+
+/* The syslog facility sudo will use. */
+#undef LOGFAC
+
+/* Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH. */
+#undef LOGGING
+
+/* Define to 1 if you want a two line OTP (S/Key or OPIE) prompt. */
+#undef LONG_OTP_PROMPT
+
+/* Define to the sub-directory in which libtool stores uninstalled libraries.
+   */
+#undef LT_OBJDIR
+
+/* The subject of the mail sent by sudo to the MAILTO user/address. */
+#undef MAILSUBJECT
+
+/* The user or email address that sudo mail is sent to. */
+#undef MAILTO
+
+/* The max number of chars per log file line (for line wrapping). */
+#undef MAXLOGFILELEN
+
+/* Define to the max length of a uid_t in string context (excluding the NUL).
+   */
+#undef MAX_UID_T_LEN
+
+/* Define to 1 if you don't want sudo to prompt for a password by default. */
+#undef NO_AUTHENTICATION
+
+/* Define to 1 if you don't want users to get the lecture the first they user
+   sudo. */
+#undef NO_LECTURE
+
+/* Define to 1 if you don't want to use sudo's PAM session support */
+#undef NO_PAM_SESSION
+
+/* Define to avoid runing the mailer as root. */
+#undef NO_ROOT_MAILER
+
+/* Define to 1 if root should not be allowed to use sudo. */
+#undef NO_ROOT_SUDO
+
+/* Define to 1 if you want a single ticket file instead of per-tty files. */
+#undef NO_TTY_TICKETS
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* The default password prompt. */
+#undef PASSPROMPT
+
+/* The passwd prompt timeout (in minutes). */
+#undef PASSWORD_TIMEOUT
+
+/* Define to 1 to replace politically incorrect insults with less offensive
+   ones. */
+#undef PC_INSULTS
+
+/* The syslog priority sudo will use for unsuccessful attempts/errors. */
+#undef PRI_FAILURE
+
+/* The syslog priority sudo will use for successful attempts. */
+#undef PRI_SUCCESS
+
+/* Define to 1 if the `putenv' has a const argument. */
+#undef PUTENV_CONST
+
+/* Define as the return type of signal handlers (`int' or `void'). */
+#undef RETSIGTYPE
+
+/* The user sudo should run commands as by default. */
+#undef RUNAS_DEFAULT
+
+/* Define to 1 to override the user's path with a built-in one. */
+#undef SECURE_PATH
+
+/* Define to 1 to send mail when the user is not allowed to run a command. */
+#undef SEND_MAIL_WHEN_NOT_OK
+
+/* Define to 1 to send mail when the user is not allowed to run sudo on this
+   host. */
+#undef SEND_MAIL_WHEN_NO_HOST
+
+/* Define to 1 to send mail when the user is not in the sudoers file. */
+#undef SEND_MAIL_WHEN_NO_USER
+
+/* Define to 1 if the `setpgrp' function takes no argument. */
+#undef SETPGRP_VOID
+
+/* Define to 1 if you want sudo to start a shell if given no arguments. */
+#undef SHELL_IF_NO_ARGS
+
+/* Define to 1 if you want sudo to set $HOME in shell mode. */
+#undef SHELL_SETS_HOME
+
+/* The size of `long int', as computed by sizeof. */
+#undef SIZEOF_LONG_INT
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Define to 1 if the code in interfaces.c does not compile for you. */
+#undef STUB_LOAD_INTERFACES
+
+/* The umask that the root-run prog should use. */
+#undef SUDO_UMASK
+
+/* The number of minutes before sudo asks for a password again. */
+#undef TIMEOUT
+
+/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
+#undef TIME_WITH_SYS_TIME
+
+/* The number of tries a user gets to enter their password. */
+#undef TRIES_FOR_PASSWORD
+
+/* Define to 1 if the `unsetenv' function returns void instead of `int'. */
+#undef UNSETENV_VOID
+
+/* Define to 1 if you want to create ~/.sudo_as_admin_successful if the user
+   is in the admin group the first time they run sudo. */
+#undef USE_ADMIN_FLAG
+
+/* Define to 1 if you want to insult the user for entering an incorrect
+   password. */
+#undef USE_INSULTS
+
+/* Define to 1 if you use GNU stow packaging. */
+#undef USE_STOW
+
+/* Define to 1 if using a non-Unix group lookup implementation. */
+#undef USING_NONUNIX_GROUPS
+
+/* Define to avoid using the passwd/shadow file for authentication. */
+#undef WITHOUT_PASSWD
+
+/* Define to `signed' or nothing if compiler does not support a signed type
+   qualifier. */
+#undef __signed
+
+/* Define to empty if `const' does not conform to ANSI C. */
+#undef const
+
+/* Define if your system lacks the dev_t type. */
+#undef dev_t
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef gid_t
+
+/* Define if your system lacks the ino_t type. */
+#undef ino_t
+
+/* Define to `int' if <sys/types.h> does not define. */
+#undef mode_t
+
+/* Define to `int' if <signal.h> does not define. */
+#undef sig_atomic_t
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+#undef size_t
+
+/* Define if your system lacks the ssize_t type. */
+#undef ssize_t
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef uid_t
+
+/* Define to empty if the keyword `volatile' does not work. Warning: valid
+   code using `volatile' can become incorrect without. Disable with care. */
+#undef volatile
+
+/*
+ * Macros to convert ctime and mtime into timevals.
+ */
+#define timespec2timeval(_ts, _tv) do {					\
+    (_tv)->tv_sec = (_ts)->tv_sec;					\
+    (_tv)->tv_usec = (_ts)->tv_nsec / 1000;				\
+} while (0)
+
+#ifdef HAVE_ST_MTIM
+# ifdef HAVE_ST__TIM
+#  define ctim_get(_x, _y)	timespec2timeval(&(_x)->st_ctim.st__tim, (_y))
+#  define mtim_get(_x, _y)	timespec2timeval(&(_x)->st_mtim.st__tim, (_y))
+# else
+#  define ctim_get(_x, _y)	timespec2timeval(&(_x)->st_ctim, (_y))
+#  define mtim_get(_x, _y)	timespec2timeval(&(_x)->st_mtim, (_y))
+# endif
+#else
+# ifdef HAVE_ST_MTIMESPEC
+#  define ctim_get(_x, _y)	timespec2timeval(&(_x)->st_ctimespec, (_y))
+#  define mtim_get(_x, _y)	timespec2timeval(&(_x)->st_mtimespec, (_y))
+# else
+#  define ctim_get(_x, _y)	do { (_y)->tv_sec = (_x)->st_ctime; (_y)->tv_usec = 0; } while (0)
+#  define mtim_get(_x, _y)	do { (_y)->tv_sec = (_x)->st_mtime; (_y)->tv_usec = 0; } while (0)
+# endif /* HAVE_ST_MTIMESPEC */
+#endif /* HAVE_ST_MTIM */
+
+/*
+ * Emulate a subset of waitpid() if we don't have it.
+ */
+#ifdef HAVE_WAITPID
+# define sudo_waitpid(p, s, o)	waitpid(p, s, o)
+#else
+# ifdef HAVE_WAIT3
+#  define sudo_waitpid(p, s, o)	wait3(s, o, NULL)
+# endif
+#endif
+
+/* GNU stow needs /etc/sudoers to be a symlink. */
+#ifdef USE_STOW
+# define stat_sudoers	stat
+#else
+# define stat_sudoers	lstat
+#endif
+
+/* Macros to set/clear/test flags. */
+#undef SET
+#define SET(t, f)	((t) |= (f))
+#undef CLR
+#define CLR(t, f)	((t) &= ~(f))
+#undef ISSET
+#define ISSET(t, f)     ((t) & (f))
+
+/* New ANSI-style OS defs for HP-UX and ConvexOS. */
+#if defined(hpux) && !defined(__hpux)
+# define __hpux		1
+#endif /* hpux */
+
+#if defined(convex) && !defined(__convex__)
+# define __convex__	1
+#endif /* convex */
+
+/* BSD compatibility on some SVR4 systems. */
+#ifdef __svr4__
+# define BSD_COMP
+#endif /* __svr4__ */
+
+#endif /* _SUDO_CONFIG_H */
diff --git a/sudo-1.7.4p4/config.sub b/sudo-1.7.4p4/config.sub
new file mode 100755
index 0000000..acb095a
--- /dev/null
+++ b/sudo-1.7.4p4/config.sub
@@ -0,0 +1,1706 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
+#   Free Software Foundation, Inc.
+
+timestamp='2009-11-07'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine.  It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <config-patches@gnu.org>.  Submit a context
+# diff and a properly formatted GNU ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit ;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+  uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+  kopensolaris*-gnu* | \
+  storm-chaos* | os2-emx* | rtmk-nova*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis | -knuth | -cray | -microblaze | -sr2201*)
+		os=
+		basic_machine=$1
+		;;
+        -bluegene*)
+	        os=-cnk
+		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
+	-chorusos*)
+		os=-chorusos
+		basic_machine=$1
+		;;
+ 	-chorusrdb)
+ 		os=-chorusrdb
+		basic_machine=$1
+ 		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco6)
+		os=-sco5v6
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	1750a | 580 \
+	| a29k \
+	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+	| am33_2.0 \
+	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+	| bfin \
+	| c4x | clipper \
+	| d10v | d30v | dlx | dsp16xx \
+	| fido | fr30 | frv \
+	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+	| i370 | i860 | i960 | ia64 \
+	| ip2k | iq2000 \
+	| lm32 \
+	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+	| maxq | mb | microblaze | mcore | mep | metag \
+	| mips | mipsbe | mipseb | mipsel | mipsle \
+	| mips16 \
+	| mips64 | mips64el \
+	| mips64octeon | mips64octeonel \
+	| mips64orion | mips64orionel \
+	| mips64r5900 | mips64r5900el \
+	| mips64vr | mips64vrel \
+	| mips64vr4100 | mips64vr4100el \
+	| mips64vr4300 | mips64vr4300el \
+	| mips64vr5000 | mips64vr5000el \
+	| mips64vr5900 | mips64vr5900el \
+	| mipsisa32 | mipsisa32el \
+	| mipsisa32r2 | mipsisa32r2el \
+	| mipsisa64 | mipsisa64el \
+	| mipsisa64r2 | mipsisa64r2el \
+	| mipsisa64sb1 | mipsisa64sb1el \
+	| mipsisa64sr71k | mipsisa64sr71kel \
+	| mipstx39 | mipstx39el \
+	| mn10200 | mn10300 \
+	| moxie \
+	| mt \
+	| msp430 \
+	| nios | nios2 \
+	| ns16k | ns32k \
+	| or32 \
+	| pdp10 | pdp11 | pj | pjl \
+	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+	| pyramid \
+	| rx \
+	| score \
+	| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+	| sh64 | sh64le \
+	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+	| spu | strongarm \
+	| tahoe | thumb | tic4x | tic80 | tron \
+	| ubicom32 \
+	| v850 | v850e \
+	| we32k \
+	| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+	| z8k | z80)
+		basic_machine=$basic_machine-unknown
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12 | picochip)
+		# Motorola 68HC11/12.
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+		;;
+	ms1)
+		basic_machine=mt-unknown
+		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	580-* \
+	| a29k-* \
+	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
+	| avr-* | avr32-* \
+	| bfin-* | bs2000-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+	| clipper-* | craynv-* | cydra-* \
+	| d10v-* | d30v-* | dlx-* \
+	| elxsi-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+	| h8300-* | h8500-* \
+	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+	| i*86-* | i860-* | i960-* | ia64-* \
+	| ip2k-* | iq2000-* \
+	| lm32-* \
+	| m32c-* | m32r-* | m32rle-* \
+	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
+	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+	| mips16-* \
+	| mips64-* | mips64el-* \
+	| mips64octeon-* | mips64octeonel-* \
+	| mips64orion-* | mips64orionel-* \
+	| mips64r5900-* | mips64r5900el-* \
+	| mips64vr-* | mips64vrel-* \
+	| mips64vr4100-* | mips64vr4100el-* \
+	| mips64vr4300-* | mips64vr4300el-* \
+	| mips64vr5000-* | mips64vr5000el-* \
+	| mips64vr5900-* | mips64vr5900el-* \
+	| mipsisa32-* | mipsisa32el-* \
+	| mipsisa32r2-* | mipsisa32r2el-* \
+	| mipsisa64-* | mipsisa64el-* \
+	| mipsisa64r2-* | mipsisa64r2el-* \
+	| mipsisa64sb1-* | mipsisa64sb1el-* \
+	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
+	| mipstx39-* | mipstx39el-* \
+	| mmix-* \
+	| mt-* \
+	| msp430-* \
+	| nios-* | nios2-* \
+	| none-* | np1-* | ns16k-* | ns32k-* \
+	| orion-* \
+	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+	| pyramid-* \
+	| romp-* | rs6000-* | rx-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
+	| tahoe-* | thumb-* \
+	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \
+	| tron-* \
+	| ubicom32-* \
+	| v850-* | v850e-* | vax-* \
+	| we32k-* \
+	| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa*-* \
+	| ymp-* \
+	| z8k-* | z80-*)
+		;;
+	# Recognize the basic CPU types without company name, with glob match.
+	xtensa*)
+		basic_machine=$basic_machine-unknown
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+    	abacus)
+		basic_machine=abacus-unknown
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amd64)
+		basic_machine=x86_64-pc
+		;;
+	amd64-*)
+		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-unknown
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-unknown
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
+	aros)
+		basic_machine=i386-pc
+		os=-aros
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	blackfin)
+		basic_machine=bfin-unknown
+		os=-linux
+		;;
+	blackfin-*)
+		basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	bluegene*)
+		basic_machine=powerpc-ibm
+		os=-cnk
+		;;
+	c90)
+		basic_machine=c90-cray
+		os=-unicos
+		;;
+        cegcc)
+		basic_machine=arm-unknown
+		os=-cegcc
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | j90)
+		basic_machine=j90-cray
+		os=-unicos
+		;;
+	craynv)
+		basic_machine=craynv-cray
+		os=-unicosmp
+		;;
+	cr16)
+		basic_machine=cr16-unknown
+		os=-elf
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
+	crx)
+		basic_machine=crx-unknown
+		os=-elf
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	decsystem10* | dec10*)
+		basic_machine=pdp10-dec
+		os=-tops10
+		;;
+	decsystem20* | dec20*)
+		basic_machine=pdp10-dec
+		os=-tops20
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	dicos)
+		basic_machine=i686-pc
+		os=-dicos
+		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
+	sr2201*)
+		basic_machine=harp1e-hitachi
+		os=-hiuxmpp
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		;;
+# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	m68knommu)
+		basic_machine=m68k-unknown
+		os=-linux
+		;;
+	m68knommu-*)
+		basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+        microblaze)
+		basic_machine=microblaze-xilinx
+		;;
+	mingw32)
+		basic_machine=i386-pc
+		os=-mingw32
+		;;
+	mingw32ce)
+		basic_machine=arm-unknown
+		os=-mingw32ce
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	morphos)
+		basic_machine=powerpc-unknown
+		os=-morphos
+		;;
+	msdos)
+		basic_machine=i386-pc
+		os=-msdos
+		;;
+	ms1-*)
+		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	openrisc | openrisc-*)
+		basic_machine=or32-unknown
+		;;
+	os400)
+		basic_machine=powerpc-ibm
+		os=-os400
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	parisc)
+		basic_machine=hppa-unknown
+		os=-linux
+		;;
+	parisc-*)
+		basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+	pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pc98)
+		basic_machine=i386-pc
+		;;
+	pc98-*)
+		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium | p5 | k5 | k6 | nexgen | viac3)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon | athlon_*)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2 | pentiumiii | pentium3)
+		basic_machine=i686-pc
+		;;
+	pentium4)
+		basic_machine=i786-pc
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium4-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=power-ibm
+		;;
+	ppc)	basic_machine=powerpc-unknown
+		;;
+	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+		;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64)	basic_machine=powerpc64-unknown
+		;;
+	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+		basic_machine=powerpc64le-unknown
+		;;
+	ppc64le-* | powerpc64little-*)
+		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rdos)
+		basic_machine=i386-pc
+		os=-rdos
+		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	s390 | s390-*)
+		basic_machine=s390-ibm
+		;;
+	s390x | s390x-*)
+		basic_machine=s390x-ibm
+		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	sb1)
+		basic_machine=mipsisa64sb1-unknown
+		;;
+	sb1el)
+		basic_machine=mipsisa64sb1el-unknown
+		;;
+	sde)
+		basic_machine=mipsisa32-sde
+		os=-elf
+		;;
+	sei)
+		basic_machine=mips-sei
+		os=-seiux
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
+	sh64)
+		basic_machine=sh64-unknown
+		;;
+	sparclite-wrs | simso-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	t3e)
+		basic_machine=alphaev5-cray
+		os=-unicos
+		;;
+	t90)
+		basic_machine=t90-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
+	tic55x | c55x*)
+		basic_machine=tic55x-unknown
+		os=-coff
+		;;
+	tic6x | c6x*)
+		basic_machine=tic6x-unknown
+		os=-coff
+		;;
+	tile*)
+		basic_machine=tile-unknown
+		os=-linux-gnu
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	toad1)
+		basic_machine=pdp10-xkl
+		os=-tops20
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	tpf)
+		basic_machine=s390x-ibm
+		os=-tpf
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+		basic_machine=f301-fujitsu
+		;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
+	xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
+	z80-*-coff)
+		basic_machine=z80-unknown
+		os=-sim
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	mmix)
+		basic_machine=mmix-knuth
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+		basic_machine=sparc-sun
+		;;
+	cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -kopensolaris* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* | -aros* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+	      | -openbsd* | -solidbsd* \
+	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -chorusos* | -chorusrdb* | -cegcc* \
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+	      | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto-qnx*)
+		;;
+	-nto*)
+		os=`echo $os | sed -e 's|nto|nto-qnx|'`
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
+	-linux-dietlibc)
+		os=-linux-dietlibc
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-opened*)
+		os=-openedition
+		;;
+        -os400*)
+		os=-os400
+		;;
+	-wince*)
+		os=-wince
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-atheos*)
+		os=-atheos
+		;;
+	-syllable*)
+		os=-syllable
+		;;
+	-386bsd)
+		os=-bsd
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-nova*)
+		os=-rtmk-nova
+		;;
+	-ns2 )
+		os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+        -tpf*)
+		os=-tpf
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
+	-xenix)
+		os=-xenix
+		;;
+	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+		os=-mint
+		;;
+	-aros*)
+		os=-aros
+		;;
+	-kaos*)
+		os=-kaos
+		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
+	-dicos*)
+		os=-dicos
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+        score-*)
+		os=-elf
+		;;
+        spu-*)
+		os=-elf
+		;;
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+        c4x-* | tic4x-*)
+        	os=-coff
+		;;
+	# This must come before the *-dec entry.
+	pdp10-*)
+		os=-tops20
+		;;
+	pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		# This also exists in the configure program, but was not the
+		# default.
+		# os=-sunos4
+		;;
+	m68*-cisco)
+		os=-aout
+		;;
+        mep-*)
+		os=-elf
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
+	or32-*)
+		os=-coff
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-be)
+		os=-beos
+		;;
+	*-haiku)
+		os=-haiku
+		;;
+	*-ibm)
+		os=-aix
+		;;
+    	*-knuth)
+		os=-mmixware
+		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+	*-gould)
+		os=-sysv
+		;;
+	*-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+	*-sgi)
+		os=-irix
+		;;
+	*-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-cnk*|-aix*)
+				vendor=ibm
+				;;
+			-beos*)
+				vendor=be
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-mpeix*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs* | -opened*)
+				vendor=ibm
+				;;
+			-os400*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-tpf*)
+				vendor=ibm
+				;;
+			-vxsim* | -vxworks* | -windiss*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
+			-vos*)
+				vendor=stratus
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/sudo-1.7.4p4/configure b/sudo-1.7.4p4/configure
new file mode 100755
index 0000000..e66f189
--- /dev/null
+++ b/sudo-1.7.4p4/configure
@@ -0,0 +1,20738 @@
+#! /bin/sh
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.65 for sudo 1.7.4p4.
+#
+# Report bugs to <http://www.sudo.ws/bugs/>.
+#
+#
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+#
+#
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+    && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='print -r --'
+  as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in #(
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in #((
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+  done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh).  But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there.  '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+  && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test "x$CONFIG_SHELL" = x; then
+  as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '\${1+\"\$@\"}'='\"\$@\"'
+  setopt NO_GLOB_SUBST
+else
+  case \`(set -o) 2>/dev/null\` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+"
+  as_required="as_fn_return () { (exit \$1); }
+as_fn_success () { as_fn_return 0; }
+as_fn_failure () { as_fn_return 1; }
+as_fn_ret_success () { return 0; }
+as_fn_ret_failure () { return 1; }
+
+exitcode=0
+as_fn_success || { exitcode=1; echo as_fn_success failed.; }
+as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
+as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
+as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
+if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
+
+else
+  exitcode=1; echo positional parameters were not saved.
+fi
+test x\$exitcode = x0 || exit 1"
+  as_suggested="  as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
+  as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
+  eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
+  test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
+test \$(( 1 + 1 )) = 2 || exit 1"
+  if (eval "$as_required") 2>/dev/null; then :
+  as_have_required=yes
+else
+  as_have_required=no
+fi
+  if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
+
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  as_found=:
+  case $as_dir in #(
+	 /*)
+	   for as_base in sh bash ksh sh5; do
+	     # Try only shells that exist, to save several forks.
+	     as_shell=$as_dir/$as_base
+	     if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+		    { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
+  CONFIG_SHELL=$as_shell as_have_required=yes
+		   if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
+  break 2
+fi
+fi
+	   done;;
+       esac
+  as_found=false
+done
+$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+	      { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
+  CONFIG_SHELL=$SHELL as_have_required=yes
+fi; }
+IFS=$as_save_IFS
+
+
+      if test "x$CONFIG_SHELL" != x; then :
+  # We cannot yet assume a decent shell, so we have to provide a
+	# neutralization value for shells without unset; and this also
+	# works around shells that cannot unset nonexistent variables.
+	BASH_ENV=/dev/null
+	ENV=/dev/null
+	(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+	export CONFIG_SHELL
+	exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
+fi
+
+    if test x$as_have_required = xno; then :
+  $as_echo "$0: This script requires a shell more modern than all"
+  $as_echo "$0: the shells that I found on your system."
+  if test x${ZSH_VERSION+set} = xset ; then
+    $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+    $as_echo "$0: be upgraded to zsh 4.3.4 or later."
+  else
+    $as_echo "$0: Please tell bug-autoconf@gnu.org and
+$0: http://www.sudo.ws/bugs/ about your system, including
+$0: any error possibly output before this message. Then
+$0: install a modern shell, or manually run the script
+$0: under such a shell if you do have one."
+  fi
+  exit 1
+fi
+fi
+fi
+SHELL=${CONFIG_SHELL-/bin/sh}
+export SHELL
+# Unset more variables known to interfere with behavior of common tools.
+CLICOLOR_FORCE= GREP_OPTIONS=
+unset CLICOLOR_FORCE GREP_OPTIONS
+
+## --------------------- ##
+## M4sh Shell Functions. ##
+## --------------------- ##
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+  { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+  return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+  set +e
+  as_fn_set_status $1
+  exit $1
+} # as_fn_exit
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || eval $as_mkdir_p || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+  eval 'as_fn_append ()
+  {
+    eval $1+=\$2
+  }'
+else
+  as_fn_append ()
+  {
+    eval $1=\$$1\$2
+  }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+  eval 'as_fn_arith ()
+  {
+    as_val=$(( $* ))
+  }'
+else
+  as_fn_arith ()
+  {
+    as_val=`expr "$@" || test $? -eq 1`
+  }
+fi # as_fn_arith
+
+
+# as_fn_error ERROR [LINENO LOG_FD]
+# ---------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with status $?, using 1 if that was 0.
+as_fn_error ()
+{
+  as_status=$?; test $as_status -eq 0 && as_status=1
+  if test "$3"; then
+    as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+    $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3
+  fi
+  $as_echo "$as_me: error: $1" >&2
+  as_fn_exit $as_status
+} # as_fn_error
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+
+  as_lineno_1=$LINENO as_lineno_1a=$LINENO
+  as_lineno_2=$LINENO as_lineno_2a=$LINENO
+  eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
+  test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
+  # Blame Lee E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+  case `echo 'xy\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  xy)  ECHO_C='\c';;
+  *)   echo `echo ksh88 bug on AIX 6.1` > /dev/null
+       ECHO_T='	';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p='mkdir -p "$as_dir"'
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in #(
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+
+# Check that we are running under the correct shell.
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+case X$lt_ECHO in
+X*--fallback-echo)
+  # Remove one level of quotation (which was required for Make).
+  ECHO=`echo "$lt_ECHO" | sed 's,\\\\\$\\$0,'$0','`
+  ;;
+esac
+
+ECHO=${lt_ECHO-echo}
+if test "X$1" = X--no-reexec; then
+  # Discard the --no-reexec flag, and continue.
+  shift
+elif test "X$1" = X--fallback-echo; then
+  # Avoid inline document here, it may be left over
+  :
+elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' ; then
+  # Yippee, $ECHO works!
+  :
+else
+  # Restart under the correct shell.
+  exec $SHELL "$0" --no-reexec ${1+"$@"}
+fi
+
+if test "X$1" = X--fallback-echo; then
+  # used as fallback echo
+  shift
+  cat <<_LT_EOF
+$*
+_LT_EOF
+  exit 0
+fi
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test -z "$lt_ECHO"; then
+  if test "X${echo_test_string+set}" != Xset; then
+    # find a string as large as possible, as long as the shell can cope with it
+    for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do
+      # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
+      if { echo_test_string=`eval $cmd`; } 2>/dev/null &&
+	 { test "X$echo_test_string" = "X$echo_test_string"; } 2>/dev/null
+      then
+        break
+      fi
+    done
+  fi
+
+  if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
+     echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
+     test "X$echo_testing_string" = "X$echo_test_string"; then
+    :
+  else
+    # The Solaris, AIX, and Digital Unix default echo programs unquote
+    # backslashes.  This makes it impossible to quote backslashes using
+    #   echo "$something" | sed 's/\\/\\\\/g'
+    #
+    # So, first we look for a working echo in the user's PATH.
+
+    lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+    for dir in $PATH /usr/ucb; do
+      IFS="$lt_save_ifs"
+      if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
+         test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
+         echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
+         test "X$echo_testing_string" = "X$echo_test_string"; then
+        ECHO="$dir/echo"
+        break
+      fi
+    done
+    IFS="$lt_save_ifs"
+
+    if test "X$ECHO" = Xecho; then
+      # We didn't find a better echo, so look for alternatives.
+      if test "X`{ print -r '\t'; } 2>/dev/null`" = 'X\t' &&
+         echo_testing_string=`{ print -r "$echo_test_string"; } 2>/dev/null` &&
+         test "X$echo_testing_string" = "X$echo_test_string"; then
+        # This shell has a builtin print -r that does the trick.
+        ECHO='print -r'
+      elif { test -f /bin/ksh || test -f /bin/ksh$ac_exeext; } &&
+	   test "X$CONFIG_SHELL" != X/bin/ksh; then
+        # If we have ksh, try running configure again with it.
+        ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
+        export ORIGINAL_CONFIG_SHELL
+        CONFIG_SHELL=/bin/ksh
+        export CONFIG_SHELL
+        exec $CONFIG_SHELL "$0" --no-reexec ${1+"$@"}
+      else
+        # Try using printf.
+        ECHO='printf %s\n'
+        if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
+	   echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
+	   test "X$echo_testing_string" = "X$echo_test_string"; then
+	  # Cool, printf works
+	  :
+        elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
+	     test "X$echo_testing_string" = 'X\t' &&
+	     echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+	     test "X$echo_testing_string" = "X$echo_test_string"; then
+	  CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
+	  export CONFIG_SHELL
+	  SHELL="$CONFIG_SHELL"
+	  export SHELL
+	  ECHO="$CONFIG_SHELL $0 --fallback-echo"
+        elif echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
+	     test "X$echo_testing_string" = 'X\t' &&
+	     echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+	     test "X$echo_testing_string" = "X$echo_test_string"; then
+	  ECHO="$CONFIG_SHELL $0 --fallback-echo"
+        else
+	  # maybe with a smaller string...
+	  prev=:
+
+	  for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do
+	    if { test "X$echo_test_string" = "X`eval $cmd`"; } 2>/dev/null
+	    then
+	      break
+	    fi
+	    prev="$cmd"
+	  done
+
+	  if test "$prev" != 'sed 50q "$0"'; then
+	    echo_test_string=`eval $prev`
+	    export echo_test_string
+	    exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "$0" ${1+"$@"}
+	  else
+	    # Oops.  We lost completely, so just stick with echo.
+	    ECHO=echo
+	  fi
+        fi
+      fi
+    fi
+  fi
+fi
+
+# Copy echo and quote the copy suitably for passing to libtool from
+# the Makefile, instead of quoting the original, which is used later.
+lt_ECHO=$ECHO
+if test "X$lt_ECHO" = "X$CONFIG_SHELL $0 --fallback-echo"; then
+   lt_ECHO="$CONFIG_SHELL \\\$\$0 --fallback-echo"
+fi
+
+
+
+
+test -n "$DJDIR" || exec 7<&0 </dev/null
+exec 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+
+# Identity of this package.
+PACKAGE_NAME='sudo'
+PACKAGE_TARNAME='sudo'
+PACKAGE_VERSION='1.7.4p4'
+PACKAGE_STRING='sudo 1.7.4p4'
+PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/'
+PACKAGE_URL=''
+
+# Factoring default headers for most tests.
+ac_includes_default="\
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif
+#ifdef HAVE_STRING_H
+# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
+#  include <memory.h>
+# endif
+# include <string.h>
+#endif
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#ifdef HAVE_INTTYPES_H
+# include <inttypes.h>
+#endif
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif"
+
+ac_subst_vars='LTLIBOBJS
+KRB5CONFIG
+LIBOBJS
+FLEX
+YFLAGS
+YACC
+NROFFPROG
+TRPROG
+UNAMEPROG
+OTOOL64
+OTOOL
+LIPO
+NMEDIT
+DSYMUTIL
+lt_ECHO
+STRIP
+OBJDUMP
+LN_S
+NM
+ac_ct_DUMPBIN
+DUMPBIN
+LD
+FGREP
+EGREP
+GREP
+SED
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+RANLIB
+AR
+CPP
+OBJEXT
+EXEEXT
+ac_ct_CC
+CC
+editor
+secure_path
+netsvc_conf
+nsswitch_conf
+ldap_secret
+ldap_conf
+path_info
+root_sudo
+insults
+tty_tickets
+passwd_tries
+env_editor
+runas_default
+fqdn
+badpass_message
+mailsub
+mailto
+mail_no_perms
+mail_no_host
+mail_no_user
+ignore_dot
+loglen
+badpri
+goodpri
+logfac
+lecture
+long_otp_prompt
+passprompt
+sudo_umask
+password_timeout
+timeout
+timedir
+CONFIGURE_ARGS
+ZLIB
+LOGINCAP_USAGE
+REPLAY
+LDAP
+SELINUX_USAGE
+BSDAUTH_USAGE
+DONT_LEAK_PATH_INFO
+INSTALL_NOEXEC
+noexec_file
+NOEXECDIR
+NOEXECFILE
+mansrcdir
+mansectform
+mansectsu
+devdir
+SEMAN
+LCMAN
+BAMAN
+DEV
+SUDOERS_GID
+SUDOERS_UID
+SUDOERS_MODE
+MAN_POSTINSTALL
+MANTYPE
+AUTH_OBJS
+OSDEFS
+GETGROUPS_LIB
+AFS_LIBS
+NET_LIBS
+SUDO_LIBS
+SUDO_OBJS
+SUDO_LDFLAGS
+COMMON_OBJS
+LDFLAGS
+CPPFLAGS
+PROGS
+CFLAGS
+LIBTOOL
+HAVE_BSM_AUDIT
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_URL
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
+ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+with_otp_only
+with_alertmail
+with_devel
+with_CC
+with_rpath
+with_blibpath
+with_bsm_audit
+with_linux_audit
+with_incpath
+with_libpath
+with_libraries
+with_efence
+with_csops
+with_passwd
+with_skey
+with_opie
+with_long_otp_prompt
+with_SecurID
+with_fwtk
+with_kerb4
+with_kerb5
+with_aixauth
+with_pam
+with_AFS
+with_DCE
+with_logincap
+with_bsdauth
+with_project
+with_lecture
+with_logging
+with_logfac
+with_goodpri
+with_badpri
+with_logpath
+with_loglen
+with_ignore_dot
+with_mail_if_no_user
+with_mail_if_no_host
+with_mail_if_noperms
+with_mailto
+with_mailsubject
+with_passprompt
+with_badpass_message
+with_fqdn
+with_timedir
+with_iologdir
+with_sendmail
+with_sudoers_mode
+with_sudoers_uid
+with_sudoers_gid
+with_umask
+with_runas_default
+with_exempt
+with_editor
+with_env_editor
+with_passwd_tries
+with_timeout
+with_password_timeout
+with_tty_tickets
+with_insults
+with_all_insults
+with_classic_insults
+with_csops_insults
+with_hal_insults
+with_goons_insults
+with_nsswitch
+with_ldap
+with_ldap_conf_file
+with_ldap_secret_file
+with_pc_insults
+with_secure_path
+with_interfaces
+with_stow
+with_askpass
+with_libvas
+with_libvas_rpath
+enable_authentication
+enable_root_mailer
+enable_setreuid
+enable_setresuid
+enable_shadow
+enable_root_sudo
+enable_log_host
+enable_noargs_shell
+enable_shell_sets_home
+enable_path_info
+enable_env_debug
+enable_warnings
+enable_admin_flag
+with_selinux
+enable_gss_krb5_ccache_name
+enable_shared
+enable_static
+with_pic
+enable_fast_install
+with_gnu_ld
+enable_libtool_lock
+with_noexec
+with_netsvc
+enable_sia
+with_pam_login
+enable_pam_session
+enable_zlib
+'
+      ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS
+CPP
+YACC
+YFLAGS'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+  # If the previous option needs an argument, assign it.
+  if test -n "$ac_prev"; then
+    eval $ac_prev=\$ac_option
+    ac_prev=
+    continue
+  fi
+
+  case $ac_option in
+  *=*)	ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+  *)	ac_optarg=yes ;;
+  esac
+
+  # Accept the important Cygnus configure options, so we can diagnose typos.
+
+  case $ac_dashdash$ac_option in
+  --)
+    ac_dashdash=yes ;;
+
+  -bindir | --bindir | --bindi | --bind | --bin | --bi)
+    ac_prev=bindir ;;
+  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+    bindir=$ac_optarg ;;
+
+  -build | --build | --buil | --bui | --bu)
+    ac_prev=build_alias ;;
+  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+    build_alias=$ac_optarg ;;
+
+  -cache-file | --cache-file | --cache-fil | --cache-fi \
+  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+    ac_prev=cache_file ;;
+  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+    cache_file=$ac_optarg ;;
+
+  --config-cache | -C)
+    cache_file=config.cache ;;
+
+  -datadir | --datadir | --datadi | --datad)
+    ac_prev=datadir ;;
+  -datadir=* | --datadir=* | --datadi=* | --datad=*)
+    datadir=$ac_optarg ;;
+
+  -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+  | --dataroo | --dataro | --datar)
+    ac_prev=datarootdir ;;
+  -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+  | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+    datarootdir=$ac_optarg ;;
+
+  -disable-* | --disable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error "invalid feature name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=no ;;
+
+  -docdir | --docdir | --docdi | --doc | --do)
+    ac_prev=docdir ;;
+  -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+    docdir=$ac_optarg ;;
+
+  -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+    ac_prev=dvidir ;;
+  -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+    dvidir=$ac_optarg ;;
+
+  -enable-* | --enable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error "invalid feature name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=\$ac_optarg ;;
+
+  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+  | --exec | --exe | --ex)
+    ac_prev=exec_prefix ;;
+  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+  | --exec=* | --exe=* | --ex=*)
+    exec_prefix=$ac_optarg ;;
+
+  -gas | --gas | --ga | --g)
+    # Obsolete; use --with-gas.
+    with_gas=yes ;;
+
+  -help | --help | --hel | --he | -h)
+    ac_init_help=long ;;
+  -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+    ac_init_help=recursive ;;
+  -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+    ac_init_help=short ;;
+
+  -host | --host | --hos | --ho)
+    ac_prev=host_alias ;;
+  -host=* | --host=* | --hos=* | --ho=*)
+    host_alias=$ac_optarg ;;
+
+  -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+    ac_prev=htmldir ;;
+  -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+  | --ht=*)
+    htmldir=$ac_optarg ;;
+
+  -includedir | --includedir | --includedi | --included | --include \
+  | --includ | --inclu | --incl | --inc)
+    ac_prev=includedir ;;
+  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+  | --includ=* | --inclu=* | --incl=* | --inc=*)
+    includedir=$ac_optarg ;;
+
+  -infodir | --infodir | --infodi | --infod | --info | --inf)
+    ac_prev=infodir ;;
+  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+    infodir=$ac_optarg ;;
+
+  -libdir | --libdir | --libdi | --libd)
+    ac_prev=libdir ;;
+  -libdir=* | --libdir=* | --libdi=* | --libd=*)
+    libdir=$ac_optarg ;;
+
+  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+  | --libexe | --libex | --libe)
+    ac_prev=libexecdir ;;
+  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+  | --libexe=* | --libex=* | --libe=*)
+    libexecdir=$ac_optarg ;;
+
+  -localedir | --localedir | --localedi | --localed | --locale)
+    ac_prev=localedir ;;
+  -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+    localedir=$ac_optarg ;;
+
+  -localstatedir | --localstatedir | --localstatedi | --localstated \
+  | --localstate | --localstat | --localsta | --localst | --locals)
+    ac_prev=localstatedir ;;
+  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+  | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+    localstatedir=$ac_optarg ;;
+
+  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+    ac_prev=mandir ;;
+  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+    mandir=$ac_optarg ;;
+
+  -nfp | --nfp | --nf)
+    # Obsolete; use --without-fp.
+    with_fp=no ;;
+
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c | -n)
+    no_create=yes ;;
+
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+    no_recursion=yes ;;
+
+  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+  | --oldin | --oldi | --old | --ol | --o)
+    ac_prev=oldincludedir ;;
+  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+    oldincludedir=$ac_optarg ;;
+
+  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+    ac_prev=prefix ;;
+  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+    prefix=$ac_optarg ;;
+
+  -program-prefix | --program-prefix | --program-prefi | --program-pref \
+  | --program-pre | --program-pr | --program-p)
+    ac_prev=program_prefix ;;
+  -program-prefix=* | --program-prefix=* | --program-prefi=* \
+  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+    program_prefix=$ac_optarg ;;
+
+  -program-suffix | --program-suffix | --program-suffi | --program-suff \
+  | --program-suf | --program-su | --program-s)
+    ac_prev=program_suffix ;;
+  -program-suffix=* | --program-suffix=* | --program-suffi=* \
+  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+    program_suffix=$ac_optarg ;;
+
+  -program-transform-name | --program-transform-name \
+  | --program-transform-nam | --program-transform-na \
+  | --program-transform-n | --program-transform- \
+  | --program-transform | --program-transfor \
+  | --program-transfo | --program-transf \
+  | --program-trans | --program-tran \
+  | --progr-tra | --program-tr | --program-t)
+    ac_prev=program_transform_name ;;
+  -program-transform-name=* | --program-transform-name=* \
+  | --program-transform-nam=* | --program-transform-na=* \
+  | --program-transform-n=* | --program-transform-=* \
+  | --program-transform=* | --program-transfor=* \
+  | --program-transfo=* | --program-transf=* \
+  | --program-trans=* | --program-tran=* \
+  | --progr-tra=* | --program-tr=* | --program-t=*)
+    program_transform_name=$ac_optarg ;;
+
+  -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+    ac_prev=pdfdir ;;
+  -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+    pdfdir=$ac_optarg ;;
+
+  -psdir | --psdir | --psdi | --psd | --ps)
+    ac_prev=psdir ;;
+  -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+    psdir=$ac_optarg ;;
+
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil)
+    silent=yes ;;
+
+  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+    ac_prev=sbindir ;;
+  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+  | --sbi=* | --sb=*)
+    sbindir=$ac_optarg ;;
+
+  -sharedstatedir | --sharedstatedir | --sharedstatedi \
+  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+  | --sharedst | --shareds | --shared | --share | --shar \
+  | --sha | --sh)
+    ac_prev=sharedstatedir ;;
+  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+  | --sha=* | --sh=*)
+    sharedstatedir=$ac_optarg ;;
+
+  -site | --site | --sit)
+    ac_prev=site ;;
+  -site=* | --site=* | --sit=*)
+    site=$ac_optarg ;;
+
+  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+    ac_prev=srcdir ;;
+  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+    srcdir=$ac_optarg ;;
+
+  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+  | --syscon | --sysco | --sysc | --sys | --sy)
+    ac_prev=sysconfdir ;;
+  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+    sysconfdir=$ac_optarg ;;
+
+  -target | --target | --targe | --targ | --tar | --ta | --t)
+    ac_prev=target_alias ;;
+  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+    target_alias=$ac_optarg ;;
+
+  -v | -verbose | --verbose | --verbos | --verbo | --verb)
+    verbose=yes ;;
+
+  -version | --version | --versio | --versi | --vers | -V)
+    ac_init_version=: ;;
+
+  -with-* | --with-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error "invalid package name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=\$ac_optarg ;;
+
+  -without-* | --without-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error "invalid package name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=no ;;
+
+  --x)
+    # Obsolete; use --with-x.
+    with_x=yes ;;
+
+  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+  | --x-incl | --x-inc | --x-in | --x-i)
+    ac_prev=x_includes ;;
+  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+    x_includes=$ac_optarg ;;
+
+  -x-libraries | --x-libraries | --x-librarie | --x-librari \
+  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+    ac_prev=x_libraries ;;
+  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+    x_libraries=$ac_optarg ;;
+
+  -*) as_fn_error "unrecognized option: \`$ac_option'
+Try \`$0 --help' for more information."
+    ;;
+
+  *=*)
+    ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+    # Reject names that are not valid shell variable names.
+    case $ac_envvar in #(
+      '' | [0-9]* | *[!_$as_cr_alnum]* )
+      as_fn_error "invalid variable name: \`$ac_envvar'" ;;
+    esac
+    eval $ac_envvar=\$ac_optarg
+    export $ac_envvar ;;
+
+  *)
+    # FIXME: should be removed in autoconf 3.0.
+    $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+    expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+      $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+    : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
+    ;;
+
+  esac
+done
+
+if test -n "$ac_prev"; then
+  ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+  as_fn_error "missing argument to $ac_option"
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+  case $enable_option_checking in
+    no) ;;
+    fatal) as_fn_error "unrecognized options: $ac_unrecognized_opts" ;;
+    *)     $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+  esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
+		datadir sysconfdir sharedstatedir localstatedir includedir \
+		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+		libdir localedir mandir
+do
+  eval ac_val=\$$ac_var
+  # Remove trailing slashes.
+  case $ac_val in
+    */ )
+      ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+      eval $ac_var=\$ac_val;;
+  esac
+  # Be sure to have absolute directory names.
+  case $ac_val in
+    [\\/$]* | ?:[\\/]* )  continue;;
+    NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+  esac
+  as_fn_error "expected an absolute directory name for --$ac_var: $ac_val"
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+  if test "x$build_alias" = x; then
+    cross_compiling=maybe
+    $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
+    If a cross compiler is detected then cross compile mode will be used." >&2
+  elif test "x$build_alias" != "x$host_alias"; then
+    cross_compiling=yes
+  fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+  as_fn_error "working directory cannot be determined"
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+  as_fn_error "pwd does not report name of working directory"
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+  ac_srcdir_defaulted=yes
+  # Try the directory containing this script, then the parent directory.
+  ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_myself" : 'X\(//\)[^/]' \| \
+	 X"$as_myself" : 'X\(//\)$' \| \
+	 X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  srcdir=$ac_confdir
+  if test ! -r "$srcdir/$ac_unique_file"; then
+    srcdir=..
+  fi
+else
+  ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+  test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+  as_fn_error "cannot find sources ($ac_unique_file) in $srcdir"
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+	cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error "$ac_msg"
+	pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+  srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+  eval ac_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_env_${ac_var}_value=\$${ac_var}
+  eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+  # Omit some internal or obsolete options to make the list less imposing.
+  # This message is too long to be a string in the A/UX 3.1 sh.
+  cat <<_ACEOF
+\`configure' configures sudo 1.7.4p4 to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE.  See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+  -h, --help              display this help and exit
+      --help=short        display options specific to this package
+      --help=recursive    display the short help of all the included packages
+  -V, --version           display version information and exit
+  -q, --quiet, --silent   do not print \`checking...' messages
+      --cache-file=FILE   cache test results in FILE [disabled]
+  -C, --config-cache      alias for \`--cache-file=config.cache'
+  -n, --no-create         do not create output files
+      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+  --prefix=PREFIX         install architecture-independent files in PREFIX
+                          [$ac_default_prefix]
+  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
+                          [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+  --bindir=DIR            user executables [EPREFIX/bin]
+  --sbindir=DIR           system admin executables [EPREFIX/sbin]
+  --libexecdir=DIR        program executables [EPREFIX/libexec]
+  --sysconfdir=DIR        read-only single-machine data [/etc]
+  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
+  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+  --libdir=DIR            object code libraries [EPREFIX/lib]
+  --includedir=DIR        C header files [PREFIX/include]
+  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
+  --datarootdir=DIR       read-only arch.-independent data root [PREFIX/share]
+  --datadir=DIR           read-only architecture-independent data [DATAROOTDIR]
+  --infodir=DIR           info documentation [DATAROOTDIR/info]
+  --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
+  --mandir=DIR            man documentation [DATAROOTDIR/man]
+  --docdir=DIR            documentation root [DATAROOTDIR/doc/sudo]
+  --htmldir=DIR           html documentation [DOCDIR]
+  --dvidir=DIR            dvi documentation [DOCDIR]
+  --pdfdir=DIR            pdf documentation [DOCDIR]
+  --psdir=DIR             ps documentation [DOCDIR]
+_ACEOF
+
+  cat <<\_ACEOF
+
+System types:
+  --build=BUILD     configure for building on BUILD [guessed]
+  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+  case $ac_init_help in
+     short | recursive ) echo "Configuration of sudo 1.7.4p4:";;
+   esac
+  cat <<\_ACEOF
+
+Optional Features:
+  --disable-option-checking  ignore unrecognized --enable/--with options
+  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
+  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
+  --disable-authentication
+                          Do not require authentication by default
+  --disable-root-mailer   Don't run the mailer as root, run as the user
+  --disable-setreuid      Don't try to use the setreuid() function
+  --disable-setresuid     Don't try to use the setresuid() function
+  --disable-shadow        Never use shadow passwords
+  --disable-root-sudo     Don't allow root to run sudo
+  --enable-log-host       Log the hostname in the log file
+  --enable-noargs-shell   If sudo is given no arguments run a shell
+  --enable-shell-sets-home
+                          Set $HOME to target user in shell mode
+  --disable-path-info     Print 'command not allowed' not 'command not found'
+  --enable-env-debug      Whether to enable environment debugging.
+  --enable-warnings       Whether to enable compiler warnings
+  --enable-admin-flag     Whether to create a Ubuntu-style admin flag file
+  --enable-gss-krb5-ccache-name
+                          Use GSS-API to set the Kerberos V cred cache name
+  --enable-shared[=PKGS]  build shared libraries [default=yes]
+  --enable-static[=PKGS]  build static libraries [default=yes]
+  --enable-fast-install[=PKGS]
+                          optimize for fast installation [default=yes]
+  --disable-libtool-lock  avoid locking (might break parallel builds)
+  --disable-sia           Disable SIA on Digital UNIX
+  --disable-pam-session   Disable PAM session support
+  --enable-zlib[=PATH]    Whether to enable or disable zlib
+
+Optional Packages:
+  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
+  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
+  --with-otp-only         deprecated
+  --with-alertmail        deprecated
+  --with-devel            add development options
+  --with-CC               C compiler to use
+  --with-rpath            pass -R flag in addition to -L for lib paths
+  --with-blibpath=PATH    pass -blibpath flag to ld for additional lib paths
+  --with-bsm-audit        enable BSM audit support
+  --with-linux-audit      enable Linux audit support
+  --with-incpath          additional places to look for include files
+  --with-libpath          additional places to look for libraries
+  --with-libraries        additional libraries to link with
+  --with-efence           link with -lefence for malloc() debugging
+  --with-csops            add CSOps standard options
+  --without-passwd        don't use passwd/shadow file for authentication
+  --with-skey=DIR         enable S/Key support
+  --with-opie=DIR         enable OPIE support
+  --with-long-otp-prompt  use a two line OTP (skey/opie) prompt
+  --with-SecurID[=DIR]    enable SecurID support
+  --with-fwtk[=DIR]       enable FWTK AuthSRV support
+  --with-kerb4[=DIR]      enable Kerberos IV support
+  --with-kerb5[=DIR]      enable Kerberos V support
+  --with-aixauth          enable AIX general authentication support
+  --with-pam              enable PAM support
+  --with-AFS              enable AFS support
+  --with-DCE              enable DCE support
+  --with-logincap         enable BSD login class support
+  --with-bsdauth          enable BSD authentication support
+  --with-project          enable Solaris project support
+  --without-lecture       don't print lecture for first-time sudoer
+  --with-logging          log via syslog, file, or both
+  --with-logfac           syslog facility to log with (default is "auth")
+  --with-goodpri          syslog priority for commands (def is "notice")
+  --with-badpri           syslog priority for failures (def is "alert")
+  --with-logpath          path to the sudo log file
+  --with-loglen           maximum length of a log file line (default is 80)
+  --with-ignore-dot       ignore '.' in the PATH
+  --without-mail-if-no-user
+                          do not send mail if user not in sudoers
+  --with-mail-if-no-host  send mail if user in sudoers but not for this host
+  --with-mail-if-noperms  send mail if user not allowed to run command
+  --with-mailto           who should get sudo mail (default is "root")
+  --with-mailsubject      subject of sudo mail
+  --with-passprompt       default password prompt
+  --with-badpass-message  message the user sees when the password is wrong
+  --with-fqdn             expect fully qualified hosts in sudoers
+  --with-timedir          path to the sudo timestamp dir
+  --with-iologdir=DIR     directory to store sudo I/O log files in
+  --with-sendmail         set path to sendmail
+  --without-sendmail      do not send mail at all
+  --with-sudoers-mode     mode of sudoers file (defaults to 0440)
+  --with-sudoers-uid      uid that owns sudoers file (defaults to 0)
+  --with-sudoers-gid      gid that owns sudoers file (defaults to 0)
+  --with-umask            umask with which the prog should run (default is
+                          022)
+  --without-umask         Preserves the umask of the user invoking sudo.
+  --with-runas-default    User to run commands as (default is "root")
+  --with-exempt=group     no passwd needed for users in this group
+  --with-editor=path      Default editor for visudo (defaults to vi)
+  --with-env-editor       Use the environment variable EDITOR for visudo
+  --with-passwd-tries     number of tries to enter password (default is 3)
+  --with-timeout          minutes before sudo asks for passwd again (def is 5
+                          minutes)
+  --with-password-timeout passwd prompt timeout in minutes (default is 5
+                          minutes)
+  --with-tty-tickets      use a different ticket file for each tty
+  --with-insults          insult the user for entering an incorrect password
+  --with-all-insults      include all the sudo insult sets
+  --with-classic-insults  include the insults from the "classic" sudo
+  --with-csops-insults    include CSOps insults
+  --with-hal-insults      include 2001-like insults
+  --with-goons-insults    include the insults from the "Goon Show"
+  --with-nsswitch[=PATH]  path to nsswitch.conf
+  --with-ldap[=DIR]       enable LDAP support
+  --with-ldap-conf-file   path to LDAP configuration file
+  --with-ldap-secret-file path to LDAP secret password file
+  --with-pc-insults       replace politically incorrect insults with less
+                          offensive ones
+  --with-secure-path      override the user's path with a built-in one
+  --without-interfaces    don't try to read the ip addr of ether interfaces
+  --with-stow             properly handle GNU stow packaging
+  --with-askpass=PATH     Fully qualified pathname of askpass helper
+  --with-libvas=NAME      Name of the libvas shared library
+                          (default=libvas.so)
+  --with-libvas-rpath=PATH
+                          Path to look for libvas in [default=/opt/quest/lib]
+  --with-selinux          enable SELinux support
+  --with-pic              try to use only PIC/non-PIC objects [default=use
+                          both]
+  --with-gnu-ld           assume the C compiler uses GNU ld [default=no]
+  --with-noexec=PATH      fully qualified pathname of sudo_noexec.so
+  --with-netsvc[=PATH]    path to netsvc.conf
+  --with-pam-login        enable specific PAM session for sudo -i
+
+Some influential environment variables:
+  CC          C compiler command
+  CFLAGS      C compiler flags
+  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
+              nonstandard directory <lib dir>
+  LIBS        libraries to pass to the linker, e.g. -l<library>
+  CPPFLAGS    (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
+              you have headers in a nonstandard directory <include dir>
+  CPP         C preprocessor
+  YACC        The `Yet Another C Compiler' implementation to use. Defaults to
+              the first program found out of: `bison -y', `byacc', `yacc'.
+  YFLAGS      The list of arguments that will be passed by default to $YACC.
+              This script will default YFLAGS to the empty string to avoid a
+              default value of `-d' given by some make applications.
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+Report bugs to <http://www.sudo.ws/bugs/>.
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+  # If there are subdirs, report their specific --help.
+  for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+    test -d "$ac_dir" ||
+      { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+      continue
+    ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+    cd "$ac_dir" || { ac_status=$?; continue; }
+    # Check for guested configure.
+    if test -f "$ac_srcdir/configure.gnu"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+    elif test -f "$ac_srcdir/configure"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure" --help=recursive
+    else
+      $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+    fi || ac_status=$?
+    cd "$ac_pwd" || { ac_status=$?; break; }
+  done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+  cat <<\_ACEOF
+sudo configure 1.7.4p4
+generated by GNU Autoconf 2.65
+
+Copyright (C) 2009 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+  exit
+fi
+
+## ------------------------ ##
+## Autoconf initialization. ##
+## ------------------------ ##
+
+# ac_fn_c_try_compile LINENO
+# --------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_compile ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  rm -f conftest.$ac_objext
+  if { { ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compile") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_retval=1
+fi
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_compile
+
+# ac_fn_c_try_link LINENO
+# -----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_link ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  rm -f conftest.$ac_objext conftest$ac_exeext
+  if { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext && {
+	 test "$cross_compiling" = yes ||
+	 $as_test_x conftest$ac_exeext
+       }; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_retval=1
+fi
+  # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+  # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+  # interfere with the next link command; also delete a directory that is
+  # left behind by Apple's compiler.  We do this before executing the actions.
+  rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_link
+
+# ac_fn_c_try_cpp LINENO
+# ----------------------
+# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_cpp ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  if { { ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+    ac_retval=1
+fi
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_cpp
+
+# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists and can be compiled using the include files in
+# INCLUDES, setting the cache variable VAR accordingly.
+ac_fn_c_check_header_compile ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  eval "$3=yes"
+else
+  eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_header_compile
+
+# ac_fn_c_try_run LINENO
+# ----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
+# that executables *can* be run.
+ac_fn_c_try_run ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  if { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
+  { { case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; }; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: program exited with status $ac_status" >&5
+       $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+       ac_retval=$ac_status
+fi
+  rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_run
+
+# ac_fn_c_check_func LINENO FUNC VAR
+# ----------------------------------
+# Tests whether FUNC exists, setting the cache variable VAR accordingly
+ac_fn_c_check_func ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $2 innocuous_$2
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $2 (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $2
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $2 ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined __stub_$2 || defined __stub___$2
+choke me
+#endif
+
+int
+main ()
+{
+return $2 ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  eval "$3=yes"
+else
+  eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_func
+
+# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists, giving a warning if it cannot be compiled using
+# the include files in INCLUDES and setting the cache variable VAR
+# accordingly.
+ac_fn_c_check_header_mongrel ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+  $as_echo_n "(cached) " >&6
+fi
+eval ac_res=\$$3
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+else
+  # Is the header compilable?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5
+$as_echo_n "checking $2 usability... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_header_compiler=yes
+else
+  ac_header_compiler=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5
+$as_echo "$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5
+$as_echo_n "checking $2 presence... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <$2>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+  ac_header_preproc=yes
+else
+  ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5
+$as_echo "$ac_header_preproc" >&6; }
+
+# So?  What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #((
+  yes:no: )
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5
+$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;}
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+    ;;
+  no:yes:* )
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5
+$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;}
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2:     check for missing prerequisite headers?" >&5
+$as_echo "$as_me: WARNING: $2:     check for missing prerequisite headers?" >&2;}
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5
+$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2:     section \"Present But Cannot Be Compiled\"" >&5
+$as_echo "$as_me: WARNING: $2:     section \"Present But Cannot Be Compiled\"" >&2;}
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+( cat <<\_ASBOX
+## --------------------------------------- ##
+## Report this to http://www.sudo.ws/bugs/ ##
+## --------------------------------------- ##
+_ASBOX
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
+    ;;
+esac
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+  $as_echo_n "(cached) " >&6
+else
+  eval "$3=\$ac_header_compiler"
+fi
+eval ac_res=\$$3
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+fi
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_header_mongrel
+
+# ac_fn_c_check_type LINENO TYPE VAR INCLUDES
+# -------------------------------------------
+# Tests whether TYPE exists after having included INCLUDES, setting cache
+# variable VAR accordingly.
+ac_fn_c_check_type ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+  $as_echo_n "(cached) " >&6
+else
+  eval "$3=no"
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main ()
+{
+if (sizeof ($2))
+	 return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main ()
+{
+if (sizeof (($2)))
+	    return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+  eval "$3=yes"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_type
+
+# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES
+# --------------------------------------------
+# Tries to find the compile-time value of EXPR in a program that includes
+# INCLUDES, setting VAR accordingly. Returns whether the value could be
+# computed
+ac_fn_c_compute_int ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  if test "$cross_compiling" = yes; then
+    # Depending upon the size, compute the lo and hi bounds.
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= 0)];
+test_array [0] = 0
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_lo=0 ac_mid=0
+  while :; do
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_hi=$ac_mid; break
+else
+  as_fn_arith $ac_mid + 1 && ac_lo=$as_val
+			if test $ac_lo -le $ac_mid; then
+			  ac_lo= ac_hi=
+			  break
+			fi
+			as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+  done
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) < 0)];
+test_array [0] = 0
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_hi=-1 ac_mid=-1
+  while :; do
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= $ac_mid)];
+test_array [0] = 0
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_lo=$ac_mid; break
+else
+  as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
+			if test $ac_mid -le $ac_hi; then
+			  ac_lo= ac_hi=
+			  break
+			fi
+			as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+  done
+else
+  ac_lo= ac_hi=
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+# Binary search between lo and hi bounds.
+while test "x$ac_lo" != "x$ac_hi"; do
+  as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_hi=$ac_mid
+else
+  as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+case $ac_lo in #((
+?*) eval "$3=\$ac_lo"; ac_retval=0 ;;
+'') ac_retval=1 ;;
+esac
+  else
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+static long int longval () { return $2; }
+static unsigned long int ulongval () { return $2; }
+#include <stdio.h>
+#include <stdlib.h>
+int
+main ()
+{
+
+  FILE *f = fopen ("conftest.val", "w");
+  if (! f)
+    return 1;
+  if (($2) < 0)
+    {
+      long int i = longval ();
+      if (i != ($2))
+	return 1;
+      fprintf (f, "%ld", i);
+    }
+  else
+    {
+      unsigned long int i = ulongval ();
+      if (i != ($2))
+	return 1;
+      fprintf (f, "%lu", i);
+    }
+  /* Do not output a trailing newline, as this causes \r\n confusion
+     on some platforms.  */
+  return ferror (f) || fclose (f) != 0;
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  echo >>conftest.val; read $3 <conftest.val; ac_retval=0
+else
+  ac_retval=1
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f conftest.val
+
+  fi
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_compute_int
+
+# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES
+# ----------------------------------------------------
+# Tries to find if the field MEMBER exists in type AGGR, after including
+# INCLUDES, setting cache variable VAR accordingly.
+ac_fn_c_check_member ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5
+$as_echo_n "checking for $2.$3... " >&6; }
+if { as_var=$4; eval "test \"\${$as_var+set}\" = set"; }; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$5
+int
+main ()
+{
+static $2 ac_aggr;
+if (ac_aggr.$3)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  eval "$4=yes"
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$5
+int
+main ()
+{
+static $2 ac_aggr;
+if (sizeof ac_aggr.$3)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  eval "$4=yes"
+else
+  eval "$4=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$4
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_member
+
+# ac_fn_c_check_decl LINENO SYMBOL VAR
+# ------------------------------------
+# Tests whether SYMBOL is declared, setting cache variable VAR accordingly.
+ac_fn_c_check_decl ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $2 is declared" >&5
+$as_echo_n "checking whether $2 is declared... " >&6; }
+if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main ()
+{
+#ifndef $2
+  (void) $2;
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  eval "$3=yes"
+else
+  eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_decl
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by sudo $as_me 1.7.4p4, which was
+generated by GNU Autoconf 2.65.  Invocation command line was
+
+  $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`
+
+/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo      = `(/usr/bin/hostinfo) 2>/dev/null      || echo unknown`
+/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
+/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    $as_echo "PATH: $as_dir"
+  done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+  for ac_arg
+  do
+    case $ac_arg in
+    -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+    -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+    | -silent | --silent | --silen | --sile | --sil)
+      continue ;;
+    *\'*)
+      ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    case $ac_pass in
+    1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
+    2)
+      as_fn_append ac_configure_args1 " '$ac_arg'"
+      if test $ac_must_keep_next = true; then
+	ac_must_keep_next=false # Got value, back to normal.
+      else
+	case $ac_arg in
+	  *=* | --config-cache | -C | -disable-* | --disable-* \
+	  | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+	  | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+	  | -with-* | --with-* | -without-* | --without-* | --x)
+	    case "$ac_configure_args0 " in
+	      "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+	    esac
+	    ;;
+	  -* ) ac_must_keep_next=true ;;
+	esac
+      fi
+      as_fn_append ac_configure_args " '$ac_arg'"
+      ;;
+    esac
+  done
+done
+{ ac_configure_args0=; unset ac_configure_args0;}
+{ ac_configure_args1=; unset ac_configure_args1;}
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log.  We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+  # Save into config.log some information that might help in debugging.
+  {
+    echo
+
+    cat <<\_ASBOX
+## ---------------- ##
+## Cache variables. ##
+## ---------------- ##
+_ASBOX
+    echo
+    # The following way of writing the cache mishandles newlines in values,
+(
+  for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) { eval $ac_var=; unset $ac_var;} ;;
+      esac ;;
+    esac
+  done
+  (set) 2>&1 |
+    case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      sed -n \
+	"s/'\''/'\''\\\\'\'''\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+      ;; #(
+    *)
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+)
+    echo
+
+    cat <<\_ASBOX
+## ----------------- ##
+## Output variables. ##
+## ----------------- ##
+_ASBOX
+    echo
+    for ac_var in $ac_subst_vars
+    do
+      eval ac_val=\$$ac_var
+      case $ac_val in
+      *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+      esac
+      $as_echo "$ac_var='\''$ac_val'\''"
+    done | sort
+    echo
+
+    if test -n "$ac_subst_files"; then
+      cat <<\_ASBOX
+## ------------------- ##
+## File substitutions. ##
+## ------------------- ##
+_ASBOX
+      echo
+      for ac_var in $ac_subst_files
+      do
+	eval ac_val=\$$ac_var
+	case $ac_val in
+	*\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+	esac
+	$as_echo "$ac_var='\''$ac_val'\''"
+      done | sort
+      echo
+    fi
+
+    if test -s confdefs.h; then
+      cat <<\_ASBOX
+## ----------- ##
+## confdefs.h. ##
+## ----------- ##
+_ASBOX
+      echo
+      cat confdefs.h
+      echo
+    fi
+    test "$ac_signal" != 0 &&
+      $as_echo "$as_me: caught signal $ac_signal"
+    $as_echo "$as_me: exit $exit_status"
+  } >&5
+  rm -f core *.core core.conftest.* &&
+    rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+    exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+  trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+$as_echo "/* confdefs.h */" > confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_URL "$PACKAGE_URL"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+  ac_site_file1=$CONFIG_SITE
+elif test "x$prefix" != xNONE; then
+  ac_site_file1=$prefix/share/config.site
+  ac_site_file2=$prefix/etc/config.site
+else
+  ac_site_file1=$ac_default_prefix/share/config.site
+  ac_site_file2=$ac_default_prefix/etc/config.site
+fi
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+  test "x$ac_site_file" = xNONE && continue
+  if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+    sed 's/^/| /' "$ac_site_file" >&5
+    . "$ac_site_file"
+  fi
+done
+
+if test -r "$cache_file"; then
+  # Some versions of bash will fail to source /dev/null (special files
+  # actually), so we avoid doing that.  DJGPP emulates it as a regular file.
+  if test /dev/null != "$cache_file" && test -f "$cache_file"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
+    case $cache_file in
+      [\\/]* | ?:[\\/]* ) . "$cache_file";;
+      *)                      . "./$cache_file";;
+    esac
+  fi
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
+  >$cache_file
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+  eval ac_old_set=\$ac_cv_env_${ac_var}_set
+  eval ac_new_set=\$ac_env_${ac_var}_set
+  eval ac_old_val=\$ac_cv_env_${ac_var}_value
+  eval ac_new_val=\$ac_env_${ac_var}_value
+  case $ac_old_set,$ac_new_set in
+    set,)
+      { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,set)
+      { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,);;
+    *)
+      if test "x$ac_old_val" != "x$ac_new_val"; then
+	# differences in whitespace do not lead to failure.
+	ac_old_val_w=`echo x $ac_old_val`
+	ac_new_val_w=`echo x $ac_new_val`
+	if test "$ac_old_val_w" != "$ac_new_val_w"; then
+	  { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+	  ac_cache_corrupted=:
+	else
+	  { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+	  eval $ac_var=\$ac_old_val
+	fi
+	{ $as_echo "$as_me:${as_lineno-$LINENO}:   former value:  \`$ac_old_val'" >&5
+$as_echo "$as_me:   former value:  \`$ac_old_val'" >&2;}
+	{ $as_echo "$as_me:${as_lineno-$LINENO}:   current value: \`$ac_new_val'" >&5
+$as_echo "$as_me:   current value: \`$ac_new_val'" >&2;}
+      fi;;
+  esac
+  # Pass precious variables to config.status.
+  if test "$ac_new_set" = set; then
+    case $ac_new_val in
+    *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+    *) ac_arg=$ac_var=$ac_new_val ;;
+    esac
+    case " $ac_configure_args " in
+      *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
+      *) as_fn_append ac_configure_args " '$ac_arg'" ;;
+    esac
+  fi
+done
+if $ac_cache_corrupted; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+  { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+  as_fn_error "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
+fi
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+ac_config_headers="$ac_config_headers config.h pathnames.h"
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: Configuring Sudo version $PACKAGE_VERSION" >&5
+$as_echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Begin initial values for man page substitution
+#
+timedir=/var/adm/sudo
+timeout=5
+password_timeout=5
+sudo_umask=0022
+passprompt="Password:"
+long_otp_prompt=off
+lecture=once
+logfac=auth
+goodpri=notice
+badpri=alert
+loglen=80
+ignore_dot=off
+mail_no_user=on
+mail_no_host=off
+mail_no_perms=off
+mailto=root
+mailsub="*** SECURITY information for %h ***"
+badpass_message="Sorry, try again."
+fqdn=off
+runas_default=root
+env_editor=off
+editor=vi
+passwd_tries=3
+tty_tickets=on
+insults=off
+root_sudo=on
+path_info=on
+ldap_conf=/etc/ldap.conf
+ldap_secret=/etc/ldap.secret
+netsvc_conf=/etc/netsvc.conf
+noexec_file=/usr/local/libexec/sudo_noexec.so
+nsswitch_conf=/etc/nsswitch.conf
+secure_path="not set"
+#
+# End initial values for man page substitution
+#
+INSTALL_NOEXEC=
+devdir='$(srcdir)'
+PROGS="sudo visudo"
+: ${MANTYPE='man'}
+: ${mansrcdir='.'}
+: ${SUDOERS_MODE='0440'}
+: ${SUDOERS_UID='0'}
+: ${SUDOERS_GID='0'}
+DEV="#"
+LDAP="#"
+REPLAY="#"
+BAMAN=0
+LCMAN=0
+SEMAN=0
+ZLIB=
+AUTH_OBJS=
+AUTH_REG=
+AUTH_EXCL=
+AUTH_EXCL_DEF=
+AUTH_DEF=passwd
+
+CHECKSHADOW=true
+shadow_defs=
+shadow_funcs=
+shadow_libs=
+shadow_libs_optional=
+
+CONFIGURE_ARGS="$@"
+
+
+
+# Check whether --with-otp-only was given.
+if test "${with_otp_only+set}" = set; then :
+  withval=$with_otp_only; case $with_otp_only in
+    yes)	with_passwd="no"
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: --with-otp-only option deprecated, treating as --without-passwd" >&5
+$as_echo "$as_me: --with-otp-only option deprecated, treating as --without-passwd" >&6;}
+		;;
+esac
+fi
+
+
+
+# Check whether --with-alertmail was given.
+if test "${with_alertmail+set}" = set; then :
+  withval=$with_alertmail; case $with_alertmail in
+    *)		with_mailto="$with_alertmail"
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: --with-alertmail option deprecated, treating as --mailto" >&5
+$as_echo "$as_me: --with-alertmail option deprecated, treating as --mailto" >&6;}
+		;;
+esac
+fi
+
+
+
+
+# Check whether --with-devel was given.
+if test "${with_devel+set}" = set; then :
+  withval=$with_devel; case $with_devel in
+    yes)	{ $as_echo "$as_me:${as_lineno-$LINENO}: Setting up for development: -Wall, flex, yacc" >&5
+$as_echo "$as_me: Setting up for development: -Wall, flex, yacc" >&6;}
+		PROGS="${PROGS} testsudoers"
+		OSDEFS="${OSDEFS} -DSUDO_DEVEL"
+		DEV=""
+		devdir=.
+		;;
+    no)		;;
+    *)		{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --with-devel: $with_devel" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --with-devel: $with_devel" >&2;}
+		;;
+esac
+fi
+
+if test X"$with_devel" != X"yes"; then
+    ac_cv_prog_cc_g=no
+fi
+
+
+# Check whether --with-CC was given.
+if test "${with_CC+set}" = set; then :
+  withval=$with_CC; case $with_CC in
+    yes)	as_fn_error "\"must give --with-CC an argument.\"" "$LINENO" 5
+		;;
+    no)		as_fn_error "\"illegal argument: --without-CC.\"" "$LINENO" 5
+		;;
+    *)		CC=$with_CC
+		;;
+esac
+fi
+
+
+
+# Check whether --with-rpath was given.
+if test "${with_rpath+set}" = set; then :
+  withval=$with_rpath; case $with_rpath in
+    yes|no)	;;
+    *)		as_fn_error "\"--with-rpath does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+
+# Check whether --with-blibpath was given.
+if test "${with_blibpath+set}" = set; then :
+  withval=$with_blibpath; case $with_blibpath in
+    yes|no)	;;
+    *)		{ $as_echo "$as_me:${as_lineno-$LINENO}: will pass -blibpath:${with_blibpath} to the loader." >&5
+$as_echo "$as_me: will pass -blibpath:${with_blibpath} to the loader." >&6;}
+		;;
+esac
+fi
+
+
+
+# Check whether --with-bsm-audit was given.
+if test "${with_bsm_audit+set}" = set; then :
+  withval=$with_bsm_audit; case $with_bsm_audit in
+    yes)	$as_echo "#define HAVE_BSM_AUDIT 1" >>confdefs.h
+
+		SUDO_LIBS="${SUDO_LIBS} -lbsm"
+		SUDO_OBJS="${SUDO_OBJS} bsm_audit.o"
+		;;
+    no)		;;
+    *)		as_fn_error "\"--with-bsm-audit does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="${ac_tool_prefix}gcc"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+  ac_ct_CC=$CC
+  # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_CC="gcc"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+else
+  CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+          if test -n "$ac_tool_prefix"; then
+    # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="${ac_tool_prefix}cc"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  fi
+fi
+if test -z "$CC"; then
+  # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+       ac_prog_rejected=yes
+       continue
+     fi
+    ac_cv_prog_CC="cc"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+  # We found a bogon in the path, so make sure we never use it.
+  set dummy $ac_cv_prog_CC
+  shift
+  if test $# != 0; then
+    # We chose a different compiler from the bogus one.
+    # However, it has the same basename, so the bogon will be chosen
+    # first if we set CC to just the basename; use the full file name.
+    shift
+    ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+  fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+  if test -n "$ac_tool_prefix"; then
+  for ac_prog in cl.exe
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    test -n "$CC" && break
+  done
+fi
+if test -z "$CC"; then
+  ac_ct_CC=$CC
+  for ac_prog in cl.exe
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_CC="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_CC" && break
+done
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+fi
+
+fi
+
+
+test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error "no acceptable C compiler found in \$PATH
+See \`config.log' for more details." "$LINENO" 5; }
+
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+  { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    sed '10a\
+... rest of stderr output deleted ...
+         10q' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+  fi
+  rm -f conftest.er1 conftest.err
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+done
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
+$as_echo_n "checking whether the C compiler works... " >&6; }
+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
+do
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+  esac
+done
+rm -f $ac_rmfiles
+
+if { { ac_try="$ac_link_default"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link_default") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then :
+  # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile.  We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+	;;
+    [ab].out )
+	# We found the default executable, but exeext='' is most
+	# certainly right.
+	break;;
+    *.* )
+	if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+	then :; else
+	   ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	fi
+	# We set ac_cv_exeext here because the later test for it is not
+	# safe: cross compilers may not add the suffix if given an `-o'
+	# argument, so we may need to know it at that point already.
+	# Even if this section looks crufty: it has the advantage of
+	# actually working.
+	break;;
+    * )
+	break;;
+  esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else
+  ac_file=''
+fi
+if test -z "$ac_file"; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+$as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ as_fn_set_status 77
+as_fn_error "C compiler cannot create executables
+See \`config.log' for more details." "$LINENO" 5; }; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
+$as_echo_n "checking for C compiler default output file name... " >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
+$as_echo "$ac_file" >&6; }
+ac_exeext=$ac_cv_exeext
+
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
+$as_echo_n "checking for suffix of executables... " >&6; }
+if { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then :
+  # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	  break;;
+    * ) break;;
+  esac
+done
+else
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error "cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." "$LINENO" 5; }
+fi
+rm -f conftest conftest$ac_cv_exeext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
+$as_echo "$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdio.h>
+int
+main ()
+{
+FILE *f = fopen ("conftest.out", "w");
+ return ferror (f) || fclose (f) != 0;
+
+  ;
+  return 0;
+}
+_ACEOF
+ac_clean_files="$ac_clean_files conftest.out"
+# Check that the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
+$as_echo_n "checking whether we are cross compiling... " >&6; }
+if test "$cross_compiling" != yes; then
+  { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+  if { ac_try='./conftest$ac_cv_exeext'
+  { { case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; }; then
+    cross_compiling=no
+  else
+    if test "$cross_compiling" = maybe; then
+	cross_compiling=yes
+    else
+	{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error "cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." "$LINENO" 5; }
+    fi
+  fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
+$as_echo "$cross_compiling" >&6; }
+
+rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
+$as_echo_n "checking for suffix of object files... " >&6; }
+if test "${ac_cv_objext+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { { ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compile") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then :
+  for ac_file in conftest.o conftest.obj conftest.*; do
+  test -f "$ac_file" || continue;
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+    *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+       break;;
+  esac
+done
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error "cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." "$LINENO" 5; }
+fi
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
+$as_echo "$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if test "${ac_cv_c_compiler_gnu+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+#ifndef __GNUC__
+       choke me
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_compiler_gnu=yes
+else
+  ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+  GCC=yes
+else
+  GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if test "${ac_cv_prog_cc_g+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_save_c_werror_flag=$ac_c_werror_flag
+   ac_c_werror_flag=yes
+   ac_cv_prog_cc_g=no
+   CFLAGS="-g"
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_prog_cc_g=yes
+else
+  CFLAGS=""
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+  ac_c_werror_flag=$ac_save_c_werror_flag
+	 CFLAGS="-g"
+	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_prog_cc_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+   ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+  CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+  if test "$GCC" = yes; then
+    CFLAGS="-g -O2"
+  else
+    CFLAGS="-g"
+  fi
+else
+  if test "$GCC" = yes; then
+    CFLAGS="-O2"
+  else
+    CFLAGS=
+  fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if test "${ac_cv_prog_cc_c89+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh.  */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+     char **p;
+     int i;
+{
+  return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+  char *s;
+  va_list v;
+  va_start (v,p);
+  s = g (p, va_arg (v,int));
+  va_end (v);
+  return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default.  It has
+   function prototypes and stuff, but not '\xHH' hex character constants.
+   These don't provoke an error unfortunately, instead are silently treated
+   as 'x'.  The following induces an error, until -std is added to get
+   proper ANSI mode.  Curiously '\x00'!='x' always comes out true, for an
+   array size at least.  It's necessary to write '\x00'==0 to get something
+   that's true only with -std.  */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+   inside strings and character constants.  */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0]  ||  f (e, argv, 1) != argv[1];
+  ;
+  return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+	-Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+  CC="$ac_save_CC $ac_arg"
+  if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_prog_cc_c89=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext
+  test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+  x)
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+  xno)
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+  *)
+    CC="$CC $ac_cv_prog_cc_c89"
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+if test "x$ac_cv_prog_cc_c89" != xno; then :
+
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+# Check whether --with-linux-audit was given.
+if test "${with_linux_audit+set}" = set; then :
+  withval=$with_linux_audit; case $with_linux_audit in
+    yes)
+		cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <libaudit.h>
+int
+main ()
+{
+int i = AUDIT_USER_CMD; (void)i;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+		    $as_echo "#define HAVE_LINUX_AUDIT 1" >>confdefs.h
+
+		    SUDO_LIBS="${SUDO_LIBS} -laudit"
+		    SUDO_OBJS="${SUDO_OBJS} linux_audit.o"
+
+else
+
+		    as_fn_error "unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit" "$LINENO" 5
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+		;;
+    no)		;;
+    *)		as_fn_error "\"--with-linux-audit does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+
+# Check whether --with-incpath was given.
+if test "${with_incpath+set}" = set; then :
+  withval=$with_incpath; case $with_incpath in
+    yes)	as_fn_error "\"must give --with-incpath an argument.\"" "$LINENO" 5
+		;;
+    no)		as_fn_error "\"--without-incpath not supported.\"" "$LINENO" 5
+		;;
+    *)		{ $as_echo "$as_me:${as_lineno-$LINENO}: Adding ${with_incpath} to CPPFLAGS" >&5
+$as_echo "$as_me: Adding ${with_incpath} to CPPFLAGS" >&6;}
+		for i in ${with_incpath}; do
+		    CPPFLAGS="${CPPFLAGS} -I${i}"
+		done
+		;;
+esac
+fi
+
+
+
+# Check whether --with-libpath was given.
+if test "${with_libpath+set}" = set; then :
+  withval=$with_libpath; case $with_libpath in
+    yes)	as_fn_error "\"must give --with-libpath an argument.\"" "$LINENO" 5
+		;;
+    no)		as_fn_error "\"--without-libpath not supported.\"" "$LINENO" 5
+		;;
+    *)		{ $as_echo "$as_me:${as_lineno-$LINENO}: Adding ${with_libpath} to LDFLAGS" >&5
+$as_echo "$as_me: Adding ${with_libpath} to LDFLAGS" >&6;}
+		;;
+esac
+fi
+
+
+
+# Check whether --with-libraries was given.
+if test "${with_libraries+set}" = set; then :
+  withval=$with_libraries; case $with_libraries in
+    yes)	as_fn_error "\"must give --with-libraries an argument.\"" "$LINENO" 5
+		;;
+    no)		as_fn_error "\"--without-libraries not supported.\"" "$LINENO" 5
+		;;
+    *)		{ $as_echo "$as_me:${as_lineno-$LINENO}: Adding ${with_libraries} to LIBS" >&5
+$as_echo "$as_me: Adding ${with_libraries} to LIBS" >&6;}
+		;;
+esac
+fi
+
+
+
+# Check whether --with-efence was given.
+if test "${with_efence+set}" = set; then :
+  withval=$with_efence; case $with_efence in
+    yes)	{ $as_echo "$as_me:${as_lineno-$LINENO}: Sudo will link with -lefence (Electric Fence)" >&5
+$as_echo "$as_me: Sudo will link with -lefence (Electric Fence)" >&6;}
+		LIBS="${LIBS} -lefence"
+		if test -f /usr/local/lib/libefence.a; then
+		    with_libpath="${with_libpath} /usr/local/lib"
+		fi
+		;;
+    no)		;;
+    *)		{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --with-efence: $with_efence" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --with-efence: $with_efence" >&2;}
+		;;
+esac
+fi
+
+
+
+# Check whether --with-csops was given.
+if test "${with_csops+set}" = set; then :
+  withval=$with_csops; case $with_csops in
+    yes)	{ $as_echo "$as_me:${as_lineno-$LINENO}: Adding CSOps standard options" >&5
+$as_echo "$as_me: Adding CSOps standard options" >&6;}
+		CHECKSIA=false
+		with_ignore_dot=yes
+		insults=on
+		with_classic_insults=yes
+		with_csops_insults=yes
+		with_env_editor=yes
+		: ${mansectsu='8'}
+		: ${mansectform='5'}
+		;;
+    no)		;;
+    *)		{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --with-csops: $with_csops" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --with-csops: $with_csops" >&2;}
+		;;
+esac
+fi
+
+
+
+# Check whether --with-passwd was given.
+if test "${with_passwd+set}" = set; then :
+  withval=$with_passwd; case $with_passwd in
+    yes|no)	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use shadow/passwd file authentication" >&5
+$as_echo_n "checking whether to use shadow/passwd file authentication... " >&6; }
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_passwd" >&5
+$as_echo "$with_passwd" >&6; }
+		AUTH_DEF=""
+		test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
+		;;
+    *)		as_fn_error "\"Sorry, --with-passwd does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+
+# Check whether --with-skey was given.
+if test "${with_skey+set}" = set; then :
+  withval=$with_skey; case $with_skey in
+    no)		with_skey=""
+		;;
+    *)		$as_echo "#define HAVE_SKEY 1" >>confdefs.h
+
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try S/Key authentication" >&5
+$as_echo_n "checking whether to try S/Key authentication... " >&6; }
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		AUTH_REG="$AUTH_REG S/Key"
+		;;
+esac
+fi
+
+
+
+# Check whether --with-opie was given.
+if test "${with_opie+set}" = set; then :
+  withval=$with_opie; case $with_opie in
+    no)		with_opie=""
+		;;
+    *)		$as_echo "#define HAVE_OPIE 1" >>confdefs.h
+
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try NRL OPIE authentication" >&5
+$as_echo_n "checking whether to try NRL OPIE authentication... " >&6; }
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		AUTH_REG="$AUTH_REG NRL_OPIE"
+		;;
+esac
+fi
+
+
+
+# Check whether --with-long-otp-prompt was given.
+if test "${with_long_otp_prompt+set}" = set; then :
+  withval=$with_long_otp_prompt; case $with_long_otp_prompt in
+    yes)	$as_echo "#define LONG_OTP_PROMPT 1" >>confdefs.h
+
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use a two line prompt for OTP authentication" >&5
+$as_echo_n "checking whether to use a two line prompt for OTP authentication... " >&6; }
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		long_otp_prompt=on
+		;;
+    no)		long_otp_prompt=off
+		;;
+    *)		as_fn_error "\"--with-long-otp-prompt does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+
+# Check whether --with-SecurID was given.
+if test "${with_SecurID+set}" = set; then :
+  withval=$with_SecurID; case $with_SecurID in
+    no)		with_SecurID="";;
+    *)		$as_echo "#define HAVE_SECURID 1" >>confdefs.h
+
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use SecurID for authentication" >&5
+$as_echo_n "checking whether to use SecurID for authentication... " >&6; }
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		AUTH_EXCL="$AUTH_EXCL SecurID"
+		;;
+esac
+fi
+
+
+
+# Check whether --with-fwtk was given.
+if test "${with_fwtk+set}" = set; then :
+  withval=$with_fwtk; case $with_fwtk in
+    no)		with_fwtk="";;
+    *)		$as_echo "#define HAVE_FWTK 1" >>confdefs.h
+
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use FWTK AuthSRV for authentication" >&5
+$as_echo_n "checking whether to use FWTK AuthSRV for authentication... " >&6; }
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		AUTH_EXCL="$AUTH_EXCL FWTK"
+		;;
+esac
+fi
+
+
+
+# Check whether --with-kerb4 was given.
+if test "${with_kerb4+set}" = set; then :
+  withval=$with_kerb4; case $with_kerb4 in
+    no)		with_kerb4="";;
+    *)		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try kerberos IV authentication" >&5
+$as_echo_n "checking whether to try kerberos IV authentication... " >&6; }
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		AUTH_REG="$AUTH_REG kerb4"
+		;;
+esac
+fi
+
+
+
+# Check whether --with-kerb5 was given.
+if test "${with_kerb5+set}" = set; then :
+  withval=$with_kerb5; case $with_kerb5 in
+    no)		with_kerb5="";;
+    *)		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try Kerberos V authentication" >&5
+$as_echo_n "checking whether to try Kerberos V authentication... " >&6; }
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		AUTH_REG="$AUTH_REG kerb5"
+		;;
+esac
+fi
+
+
+
+# Check whether --with-aixauth was given.
+if test "${with_aixauth+set}" = set; then :
+  withval=$with_aixauth; case $with_aixauth in
+    yes)	AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
+    no)		;;
+    *)		as_fn_error "\"--with-aixauth does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+
+# Check whether --with-pam was given.
+if test "${with_pam+set}" = set; then :
+  withval=$with_pam; case $with_pam in
+    yes)	AUTH_EXCL="$AUTH_EXCL PAM";;
+    no)		;;
+    *)		as_fn_error "\"--with-pam does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+
+# Check whether --with-AFS was given.
+if test "${with_AFS+set}" = set; then :
+  withval=$with_AFS; case $with_AFS in
+    yes)	$as_echo "#define HAVE_AFS 1" >>confdefs.h
+
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try AFS (kerberos) authentication" >&5
+$as_echo_n "checking whether to try AFS (kerberos) authentication... " >&6; }
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		AUTH_REG="$AUTH_REG AFS"
+		;;
+    no)		;;
+    *)		as_fn_error "\"--with-AFS does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+
+# Check whether --with-DCE was given.
+if test "${with_DCE+set}" = set; then :
+  withval=$with_DCE; case $with_DCE in
+    yes)	$as_echo "#define HAVE_DCE 1" >>confdefs.h
+
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try DCE (kerberos) authentication" >&5
+$as_echo_n "checking whether to try DCE (kerberos) authentication... " >&6; }
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		AUTH_REG="$AUTH_REG DCE"
+		;;
+    no)		;;
+    *)		as_fn_error "\"--with-DCE does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+
+# Check whether --with-logincap was given.
+if test "${with_logincap+set}" = set; then :
+  withval=$with_logincap; case $with_logincap in
+    yes|no)	;;
+    *)		as_fn_error "\"--with-logincap does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+
+# Check whether --with-bsdauth was given.
+if test "${with_bsdauth+set}" = set; then :
+  withval=$with_bsdauth; case $with_bsdauth in
+    yes)	AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
+    no)		;;
+    *)		as_fn_error "\"--with-bsdauth does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+
+# Check whether --with-project was given.
+if test "${with_project+set}" = set; then :
+  withval=$with_project; case $with_project in
+    yes|no)	;;
+    no)	;;
+    *)		as_fn_error "\"--with-project does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to lecture users the first time they run sudo" >&5
+$as_echo_n "checking whether to lecture users the first time they run sudo... " >&6; }
+
+# Check whether --with-lecture was given.
+if test "${with_lecture+set}" = set; then :
+  withval=$with_lecture; case $with_lecture in
+    yes|short|always)	lecture=once
+		;;
+    no|none|never)	lecture=never
+		;;
+    *)		as_fn_error "\"unknown argument to --with-lecture: $with_lecture\"" "$LINENO" 5
+		;;
+esac
+fi
+
+if test "$lecture" = "once"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+    $as_echo "#define NO_LECTURE 1" >>confdefs.h
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether sudo should log via syslog or to a file by default" >&5
+$as_echo_n "checking whether sudo should log via syslog or to a file by default... " >&6; }
+
+# Check whether --with-logging was given.
+if test "${with_logging+set}" = set; then :
+  withval=$with_logging; case $with_logging in
+    yes)	as_fn_error "\"must give --with-logging an argument.\"" "$LINENO" 5
+		;;
+    no)		as_fn_error "\"--without-logging not supported.\"" "$LINENO" 5
+		;;
+    syslog)	$as_echo "#define LOGGING SLOG_SYSLOG" >>confdefs.h
+
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: syslog" >&5
+$as_echo "syslog" >&6; }
+		;;
+    file)	$as_echo "#define LOGGING SLOG_FILE" >>confdefs.h
+
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: file" >&5
+$as_echo "file" >&6; }
+		;;
+    both)	$as_echo "#define LOGGING SLOG_BOTH" >>confdefs.h
+
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: both" >&5
+$as_echo "both" >&6; }
+		;;
+    *)		as_fn_error "\"unknown argument to --with-logging: $with_logging\"" "$LINENO" 5
+		;;
+esac
+else
+  $as_echo "#define LOGGING SLOG_SYSLOG" >>confdefs.h
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: syslog" >&5
+$as_echo "syslog" >&6; }
+fi
+
+
+
+# Check whether --with-logfac was given.
+if test "${with_logfac+set}" = set; then :
+  withval=$with_logfac; case $with_logfac in
+    yes)	as_fn_error "\"must give --with-logfac an argument.\"" "$LINENO" 5
+		;;
+    no)		as_fn_error "\"--without-logfac not supported.\"" "$LINENO" 5
+		;;
+    authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7)		logfac=$with_logfac
+		;;
+    *)		as_fn_error "\"$with_logfac is not a supported syslog facility.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking at which syslog priority to log commands" >&5
+$as_echo_n "checking at which syslog priority to log commands... " >&6; }
+
+# Check whether --with-goodpri was given.
+if test "${with_goodpri+set}" = set; then :
+  withval=$with_goodpri; case $with_goodpri in
+    yes)	as_fn_error "\"must give --with-goodpri an argument.\"" "$LINENO" 5
+		;;
+    no)		as_fn_error "\"--without-goodpri not supported.\"" "$LINENO" 5
+		;;
+    alert|crit|debug|emerg|err|info|notice|warning)
+		goodpri=$with_goodpri
+		;;
+    *)		as_fn_error "\"$with_goodpri is not a supported syslog priority.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define PRI_SUCCESS "$goodpri"
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $goodpri" >&5
+$as_echo "$goodpri" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking at which syslog priority to log failures" >&5
+$as_echo_n "checking at which syslog priority to log failures... " >&6; }
+
+# Check whether --with-badpri was given.
+if test "${with_badpri+set}" = set; then :
+  withval=$with_badpri; case $with_badpri in
+    yes)	as_fn_error "\"must give --with-badpri an argument.\"" "$LINENO" 5
+		;;
+    no)		as_fn_error "\"--without-badpri not supported.\"" "$LINENO" 5
+		;;
+    alert|crit|debug|emerg|err|info|notice|warning)
+		badpri=$with_badpri
+		;;
+    *)		as_fn_error "$with_badpri is not a supported syslog priority." "$LINENO" 5
+		;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define PRI_FAILURE "$badpri"
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $badpri" >&5
+$as_echo "$badpri" >&6; }
+
+
+# Check whether --with-logpath was given.
+if test "${with_logpath+set}" = set; then :
+  withval=$with_logpath; case $with_logpath in
+    yes)	as_fn_error "\"must give --with-logpath an argument.\"" "$LINENO" 5
+		;;
+    no)		as_fn_error "\"--without-logpath not supported.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how long a line in the log file should be" >&5
+$as_echo_n "checking how long a line in the log file should be... " >&6; }
+
+# Check whether --with-loglen was given.
+if test "${with_loglen+set}" = set; then :
+  withval=$with_loglen; case $with_loglen in
+    yes)	as_fn_error "\"must give --with-loglen an argument.\"" "$LINENO" 5
+		;;
+    no)		as_fn_error "\"--without-loglen not supported.\"" "$LINENO" 5
+		;;
+    [0-9]*)	loglen=$with_loglen
+		;;
+    *)		as_fn_error "\"you must enter a number, not $with_loglen\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define MAXLOGFILELEN $loglen
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $loglen" >&5
+$as_echo "$loglen" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether sudo should ignore '.' or '' in \$PATH" >&5
+$as_echo_n "checking whether sudo should ignore '.' or '' in \$PATH... " >&6; }
+
+# Check whether --with-ignore-dot was given.
+if test "${with_ignore_dot+set}" = set; then :
+  withval=$with_ignore_dot; case $with_ignore_dot in
+    yes)	ignore_dot=on
+		;;
+    no)		ignore_dot=off
+		;;
+    *)		as_fn_error "\"--with-ignore-dot does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+if test "$ignore_dot" = "on"; then
+    $as_echo "#define IGNORE_DOT_PATH 1" >>confdefs.h
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to send mail when a user is not in sudoers" >&5
+$as_echo_n "checking whether to send mail when a user is not in sudoers... " >&6; }
+
+# Check whether --with-mail-if-no-user was given.
+if test "${with_mail_if_no_user+set}" = set; then :
+  withval=$with_mail_if_no_user; case $with_mail_if_no_user in
+    yes)	mail_no_user=on
+		;;
+    no)		mail_no_user=off
+		;;
+    *)		as_fn_error "\"--with-mail-if-no-user does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+if test "$mail_no_user" = "on"; then
+    $as_echo "#define SEND_MAIL_WHEN_NO_USER 1" >>confdefs.h
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to send mail when user listed but not for this host" >&5
+$as_echo_n "checking whether to send mail when user listed but not for this host... " >&6; }
+
+# Check whether --with-mail-if-no-host was given.
+if test "${with_mail_if_no_host+set}" = set; then :
+  withval=$with_mail_if_no_host; case $with_mail_if_no_host in
+    yes)	mail_no_host=on
+		;;
+    no)		mail_no_host=off
+		;;
+    *)		as_fn_error "\"--with-mail-if-no-host does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+if test "$mail_no_host" = "on"; then
+    $as_echo "#define SEND_MAIL_WHEN_NO_HOST 1" >>confdefs.h
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to send mail when a user tries a disallowed command" >&5
+$as_echo_n "checking whether to send mail when a user tries a disallowed command... " >&6; }
+
+# Check whether --with-mail-if-noperms was given.
+if test "${with_mail_if_noperms+set}" = set; then :
+  withval=$with_mail_if_noperms; case $with_mail_if_noperms in
+    yes)	mail_noperms=on
+		;;
+    no)		mail_noperms=off
+		;;
+    *)		as_fn_error "\"--with-mail-if-noperms does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+if test "$mail_noperms" = "on"; then
+    $as_echo "#define SEND_MAIL_WHEN_NOT_OK 1" >>confdefs.h
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking who should get the mail that sudo sends" >&5
+$as_echo_n "checking who should get the mail that sudo sends... " >&6; }
+
+# Check whether --with-mailto was given.
+if test "${with_mailto+set}" = set; then :
+  withval=$with_mailto; case $with_mailto in
+    yes)	as_fn_error "\"must give --with-mailto an argument.\"" "$LINENO" 5
+		;;
+    no)		as_fn_error "\"--without-mailto not supported.\"" "$LINENO" 5
+		;;
+    *)		mailto=$with_mailto
+		;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define MAILTO "$mailto"
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $mailto" >&5
+$as_echo "$mailto" >&6; }
+
+
+# Check whether --with-mailsubject was given.
+if test "${with_mailsubject+set}" = set; then :
+  withval=$with_mailsubject; case $with_mailsubject in
+    yes)	as_fn_error "\"must give --with-mailsubject an argument.\"" "$LINENO" 5
+		;;
+    no)		{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Sorry, --without-mailsubject not supported." >&5
+$as_echo "$as_me: WARNING: Sorry, --without-mailsubject not supported." >&2;}
+		;;
+    *)		mailsub="$with_mailsubject"
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking sudo mail subject" >&5
+$as_echo_n "checking sudo mail subject... " >&6; }
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Using alert mail subject: $mailsub" >&5
+$as_echo "Using alert mail subject: $mailsub" >&6; }
+		;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define MAILSUBJECT "$mailsub"
+_ACEOF
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for bad password prompt" >&5
+$as_echo_n "checking for bad password prompt... " >&6; }
+
+# Check whether --with-passprompt was given.
+if test "${with_passprompt+set}" = set; then :
+  withval=$with_passprompt; case $with_passprompt in
+    yes)	as_fn_error "\"must give --with-passprompt an argument.\"" "$LINENO" 5
+		;;
+    no)		{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Sorry, --without-passprompt not supported." >&5
+$as_echo "$as_me: WARNING: Sorry, --without-passprompt not supported." >&2;}
+		;;
+    *)		passprompt="$with_passprompt"
+esac
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $passprompt" >&5
+$as_echo "$passprompt" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define PASSPROMPT "$passprompt"
+_ACEOF
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for bad password message" >&5
+$as_echo_n "checking for bad password message... " >&6; }
+
+# Check whether --with-badpass-message was given.
+if test "${with_badpass_message+set}" = set; then :
+  withval=$with_badpass_message; case $with_badpass_message in
+    yes)	as_fn_error "\"Must give --with-badpass-message an argument.\"" "$LINENO" 5
+		;;
+    no)		{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Sorry, --without-badpass-message not supported." >&5
+$as_echo "$as_me: WARNING: Sorry, --without-badpass-message not supported." >&2;}
+		;;
+    *)		badpass_message="$with_badpass_message"
+		;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define INCORRECT_PASSWORD "$badpass_message"
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $badpass_message" >&5
+$as_echo "$badpass_message" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to expect fully qualified hosts in sudoers" >&5
+$as_echo_n "checking whether to expect fully qualified hosts in sudoers... " >&6; }
+
+# Check whether --with-fqdn was given.
+if test "${with_fqdn+set}" = set; then :
+  withval=$with_fqdn; case $with_fqdn in
+    yes)	fqdn=on
+		;;
+    no)		fqdn=off
+		;;
+    *)		as_fn_error "\"--with-fqdn does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+if test "$fqdn" = "on"; then
+    $as_echo "#define FQDN 1" >>confdefs.h
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Check whether --with-timedir was given.
+if test "${with_timedir+set}" = set; then :
+  withval=$with_timedir; case $with_timedir in
+    yes)	as_fn_error "\"must give --with-timedir an argument.\"" "$LINENO" 5
+		;;
+    no)		as_fn_error "\"--without-timedir not supported.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+
+# Check whether --with-iologdir was given.
+if test "${with_iologdir+set}" = set; then :
+  withval=$with_iologdir; case $with_iologdir in
+    yes)	;;
+    no)		;;
+esac
+fi
+
+
+
+# Check whether --with-sendmail was given.
+if test "${with_sendmail+set}" = set; then :
+  withval=$with_sendmail; case $with_sendmail in
+    yes)	with_sendmail=""
+		;;
+    no)		;;
+    *)		cat >>confdefs.h <<EOF
+#define _PATH_SUDO_SENDMAIL "$with_sendmail"
+EOF
+
+		;;
+esac
+fi
+
+
+
+# Check whether --with-sudoers-mode was given.
+if test "${with_sudoers_mode+set}" = set; then :
+  withval=$with_sudoers_mode; case $with_sudoers_mode in
+    yes)	as_fn_error "\"must give --with-sudoers-mode an argument.\"" "$LINENO" 5
+		;;
+    no)		as_fn_error "\"--without-sudoers-mode not supported.\"" "$LINENO" 5
+		;;
+    [1-9]*)	SUDOERS_MODE=0${with_sudoers_mode}
+		;;
+    0*)		SUDOERS_MODE=$with_sudoers_mode
+		;;
+    *)		as_fn_error "\"you must use an octal mode, not a name.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+
+# Check whether --with-sudoers-uid was given.
+if test "${with_sudoers_uid+set}" = set; then :
+  withval=$with_sudoers_uid; case $with_sudoers_uid in
+    yes)	as_fn_error "\"must give --with-sudoers-uid an argument.\"" "$LINENO" 5
+		;;
+    no)		as_fn_error "\"--without-sudoers-uid not supported.\"" "$LINENO" 5
+		;;
+    [0-9]*)	SUDOERS_UID=$with_sudoers_uid
+		;;
+    *)		as_fn_error "\"you must use an unsigned numeric uid, not a name.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+
+# Check whether --with-sudoers-gid was given.
+if test "${with_sudoers_gid+set}" = set; then :
+  withval=$with_sudoers_gid; case $with_sudoers_gid in
+    yes)	as_fn_error "\"must give --with-sudoers-gid an argument.\"" "$LINENO" 5
+		;;
+    no)		as_fn_error "\"--without-sudoers-gid not supported.\"" "$LINENO" 5
+		;;
+    [0-9]*)	SUDOERS_GID=$with_sudoers_gid
+		;;
+    *)		as_fn_error "\"you must use an unsigned numeric gid, not a name.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for umask programs should be run with" >&5
+$as_echo_n "checking for umask programs should be run with... " >&6; }
+
+# Check whether --with-umask was given.
+if test "${with_umask+set}" = set; then :
+  withval=$with_umask; case $with_umask in
+    yes)	as_fn_error "\"must give --with-umask an argument.\"" "$LINENO" 5
+		;;
+    no)		sudo_umask=0777
+		;;
+    [0-9]*)	sudo_umask=$with_umask
+		;;
+    *)		as_fn_error "\"you must enter a numeric mask.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define SUDO_UMASK $sudo_umask
+_ACEOF
+
+if test "$sudo_umask" = "0777"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: user" >&5
+$as_echo "user" >&6; }
+else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_umask" >&5
+$as_echo "$sudo_umask" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for default user to run commands as" >&5
+$as_echo_n "checking for default user to run commands as... " >&6; }
+
+# Check whether --with-runas-default was given.
+if test "${with_runas_default+set}" = set; then :
+  withval=$with_runas_default; case $with_runas_default in
+    yes)	as_fn_error "\"must give --with-runas-default an argument.\"" "$LINENO" 5
+		;;
+    no)		as_fn_error "\"--without-runas-default not supported.\"" "$LINENO" 5
+		;;
+    *)		runas_default="$with_runas_default"
+		;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define RUNAS_DEFAULT "$runas_default"
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $runas_default" >&5
+$as_echo "$runas_default" >&6; }
+
+
+# Check whether --with-exempt was given.
+if test "${with_exempt+set}" = set; then :
+  withval=$with_exempt; case $with_exempt in
+    yes)	as_fn_error "\"must give --with-exempt an argument.\"" "$LINENO" 5
+		;;
+    no)		as_fn_error "\"--without-exempt not supported.\"" "$LINENO" 5
+		;;
+    *)
+cat >>confdefs.h <<_ACEOF
+#define EXEMPTGROUP "$with_exempt"
+_ACEOF
+
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for group to be exempt from password" >&5
+$as_echo_n "checking for group to be exempt from password... " >&6; }
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_exempt" >&5
+$as_echo "$with_exempt" >&6; }
+		;;
+esac
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for editor that visudo should use" >&5
+$as_echo_n "checking for editor that visudo should use... " >&6; }
+
+# Check whether --with-editor was given.
+if test "${with_editor+set}" = set; then :
+  withval=$with_editor; case $with_editor in
+    yes)	as_fn_error "\"must give --with-editor an argument.\"" "$LINENO" 5
+		;;
+    no)		as_fn_error "\"--without-editor not supported.\"" "$LINENO" 5
+		;;
+    *)
+cat >>confdefs.h <<_ACEOF
+#define EDITOR "$with_editor"
+_ACEOF
+
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_editor" >&5
+$as_echo "$with_editor" >&6; }
+		editor="$with_editor"
+		;;
+esac
+else
+  $as_echo "#define EDITOR _PATH_VI" >>confdefs.h
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: vi" >&5
+$as_echo "vi" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to obey EDITOR and VISUAL environment variables" >&5
+$as_echo_n "checking whether to obey EDITOR and VISUAL environment variables... " >&6; }
+
+# Check whether --with-env-editor was given.
+if test "${with_env_editor+set}" = set; then :
+  withval=$with_env_editor; case $with_env_editor in
+    yes)	env_editor=on
+		;;
+    no)		env_editor=off
+		;;
+    *)		as_fn_error "\"--with-env-editor does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+if test "$env_editor" = "on"; then
+    $as_echo "#define ENV_EDITOR 1" >>confdefs.h
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking number of tries a user gets to enter their password" >&5
+$as_echo_n "checking number of tries a user gets to enter their password... " >&6; }
+
+# Check whether --with-passwd-tries was given.
+if test "${with_passwd_tries+set}" = set; then :
+  withval=$with_passwd_tries; case $with_passwd_tries in
+    yes)	;;
+    no)		as_fn_error "\"--without-editor not supported.\"" "$LINENO" 5
+		;;
+    [1-9]*)	passwd_tries=$with_passwd_tries
+		;;
+    *)		as_fn_error "\"you must enter the numer of tries, > 0\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define TRIES_FOR_PASSWORD $passwd_tries
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $passwd_tries" >&5
+$as_echo "$passwd_tries" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking time in minutes after which sudo will ask for a password again" >&5
+$as_echo_n "checking time in minutes after which sudo will ask for a password again... " >&6; }
+
+# Check whether --with-timeout was given.
+if test "${with_timeout+set}" = set; then :
+  withval=$with_timeout; case $with_timeout in
+    yes)	;;
+    no)		timeout=0
+		;;
+    [0-9]*)	timeout=$with_timeout
+		;;
+    *)		as_fn_error "\"you must enter the numer of minutes.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define TIMEOUT $timeout
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $timeout" >&5
+$as_echo "$timeout" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking time in minutes after the password prompt will time out" >&5
+$as_echo_n "checking time in minutes after the password prompt will time out... " >&6; }
+
+# Check whether --with-password-timeout was given.
+if test "${with_password_timeout+set}" = set; then :
+  withval=$with_password_timeout; case $with_password_timeout in
+    yes)	;;
+    no)		password_timeout=0
+		;;
+    [0-9]*)	password_timeout=$with_password_timeout
+		;;
+    *)		as_fn_error "\"you must enter the numer of minutes.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define PASSWORD_TIMEOUT $password_timeout
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $password_timeout" >&5
+$as_echo "$password_timeout" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use per-tty ticket files" >&5
+$as_echo_n "checking whether to use per-tty ticket files... " >&6; }
+
+# Check whether --with-tty-tickets was given.
+if test "${with_tty_tickets+set}" = set; then :
+  withval=$with_tty_tickets; case $with_tty_tickets in
+    yes)	tty_tickets=on
+		;;
+    no)		tty_tickets=off
+		;;
+    *)		as_fn_error "\"--with-tty-tickets does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+if test "$tty_tickets" = "off"; then
+    $as_echo "#define NO_TTY_TICKETS 1" >>confdefs.h
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to include insults" >&5
+$as_echo_n "checking whether to include insults... " >&6; }
+
+# Check whether --with-insults was given.
+if test "${with_insults+set}" = set; then :
+  withval=$with_insults; case $with_insults in
+    yes)	insults=on
+		with_classic_insults=yes
+		with_csops_insults=yes
+		;;
+    disabled)	insults=off
+		with_classic_insults=yes
+		with_csops_insults=yes
+		;;
+    no)		insults=off
+		;;
+    *)		as_fn_error "\"--with-insults does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+if test "$insults" = "on"; then
+    $as_echo "#define USE_INSULTS 1" >>confdefs.h
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Check whether --with-all-insults was given.
+if test "${with_all_insults+set}" = set; then :
+  withval=$with_all_insults; case $with_all_insults in
+    yes)	with_classic_insults=yes
+		with_csops_insults=yes
+		with_hal_insults=yes
+		with_goons_insults=yes
+		;;
+    no)		;;
+    *)		as_fn_error "\"--with-all-insults does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+
+# Check whether --with-classic-insults was given.
+if test "${with_classic_insults+set}" = set; then :
+  withval=$with_classic_insults; case $with_classic_insults in
+    yes)	$as_echo "#define CLASSIC_INSULTS 1" >>confdefs.h
+
+		;;
+    no)		;;
+    *)		as_fn_error "\"--with-classic-insults does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+
+# Check whether --with-csops-insults was given.
+if test "${with_csops_insults+set}" = set; then :
+  withval=$with_csops_insults; case $with_csops_insults in
+    yes)	$as_echo "#define CSOPS_INSULTS 1" >>confdefs.h
+
+		;;
+    no)		;;
+    *)		as_fn_error "\"--with-csops-insults does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+
+# Check whether --with-hal-insults was given.
+if test "${with_hal_insults+set}" = set; then :
+  withval=$with_hal_insults; case $with_hal_insults in
+    yes)	$as_echo "#define HAL_INSULTS 1" >>confdefs.h
+
+		;;
+    no)		;;
+    *)		as_fn_error "\"--with-hal-insults does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+
+# Check whether --with-goons-insults was given.
+if test "${with_goons_insults+set}" = set; then :
+  withval=$with_goons_insults; case $with_goons_insults in
+    yes)	$as_echo "#define GOONS_INSULTS 1" >>confdefs.h
+
+		;;
+    no)		;;
+    *)		as_fn_error "\"--with-goons-insults does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+
+# Check whether --with-nsswitch was given.
+if test "${with_nsswitch+set}" = set; then :
+  withval=$with_nsswitch; case $with_nsswitch in
+    no)		;;
+    yes)	with_nsswitch="/etc/nsswitch.conf"
+		;;
+    *)		;;
+esac
+fi
+
+
+
+# Check whether --with-ldap was given.
+if test "${with_ldap+set}" = set; then :
+  withval=$with_ldap; case $with_ldap in
+    no)		;;
+    *)		$as_echo "#define HAVE_LDAP 1" >>confdefs.h
+
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use sudoers from LDAP" >&5
+$as_echo_n "checking whether to use sudoers from LDAP... " >&6; }
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		;;
+esac
+fi
+
+
+
+# Check whether --with-ldap-conf-file was given.
+if test "${with_ldap_conf_file+set}" = set; then :
+  withval=$with_ldap_conf_file;
+fi
+
+test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file"
+cat >>confdefs.h <<EOF
+#define _PATH_LDAP_CONF "$ldap_conf"
+EOF
+
+
+
+# Check whether --with-ldap-secret-file was given.
+if test "${with_ldap_secret_file+set}" = set; then :
+  withval=$with_ldap_secret_file;
+fi
+
+test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file"
+cat >>confdefs.h <<EOF
+#define _PATH_LDAP_SECRET "$ldap_secret"
+EOF
+
+
+
+# Check whether --with-pc-insults was given.
+if test "${with_pc_insults+set}" = set; then :
+  withval=$with_pc_insults; case $with_pc_insults in
+    yes)	$as_echo "#define PC_INSULTS 1" >>confdefs.h
+
+		;;
+    no)		;;
+    *)		as_fn_error "\"--with-pc-insults does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+if test "$insults" = "on"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking which insult sets to include" >&5
+$as_echo_n "checking which insult sets to include... " >&6; }
+    i=""
+    test "$with_goons_insults" = "yes" && i="goons ${i}"
+    test "$with_hal_insults" = "yes" && i="hal ${i}"
+    test "$with_csops_insults" = "yes" && i="csops ${i}"
+    test "$with_classic_insults" = "yes" && i="classic ${i}"
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $i" >&5
+$as_echo "$i" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to override the user's path" >&5
+$as_echo_n "checking whether to override the user's path... " >&6; }
+
+# Check whether --with-secure-path was given.
+if test "${with_secure_path+set}" = set; then :
+  withval=$with_secure_path; case $with_secure_path in
+    yes)	with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc"
+		cat >>confdefs.h <<_ACEOF
+#define SECURE_PATH "$with_secure_path"
+_ACEOF
+
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_secure_path" >&5
+$as_echo "$with_secure_path" >&6; }
+		secure_path="set to $with_secure_path"
+		;;
+    no)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+		;;
+    *)		cat >>confdefs.h <<_ACEOF
+#define SECURE_PATH "$with_secure_path"
+_ACEOF
+
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_secure_path" >&5
+$as_echo "$with_secure_path" >&6; }
+		secure_path="set to F<$with_secure_path>"
+		;;
+esac
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to get ip addresses from the network interfaces" >&5
+$as_echo_n "checking whether to get ip addresses from the network interfaces... " >&6; }
+
+# Check whether --with-interfaces was given.
+if test "${with_interfaces+set}" = set; then :
+  withval=$with_interfaces; case $with_interfaces in
+    yes)	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		;;
+    no)		$as_echo "#define STUB_LOAD_INTERFACES 1" >>confdefs.h
+
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+		;;
+    *)		as_fn_error "\"--with-interfaces does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stow should be used" >&5
+$as_echo_n "checking whether stow should be used... " >&6; }
+
+# Check whether --with-stow was given.
+if test "${with_stow+set}" = set; then :
+  withval=$with_stow; case $with_stow in
+    yes)	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		$as_echo "#define USE_STOW 1" >>confdefs.h
+
+		;;
+    no)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+		;;
+    *)		as_fn_error "\"--with-stow does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use an askpass helper" >&5
+$as_echo_n "checking whether to use an askpass helper... " >&6; }
+
+# Check whether --with-askpass was given.
+if test "${with_askpass+set}" = set; then :
+  withval=$with_askpass; case $with_askpass in
+    yes)	as_fn_error "\"--with-askpass takes a path as an argument.\"" "$LINENO" 5
+		;;
+    no)		;;
+    *)		cat >>confdefs.h <<EOF
+#define _PATH_SUDO_ASKPASS "$with_askpass"
+EOF
+
+		;;
+esac
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+# Check whether --with-libvas was given.
+if test "${with_libvas+set}" = set; then :
+  withval=$with_libvas; case $with_libvas in
+    yes)	with_libvas=libvas.so
+		;;
+    no)		;;
+    *)
+cat >>confdefs.h <<_ACEOF
+#define LIBVAS_SO "$with_libvas"
+_ACEOF
+
+		;;
+esac
+if test X"$with_libvas" != X"no"; then
+
+cat >>confdefs.h <<_ACEOF
+#define LIBVAS_SO "$with_libvas"
+_ACEOF
+
+    $as_echo "#define USING_NONUNIX_GROUPS 1" >>confdefs.h
+
+    COMMON_OBJS="$COMMON_OBJS vasgroups.o"
+
+# Check whether --with-libvas-rpath was given.
+if test "${with_libvas_rpath+set}" = set; then :
+  withval=$with_libvas_rpath; LIBVAS_RPATH=$withval
+else
+  LIBVAS_RPATH=/opt/quest/lib
+fi
+
+                { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -ldl" >&5
+$as_echo_n "checking for main in -ldl... " >&6; }
+if test "${ac_cv_lib_dl_main+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+int
+main ()
+{
+return main ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_dl_main=yes
+else
+  ac_cv_lib_dl_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_main" >&5
+$as_echo "$ac_cv_lib_dl_main" >&6; }
+if test "x$ac_cv_lib_dl_main" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBDL 1
+_ACEOF
+
+  LIBS="-ldl $LIBS"
+
+fi
+
+fi
+
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to do user authentication by default" >&5
+$as_echo_n "checking whether to do user authentication by default... " >&6; }
+# Check whether --enable-authentication was given.
+if test "${enable_authentication+set}" = set; then :
+  enableval=$enable_authentication;  case "$enableval" in
+    yes)	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		;;
+    no)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+		$as_echo "#define NO_AUTHENTICATION 1" >>confdefs.h
+
+		;;
+    *)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+    		{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&2;}
+		;;
+  esac
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable running the mailer as root" >&5
+$as_echo_n "checking whether to disable running the mailer as root... " >&6; }
+# Check whether --enable-root-mailer was given.
+if test "${enable_root_mailer+set}" = set; then :
+  enableval=$enable_root_mailer;  case "$enableval" in
+    yes)	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+		;;
+    no)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		$as_echo "#define NO_ROOT_MAILER 1" >>confdefs.h
+
+		;;
+    *)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+    		{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&2;}
+		;;
+  esac
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Check whether --enable-setreuid was given.
+if test "${enable_setreuid+set}" = set; then :
+  enableval=$enable_setreuid;  case "$enableval" in
+    no)		SKIP_SETREUID=yes
+		;;
+    *)		;;
+  esac
+
+fi
+
+
+# Check whether --enable-setresuid was given.
+if test "${enable_setresuid+set}" = set; then :
+  enableval=$enable_setresuid;  case "$enableval" in
+    no)		SKIP_SETRESUID=yes
+		;;
+    *)		;;
+  esac
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable shadow password support" >&5
+$as_echo_n "checking whether to disable shadow password support... " >&6; }
+# Check whether --enable-shadow was given.
+if test "${enable_shadow+set}" = set; then :
+  enableval=$enable_shadow;  case "$enableval" in
+    yes)	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+		;;
+    no)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		CHECKSHADOW="false"
+		;;
+    *)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+    		{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&2;}
+		;;
+  esac
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether root should be allowed to use sudo" >&5
+$as_echo_n "checking whether root should be allowed to use sudo... " >&6; }
+# Check whether --enable-root-sudo was given.
+if test "${enable_root_sudo+set}" = set; then :
+  enableval=$enable_root_sudo;  case "$enableval" in
+    yes)	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		;;
+    no)		$as_echo "#define NO_ROOT_SUDO 1" >>confdefs.h
+
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+		root_sudo=off
+		;;
+    *)		as_fn_error "\"--enable-root-sudo does not take an argument.\"" "$LINENO" 5
+		;;
+  esac
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to log the hostname in the log file" >&5
+$as_echo_n "checking whether to log the hostname in the log file... " >&6; }
+# Check whether --enable-log-host was given.
+if test "${enable_log_host+set}" = set; then :
+  enableval=$enable_log_host;  case "$enableval" in
+    yes)	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		$as_echo "#define HOST_IN_LOG 1" >>confdefs.h
+
+		;;
+    no)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+		;;
+    *)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+    		{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&2;}
+		;;
+  esac
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to invoke a shell if sudo is given no arguments" >&5
+$as_echo_n "checking whether to invoke a shell if sudo is given no arguments... " >&6; }
+# Check whether --enable-noargs-shell was given.
+if test "${enable_noargs_shell+set}" = set; then :
+  enableval=$enable_noargs_shell;  case "$enableval" in
+    yes)	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		$as_echo "#define SHELL_IF_NO_ARGS 1" >>confdefs.h
+
+		;;
+    no)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+		;;
+    *)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+    		{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&2;}
+		;;
+  esac
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to set \$HOME to target user in shell mode" >&5
+$as_echo_n "checking whether to set \$HOME to target user in shell mode... " >&6; }
+# Check whether --enable-shell-sets-home was given.
+if test "${enable_shell_sets_home+set}" = set; then :
+  enableval=$enable_shell_sets_home;  case "$enableval" in
+    yes)	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		$as_echo "#define SHELL_SETS_HOME 1" >>confdefs.h
+
+		;;
+    no)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+		;;
+    *)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+    		{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&2;}
+		;;
+  esac
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable 'command not found' messages" >&5
+$as_echo_n "checking whether to disable 'command not found' messages... " >&6; }
+# Check whether --enable-path_info was given.
+if test "${enable_path_info+set}" = set; then :
+  enableval=$enable_path_info;  case "$enableval" in
+    yes)	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+		;;
+    no)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		$as_echo "#define DONT_LEAK_PATH_INFO 1" >>confdefs.h
+
+		path_info=off
+		;;
+    *)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&2;}
+		;;
+  esac
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable environment debugging" >&5
+$as_echo_n "checking whether to enable environment debugging... " >&6; }
+# Check whether --enable-env_debug was given.
+if test "${enable_env_debug+set}" = set; then :
+  enableval=$enable_env_debug;  case "$enableval" in
+    yes)	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		$as_echo "#define ENV_DEBUG 1" >>confdefs.h
+
+		;;
+    no)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+		;;
+    *)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+    		{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&2;}
+		;;
+  esac
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Check whether --enable-warnings was given.
+if test "${enable_warnings+set}" = set; then :
+  enableval=$enable_warnings;  case "$enableval" in
+    yes)    if test X"$with_devel" != X"yes" -a -n "$GCC"; then
+		CFLAGS="${CFLAGS} -Wall"
+	    fi
+	    ;;
+    no)	    ;;
+    *)	    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-warnings: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-warnings: $enableval" >&2;}
+	    ;;
+  esac
+
+fi
+
+
+# Check whether --enable-admin-flag was given.
+if test "${enable_admin_flag+set}" = set; then :
+  enableval=$enable_admin_flag;  case "$enableval" in
+    yes)    $as_echo "#define USE_ADMIN_FLAG 1" >>confdefs.h
+
+	    ;;
+    no)	    ;;
+    *)	    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-admin-flag: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-admin-flag: $enableval" >&2;}
+	    ;;
+  esac
+
+fi
+
+
+
+# Check whether --with-selinux was given.
+if test "${with_selinux+set}" = set; then :
+  withval=$with_selinux; case $with_selinux in
+    yes)	SELINUX_USAGE="[-r role] [-t type] "
+    		$as_echo "#define HAVE_SELINUX 1" >>confdefs.h
+
+		SUDO_LIBS="${SUDO_LIBS} -lselinux"
+		SUDO_OBJS="${SUDO_OBJS} selinux.o"
+		PROGS="${PROGS} sesh"
+		SEMAN=1
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for setkeycreatecon in -lselinux" >&5
+$as_echo_n "checking for setkeycreatecon in -lselinux... " >&6; }
+if test "${ac_cv_lib_selinux_setkeycreatecon+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lselinux  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char setkeycreatecon ();
+int
+main ()
+{
+return setkeycreatecon ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_selinux_setkeycreatecon=yes
+else
+  ac_cv_lib_selinux_setkeycreatecon=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_setkeycreatecon" >&5
+$as_echo "$ac_cv_lib_selinux_setkeycreatecon" >&6; }
+if test "x$ac_cv_lib_selinux_setkeycreatecon" = x""yes; then :
+  $as_echo "#define HAVE_SETKEYCREATECON 1" >>confdefs.h
+
+fi
+
+		;;
+    no)		;;
+    *)		as_fn_error "\"--with-selinux does not take an argument.\"" "$LINENO" 5
+		;;
+esac
+fi
+
+
+# Check whether --enable-gss_krb5_ccache_name was given.
+if test "${enable_gss_krb5_ccache_name+set}" = set; then :
+  enableval=$enable_gss_krb5_ccache_name; check_gss_krb5_ccache_name=$enableval
+else
+  check_gss_krb5_ccache_name=no
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing strerror" >&5
+$as_echo_n "checking for library containing strerror... " >&6; }
+if test "${ac_cv_search_strerror+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strerror ();
+int
+main ()
+{
+return strerror ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' cposix; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_search_strerror=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext
+  if test "${ac_cv_search_strerror+set}" = set; then :
+  break
+fi
+done
+if test "${ac_cv_search_strerror+set}" = set; then :
+
+else
+  ac_cv_search_strerror=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_strerror" >&5
+$as_echo "$ac_cv_search_strerror" >&6; }
+ac_res=$ac_cv_search_strerror
+if test "$ac_res" != no; then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
+$as_echo_n "checking how to run the C preprocessor... " >&6; }
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+  CPP=
+fi
+if test -z "$CPP"; then
+  if test "${ac_cv_prog_CPP+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+      # Double quotes because CPP needs to be expanded
+    for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+    do
+      ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+  # <limits.h> exists even on freestanding compilers.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+		     Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether nonexistent headers
+  # can be detected and how.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+  # Broken: success on invalid input.
+continue
+else
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+  break
+fi
+
+    done
+    ac_cv_prog_CPP=$CPP
+
+fi
+  CPP=$ac_cv_prog_CPP
+else
+  ac_cv_prog_CPP=$CPP
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
+$as_echo "$CPP" >&6; }
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+  # <limits.h> exists even on freestanding compilers.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+		     Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether nonexistent headers
+  # can be detected and how.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+  # Broken: success on invalid input.
+continue
+else
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+
+else
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error "C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details." "$LINENO" 5; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_AR+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$AR"; then
+  ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_AR="${ac_tool_prefix}ar"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+$as_echo "$AR" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_AR"; then
+  ac_ct_AR=$AR
+  # Extract the first word of "ar", so it can be a program name with args.
+set dummy ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_AR+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_AR"; then
+  ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_AR="ar"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
+$as_echo "$ac_ct_AR" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_AR" = x; then
+    AR="false"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    AR=$ac_ct_AR
+  fi
+else
+  AR="$ac_cv_prog_AR"
+fi
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_RANLIB+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$RANLIB"; then
+  ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+$as_echo "$RANLIB" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+  ac_ct_RANLIB=$RANLIB
+  # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_RANLIB"; then
+  ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_RANLIB="ranlib"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+$as_echo "$ac_ct_RANLIB" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_RANLIB" = x; then
+    RANLIB=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    RANLIB=$ac_ct_RANLIB
+  fi
+else
+  RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+
+ac_aux_dir=
+for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+  for ac_t in install-sh install.sh shtool; do
+    if test -f "$ac_dir/$ac_t"; then
+      ac_aux_dir=$ac_dir
+      ac_install_sh="$ac_aux_dir/$ac_t -c"
+      break 2
+    fi
+  done
+done
+if test -z "$ac_aux_dir"; then
+  as_fn_error "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
+fi
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess"  # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub"  # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.
+
+
+# Make sure we can run config.sub.
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+  as_fn_error "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
+$as_echo_n "checking build system type... " >&6; }
+if test "${ac_cv_build+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+  ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+  as_fn_error "cannot guess build type; you must specify one" "$LINENO" 5
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+  as_fn_error "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
+$as_echo "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) as_fn_error "invalid value of canonical build" "$LINENO" 5;;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
+$as_echo_n "checking host system type... " >&6; }
+if test "${ac_cv_host+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test "x$host_alias" = x; then
+  ac_cv_host=$ac_cv_build
+else
+  ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+    as_fn_error "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
+$as_echo "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) as_fn_error "invalid value of canonical host" "$LINENO" 5;;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
+
+
+
+
+case `pwd` in
+  *\ * | *\	*)
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
+$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
+esac
+
+
+
+macro_version='2.2.6b'
+macro_revision='1.3017'
+
+
+
+
+
+
+
+
+
+
+
+
+
+ltmain="$ac_aux_dir/ltmain.sh"
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
+$as_echo_n "checking for a sed that does not truncate output... " >&6; }
+if test "${ac_cv_path_SED+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+            ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
+     for ac_i in 1 2 3 4 5 6 7; do
+       ac_script="$ac_script$as_nl$ac_script"
+     done
+     echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
+     { ac_script=; unset ac_script;}
+     if test -z "$SED"; then
+  ac_path_SED_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_prog in sed gsed; do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_SED="$as_dir/$ac_prog$ac_exec_ext"
+      { test -f "$ac_path_SED" && $as_test_x "$ac_path_SED"; } || continue
+# Check for GNU ac_path_SED and select it if it is found.
+  # Check for GNU $ac_path_SED
+case `"$ac_path_SED" --version 2>&1` in
+*GNU*)
+  ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
+*)
+  ac_count=0
+  $as_echo_n 0123456789 >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    $as_echo '' >> "conftest.nl"
+    "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    as_fn_arith $ac_count + 1 && ac_count=$as_val
+    if test $ac_count -gt ${ac_path_SED_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_SED="$ac_path_SED"
+      ac_path_SED_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+      $ac_path_SED_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_SED"; then
+    as_fn_error "no acceptable sed could be found in \$PATH" "$LINENO" 5
+  fi
+else
+  ac_cv_path_SED=$SED
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
+$as_echo "$ac_cv_path_SED" >&6; }
+ SED="$ac_cv_path_SED"
+  rm -f conftest.sed
+
+test -z "$SED" && SED=sed
+Xsed="$SED -e 1s/^X//"
+
+
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
+$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
+if test "${ac_cv_path_GREP+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -z "$GREP"; then
+  ac_path_GREP_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_prog in grep ggrep; do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
+      { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
+# Check for GNU ac_path_GREP and select it if it is found.
+  # Check for GNU $ac_path_GREP
+case `"$ac_path_GREP" --version 2>&1` in
+*GNU*)
+  ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
+*)
+  ac_count=0
+  $as_echo_n 0123456789 >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    $as_echo 'GREP' >> "conftest.nl"
+    "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    as_fn_arith $ac_count + 1 && ac_count=$as_val
+    if test $ac_count -gt ${ac_path_GREP_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_GREP="$ac_path_GREP"
+      ac_path_GREP_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+      $ac_path_GREP_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_GREP"; then
+    as_fn_error "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+  fi
+else
+  ac_cv_path_GREP=$GREP
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
+$as_echo "$ac_cv_path_GREP" >&6; }
+ GREP="$ac_cv_path_GREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+$as_echo_n "checking for egrep... " >&6; }
+if test "${ac_cv_path_EGREP+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+   then ac_cv_path_EGREP="$GREP -E"
+   else
+     if test -z "$EGREP"; then
+  ac_path_EGREP_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_prog in egrep; do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+      { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
+# Check for GNU ac_path_EGREP and select it if it is found.
+  # Check for GNU $ac_path_EGREP
+case `"$ac_path_EGREP" --version 2>&1` in
+*GNU*)
+  ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+*)
+  ac_count=0
+  $as_echo_n 0123456789 >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    $as_echo 'EGREP' >> "conftest.nl"
+    "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    as_fn_arith $ac_count + 1 && ac_count=$as_val
+    if test $ac_count -gt ${ac_path_EGREP_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_EGREP="$ac_path_EGREP"
+      ac_path_EGREP_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+      $ac_path_EGREP_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_EGREP"; then
+    as_fn_error "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+  fi
+else
+  ac_cv_path_EGREP=$EGREP
+fi
+
+   fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+$as_echo "$ac_cv_path_EGREP" >&6; }
+ EGREP="$ac_cv_path_EGREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
+$as_echo_n "checking for fgrep... " >&6; }
+if test "${ac_cv_path_FGREP+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
+   then ac_cv_path_FGREP="$GREP -F"
+   else
+     if test -z "$FGREP"; then
+  ac_path_FGREP_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_prog in fgrep; do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext"
+      { test -f "$ac_path_FGREP" && $as_test_x "$ac_path_FGREP"; } || continue
+# Check for GNU ac_path_FGREP and select it if it is found.
+  # Check for GNU $ac_path_FGREP
+case `"$ac_path_FGREP" --version 2>&1` in
+*GNU*)
+  ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;;
+*)
+  ac_count=0
+  $as_echo_n 0123456789 >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    $as_echo 'FGREP' >> "conftest.nl"
+    "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    as_fn_arith $ac_count + 1 && ac_count=$as_val
+    if test $ac_count -gt ${ac_path_FGREP_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_FGREP="$ac_path_FGREP"
+      ac_path_FGREP_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+      $ac_path_FGREP_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_FGREP"; then
+    as_fn_error "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+  fi
+else
+  ac_cv_path_FGREP=$FGREP
+fi
+
+   fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
+$as_echo "$ac_cv_path_FGREP" >&6; }
+ FGREP="$ac_cv_path_FGREP"
+
+
+test -z "$GREP" && GREP=grep
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Check whether --with-gnu-ld was given.
+if test "${with_gnu_ld+set}" = set; then :
+  withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
+else
+  with_gnu_ld=no
+fi
+
+ac_prog=ld
+if test "$GCC" = yes; then
+  # Check if gcc -print-prog-name=ld gives a path.
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
+$as_echo_n "checking for ld used by $CC... " >&6; }
+  case $host in
+  *-*-mingw*)
+    # gcc leaves a trailing carriage return which upsets mingw
+    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+  *)
+    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+  esac
+  case $ac_prog in
+    # Accept absolute paths.
+    [\\/]* | ?:[\\/]*)
+      re_direlt='/[^/][^/]*/\.\./'
+      # Canonicalize the pathname of ld
+      ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
+      while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
+	ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
+      done
+      test -z "$LD" && LD="$ac_prog"
+      ;;
+  "")
+    # If it fails, then pretend we aren't using GCC.
+    ac_prog=ld
+    ;;
+  *)
+    # If it is relative, then search for the first ld in PATH.
+    with_gnu_ld=unknown
+    ;;
+  esac
+elif test "$with_gnu_ld" = yes; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
+$as_echo_n "checking for GNU ld... " >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
+$as_echo_n "checking for non-GNU ld... " >&6; }
+fi
+if test "${lt_cv_path_LD+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -z "$LD"; then
+  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+  for ac_dir in $PATH; do
+    IFS="$lt_save_ifs"
+    test -z "$ac_dir" && ac_dir=.
+    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+      lt_cv_path_LD="$ac_dir/$ac_prog"
+      # Check to see if the program is GNU ld.  I'd rather use --version,
+      # but apparently some variants of GNU ld only accept -v.
+      # Break only if it was the GNU/non-GNU ld that we prefer.
+      case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+      *GNU* | *'with BFD'*)
+	test "$with_gnu_ld" != no && break
+	;;
+      *)
+	test "$with_gnu_ld" != yes && break
+	;;
+      esac
+    fi
+  done
+  IFS="$lt_save_ifs"
+else
+  lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi
+fi
+
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
+$as_echo "$LD" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+test -z "$LD" && as_fn_error "no acceptable ld found in \$PATH" "$LINENO" 5
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
+$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; }
+if test "${lt_cv_prog_gnu_ld+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  # I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+  lt_cv_prog_gnu_ld=yes
+  ;;
+*)
+  lt_cv_prog_gnu_ld=no
+  ;;
+esac
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
+$as_echo "$lt_cv_prog_gnu_ld" >&6; }
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5
+$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
+if test "${lt_cv_path_NM+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$NM"; then
+  # Let the user override the test.
+  lt_cv_path_NM="$NM"
+else
+  lt_nm_to_check="${ac_tool_prefix}nm"
+  if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
+    lt_nm_to_check="$lt_nm_to_check nm"
+  fi
+  for lt_tmp_nm in $lt_nm_to_check; do
+    lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+    for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
+      IFS="$lt_save_ifs"
+      test -z "$ac_dir" && ac_dir=.
+      tmp_nm="$ac_dir/$lt_tmp_nm"
+      if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
+	# Check to see if the nm accepts a BSD-compat flag.
+	# Adding the `sed 1q' prevents false positives on HP-UX, which says:
+	#   nm: unknown option "B" ignored
+	# Tru64's nm complains that /dev/null is an invalid object file
+	case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
+	*/dev/null* | *'Invalid file or object type'*)
+	  lt_cv_path_NM="$tmp_nm -B"
+	  break
+	  ;;
+	*)
+	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+	  */dev/null*)
+	    lt_cv_path_NM="$tmp_nm -p"
+	    break
+	    ;;
+	  *)
+	    lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
+	    continue # so that we can try to find one that supports BSD flags
+	    ;;
+	  esac
+	  ;;
+	esac
+      fi
+    done
+    IFS="$lt_save_ifs"
+  done
+  : ${lt_cv_path_NM=no}
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
+$as_echo "$lt_cv_path_NM" >&6; }
+if test "$lt_cv_path_NM" != "no"; then
+  NM="$lt_cv_path_NM"
+else
+  # Didn't find any BSD compatible name lister, look for dumpbin.
+  if test -n "$ac_tool_prefix"; then
+  for ac_prog in "dumpbin -symbols" "link -dump -symbols"
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_DUMPBIN+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$DUMPBIN"; then
+  ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+DUMPBIN=$ac_cv_prog_DUMPBIN
+if test -n "$DUMPBIN"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5
+$as_echo "$DUMPBIN" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    test -n "$DUMPBIN" && break
+  done
+fi
+if test -z "$DUMPBIN"; then
+  ac_ct_DUMPBIN=$DUMPBIN
+  for ac_prog in "dumpbin -symbols" "link -dump -symbols"
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_DUMPBIN+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_DUMPBIN"; then
+  ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_DUMPBIN="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN
+if test -n "$ac_ct_DUMPBIN"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5
+$as_echo "$ac_ct_DUMPBIN" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_DUMPBIN" && break
+done
+
+  if test "x$ac_ct_DUMPBIN" = x; then
+    DUMPBIN=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    DUMPBIN=$ac_ct_DUMPBIN
+  fi
+fi
+
+
+  if test "$DUMPBIN" != ":"; then
+    NM="$DUMPBIN"
+  fi
+fi
+test -z "$NM" && NM=nm
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5
+$as_echo_n "checking the name lister ($NM) interface... " >&6; }
+if test "${lt_cv_nm_interface+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_nm_interface="BSD nm"
+  echo "int some_variable = 0;" > conftest.$ac_ext
+  (eval echo "\"\$as_me:6765: $ac_compile\"" >&5)
+  (eval "$ac_compile" 2>conftest.err)
+  cat conftest.err >&5
+  (eval echo "\"\$as_me:6768: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+  (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
+  cat conftest.err >&5
+  (eval echo "\"\$as_me:6771: output\"" >&5)
+  cat conftest.out >&5
+  if $GREP 'External.*some_variable' conftest.out > /dev/null; then
+    lt_cv_nm_interface="MS dumpbin"
+  fi
+  rm -f conftest*
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
+$as_echo "$lt_cv_nm_interface" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
+$as_echo_n "checking whether ln -s works... " >&6; }
+LN_S=$as_ln_s
+if test "$LN_S" = "ln -s"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
+$as_echo "no, using $LN_S" >&6; }
+fi
+
+# find the maximum length of command line arguments
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5
+$as_echo_n "checking the maximum length of command line arguments... " >&6; }
+if test "${lt_cv_sys_max_cmd_len+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+    i=0
+  teststring="ABCD"
+
+  case $build_os in
+  msdosdjgpp*)
+    # On DJGPP, this test can blow up pretty badly due to problems in libc
+    # (any single argument exceeding 2000 bytes causes a buffer overrun
+    # during glob expansion).  Even if it were fixed, the result of this
+    # check would be larger than it should be.
+    lt_cv_sys_max_cmd_len=12288;    # 12K is about right
+    ;;
+
+  gnu*)
+    # Under GNU Hurd, this test is not required because there is
+    # no limit to the length of command line arguments.
+    # Libtool will interpret -1 as no limit whatsoever
+    lt_cv_sys_max_cmd_len=-1;
+    ;;
+
+  cygwin* | mingw* | cegcc*)
+    # On Win9x/ME, this test blows up -- it succeeds, but takes
+    # about 5 minutes as the teststring grows exponentially.
+    # Worse, since 9x/ME are not pre-emptively multitasking,
+    # you end up with a "frozen" computer, even though with patience
+    # the test eventually succeeds (with a max line length of 256k).
+    # Instead, let's just punt: use the minimum linelength reported by
+    # all of the supported platforms: 8192 (on NT/2K/XP).
+    lt_cv_sys_max_cmd_len=8192;
+    ;;
+
+  amigaos*)
+    # On AmigaOS with pdksh, this test takes hours, literally.
+    # So we just punt and use a minimum line length of 8192.
+    lt_cv_sys_max_cmd_len=8192;
+    ;;
+
+  netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
+    # This has been around since 386BSD, at least.  Likely further.
+    if test -x /sbin/sysctl; then
+      lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
+    elif test -x /usr/sbin/sysctl; then
+      lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
+    else
+      lt_cv_sys_max_cmd_len=65536	# usable default for all BSDs
+    fi
+    # And add a safety zone
+    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+    ;;
+
+  interix*)
+    # We know the value 262144 and hardcode it with a safety zone (like BSD)
+    lt_cv_sys_max_cmd_len=196608
+    ;;
+
+  osf*)
+    # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
+    # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
+    # nice to cause kernel panics so lets avoid the loop below.
+    # First set a reasonable default.
+    lt_cv_sys_max_cmd_len=16384
+    #
+    if test -x /sbin/sysconfig; then
+      case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
+        *1*) lt_cv_sys_max_cmd_len=-1 ;;
+      esac
+    fi
+    ;;
+  sco3.2v5*)
+    lt_cv_sys_max_cmd_len=102400
+    ;;
+  sysv5* | sco5v6* | sysv4.2uw2*)
+    kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
+    if test -n "$kargmax"; then
+      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[	 ]//'`
+    else
+      lt_cv_sys_max_cmd_len=32768
+    fi
+    ;;
+  *)
+    lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
+    if test -n "$lt_cv_sys_max_cmd_len"; then
+      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+    else
+      # Make teststring a little bigger before we do anything with it.
+      # a 1K string should be a reasonable start.
+      for i in 1 2 3 4 5 6 7 8 ; do
+        teststring=$teststring$teststring
+      done
+      SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+      # If test is not a shell built-in, we'll probably end up computing a
+      # maximum length that is only half of the actual maximum length, but
+      # we can't tell.
+      while { test "X"`$SHELL $0 --fallback-echo "X$teststring$teststring" 2>/dev/null` \
+	         = "XX$teststring$teststring"; } >/dev/null 2>&1 &&
+	      test $i != 17 # 1/2 MB should be enough
+      do
+        i=`expr $i + 1`
+        teststring=$teststring$teststring
+      done
+      # Only check the string length outside the loop.
+      lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
+      teststring=
+      # Add a significant safety factor because C++ compilers can tack on
+      # massive amounts of additional arguments before passing them to the
+      # linker.  It appears as though 1/2 is a usable value.
+      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+    fi
+    ;;
+  esac
+
+fi
+
+if test -n $lt_cv_sys_max_cmd_len ; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
+$as_echo "$lt_cv_sys_max_cmd_len" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5
+$as_echo "none" >&6; }
+fi
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+
+
+
+
+
+: ${CP="cp -f"}
+: ${MV="mv -f"}
+: ${RM="rm -f"}
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands some XSI constructs" >&5
+$as_echo_n "checking whether the shell understands some XSI constructs... " >&6; }
+# Try some XSI features
+xsi_shell=no
+( _lt_dummy="a/b/c"
+  test "${_lt_dummy##*/},${_lt_dummy%/*},"${_lt_dummy%"$_lt_dummy"}, \
+      = c,a/b,, \
+    && eval 'test $(( 1 + 1 )) -eq 2 \
+    && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \
+  && xsi_shell=yes
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $xsi_shell" >&5
+$as_echo "$xsi_shell" >&6; }
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands \"+=\"" >&5
+$as_echo_n "checking whether the shell understands \"+=\"... " >&6; }
+lt_shell_append=no
+( foo=bar; set foo baz; eval "$1+=\$2" && test "$foo" = barbaz ) \
+    >/dev/null 2>&1 \
+  && lt_shell_append=yes
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_shell_append" >&5
+$as_echo "$lt_shell_append" >&6; }
+
+
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  lt_unset=unset
+else
+  lt_unset=false
+fi
+
+
+
+
+
+# test EBCDIC or ASCII
+case `echo X|tr X '\101'` in
+ A) # ASCII based system
+    # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
+  lt_SP2NL='tr \040 \012'
+  lt_NL2SP='tr \015\012 \040\040'
+  ;;
+ *) # EBCDIC based system
+  lt_SP2NL='tr \100 \n'
+  lt_NL2SP='tr \r\n \100\100'
+  ;;
+esac
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5
+$as_echo_n "checking for $LD option to reload object files... " >&6; }
+if test "${lt_cv_ld_reload_flag+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_ld_reload_flag='-r'
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
+$as_echo "$lt_cv_ld_reload_flag" >&6; }
+reload_flag=$lt_cv_ld_reload_flag
+case $reload_flag in
+"" | " "*) ;;
+*) reload_flag=" $reload_flag" ;;
+esac
+reload_cmds='$LD$reload_flag -o $output$reload_objs'
+case $host_os in
+  darwin*)
+    if test "$GCC" = yes; then
+      reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs'
+    else
+      reload_cmds='$LD$reload_flag -o $output$reload_objs'
+    fi
+    ;;
+esac
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
+set dummy ${ac_tool_prefix}objdump; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_OBJDUMP+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$OBJDUMP"; then
+  ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+OBJDUMP=$ac_cv_prog_OBJDUMP
+if test -n "$OBJDUMP"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
+$as_echo "$OBJDUMP" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OBJDUMP"; then
+  ac_ct_OBJDUMP=$OBJDUMP
+  # Extract the first word of "objdump", so it can be a program name with args.
+set dummy objdump; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_OBJDUMP+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_OBJDUMP"; then
+  ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_OBJDUMP="objdump"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
+if test -n "$ac_ct_OBJDUMP"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
+$as_echo "$ac_ct_OBJDUMP" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_OBJDUMP" = x; then
+    OBJDUMP="false"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    OBJDUMP=$ac_ct_OBJDUMP
+  fi
+else
+  OBJDUMP="$ac_cv_prog_OBJDUMP"
+fi
+
+test -z "$OBJDUMP" && OBJDUMP=objdump
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5
+$as_echo_n "checking how to recognize dependent libraries... " >&6; }
+if test "${lt_cv_deplibs_check_method+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_file_magic_cmd='$MAGIC_CMD'
+lt_cv_file_magic_test_file=
+lt_cv_deplibs_check_method='unknown'
+# Need to set the preceding variable on all platforms that support
+# interlibrary dependencies.
+# 'none' -- dependencies not supported.
+# `unknown' -- same as none, but documents that we really don't know.
+# 'pass_all' -- all dependencies passed with no checks.
+# 'test_compile' -- check by making test program.
+# 'file_magic [[regex]]' -- check by looking for files in library path
+# which responds to the $file_magic_cmd with a given extended regex.
+# If you have `file' or equivalent on your system and you're not sure
+# whether `pass_all' will *always* work, you probably want this one.
+
+case $host_os in
+aix[4-9]*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+beos*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+bsdi[45]*)
+  lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
+  lt_cv_file_magic_cmd='/usr/bin/file -L'
+  lt_cv_file_magic_test_file=/shlib/libc.so
+  ;;
+
+cygwin*)
+  # func_win32_libid is a shell function defined in ltmain.sh
+  lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+  lt_cv_file_magic_cmd='func_win32_libid'
+  ;;
+
+mingw* | pw32*)
+  # Base MSYS/MinGW do not provide the 'file' command needed by
+  # func_win32_libid shell function, so use a weaker test based on 'objdump',
+  # unless we find 'file', for example because we are cross-compiling.
+  if ( file / ) >/dev/null 2>&1; then
+    lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+    lt_cv_file_magic_cmd='func_win32_libid'
+  else
+    lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+    lt_cv_file_magic_cmd='$OBJDUMP -f'
+  fi
+  ;;
+
+cegcc)
+  # use the weaker test based on 'objdump'. See mingw*.
+  lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
+  lt_cv_file_magic_cmd='$OBJDUMP -f'
+  ;;
+
+darwin* | rhapsody*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+freebsd* | dragonfly*)
+  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+    case $host_cpu in
+    i*86 )
+      # Not sure whether the presence of OpenBSD here was a mistake.
+      # Let's accept both of them until this is cleared up.
+      lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
+      lt_cv_file_magic_cmd=/usr/bin/file
+      lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
+      ;;
+    esac
+  else
+    lt_cv_deplibs_check_method=pass_all
+  fi
+  ;;
+
+gnu*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+hpux10.20* | hpux11*)
+  lt_cv_file_magic_cmd=/usr/bin/file
+  case $host_cpu in
+  ia64*)
+    lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
+    lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
+    ;;
+  hppa*64*)
+    lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'
+    lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
+    ;;
+  *)
+    lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library'
+    lt_cv_file_magic_test_file=/usr/lib/libc.sl
+    ;;
+  esac
+  ;;
+
+interix[3-9]*)
+  # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
+  lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$'
+  ;;
+
+irix5* | irix6* | nonstopux*)
+  case $LD in
+  *-32|*"-32 ") libmagic=32-bit;;
+  *-n32|*"-n32 ") libmagic=N32;;
+  *-64|*"-64 ") libmagic=64-bit;;
+  *) libmagic=never-match;;
+  esac
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+netbsd*)
+  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+    lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+  else
+    lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$'
+  fi
+  ;;
+
+newos6*)
+  lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
+  lt_cv_file_magic_cmd=/usr/bin/file
+  lt_cv_file_magic_test_file=/usr/lib/libnls.so
+  ;;
+
+*nto* | *qnx*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+openbsd*)
+  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+    lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$'
+  else
+    lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+  fi
+  ;;
+
+osf3* | osf4* | osf5*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+rdos*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+solaris*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+sysv4 | sysv4.3*)
+  case $host_vendor in
+  motorola)
+    lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
+    lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
+    ;;
+  ncr)
+    lt_cv_deplibs_check_method=pass_all
+    ;;
+  sequent)
+    lt_cv_file_magic_cmd='/bin/file'
+    lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
+    ;;
+  sni)
+    lt_cv_file_magic_cmd='/bin/file'
+    lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib"
+    lt_cv_file_magic_test_file=/lib/libc.so
+    ;;
+  siemens)
+    lt_cv_deplibs_check_method=pass_all
+    ;;
+  pc)
+    lt_cv_deplibs_check_method=pass_all
+    ;;
+  esac
+  ;;
+
+tpf*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+esac
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
+$as_echo "$lt_cv_deplibs_check_method" >&6; }
+file_magic_cmd=$lt_cv_file_magic_cmd
+deplibs_check_method=$lt_cv_deplibs_check_method
+test -z "$deplibs_check_method" && deplibs_check_method=unknown
+
+
+
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_AR+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$AR"; then
+  ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_AR="${ac_tool_prefix}ar"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+$as_echo "$AR" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_AR"; then
+  ac_ct_AR=$AR
+  # Extract the first word of "ar", so it can be a program name with args.
+set dummy ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_AR+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_AR"; then
+  ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_AR="ar"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
+$as_echo "$ac_ct_AR" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_AR" = x; then
+    AR="false"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    AR=$ac_ct_AR
+  fi
+else
+  AR="$ac_cv_prog_AR"
+fi
+
+test -z "$AR" && AR=ar
+test -z "$AR_FLAGS" && AR_FLAGS=cru
+
+
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_STRIP+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$STRIP"; then
+  ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+$as_echo "$STRIP" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+  ac_ct_STRIP=$STRIP
+  # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_STRIP"; then
+  ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_STRIP="strip"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+$as_echo "$ac_ct_STRIP" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_STRIP" = x; then
+    STRIP=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    STRIP=$ac_ct_STRIP
+  fi
+else
+  STRIP="$ac_cv_prog_STRIP"
+fi
+
+test -z "$STRIP" && STRIP=:
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_RANLIB+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$RANLIB"; then
+  ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+$as_echo "$RANLIB" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+  ac_ct_RANLIB=$RANLIB
+  # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_RANLIB"; then
+  ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_RANLIB="ranlib"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+$as_echo "$ac_ct_RANLIB" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_RANLIB" = x; then
+    RANLIB=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    RANLIB=$ac_ct_RANLIB
+  fi
+else
+  RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+test -z "$RANLIB" && RANLIB=:
+
+
+
+
+
+
+# Determine commands to create old-style static archives.
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
+old_postinstall_cmds='chmod 644 $oldlib'
+old_postuninstall_cmds=
+
+if test -n "$RANLIB"; then
+  case $host_os in
+  openbsd*)
+    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
+    ;;
+  *)
+    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
+    ;;
+  esac
+  old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# Check for command to grab the raw symbol name followed by C symbol from nm.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5
+$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; }
+if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+
+# These are sane defaults that work on at least a few old systems.
+# [They come from Ultrix.  What could be older than Ultrix?!! ;)]
+
+# Character class describing NM global symbol codes.
+symcode='[BCDEGRST]'
+
+# Regexp to match symbols that can be accessed directly from C.
+sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
+
+# Define system-specific variables.
+case $host_os in
+aix*)
+  symcode='[BCDT]'
+  ;;
+cygwin* | mingw* | pw32* | cegcc*)
+  symcode='[ABCDGISTW]'
+  ;;
+hpux*)
+  if test "$host_cpu" = ia64; then
+    symcode='[ABCDEGRST]'
+  fi
+  ;;
+irix* | nonstopux*)
+  symcode='[BCDEGRST]'
+  ;;
+osf*)
+  symcode='[BCDEGQRST]'
+  ;;
+solaris*)
+  symcode='[BDRT]'
+  ;;
+sco3.2v5*)
+  symcode='[DT]'
+  ;;
+sysv4.2uw2*)
+  symcode='[DT]'
+  ;;
+sysv5* | sco5v6* | unixware* | OpenUNIX*)
+  symcode='[ABDT]'
+  ;;
+sysv4)
+  symcode='[DFNSTU]'
+  ;;
+esac
+
+# If we're using GNU nm, then use its standard symbol codes.
+case `$NM -V 2>&1` in
+*GNU* | *'with BFD'*)
+  symcode='[ABCDGIRSTW]' ;;
+esac
+
+# Transform an extracted symbol line into a proper C declaration.
+# Some systems (esp. on ia64) link data and code symbols differently,
+# so use this general approach.
+lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+
+# Transform an extracted symbol line into symbol name and symbol address
+lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/  {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/  {\"\2\", (void *) \&\2},/p'"
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([^ ]*\) $/  {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \(lib[^ ]*\)$/  {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/  {\"lib\2\", (void *) \&\2},/p'"
+
+# Handle CRLF in mingw tool chain
+opt_cr=
+case $build_os in
+mingw*)
+  opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
+  ;;
+esac
+
+# Try without a prefix underscore, then with it.
+for ac_symprfx in "" "_"; do
+
+  # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
+  symxfrm="\\1 $ac_symprfx\\2 \\2"
+
+  # Write the raw and C identifiers.
+  if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+    # Fake it for dumpbin and say T for any non-static function
+    # and D for any global variable.
+    # Also find C++ and __fastcall symbols from MSVC++,
+    # which start with @ or ?.
+    lt_cv_sys_global_symbol_pipe="$AWK '"\
+"     {last_section=section; section=\$ 3};"\
+"     /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
+"     \$ 0!~/External *\|/{next};"\
+"     / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
+"     {if(hide[section]) next};"\
+"     {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\
+"     {split(\$ 0, a, /\||\r/); split(a[2], s)};"\
+"     s[1]~/^[@?]/{print s[1], s[1]; next};"\
+"     s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\
+"     ' prfx=^$ac_symprfx"
+  else
+    lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[	 ]\($symcode$symcode*\)[	 ][	 ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+  fi
+
+  # Check to see that the pipe works correctly.
+  pipe_works=no
+
+  rm -f conftest*
+  cat > conftest.$ac_ext <<_LT_EOF
+#ifdef __cplusplus
+extern "C" {
+#endif
+char nm_test_var;
+void nm_test_func(void);
+void nm_test_func(void){}
+#ifdef __cplusplus
+}
+#endif
+int main(){nm_test_var='a';nm_test_func();return(0);}
+_LT_EOF
+
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+    # Now try to grab the symbols.
+    nlist=conftest.nm
+    if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\""; } >&5
+  (eval $NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && test -s "$nlist"; then
+      # Try sorting and uniquifying the output.
+      if sort "$nlist" | uniq > "$nlist"T; then
+	mv -f "$nlist"T "$nlist"
+      else
+	rm -f "$nlist"T
+      fi
+
+      # Make sure that we snagged all the symbols we need.
+      if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
+	if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
+	  cat <<_LT_EOF > conftest.$ac_ext
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+_LT_EOF
+	  # Now generate the symbol file.
+	  eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
+
+	  cat <<_LT_EOF >> conftest.$ac_ext
+
+/* The mapping between symbol names and symbols.  */
+const struct {
+  const char *name;
+  void       *address;
+}
+lt__PROGRAM__LTX_preloaded_symbols[] =
+{
+  { "@PROGRAM@", (void *) 0 },
+_LT_EOF
+	  $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/  {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
+	  cat <<\_LT_EOF >> conftest.$ac_ext
+  {0, (void *) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+  return lt__PROGRAM__LTX_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+_LT_EOF
+	  # Now try linking the two files.
+	  mv conftest.$ac_objext conftstm.$ac_objext
+	  lt_save_LIBS="$LIBS"
+	  lt_save_CFLAGS="$CFLAGS"
+	  LIBS="conftstm.$ac_objext"
+	  CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag"
+	  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && test -s conftest${ac_exeext}; then
+	    pipe_works=yes
+	  fi
+	  LIBS="$lt_save_LIBS"
+	  CFLAGS="$lt_save_CFLAGS"
+	else
+	  echo "cannot find nm_test_func in $nlist" >&5
+	fi
+      else
+	echo "cannot find nm_test_var in $nlist" >&5
+      fi
+    else
+      echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5
+    fi
+  else
+    echo "$progname: failed program was:" >&5
+    cat conftest.$ac_ext >&5
+  fi
+  rm -rf conftest* conftst*
+
+  # Do not use the global_symbol_pipe unless it works.
+  if test "$pipe_works" = yes; then
+    break
+  else
+    lt_cv_sys_global_symbol_pipe=
+  fi
+done
+
+fi
+
+if test -z "$lt_cv_sys_global_symbol_pipe"; then
+  lt_cv_sys_global_symbol_to_cdecl=
+fi
+if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5
+$as_echo "failed" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
+$as_echo "ok" >&6; }
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Check whether --enable-libtool-lock was given.
+if test "${enable_libtool_lock+set}" = set; then :
+  enableval=$enable_libtool_lock;
+fi
+
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case $host in
+ia64-*-hpux*)
+  # Find out which ABI we are using.
+  echo 'int i;' > conftest.$ac_ext
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+    case `/usr/bin/file conftest.$ac_objext` in
+      *ELF-32*)
+	HPUX_IA64_MODE="32"
+	;;
+      *ELF-64*)
+	HPUX_IA64_MODE="64"
+	;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+*-*-irix6*)
+  # Find out which ABI we are using.
+  echo '#line 7976 "configure"' > conftest.$ac_ext
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+    if test "$lt_cv_prog_gnu_ld" = yes; then
+      case `/usr/bin/file conftest.$ac_objext` in
+	*32-bit*)
+	  LD="${LD-ld} -melf32bsmip"
+	  ;;
+	*N32*)
+	  LD="${LD-ld} -melf32bmipn32"
+	  ;;
+	*64-bit*)
+	  LD="${LD-ld} -melf64bmip"
+	;;
+      esac
+    else
+      case `/usr/bin/file conftest.$ac_objext` in
+	*32-bit*)
+	  LD="${LD-ld} -32"
+	  ;;
+	*N32*)
+	  LD="${LD-ld} -n32"
+	  ;;
+	*64-bit*)
+	  LD="${LD-ld} -64"
+	  ;;
+      esac
+    fi
+  fi
+  rm -rf conftest*
+  ;;
+
+x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \
+s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
+  # Find out which ABI we are using.
+  echo 'int i;' > conftest.$ac_ext
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+    case `/usr/bin/file conftest.o` in
+      *32-bit*)
+	case $host in
+	  x86_64-*kfreebsd*-gnu)
+	    LD="${LD-ld} -m elf_i386_fbsd"
+	    ;;
+	  x86_64-*linux*)
+	    LD="${LD-ld} -m elf_i386"
+	    ;;
+	  ppc64-*linux*|powerpc64-*linux*)
+	    LD="${LD-ld} -m elf32ppclinux"
+	    ;;
+	  s390x-*linux*)
+	    LD="${LD-ld} -m elf_s390"
+	    ;;
+	  sparc64-*linux*)
+	    LD="${LD-ld} -m elf32_sparc"
+	    ;;
+	esac
+	;;
+      *64-bit*)
+	case $host in
+	  x86_64-*kfreebsd*-gnu)
+	    LD="${LD-ld} -m elf_x86_64_fbsd"
+	    ;;
+	  x86_64-*linux*)
+	    LD="${LD-ld} -m elf_x86_64"
+	    ;;
+	  ppc*-*linux*|powerpc*-*linux*)
+	    LD="${LD-ld} -m elf64ppc"
+	    ;;
+	  s390*-*linux*|s390*-*tpf*)
+	    LD="${LD-ld} -m elf64_s390"
+	    ;;
+	  sparc*-*linux*)
+	    LD="${LD-ld} -m elf64_sparc"
+	    ;;
+	esac
+	;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+
+*-*-sco3.2v5*)
+  # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+  SAVE_CFLAGS="$CFLAGS"
+  CFLAGS="$CFLAGS -belf"
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
+$as_echo_n "checking whether the C compiler needs -belf... " >&6; }
+if test "${lt_cv_cc_needs_belf+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  lt_cv_cc_needs_belf=yes
+else
+  lt_cv_cc_needs_belf=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+     ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
+$as_echo "$lt_cv_cc_needs_belf" >&6; }
+  if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+    # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+    CFLAGS="$SAVE_CFLAGS"
+  fi
+  ;;
+sparc*-*solaris*)
+  # Find out which ABI we are using.
+  echo 'int i;' > conftest.$ac_ext
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+    case `/usr/bin/file conftest.o` in
+    *64-bit*)
+      case $lt_cv_prog_gnu_ld in
+      yes*) LD="${LD-ld} -m elf64_sparc" ;;
+      *)
+	if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
+	  LD="${LD-ld} -64"
+	fi
+	;;
+      esac
+      ;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+esac
+
+need_locks="$enable_libtool_lock"
+
+
+  case $host_os in
+    rhapsody* | darwin*)
+    if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args.
+set dummy ${ac_tool_prefix}dsymutil; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_DSYMUTIL+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$DSYMUTIL"; then
+  ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+DSYMUTIL=$ac_cv_prog_DSYMUTIL
+if test -n "$DSYMUTIL"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5
+$as_echo "$DSYMUTIL" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_DSYMUTIL"; then
+  ac_ct_DSYMUTIL=$DSYMUTIL
+  # Extract the first word of "dsymutil", so it can be a program name with args.
+set dummy dsymutil; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_DSYMUTIL+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_DSYMUTIL"; then
+  ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_DSYMUTIL="dsymutil"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL
+if test -n "$ac_ct_DSYMUTIL"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5
+$as_echo "$ac_ct_DSYMUTIL" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_DSYMUTIL" = x; then
+    DSYMUTIL=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    DSYMUTIL=$ac_ct_DSYMUTIL
+  fi
+else
+  DSYMUTIL="$ac_cv_prog_DSYMUTIL"
+fi
+
+    if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args.
+set dummy ${ac_tool_prefix}nmedit; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_NMEDIT+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$NMEDIT"; then
+  ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+NMEDIT=$ac_cv_prog_NMEDIT
+if test -n "$NMEDIT"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5
+$as_echo "$NMEDIT" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_NMEDIT"; then
+  ac_ct_NMEDIT=$NMEDIT
+  # Extract the first word of "nmedit", so it can be a program name with args.
+set dummy nmedit; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_NMEDIT+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_NMEDIT"; then
+  ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_NMEDIT="nmedit"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT
+if test -n "$ac_ct_NMEDIT"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5
+$as_echo "$ac_ct_NMEDIT" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_NMEDIT" = x; then
+    NMEDIT=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    NMEDIT=$ac_ct_NMEDIT
+  fi
+else
+  NMEDIT="$ac_cv_prog_NMEDIT"
+fi
+
+    if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args.
+set dummy ${ac_tool_prefix}lipo; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_LIPO+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$LIPO"; then
+  ac_cv_prog_LIPO="$LIPO" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_LIPO="${ac_tool_prefix}lipo"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+LIPO=$ac_cv_prog_LIPO
+if test -n "$LIPO"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5
+$as_echo "$LIPO" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_LIPO"; then
+  ac_ct_LIPO=$LIPO
+  # Extract the first word of "lipo", so it can be a program name with args.
+set dummy lipo; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_LIPO+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_LIPO"; then
+  ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_LIPO="lipo"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO
+if test -n "$ac_ct_LIPO"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5
+$as_echo "$ac_ct_LIPO" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_LIPO" = x; then
+    LIPO=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    LIPO=$ac_ct_LIPO
+  fi
+else
+  LIPO="$ac_cv_prog_LIPO"
+fi
+
+    if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args.
+set dummy ${ac_tool_prefix}otool; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_OTOOL+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$OTOOL"; then
+  ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_OTOOL="${ac_tool_prefix}otool"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+OTOOL=$ac_cv_prog_OTOOL
+if test -n "$OTOOL"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5
+$as_echo "$OTOOL" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OTOOL"; then
+  ac_ct_OTOOL=$OTOOL
+  # Extract the first word of "otool", so it can be a program name with args.
+set dummy otool; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_OTOOL+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_OTOOL"; then
+  ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_OTOOL="otool"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL
+if test -n "$ac_ct_OTOOL"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5
+$as_echo "$ac_ct_OTOOL" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_OTOOL" = x; then
+    OTOOL=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    OTOOL=$ac_ct_OTOOL
+  fi
+else
+  OTOOL="$ac_cv_prog_OTOOL"
+fi
+
+    if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args.
+set dummy ${ac_tool_prefix}otool64; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_OTOOL64+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$OTOOL64"; then
+  ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+OTOOL64=$ac_cv_prog_OTOOL64
+if test -n "$OTOOL64"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5
+$as_echo "$OTOOL64" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OTOOL64"; then
+  ac_ct_OTOOL64=$OTOOL64
+  # Extract the first word of "otool64", so it can be a program name with args.
+set dummy otool64; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_OTOOL64+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_OTOOL64"; then
+  ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_OTOOL64="otool64"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64
+if test -n "$ac_ct_OTOOL64"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5
+$as_echo "$ac_ct_OTOOL64" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_OTOOL64" = x; then
+    OTOOL64=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    OTOOL64=$ac_ct_OTOOL64
+  fi
+else
+  OTOOL64="$ac_cv_prog_OTOOL64"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5
+$as_echo_n "checking for -single_module linker flag... " >&6; }
+if test "${lt_cv_apple_cc_single_mod+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_apple_cc_single_mod=no
+      if test -z "${LT_MULTI_MODULE}"; then
+	# By default we will add the -single_module flag. You can override
+	# by either setting the environment variable LT_MULTI_MODULE
+	# non-empty at configure time, or by adding -multi_module to the
+	# link flags.
+	rm -rf libconftest.dylib*
+	echo "int foo(void){return 1;}" > conftest.c
+	echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+-dynamiclib -Wl,-single_module conftest.c" >&5
+	$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+	  -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
+        _lt_result=$?
+	if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then
+	  lt_cv_apple_cc_single_mod=yes
+	else
+	  cat conftest.err >&5
+	fi
+	rm -rf libconftest.dylib*
+	rm -f conftest.*
+      fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
+$as_echo "$lt_cv_apple_cc_single_mod" >&6; }
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
+$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; }
+if test "${lt_cv_ld_exported_symbols_list+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_ld_exported_symbols_list=no
+      save_LDFLAGS=$LDFLAGS
+      echo "_main" > conftest.sym
+      LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  lt_cv_ld_exported_symbols_list=yes
+else
+  lt_cv_ld_exported_symbols_list=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+	LDFLAGS="$save_LDFLAGS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
+$as_echo "$lt_cv_ld_exported_symbols_list" >&6; }
+    case $host_os in
+    rhapsody* | darwin1.[012])
+      _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;;
+    darwin1.*)
+      _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+    darwin*) # darwin 5.x on
+      # if running on 10.5 or later, the deployment target defaults
+      # to the OS version, if on x86, and 10.4, the deployment
+      # target defaults to 10.4. Don't you love it?
+      case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
+	10.0,*86*-darwin8*|10.0,*-darwin[91]*)
+	  _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+	10.[012]*)
+	  _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+	10.*)
+	  _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+      esac
+    ;;
+  esac
+    if test "$lt_cv_apple_cc_single_mod" = "yes"; then
+      _lt_dar_single_mod='$single_module'
+    fi
+    if test "$lt_cv_ld_exported_symbols_list" = "yes"; then
+      _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym'
+    else
+      _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}'
+    fi
+    if test "$DSYMUTIL" != ":"; then
+      _lt_dsymutil='~$DSYMUTIL $lib || :'
+    else
+      _lt_dsymutil=
+    fi
+    ;;
+  esac
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if test "${ac_cv_header_stdc+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_header_stdc=yes
+else
+  ac_cv_header_stdc=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+  # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "memchr" >/dev/null 2>&1; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "free" >/dev/null 2>&1; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+  if test "$cross_compiling" = yes; then :
+  :
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ctype.h>
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+		   (('a' <= (c) && (c) <= 'i') \
+		     || ('j' <= (c) && (c) <= 'r') \
+		     || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+  int i;
+  for (i = 0; i < 256; i++)
+    if (XOR (islower (i), ISLOWER (i))
+	|| toupper (i) != TOUPPER (i))
+      return 2;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+
+# On IRIX 5.3, sys/types and inttypes.h are conflicting.
+for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
+		  inttypes.h stdint.h unistd.h
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+"
+eval as_val=\$$as_ac_Header
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+for ac_header in dlfcn.h
+do :
+  ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
+"
+if test "x$ac_cv_header_dlfcn_h" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_DLFCN_H 1
+_ACEOF
+
+fi
+
+done
+
+
+
+# Set options
+
+
+
+        enable_dlopen=no
+
+
+  enable_win32_dll=no
+
+
+            # Check whether --enable-shared was given.
+if test "${enable_shared+set}" = set; then :
+  enableval=$enable_shared; p=${PACKAGE-default}
+    case $enableval in
+    yes) enable_shared=yes ;;
+    no) enable_shared=no ;;
+    *)
+      enable_shared=no
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+      for pkg in $enableval; do
+	IFS="$lt_save_ifs"
+	if test "X$pkg" = "X$p"; then
+	  enable_shared=yes
+	fi
+      done
+      IFS="$lt_save_ifs"
+      ;;
+    esac
+else
+  enable_shared=yes
+fi
+
+
+
+
+
+
+
+
+
+  # Check whether --enable-static was given.
+if test "${enable_static+set}" = set; then :
+  enableval=$enable_static; p=${PACKAGE-default}
+    case $enableval in
+    yes) enable_static=yes ;;
+    no) enable_static=no ;;
+    *)
+     enable_static=no
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+      for pkg in $enableval; do
+	IFS="$lt_save_ifs"
+	if test "X$pkg" = "X$p"; then
+	  enable_static=yes
+	fi
+      done
+      IFS="$lt_save_ifs"
+      ;;
+    esac
+else
+  enable_static=yes
+fi
+
+
+
+
+
+
+
+
+
+
+# Check whether --with-pic was given.
+if test "${with_pic+set}" = set; then :
+  withval=$with_pic; pic_mode="$withval"
+else
+  pic_mode=default
+fi
+
+
+test -z "$pic_mode" && pic_mode=default
+
+
+
+
+
+
+
+  # Check whether --enable-fast-install was given.
+if test "${enable_fast_install+set}" = set; then :
+  enableval=$enable_fast_install; p=${PACKAGE-default}
+    case $enableval in
+    yes) enable_fast_install=yes ;;
+    no) enable_fast_install=no ;;
+    *)
+      enable_fast_install=no
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+      for pkg in $enableval; do
+	IFS="$lt_save_ifs"
+	if test "X$pkg" = "X$p"; then
+	  enable_fast_install=yes
+	fi
+      done
+      IFS="$lt_save_ifs"
+      ;;
+    esac
+else
+  enable_fast_install=yes
+fi
+
+
+
+
+
+
+
+
+
+
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS="$ltmain"
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+test -z "$LN_S" && LN_S="ln -s"
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+if test -n "${ZSH_VERSION+set}" ; then
+   setopt NO_GLOB_SUBST
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5
+$as_echo_n "checking for objdir... " >&6; }
+if test "${lt_cv_objdir+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  rm -f .libs 2>/dev/null
+mkdir .libs 2>/dev/null
+if test -d .libs; then
+  lt_cv_objdir=.libs
+else
+  # MS-DOS does not allow filenames that begin with a dot.
+  lt_cv_objdir=_libs
+fi
+rmdir .libs 2>/dev/null
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
+$as_echo "$lt_cv_objdir" >&6; }
+objdir=$lt_cv_objdir
+
+
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define LT_OBJDIR "$lt_cv_objdir/"
+_ACEOF
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+case $host_os in
+aix3*)
+  # AIX sometimes has problems with the GCC collect2 program.  For some
+  # reason, if we set the COLLECT_NAMES environment variable, the problems
+  # vanish in a puff of smoke.
+  if test "X${COLLECT_NAMES+set}" != Xset; then
+    COLLECT_NAMES=
+    export COLLECT_NAMES
+  fi
+  ;;
+esac
+
+# Sed substitution that helps us do robust quoting.  It backslashifies
+# metacharacters that are still active within double-quoted strings.
+sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\(["`\\]\)/\\\1/g'
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to delay expansion of an escaped single quote.
+delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+
+# Global variables:
+ofile=libtool
+can_build_shared=yes
+
+# All known linkers require a `.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+
+with_gnu_ld="$lt_cv_prog_gnu_ld"
+
+old_CC="$CC"
+old_CFLAGS="$CFLAGS"
+
+# Set sane defaults for various variables
+test -z "$CC" && CC=cc
+test -z "$LTCC" && LTCC=$CC
+test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
+test -z "$LD" && LD=ld
+test -z "$ac_objext" && ac_objext=o
+
+for cc_temp in $compiler""; do
+  case $cc_temp in
+    compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+    distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+    \-*) ;;
+    *) break;;
+  esac
+done
+cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+# Only perform the check for file, if the check method requires it
+test -z "$MAGIC_CMD" && MAGIC_CMD=file
+case $deplibs_check_method in
+file_magic*)
+  if test "$file_magic_cmd" = '$MAGIC_CMD'; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5
+$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; }
+if test "${lt_cv_path_MAGIC_CMD+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $MAGIC_CMD in
+[\\/*] |  ?:[\\/]*)
+  lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+  ;;
+*)
+  lt_save_MAGIC_CMD="$MAGIC_CMD"
+  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+  ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+  for ac_dir in $ac_dummy; do
+    IFS="$lt_save_ifs"
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/${ac_tool_prefix}file; then
+      lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file"
+      if test -n "$file_magic_test_file"; then
+	case $deplibs_check_method in
+	"file_magic "*)
+	  file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+	  MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+	    $EGREP "$file_magic_regex" > /dev/null; then
+	    :
+	  else
+	    cat <<_LT_EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such.  This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem.  Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+_LT_EOF
+	  fi ;;
+	esac
+      fi
+      break
+    fi
+  done
+  IFS="$lt_save_ifs"
+  MAGIC_CMD="$lt_save_MAGIC_CMD"
+  ;;
+esac
+fi
+
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+$as_echo "$MAGIC_CMD" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+
+
+if test -z "$lt_cv_path_MAGIC_CMD"; then
+  if test -n "$ac_tool_prefix"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5
+$as_echo_n "checking for file... " >&6; }
+if test "${lt_cv_path_MAGIC_CMD+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $MAGIC_CMD in
+[\\/*] |  ?:[\\/]*)
+  lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+  ;;
+*)
+  lt_save_MAGIC_CMD="$MAGIC_CMD"
+  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+  ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+  for ac_dir in $ac_dummy; do
+    IFS="$lt_save_ifs"
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/file; then
+      lt_cv_path_MAGIC_CMD="$ac_dir/file"
+      if test -n "$file_magic_test_file"; then
+	case $deplibs_check_method in
+	"file_magic "*)
+	  file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+	  MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+	    $EGREP "$file_magic_regex" > /dev/null; then
+	    :
+	  else
+	    cat <<_LT_EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such.  This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem.  Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+_LT_EOF
+	  fi ;;
+	esac
+      fi
+      break
+    fi
+  done
+  IFS="$lt_save_ifs"
+  MAGIC_CMD="$lt_save_MAGIC_CMD"
+  ;;
+esac
+fi
+
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+$as_echo "$MAGIC_CMD" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  else
+    MAGIC_CMD=:
+  fi
+fi
+
+  fi
+  ;;
+esac
+
+# Use C for the default configuration in the libtool script
+
+lt_save_CC="$CC"
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+# Source file extension for C test sources.
+ac_ext=c
+
+# Object file extension for compiled C test sources.
+objext=o
+objext=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(){return(0);}'
+
+
+
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+# Save the default compiler, since it gets overwritten when the other
+# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
+compiler_DEFAULT=$CC
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$RM conftest*
+
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$RM -r conftest*
+
+
+## CAVEAT EMPTOR:
+## There is no encapsulation within the following macros, do not change
+## the running order or otherwise move them around unless you know exactly
+## what you are doing...
+if test -n "$compiler"; then
+
+lt_prog_compiler_no_builtin_flag=
+
+if test "$GCC" = yes; then
+  lt_prog_compiler_no_builtin_flag=' -fno-builtin'
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
+$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
+if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_rtti_exceptions=no
+   ac_outfile=conftest.$ac_objext
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+   lt_compiler_flag="-fno-rtti -fno-exceptions"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   # The option is referenced via a variable to avoid confusing sed.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:9369: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>conftest.err)
+   ac_status=$?
+   cat conftest.err >&5
+   echo "$as_me:9373: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s "$ac_outfile"; then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings other than the usual output.
+     $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_rtti_exceptions=yes
+     fi
+   fi
+   $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
+$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
+
+if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then
+    lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
+else
+    :
+fi
+
+fi
+
+
+
+
+
+
+  lt_prog_compiler_wl=
+lt_prog_compiler_pic=
+lt_prog_compiler_static=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
+$as_echo_n "checking for $compiler option to produce PIC... " >&6; }
+
+  if test "$GCC" = yes; then
+    lt_prog_compiler_wl='-Wl,'
+    lt_prog_compiler_static='-static'
+
+    case $host_os in
+      aix*)
+      # All AIX code is PIC.
+      if test "$host_cpu" = ia64; then
+	# AIX 5 now supports IA64 processor
+	lt_prog_compiler_static='-Bstatic'
+      fi
+      ;;
+
+    amigaos*)
+      case $host_cpu in
+      powerpc)
+            # see comment about AmigaOS4 .so support
+            lt_prog_compiler_pic='-fPIC'
+        ;;
+      m68k)
+            # FIXME: we need at least 68020 code to build shared libraries, but
+            # adding the `-m68020' flag to GCC prevents building anything better,
+            # like `-m68040'.
+            lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
+        ;;
+      esac
+      ;;
+
+    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+      # PIC is the default for these OSes.
+      ;;
+
+    mingw* | cygwin* | pw32* | os2* | cegcc*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      # Although the cygwin gcc ignores -fPIC, still need this for old-style
+      # (--disable-auto-import) libraries
+      lt_prog_compiler_pic='-DDLL_EXPORT'
+      ;;
+
+    darwin* | rhapsody*)
+      # PIC is the default on this platform
+      # Common symbols not allowed in MH_DYLIB files
+      lt_prog_compiler_pic='-fno-common'
+      ;;
+
+    hpux*)
+      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
+      # sets the default TLS model and affects inlining.
+      case $host_cpu in
+      hppa*64*)
+	# +Z the default
+	;;
+      *)
+	lt_prog_compiler_pic='-fPIC'
+	;;
+      esac
+      ;;
+
+    interix[3-9]*)
+      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+      # Instead, we relocate shared libraries at runtime.
+      ;;
+
+    msdosdjgpp*)
+      # Just because we use GCC doesn't mean we suddenly get shared libraries
+      # on systems that don't support them.
+      lt_prog_compiler_can_build_shared=no
+      enable_shared=no
+      ;;
+
+    *nto* | *qnx*)
+      # QNX uses GNU C++, but need to define -shared option too, otherwise
+      # it will coredump.
+      lt_prog_compiler_pic='-fPIC -shared'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	lt_prog_compiler_pic=-Kconform_pic
+      fi
+      ;;
+
+    *)
+      lt_prog_compiler_pic='-fPIC'
+      ;;
+    esac
+  else
+    # PORTME Check for flag to pass linker flags through the system compiler.
+    case $host_os in
+    aix*)
+      lt_prog_compiler_wl='-Wl,'
+      if test "$host_cpu" = ia64; then
+	# AIX 5 now supports IA64 processor
+	lt_prog_compiler_static='-Bstatic'
+      else
+	lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp'
+      fi
+      ;;
+
+    mingw* | cygwin* | pw32* | os2* | cegcc*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      lt_prog_compiler_pic='-DDLL_EXPORT'
+      ;;
+
+    hpux9* | hpux10* | hpux11*)
+      lt_prog_compiler_wl='-Wl,'
+      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+      # not for PA HP-UX.
+      case $host_cpu in
+      hppa*64*|ia64*)
+	# +Z the default
+	;;
+      *)
+	lt_prog_compiler_pic='+Z'
+	;;
+      esac
+      # Is there a better lt_prog_compiler_static that works with the bundled CC?
+      lt_prog_compiler_static='${wl}-a ${wl}archive'
+      ;;
+
+    irix5* | irix6* | nonstopux*)
+      lt_prog_compiler_wl='-Wl,'
+      # PIC (with -KPIC) is the default.
+      lt_prog_compiler_static='-non_shared'
+      ;;
+
+    linux* | k*bsd*-gnu)
+      case $cc_basename in
+      # old Intel for x86_64 which still supported -KPIC.
+      ecc*)
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-KPIC'
+	lt_prog_compiler_static='-static'
+        ;;
+      # icc used to be incompatible with GCC.
+      # ICC 10 doesn't accept -KPIC any more.
+      icc* | ifort*)
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-fPIC'
+	lt_prog_compiler_static='-static'
+        ;;
+      # Lahey Fortran 8.1.
+      lf95*)
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='--shared'
+	lt_prog_compiler_static='--static'
+	;;
+      pgcc* | pgf77* | pgf90* | pgf95*)
+        # Portland Group compilers (*not* the Pentium gcc compiler,
+	# which looks to be a dead project)
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-fpic'
+	lt_prog_compiler_static='-Bstatic'
+        ;;
+      ccc*)
+        lt_prog_compiler_wl='-Wl,'
+        # All Alpha code is PIC.
+        lt_prog_compiler_static='-non_shared'
+        ;;
+      xl*)
+	# IBM XL C 8.0/Fortran 10.1 on PPC
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-qpic'
+	lt_prog_compiler_static='-qstaticlink'
+	;;
+      *)
+	case `$CC -V 2>&1 | sed 5q` in
+	*Sun\ C*)
+	  # Sun C 5.9
+	  lt_prog_compiler_pic='-KPIC'
+	  lt_prog_compiler_static='-Bstatic'
+	  lt_prog_compiler_wl='-Wl,'
+	  ;;
+	*Sun\ F*)
+	  # Sun Fortran 8.3 passes all unrecognized flags to the linker
+	  lt_prog_compiler_pic='-KPIC'
+	  lt_prog_compiler_static='-Bstatic'
+	  lt_prog_compiler_wl=''
+	  ;;
+	esac
+	;;
+      esac
+      ;;
+
+    newsos6)
+      lt_prog_compiler_pic='-KPIC'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    *nto* | *qnx*)
+      # QNX uses GNU C++, but need to define -shared option too, otherwise
+      # it will coredump.
+      lt_prog_compiler_pic='-fPIC -shared'
+      ;;
+
+    osf3* | osf4* | osf5*)
+      lt_prog_compiler_wl='-Wl,'
+      # All OSF/1 code is PIC.
+      lt_prog_compiler_static='-non_shared'
+      ;;
+
+    rdos*)
+      lt_prog_compiler_static='-non_shared'
+      ;;
+
+    solaris*)
+      lt_prog_compiler_pic='-KPIC'
+      lt_prog_compiler_static='-Bstatic'
+      case $cc_basename in
+      f77* | f90* | f95*)
+	lt_prog_compiler_wl='-Qoption ld ';;
+      *)
+	lt_prog_compiler_wl='-Wl,';;
+      esac
+      ;;
+
+    sunos4*)
+      lt_prog_compiler_wl='-Qoption ld '
+      lt_prog_compiler_pic='-PIC'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    sysv4 | sysv4.2uw2* | sysv4.3*)
+      lt_prog_compiler_wl='-Wl,'
+      lt_prog_compiler_pic='-KPIC'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec ;then
+	lt_prog_compiler_pic='-Kconform_pic'
+	lt_prog_compiler_static='-Bstatic'
+      fi
+      ;;
+
+    sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+      lt_prog_compiler_wl='-Wl,'
+      lt_prog_compiler_pic='-KPIC'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    unicos*)
+      lt_prog_compiler_wl='-Wl,'
+      lt_prog_compiler_can_build_shared=no
+      ;;
+
+    uts4*)
+      lt_prog_compiler_pic='-pic'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    *)
+      lt_prog_compiler_can_build_shared=no
+      ;;
+    esac
+  fi
+
+case $host_os in
+  # For platforms which do not support PIC, -DPIC is meaningless:
+  *djgpp*)
+    lt_prog_compiler_pic=
+    ;;
+  *)
+    lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC"
+    ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_prog_compiler_pic" >&5
+$as_echo "$lt_prog_compiler_pic" >&6; }
+
+
+
+
+
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
+$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
+if test "${lt_cv_prog_compiler_pic_works+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_pic_works=no
+   ac_outfile=conftest.$ac_objext
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+   lt_compiler_flag="$lt_prog_compiler_pic -DPIC"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   # The option is referenced via a variable to avoid confusing sed.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:9708: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>conftest.err)
+   ac_status=$?
+   cat conftest.err >&5
+   echo "$as_me:9712: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s "$ac_outfile"; then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings other than the usual output.
+     $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_pic_works=yes
+     fi
+   fi
+   $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
+$as_echo "$lt_cv_prog_compiler_pic_works" >&6; }
+
+if test x"$lt_cv_prog_compiler_pic_works" = xyes; then
+    case $lt_prog_compiler_pic in
+     "" | " "*) ;;
+     *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;;
+     esac
+else
+    lt_prog_compiler_pic=
+     lt_prog_compiler_can_build_shared=no
+fi
+
+fi
+
+
+
+
+
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
+if test "${lt_cv_prog_compiler_static_works+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_static_works=no
+   save_LDFLAGS="$LDFLAGS"
+   LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
+   echo "$lt_simple_link_test_code" > conftest.$ac_ext
+   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+     # The linker can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     if test -s conftest.err; then
+       # Append any errors to the config.log.
+       cat conftest.err 1>&5
+       $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+       if diff conftest.exp conftest.er2 >/dev/null; then
+         lt_cv_prog_compiler_static_works=yes
+       fi
+     else
+       lt_cv_prog_compiler_static_works=yes
+     fi
+   fi
+   $RM -r conftest*
+   LDFLAGS="$save_LDFLAGS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
+$as_echo "$lt_cv_prog_compiler_static_works" >&6; }
+
+if test x"$lt_cv_prog_compiler_static_works" = xyes; then
+    :
+else
+    lt_prog_compiler_static=
+fi
+
+
+
+
+
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test "${lt_cv_prog_compiler_c_o+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_c_o=no
+   $RM -r conftest 2>/dev/null
+   mkdir conftest
+   cd conftest
+   mkdir out
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+   lt_compiler_flag="-o out/conftest2.$ac_objext"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:9813: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>out/conftest.err)
+   ac_status=$?
+   cat out/conftest.err >&5
+   echo "$as_me:9817: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s out/conftest2.$ac_objext
+   then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_c_o=yes
+     fi
+   fi
+   chmod u+w . 2>&5
+   $RM conftest*
+   # SGI C++ compiler will create directory out/ii_files/ for
+   # template instantiation
+   test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+   $RM out/* && rmdir out
+   cd ..
+   $RM -r conftest
+   $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
+
+
+
+
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test "${lt_cv_prog_compiler_c_o+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_c_o=no
+   $RM -r conftest 2>/dev/null
+   mkdir conftest
+   cd conftest
+   mkdir out
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+   lt_compiler_flag="-o out/conftest2.$ac_objext"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:9868: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>out/conftest.err)
+   ac_status=$?
+   cat out/conftest.err >&5
+   echo "$as_me:9872: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s out/conftest2.$ac_objext
+   then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_c_o=yes
+     fi
+   fi
+   chmod u+w . 2>&5
+   $RM conftest*
+   # SGI C++ compiler will create directory out/ii_files/ for
+   # template instantiation
+   test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+   $RM out/* && rmdir out
+   cd ..
+   $RM -r conftest
+   $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
+
+
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then
+  # do not overwrite the value of need_locks provided by the user
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
+$as_echo_n "checking if we can lock with hard links... " >&6; }
+  hard_links=yes
+  $RM conftest*
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  touch conftest.a
+  ln conftest.a conftest.b 2>&5 || hard_links=no
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
+$as_echo "$hard_links" >&6; }
+  if test "$hard_links" = no; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+$as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+    need_locks=warn
+  fi
+else
+  need_locks=no
+fi
+
+
+
+
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
+
+  runpath_var=
+  allow_undefined_flag=
+  always_export_symbols=no
+  archive_cmds=
+  archive_expsym_cmds=
+  compiler_needs_object=no
+  enable_shared_with_static_runtimes=no
+  export_dynamic_flag_spec=
+  export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+  hardcode_automatic=no
+  hardcode_direct=no
+  hardcode_direct_absolute=no
+  hardcode_libdir_flag_spec=
+  hardcode_libdir_flag_spec_ld=
+  hardcode_libdir_separator=
+  hardcode_minus_L=no
+  hardcode_shlibpath_var=unsupported
+  inherit_rpath=no
+  link_all_deplibs=unknown
+  module_cmds=
+  module_expsym_cmds=
+  old_archive_from_new_cmds=
+  old_archive_from_expsyms_cmds=
+  thread_safe_flag_spec=
+  whole_archive_flag_spec=
+  # include_expsyms should be a list of space-separated symbols to be *always*
+  # included in the symbol list
+  include_expsyms=
+  # exclude_expsyms can be an extended regexp of symbols to exclude
+  # it will be wrapped by ` (' and `)$', so one must not match beginning or
+  # end of line.  Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+  # as well as any symbol that contains `d'.
+  exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'
+  # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+  # platforms (ab)use it in PIC code, but their linkers get confused if
+  # the symbol is explicitly referenced.  Since portable code cannot
+  # rely on this symbol name, it's probably fine to never include it in
+  # preloaded symbol tables.
+  # Exclude shared library initialization/finalization symbols.
+  extract_expsyms_cmds=
+
+  case $host_os in
+  cygwin* | mingw* | pw32* | cegcc*)
+    # FIXME: the MSVC++ port hasn't been tested in a loooong time
+    # When not using gcc, we currently assume that we are using
+    # Microsoft Visual C++.
+    if test "$GCC" != yes; then
+      with_gnu_ld=no
+    fi
+    ;;
+  interix*)
+    # we just hope/assume this is gcc and not c89 (= MSVC++)
+    with_gnu_ld=yes
+    ;;
+  openbsd*)
+    with_gnu_ld=no
+    ;;
+  esac
+
+  ld_shlibs=yes
+  if test "$with_gnu_ld" = yes; then
+    # If archive_cmds runs LD, not CC, wlarc should be empty
+    wlarc='${wl}'
+
+    # Set some defaults for GNU ld with shared library support. These
+    # are reset later if shared libraries are not supported. Putting them
+    # here allows them to be overridden if necessary.
+    runpath_var=LD_RUN_PATH
+    hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+    export_dynamic_flag_spec='${wl}--export-dynamic'
+    # ancient GNU ld didn't support --whole-archive et. al.
+    if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
+      whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+    else
+      whole_archive_flag_spec=
+    fi
+    supports_anon_versioning=no
+    case `$LD -v 2>&1` in
+      *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
+      *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+      *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+      *\ 2.11.*) ;; # other 2.11 versions
+      *) supports_anon_versioning=yes ;;
+    esac
+
+    # See if GNU ld supports shared libraries.
+    case $host_os in
+    aix[3-9]*)
+      # On AIX/PPC, the GNU linker is very broken
+      if test "$host_cpu" != ia64; then
+	ld_shlibs=no
+	cat <<_LT_EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support.  If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+_LT_EOF
+      fi
+      ;;
+
+    amigaos*)
+      case $host_cpu in
+      powerpc)
+            # see comment about AmigaOS4 .so support
+            archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+            archive_expsym_cmds=''
+        ;;
+      m68k)
+            archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+            hardcode_libdir_flag_spec='-L$libdir'
+            hardcode_minus_L=yes
+        ;;
+      esac
+      ;;
+
+    beos*)
+      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	allow_undefined_flag=unsupported
+	# Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+	# support --undefined.  This deserves some investigation.  FIXME
+	archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+      else
+	ld_shlibs=no
+      fi
+      ;;
+
+    cygwin* | mingw* | pw32* | cegcc*)
+      # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
+      # as there is no search path for DLLs.
+      hardcode_libdir_flag_spec='-L$libdir'
+      allow_undefined_flag=unsupported
+      always_export_symbols=no
+      enable_shared_with_static_runtimes=yes
+      export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols'
+
+      if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+        archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+	# If the export-symbols file already is a .def file (1st line
+	# is EXPORTS), use it as is; otherwise, prepend...
+	archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+	  cp $export_symbols $output_objdir/$soname.def;
+	else
+	  echo EXPORTS > $output_objdir/$soname.def;
+	  cat $export_symbols >> $output_objdir/$soname.def;
+	fi~
+	$CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+      else
+	ld_shlibs=no
+      fi
+      ;;
+
+    interix[3-9]*)
+      hardcode_direct=no
+      hardcode_shlibpath_var=no
+      hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+      export_dynamic_flag_spec='${wl}-E'
+      # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+      # Instead, shared libraries are loaded at an image base (0x10000000 by
+      # default) and relocated if they conflict, which is a slow very memory
+      # consuming and fragmenting process.  To avoid this, we pick a random,
+      # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+      # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
+      archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      ;;
+
+    gnu* | linux* | tpf* | k*bsd*-gnu)
+      tmp_diet=no
+      if test "$host_os" = linux-dietlibc; then
+	case $cc_basename in
+	  diet\ *) tmp_diet=yes;;	# linux-dietlibc with static linking (!diet-dyn)
+	esac
+      fi
+      if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
+	 && test "$tmp_diet" = no
+      then
+	tmp_addflag=
+	tmp_sharedflag='-shared'
+	case $cc_basename,$host_cpu in
+        pgcc*)				# Portland Group C compiler
+	  whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+	  tmp_addflag=' $pic_flag'
+	  ;;
+	pgf77* | pgf90* | pgf95*)	# Portland Group f77 and f90 compilers
+	  whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+	  tmp_addflag=' $pic_flag -Mnomain' ;;
+	ecc*,ia64* | icc*,ia64*)	# Intel C compiler on ia64
+	  tmp_addflag=' -i_dynamic' ;;
+	efc*,ia64* | ifort*,ia64*)	# Intel Fortran compiler on ia64
+	  tmp_addflag=' -i_dynamic -nofor_main' ;;
+	ifc* | ifort*)			# Intel Fortran compiler
+	  tmp_addflag=' -nofor_main' ;;
+	lf95*)				# Lahey Fortran 8.1
+	  whole_archive_flag_spec=
+	  tmp_sharedflag='--shared' ;;
+	xl[cC]*)			# IBM XL C 8.0 on PPC (deal with xlf below)
+	  tmp_sharedflag='-qmkshrobj'
+	  tmp_addflag= ;;
+	esac
+	case `$CC -V 2>&1 | sed 5q` in
+	*Sun\ C*)			# Sun C 5.9
+	  whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+	  compiler_needs_object=yes
+	  tmp_sharedflag='-G' ;;
+	*Sun\ F*)			# Sun Fortran 8.3
+	  tmp_sharedflag='-G' ;;
+	esac
+	archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+        if test "x$supports_anon_versioning" = xyes; then
+          archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
+	    cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+	    echo "local: *; };" >> $output_objdir/$libname.ver~
+	    $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+        fi
+
+	case $cc_basename in
+	xlf*)
+	  # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
+	  whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive'
+	  hardcode_libdir_flag_spec=
+	  hardcode_libdir_flag_spec_ld='-rpath $libdir'
+	  archive_cmds='$LD -shared $libobjs $deplibs $compiler_flags -soname $soname -o $lib'
+	  if test "x$supports_anon_versioning" = xyes; then
+	    archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
+	      cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+	      echo "local: *; };" >> $output_objdir/$libname.ver~
+	      $LD -shared $libobjs $deplibs $compiler_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
+	  fi
+	  ;;
+	esac
+      else
+        ld_shlibs=no
+      fi
+      ;;
+
+    netbsd*)
+      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+	archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+	wlarc=
+      else
+	archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+      fi
+      ;;
+
+    solaris*)
+      if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
+	ld_shlibs=no
+	cat <<_LT_EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems.  Therefore, libtool
+*** is disabling shared libraries support.  We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer.  Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+      elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+      else
+	ld_shlibs=no
+      fi
+      ;;
+
+    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+      case `$LD -v 2>&1` in
+        *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
+	ld_shlibs=no
+	cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+*** reliably create shared libraries on SCO systems.  Therefore, libtool
+*** is disabling shared libraries support.  We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer.  Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+	;;
+	*)
+	  # For security reasons, it is highly recommended that you always
+	  # use absolute paths for naming shared libraries, and exclude the
+	  # DT_RUNPATH tag from executables and libraries.  But doing so
+	  # requires that you compile everything twice, which is a pain.
+	  if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	    hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+	    archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	    archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+	  else
+	    ld_shlibs=no
+	  fi
+	;;
+      esac
+      ;;
+
+    sunos4*)
+      archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+      wlarc=
+      hardcode_direct=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    *)
+      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+      else
+	ld_shlibs=no
+      fi
+      ;;
+    esac
+
+    if test "$ld_shlibs" = no; then
+      runpath_var=
+      hardcode_libdir_flag_spec=
+      export_dynamic_flag_spec=
+      whole_archive_flag_spec=
+    fi
+  else
+    # PORTME fill in a description of your system's linker (not GNU ld)
+    case $host_os in
+    aix3*)
+      allow_undefined_flag=unsupported
+      always_export_symbols=yes
+      archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+      # Note: this linker hardcodes the directories in LIBPATH if there
+      # are no directories specified by -L.
+      hardcode_minus_L=yes
+      if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
+	# Neither direct hardcoding nor static linking is supported with a
+	# broken collect2.
+	hardcode_direct=unsupported
+      fi
+      ;;
+
+    aix[4-9]*)
+      if test "$host_cpu" = ia64; then
+	# On IA64, the linker does run time linking by default, so we don't
+	# have to do anything special.
+	aix_use_runtimelinking=no
+	exp_sym_flag='-Bexport'
+	no_entry_flag=""
+      else
+	# If we're using GNU nm, then we don't want the "-C" option.
+	# -C means demangle to AIX nm, but means don't demangle with GNU nm
+	if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+	  export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+	else
+	  export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+	fi
+	aix_use_runtimelinking=no
+
+	# Test if we are trying to use run time linking or normal
+	# AIX style linking. If -brtl is somewhere in LDFLAGS, we
+	# need to do runtime linking.
+	case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
+	  for ld_flag in $LDFLAGS; do
+	  if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+	    aix_use_runtimelinking=yes
+	    break
+	  fi
+	  done
+	  ;;
+	esac
+
+	exp_sym_flag='-bexport'
+	no_entry_flag='-bnoentry'
+      fi
+
+      # When large executables or shared objects are built, AIX ld can
+      # have problems creating the table of contents.  If linking a library
+      # or program results in "error TOC overflow" add -mminimal-toc to
+      # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
+      # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+      archive_cmds=''
+      hardcode_direct=yes
+      hardcode_direct_absolute=yes
+      hardcode_libdir_separator=':'
+      link_all_deplibs=yes
+      file_list_spec='${wl}-f,'
+
+      if test "$GCC" = yes; then
+	case $host_os in aix4.[012]|aix4.[012].*)
+	# We only want to do this on AIX 4.2 and lower, the check
+	# below for broken collect2 doesn't work under 4.3+
+	  collect2name=`${CC} -print-prog-name=collect2`
+	  if test -f "$collect2name" &&
+	   strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+	  then
+	  # We have reworked collect2
+	  :
+	  else
+	  # We have old collect2
+	  hardcode_direct=unsupported
+	  # It fails to find uninstalled libraries when the uninstalled
+	  # path is not listed in the libpath.  Setting hardcode_minus_L
+	  # to unsupported forces relinking
+	  hardcode_minus_L=yes
+	  hardcode_libdir_flag_spec='-L$libdir'
+	  hardcode_libdir_separator=
+	  fi
+	  ;;
+	esac
+	shared_flag='-shared'
+	if test "$aix_use_runtimelinking" = yes; then
+	  shared_flag="$shared_flag "'${wl}-G'
+	fi
+      else
+	# not using gcc
+	if test "$host_cpu" = ia64; then
+	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+	# chokes on -Wl,-G. The following line is correct:
+	  shared_flag='-G'
+	else
+	  if test "$aix_use_runtimelinking" = yes; then
+	    shared_flag='${wl}-G'
+	  else
+	    shared_flag='${wl}-bM:SRE'
+	  fi
+	fi
+      fi
+
+      export_dynamic_flag_spec='${wl}-bexpall'
+      # It seems that -bexpall does not export symbols beginning with
+      # underscore (_), so it is better to generate a list of symbols to export.
+      always_export_symbols=yes
+      if test "$aix_use_runtimelinking" = yes; then
+	# Warning - without using the other runtime loading flags (-brtl),
+	# -berok will link without error, but may produce a broken library.
+	allow_undefined_flag='-berok'
+        # Determine the default libpath from the value encoded in an
+        # empty executable.
+        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+lt_aix_libpath_sed='
+    /Import File Strings/,/^$/ {
+	/^0/ {
+	    s/^0  *\(.*\)$/\1/
+	    p
+	}
+    }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+  aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+        hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+        archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+      else
+	if test "$host_cpu" = ia64; then
+	  hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
+	  allow_undefined_flag="-z nodefs"
+	  archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+	else
+	 # Determine the default libpath from the value encoded in an
+	 # empty executable.
+	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+lt_aix_libpath_sed='
+    /Import File Strings/,/^$/ {
+	/^0/ {
+	    s/^0  *\(.*\)$/\1/
+	    p
+	}
+    }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+  aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+	 hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+	  # Warning - without using the other run time loading flags,
+	  # -berok will link without error, but may produce a broken library.
+	  no_undefined_flag=' ${wl}-bernotok'
+	  allow_undefined_flag=' ${wl}-berok'
+	  # Exported symbols can be pulled into shared objects from archives
+	  whole_archive_flag_spec='$convenience'
+	  archive_cmds_need_lc=yes
+	  # This is similar to how AIX traditionally builds its shared libraries.
+	  archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+	fi
+      fi
+      ;;
+
+    amigaos*)
+      case $host_cpu in
+      powerpc)
+            # see comment about AmigaOS4 .so support
+            archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+            archive_expsym_cmds=''
+        ;;
+      m68k)
+            archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+            hardcode_libdir_flag_spec='-L$libdir'
+            hardcode_minus_L=yes
+        ;;
+      esac
+      ;;
+
+    bsdi[45]*)
+      export_dynamic_flag_spec=-rdynamic
+      ;;
+
+    cygwin* | mingw* | pw32* | cegcc*)
+      # When not using gcc, we currently assume that we are using
+      # Microsoft Visual C++.
+      # hardcode_libdir_flag_spec is actually meaningless, as there is
+      # no search path for DLLs.
+      hardcode_libdir_flag_spec=' '
+      allow_undefined_flag=unsupported
+      # Tell ltmain to make .lib files, not .a files.
+      libext=lib
+      # Tell ltmain to make .dll files, not .so files.
+      shrext_cmds=".dll"
+      # FIXME: Setting linknames here is a bad hack.
+      archive_cmds='$CC -o $lib $libobjs $compiler_flags `$ECHO "X$deplibs" | $Xsed -e '\''s/ -lc$//'\''` -link -dll~linknames='
+      # The linker will automatically build a .lib file if we build a DLL.
+      old_archive_from_new_cmds='true'
+      # FIXME: Should let the user specify the lib program.
+      old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs'
+      fix_srcfile_path='`cygpath -w "$srcfile"`'
+      enable_shared_with_static_runtimes=yes
+      ;;
+
+    darwin* | rhapsody*)
+
+
+  archive_cmds_need_lc=no
+  hardcode_direct=no
+  hardcode_automatic=yes
+  hardcode_shlibpath_var=unsupported
+  whole_archive_flag_spec=''
+  link_all_deplibs=yes
+  allow_undefined_flag="$_lt_dar_allow_undefined"
+  case $cc_basename in
+     ifort*) _lt_dar_can_shared=yes ;;
+     *) _lt_dar_can_shared=$GCC ;;
+  esac
+  if test "$_lt_dar_can_shared" = "yes"; then
+    output_verbose_link_cmd=echo
+    archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}"
+    module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}"
+    archive_expsym_cmds="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}"
+    module_expsym_cmds="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}"
+
+  else
+  ld_shlibs=no
+  fi
+
+      ;;
+
+    dgux*)
+      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_shlibpath_var=no
+      ;;
+
+    freebsd1*)
+      ld_shlibs=no
+      ;;
+
+    # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+    # support.  Future versions do this automatically, but an explicit c++rt0.o
+    # does not break anything, and helps significantly (at the cost of a little
+    # extra space).
+    freebsd2.2*)
+      archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+      hardcode_libdir_flag_spec='-R$libdir'
+      hardcode_direct=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+    freebsd2*)
+      archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_direct=yes
+      hardcode_minus_L=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+    freebsd* | dragonfly*)
+      archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+      hardcode_libdir_flag_spec='-R$libdir'
+      hardcode_direct=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    hpux9*)
+      if test "$GCC" = yes; then
+	archive_cmds='$RM $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+      else
+	archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+      fi
+      hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+      hardcode_libdir_separator=:
+      hardcode_direct=yes
+
+      # hardcode_minus_L: Not really in the search PATH,
+      # but as the default location of the library.
+      hardcode_minus_L=yes
+      export_dynamic_flag_spec='${wl}-E'
+      ;;
+
+    hpux10*)
+      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+	archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+      fi
+      if test "$with_gnu_ld" = no; then
+	hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+	hardcode_libdir_flag_spec_ld='+b $libdir'
+	hardcode_libdir_separator=:
+	hardcode_direct=yes
+	hardcode_direct_absolute=yes
+	export_dynamic_flag_spec='${wl}-E'
+	# hardcode_minus_L: Not really in the search PATH,
+	# but as the default location of the library.
+	hardcode_minus_L=yes
+      fi
+      ;;
+
+    hpux11*)
+      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+	case $host_cpu in
+	hppa*64*)
+	  archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	ia64*)
+	  archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+	  archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	esac
+      else
+	case $host_cpu in
+	hppa*64*)
+	  archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	ia64*)
+	  archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+	  archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	esac
+      fi
+      if test "$with_gnu_ld" = no; then
+	hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+	hardcode_libdir_separator=:
+
+	case $host_cpu in
+	hppa*64*|ia64*)
+	  hardcode_direct=no
+	  hardcode_shlibpath_var=no
+	  ;;
+	*)
+	  hardcode_direct=yes
+	  hardcode_direct_absolute=yes
+	  export_dynamic_flag_spec='${wl}-E'
+
+	  # hardcode_minus_L: Not really in the search PATH,
+	  # but as the default location of the library.
+	  hardcode_minus_L=yes
+	  ;;
+	esac
+      fi
+      ;;
+
+    irix5* | irix6* | nonstopux*)
+      if test "$GCC" = yes; then
+	archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+	# Try to use the -exported_symbol ld option, if it does not
+	# work, assume that -exports_file does not work either and
+	# implicitly export all symbols.
+        save_LDFLAGS="$LDFLAGS"
+        LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null"
+        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int foo(void) {}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib'
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+        LDFLAGS="$save_LDFLAGS"
+      else
+	archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+	archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib'
+      fi
+      archive_cmds_need_lc='no'
+      hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+      hardcode_libdir_separator=:
+      inherit_rpath=yes
+      link_all_deplibs=yes
+      ;;
+
+    netbsd*)
+      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+	archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
+      else
+	archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
+      fi
+      hardcode_libdir_flag_spec='-R$libdir'
+      hardcode_direct=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    newsos6)
+      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_direct=yes
+      hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+      hardcode_libdir_separator=:
+      hardcode_shlibpath_var=no
+      ;;
+
+    *nto* | *qnx*)
+      ;;
+
+    openbsd*)
+      if test -f /usr/libexec/ld.so; then
+	hardcode_direct=yes
+	hardcode_shlibpath_var=no
+	hardcode_direct_absolute=yes
+	if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+	  archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	  archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+	  hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+	  export_dynamic_flag_spec='${wl}-E'
+	else
+	  case $host_os in
+	   openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
+	     archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+	     hardcode_libdir_flag_spec='-R$libdir'
+	     ;;
+	   *)
+	     archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	     hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+	     ;;
+	  esac
+	fi
+      else
+	ld_shlibs=no
+      fi
+      ;;
+
+    os2*)
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_minus_L=yes
+      allow_undefined_flag=unsupported
+      archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$ECHO DATA >> $output_objdir/$libname.def~$ECHO " SINGLE NONSHARED" >> $output_objdir/$libname.def~$ECHO EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+      old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+      ;;
+
+    osf3*)
+      if test "$GCC" = yes; then
+	allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
+	archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+      else
+	allow_undefined_flag=' -expect_unresolved \*'
+	archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+      fi
+      archive_cmds_need_lc='no'
+      hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+      hardcode_libdir_separator=:
+      ;;
+
+    osf4* | osf5*)	# as osf3* with the addition of -msym flag
+      if test "$GCC" = yes; then
+	allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
+	archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+	hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+      else
+	allow_undefined_flag=' -expect_unresolved \*'
+	archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+	archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
+	$CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp'
+
+	# Both c and cxx compiler support -rpath directly
+	hardcode_libdir_flag_spec='-rpath $libdir'
+      fi
+      archive_cmds_need_lc='no'
+      hardcode_libdir_separator=:
+      ;;
+
+    solaris*)
+      no_undefined_flag=' -z defs'
+      if test "$GCC" = yes; then
+	wlarc='${wl}'
+	archive_cmds='$CC -shared ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+	  $CC -shared ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+      else
+	case `$CC -V 2>&1` in
+	*"Compilers 5.0"*)
+	  wlarc=''
+	  archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+	  $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
+	  ;;
+	*)
+	  wlarc='${wl}'
+	  archive_cmds='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags'
+	  archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+	  $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+	  ;;
+	esac
+      fi
+      hardcode_libdir_flag_spec='-R$libdir'
+      hardcode_shlibpath_var=no
+      case $host_os in
+      solaris2.[0-5] | solaris2.[0-5].*) ;;
+      *)
+	# The compiler driver will combine and reorder linker options,
+	# but understands `-z linker_flag'.  GCC discards it without `$wl',
+	# but is careful enough not to reorder.
+	# Supported since Solaris 2.6 (maybe 2.5.1?)
+	if test "$GCC" = yes; then
+	  whole_archive_flag_spec='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+	else
+	  whole_archive_flag_spec='-z allextract$convenience -z defaultextract'
+	fi
+	;;
+      esac
+      link_all_deplibs=yes
+      ;;
+
+    sunos4*)
+      if test "x$host_vendor" = xsequent; then
+	# Use $CC to link under sequent, because it throws in some extra .o
+	# files that make .init and .fini sections work.
+	archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+      fi
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_direct=yes
+      hardcode_minus_L=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    sysv4)
+      case $host_vendor in
+	sni)
+	  archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  hardcode_direct=yes # is this really true???
+	;;
+	siemens)
+	  ## LD is ld it makes a PLAMLIB
+	  ## CC just makes a GrossModule.
+	  archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+	  reload_cmds='$CC -r -o $output$reload_objs'
+	  hardcode_direct=no
+        ;;
+	motorola)
+	  archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  hardcode_direct=no #Motorola manual says yes, but my tests say they lie
+	;;
+      esac
+      runpath_var='LD_RUN_PATH'
+      hardcode_shlibpath_var=no
+      ;;
+
+    sysv4.3*)
+      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_shlibpath_var=no
+      export_dynamic_flag_spec='-Bexport'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	hardcode_shlibpath_var=no
+	runpath_var=LD_RUN_PATH
+	hardcode_runpath_var=yes
+	ld_shlibs=yes
+      fi
+      ;;
+
+    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
+      no_undefined_flag='${wl}-z,text'
+      archive_cmds_need_lc=no
+      hardcode_shlibpath_var=no
+      runpath_var='LD_RUN_PATH'
+
+      if test "$GCC" = yes; then
+	archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      fi
+      ;;
+
+    sysv5* | sco3.2v5* | sco5v6*)
+      # Note: We can NOT use -z defs as we might desire, because we do not
+      # link with -lc, and that would cause any symbols used from libc to
+      # always be unresolved, which means just about no library would
+      # ever link correctly.  If we're not using GNU ld we use -z text
+      # though, which does catch some bad symbols but isn't as heavy-handed
+      # as -z defs.
+      no_undefined_flag='${wl}-z,text'
+      allow_undefined_flag='${wl}-z,nodefs'
+      archive_cmds_need_lc=no
+      hardcode_shlibpath_var=no
+      hardcode_libdir_flag_spec='${wl}-R,$libdir'
+      hardcode_libdir_separator=':'
+      link_all_deplibs=yes
+      export_dynamic_flag_spec='${wl}-Bexport'
+      runpath_var='LD_RUN_PATH'
+
+      if test "$GCC" = yes; then
+	archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      fi
+      ;;
+
+    uts4*)
+      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_shlibpath_var=no
+      ;;
+
+    *)
+      ld_shlibs=no
+      ;;
+    esac
+
+    if test x$host_vendor = xsni; then
+      case $host in
+      sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+	export_dynamic_flag_spec='${wl}-Blargedynsym'
+	;;
+      esac
+    fi
+  fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
+$as_echo "$ld_shlibs" >&6; }
+test "$ld_shlibs" = no && can_build_shared=no
+
+with_gnu_ld=$with_gnu_ld
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc" in
+x|xyes)
+  # Assume -lc should be added
+  archive_cmds_need_lc=yes
+
+  if test "$enable_shared" = yes && test "$GCC" = yes; then
+    case $archive_cmds in
+    *'~'*)
+      # FIXME: we may have to deal with multi-command sequences.
+      ;;
+    '$CC '*)
+      # Test whether the compiler implicitly links with -lc since on some
+      # systems, -lgcc has to come before -lc. If gcc already passes -lc
+      # to ld, don't add -lc before -lgcc.
+      { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
+$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; }
+      $RM conftest*
+      echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+      if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } 2>conftest.err; then
+        soname=conftest
+        lib=conftest
+        libobjs=conftest.$ac_objext
+        deplibs=
+        wl=$lt_prog_compiler_wl
+	pic_flag=$lt_prog_compiler_pic
+        compiler_flags=-v
+        linker_flags=-v
+        verstring=
+        output_objdir=.
+        libname=conftest
+        lt_save_allow_undefined_flag=$allow_undefined_flag
+        allow_undefined_flag=
+        if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
+  (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+        then
+	  archive_cmds_need_lc=no
+        else
+	  archive_cmds_need_lc=yes
+        fi
+        allow_undefined_flag=$lt_save_allow_undefined_flag
+      else
+        cat conftest.err 1>&5
+      fi
+      $RM conftest*
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: $archive_cmds_need_lc" >&5
+$as_echo "$archive_cmds_need_lc" >&6; }
+      ;;
+    esac
+  fi
+  ;;
+esac
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
+$as_echo_n "checking dynamic linker characteristics... " >&6; }
+
+if test "$GCC" = yes; then
+  case $host_os in
+    darwin*) lt_awk_arg="/^libraries:/,/LR/" ;;
+    *) lt_awk_arg="/^libraries:/" ;;
+  esac
+  lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+  if $ECHO "$lt_search_path_spec" | $GREP ';' >/dev/null ; then
+    # if the path contains ";" then we assume it to be the separator
+    # otherwise default to the standard path separator (i.e. ":") - it is
+    # assumed that no part of a normal pathname contains ";" but that should
+    # okay in the real world where ";" in dirpaths is itself problematic.
+    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e 's/;/ /g'`
+  else
+    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
+  fi
+  # Ok, now we have the path, separated by spaces, we can step through it
+  # and add multilib dir if necessary.
+  lt_tmp_lt_search_path_spec=
+  lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
+  for lt_sys_path in $lt_search_path_spec; do
+    if test -d "$lt_sys_path/$lt_multi_os_dir"; then
+      lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir"
+    else
+      test -d "$lt_sys_path" && \
+	lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
+    fi
+  done
+  lt_search_path_spec=`$ECHO $lt_tmp_lt_search_path_spec | awk '
+BEGIN {RS=" "; FS="/|\n";} {
+  lt_foo="";
+  lt_count=0;
+  for (lt_i = NF; lt_i > 0; lt_i--) {
+    if ($lt_i != "" && $lt_i != ".") {
+      if ($lt_i == "..") {
+        lt_count++;
+      } else {
+        if (lt_count == 0) {
+          lt_foo="/" $lt_i lt_foo;
+        } else {
+          lt_count--;
+        }
+      }
+    }
+  }
+  if (lt_foo != "") { lt_freq[lt_foo]++; }
+  if (lt_freq[lt_foo] == 1) { print lt_foo; }
+}'`
+  sys_lib_search_path_spec=`$ECHO $lt_search_path_spec`
+else
+  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+  shlibpath_var=LIBPATH
+
+  # AIX 3 has no versioning support, so we append a major version to the name.
+  soname_spec='${libname}${release}${shared_ext}$major'
+  ;;
+
+aix[4-9]*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  hardcode_into_libs=yes
+  if test "$host_cpu" = ia64; then
+    # AIX 5 supports IA64
+    library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+    shlibpath_var=LD_LIBRARY_PATH
+  else
+    # With GCC up to 2.95.x, collect2 would create an import file
+    # for dependence libraries.  The import file would start with
+    # the line `#! .'.  This would cause the generated library to
+    # depend on `.', always an invalid library.  This was fixed in
+    # development snapshots of GCC prior to 3.0.
+    case $host_os in
+      aix4 | aix4.[01] | aix4.[01].*)
+      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+	   echo ' yes '
+	   echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then
+	:
+      else
+	can_build_shared=no
+      fi
+      ;;
+    esac
+    # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+    # soname into executable. Probably we can add versioning support to
+    # collect2, so additional links can be useful in future.
+    if test "$aix_use_runtimelinking" = yes; then
+      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+      # instead of lib<name>.a to let people know that these are not
+      # typical AIX shared libraries.
+      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    else
+      # We preserve .a as extension for shared libraries through AIX4.2
+      # and later when we are not doing run time linking.
+      library_names_spec='${libname}${release}.a $libname.a'
+      soname_spec='${libname}${release}${shared_ext}$major'
+    fi
+    shlibpath_var=LIBPATH
+  fi
+  ;;
+
+amigaos*)
+  case $host_cpu in
+  powerpc)
+    # Since July 2007 AmigaOS4 officially supports .so libraries.
+    # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    ;;
+  m68k)
+    library_names_spec='$libname.ixlibrary $libname.a'
+    # Create ${libname}_ixlibrary.a entries in /sys/libs.
+    finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+    ;;
+  esac
+  ;;
+
+beos*)
+  library_names_spec='${libname}${shared_ext}'
+  dynamic_linker="$host_os ld.so"
+  shlibpath_var=LIBRARY_PATH
+  ;;
+
+bsdi[45]*)
+  version_type=linux
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+  # the default ld.so.conf also contains /usr/contrib/lib and
+  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+  # libtool to hard-code these into programs
+  ;;
+
+cygwin* | mingw* | pw32* | cegcc*)
+  version_type=windows
+  shrext_cmds=".dll"
+  need_version=no
+  need_lib_prefix=no
+
+  case $GCC,$host_os in
+  yes,cygwin* | yes,mingw* | yes,pw32* | yes,cegcc*)
+    library_names_spec='$libname.dll.a'
+    # DLL is installed to $(libdir)/../bin by postinstall_cmds
+    postinstall_cmds='base_file=`basename \${file}`~
+      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~
+      dldir=$destdir/`dirname \$dlpath`~
+      test -d \$dldir || mkdir -p \$dldir~
+      $install_prog $dir/$dlname \$dldir/$dlname~
+      chmod a+x \$dldir/$dlname~
+      if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+        eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+      fi'
+    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+      dlpath=$dir/\$dldll~
+       $RM \$dlpath'
+    shlibpath_overrides_runpath=yes
+
+    case $host_os in
+    cygwin*)
+      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+      soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+      sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+      ;;
+    mingw* | cegcc*)
+      # MinGW DLLs use traditional 'lib' prefix
+      soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+      sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+      if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
+        # It is most probably a Windows format PATH printed by
+        # mingw gcc, but we are running on Cygwin. Gcc prints its search
+        # path with ; separators, and with drive letters. We can handle the
+        # drive letters (cygwin fileutils understands them), so leave them,
+        # especially as we might pass files found there to a mingw objdump,
+        # which wouldn't understand a cygwinified path. Ahh.
+        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+      else
+        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
+      fi
+      ;;
+    pw32*)
+      # pw32 DLLs use 'pw' prefix rather than 'lib'
+      library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+      ;;
+    esac
+    ;;
+
+  *)
+    library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+    ;;
+  esac
+  dynamic_linker='Win32 ld.exe'
+  # FIXME: first we should search . and the directory the executable is in
+  shlibpath_var=PATH
+  ;;
+
+darwin* | rhapsody*)
+  dynamic_linker="$host_os dyld"
+  version_type=darwin
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+  soname_spec='${libname}${release}${major}$shared_ext'
+  shlibpath_overrides_runpath=yes
+  shlibpath_var=DYLD_LIBRARY_PATH
+  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+
+  sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"
+  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+  ;;
+
+dgux*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+freebsd1*)
+  dynamic_linker=no
+  ;;
+
+freebsd* | dragonfly*)
+  # DragonFly does not have aout.  When/if they implement a new
+  # versioning mechanism, adjust this.
+  if test -x /usr/bin/objformat; then
+    objformat=`/usr/bin/objformat`
+  else
+    case $host_os in
+    freebsd[123]*) objformat=aout ;;
+    *) objformat=elf ;;
+    esac
+  fi
+  version_type=freebsd-$objformat
+  case $version_type in
+    freebsd-elf*)
+      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+      need_version=no
+      need_lib_prefix=no
+      ;;
+    freebsd-*)
+      library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+      need_version=yes
+      ;;
+  esac
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_os in
+  freebsd2*)
+    shlibpath_overrides_runpath=yes
+    ;;
+  freebsd3.[01]* | freebsdelf3.[01]*)
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
+  freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
+    shlibpath_overrides_runpath=no
+    hardcode_into_libs=yes
+    ;;
+  *) # from 4.6 on, and DragonFly
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  esac
+  ;;
+
+gnu*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  hardcode_into_libs=yes
+  ;;
+
+hpux9* | hpux10* | hpux11*)
+  # Give a soname corresponding to the major version so that dld.sl refuses to
+  # link against other versions.
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  case $host_cpu in
+  ia64*)
+    shrext_cmds='.so'
+    hardcode_into_libs=yes
+    dynamic_linker="$host_os dld.so"
+    shlibpath_var=LD_LIBRARY_PATH
+    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    if test "X$HPUX_IA64_MODE" = X32; then
+      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+    else
+      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+    fi
+    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+    ;;
+  hppa*64*)
+    shrext_cmds='.sl'
+    hardcode_into_libs=yes
+    dynamic_linker="$host_os dld.sl"
+    shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+    ;;
+  *)
+    shrext_cmds='.sl'
+    dynamic_linker="$host_os dld.sl"
+    shlibpath_var=SHLIB_PATH
+    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    ;;
+  esac
+  # HP-UX runs *really* slowly unless shared libraries are mode 555.
+  postinstall_cmds='chmod 555 $lib'
+  ;;
+
+interix[3-9]*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  ;;
+
+irix5* | irix6* | nonstopux*)
+  case $host_os in
+    nonstopux*) version_type=nonstopux ;;
+    *)
+	if test "$lt_cv_prog_gnu_ld" = yes; then
+		version_type=linux
+	else
+		version_type=irix
+	fi ;;
+  esac
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='${libname}${release}${shared_ext}$major'
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+  case $host_os in
+  irix5* | nonstopux*)
+    libsuff= shlibsuff=
+    ;;
+  *)
+    case $LD in # libtool.m4 will add one of these switches to LD
+    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+      libsuff= shlibsuff= libmagic=32-bit;;
+    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+      libsuff=32 shlibsuff=N32 libmagic=N32;;
+    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+      libsuff=64 shlibsuff=64 libmagic=64-bit;;
+    *) libsuff= shlibsuff= libmagic=never-match;;
+    esac
+    ;;
+  esac
+  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+  shlibpath_overrides_runpath=no
+  sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+  sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+  hardcode_into_libs=yes
+  ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+  dynamic_linker=no
+  ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  # Some binutils ld are patched to set DT_RUNPATH
+  save_LDFLAGS=$LDFLAGS
+  save_libdir=$libdir
+  eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \
+       LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\""
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  if  ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then :
+  shlibpath_overrides_runpath=yes
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+  LDFLAGS=$save_LDFLAGS
+  libdir=$save_libdir
+
+  # This implies no fast_install, which is unacceptable.
+  # Some rework will be needed to allow for fast_install
+  # before this can be enabled.
+  hardcode_into_libs=yes
+
+  # Append ld.so.conf contents to the search path
+  if test -f /etc/ld.so.conf; then
+    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+  fi
+
+  # We used to test for /lib/ld.so.1 and disable shared libraries on
+  # powerpc, because MkLinux only supported shared libraries with the
+  # GNU dynamic linker.  Since this was broken with cross compilers,
+  # most powerpc-linux boxes support dynamic linking these days and
+  # people can always --disable-shared, the test was removed, and we
+  # assume the GNU/Linux dynamic linker is in use.
+  dynamic_linker='GNU/Linux ld.so'
+  ;;
+
+netbsd*)
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+    dynamic_linker='NetBSD (a.out) ld.so'
+  else
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    dynamic_linker='NetBSD ld.elf_so'
+  fi
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  ;;
+
+newsos6)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  ;;
+
+*nto* | *qnx*)
+  version_type=qnx
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='ldqnx.so'
+  ;;
+
+openbsd*)
+  version_type=sunos
+  sys_lib_dlsearch_path_spec="/usr/lib"
+  need_lib_prefix=no
+  # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+  case $host_os in
+    openbsd3.3 | openbsd3.3.*)	need_version=yes ;;
+    *)				need_version=no  ;;
+  esac
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+    case $host_os in
+      openbsd2.[89] | openbsd2.[89].*)
+	shlibpath_overrides_runpath=no
+	;;
+      *)
+	shlibpath_overrides_runpath=yes
+	;;
+      esac
+  else
+    shlibpath_overrides_runpath=yes
+  fi
+  ;;
+
+os2*)
+  libname_spec='$name'
+  shrext_cmds=".dll"
+  need_lib_prefix=no
+  library_names_spec='$libname${shared_ext} $libname.a'
+  dynamic_linker='OS/2 ld.exe'
+  shlibpath_var=LIBPATH
+  ;;
+
+osf3* | osf4* | osf5*)
+  version_type=osf
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='${libname}${release}${shared_ext}$major'
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+  sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+  ;;
+
+rdos*)
+  dynamic_linker=no
+  ;;
+
+solaris*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  # ldd complains unless libraries are executable
+  postinstall_cmds='chmod +x $lib'
+  ;;
+
+sunos4*)
+  version_type=sunos
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  if test "$with_gnu_ld" = yes; then
+    need_lib_prefix=no
+  fi
+  need_version=yes
+  ;;
+
+sysv4 | sysv4.3*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_vendor in
+    sni)
+      shlibpath_overrides_runpath=no
+      need_lib_prefix=no
+      runpath_var=LD_RUN_PATH
+      ;;
+    siemens)
+      need_lib_prefix=no
+      ;;
+    motorola)
+      need_lib_prefix=no
+      need_version=no
+      shlibpath_overrides_runpath=no
+      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+      ;;
+  esac
+  ;;
+
+sysv4*MP*)
+  if test -d /usr/nec ;then
+    version_type=linux
+    library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+    soname_spec='$libname${shared_ext}.$major'
+    shlibpath_var=LD_LIBRARY_PATH
+  fi
+  ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+  version_type=freebsd-elf
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  if test "$with_gnu_ld" = yes; then
+    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+  else
+    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+    case $host_os in
+      sco3.2v5*)
+        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+	;;
+    esac
+  fi
+  sys_lib_dlsearch_path_spec='/usr/lib'
+  ;;
+
+tpf*)
+  # TPF is a cross-target only.  Preferred cross-host = GNU/Linux.
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  ;;
+
+uts4*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+*)
+  dynamic_linker=no
+  ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
+$as_echo "$dynamic_linker" >&6; }
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then
+  sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec"
+fi
+if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then
+  sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
+$as_echo_n "checking how to hardcode library paths into programs... " >&6; }
+hardcode_action=
+if test -n "$hardcode_libdir_flag_spec" ||
+   test -n "$runpath_var" ||
+   test "X$hardcode_automatic" = "Xyes" ; then
+
+  # We can hardcode non-existent directories.
+  if test "$hardcode_direct" != no &&
+     # If the only mechanism to avoid hardcoding is shlibpath_var, we
+     # have to relink, otherwise we might link with an installed library
+     # when we should be linking with a yet-to-be-installed one
+     ## test "$_LT_TAGVAR(hardcode_shlibpath_var, )" != no &&
+     test "$hardcode_minus_L" != no; then
+    # Linking always hardcodes the temporary library directory.
+    hardcode_action=relink
+  else
+    # We can link without hardcoding, and we can hardcode nonexisting dirs.
+    hardcode_action=immediate
+  fi
+else
+  # We cannot hardcode anything, or else we can only hardcode existing
+  # directories.
+  hardcode_action=unsupported
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
+$as_echo "$hardcode_action" >&6; }
+
+if test "$hardcode_action" = relink ||
+   test "$inherit_rpath" = yes; then
+  # Fast installation is not supported
+  enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+     test "$enable_shared" = no; then
+  # Fast installation is not necessary
+  enable_fast_install=needless
+fi
+
+
+
+
+
+
+  if test "x$enable_dlopen" != xyes; then
+  enable_dlopen=unknown
+  enable_dlopen_self=unknown
+  enable_dlopen_self_static=unknown
+else
+  lt_cv_dlopen=no
+  lt_cv_dlopen_libs=
+
+  case $host_os in
+  beos*)
+    lt_cv_dlopen="load_add_on"
+    lt_cv_dlopen_libs=
+    lt_cv_dlopen_self=yes
+    ;;
+
+  mingw* | pw32* | cegcc*)
+    lt_cv_dlopen="LoadLibrary"
+    lt_cv_dlopen_libs=
+    ;;
+
+  cygwin*)
+    lt_cv_dlopen="dlopen"
+    lt_cv_dlopen_libs=
+    ;;
+
+  darwin*)
+  # if libdl is installed we need to link against it
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_dl_dlopen=yes
+else
+  ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = x""yes; then :
+  lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+
+    lt_cv_dlopen="dyld"
+    lt_cv_dlopen_libs=
+    lt_cv_dlopen_self=yes
+
+fi
+
+    ;;
+
+  *)
+    ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load"
+if test "x$ac_cv_func_shl_load" = x""yes; then :
+  lt_cv_dlopen="shl_load"
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
+$as_echo_n "checking for shl_load in -ldld... " >&6; }
+if test "${ac_cv_lib_dld_shl_load+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char shl_load ();
+int
+main ()
+{
+return shl_load ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_dld_shl_load=yes
+else
+  ac_cv_lib_dld_shl_load=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
+$as_echo "$ac_cv_lib_dld_shl_load" >&6; }
+if test "x$ac_cv_lib_dld_shl_load" = x""yes; then :
+  lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"
+else
+  ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
+if test "x$ac_cv_func_dlopen" = x""yes; then :
+  lt_cv_dlopen="dlopen"
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_dl_dlopen=yes
+else
+  ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = x""yes; then :
+  lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
+$as_echo_n "checking for dlopen in -lsvld... " >&6; }
+if test "${ac_cv_lib_svld_dlopen+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsvld  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_svld_dlopen=yes
+else
+  ac_cv_lib_svld_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
+$as_echo "$ac_cv_lib_svld_dlopen" >&6; }
+if test "x$ac_cv_lib_svld_dlopen" = x""yes; then :
+  lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
+$as_echo_n "checking for dld_link in -ldld... " >&6; }
+if test "${ac_cv_lib_dld_dld_link+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dld_link ();
+int
+main ()
+{
+return dld_link ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_dld_dld_link=yes
+else
+  ac_cv_lib_dld_dld_link=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
+$as_echo "$ac_cv_lib_dld_dld_link" >&6; }
+if test "x$ac_cv_lib_dld_dld_link" = x""yes; then :
+  lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+    ;;
+  esac
+
+  if test "x$lt_cv_dlopen" != xno; then
+    enable_dlopen=yes
+  else
+    enable_dlopen=no
+  fi
+
+  case $lt_cv_dlopen in
+  dlopen)
+    save_CPPFLAGS="$CPPFLAGS"
+    test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+    save_LDFLAGS="$LDFLAGS"
+    wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+    save_LIBS="$LIBS"
+    LIBS="$lt_cv_dlopen_libs $LIBS"
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
+$as_echo_n "checking whether a program can dlopen itself... " >&6; }
+if test "${lt_cv_dlopen_self+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  	  if test "$cross_compiling" = yes; then :
+  lt_cv_dlopen_self=cross
+else
+  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+  lt_status=$lt_dlunknown
+  cat > conftest.$ac_ext <<_LT_EOF
+#line 12235 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+#  define LT_DLGLOBAL		RTLD_GLOBAL
+#else
+#  ifdef DL_GLOBAL
+#    define LT_DLGLOBAL		DL_GLOBAL
+#  else
+#    define LT_DLGLOBAL		0
+#  endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+   find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+#  ifdef RTLD_LAZY
+#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
+#  else
+#    ifdef DL_LAZY
+#      define LT_DLLAZY_OR_NOW		DL_LAZY
+#    else
+#      ifdef RTLD_NOW
+#        define LT_DLLAZY_OR_NOW	RTLD_NOW
+#      else
+#        ifdef DL_NOW
+#          define LT_DLLAZY_OR_NOW	DL_NOW
+#        else
+#          define LT_DLLAZY_OR_NOW	0
+#        endif
+#      endif
+#    endif
+#  endif
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+  int status = $lt_dlunknown;
+
+  if (self)
+    {
+      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
+      else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+      /* dlclose (self); */
+    }
+  else
+    puts (dlerror ());
+
+  return status;
+}
+_LT_EOF
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then
+    (./conftest; exit; ) >&5 2>/dev/null
+    lt_status=$?
+    case x$lt_status in
+      x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
+      x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
+      x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;;
+    esac
+  else :
+    # compilation failed
+    lt_cv_dlopen_self=no
+  fi
+fi
+rm -fr conftest*
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
+$as_echo "$lt_cv_dlopen_self" >&6; }
+
+    if test "x$lt_cv_dlopen_self" = xyes; then
+      wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
+      { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
+$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; }
+if test "${lt_cv_dlopen_self_static+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  	  if test "$cross_compiling" = yes; then :
+  lt_cv_dlopen_self_static=cross
+else
+  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+  lt_status=$lt_dlunknown
+  cat > conftest.$ac_ext <<_LT_EOF
+#line 12331 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+#  define LT_DLGLOBAL		RTLD_GLOBAL
+#else
+#  ifdef DL_GLOBAL
+#    define LT_DLGLOBAL		DL_GLOBAL
+#  else
+#    define LT_DLGLOBAL		0
+#  endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+   find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+#  ifdef RTLD_LAZY
+#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
+#  else
+#    ifdef DL_LAZY
+#      define LT_DLLAZY_OR_NOW		DL_LAZY
+#    else
+#      ifdef RTLD_NOW
+#        define LT_DLLAZY_OR_NOW	RTLD_NOW
+#      else
+#        ifdef DL_NOW
+#          define LT_DLLAZY_OR_NOW	DL_NOW
+#        else
+#          define LT_DLLAZY_OR_NOW	0
+#        endif
+#      endif
+#    endif
+#  endif
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+  int status = $lt_dlunknown;
+
+  if (self)
+    {
+      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
+      else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+      /* dlclose (self); */
+    }
+  else
+    puts (dlerror ());
+
+  return status;
+}
+_LT_EOF
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then
+    (./conftest; exit; ) >&5 2>/dev/null
+    lt_status=$?
+    case x$lt_status in
+      x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
+      x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
+      x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;;
+    esac
+  else :
+    # compilation failed
+    lt_cv_dlopen_self_static=no
+  fi
+fi
+rm -fr conftest*
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
+$as_echo "$lt_cv_dlopen_self_static" >&6; }
+    fi
+
+    CPPFLAGS="$save_CPPFLAGS"
+    LDFLAGS="$save_LDFLAGS"
+    LIBS="$save_LIBS"
+    ;;
+  esac
+
+  case $lt_cv_dlopen_self in
+  yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+  *) enable_dlopen_self=unknown ;;
+  esac
+
+  case $lt_cv_dlopen_self_static in
+  yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+  *) enable_dlopen_self_static=unknown ;;
+  esac
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+striplib=
+old_striplib=
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
+$as_echo_n "checking whether stripping libraries is possible... " >&6; }
+if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
+  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+  case $host_os in
+  darwin*)
+    if test -n "$STRIP" ; then
+      striplib="$STRIP -x"
+      old_striplib="$STRIP -S"
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+    else
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+    fi
+    ;;
+  *)
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+    ;;
+  esac
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+  # Report which library types will actually be built
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
+$as_echo_n "checking if libtool supports shared libraries... " >&6; }
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
+$as_echo "$can_build_shared" >&6; }
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
+$as_echo_n "checking whether to build shared libraries... " >&6; }
+  test "$can_build_shared" = "no" && enable_shared=no
+
+  # On AIX, shared libraries and static libraries use the same namespace, and
+  # are all built from PIC.
+  case $host_os in
+  aix3*)
+    test "$enable_shared" = yes && enable_static=no
+    if test -n "$RANLIB"; then
+      archive_cmds="$archive_cmds~\$RANLIB \$lib"
+      postinstall_cmds='$RANLIB $lib'
+    fi
+    ;;
+
+  aix[4-9]*)
+    if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+      test "$enable_shared" = yes && enable_static=no
+    fi
+    ;;
+  esac
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5
+$as_echo "$enable_shared" >&6; }
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
+$as_echo_n "checking whether to build static libraries... " >&6; }
+  # Make sure either enable_shared or enable_static is yes.
+  test "$enable_shared" = yes || enable_static=yes
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
+$as_echo "$enable_static" >&6; }
+
+
+
+
+fi
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC="$lt_save_CC"
+
+
+
+
+
+
+
+
+
+
+
+
+
+        ac_config_commands="$ac_config_commands libtool"
+
+
+
+
+# Only expand once:
+
+
+
+if test "$enable_shared" = "no"; then
+    with_noexec=no
+else
+    eval _shrext="$shrext_cmds"
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking path to sudo_noexec.so" >&5
+$as_echo_n "checking path to sudo_noexec.so... " >&6; }
+
+# Check whether --with-noexec was given.
+if test "${with_noexec+set}" = set; then :
+  withval=$with_noexec; case $with_noexec in
+    yes)	with_noexec="$libexecdir/sudo_noexec$_shrext"
+		;;
+    no)		;;
+    *)		;;
+esac
+else
+  with_noexec="$libexecdir/sudo_noexec$_shrext"
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_noexec" >&5
+$as_echo "$with_noexec" >&6; }
+NOEXECFILE="sudo_noexec$_shrext"
+NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[^/]*:\1:'`"
+
+if test X"$with_devel" = X"yes" -a -n "$GCC"; then
+    CFLAGS="${CFLAGS} -Wall"
+fi
+
+# Extract the first word of "uname", so it can be a program name with args.
+set dummy uname; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_UNAMEPROG+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$UNAMEPROG"; then
+  ac_cv_prog_UNAMEPROG="$UNAMEPROG" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_UNAMEPROG="uname"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+UNAMEPROG=$ac_cv_prog_UNAMEPROG
+if test -n "$UNAMEPROG"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $UNAMEPROG" >&5
+$as_echo "$UNAMEPROG" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "tr", so it can be a program name with args.
+set dummy tr; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_TRPROG+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$TRPROG"; then
+  ac_cv_prog_TRPROG="$TRPROG" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_TRPROG="tr"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+TRPROG=$ac_cv_prog_TRPROG
+if test -n "$TRPROG"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TRPROG" >&5
+$as_echo "$TRPROG" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+for ac_prog in nroff mandoc
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_NROFFPROG+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$NROFFPROG"; then
+  ac_cv_prog_NROFFPROG="$NROFFPROG" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_NROFFPROG="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+NROFFPROG=$ac_cv_prog_NROFFPROG
+if test -n "$NROFFPROG"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NROFFPROG" >&5
+$as_echo "$NROFFPROG" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$NROFFPROG" && break
+done
+
+if test -z "$NROFFPROG"; then
+    MANTYPE="cat"
+    mansrcdir='$(srcdir)'
+fi
+
+if test -n "$sudo_cv_prev_host"; then
+    if test "$sudo_cv_prev_host" != "$host"; then
+	as_fn_error "config.cache was created on a different host; remove it and re-run configure." "$LINENO" 5
+    else
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking previous host type" >&5
+$as_echo_n "checking previous host type... " >&6; }
+	if test "${sudo_cv_prev_host+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  sudo_cv_prev_host="$host"
+fi
+
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_prev_host" >&5
+$as_echo "$sudo_cv_prev_host" >&6; }
+    fi
+else
+    # this will produce no output since there is no cached value
+    if test "${sudo_cv_prev_host+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  sudo_cv_prev_host="$host"
+fi
+
+fi
+
+if test -n "$host_os"; then
+    OS=`echo $host_os | sed 's/[0-9].*//'`
+    OSREV=`echo $host_os | sed 's/^[^0-9\.]*\([0-9\.]*\).*$/\1/'`
+    OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
+else
+    OS="unknown"
+    OSREV=0
+    OSMAJOR=0
+fi
+
+case "$host" in
+    *-*-sunos4*)
+		# getcwd(3) opens a pipe to getpwd(1)!?!
+		BROKEN_GETCWD=1
+
+		# system headers lack prototypes but gcc helps...
+		if test -n "$GCC"; then
+		    OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
+		fi
+
+		shadow_funcs="getpwanam issecure"
+		;;
+    *-*-solaris2*)
+		# To get the crypt(3) prototype (so we pass -Wall)
+		OSDEFS="${OSDEFS} -D__EXTENSIONS__"
+		# AFS support needs -lucb
+		if test "$with_AFS" = "yes"; then
+		    AFS_LIBS="-lc -lucb"
+		fi
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		: ${with_rpath='yes'}
+		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+		;;
+    *-*-aix*)
+		# To get all prototypes (so we pass -Wall)
+		OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT"
+		SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
+		if test X"$with_blibpath" != X"no"; then
+		    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if linker accepts -Wl,-blibpath" >&5
+$as_echo_n "checking if linker accepts -Wl,-blibpath... " >&6; }
+		    O_LDFLAGS="$LDFLAGS"
+		    LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
+		    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+			if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
+			    blibpath="$with_blibpath"
+			elif test -n "$GCC"; then
+			    blibpath="/usr/lib:/lib:/usr/local/lib"
+			else
+			    blibpath="/usr/lib:/lib"
+			fi
+			{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+		fi
+		LDFLAGS="$O_LDFLAGS"
+
+		# Use authenticate(3) as the default authentication method
+		if test X"$with_aixauth" = X""; then
+		    for ac_func in authenticate
+do :
+  ac_fn_c_check_func "$LINENO" "authenticate" "ac_cv_func_authenticate"
+if test "x$ac_cv_func_authenticate" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_AUTHENTICATE 1
+_ACEOF
+ AUTH_EXCL_DEF="AIX_AUTH"
+fi
+done
+
+		fi
+
+		# AIX analog of nsswitch.conf, enabled by default
+
+# Check whether --with-netsvc was given.
+if test "${with_netsvc+set}" = set; then :
+  withval=$with_netsvc; case $with_netsvc in
+		    no)		;;
+		    yes)	with_netsvc="/etc/netsvc.conf"
+				;;
+		    *)		;;
+		esac
+fi
+
+		if test -z "$with_nsswitch" -a -z "$with_netsvc"; then
+		    with_netsvc="/etc/netsvc.conf"
+		fi
+
+		# AIX-specific functions
+		for ac_func in getuserattr setauthdb
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+		COMMON_OBJS="$COMMON_OBJS aix.o"
+		;;
+    *-*-hiuxmpp*)
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		;;
+    *-*-hpux*)
+		# AFS support needs -lBSD
+		if test "$with_AFS" = "yes"; then
+		    AFS_LIBS="-lc -lBSD"
+		fi
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+
+		if test -z "$GCC"; then
+		    # HP-UX bundled compiler can't generate shared objects
+		    if -z "$pic_flag"; then
+			with_noexec=no
+		    fi
+
+		    # Use the +DAportable flag on hppa if it is supported
+		    case "$host_cpu" in
+		    hppa*)
+			_CFLAGS="$CFLAGS"
+			CFLAGS="$CFLAGS +DAportable"
+			{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands +DAportable" >&5
+$as_echo_n "checking whether $CC understands +DAportable... " >&6; }
+if test "${sudo_cv_var_daportable+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  sudo_cv_var_daportable=yes
+else
+  sudo_cv_var_daportable=no
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_var_daportable" >&5
+$as_echo "$sudo_cv_var_daportable" >&6; }
+			if test X"$sudo_cv_var_daportable" != X"yes"; then
+			    CFLAGS="$_CFLAGS"
+			fi
+			;;
+		    esac
+		fi
+
+		case "$host" in
+			*-*-hpux1-8.*)
+			    $as_echo "#define BROKEN_SYSLOG 1" >>confdefs.h
+
+
+			    # Not sure if setuid binaries are safe in < 9.x
+			    if test -n "$GCC"; then
+				SUDO_LDFLAGS="${SUDO_LDFLAGS} -static"
+			    else
+				SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive"
+			    fi
+			;;
+			*-*-hpux9.*)
+			    $as_echo "#define BROKEN_SYSLOG 1" >>confdefs.h
+
+
+			    shadow_funcs="getspwuid"
+
+			    # DCE support (requires ANSI C compiler)
+			    if test "$with_DCE" = "yes"; then
+				# order of libs in 9.X is important. -lc_r must be last
+				SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r"
+				LIBS="${LIBS} -ldce -lM -lc_r"
+				CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
+			    fi
+			;;
+			*-*-hpux10.*)
+			    shadow_funcs="getprpwnam iscomsec"
+			    shadow_libs="-lsec"
+			;;
+			*)
+			    shadow_funcs="getspnam iscomsec"
+			    shadow_libs="-lsec"
+			    test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+			;;
+		esac
+		;;
+    *-dec-osf*)
+		# ignore envariables wrt dynamic lib path
+		SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement"
+
+		: ${CHECKSIA='true'}
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable sia support on Digital UNIX" >&5
+$as_echo_n "checking whether to disable sia support on Digital UNIX... " >&6; }
+		# Check whether --enable-sia was given.
+if test "${enable_sia+set}" = set; then :
+  enableval=$enable_sia;  case "$enableval" in
+		    yes)	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+				CHECKSIA=true
+				;;
+		    no)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+				CHECKSIA=false
+				;;
+		    *)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+				{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-sia: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-sia: $enableval" >&2;}
+				;;
+		  esac
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+		shadow_funcs="getprpwnam dispcrypt"
+		# OSF/1 4.x and higher need -ldb too
+		if test $OSMAJOR -lt 4; then
+		    shadow_libs="-lsecurity -laud -lm"
+		else
+		    shadow_libs="-lsecurity -ldb -laud -lm"
+		fi
+
+		# use SIA by default, if we have it
+		test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
+
+		#
+		# Some versions of Digital Unix ship with a broken
+		# copy of prot.h, which we need for shadow passwords.
+		# XXX - make should remove this as part of distclean
+		#
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for broken prot.h" >&5
+$as_echo_n "checking for broken prot.h... " >&6; }
+		cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <sys/security.h>
+#include <prot.h>
+
+int
+main ()
+{
+exit(0);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, fixing locally" >&5
+$as_echo "yes, fixing locally" >&6; }
+		sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+		: ${mansectsu='8'}
+		: ${mansectform='4'}
+		;;
+    *-*-irix*)
+		OSDEFS="${OSDEFS} -D_BSD_TYPES"
+		if test -z "$NROFFPROG"; then
+		    MAN_POSTINSTALL='	/bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
+		    if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
+			if test -d /usr/share/catman/local; then
+			    mandir="/usr/share/catman/local"
+			else
+			    mandir="/usr/catman/local"
+			fi
+		    fi
+		else
+		    if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
+			if test -d "/usr/share/man/local"; then
+			    mandir="/usr/share/man/local"
+			else
+			    mandir="/usr/man/local"
+			fi
+		    fi
+		fi
+		# IRIX <= 4 needs -lsun
+		if test "$OSMAJOR" -le 4; then
+		    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpwnam in -lsun" >&5
+$as_echo_n "checking for getpwnam in -lsun... " >&6; }
+if test "${ac_cv_lib_sun_getpwnam+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsun  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getpwnam ();
+int
+main ()
+{
+return getpwnam ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_sun_getpwnam=yes
+else
+  ac_cv_lib_sun_getpwnam=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_sun_getpwnam" >&5
+$as_echo "$ac_cv_lib_sun_getpwnam" >&6; }
+if test "x$ac_cv_lib_sun_getpwnam" = x""yes; then :
+  LIBS="${LIBS} -lsun"
+fi
+
+		fi
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		;;
+    *-*-linux*|*-*-k*bsd*-gnu)
+		OSDEFS="${OSDEFS} -D_GNU_SOURCE"
+		# Some Linux versions need to link with -lshadow
+		shadow_funcs="getspnam"
+		shadow_libs_optional="-lshadow"
+		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+		;;
+    *-convex-bsd*)
+		OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
+		if test -z "$GCC"; then
+		    CFLAGS="${CFLAGS} -D__STDC__"
+		fi
+
+		shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
+		shadow_funcs="getprpwnam"
+		shadow_libs="-lprot"
+		;;
+    *-*-ultrix*)
+		OS="ultrix"
+		shadow_funcs="getauthuid"
+		shadow_libs="-lauth"
+		;;
+    *-*-riscos*)
+		LIBS="${LIBS} -lsun -lbsd"
+		CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
+		OSDEFS="${OSDEFS} -D_MIPS"
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		;;
+    *-*-isc*)
+		OSDEFS="${OSDEFS} -D_ISC"
+		LIB_CRYPT=1
+		SUDO_LIBS="${SUDO_LIBS} -lcrypt"
+		LIBS="${LIBS} -lcrypt"
+
+		shadow_funcs="getspnam"
+		shadow_libs="-lsec"
+
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		;;
+    *-*-sco*|*-sco-*)
+		shadow_funcs="getprpwnam"
+		shadow_libs="-lprot -lx"
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		;;
+    m88k-motorola-sysv*)
+		# motorolla's cc (a variant of gcc) does -O but not -O2
+		CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		;;
+    *-sequent-sysv*)
+		shadow_funcs="getspnam"
+		shadow_libs="-lsec"
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		: ${with_rpath='yes'}
+		;;
+    *-ncr-sysv4*|*-ncr-sysvr4*)
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for strcasecmp in -lc89" >&5
+$as_echo_n "checking for strcasecmp in -lc89... " >&6; }
+if test "${ac_cv_lib_c89_strcasecmp+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lc89  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strcasecmp ();
+int
+main ()
+{
+return strcasecmp ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_c89_strcasecmp=yes
+else
+  ac_cv_lib_c89_strcasecmp=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c89_strcasecmp" >&5
+$as_echo "$ac_cv_lib_c89_strcasecmp" >&6; }
+if test "x$ac_cv_lib_c89_strcasecmp" = x""yes; then :
+  $as_echo "#define HAVE_STRCASECMP 1" >>confdefs.h
+ LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes
+fi
+
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		: ${with_rpath='yes'}
+		;;
+    *-ccur-sysv4*|*-ccur-sysvr4*)
+		LIBS="${LIBS} -lgen"
+		SUDO_LIBS="${SUDO_LIBS} -lgen"
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		: ${with_rpath='yes'}
+		;;
+    *-*-bsdi*)
+		SKIP_SETREUID=yes
+		# Use shlicc for BSD/OS [23].x unless asked to do otherwise
+		if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then
+		    case "$OSMAJOR" in
+			2|3)	{ $as_echo "$as_me:${as_lineno-$LINENO}: using shlicc as CC" >&5
+$as_echo "$as_me: using shlicc as CC" >&6;}
+				ac_cv_prog_CC=shlicc
+				CC="$ac_cv_prog_CC"
+				;;
+		    esac
+		fi
+		# Check for newer BSD auth API (just check for >= 3.0?)
+		if test -z "$with_bsdauth"; then
+		    for ac_func in auth_challenge
+do :
+  ac_fn_c_check_func "$LINENO" "auth_challenge" "ac_cv_func_auth_challenge"
+if test "x$ac_cv_func_auth_challenge" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_AUTH_CHALLENGE 1
+_ACEOF
+ AUTH_EXCL_DEF="BSD_AUTH"
+fi
+done
+
+		fi
+		;;
+    *-*-freebsd*)
+		# FreeBSD has a real setreuid(2) starting with 2.1 and
+		# backported to 2.0.5.  We just take 2.1 and above...
+		case "$OSREV" in
+		0.*|1.*|2.0*)
+		    SKIP_SETREUID=yes
+		    ;;
+		esac
+		if test "$with_skey" = "yes"; then
+		     SUDO_LIBS="${SUDO_LIBS} -lmd"
+		fi
+		CHECKSHADOW="false"
+		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+		: ${with_logincap='maybe'}
+		;;
+    *-*-*openbsd*)
+		# OpenBSD has a real setreuid(2) starting with 3.3 but
+		# we will use setreuid(2) instead.
+		SKIP_SETREUID=yes
+		CHECKSHADOW="false"
+		# OpenBSD >= 3.0 supports BSD auth
+		if test -z "$with_bsdauth"; then
+		    case "$OSREV" in
+		    0-2.*)
+			;;
+		    *)
+			AUTH_EXCL_DEF="BSD_AUTH"
+			;;
+		    esac
+		fi
+		: ${with_logincap='maybe'}
+		;;
+    *-*-*netbsd*)
+		# NetBSD has a real setreuid(2) starting with 1.3.2
+		case "$OSREV" in
+		0.9*|1.012*|1.3|1.3.1)
+		    SKIP_SETREUID=yes
+		    ;;
+		esac
+		CHECKSHADOW="false"
+		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+		: ${with_logincap='maybe'}
+		;;
+    *-*-dragonfly*)
+		if test "$with_skey" = "yes"; then
+		     SUDO_LIBS="${SUDO_LIBS} -lmd"
+		fi
+		CHECKSHADOW="false"
+		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+		: ${with_logincap='yes'}
+		;;
+    *-*-*bsd*)
+		CHECKSHADOW="false"
+		;;
+    *-*-darwin*)
+		# Darwin has a real setreuid(2) starting with 9.0
+		if test $OSMAJOR -lt 9; then
+		    SKIP_SETREUID=yes
+		fi
+		CHECKSHADOW="false"
+		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+		: ${with_logincap='yes'}
+		;;
+    *-*-nextstep*)
+		# lockf() on is broken on the NeXT -- use flock instead
+		ac_cv_func_lockf=no
+		ac_cv_func_flock=yes
+		;;
+    *-*-*sysv4*)
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		: ${with_rpath='yes'}
+		;;
+    *-*-sysv*)
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		;;
+    *-gnu*)
+		OSDEFS="${OSDEFS} -D_GNU_SOURCE"
+		;;
+esac
+
+AUTH_REG=${AUTH_REG# }
+AUTH_EXCL=${AUTH_EXCL# }
+if test -n "$AUTH_EXCL"; then
+    set -- $AUTH_EXCL
+    if test $# != 1; then
+	as_fn_error "More than one mutually exclusive authentication method specified: $AUTH_EXCL" "$LINENO" 5
+    fi
+    if test -n "$AUTH_REG"; then
+	as_fn_error "Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods" "$LINENO" 5
+    fi
+fi
+if test X"${with_skey}${with_opie}" = X"yesyes"; then
+    as_fn_error "\"cannot use both S/Key and OPIE\"" "$LINENO" 5
+fi
+
+: ${mansectsu='8'}
+: ${mansectform='5'}
+
+if test -n "$with_libpath"; then
+    for i in ${with_libpath}; do
+
+    if test X"$with_rpath" = X"yes"; then
+	case "$host" in
+	    *-*-hpux*)	LDFLAGS="${LDFLAGS} -L$i -Wl,+b,$i"
+			;;
+	    *)		LDFLAGS="${LDFLAGS} -L$i -Wl,-R$i"
+			;;
+	esac
+    else
+	LDFLAGS="${LDFLAGS} -L$i"
+    fi
+    if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
+	blibpath_add="${blibpath_add}:$i"
+    fi
+
+    done
+fi
+if test -n "$with_libraries"; then
+    for i in ${with_libraries}; do
+	case $i in
+	    -l*)	;;
+	    *.a)	;;
+	    *.o)	;;
+	    *)	i="-l${i}";;
+	esac
+	LIBS="${LIBS} ${i}"
+    done
+fi
+
+if test $ac_cv_c_compiler_gnu = yes; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC needs -traditional" >&5
+$as_echo_n "checking whether $CC needs -traditional... " >&6; }
+if test "${ac_cv_prog_gcc_traditional+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+    ac_pattern="Autoconf.*'x'"
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sgtty.h>
+Autoconf TIOCGETP
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "$ac_pattern" >/dev/null 2>&1; then :
+  ac_cv_prog_gcc_traditional=yes
+else
+  ac_cv_prog_gcc_traditional=no
+fi
+rm -f conftest*
+
+
+  if test $ac_cv_prog_gcc_traditional = no; then
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <termio.h>
+Autoconf TCGETA
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "$ac_pattern" >/dev/null 2>&1; then :
+  ac_cv_prog_gcc_traditional=yes
+fi
+rm -f conftest*
+
+  fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_gcc_traditional" >&5
+$as_echo "$ac_cv_prog_gcc_traditional" >&6; }
+  if test $ac_cv_prog_gcc_traditional = yes; then
+    CC="$CC -traditional"
+  fi
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
+$as_echo_n "checking for an ANSI C-conforming const... " >&6; }
+if test "${ac_cv_c_const+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+/* FIXME: Include the comments suggested by Paul. */
+#ifndef __cplusplus
+  /* Ultrix mips cc rejects this.  */
+  typedef int charset[2];
+  const charset cs;
+  /* SunOS 4.1.1 cc rejects this.  */
+  char const *const *pcpcc;
+  char **ppc;
+  /* NEC SVR4.0.2 mips cc rejects this.  */
+  struct point {int x, y;};
+  static struct point const zero = {0,0};
+  /* AIX XL C 1.02.0.0 rejects this.
+     It does not let you subtract one const X* pointer from another in
+     an arm of an if-expression whose if-part is not a constant
+     expression */
+  const char *g = "string";
+  pcpcc = &g + (g ? g-g : 0);
+  /* HPUX 7.0 cc rejects these. */
+  ++pcpcc;
+  ppc = (char**) pcpcc;
+  pcpcc = (char const *const *) ppc;
+  { /* SCO 3.2v4 cc rejects this.  */
+    char *t;
+    char const *s = 0 ? (char *) 0 : (char const *) 0;
+
+    *t++ = 0;
+    if (s) return 0;
+  }
+  { /* Someone thinks the Sun supposedly-ANSI compiler will reject this.  */
+    int x[] = {25, 17};
+    const int *foo = &x[0];
+    ++foo;
+  }
+  { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
+    typedef const int *iptr;
+    iptr p = 0;
+    ++p;
+  }
+  { /* AIX XL C 1.02.0.0 rejects this saying
+       "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
+    struct s { int j; const int *ap[3]; };
+    struct s *b; b->j = 5;
+  }
+  { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
+    const int foo = 10;
+    if (!foo) return 0;
+  }
+  return !cs[0] && !zero.x;
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_c_const=yes
+else
+  ac_cv_c_const=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
+$as_echo "$ac_cv_c_const" >&6; }
+if test $ac_cv_c_const = no; then
+
+$as_echo "#define const /**/" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working volatile" >&5
+$as_echo_n "checking for working volatile... " >&6; }
+if test "${ac_cv_c_volatile+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+volatile int x;
+int * volatile y = (int *) 0;
+return !x && !y;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_c_volatile=yes
+else
+  ac_cv_c_volatile=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_volatile" >&5
+$as_echo "$ac_cv_c_volatile" >&6; }
+if test $ac_cv_c_volatile = no; then
+
+$as_echo "#define volatile /**/" >>confdefs.h
+
+fi
+
+for ac_prog in 'bison -y' byacc
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_YACC+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$YACC"; then
+  ac_cv_prog_YACC="$YACC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_YACC="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+YACC=$ac_cv_prog_YACC
+if test -n "$YACC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5
+$as_echo "$YACC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$YACC" && break
+done
+test -n "$YACC" || YACC="yacc"
+
+# Extract the first word of "flex", so it can be a program name with args.
+set dummy flex; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_FLEX+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $FLEX in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_FLEX="$FLEX" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_path_FLEX="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  test -z "$ac_cv_path_FLEX" && ac_cv_path_FLEX="flex"
+  ;;
+esac
+fi
+FLEX=$ac_cv_path_FLEX
+if test -n "$FLEX"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $FLEX" >&5
+$as_echo "$FLEX" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for mv" >&5
+$as_echo_n "checking for mv... " >&6; }
+found=no
+for p in "/usr/bin/mv" "/bin/mv" "/usr/ucb/mv" "/usr/sbin/mv"; do
+    if test -f "$p"; then
+	found=yes
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $p" >&5
+$as_echo "$p" >&6; }
+	cat >>confdefs.h <<EOF
+#define _PATH_MV "$p"
+EOF
+
+	break
+    fi
+done
+if test X"$found" != X"yes"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
+$as_echo "not found" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for bourne shell" >&5
+$as_echo_n "checking for bourne shell... " >&6; }
+found=no
+for p in "/bin/sh" "/usr/bin/sh" "/sbin/sh" "/usr/sbin/sh" "/bin/ksh" "/usr/bin/ksh" "/bin/bash" "/usr/bin/bash"; do
+    if test -f "$p"; then
+	found=yes
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $p" >&5
+$as_echo "$p" >&6; }
+	cat >>confdefs.h <<EOF
+#define _PATH_BSHELL "$p"
+EOF
+
+	break
+    fi
+done
+if test X"$found" != X"yes"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
+$as_echo "not found" >&6; }
+fi
+
+if test -z "$with_sendmail"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sendmail" >&5
+$as_echo_n "checking for sendmail... " >&6; }
+found=no
+for p in "/usr/sbin/sendmail" "/usr/lib/sendmail" "/usr/etc/sendmail" "/usr/ucblib/sendmail" "/usr/local/lib/sendmail" "/usr/local/bin/sendmail"; do
+    if test -f "$p"; then
+	found=yes
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $p" >&5
+$as_echo "$p" >&6; }
+	cat >>confdefs.h <<EOF
+#define _PATH_SUDO_SENDMAIL "$p"
+EOF
+
+	break
+    fi
+done
+if test X"$found" != X"yes"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
+$as_echo "not found" >&6; }
+fi
+
+fi
+if test -z "$with_editor"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for vi" >&5
+$as_echo_n "checking for vi... " >&6; }
+found=no
+for editor in "/usr/bin/vi" "/bin/vi" "/usr/ucb/vi" "/usr/bsd/vi" "/usr/local/bin/vi"; do
+    if test -f "$editor"; then
+	found=yes
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $editor" >&5
+$as_echo "$editor" >&6; }
+	cat >>confdefs.h <<EOF
+#define _PATH_VI "$editor"
+EOF
+
+	break
+    fi
+done
+if test X"$found" != X"yes"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
+$as_echo "not found" >&6; }
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking which syslog facility sudo should log with" >&5
+$as_echo_n "checking which syslog facility sudo should log with... " >&6; }
+if test X"$with_logfac" = X""; then
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <syslog.h>
+int
+main ()
+{
+int i = LOG_AUTHPRIV; (void)i;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  logfac=authpriv
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define LOGFAC "$logfac"
+_ACEOF
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $logfac" >&5
+$as_echo "$logfac" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if test "${ac_cv_header_stdc+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_header_stdc=yes
+else
+  ac_cv_header_stdc=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+  # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "memchr" >/dev/null 2>&1; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "free" >/dev/null 2>&1; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+  if test "$cross_compiling" = yes; then :
+  :
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ctype.h>
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+		   (('a' <= (c) && (c) <= 'i') \
+		     || ('j' <= (c) && (c) <= 'r') \
+		     || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+  int i;
+  for (i = 0; i < 256; i++)
+    if (XOR (islower (i), ISLOWER (i))
+	|| toupper (i) != TOUPPER (i))
+      return 2;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+
+ac_header_dirent=no
+for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do
+  as_ac_Header=`$as_echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_hdr that defines DIR" >&5
+$as_echo_n "checking for $ac_hdr that defines DIR... " >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <$ac_hdr>
+
+int
+main ()
+{
+if ((DIR *) 0)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  eval "$as_ac_Header=yes"
+else
+  eval "$as_ac_Header=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$as_ac_Header
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+eval as_val=\$$as_ac_Header
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_hdr" | $as_tr_cpp` 1
+_ACEOF
+
+ac_header_dirent=$ac_hdr; break
+fi
+
+done
+# Two versions of opendir et al. are in -ldir and -lx on SCO Xenix.
+if test $ac_header_dirent = dirent.h; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5
+$as_echo_n "checking for library containing opendir... " >&6; }
+if test "${ac_cv_search_opendir+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char opendir ();
+int
+main ()
+{
+return opendir ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' dir; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_search_opendir=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext
+  if test "${ac_cv_search_opendir+set}" = set; then :
+  break
+fi
+done
+if test "${ac_cv_search_opendir+set}" = set; then :
+
+else
+  ac_cv_search_opendir=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5
+$as_echo "$ac_cv_search_opendir" >&6; }
+ac_res=$ac_cv_search_opendir
+if test "$ac_res" != no; then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5
+$as_echo_n "checking for library containing opendir... " >&6; }
+if test "${ac_cv_search_opendir+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char opendir ();
+int
+main ()
+{
+return opendir ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' x; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_search_opendir=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext
+  if test "${ac_cv_search_opendir+set}" = set; then :
+  break
+fi
+done
+if test "${ac_cv_search_opendir+set}" = set; then :
+
+else
+  ac_cv_search_opendir=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5
+$as_echo "$ac_cv_search_opendir" >&6; }
+ac_res=$ac_cv_search_opendir
+if test "$ac_res" != no; then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5
+$as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; }
+if test "${ac_cv_header_time+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <sys/time.h>
+#include <time.h>
+
+int
+main ()
+{
+if ((struct tm *) 0)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_header_time=yes
+else
+  ac_cv_header_time=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5
+$as_echo "$ac_cv_header_time" >&6; }
+if test $ac_cv_header_time = yes; then
+
+$as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h
+
+fi
+
+for ac_header in malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+eval as_val=\$$as_ac_Header
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking POSIX termios" >&5
+$as_echo_n "checking POSIX termios... " >&6; }
+if test "${ac_cv_sys_posix_termios+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <unistd.h>
+#include <termios.h>
+
+int
+main ()
+{
+/* SunOS 4.0.3 has termios.h but not the library calls.  */
+   tcgetattr(0, 0);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_sys_posix_termios=yes
+else
+  ac_cv_sys_posix_termios=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_posix_termios" >&5
+$as_echo "$ac_cv_sys_posix_termios" >&6; }
+
+if test "$ac_cv_sys_posix_termios" = "yes"; then
+    $as_echo "#define HAVE_TERMIOS_H 1" >>confdefs.h
+
+else
+    for ac_header in termio.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "termio.h" "ac_cv_header_termio_h" "$ac_includes_default"
+if test "x$ac_cv_header_termio_h" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_TERMIO_H 1
+_ACEOF
+
+fi
+
+done
+
+fi
+
+maildir=no
+if test X"$ac_cv_header_paths_h" = X"yes"; then
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_includes_default
+#include <paths.h>
+int main() {char *p = _PATH_MAILDIR;}
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  maildir=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+if test $maildir = no; then
+    # Solaris has maillock.h which defines MAILDIR
+    for ac_header in maillock.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "maillock.h" "ac_cv_header_maillock_h" "$ac_includes_default"
+if test "x$ac_cv_header_maillock_h" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_MAILLOCK_H 1
+_ACEOF
+
+	cat >>confdefs.h <<\EOF
+#define _PATH_MAILDIR MAILDIR
+EOF
+
+	maildir=yes
+
+fi
+
+done
+
+    if test $maildir = no; then
+	for d in /var/mail /var/spool/mail /usr/spool/mail; do
+	    if test -d "$d"; then
+		maildir=yes
+		cat >>confdefs.h <<EOF
+#define _PATH_MAILDIR "$d"
+EOF
+
+		break
+	    fi
+	done
+	if test $maildir = no; then
+	    # unable to find mail dir, hope for the best
+	    cat >>confdefs.h <<EOF
+#define _PATH_MAILDIR "/var/mail"
+EOF
+
+	fi
+    fi
+fi
+
+if test ${with_logincap-'no'} != "no"; then
+    for ac_header in login_cap.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "login_cap.h" "ac_cv_header_login_cap_h" "$ac_includes_default"
+if test "x$ac_cv_header_login_cap_h" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_LOGIN_CAP_H 1
+_ACEOF
+ LOGINCAP_USAGE='[-c class|-] '; LCMAN=1
+	case "$OS" in
+	    freebsd|netbsd)	SUDO_LIBS="${SUDO_LIBS} -lutil"
+	    ;;
+	esac
+
+fi
+
+done
+
+fi
+if test ${with_project-'no'} != "no"; then
+    ac_fn_c_check_header_mongrel "$LINENO" "project.h" "ac_cv_header_project_h" "$ac_includes_default"
+if test "x$ac_cv_header_project_h" = x""yes; then :
+  $as_echo "#define HAVE_PROJECT_H 1" >>confdefs.h
+
+	SUDO_LIBS="${SUDO_LIBS} -lproject"
+else
+  -
+fi
+
+
+fi
+ac_fn_c_check_type "$LINENO" "mode_t" "ac_cv_type_mode_t" "$ac_includes_default"
+if test "x$ac_cv_type_mode_t" = x""yes; then :
+
+else
+
+cat >>confdefs.h <<_ACEOF
+#define mode_t int
+_ACEOF
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5
+$as_echo_n "checking for uid_t in sys/types.h... " >&6; }
+if test "${ac_cv_type_uid_t+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "uid_t" >/dev/null 2>&1; then :
+  ac_cv_type_uid_t=yes
+else
+  ac_cv_type_uid_t=no
+fi
+rm -f conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5
+$as_echo "$ac_cv_type_uid_t" >&6; }
+if test $ac_cv_type_uid_t = no; then
+
+$as_echo "#define uid_t int" >>confdefs.h
+
+
+$as_echo "#define gid_t int" >>confdefs.h
+
+fi
+
+ac_fn_c_check_type "$LINENO" "__signed char" "ac_cv_type___signed_char" "$ac_includes_default"
+if test "x$ac_cv_type___signed_char" = x""yes; then :
+
+else
+  ac_fn_c_check_type "$LINENO" "signed char" "ac_cv_type_signed_char" "$ac_includes_default"
+if test "x$ac_cv_type_signed_char" = x""yes; then :
+  $as_echo "#define __signed signed" >>confdefs.h
+
+else
+  $as_echo "#define __signed /**/" >>confdefs.h
+
+fi
+
+fi
+
+ac_fn_c_check_type "$LINENO" "sig_atomic_t" "ac_cv_type_sig_atomic_t" "#include <sys/types.h>
+#include <signal.h>
+"
+if test "x$ac_cv_type_sig_atomic_t" = x""yes; then :
+
+else
+  $as_echo "#define sig_atomic_t int" >>confdefs.h
+
+fi
+
+ac_fn_c_check_type "$LINENO" "sigaction_t" "ac_cv_type_sigaction_t" "#include <sys/types.h>
+#include <signal.h>
+"
+if test "x$ac_cv_type_sigaction_t" = x""yes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_SIGACTION_T 1
+_ACEOF
+
+$as_echo "#define HAVE_SIGACTION_T 1" >>confdefs.h
+
+fi
+
+ac_fn_c_check_type "$LINENO" "struct timespec" "ac_cv_type_struct_timespec" "#include <sys/types.h>
+#if TIME_WITH_SYS_TIME
+# include <sys/time.h>
+#endif
+#include <time.h>
+"
+if test "x$ac_cv_type_struct_timespec" = x""yes; then :
+  $as_echo "#define HAVE_TIMESPEC 1" >>confdefs.h
+
+fi
+
+ac_fn_c_check_type "$LINENO" "struct in6_addr" "ac_cv_type_struct_in6_addr" "#include <sys/types.h>
+#include <netinet/in.h>
+"
+if test "x$ac_cv_type_struct_in6_addr" = x""yes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_IN6_ADDR 1
+_ACEOF
+
+$as_echo "#define HAVE_IN6_ADDR 1" >>confdefs.h
+
+fi
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long long int" >&5
+$as_echo_n "checking for long long int... " >&6; }
+if test "${ac_cv_type_long_long_int+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+  /* For now, do not test the preprocessor; as of 2007 there are too many
+	 implementations with broken preprocessors.  Perhaps this can
+	 be revisited in 2012.  In the meantime, code should not expect
+	 #if to work with literals wider than 32 bits.  */
+      /* Test literals.  */
+      long long int ll = 9223372036854775807ll;
+      long long int nll = -9223372036854775807LL;
+      unsigned long long int ull = 18446744073709551615ULL;
+      /* Test constant expressions.   */
+      typedef int a[((-9223372036854775807LL < 0 && 0 < 9223372036854775807ll)
+		     ? 1 : -1)];
+      typedef int b[(18446744073709551615ULL <= (unsigned long long int) -1
+		     ? 1 : -1)];
+      int i = 63;
+int
+main ()
+{
+/* Test availability of runtime routines for shift and division.  */
+      long long int llmax = 9223372036854775807ll;
+      unsigned long long int ullmax = 18446744073709551615ull;
+      return ((ll << 63) | (ll >> 63) | (ll < i) | (ll > i)
+	      | (llmax / ll) | (llmax % ll)
+	      | (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i)
+	      | (ullmax / ull) | (ullmax % ull));
+  ;
+  return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  			if test "$cross_compiling" = yes; then :
+  ac_cv_type_long_long_int=yes
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <limits.h>
+	       #ifndef LLONG_MAX
+	       # define HALF \
+			(1LL << (sizeof (long long int) * CHAR_BIT - 2))
+	       # define LLONG_MAX (HALF - 1 + HALF)
+	       #endif
+int
+main ()
+{
+long long int n = 1;
+	       int i;
+	       for (i = 0; ; i++)
+		 {
+		   long long int m = n << i;
+		   if (m >> i != n)
+		     return 1;
+		   if (LLONG_MAX / 2 < m)
+		     break;
+		 }
+	       return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  ac_cv_type_long_long_int=yes
+else
+  ac_cv_type_long_long_int=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+else
+  ac_cv_type_long_long_int=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_long_long_int" >&5
+$as_echo "$ac_cv_type_long_long_int" >&6; }
+  if test $ac_cv_type_long_long_int = yes; then
+
+$as_echo "#define HAVE_LONG_LONG_INT 1" >>confdefs.h
+
+  fi
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long int" >&5
+$as_echo_n "checking size of long int... " >&6; }
+if test "${ac_cv_sizeof_long_int+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long int))" "ac_cv_sizeof_long_int"        "$ac_includes_default"; then :
+
+else
+  if test "$ac_cv_type_long_int" = yes; then
+     { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ as_fn_set_status 77
+as_fn_error "cannot compute sizeof (long int)
+See \`config.log' for more details." "$LINENO" 5; }; }
+   else
+     ac_cv_sizeof_long_int=0
+   fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_int" >&5
+$as_echo "$ac_cv_sizeof_long_int" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_LONG_INT $ac_cv_sizeof_long_int
+_ACEOF
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for size_t" >&5
+$as_echo_n "checking for size_t... " >&6; }
+if test "${sudo_cv_type_size_t+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <stdio.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#endif
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "size_t" >/dev/null 2>&1; then :
+  sudo_cv_type_size_t=yes
+else
+  sudo_cv_type_size_t=no
+fi
+rm -f conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_type_size_t" >&5
+$as_echo "$sudo_cv_type_size_t" >&6; }
+if test $sudo_cv_type_size_t = no; then
+
+$as_echo "#define size_t int" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ssize_t" >&5
+$as_echo_n "checking for ssize_t... " >&6; }
+if test "${sudo_cv_type_ssize_t+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <stdio.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#endif
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "ssize_t" >/dev/null 2>&1; then :
+  sudo_cv_type_ssize_t=yes
+else
+  sudo_cv_type_ssize_t=no
+fi
+rm -f conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_type_ssize_t" >&5
+$as_echo "$sudo_cv_type_ssize_t" >&6; }
+if test $sudo_cv_type_ssize_t = no; then
+
+$as_echo "#define ssize_t int" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dev_t" >&5
+$as_echo_n "checking for dev_t... " >&6; }
+if test "${sudo_cv_type_dev_t+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <stdio.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#endif
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "dev_t" >/dev/null 2>&1; then :
+  sudo_cv_type_dev_t=yes
+else
+  sudo_cv_type_dev_t=no
+fi
+rm -f conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_type_dev_t" >&5
+$as_echo "$sudo_cv_type_dev_t" >&6; }
+if test $sudo_cv_type_dev_t = no; then
+
+$as_echo "#define dev_t int" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ino_t" >&5
+$as_echo_n "checking for ino_t... " >&6; }
+if test "${sudo_cv_type_ino_t+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <stdio.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#endif
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "ino_t" >/dev/null 2>&1; then :
+  sudo_cv_type_ino_t=yes
+else
+  sudo_cv_type_ino_t=no
+fi
+rm -f conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_type_ino_t" >&5
+$as_echo "$sudo_cv_type_ino_t" >&6; }
+if test $sudo_cv_type_ino_t = no; then
+
+$as_echo "#define ino_t unsigned int" >>confdefs.h
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking max length of uid_t" >&5
+$as_echo_n "checking max length of uid_t... " >&6; }
+if test "${sudo_cv_uid_t_len+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  rm -f conftestdata
+if test "$cross_compiling" = yes; then :
+  sudo_cv_uid_t_len=10
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdio.h>
+#include <pwd.h>
+#include <limits.h>
+#include <sys/types.h>
+#include <sys/param.h>
+main() {
+  FILE *f;
+  char b[1024];
+  uid_t u = (uid_t) -1;
+
+  if ((f = fopen("conftestdata", "w")) == NULL)
+    exit(1);
+
+  (void) sprintf(b, "%lu", (unsigned long) u);
+  (void) fprintf(f, "%d\n", strlen(b));
+  (void) fclose(f);
+  exit(0);
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  sudo_cv_uid_t_len=`cat conftestdata`
+else
+  sudo_cv_uid_t_len=10
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+fi
+
+rm -f conftestdata
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_uid_t_len" >&5
+$as_echo "$sudo_cv_uid_t_len" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define MAX_UID_T_LEN $sudo_cv_uid_t_len
+_ACEOF
+
+
+
+    ac_fn_c_check_member "$LINENO" "struct sockaddr" "sa_len" "ac_cv_member_struct_sockaddr_sa_len" " #include <sys/types.h>
+	  #include <sys/socket.h>
+
+"
+if test "x$ac_cv_member_struct_sockaddr_sa_len" = x""yes; then :
+
+$as_echo "#define HAVE_SA_LEN 1" >>confdefs.h
+
+fi
+
+
+case "$DEFS" in
+    *"RETSIGTYPE"*)	;;
+    *)			{ $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5
+$as_echo_n "checking return type of signal handlers... " >&6; }
+if test "${ac_cv_type_signal+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <signal.h>
+
+int
+main ()
+{
+return *(signal (0, 0)) (0) == 1;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_type_signal=int
+else
+  ac_cv_type_signal=void
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_signal" >&5
+$as_echo "$ac_cv_type_signal" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define RETSIGTYPE $ac_cv_type_signal
+_ACEOF
+
+;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking type of array argument to getgroups" >&5
+$as_echo_n "checking type of array argument to getgroups... " >&6; }
+if test "${ac_cv_type_getgroups+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test "$cross_compiling" = yes; then :
+  ac_cv_type_getgroups=cross
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+/* Thanks to Mike Rendell for this test.  */
+$ac_includes_default
+#define NGID 256
+#undef MAX
+#define MAX(x, y) ((x) > (y) ? (x) : (y))
+
+int
+main ()
+{
+  gid_t gidset[NGID];
+  int i, n;
+  union { gid_t gval; long int lval; }  val;
+
+  val.lval = -1;
+  for (i = 0; i < NGID; i++)
+    gidset[i] = val.gval;
+  n = getgroups (sizeof (gidset) / MAX (sizeof (int), sizeof (gid_t)) - 1,
+		 gidset);
+  /* Exit non-zero if getgroups seems to require an array of ints.  This
+     happens when gid_t is short int but getgroups modifies an array
+     of ints.  */
+  return n > 0 && gidset[n] != val.gval;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  ac_cv_type_getgroups=gid_t
+else
+  ac_cv_type_getgroups=int
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+if test $ac_cv_type_getgroups = cross; then
+        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <unistd.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "getgroups.*int.*gid_t" >/dev/null 2>&1; then :
+  ac_cv_type_getgroups=gid_t
+else
+  ac_cv_type_getgroups=int
+fi
+rm -f conftest*
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_getgroups" >&5
+$as_echo "$ac_cv_type_getgroups" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define GETGROUPS_T $ac_cv_type_getgroups
+_ACEOF
+
+
+ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default"
+if test "x$ac_cv_type_size_t" = x""yes; then :
+
+else
+
+cat >>confdefs.h <<_ACEOF
+#define size_t unsigned int
+_ACEOF
+
+fi
+
+ac_fn_c_check_func "$LINENO" "getgroups" "ac_cv_func_getgroups"
+if test "x$ac_cv_func_getgroups" = x""yes; then :
+
+fi
+
+
+# If we don't yet have getgroups, see if it's in -lbsd.
+# This is reported to be necessary on an ITOS 3000WS running SEIUX 3.1.
+ac_save_LIBS=$LIBS
+if test $ac_cv_func_getgroups = no; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getgroups in -lbsd" >&5
+$as_echo_n "checking for getgroups in -lbsd... " >&6; }
+if test "${ac_cv_lib_bsd_getgroups+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lbsd  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getgroups ();
+int
+main ()
+{
+return getgroups ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_bsd_getgroups=yes
+else
+  ac_cv_lib_bsd_getgroups=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsd_getgroups" >&5
+$as_echo "$ac_cv_lib_bsd_getgroups" >&6; }
+if test "x$ac_cv_lib_bsd_getgroups" = x""yes; then :
+  GETGROUPS_LIB=-lbsd
+fi
+
+fi
+
+# Run the program to test the functionality of the system-supplied
+# getgroups function only if there is such a function.
+if test $ac_cv_func_getgroups = yes; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working getgroups" >&5
+$as_echo_n "checking for working getgroups... " >&6; }
+if test "${ac_cv_func_getgroups_works+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test "$cross_compiling" = yes; then :
+  ac_cv_func_getgroups_works=no
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+/* On Ultrix 4.3, getgroups (0, 0) always fails.  */
+       return getgroups (0, 0) == -1;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  ac_cv_func_getgroups_works=yes
+else
+  ac_cv_func_getgroups_works=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getgroups_works" >&5
+$as_echo "$ac_cv_func_getgroups_works" >&6; }
+else
+  ac_cv_func_getgroups_works=no
+fi
+if test $ac_cv_func_getgroups_works = yes; then
+
+$as_echo "#define HAVE_GETGROUPS 1" >>confdefs.h
+
+fi
+LIBS=$ac_save_LIBS
+
+for ac_func in strchr strrchr memchr memcpy memset sysconf tzset \
+	       strftime setrlimit initgroups getgroups fstat gettimeofday \
+	       regcomp setlocale getaddrinfo setenv vhangup \
+	       mbr_check_membership setrlimit64
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+for ac_func in getline
+do :
+  ac_fn_c_check_func "$LINENO" "getline" "ac_cv_func_getline"
+if test "x$ac_cv_func_getline" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_GETLINE 1
+_ACEOF
+
+else
+
+    case " $LIBOBJS " in
+  *" getline.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS getline.$ac_objext"
+ ;;
+esac
+
+    for ac_func in fgetln
+do :
+  ac_fn_c_check_func "$LINENO" "fgetln" "ac_cv_func_fgetln"
+if test "x$ac_cv_func_fgetln" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_FGETLN 1
+_ACEOF
+
+fi
+done
+
+
+fi
+done
+
+for ac_func in setsid
+do :
+  ac_fn_c_check_func "$LINENO" "setsid" "ac_cv_func_setsid"
+if test "x$ac_cv_func_setsid" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_SETSID 1
+_ACEOF
+
+else
+
+    case " $LIBOBJS " in
+  *" setsid.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS setsid.$ac_objext"
+ ;;
+esac
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether setpgrp takes no argument" >&5
+$as_echo_n "checking whether setpgrp takes no argument... " >&6; }
+if test "${ac_cv_func_setpgrp_void+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test "$cross_compiling" = yes; then :
+  as_fn_error "cannot check setpgrp when cross compiling" "$LINENO" 5
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+/* If this system has a BSD-style setpgrp which takes arguments,
+  setpgrp(1, 1) will fail with ESRCH and return -1, in that case
+  exit successfully. */
+  return setpgrp (1,1) != -1;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  ac_cv_func_setpgrp_void=no
+else
+  ac_cv_func_setpgrp_void=yes
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_setpgrp_void" >&5
+$as_echo "$ac_cv_func_setpgrp_void" >&6; }
+if test $ac_cv_func_setpgrp_void = yes; then
+
+$as_echo "#define SETPGRP_VOID 1" >>confdefs.h
+
+fi
+
+
+fi
+done
+
+
+for ac_func in sysctl getutid getutxid
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+ break
+fi
+done
+
+
+for ac_func in openpty
+do :
+  ac_fn_c_check_func "$LINENO" "openpty" "ac_cv_func_openpty"
+if test "x$ac_cv_func_openpty" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_OPENPTY 1
+_ACEOF
+ for ac_header in util.h pty.h
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+eval as_val=\$$as_ac_Header
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+ break
+fi
+
+done
+
+else
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openpty in -lutil" >&5
+$as_echo_n "checking for openpty in -lutil... " >&6; }
+if test "${ac_cv_lib_util_openpty+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lutil  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char openpty ();
+int
+main ()
+{
+return openpty ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_util_openpty=yes
+else
+  ac_cv_lib_util_openpty=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_util_openpty" >&5
+$as_echo "$ac_cv_lib_util_openpty" >&6; }
+if test "x$ac_cv_lib_util_openpty" = x""yes; then :
+
+	for ac_header in util.h pty.h
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+eval as_val=\$$as_ac_Header
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+ break
+fi
+
+done
+
+	SUDO_LIBS="${SUDO_LIBS} -lutil"
+	$as_echo "#define HAVE_OPENPTY 1" >>confdefs.h
+
+
+else
+
+	for ac_func in _getpty
+do :
+  ac_fn_c_check_func "$LINENO" "_getpty" "ac_cv_func__getpty"
+if test "x$ac_cv_func__getpty" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE__GETPTY 1
+_ACEOF
+
+else
+
+	    for ac_func in grantpt
+do :
+  ac_fn_c_check_func "$LINENO" "grantpt" "ac_cv_func_grantpt"
+if test "x$ac_cv_func_grantpt" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_GRANTPT 1
+_ACEOF
+
+		for ac_func in posix_openpt
+do :
+  ac_fn_c_check_func "$LINENO" "posix_openpt" "ac_cv_func_posix_openpt"
+if test "x$ac_cv_func_posix_openpt" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_POSIX_OPENPT 1
+_ACEOF
+
+fi
+done
+
+
+else
+
+		for ac_func in revoke
+do :
+  ac_fn_c_check_func "$LINENO" "revoke" "ac_cv_func_revoke"
+if test "x$ac_cv_func_revoke" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_REVOKE 1
+_ACEOF
+
+fi
+done
+
+
+fi
+done
+
+
+fi
+done
+
+
+fi
+
+
+fi
+done
+
+for ac_func in unsetenv
+do :
+  ac_fn_c_check_func "$LINENO" "unsetenv" "ac_cv_func_unsetenv"
+if test "x$ac_cv_func_unsetenv" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_UNSETENV 1
+_ACEOF
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether unsetenv returns void" >&5
+$as_echo_n "checking whether unsetenv returns void... " >&6; }
+if test "${sudo_cv_func_unsetenv_void+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test "$cross_compiling" = yes; then :
+  sudo_cv_func_unsetenv_void=no
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_includes_default
+        int unsetenv();
+
+int
+main ()
+{
+
+        return unsetenv("FOO") != 0;
+
+  ;
+  return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  sudo_cv_func_unsetenv_void=no
+else
+  sudo_cv_func_unsetenv_void=yes
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_unsetenv_void" >&5
+$as_echo "$sudo_cv_func_unsetenv_void" >&6; }
+    if test $sudo_cv_func_unsetenv_void = yes; then
+
+$as_echo "#define UNSETENV_VOID 1" >>confdefs.h
+
+    fi
+
+fi
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether putenv has a const argument" >&5
+$as_echo_n "checking whether putenv has a const argument... " >&6; }
+if test "${sudo_cv_func_putenv_const+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_includes_default
+int putenv(const char *string) {return 0;}
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  sudo_cv_func_putenv_const=yes
+else
+  sudo_cv_func_putenv_const=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_putenv_const" >&5
+$as_echo "$sudo_cv_func_putenv_const" >&6; }
+  if test $sudo_cv_func_putenv_const = yes; then
+
+$as_echo "#define PUTENV_CONST 1" >>confdefs.h
+
+  fi
+
+if test -z "$SKIP_SETRESUID"; then
+    for ac_func in setresuid
+do :
+  ac_fn_c_check_func "$LINENO" "setresuid" "ac_cv_func_setresuid"
+if test "x$ac_cv_func_setresuid" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_SETRESUID 1
+_ACEOF
+ SKIP_SETREUID=yes
+fi
+done
+
+fi
+if test -z "$SKIP_SETREUID"; then
+    for ac_func in setreuid
+do :
+  ac_fn_c_check_func "$LINENO" "setreuid" "ac_cv_func_setreuid"
+if test "x$ac_cv_func_setreuid" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_SETREUID 1
+_ACEOF
+ SKIP_SETEUID=yes
+fi
+done
+
+fi
+if test -z "$SKIP_SETEUID"; then
+    for ac_func in seteuid
+do :
+  ac_fn_c_check_func "$LINENO" "seteuid" "ac_cv_func_seteuid"
+if test "x$ac_cv_func_seteuid" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_SETEUID 1
+_ACEOF
+
+fi
+done
+
+fi
+if test X"$with_interfaces" != X"no"; then
+    for ac_func in getifaddrs
+do :
+  ac_fn_c_check_func "$LINENO" "getifaddrs" "ac_cv_func_getifaddrs"
+if test "x$ac_cv_func_getifaddrs" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_GETIFADDRS 1
+_ACEOF
+ for ac_func in freeifaddrs
+do :
+  ac_fn_c_check_func "$LINENO" "freeifaddrs" "ac_cv_func_freeifaddrs"
+if test "x$ac_cv_func_freeifaddrs" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_FREEIFADDRS 1
+_ACEOF
+
+fi
+done
+
+fi
+done
+
+fi
+if test -z "$BROKEN_GETCWD"; then
+    for ac_func in getcwd
+do :
+  ac_fn_c_check_func "$LINENO" "getcwd" "ac_cv_func_getcwd"
+if test "x$ac_cv_func_getcwd" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_GETCWD 1
+_ACEOF
+
+else
+  case " $LIBOBJS " in
+  *" $ac_func.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS $ac_func.$ac_objext"
+ ;;
+esac
+
+fi
+done
+
+
+fi
+for ac_func in glob
+do :
+  ac_fn_c_check_func "$LINENO" "glob" "ac_cv_func_glob"
+if test "x$ac_cv_func_glob" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_GLOB 1
+_ACEOF
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GLOB_BRACE and GLOB_TILDE in glob.h" >&5
+$as_echo_n "checking for GLOB_BRACE and GLOB_TILDE in glob.h... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <glob.h>
+int
+main ()
+{
+int i = GLOB_BRACE | GLOB_TILDE; (void)i;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  $as_echo "#define HAVE_EXTENDED_GLOB 1" >>confdefs.h
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+  case " $LIBOBJS " in
+  *" glob.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS glob.$ac_objext"
+ ;;
+esac
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+else
+  case " $LIBOBJS " in
+  *" glob.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS glob.$ac_objext"
+ ;;
+esac
+
+fi
+done
+
+for ac_func in lockf flock
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+ break
+fi
+done
+
+for ac_func in waitpid wait3
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+ break
+fi
+done
+
+for ac_func in innetgr _innetgr
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+ for ac_func in getdomainname
+do :
+  ac_fn_c_check_func "$LINENO" "getdomainname" "ac_cv_func_getdomainname"
+if test "x$ac_cv_func_getdomainname" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_GETDOMAINNAME 1
+_ACEOF
+
+fi
+done
+ break
+fi
+done
+
+for ac_func in utimes
+do :
+  ac_fn_c_check_func "$LINENO" "utimes" "ac_cv_func_utimes"
+if test "x$ac_cv_func_utimes" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_UTIMES 1
+_ACEOF
+ for ac_func in futimes futimesat
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+ break
+fi
+done
+
+else
+  for ac_func in futime
+do :
+  ac_fn_c_check_func "$LINENO" "futime" "ac_cv_func_futime"
+if test "x$ac_cv_func_futime" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_FUTIME 1
+_ACEOF
+
+fi
+done
+ case " $LIBOBJS " in
+  *" utimes.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS utimes.$ac_objext"
+ ;;
+esac
+
+fi
+done
+
+for ac_func in killpg
+do :
+  ac_fn_c_check_func "$LINENO" "killpg" "ac_cv_func_killpg"
+if test "x$ac_cv_func_killpg" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_KILLPG 1
+_ACEOF
+
+else
+  case " $LIBOBJS " in
+  *" killpg.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS killpg.$ac_objext"
+ ;;
+esac
+
+fi
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working fnmatch with FNM_CASEFOLD" >&5
+$as_echo_n "checking for working fnmatch with FNM_CASEFOLD... " >&6; }
+if test "${sudo_cv_func_fnmatch+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  rm -f conftestdata; > conftestdata
+if test "$cross_compiling" = yes; then :
+  sudo_cv_func_fnmatch=no
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <fnmatch.h>
+main() { exit(fnmatch("/*/bin/echo *", "/usr/bin/echo just a test", FNM_CASEFOLD)); }
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  sudo_cv_func_fnmatch=yes
+else
+  sudo_cv_func_fnmatch=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+rm -f core core.* *.core
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_fnmatch" >&5
+$as_echo "$sudo_cv_func_fnmatch" >&6; }
+if test $sudo_cv_func_fnmatch = yes; then :
+  $as_echo "#define HAVE_FNMATCH 1" >>confdefs.h
+
+else
+  case " $LIBOBJS " in
+  *" fnmatch.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS fnmatch.$ac_objext"
+ ;;
+esac
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for isblank" >&5
+$as_echo_n "checking for isblank... " >&6; }
+if test "${sudo_cv_func_isblank+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ctype.h>
+int
+main ()
+{
+return (isblank('a'));
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  sudo_cv_func_isblank=yes
+else
+  sudo_cv_func_isblank=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_isblank" >&5
+$as_echo "$sudo_cv_func_isblank" >&6; }
+
+  if test "$sudo_cv_func_isblank" = "yes"; then
+
+$as_echo "#define HAVE_ISBLANK 1" >>confdefs.h
+
+  else
+    case " $LIBOBJS " in
+  *" isblank.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS isblank.$ac_objext"
+ ;;
+esac
+
+  fi
+
+for ac_func in memrchr strerror strcasecmp sigaction strlcpy strlcat
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+else
+  case " $LIBOBJS " in
+  *" $ac_func.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS $ac_func.$ac_objext"
+ ;;
+esac
+
+fi
+done
+
+
+for ac_func in nanosleep
+do :
+  ac_fn_c_check_func "$LINENO" "nanosleep" "ac_cv_func_nanosleep"
+if test "x$ac_cv_func_nanosleep" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_NANOSLEEP 1
+_ACEOF
+
+else
+
+    # On Solaris, nanosleep is in librt
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nanosleep in -lrt" >&5
+$as_echo_n "checking for nanosleep in -lrt... " >&6; }
+if test "${ac_cv_lib_rt_nanosleep+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lrt  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char nanosleep ();
+int
+main ()
+{
+return nanosleep ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_rt_nanosleep=yes
+else
+  ac_cv_lib_rt_nanosleep=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_rt_nanosleep" >&5
+$as_echo "$ac_cv_lib_rt_nanosleep" >&6; }
+if test "x$ac_cv_lib_rt_nanosleep" = x""yes; then :
+  LIBS="${LIBS} -lrt"
+else
+  case " $LIBOBJS " in
+  *" nanosleep.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS nanosleep.$ac_objext"
+ ;;
+esac
+
+fi
+
+
+fi
+done
+
+for ac_func in closefrom
+do :
+  ac_fn_c_check_func "$LINENO" "closefrom" "ac_cv_func_closefrom"
+if test "x$ac_cv_func_closefrom" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_CLOSEFROM 1
+_ACEOF
+
+else
+  case " $LIBOBJS " in
+  *" closefrom.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS closefrom.$ac_objext"
+ ;;
+esac
+
+    ac_fn_c_check_decl "$LINENO" "F_CLOSEM" "ac_cv_have_decl_F_CLOSEM" " #include <limits.h>
+	  #include <fcntl.h>
+"
+if test "x$ac_cv_have_decl_F_CLOSEM" = x""yes; then :
+  $as_echo "#define HAVE_FCNTL_CLOSEM 1" >>confdefs.h
+
+fi
+
+
+fi
+done
+
+for ac_func in mkstemps
+do :
+  ac_fn_c_check_func "$LINENO" "mkstemps" "ac_cv_func_mkstemps"
+if test "x$ac_cv_func_mkstemps" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_MKSTEMPS 1
+_ACEOF
+
+else
+  SUDO_OBJS="${SUDO_OBJS} mkstemps.o"
+    for ac_func in random lrand48
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+ break
+fi
+done
+
+
+fi
+done
+
+for ac_func in snprintf vsnprintf asprintf vasprintf
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+else
+  NEED_SNPRINTF=1
+fi
+done
+
+if test X"$ac_cv_type_struct_timespec" != X"no"; then
+    ac_fn_c_check_member "$LINENO" "struct stat" "st_mtim" "ac_cv_member_struct_stat_st_mtim" "$ac_includes_default"
+if test "x$ac_cv_member_struct_stat_st_mtim" = x""yes; then :
+  $as_echo "#define HAVE_ST_MTIM 1" >>confdefs.h
+
+	ac_fn_c_check_member "$LINENO" "struct stat" "st_mtim.st__tim" "ac_cv_member_struct_stat_st_mtim_st__tim" "$ac_includes_default"
+if test "x$ac_cv_member_struct_stat_st_mtim_st__tim" = x""yes; then :
+  $as_echo "#define HAVE_ST__TIM 1" >>confdefs.h
+
+fi
+
+else
+  ac_fn_c_check_member "$LINENO" "struct stat" "st_mtimespec" "ac_cv_member_struct_stat_st_mtimespec" "$ac_includes_default"
+if test "x$ac_cv_member_struct_stat_st_mtimespec" = x""yes; then :
+  $as_echo "#define HAVE_ST_MTIMESPEC 1" >>confdefs.h
+
+fi
+
+fi
+
+fi
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <$ac_header_dirent>
+int
+main ()
+{
+DIR *d; (void)dirfd(d);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  $as_echo "#define HAVE_DIRFD 1" >>confdefs.h
+
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <$ac_header_dirent>
+int
+main ()
+{
+DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  $as_echo "#define HAVE_DD_FD 1" >>confdefs.h
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+if test -n "$NEED_SNPRINTF"; then
+    case " $LIBOBJS " in
+  *" snprintf.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS snprintf.$ac_objext"
+ ;;
+esac
+
+fi
+ac_fn_c_check_func "$LINENO" "socket" "ac_cv_func_socket"
+if test "x$ac_cv_func_socket" = x""yes; then :
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lsocket" >&5
+$as_echo_n "checking for socket in -lsocket... " >&6; }
+if test "${ac_cv_lib_socket_socket+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsocket  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char socket ();
+int
+main ()
+{
+return socket ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_socket_socket=yes
+else
+  ac_cv_lib_socket_socket=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_socket" >&5
+$as_echo "$ac_cv_lib_socket_socket" >&6; }
+if test "x$ac_cv_lib_socket_socket" = x""yes; then :
+  NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -linet" >&5
+$as_echo_n "checking for socket in -linet... " >&6; }
+if test "${ac_cv_lib_inet_socket+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-linet  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char socket ();
+int
+main ()
+{
+return socket ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_inet_socket=yes
+else
+  ac_cv_lib_inet_socket=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_inet_socket" >&5
+$as_echo "$ac_cv_lib_inet_socket" >&6; }
+if test "x$ac_cv_lib_inet_socket" = x""yes; then :
+  NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unable to find socket() trying -lsocket -lnsl" >&5
+$as_echo "$as_me: WARNING: unable to find socket() trying -lsocket -lnsl" >&2;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lsocket" >&5
+$as_echo_n "checking for socket in -lsocket... " >&6; }
+if test "${ac_cv_lib_socket_socket_lnsl+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsocket -lnsl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char socket ();
+int
+main ()
+{
+return socket ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_socket_socket_lnsl=yes
+else
+  ac_cv_lib_socket_socket_lnsl=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_socket_lnsl" >&5
+$as_echo "$ac_cv_lib_socket_socket_lnsl" >&6; }
+if test "x$ac_cv_lib_socket_socket_lnsl" = x""yes; then :
+  NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"
+fi
+
+fi
+
+fi
+
+fi
+
+ac_fn_c_check_func "$LINENO" "inet_addr" "ac_cv_func_inet_addr"
+if test "x$ac_cv_func_inet_addr" = x""yes; then :
+
+else
+  ac_fn_c_check_func "$LINENO" "__inet_addr" "ac_cv_func___inet_addr"
+if test "x$ac_cv_func___inet_addr" = x""yes; then :
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inet_addr in -lnsl" >&5
+$as_echo_n "checking for inet_addr in -lnsl... " >&6; }
+if test "${ac_cv_lib_nsl_inet_addr+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lnsl  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char inet_addr ();
+int
+main ()
+{
+return inet_addr ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_nsl_inet_addr=yes
+else
+  ac_cv_lib_nsl_inet_addr=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_inet_addr" >&5
+$as_echo "$ac_cv_lib_nsl_inet_addr" >&6; }
+if test "x$ac_cv_lib_nsl_inet_addr" = x""yes; then :
+  NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inet_addr in -linet" >&5
+$as_echo_n "checking for inet_addr in -linet... " >&6; }
+if test "${ac_cv_lib_inet_inet_addr+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-linet  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char inet_addr ();
+int
+main ()
+{
+return inet_addr ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_inet_inet_addr=yes
+else
+  ac_cv_lib_inet_inet_addr=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_inet_inet_addr" >&5
+$as_echo "$ac_cv_lib_inet_inet_addr" >&6; }
+if test "x$ac_cv_lib_inet_inet_addr" = x""yes; then :
+  NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unable to find inet_addr() trying -lsocket -lnsl" >&5
+$as_echo "$as_me: WARNING: unable to find inet_addr() trying -lsocket -lnsl" >&2;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inet_addr in -lsocket" >&5
+$as_echo_n "checking for inet_addr in -lsocket... " >&6; }
+if test "${ac_cv_lib_socket_inet_addr_lnsl+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsocket -lnsl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char inet_addr ();
+int
+main ()
+{
+return inet_addr ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_socket_inet_addr_lnsl=yes
+else
+  ac_cv_lib_socket_inet_addr_lnsl=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_inet_addr_lnsl" >&5
+$as_echo "$ac_cv_lib_socket_inet_addr_lnsl" >&6; }
+if test "x$ac_cv_lib_socket_inet_addr_lnsl" = x""yes; then :
+  NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"
+fi
+
+fi
+
+fi
+
+fi
+
+fi
+
+ac_fn_c_check_func "$LINENO" "syslog" "ac_cv_func_syslog"
+if test "x$ac_cv_func_syslog" = x""yes; then :
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for syslog in -lsocket" >&5
+$as_echo_n "checking for syslog in -lsocket... " >&6; }
+if test "${ac_cv_lib_socket_syslog+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsocket  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char syslog ();
+int
+main ()
+{
+return syslog ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_socket_syslog=yes
+else
+  ac_cv_lib_socket_syslog=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_syslog" >&5
+$as_echo "$ac_cv_lib_socket_syslog" >&6; }
+if test "x$ac_cv_lib_socket_syslog" = x""yes; then :
+  NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for syslog in -lnsl" >&5
+$as_echo_n "checking for syslog in -lnsl... " >&6; }
+if test "${ac_cv_lib_nsl_syslog+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lnsl  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char syslog ();
+int
+main ()
+{
+return syslog ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_nsl_syslog=yes
+else
+  ac_cv_lib_nsl_syslog=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_syslog" >&5
+$as_echo "$ac_cv_lib_nsl_syslog" >&6; }
+if test "x$ac_cv_lib_nsl_syslog" = x""yes; then :
+  NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for syslog in -linet" >&5
+$as_echo_n "checking for syslog in -linet... " >&6; }
+if test "${ac_cv_lib_inet_syslog+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-linet  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char syslog ();
+int
+main ()
+{
+return syslog ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_inet_syslog=yes
+else
+  ac_cv_lib_inet_syslog=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_inet_syslog" >&5
+$as_echo "$ac_cv_lib_inet_syslog" >&6; }
+if test "x$ac_cv_lib_inet_syslog" = x""yes; then :
+  NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"
+fi
+
+fi
+
+fi
+
+fi
+
+for ac_func in getprogname
+do :
+  ac_fn_c_check_func "$LINENO" "getprogname" "ac_cv_func_getprogname"
+if test "x$ac_cv_func_getprogname" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_GETPROGNAME 1
+_ACEOF
+
+else
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __progname" >&5
+$as_echo_n "checking for __progname... " >&6; }
+    if test "${sudo_cv___progname+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+extern char *__progname; (void)puts(__progname);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  sudo_cv___progname=yes
+else
+  sudo_cv___progname=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+
+    if test "$sudo_cv___progname" = "yes"; then
+	$as_echo "#define HAVE___PROGNAME 1" >>confdefs.h
+
+    else
+	case " $LIBOBJS " in
+  *" getprogname.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS getprogname.$ac_objext"
+ ;;
+esac
+
+    fi
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv___progname" >&5
+$as_echo "$sudo_cv___progname" >&6; }
+
+fi
+done
+
+
+for ac_func in strsignal
+do :
+  ac_fn_c_check_func "$LINENO" "strsignal" "ac_cv_func_strsignal"
+if test "x$ac_cv_func_strsignal" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_STRSIGNAL 1
+_ACEOF
+
+else
+
+    case " $LIBOBJS " in
+  *" strsignal.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS strsignal.$ac_objext"
+ ;;
+esac
+
+    HAVE_SIGLIST="false"
+    ac_fn_c_check_decl "$LINENO" "sys_siglist" "ac_cv_have_decl_sys_siglist" "
+$ac_includes_default
+#include <signal.h>
+
+"
+if test "x$ac_cv_have_decl_sys_siglist" = x""yes; then :
+  ac_have_decl=1
+else
+  ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_SYS_SIGLIST $ac_have_decl
+_ACEOF
+if test $ac_have_decl = 1; then :
+
+	HAVE_SIGLIST="true"
+	break
+
+fi
+ac_fn_c_check_decl "$LINENO" "_sys_siglist" "ac_cv_have_decl__sys_siglist" "
+$ac_includes_default
+#include <signal.h>
+
+"
+if test "x$ac_cv_have_decl__sys_siglist" = x""yes; then :
+  ac_have_decl=1
+else
+  ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL__SYS_SIGLIST $ac_have_decl
+_ACEOF
+if test $ac_have_decl = 1; then :
+
+	HAVE_SIGLIST="true"
+	break
+
+fi
+ac_fn_c_check_decl "$LINENO" "__sys_siglist" "ac_cv_have_decl___sys_siglist" "
+$ac_includes_default
+#include <signal.h>
+
+"
+if test "x$ac_cv_have_decl___sys_siglist" = x""yes; then :
+  ac_have_decl=1
+else
+  ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL___SYS_SIGLIST $ac_have_decl
+_ACEOF
+if test $ac_have_decl = 1; then :
+
+	HAVE_SIGLIST="true"
+	break
+
+fi
+
+    if test "$HAVE_SIGLIST" != "true"; then
+	case " $LIBOBJS " in
+  *" siglist.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS siglist.$ac_objext"
+ ;;
+esac
+
+    fi
+
+fi
+done
+
+
+if test ${with_netsvc-"no"} != "no"; then
+    cat >>confdefs.h <<EOF
+#define _PATH_NETSVC_CONF "${with_netsvc-/etc/netsvc.conf}"
+EOF
+
+    netsvc_conf=${with_netsvc-/etc/netsvc.conf}
+elif test ${with_nsswitch-"yes"} != "no"; then
+    cat >>confdefs.h <<EOF
+#define _PATH_NSSWITCH_CONF "${with_nsswitch-/etc/nsswitch.conf}"
+EOF
+
+    nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf}
+fi
+
+
+if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
+    for auth in $AUTH_EXCL_DEF; do
+	case $auth in
+	    AIX_AUTH)	with_aixauth=maybe;;
+	    BSD_AUTH)	with_bsdauth=maybe;;
+	    PAM)	with_pam=maybe;;
+	    SIA)	CHECKSIA=true;;
+	esac
+    done
+fi
+
+if test ${with_pam-"no"} != "no"; then
+                case "$LIBS" in
+	*-ldl*)	SUDO_LIBS="${SUDO_LIBS} -lpam"
+		;;
+	*)	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -ldl" >&5
+$as_echo_n "checking for main in -ldl... " >&6; }
+if test "${ac_cv_lib_dl_main+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+int
+main ()
+{
+return main ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_dl_main=yes
+else
+  ac_cv_lib_dl_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_main" >&5
+$as_echo "$ac_cv_lib_dl_main" >&6; }
+if test "x$ac_cv_lib_dl_main" = x""yes; then :
+  SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"
+else
+  SUDO_LIBS="${SUDO_LIBS} -lpam"
+fi
+
+		ac_cv_lib_dl=ac_cv_lib_dl_main
+		;;
+    esac
+
+                    for ac_header in security/pam_appl.h pam/pam_appl.h
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+eval as_val=\$$as_ac_Header
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+ with_pam=yes; break
+fi
+
+done
+
+    if test "$with_pam" = "yes"; then
+	$as_echo "#define HAVE_PAM 1" >>confdefs.h
+
+	AUTH_OBJS="$AUTH_OBJS pam.o";
+	AUTH_EXCL=PAM
+
+
+# Check whether --with-pam-login was given.
+if test "${with_pam_login+set}" = set; then :
+  withval=$with_pam_login; case $with_pam_login in
+	    yes)	$as_echo "#define HAVE_PAM_LOGIN 1" >>confdefs.h
+
+			{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use PAM login" >&5
+$as_echo_n "checking whether to use PAM login... " >&6; }
+			{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+			;;
+	    no)		;;
+	    *)		as_fn_error "\"--with-pam-login does not take an argument.\"" "$LINENO" 5
+			;;
+	esac
+fi
+
+
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use PAM session support" >&5
+$as_echo_n "checking whether to use PAM session support... " >&6; }
+	# Check whether --enable-pam_session was given.
+if test "${enable_pam_session+set}" = set; then :
+  enableval=$enable_pam_session;  case "$enableval" in
+		yes)	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+			;;
+		no)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define NO_PAM_SESSION /**/" >>confdefs.h
+
+			    ;;
+		*)		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+			    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring unknown argument to --enable-pam-session: $enableval" >&5
+$as_echo "$as_me: WARNING: Ignoring unknown argument to --enable-pam-session: $enableval" >&2;}
+			    ;;
+	    esac
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+
+
+	case $host in
+	    *-*-linux*|*-*-solaris*)
+		    # dgettext() may be defined to dgettext_libintl in the
+		    # header file, so first check that it links w/ additional
+		    # libs, then try with -lintl
+		    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <libintl.h>
+int
+main ()
+{
+(void)dgettext((char *)0, (char *)0);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  $as_echo "#define HAVE_DGETTEXT 1" >>confdefs.h
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dgettext in -lintl" >&5
+$as_echo_n "checking for dgettext in -lintl... " >&6; }
+if test "${ac_cv_lib_intl_dgettext+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lintl  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dgettext ();
+int
+main ()
+{
+return dgettext ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_intl_dgettext=yes
+else
+  ac_cv_lib_intl_dgettext=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_dgettext" >&5
+$as_echo "$ac_cv_lib_intl_dgettext" >&6; }
+if test "x$ac_cv_lib_intl_dgettext" = x""yes; then :
+  LIBS="${LIBS} -lintl"
+			$as_echo "#define HAVE_DGETTEXT 1" >>confdefs.h
+
+fi
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+		    ;;
+	esac
+    fi
+fi
+
+if test ${with_aixauth-'no'} != "no"; then
+    if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: using AIX general authentication" >&5
+$as_echo "$as_me: using AIX general authentication" >&6;}
+	$as_echo "#define HAVE_AIXAUTH 1" >>confdefs.h
+
+	AUTH_OBJS="$AUTH_OBJS aix_auth.o";
+	SUDO_LIBS="${SUDO_LIBS} -ls"
+	AUTH_EXCL=AIX_AUTH
+    fi
+fi
+
+if test ${with_bsdauth-'no'} != "no"; then
+    ac_fn_c_check_header_mongrel "$LINENO" "bsd_auth.h" "ac_cv_header_bsd_auth_h" "$ac_includes_default"
+if test "x$ac_cv_header_bsd_auth_h" = x""yes; then :
+  $as_echo "#define HAVE_BSD_AUTH_H 1" >>confdefs.h
+
+	AUTH_OBJS="$AUTH_OBJS bsdauth.o"
+	BSDAUTH_USAGE='[-a auth_type] '
+	AUTH_EXCL=BSD_AUTH; BAMAN=1
+else
+  as_fn_error "BSD authentication was specified but bsd_auth.h could not be found" "$LINENO" 5
+fi
+
+
+fi
+
+if test ${CHECKSIA-'false'} = "true"; then
+    for ac_func in sia_ses_init
+do :
+  ac_fn_c_check_func "$LINENO" "sia_ses_init" "ac_cv_func_sia_ses_init"
+if test "x$ac_cv_func_sia_ses_init" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_SIA_SES_INIT 1
+_ACEOF
+ found=true
+else
+  found=false
+fi
+done
+
+    if test "$found" = "true"; then
+	AUTH_EXCL=SIA
+	AUTH_OBJS="$AUTH_OBJS sia.o"
+    fi
+fi
+
+if test ${with_fwtk-'no'} != "no"; then
+    if test "$with_fwtk" != "yes"; then
+
+    if test X"$with_rpath" = X"yes"; then
+	case "$host" in
+	    *-*-hpux*)	SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk} -Wl,+b,${with_fwtk}"
+			;;
+	    *)		SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk} -Wl,-R${with_fwtk}"
+			;;
+	esac
+    else
+	SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk}"
+    fi
+    if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then
+	blibpath_add="${blibpath_add}:${with_fwtk}"
+    fi
+
+	CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
+	with_fwtk=yes
+    fi
+    SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall"
+    AUTH_OBJS="$AUTH_OBJS fwtk.o"
+fi
+
+if test ${with_SecurID-'no'} != "no"; then
+    if test "$with_SecurID" != "yes"; then
+	:
+    elif test -d /usr/ace/examples; then
+	with_SecurID=/usr/ace/examples
+    else
+	with_SecurID=/usr/ace
+    fi
+    CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
+    _LDFLAGS="${LDFLAGS}"
+
+    if test X"$with_rpath" = X"yes"; then
+	case "$host" in
+	    *-*-hpux*)	LDFLAGS="${LDFLAGS} -L${with_SecurID} -Wl,+b,${with_SecurID}"
+			;;
+	    *)		LDFLAGS="${LDFLAGS} -L${with_SecurID} -Wl,-R${with_SecurID}"
+			;;
+	esac
+    else
+	LDFLAGS="${LDFLAGS} -L${with_SecurID}"
+    fi
+    if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
+	blibpath_add="${blibpath_add}:${with_SecurID}"
+    fi
+
+    #
+    # Determine whether to use the new or old SecurID API
+    #
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SD_Init in -laceclnt" >&5
+$as_echo_n "checking for SD_Init in -laceclnt... " >&6; }
+if test "${ac_cv_lib_aceclnt_SD_Init_______lpthread_______+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-laceclnt
+	    -lpthread
+
+     $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char SD_Init ();
+int
+main ()
+{
+return SD_Init ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_aceclnt_SD_Init_______lpthread_______=yes
+else
+  ac_cv_lib_aceclnt_SD_Init_______lpthread_______=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_aceclnt_SD_Init_______lpthread_______" >&5
+$as_echo "$ac_cv_lib_aceclnt_SD_Init_______lpthread_______" >&6; }
+if test "x$ac_cv_lib_aceclnt_SD_Init_______lpthread_______" = x""yes; then :
+
+	    AUTH_OBJS="$AUTH_OBJS securid5.o";
+	    SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"
+
+
+
+    if test X"$with_rpath" = X"yes"; then
+	case "$host" in
+	    *-*-hpux*)	SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID} -Wl,+b,${with_SecurID}"
+			;;
+	    *)		SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID} -Wl,-R${with_SecurID}"
+			;;
+	esac
+    else
+	SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID}"
+    fi
+    if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then
+	blibpath_add="${blibpath_add}:${with_SecurID}"
+    fi
+
+
+else
+
+	    AUTH_OBJS="$AUTH_OBJS securid.o";
+	    SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a"
+
+fi
+
+    LDFLAGS="${_LDFLAGS}"
+fi
+
+
+if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
+    for auth in $AUTH_DEF; do
+	case $auth in
+	    passwd)	: ${with_passwd='maybe'};;
+	esac
+    done
+fi
+
+if test ${with_kerb4-'no'} != "no"; then
+    $as_echo "#define HAVE_KERB4 1" >>confdefs.h
+
+                O_LDFLAGS="$LDFLAGS"
+    if test "$with_kerb4" = "yes"; then
+	found=no
+	O_CPPFLAGS="$CPPFLAGS"
+	for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
+	    CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
+	    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <krb.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+  found=yes; break
+fi
+rm -f conftest.err conftest.$ac_ext
+	done
+	test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
+    else
+
+    if test X"$with_rpath" = X"yes"; then
+	case "$host" in
+	    *-*-hpux*)	LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib -Wl,+b,${with_kerb4}/lib"
+			;;
+	    *)		LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib -Wl,-R${with_kerb4}/lib"
+			;;
+	esac
+    else
+	LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib"
+    fi
+    if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
+	blibpath_add="${blibpath_add}:${with_kerb4}/lib"
+    fi
+
+
+    if test X"$with_rpath" = X"yes"; then
+	case "$host" in
+	    *-*-hpux*)	SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb4}/lib -Wl,+b,${with_kerb4}/lib"
+			;;
+	    *)		SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb4}/lib -Wl,-R${with_kerb4}/lib"
+			;;
+	esac
+    else
+	SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb4}/lib"
+    fi
+    if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then
+	blibpath_add="${blibpath_add}:${with_kerb4}/lib"
+    fi
+
+	CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
+	ac_fn_c_check_header_mongrel "$LINENO" "krb.h" "ac_cv_header_krb_h" "$ac_includes_default"
+if test "x$ac_cv_header_krb_h" = x""yes; then :
+  found=yes
+else
+  found=no
+fi
+
+
+    fi
+    if test X"$found" = X"no"; then
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS" >&5
+$as_echo "$as_me: WARNING: Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS" >&2;}
+    fi
+
+                { $as_echo "$as_me:${as_lineno-$LINENO}: checking for des_cbc_encrypt in -ldes" >&5
+$as_echo_n "checking for des_cbc_encrypt in -ldes... " >&6; }
+if test "${ac_cv_lib_des_des_cbc_encrypt+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldes  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char des_cbc_encrypt ();
+int
+main ()
+{
+return des_cbc_encrypt ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_des_des_cbc_encrypt=yes
+else
+  ac_cv_lib_des_des_cbc_encrypt=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_des_des_cbc_encrypt" >&5
+$as_echo "$ac_cv_lib_des_des_cbc_encrypt" >&6; }
+if test "x$ac_cv_lib_des_des_cbc_encrypt" = x""yes; then :
+  K4LIBS="-ldes"
+else
+
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for des_cbc_encrypt in -ldes425" >&5
+$as_echo_n "checking for des_cbc_encrypt in -ldes425... " >&6; }
+if test "${ac_cv_lib_des425_des_cbc_encrypt+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldes425  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char des_cbc_encrypt ();
+int
+main ()
+{
+return des_cbc_encrypt ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_des425_des_cbc_encrypt=yes
+else
+  ac_cv_lib_des425_des_cbc_encrypt=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_des425_des_cbc_encrypt" >&5
+$as_echo "$ac_cv_lib_des425_des_cbc_encrypt" >&6; }
+if test "x$ac_cv_lib_des425_des_cbc_encrypt" = x""yes; then :
+  K4LIBS="-ldes425"
+else
+  K4LIBS=""
+fi
+
+
+fi
+
+                { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using KTH Kerberos IV" >&5
+$as_echo_n "checking whether we are using KTH Kerberos IV... " >&6; }
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <krb.h>
+int
+main ()
+{
+const char *tmp = krb4_version;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+	    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+	    K4LIBS="${K4LIBS} -lcom_err"
+	    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lroken" >&5
+$as_echo_n "checking for main in -lroken... " >&6; }
+if test "${ac_cv_lib_roken_main+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lroken  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+int
+main ()
+{
+return main ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_roken_main=yes
+else
+  ac_cv_lib_roken_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_roken_main" >&5
+$as_echo "$ac_cv_lib_roken_main" >&6; }
+if test "x$ac_cv_lib_roken_main" = x""yes; then :
+  K4LIBS="${K4LIBS} -lroken"
+fi
+
+
+else
+
+	    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+                as_ac_Lib=`$as_echo "ac_cv_lib_krb_main$K4LIBS" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lkrb" >&5
+$as_echo_n "checking for main in -lkrb... " >&6; }
+if { as_var=$as_ac_Lib; eval "test \"\${$as_var+set}\" = set"; }; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lkrb $K4LIBS $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+int
+main ()
+{
+return main ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  eval "$as_ac_Lib=yes"
+else
+  eval "$as_ac_Lib=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+eval ac_res=\$$as_ac_Lib
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+eval as_val=\$$as_ac_Lib
+   if test "x$as_val" = x""yes; then :
+  K4LIBS="-lkrb $K4LIBS"
+else
+
+	as_ac_Lib=`$as_echo "ac_cv_lib_krb4_main$K4LIBS" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lkrb4" >&5
+$as_echo_n "checking for main in -lkrb4... " >&6; }
+if { as_var=$as_ac_Lib; eval "test \"\${$as_var+set}\" = set"; }; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lkrb4 $K4LIBS $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+int
+main ()
+{
+return main ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  eval "$as_ac_Lib=yes"
+else
+  eval "$as_ac_Lib=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+eval ac_res=\$$as_ac_Lib
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+eval as_val=\$$as_ac_Lib
+   if test "x$as_val" = x""yes; then :
+  K4LIBS="-lkrb4 $K4LIBS"
+else
+  K4LIBS="-lkrb $K4LIBS"
+	    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS" >&5
+$as_echo "$as_me: WARNING: Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS" >&2;}
+
+fi
+
+
+fi
+
+    LDFLAGS="$O_LDFLAGS"
+    SUDO_LIBS="${SUDO_LIBS} $K4LIBS"
+    AUTH_OBJS="$AUTH_OBJS kerb4.o"
+fi
+
+if test ${with_kerb5-'no'} != "no"; then
+    # Extract the first word of "krb5-config", so it can be a program name with args.
+set dummy krb5-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_KRB5CONFIG+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$KRB5CONFIG"; then
+  ac_cv_prog_KRB5CONFIG="$KRB5CONFIG" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_KRB5CONFIG="yes"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  test -z "$ac_cv_prog_KRB5CONFIG" && ac_cv_prog_KRB5CONFIG=""""
+fi
+fi
+KRB5CONFIG=$ac_cv_prog_KRB5CONFIG
+if test -n "$KRB5CONFIG"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KRB5CONFIG" >&5
+$as_echo "$KRB5CONFIG" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    if test -n "$KRB5CONFIG"; then
+	$as_echo "#define HAVE_KERB5 1" >>confdefs.h
+
+	AUTH_OBJS="$AUTH_OBJS kerb5.o"
+	CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
+	SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`"
+				{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5
+$as_echo_n "checking whether we are using Heimdal... " >&6; }
+	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <krb5.h>
+int
+main ()
+{
+const char *tmp = heimdal_version;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		$as_echo "#define HAVE_HEIMDAL 1" >>confdefs.h
+
+
+else
+
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+    fi
+fi
+if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then
+    $as_echo "#define HAVE_KERB5 1" >>confdefs.h
+
+                if test "$with_kerb5" = "yes"; then
+	found=no
+	O_CPPFLAGS="$CPPFLAGS"
+	for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
+	    CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
+	    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <krb5.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+  found=yes; break
+fi
+rm -f conftest.err conftest.$ac_ext
+	done
+	if test X"$found" = X"no"; then
+	    CPPFLAGS="$O_CPPFLAGS"
+	    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS" >&5
+$as_echo "$as_me: WARNING: Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS" >&2;}
+	fi
+    else
+
+    if test X"$with_rpath" = X"yes"; then
+	case "$host" in
+	    *-*-hpux*)	SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb5}/lib -Wl,+b,${with_kerb5}/lib"
+			;;
+	    *)		SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb5}/lib -Wl,-R${with_kerb5}/lib"
+			;;
+	esac
+    else
+	SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb5}/lib"
+    fi
+    if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then
+	blibpath_add="${blibpath_add}:${with_kerb5}/lib"
+    fi
+
+	CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
+    fi
+
+                { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5
+$as_echo_n "checking whether we are using Heimdal... " >&6; }
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <krb5.h>
+int
+main ()
+{
+const char *tmp = heimdal_version;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+	    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+	    $as_echo "#define HAVE_HEIMDAL 1" >>confdefs.h
+
+	    # XXX - need to check whether -lcrypo is needed!
+	    SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
+	    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lroken" >&5
+$as_echo_n "checking for main in -lroken... " >&6; }
+if test "${ac_cv_lib_roken_main+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lroken  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+int
+main ()
+{
+return main ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_roken_main=yes
+else
+  ac_cv_lib_roken_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_roken_main" >&5
+$as_echo "$ac_cv_lib_roken_main" >&6; }
+if test "x$ac_cv_lib_roken_main" = x""yes; then :
+  SUDO_LIBS="${SUDO_LIBS} -lroken"
+fi
+
+
+else
+
+	    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+	    SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
+	    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lkrb5support" >&5
+$as_echo_n "checking for main in -lkrb5support... " >&6; }
+if test "${ac_cv_lib_krb5support_main+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lkrb5support  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+int
+main ()
+{
+return main ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_krb5support_main=yes
+else
+  ac_cv_lib_krb5support_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_krb5support_main" >&5
+$as_echo "$ac_cv_lib_krb5support_main" >&6; }
+if test "x$ac_cv_lib_krb5support_main" = x""yes; then :
+  SUDO_LIBS="${SUDO_LIBS} -lkrb5support"
+fi
+
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+    AUTH_OBJS="$AUTH_OBJS kerb5.o"
+    _LIBS="$LIBS"
+    LIBS="${LIBS} ${SUDO_LIBS}"
+    for ac_func in krb5_verify_user krb5_init_secure_context
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+    for ac_func in krb5_get_init_creds_opt_alloc
+do :
+  ac_fn_c_check_func "$LINENO" "krb5_get_init_creds_opt_alloc" "ac_cv_func_krb5_get_init_creds_opt_alloc"
+if test "x$ac_cv_func_krb5_get_init_creds_opt_alloc" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC 1
+_ACEOF
+
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether krb5_get_init_creds_opt_free takes a context" >&5
+$as_echo_n "checking whether krb5_get_init_creds_opt_free takes a context... " >&6; }
+if test "${sudo_cv_krb5_get_init_creds_opt_free_two_args+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+
+	       cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <krb5.h>
+int
+main ()
+{
+krb5_get_init_creds_opt_free(NULL, NULL);
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  sudo_cv_krb5_get_init_creds_opt_free_two_args=yes
+else
+  sudo_cv_krb5_get_init_creds_opt_free_two_args=no
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_krb5_get_init_creds_opt_free_two_args" >&5
+$as_echo "$sudo_cv_krb5_get_init_creds_opt_free_two_args" >&6; }
+
+fi
+done
+
+    if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then
+  	$as_echo "#define HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS 1" >>confdefs.h
+
+    fi
+    LIBS="$_LIBS"
+fi
+
+if test ${with_AFS-'no'} = "yes"; then
+
+    # looks like the "standard" place for AFS libs is /usr/afsws/lib
+    AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
+    for i in $AFSLIBDIRS; do
+	if test -d ${i}; then
+
+    if test X"$with_rpath" = X"yes"; then
+	case "$host" in
+	    *-*-hpux*)	SUDO_LDFLAGS="${SUDO_LDFLAGS} -L$i -Wl,+b,$i"
+			;;
+	    *)		SUDO_LDFLAGS="${SUDO_LDFLAGS} -L$i -Wl,-R$i"
+			;;
+	esac
+    else
+	SUDO_LDFLAGS="${SUDO_LDFLAGS} -L$i"
+    fi
+    if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then
+	blibpath_add="${blibpath_add}:$i"
+    fi
+
+	    FOUND_AFSLIBDIR=true
+	fi
+    done
+    if test -z "$FOUND_AFSLIBDIR"; then
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options." >&5
+$as_echo "$as_me: WARNING: Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options." >&2;}
+    fi
+
+    # Order is important here.  Note that we build AFS_LIBS from right to left
+    # since AFS_LIBS may be initialized with BSD compat libs that must go last
+    AFS_LIBS="-laudit ${AFS_LIBS}"
+    for i in $AFSLIBDIRS; do
+	if test -f ${i}/util.a; then
+	    AFS_LIBS="${i}/util.a ${AFS_LIBS}"
+	    FOUND_UTIL_A=true
+	    break;
+	fi
+    done
+    if test -z "$FOUND_UTIL_A"; then
+	AFS_LIBS="-lutil ${AFS_LIBS}"
+    fi
+    AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
+
+    # AFS includes may live in /usr/include on some machines...
+    for i in /usr/afsws/include; do
+	if test -d ${i}; then
+	    CPPFLAGS="${CPPFLAGS} -I${i}"
+	    FOUND_AFSINCDIR=true
+	fi
+    done
+
+    if test -z "$FOUND_AFSLIBDIR"; then
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options." >&5
+$as_echo "$as_me: WARNING: Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options." >&2;}
+    fi
+
+    AUTH_OBJS="$AUTH_OBJS afs.o"
+fi
+
+if test ${with_DCE-'no'} = "yes"; then
+    DCE_OBJS="${DCE_OBJS} dce_pwent.o"
+    SUDO_LIBS="${SUDO_LIBS} -ldce"
+    AUTH_OBJS="$AUTH_OBJS dce.o"
+fi
+
+if test ${with_skey-'no'} = "yes"; then
+    O_LDFLAGS="$LDFLAGS"
+    if test "$with_skey" != "yes"; then
+	CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
+
+    if test X"$with_rpath" = X"yes"; then
+	case "$host" in
+	    *-*-hpux*)	LDFLAGS="${LDFLAGS} -L${with_skey}/lib -Wl,+b,${with_skey}/lib"
+			;;
+	    *)		LDFLAGS="${LDFLAGS} -L${with_skey}/lib -Wl,-R${with_skey}/lib"
+			;;
+	esac
+    else
+	LDFLAGS="${LDFLAGS} -L${with_skey}/lib"
+    fi
+    if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
+	blibpath_add="${blibpath_add}:${with_skey}/lib"
+    fi
+
+
+    if test X"$with_rpath" = X"yes"; then
+	case "$host" in
+	    *-*-hpux*)	SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_skey}/lib -Wl,+b,${with_skey}/lib"
+			;;
+	    *)		SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_skey}/lib -Wl,-R${with_skey}/lib"
+			;;
+	esac
+    else
+	SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_skey}/lib"
+    fi
+    if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then
+	blibpath_add="${blibpath_add}:${with_skey}/lib"
+    fi
+
+	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <skey.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+  found=yes
+else
+  found=no
+fi
+rm -f conftest.err conftest.$ac_ext
+    else
+	found=no
+	O_CPPFLAGS="$CPPFLAGS"
+	for dir in "" "/usr/local" "/usr/contrib"; do
+	    test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
+	    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <skey.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+  found=yes; break
+fi
+rm -f conftest.err conftest.$ac_ext
+	done
+	if test "$found" = "no" -o -z "$dir"; then
+	    CPPFLAGS="$O_CPPFLAGS"
+	else
+
+    if test X"$with_rpath" = X"yes"; then
+	case "$host" in
+	    *-*-hpux*)	LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib"
+			;;
+	    *)		LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib"
+			;;
+	esac
+    else
+	LDFLAGS="${LDFLAGS} -L${dir}/lib"
+    fi
+    if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
+	blibpath_add="${blibpath_add}:${dir}/lib"
+    fi
+
+
+    if test X"$with_rpath" = X"yes"; then
+	case "$host" in
+	    *-*-hpux*)	SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib"
+			;;
+	    *)		SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib"
+			;;
+	esac
+    else
+	SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib"
+    fi
+    if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then
+	blibpath_add="${blibpath_add}:${dir}/lib"
+    fi
+
+	fi
+    fi
+    if test "$found" = "no"; then
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS" >&5
+$as_echo "$as_me: WARNING: Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS" >&2;}
+    fi
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lskey" >&5
+$as_echo_n "checking for main in -lskey... " >&6; }
+if test "${ac_cv_lib_skey_main+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lskey  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+int
+main ()
+{
+return main ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_skey_main=yes
+else
+  ac_cv_lib_skey_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_skey_main" >&5
+$as_echo "$ac_cv_lib_skey_main" >&6; }
+if test "x$ac_cv_lib_skey_main" = x""yes; then :
+  found=yes
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS" >&5
+$as_echo "$as_me: WARNING: Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS" >&2;}
+fi
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for skeyaccess in -lskey" >&5
+$as_echo_n "checking for skeyaccess in -lskey... " >&6; }
+if test "${ac_cv_lib_skey_skeyaccess+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lskey  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char skeyaccess ();
+int
+main ()
+{
+return skeyaccess ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_skey_skeyaccess=yes
+else
+  ac_cv_lib_skey_skeyaccess=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_skey_skeyaccess" >&5
+$as_echo "$ac_cv_lib_skey_skeyaccess" >&6; }
+if test "x$ac_cv_lib_skey_skeyaccess" = x""yes; then :
+  $as_echo "#define HAVE_SKEYACCESS 1" >>confdefs.h
+
+fi
+
+    LDFLAGS="$O_LDFLAGS"
+    SUDO_LIBS="${SUDO_LIBS} -lskey"
+    AUTH_OBJS="$AUTH_OBJS rfc1938.o"
+fi
+
+if test ${with_opie-'no'} = "yes"; then
+    O_LDFLAGS="$LDFLAGS"
+    if test "$with_opie" != "yes"; then
+	CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
+
+    if test X"$with_rpath" = X"yes"; then
+	case "$host" in
+	    *-*-hpux*)	LDFLAGS="${LDFLAGS} -L${with_opie}/lib -Wl,+b,${with_opie}/lib"
+			;;
+	    *)		LDFLAGS="${LDFLAGS} -L${with_opie}/lib -Wl,-R${with_opie}/lib"
+			;;
+	esac
+    else
+	LDFLAGS="${LDFLAGS} -L${with_opie}/lib"
+    fi
+    if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
+	blibpath_add="${blibpath_add}:${with_opie}/lib"
+    fi
+
+
+    if test X"$with_rpath" = X"yes"; then
+	case "$host" in
+	    *-*-hpux*)	SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_opie}/lib -Wl,+b,${with_opie}/lib"
+			;;
+	    *)		SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_opie}/lib -Wl,-R${with_opie}/lib"
+			;;
+	esac
+    else
+	SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_opie}/lib"
+    fi
+    if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then
+	blibpath_add="${blibpath_add}:${with_opie}/lib"
+    fi
+
+	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <opie.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+  found=yes
+else
+  found=no
+fi
+rm -f conftest.err conftest.$ac_ext
+    else
+	found=no
+	O_CPPFLAGS="$CPPFLAGS"
+	for dir in "" "/usr/local" "/usr/contrib"; do
+	    test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
+	    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <opie.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+  found=yes; break
+fi
+rm -f conftest.err conftest.$ac_ext
+	done
+	if test "$found" = "no" -o -z "$dir"; then
+	    CPPFLAGS="$O_CPPFLAGS"
+	else
+
+    if test X"$with_rpath" = X"yes"; then
+	case "$host" in
+	    *-*-hpux*)	LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib"
+			;;
+	    *)		LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib"
+			;;
+	esac
+    else
+	LDFLAGS="${LDFLAGS} -L${dir}/lib"
+    fi
+    if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
+	blibpath_add="${blibpath_add}:${dir}/lib"
+    fi
+
+
+    if test X"$with_rpath" = X"yes"; then
+	case "$host" in
+	    *-*-hpux*)	SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib"
+			;;
+	    *)		SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib"
+			;;
+	esac
+    else
+	SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib"
+    fi
+    if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then
+	blibpath_add="${blibpath_add}:${dir}/lib"
+    fi
+
+	fi
+    fi
+    if test "$found" = "no"; then
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS" >&5
+$as_echo "$as_me: WARNING: Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS" >&2;}
+    fi
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lopie" >&5
+$as_echo_n "checking for main in -lopie... " >&6; }
+if test "${ac_cv_lib_opie_main+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lopie  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+int
+main ()
+{
+return main ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_opie_main=yes
+else
+  ac_cv_lib_opie_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_opie_main" >&5
+$as_echo "$ac_cv_lib_opie_main" >&6; }
+if test "x$ac_cv_lib_opie_main" = x""yes; then :
+  found=yes
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS" >&5
+$as_echo "$as_me: WARNING: Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS" >&2;}
+fi
+
+    LDFLAGS="$O_LDFLAGS"
+    SUDO_LIBS="${SUDO_LIBS} -lopie"
+    AUTH_OBJS="$AUTH_OBJS rfc1938.o"
+fi
+
+if test ${with_passwd-'no'} != "no"; then
+                if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing crypt" >&5
+$as_echo_n "checking for library containing crypt... " >&6; }
+if test "${ac_cv_search_crypt+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char crypt ();
+int
+main ()
+{
+return crypt ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' crypt crypt_d ufc; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_search_crypt=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext
+  if test "${ac_cv_search_crypt+set}" = set; then :
+  break
+fi
+done
+if test "${ac_cv_search_crypt+set}" = set; then :
+
+else
+  ac_cv_search_crypt=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_crypt" >&5
+$as_echo "$ac_cv_search_crypt" >&6; }
+ac_res=$ac_cv_search_crypt
+if test "$ac_res" != no; then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+  test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"
+fi
+
+    fi
+
+    if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
+	_LIBS="$LIBS"
+	LIBS="$LIBS $shadow_libs"
+	found=no
+	for ac_func in $shadow_funcs
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+ found=yes
+fi
+done
+
+	if test "$found" = "yes"; then
+	    SUDO_LIBS="$SUDO_LIBS $shadow_libs"
+	elif test -n "$shadow_libs_optional"; then
+	    LIBS="$LIBS $shadow_libs_optional"
+	    for ac_func in $shadow_funcs
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+ found=yes
+fi
+done
+
+	    if test "$found" = "yes"; then
+		SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional"
+	    fi
+	fi
+	if test "$found" = "yes"; then
+	    case "$shadow_funcs" in
+		*getprpwnam*) SECUREWARE=1;;
+	    esac
+	    test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
+	else
+	    LIBS="$_LIBS"
+	fi
+	CHECKSHADOW=false
+    fi
+    if test "$CHECKSHADOW" = "true"; then
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing getspnam" >&5
+$as_echo_n "checking for library containing getspnam... " >&6; }
+if test "${ac_cv_search_getspnam+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getspnam ();
+int
+main ()
+{
+return getspnam ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' gen; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_search_getspnam=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext
+  if test "${ac_cv_search_getspnam+set}" = set; then :
+  break
+fi
+done
+if test "${ac_cv_search_getspnam+set}" = set; then :
+
+else
+  ac_cv_search_getspnam=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getspnam" >&5
+$as_echo "$ac_cv_search_getspnam" >&6; }
+ac_res=$ac_cv_search_getspnam
+if test "$ac_res" != no; then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+  $as_echo "#define HAVE_GETSPNAM 1" >>confdefs.h
+ CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"
+fi
+
+    fi
+    if test "$CHECKSHADOW" = "true"; then
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing getprpwnam" >&5
+$as_echo_n "checking for library containing getprpwnam... " >&6; }
+if test "${ac_cv_search_getprpwnam+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char getprpwnam ();
+int
+main ()
+{
+return getprpwnam ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' sec security prot; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_search_getprpwnam=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext
+  if test "${ac_cv_search_getprpwnam+set}" = set; then :
+  break
+fi
+done
+if test "${ac_cv_search_getprpwnam+set}" = set; then :
+
+else
+  ac_cv_search_getprpwnam=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getprpwnam" >&5
+$as_echo "$ac_cv_search_getprpwnam" >&6; }
+ac_res=$ac_cv_search_getprpwnam
+if test "$ac_res" != no; then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+  $as_echo "#define HAVE_GETPRPWNAM 1" >>confdefs.h
+ CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"
+fi
+
+    fi
+    if test -n "$SECUREWARE"; then
+	for ac_func in bigcrypt set_auth_parameters initprivs
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+	AUTH_OBJS="$AUTH_OBJS secureware.o"
+    fi
+fi
+
+if test ${with_ldap-'no'} != "no"; then
+    _LDFLAGS="$LDFLAGS"
+    if test "$with_ldap" != "yes"; then
+
+    if test X"$with_rpath" = X"yes"; then
+	case "$host" in
+	    *-*-hpux*)	SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_ldap}/lib -Wl,+b,${with_ldap}/lib"
+			;;
+	    *)		SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_ldap}/lib -Wl,-R${with_ldap}/lib"
+			;;
+	esac
+    else
+	SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_ldap}/lib"
+    fi
+    if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then
+	blibpath_add="${blibpath_add}:${with_ldap}/lib"
+    fi
+
+
+    if test X"$with_rpath" = X"yes"; then
+	case "$host" in
+	    *-*-hpux*)	LDFLAGS="${LDFLAGS} -L${with_ldap}/lib -Wl,+b,${with_ldap}/lib"
+			;;
+	    *)		LDFLAGS="${LDFLAGS} -L${with_ldap}/lib -Wl,-R${with_ldap}/lib"
+			;;
+	esac
+    else
+	LDFLAGS="${LDFLAGS} -L${with_ldap}/lib"
+    fi
+    if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
+	blibpath_add="${blibpath_add}:${with_ldap}/lib"
+    fi
+
+	CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
+	with_ldap=yes
+    fi
+    SUDO_OBJS="${SUDO_OBJS} ldap.o"
+    LDAP=""
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LDAP libraries" >&5
+$as_echo_n "checking for LDAP libraries... " >&6; }
+    LDAP_LIBS=""
+    _LIBS="$LIBS"
+    found=no
+    for l in -lldap -llber '-lssl -lcrypto'; do
+	LIBS="${LIBS} $l"
+	LDAP_LIBS="${LDAP_LIBS} $l"
+	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+	#include <lber.h>
+	#include <ldap.h>
+int
+main ()
+{
+(void)ldap_init(0, 0)
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  found=yes; break
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+    done
+        if test "$found" = "no"; then
+	LIBS="${_LIBS} -lldap"
+	LDAP_LIBS="-lldap"
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: not found, using -lldap" >&5
+$as_echo "not found, using -lldap" >&6; }
+    else
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $LDAP_LIBS" >&5
+$as_echo "$LDAP_LIBS" >&6; }
+    fi
+        OLIBS="$LIBS"
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing ber_set_option" >&5
+$as_echo_n "checking for library containing ber_set_option... " >&6; }
+if test "${ac_cv_search_ber_set_option+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char ber_set_option ();
+int
+main ()
+{
+return ber_set_option ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' lber; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_search_ber_set_option=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext
+  if test "${ac_cv_search_ber_set_option+set}" = set; then :
+  break
+fi
+done
+if test "${ac_cv_search_ber_set_option+set}" = set; then :
+
+else
+  ac_cv_search_ber_set_option=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_ber_set_option" >&5
+$as_echo "$ac_cv_search_ber_set_option" >&6; }
+ac_res=$ac_cv_search_ber_set_option
+if test "$ac_res" != no; then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+  found=yes
+else
+  found=no
+fi
+
+    if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
+	LDAP_LIBS="$LDAP_LIBS -llber"
+    fi
+        { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether lber.h is needed" >&5
+$as_echo_n "checking whether lber.h is needed... " >&6; }
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+    #include <ldap.h>
+int
+main ()
+{
+(void)ldap_init(0, 0)
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+    $as_echo "#define HAVE_LBER_H 1" >>confdefs.h
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+
+    for ac_header in sasl/sasl.h sasl.h
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+eval as_val=\$$as_ac_Header
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+ for ac_func in ldap_sasl_interactive_bind_s
+do :
+  ac_fn_c_check_func "$LINENO" "ldap_sasl_interactive_bind_s" "ac_cv_func_ldap_sasl_interactive_bind_s"
+if test "x$ac_cv_func_ldap_sasl_interactive_bind_s" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_LDAP_SASL_INTERACTIVE_BIND_S 1
+_ACEOF
+
+fi
+done
+
+else
+  break
+fi
+
+done
+
+    for ac_header in ldap_ssl.h mps/ldap_ssl.h
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include <ldap.h>
+"
+eval as_val=\$$as_ac_Header
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+ break
+fi
+
+done
+
+    for ac_func in ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_search_ext_s ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_client_init ldap_start_tls_s_np
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+    if test X"$check_gss_krb5_ccache_name" = X"yes"; then
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_krb5_ccache_name in -lgssapi" >&5
+$as_echo_n "checking for gss_krb5_ccache_name in -lgssapi... " >&6; }
+if test "${ac_cv_lib_gssapi_gss_krb5_ccache_name+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgssapi  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gss_krb5_ccache_name ();
+int
+main ()
+{
+return gss_krb5_ccache_name ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_gssapi_gss_krb5_ccache_name=yes
+else
+  ac_cv_lib_gssapi_gss_krb5_ccache_name=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_gss_krb5_ccache_name" >&5
+$as_echo "$ac_cv_lib_gssapi_gss_krb5_ccache_name" >&6; }
+if test "x$ac_cv_lib_gssapi_gss_krb5_ccache_name" = x""yes; then :
+  $as_echo "#define HAVE_GSS_KRB5_CCACHE_NAME 1" >>confdefs.h
+
+	    LDAP_LIBS="${LDAP_LIBS} -lgssapi"
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gss_krb5_ccache_name in -lgssapi_krb5" >&5
+$as_echo_n "checking for gss_krb5_ccache_name in -lgssapi_krb5... " >&6; }
+if test "${ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lgssapi_krb5  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gss_krb5_ccache_name ();
+int
+main ()
+{
+return gss_krb5_ccache_name ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name=yes
+else
+  ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name" >&5
+$as_echo "$ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name" >&6; }
+if test "x$ac_cv_lib_gssapi_krb5_gss_krb5_ccache_name" = x""yes; then :
+  $as_echo "#define HAVE_GSS_KRB5_CCACHE_NAME 1" >>confdefs.h
+
+		LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"
+fi
+
+
+fi
+
+
+	# gssapi headers may be separate or part of Kerberos V
+	found=no
+	O_CPPFLAGS="$CPPFLAGS"
+	for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do
+	    test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
+	    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <gssapi/gssapi.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+  found="gssapi/gssapi.h"; break
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <gssapi.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+  found="gssapi.h"; break
+fi
+rm -f conftest.err conftest.$ac_ext
+fi
+rm -f conftest.err conftest.$ac_ext
+	done
+	if test X"$found" != X"no"; then
+	    for ac_header in $found
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+eval as_val=\$$as_ac_Header
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+	    if test X"$found" = X"gssapi/gssapi.h"; then
+		for ac_header in gssapi/gssapi_krb5.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "gssapi/gssapi_krb5.h" "ac_cv_header_gssapi_gssapi_krb5_h" "$ac_includes_default"
+if test "x$ac_cv_header_gssapi_gssapi_krb5_h" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_GSSAPI_GSSAPI_KRB5_H 1
+_ACEOF
+
+fi
+
+done
+
+	    fi
+	else
+	    CPPFLAGS="$O_CPPFLAGS"
+	    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS" >&5
+$as_echo "$as_me: WARNING: Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS" >&2;}
+	fi
+    fi
+
+    SUDO_LIBS="${SUDO_LIBS} ${LDAP_LIBS}"
+    LIBS="$_LIBS"
+    LDFLAGS="$_LDFLAGS"
+fi
+
+if test X"$LIBVAS_RPATH" != X""; then
+    if test -n "$blibpath"; then
+	blibpath_add="${blibpath_add}:$LIBVAS_RPATH"
+    else
+	case "$host" in
+	    *-*-hpux*)	LDFLAGS="$LDFLAGS -Wl,+b,$LIBVAS_RPATH"
+			;;
+	    *)		LDFLAGS="$LDFLAGS -Wl,-R$LIBVAS_RPATH"
+			;;
+	esac
+    fi
+fi
+
+if test -n "$blibpath"; then
+    if test -n "$blibpath_add"; then
+    	SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
+    elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
+    	SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}"
+    fi
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for log file location" >&5
+$as_echo_n "checking for log file location... " >&6; }
+if test -n "$with_logpath"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_logpath" >&5
+$as_echo "$with_logpath" >&6; }
+    cat >>confdefs.h <<EOF
+#define _PATH_SUDO_LOGFILE "$with_logpath"
+EOF
+
+elif test -d "/var/log"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: /var/log/sudo.log" >&5
+$as_echo "/var/log/sudo.log" >&6; }
+    cat >>confdefs.h <<\EOF
+#define _PATH_SUDO_LOGFILE "/var/log/sudo.log"
+EOF
+
+elif test -d "/var/adm"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: /var/adm/sudo.log" >&5
+$as_echo "/var/adm/sudo.log" >&6; }
+    cat >>confdefs.h <<\EOF
+#define _PATH_SUDO_LOGFILE "/var/adm/sudo.log"
+EOF
+
+elif test -d "/usr/adm"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: /usr/adm/sudo.log" >&5
+$as_echo "/usr/adm/sudo.log" >&6; }
+    cat >>confdefs.h <<\EOF
+#define _PATH_SUDO_LOGFILE "/usr/adm/sudo.log"
+EOF
+
+else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: unknown" >&5
+$as_echo "unknown" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for timestamp file location" >&5
+$as_echo_n "checking for timestamp file location... " >&6; }
+timedir="$with_timedir"
+if test -z "$timedir"; then
+    for d in /var/db /var/lib /var/adm /usr/adm; do
+	if test -d "$d"; then
+	    timedir="$d/sudo"
+	    break
+	fi
+    done
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $timedir" >&5
+$as_echo "$timedir" >&6; }
+cat >>confdefs.h <<EOF
+#define _PATH_SUDO_TIMEDIR "$timedir"
+EOF
+
+
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for I/O log dir location" >&5
+$as_echo_n "checking for I/O log dir location... " >&6; }
+    if test "${with_iologdir-yes}" != "yes"; then
+	:
+    elif test -d "/var/log"; then
+	with_iologdir="/var/log/sudo-io"
+    elif test -d "/var/adm"; then
+	with_iologdir="/var/adm/sudo-io"
+    else
+	with_iologdir="/usr/adm/sudo-io"
+    fi
+    if test "${with_iologdir-yes}" != "no"; then
+	cat >>confdefs.h <<EOF
+#define _PATH_SUDO_IO_LOGDIR "$with_iologdir"
+EOF
+
+    fi
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_iologdir" >&5
+$as_echo "$with_iologdir" >&6; }
+
+
+if test "${with_iologdir-yes}" != "no"; then
+    # Require POSIX job control for I/O log support
+    for ac_func in tcsetpgrp
+do :
+  ac_fn_c_check_func "$LINENO" "tcsetpgrp" "ac_cv_func_tcsetpgrp"
+if test "x$ac_cv_func_tcsetpgrp" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_TCSETPGRP 1
+_ACEOF
+
+	SUDO_OBJS="${SUDO_OBJS} exec_pty.o get_pty.o iolog.o"
+	PROGS="$PROGS sudoreplay"
+	REPLAY=""
+
+	# Check whether --enable-zlib was given.
+if test "${enable_zlib+set}" = set; then :
+  enableval=$enable_zlib;  case "$enable_zlib" in
+	    yes)    $as_echo "#define HAVE_ZLIB_H 1" >>confdefs.h
+
+		    ZLIB="-lz"
+		    ;;
+	    no)	    ;;
+	    *)	    $as_echo "#define HAVE_ZLIB_H 1" >>confdefs.h
+
+		    CPPFLAGS="${CPPFLAGS} -I${enable_zlib}/include"
+
+    if test X"$with_rpath" = X"yes"; then
+	case "$host" in
+	    *-*-hpux*)	ZLIB="${ZLIB} -L$enable_zlib/lib -Wl,+b,$enable_zlib/lib"
+			;;
+	    *)		ZLIB="${ZLIB} -L$enable_zlib/lib -Wl,-R$enable_zlib/lib"
+			;;
+	esac
+    else
+	ZLIB="${ZLIB} -L$enable_zlib/lib"
+    fi
+    if test X"$blibpath" != X"" -a "ZLIB" = "SUDO_LDFLAGS"; then
+	blibpath_add="${blibpath_add}:$enable_zlib/lib"
+    fi
+
+		    ZLIB="${ZLIB} -lz"
+		    ;;
+	  esac
+
+fi
+
+	if test X"$enable_zlib" = X""; then
+	    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gzdopen in -lz" >&5
+$as_echo_n "checking for gzdopen in -lz... " >&6; }
+if test "${ac_cv_lib_z_gzdopen+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lz  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char gzdopen ();
+int
+main ()
+{
+return gzdopen ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_z_gzdopen=yes
+else
+  ac_cv_lib_z_gzdopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_gzdopen" >&5
+$as_echo "$ac_cv_lib_z_gzdopen" >&6; }
+if test "x$ac_cv_lib_z_gzdopen" = x""yes; then :
+
+		for ac_header in zlib.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default"
+if test "x$ac_cv_header_zlib_h" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_ZLIB_H 1
+_ACEOF
+ ZLIB="-lz"
+fi
+
+done
+
+
+fi
+
+	fi
+
+else
+
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Disabling I/O log support due to lack of tcsetpgrp function" >&5
+$as_echo "$as_me: WARNING: Disabling I/O log support due to lack of tcsetpgrp function" >&2;}
+	with_iologdir=no
+
+fi
+done
+
+fi
+
+case "$with_passwd" in
+yes|maybe)
+    AUTH_OBJS="$AUTH_OBJS passwd.o"
+    ;;
+*)
+    $as_echo "#define WITHOUT_PASSWD 1" >>confdefs.h
+
+    if test -z "$AUTH_OBJS"; then
+	as_fn_error "no authentication methods defined." "$LINENO" 5
+    fi
+    ;;
+esac
+AUTH_OBJS=${AUTH_OBJS# }
+_AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: using the following authentication methods: $_AUTH" >&5
+$as_echo "$as_me: using the following authentication methods: $_AUTH" >&6;}
+
+if test -n "$LIBS"; then
+    L="$LIBS"
+    LIBS=
+    for l in ${L}; do
+	dupe=0
+	for sl in ${SUDO_LIBS} ${NET_LIBS}; do
+	    test $l = $sl && dupe=1
+	done
+	test $dupe = 0 && LIBS="${LIBS} $l"
+    done
+fi
+
+test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
+
+if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
+    oexec_prefix="$exec_prefix"
+    if test "$exec_prefix" = '$(prefix)'; then
+	if test "$prefix" = "NONE"; then
+	    exec_prefix="$ac_default_prefix"
+	else
+	    exec_prefix="$prefix"
+	fi
+    fi
+    if test X"$with_noexec" != X"no"; then
+	PROGS="${PROGS} libsudo_noexec.la"
+	INSTALL_NOEXEC="install-noexec"
+
+	eval noexec_file="$with_noexec"
+	cat >>confdefs.h <<EOF
+#define _PATH_SUDO_NOEXEC "$noexec_file"
+EOF
+
+    fi
+    if test X"$with_selinux" != X"no"; then
+	eval sesh_file="$libexecdir/sesh"
+	cat >>confdefs.h <<EOF
+#define _PATH_SUDO_SESH "$sesh_file"
+EOF
+
+    fi
+    exec_prefix="$oexec_prefix"
+fi
+
+if test X"$prefix" = X"NONE"; then
+    test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
+else
+    test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man'
+fi
+test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
+test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
+test "$libexecdir" = '${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec'
+test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include'
+test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share'
+test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
+test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
+
+ac_config_files="$ac_config_files Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudoreplay.man sudo_usage.h sudoers"
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems.  If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+  for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) { eval $ac_var=; unset $ac_var;} ;;
+      esac ;;
+    esac
+  done
+
+  (set) 2>&1 |
+    case $as_nl`(ac_space=' '; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      # `set' does not quote correctly, so add quotes: double-quote
+      # substitution turns \\\\ into \\, and sed turns \\ into \.
+      sed -n \
+	"s/'/'\\\\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+      ;; #(
+    *)
+      # `set' quotes correctly as required by POSIX, so do not add quotes.
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+) |
+  sed '
+     /^ac_cv_env_/b end
+     t clear
+     :clear
+     s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+     t end
+     s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+     :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+  if test -w "$cache_file"; then
+    test "x$cache_file" != "x/dev/null" &&
+      { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+    cat confcache >$cache_file
+  else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+  fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+  # 1. Remove the extension, and $U if already installed.
+  ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+  ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+  # 2. Prepend LIBOBJDIR.  When used with automake>=1.10 LIBOBJDIR
+  #    will be set to the directory where LIBOBJS objects are built.
+  as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+  as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+
+: ${CONFIG_STATUS=./config.status}
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+as_write_fail=0
+cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+
+SHELL=\${CONFIG_SHELL-$SHELL}
+export SHELL
+_ASEOF
+cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+    && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='print -r --'
+  as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in #(
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in #((
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+  done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh).  But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there.  '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+  && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+
+# as_fn_error ERROR [LINENO LOG_FD]
+# ---------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with status $?, using 1 if that was 0.
+as_fn_error ()
+{
+  as_status=$?; test $as_status -eq 0 && as_status=1
+  if test "$3"; then
+    as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+    $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3
+  fi
+  $as_echo "$as_me: error: $1" >&2
+  as_fn_exit $as_status
+} # as_fn_error
+
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+  return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+  set +e
+  as_fn_set_status $1
+  exit $1
+} # as_fn_exit
+
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+  { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+  eval 'as_fn_append ()
+  {
+    eval $1+=\$2
+  }'
+else
+  as_fn_append ()
+  {
+    eval $1=\$$1\$2
+  }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+  eval 'as_fn_arith ()
+  {
+    as_val=$(( $* ))
+  }'
+else
+  as_fn_arith ()
+  {
+    as_val=`expr "$@" || test $? -eq 1`
+  }
+fi # as_fn_arith
+
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+  case `echo 'xy\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  xy)  ECHO_C='\c';;
+  *)   echo `echo ksh88 bug on AIX 6.1` > /dev/null
+       ECHO_T='	';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || eval $as_mkdir_p || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p='mkdir -p "$as_dir"'
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in #(
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+## ----------------------------------- ##
+## Main body of $CONFIG_STATUS script. ##
+## ----------------------------------- ##
+_ASEOF
+test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# Save the log message, to keep $0 and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by sudo $as_me 1.7.4p4, which was
+generated by GNU Autoconf 2.65.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+config_headers="$ac_config_headers"
+config_commands="$ac_config_commands"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files and other configuration actions
+from templates according to the current configuration.  Unless the files
+and actions are specified as TAGs, all are instantiated by default.
+
+Usage: $0 [OPTION]... [TAG]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number and configuration settings, then exit
+      --config     print configuration, then exit
+  -q, --quiet, --silent
+                   do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+      --file=FILE[:TEMPLATE]
+                   instantiate the configuration file FILE
+      --header=FILE[:TEMPLATE]
+                   instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration commands:
+$config_commands
+
+Report bugs to <http://www.sudo.ws/bugs/>."
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ac_cs_version="\\
+sudo config.status 1.7.4p4
+configured by $0, generated by GNU Autoconf 2.65,
+  with options \\"\$ac_cs_config\\"
+
+Copyright (C) 2009 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=*)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  *)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+    $as_echo "$ac_cs_version"; exit ;;
+  --config | --confi | --conf | --con | --co | --c )
+    $as_echo "$ac_cs_config"; exit ;;
+  --debug | --debu | --deb | --de | --d | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    as_fn_append CONFIG_FILES " '$ac_optarg'"
+    ac_need_defaults=false;;
+  --header | --heade | --head | --hea )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    as_fn_append CONFIG_HEADERS " '$ac_optarg'"
+    ac_need_defaults=false;;
+  --he | --h)
+    # Conflict between --help and --header
+    as_fn_error "ambiguous option: \`$1'
+Try \`$0 --help' for more information.";;
+  --help | --hel | -h )
+    $as_echo "$ac_cs_usage"; exit ;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) as_fn_error "unrecognized option: \`$1'
+Try \`$0 --help' for more information." ;;
+
+  *) as_fn_append ac_config_targets " $1"
+     ac_need_defaults=false ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+  set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+  shift
+  \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+  CONFIG_SHELL='$SHELL'
+  export CONFIG_SHELL
+  exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+  $as_echo "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+#
+# INIT-COMMANDS
+#
+
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+sed_quote_subst='$sed_quote_subst'
+double_quote_subst='$double_quote_subst'
+delay_variable_subst='$delay_variable_subst'
+macro_version='`$ECHO "X$macro_version" | $Xsed -e "$delay_single_quote_subst"`'
+macro_revision='`$ECHO "X$macro_revision" | $Xsed -e "$delay_single_quote_subst"`'
+enable_shared='`$ECHO "X$enable_shared" | $Xsed -e "$delay_single_quote_subst"`'
+enable_static='`$ECHO "X$enable_static" | $Xsed -e "$delay_single_quote_subst"`'
+pic_mode='`$ECHO "X$pic_mode" | $Xsed -e "$delay_single_quote_subst"`'
+enable_fast_install='`$ECHO "X$enable_fast_install" | $Xsed -e "$delay_single_quote_subst"`'
+host_alias='`$ECHO "X$host_alias" | $Xsed -e "$delay_single_quote_subst"`'
+host='`$ECHO "X$host" | $Xsed -e "$delay_single_quote_subst"`'
+host_os='`$ECHO "X$host_os" | $Xsed -e "$delay_single_quote_subst"`'
+build_alias='`$ECHO "X$build_alias" | $Xsed -e "$delay_single_quote_subst"`'
+build='`$ECHO "X$build" | $Xsed -e "$delay_single_quote_subst"`'
+build_os='`$ECHO "X$build_os" | $Xsed -e "$delay_single_quote_subst"`'
+SED='`$ECHO "X$SED" | $Xsed -e "$delay_single_quote_subst"`'
+Xsed='`$ECHO "X$Xsed" | $Xsed -e "$delay_single_quote_subst"`'
+GREP='`$ECHO "X$GREP" | $Xsed -e "$delay_single_quote_subst"`'
+EGREP='`$ECHO "X$EGREP" | $Xsed -e "$delay_single_quote_subst"`'
+FGREP='`$ECHO "X$FGREP" | $Xsed -e "$delay_single_quote_subst"`'
+LD='`$ECHO "X$LD" | $Xsed -e "$delay_single_quote_subst"`'
+NM='`$ECHO "X$NM" | $Xsed -e "$delay_single_quote_subst"`'
+LN_S='`$ECHO "X$LN_S" | $Xsed -e "$delay_single_quote_subst"`'
+max_cmd_len='`$ECHO "X$max_cmd_len" | $Xsed -e "$delay_single_quote_subst"`'
+ac_objext='`$ECHO "X$ac_objext" | $Xsed -e "$delay_single_quote_subst"`'
+exeext='`$ECHO "X$exeext" | $Xsed -e "$delay_single_quote_subst"`'
+lt_unset='`$ECHO "X$lt_unset" | $Xsed -e "$delay_single_quote_subst"`'
+lt_SP2NL='`$ECHO "X$lt_SP2NL" | $Xsed -e "$delay_single_quote_subst"`'
+lt_NL2SP='`$ECHO "X$lt_NL2SP" | $Xsed -e "$delay_single_quote_subst"`'
+reload_flag='`$ECHO "X$reload_flag" | $Xsed -e "$delay_single_quote_subst"`'
+reload_cmds='`$ECHO "X$reload_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+OBJDUMP='`$ECHO "X$OBJDUMP" | $Xsed -e "$delay_single_quote_subst"`'
+deplibs_check_method='`$ECHO "X$deplibs_check_method" | $Xsed -e "$delay_single_quote_subst"`'
+file_magic_cmd='`$ECHO "X$file_magic_cmd" | $Xsed -e "$delay_single_quote_subst"`'
+AR='`$ECHO "X$AR" | $Xsed -e "$delay_single_quote_subst"`'
+AR_FLAGS='`$ECHO "X$AR_FLAGS" | $Xsed -e "$delay_single_quote_subst"`'
+STRIP='`$ECHO "X$STRIP" | $Xsed -e "$delay_single_quote_subst"`'
+RANLIB='`$ECHO "X$RANLIB" | $Xsed -e "$delay_single_quote_subst"`'
+old_postinstall_cmds='`$ECHO "X$old_postinstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+old_postuninstall_cmds='`$ECHO "X$old_postuninstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_cmds='`$ECHO "X$old_archive_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+CC='`$ECHO "X$CC" | $Xsed -e "$delay_single_quote_subst"`'
+CFLAGS='`$ECHO "X$CFLAGS" | $Xsed -e "$delay_single_quote_subst"`'
+compiler='`$ECHO "X$compiler" | $Xsed -e "$delay_single_quote_subst"`'
+GCC='`$ECHO "X$GCC" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_pipe='`$ECHO "X$lt_cv_sys_global_symbol_pipe" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_cdecl='`$ECHO "X$lt_cv_sys_global_symbol_to_cdecl" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "X$lt_cv_sys_global_symbol_to_c_name_address" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "X$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $Xsed -e "$delay_single_quote_subst"`'
+objdir='`$ECHO "X$objdir" | $Xsed -e "$delay_single_quote_subst"`'
+SHELL='`$ECHO "X$SHELL" | $Xsed -e "$delay_single_quote_subst"`'
+ECHO='`$ECHO "X$ECHO" | $Xsed -e "$delay_single_quote_subst"`'
+MAGIC_CMD='`$ECHO "X$MAGIC_CMD" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_no_builtin_flag='`$ECHO "X$lt_prog_compiler_no_builtin_flag" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_wl='`$ECHO "X$lt_prog_compiler_wl" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_pic='`$ECHO "X$lt_prog_compiler_pic" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_static='`$ECHO "X$lt_prog_compiler_static" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_prog_compiler_c_o='`$ECHO "X$lt_cv_prog_compiler_c_o" | $Xsed -e "$delay_single_quote_subst"`'
+need_locks='`$ECHO "X$need_locks" | $Xsed -e "$delay_single_quote_subst"`'
+DSYMUTIL='`$ECHO "X$DSYMUTIL" | $Xsed -e "$delay_single_quote_subst"`'
+NMEDIT='`$ECHO "X$NMEDIT" | $Xsed -e "$delay_single_quote_subst"`'
+LIPO='`$ECHO "X$LIPO" | $Xsed -e "$delay_single_quote_subst"`'
+OTOOL='`$ECHO "X$OTOOL" | $Xsed -e "$delay_single_quote_subst"`'
+OTOOL64='`$ECHO "X$OTOOL64" | $Xsed -e "$delay_single_quote_subst"`'
+libext='`$ECHO "X$libext" | $Xsed -e "$delay_single_quote_subst"`'
+shrext_cmds='`$ECHO "X$shrext_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+extract_expsyms_cmds='`$ECHO "X$extract_expsyms_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+archive_cmds_need_lc='`$ECHO "X$archive_cmds_need_lc" | $Xsed -e "$delay_single_quote_subst"`'
+enable_shared_with_static_runtimes='`$ECHO "X$enable_shared_with_static_runtimes" | $Xsed -e "$delay_single_quote_subst"`'
+export_dynamic_flag_spec='`$ECHO "X$export_dynamic_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
+whole_archive_flag_spec='`$ECHO "X$whole_archive_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_needs_object='`$ECHO "X$compiler_needs_object" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_from_new_cmds='`$ECHO "X$old_archive_from_new_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_from_expsyms_cmds='`$ECHO "X$old_archive_from_expsyms_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+archive_cmds='`$ECHO "X$archive_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+archive_expsym_cmds='`$ECHO "X$archive_expsym_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+module_cmds='`$ECHO "X$module_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+module_expsym_cmds='`$ECHO "X$module_expsym_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+with_gnu_ld='`$ECHO "X$with_gnu_ld" | $Xsed -e "$delay_single_quote_subst"`'
+allow_undefined_flag='`$ECHO "X$allow_undefined_flag" | $Xsed -e "$delay_single_quote_subst"`'
+no_undefined_flag='`$ECHO "X$no_undefined_flag" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec='`$ECHO "X$hardcode_libdir_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec_ld='`$ECHO "X$hardcode_libdir_flag_spec_ld" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_separator='`$ECHO "X$hardcode_libdir_separator" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_direct='`$ECHO "X$hardcode_direct" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_direct_absolute='`$ECHO "X$hardcode_direct_absolute" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_minus_L='`$ECHO "X$hardcode_minus_L" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_shlibpath_var='`$ECHO "X$hardcode_shlibpath_var" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_automatic='`$ECHO "X$hardcode_automatic" | $Xsed -e "$delay_single_quote_subst"`'
+inherit_rpath='`$ECHO "X$inherit_rpath" | $Xsed -e "$delay_single_quote_subst"`'
+link_all_deplibs='`$ECHO "X$link_all_deplibs" | $Xsed -e "$delay_single_quote_subst"`'
+fix_srcfile_path='`$ECHO "X$fix_srcfile_path" | $Xsed -e "$delay_single_quote_subst"`'
+always_export_symbols='`$ECHO "X$always_export_symbols" | $Xsed -e "$delay_single_quote_subst"`'
+export_symbols_cmds='`$ECHO "X$export_symbols_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+exclude_expsyms='`$ECHO "X$exclude_expsyms" | $Xsed -e "$delay_single_quote_subst"`'
+include_expsyms='`$ECHO "X$include_expsyms" | $Xsed -e "$delay_single_quote_subst"`'
+prelink_cmds='`$ECHO "X$prelink_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+file_list_spec='`$ECHO "X$file_list_spec" | $Xsed -e "$delay_single_quote_subst"`'
+variables_saved_for_relink='`$ECHO "X$variables_saved_for_relink" | $Xsed -e "$delay_single_quote_subst"`'
+need_lib_prefix='`$ECHO "X$need_lib_prefix" | $Xsed -e "$delay_single_quote_subst"`'
+need_version='`$ECHO "X$need_version" | $Xsed -e "$delay_single_quote_subst"`'
+version_type='`$ECHO "X$version_type" | $Xsed -e "$delay_single_quote_subst"`'
+runpath_var='`$ECHO "X$runpath_var" | $Xsed -e "$delay_single_quote_subst"`'
+shlibpath_var='`$ECHO "X$shlibpath_var" | $Xsed -e "$delay_single_quote_subst"`'
+shlibpath_overrides_runpath='`$ECHO "X$shlibpath_overrides_runpath" | $Xsed -e "$delay_single_quote_subst"`'
+libname_spec='`$ECHO "X$libname_spec" | $Xsed -e "$delay_single_quote_subst"`'
+library_names_spec='`$ECHO "X$library_names_spec" | $Xsed -e "$delay_single_quote_subst"`'
+soname_spec='`$ECHO "X$soname_spec" | $Xsed -e "$delay_single_quote_subst"`'
+postinstall_cmds='`$ECHO "X$postinstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+postuninstall_cmds='`$ECHO "X$postuninstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+finish_cmds='`$ECHO "X$finish_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+finish_eval='`$ECHO "X$finish_eval" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_into_libs='`$ECHO "X$hardcode_into_libs" | $Xsed -e "$delay_single_quote_subst"`'
+sys_lib_search_path_spec='`$ECHO "X$sys_lib_search_path_spec" | $Xsed -e "$delay_single_quote_subst"`'
+sys_lib_dlsearch_path_spec='`$ECHO "X$sys_lib_dlsearch_path_spec" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_action='`$ECHO "X$hardcode_action" | $Xsed -e "$delay_single_quote_subst"`'
+enable_dlopen='`$ECHO "X$enable_dlopen" | $Xsed -e "$delay_single_quote_subst"`'
+enable_dlopen_self='`$ECHO "X$enable_dlopen_self" | $Xsed -e "$delay_single_quote_subst"`'
+enable_dlopen_self_static='`$ECHO "X$enable_dlopen_self_static" | $Xsed -e "$delay_single_quote_subst"`'
+old_striplib='`$ECHO "X$old_striplib" | $Xsed -e "$delay_single_quote_subst"`'
+striplib='`$ECHO "X$striplib" | $Xsed -e "$delay_single_quote_subst"`'
+
+LTCC='$LTCC'
+LTCFLAGS='$LTCFLAGS'
+compiler='$compiler_DEFAULT'
+
+# Quote evaled strings.
+for var in SED \
+GREP \
+EGREP \
+FGREP \
+LD \
+NM \
+LN_S \
+lt_SP2NL \
+lt_NL2SP \
+reload_flag \
+OBJDUMP \
+deplibs_check_method \
+file_magic_cmd \
+AR \
+AR_FLAGS \
+STRIP \
+RANLIB \
+CC \
+CFLAGS \
+compiler \
+lt_cv_sys_global_symbol_pipe \
+lt_cv_sys_global_symbol_to_cdecl \
+lt_cv_sys_global_symbol_to_c_name_address \
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \
+SHELL \
+ECHO \
+lt_prog_compiler_no_builtin_flag \
+lt_prog_compiler_wl \
+lt_prog_compiler_pic \
+lt_prog_compiler_static \
+lt_cv_prog_compiler_c_o \
+need_locks \
+DSYMUTIL \
+NMEDIT \
+LIPO \
+OTOOL \
+OTOOL64 \
+shrext_cmds \
+export_dynamic_flag_spec \
+whole_archive_flag_spec \
+compiler_needs_object \
+with_gnu_ld \
+allow_undefined_flag \
+no_undefined_flag \
+hardcode_libdir_flag_spec \
+hardcode_libdir_flag_spec_ld \
+hardcode_libdir_separator \
+fix_srcfile_path \
+exclude_expsyms \
+include_expsyms \
+file_list_spec \
+variables_saved_for_relink \
+libname_spec \
+library_names_spec \
+soname_spec \
+finish_eval \
+old_striplib \
+striplib; do
+    case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+    *[\\\\\\\`\\"\\\$]*)
+      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$sed_quote_subst\\"\\\`\\\\\\""
+      ;;
+    *)
+      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+      ;;
+    esac
+done
+
+# Double-quote double-evaled strings.
+for var in reload_cmds \
+old_postinstall_cmds \
+old_postuninstall_cmds \
+old_archive_cmds \
+extract_expsyms_cmds \
+old_archive_from_new_cmds \
+old_archive_from_expsyms_cmds \
+archive_cmds \
+archive_expsym_cmds \
+module_cmds \
+module_expsym_cmds \
+export_symbols_cmds \
+prelink_cmds \
+postinstall_cmds \
+postuninstall_cmds \
+finish_cmds \
+sys_lib_search_path_spec \
+sys_lib_dlsearch_path_spec; do
+    case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+    *[\\\\\\\`\\"\\\$]*)
+      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\""
+      ;;
+    *)
+      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+      ;;
+    esac
+done
+
+# Fix-up fallback echo if it was mangled by the above quoting rules.
+case \$lt_ECHO in
+*'\\\$0 --fallback-echo"')  lt_ECHO=\`\$ECHO "X\$lt_ECHO" | \$Xsed -e 's/\\\\\\\\\\\\\\\$0 --fallback-echo"\$/\$0 --fallback-echo"/'\`
+  ;;
+esac
+
+ac_aux_dir='$ac_aux_dir'
+xsi_shell='$xsi_shell'
+lt_shell_append='$lt_shell_append'
+
+# See if we are running on zsh, and set the options which allow our
+# commands through without removal of \ escapes INIT.
+if test -n "\${ZSH_VERSION+set}" ; then
+   setopt NO_GLOB_SUBST
+fi
+
+
+    PACKAGE='$PACKAGE'
+    VERSION='$VERSION'
+    TIMESTAMP='$TIMESTAMP'
+    RM='$RM'
+    ofile='$ofile'
+
+
+
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+  case $ac_config_target in
+    "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+    "pathnames.h") CONFIG_HEADERS="$CONFIG_HEADERS pathnames.h" ;;
+    "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;;
+    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+    "sudo.man") CONFIG_FILES="$CONFIG_FILES sudo.man" ;;
+    "visudo.man") CONFIG_FILES="$CONFIG_FILES visudo.man" ;;
+    "sudoers.man") CONFIG_FILES="$CONFIG_FILES sudoers.man" ;;
+    "sudoers.ldap.man") CONFIG_FILES="$CONFIG_FILES sudoers.ldap.man" ;;
+    "sudoreplay.man") CONFIG_FILES="$CONFIG_FILES sudoreplay.man" ;;
+    "sudo_usage.h") CONFIG_FILES="$CONFIG_FILES sudo_usage.h" ;;
+    "sudoers") CONFIG_FILES="$CONFIG_FILES sudoers" ;;
+
+  *) as_fn_error "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
+  esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+  test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+  tmp=
+  trap 'exit_status=$?
+  { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+' 0
+  trap 'as_fn_exit 1' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+  test -n "$tmp" && test -d "$tmp"
+}  ||
+{
+  tmp=./conf$$-$RANDOM
+  (umask 077 && mkdir "$tmp")
+} || as_fn_error "cannot create a temporary directory in ." "$LINENO" 5
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr=`echo X | tr X '\015'`
+# On cygwin, bash can eat \r inside `` if the user requested igncr.
+# But we know of no other shell where ac_cr would be empty at this
+# point, so we can use a bashism as a fallback.
+if test "x$ac_cr" = x; then
+  eval ac_cr=\$\'\\r\'
+fi
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+  ac_cs_awk_cr='\r'
+else
+  ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$tmp/subs1.awk" &&
+_ACEOF
+
+
+{
+  echo "cat >conf$$subs.awk <<_ACEOF" &&
+  echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+  echo "_ACEOF"
+} >conf$$subs.sh ||
+  as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+  . ./conf$$subs.sh ||
+    as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5
+
+  ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+  if test $ac_delim_n = $ac_delim_num; then
+    break
+  elif $ac_last_try; then
+    as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\)..*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\)..*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+  N
+  s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$tmp/subs1.awk" <<_ACAWK &&
+  for (key in S) S_is_set[key] = 1
+  FS = ""
+
+}
+{
+  line = $ 0
+  nfields = split(line, field, "@")
+  substed = 0
+  len = length(field[1])
+  for (i = 2; i < nfields; i++) {
+    key = field[i]
+    keylen = length(key)
+    if (S_is_set[key]) {
+      value = S[key]
+      line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+      len += length(value) + length(field[++i])
+      substed = 1
+    } else
+      len += 1 + keylen
+  }
+
+  print line
+}
+
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+  sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+  cat
+fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
+  || as_fn_error "could not setup config files machinery" "$LINENO" 5
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove $(srcdir),
+# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+  ac_vpsub='/^[	 ]*VPATH[	 ]*=/{
+s/:*\$(srcdir):*/:/
+s/:*\${srcdir}:*/:/
+s/:*@srcdir@:*/:/
+s/^\([^=]*=[	 ]*\):*/\1/
+s/:*$//
+s/^[^=]*=[	 ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+_ACEOF
+
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+  ac_t=`sed -n "/$ac_delim/p" confdefs.h`
+  if test -z "$ac_t"; then
+    break
+  elif $ac_last_try; then
+    as_fn_error "could not make $CONFIG_HEADERS" "$LINENO" 5
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any.  Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[	 ]*#[	 ]*define[	 ][	 ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  for (key in D) D_is_set[key] = 1
+  FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+  line = \$ 0
+  split(line, arg, " ")
+  if (arg[1] == "#") {
+    defundef = arg[2]
+    mac1 = arg[3]
+  } else {
+    defundef = substr(arg[1], 2)
+    mac1 = arg[2]
+  }
+  split(mac1, mac2, "(") #)
+  macro = mac2[1]
+  prefix = substr(line, 1, index(line, defundef) - 1)
+  if (D_is_set[macro]) {
+    # Preserve the white space surrounding the "#".
+    print prefix "define", macro P[macro] D[macro]
+    next
+  } else {
+    # Replace #undef with comments.  This is necessary, for example,
+    # in the case of _POSIX_SOURCE, which is predefined and required
+    # on some systems where configure will not decide to define it.
+    if (defundef == "undef") {
+      print "/*", prefix defundef, macro, "*/"
+      next
+    }
+  }
+}
+{ print }
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+  as_fn_error "could not setup config headers machinery" "$LINENO" 5
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X "  :F $CONFIG_FILES  :H $CONFIG_HEADERS    :C $CONFIG_COMMANDS"
+shift
+for ac_tag
+do
+  case $ac_tag in
+  :[FHLC]) ac_mode=$ac_tag; continue;;
+  esac
+  case $ac_mode$ac_tag in
+  :[FHL]*:*);;
+  :L* | :C*:*) as_fn_error "invalid tag \`$ac_tag'" "$LINENO" 5;;
+  :[FH]-) ac_tag=-:-;;
+  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+  esac
+  ac_save_IFS=$IFS
+  IFS=:
+  set x $ac_tag
+  IFS=$ac_save_IFS
+  shift
+  ac_file=$1
+  shift
+
+  case $ac_mode in
+  :L) ac_source=$1;;
+  :[FH])
+    ac_file_inputs=
+    for ac_f
+    do
+      case $ac_f in
+      -) ac_f="$tmp/stdin";;
+      *) # Look for the file first in the build tree, then in the source tree
+	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
+	 # because $ac_f cannot contain `:'.
+	 test -f "$ac_f" ||
+	   case $ac_f in
+	   [\\/$]*) false;;
+	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+	   esac ||
+	   as_fn_error "cannot find input file: \`$ac_f'" "$LINENO" 5;;
+      esac
+      case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+      as_fn_append ac_file_inputs " '$ac_f'"
+    done
+
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # use $as_me), people would be surprised to read:
+    #    /* config.h.  Generated by config.status.  */
+    configure_input='Generated from '`
+	  $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+	`' by configure.'
+    if test x"$ac_file" != x-; then
+      configure_input="$ac_file.  $configure_input"
+      { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+    fi
+    # Neutralize special characters interpreted by sed in replacement strings.
+    case $configure_input in #(
+    *\&* | *\|* | *\\* )
+       ac_sed_conf_input=`$as_echo "$configure_input" |
+       sed 's/[\\\\&|]/\\\\&/g'`;; #(
+    *) ac_sed_conf_input=$configure_input;;
+    esac
+
+    case $ac_tag in
+    *:-:* | *:-) cat >"$tmp/stdin" \
+      || as_fn_error "could not create $ac_file" "$LINENO" 5 ;;
+    esac
+    ;;
+  esac
+
+  ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  as_dir="$ac_dir"; as_fn_mkdir_p
+  ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+  case $ac_mode in
+  :F)
+  #
+  # CONFIG_FILE
+  #
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+ac_sed_dataroot='
+/datarootdir/ {
+  p
+  q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  ac_datarootdir_hack='
+  s&@datadir@&$datadir&g
+  s&@docdir@&$docdir&g
+  s&@infodir@&$infodir&g
+  s&@localedir@&$localedir&g
+  s&@mandir@&$mandir&g
+  s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \
+  || as_fn_error "could not create $ac_file" "$LINENO" 5
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+  { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
+  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&2;}
+
+  rm -f "$tmp/stdin"
+  case $ac_file in
+  -) cat "$tmp/out" && rm -f "$tmp/out";;
+  *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";;
+  esac \
+  || as_fn_error "could not create $ac_file" "$LINENO" 5
+ ;;
+  :H)
+  #
+  # CONFIG_HEADER
+  #
+  if test x"$ac_file" != x-; then
+    {
+      $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs"
+    } >"$tmp/config.h" \
+      || as_fn_error "could not create $ac_file" "$LINENO" 5
+    if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then
+      { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+    else
+      rm -f "$ac_file"
+      mv "$tmp/config.h" "$ac_file" \
+	|| as_fn_error "could not create $ac_file" "$LINENO" 5
+    fi
+  else
+    $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \
+      || as_fn_error "could not create -" "$LINENO" 5
+  fi
+ ;;
+
+  :C)  { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
+ ;;
+  esac
+
+
+  case $ac_file$ac_mode in
+    "libtool":C)
+
+    # See if we are running on zsh, and set the options which allow our
+    # commands through without removal of \ escapes.
+    if test -n "${ZSH_VERSION+set}" ; then
+      setopt NO_GLOB_SUBST
+    fi
+
+    cfgfile="${ofile}T"
+    trap "$RM \"$cfgfile\"; exit 1" 1 2 15
+    $RM "$cfgfile"
+
+    cat <<_LT_EOF >> "$cfgfile"
+#! $SHELL
+
+# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
+# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+#
+#   Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
+#                 2006, 2007, 2008 Free Software Foundation, Inc.
+#   Written by Gordon Matzigkeit, 1996
+#
+#   This file is part of GNU Libtool.
+#
+# GNU Libtool is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# As a special exception to the GNU General Public License,
+# if you distribute this file as part of a program or library that
+# is built using GNU Libtool, you may include this file under the
+# same distribution terms that you use for the rest of that program.
+#
+# GNU Libtool is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GNU Libtool; see the file COPYING.  If not, a copy
+# can be downloaded from http://www.gnu.org/licenses/gpl.html, or
+# obtained by writing to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+
+# The names of the tagged configurations supported by this script.
+available_tags=""
+
+# ### BEGIN LIBTOOL CONFIG
+
+# Which release of libtool.m4 was used?
+macro_version=$macro_version
+macro_revision=$macro_revision
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# What type of objects to build.
+pic_mode=$pic_mode
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# A sed program that does not truncate output.
+SED=$lt_SED
+
+# Sed that helps us avoid accidentally triggering echo(1) options like -n.
+Xsed="\$SED -e 1s/^X//"
+
+# A grep program that handles long lines.
+GREP=$lt_GREP
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# A literal string matcher.
+FGREP=$lt_FGREP
+
+# A BSD- or MS-compatible name lister.
+NM=$lt_NM
+
+# Whether we need soft or hard links.
+LN_S=$lt_LN_S
+
+# What is the maximum length of a command?
+max_cmd_len=$max_cmd_len
+
+# Object file suffix (normally "o").
+objext=$ac_objext
+
+# Executable file suffix (normally "").
+exeext=$exeext
+
+# whether the shell understands "unset".
+lt_unset=$lt_unset
+
+# turn spaces into newlines.
+SP2NL=$lt_lt_SP2NL
+
+# turn newlines into spaces.
+NL2SP=$lt_lt_NL2SP
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# An object symbol dumper.
+OBJDUMP=$lt_OBJDUMP
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == "file_magic".
+file_magic_cmd=$lt_file_magic_cmd
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A symbol stripping program.
+STRIP=$lt_STRIP
+
+# Commands used to install an old-style archive.
+RANLIB=$lt_RANLIB
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# A C compiler.
+LTCC=$lt_CC
+
+# LTCC compiler flags.
+LTCFLAGS=$lt_CFLAGS
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration.
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair.
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# Transform the output of nm in a C name address pair when lib prefix is needed.
+global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# An echo program that does not interpret backslashes.
+ECHO=$lt_ECHO
+
+# Used to examine libraries when file_magic_cmd begins with "file".
+MAGIC_CMD=$MAGIC_CMD
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Tool to manipulate archived DWARF debug symbol files on Mac OS X.
+DSYMUTIL=$lt_DSYMUTIL
+
+# Tool to change global to local symbols on Mac OS X.
+NMEDIT=$lt_NMEDIT
+
+# Tool to manipulate fat objects and archives on Mac OS X.
+LIPO=$lt_LIPO
+
+# ldd/readelf like tool for Mach-O binaries on Mac OS X.
+OTOOL=$lt_OTOOL
+
+# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4.
+OTOOL64=$lt_OTOOL64
+
+# Old archive suffix (normally "a").
+libext=$libext
+
+# Shared library suffix (normally ".so").
+shrext_cmds=$lt_shrext_cmds
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at link time.
+variables_saved_for_relink=$lt_variables_saved_for_relink
+
+# Do we need the "lib" prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Library versioning type.
+version_type=$version_type
+
+# Shared library runtime path variable.
+runpath_var=$runpath_var
+
+# Shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names.  First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Command to use after installation of a shared archive.
+postinstall_cmds=$lt_postinstall_cmds
+
+# Command to use after uninstallation of a shared archive.
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# As "finish_cmds", except a single script fragment to be evaled but
+# not shown.
+finish_eval=$lt_finish_eval
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Compile-time system search path for libraries.
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries.
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+
+# The linker used to build libraries.
+LD=$lt_LD
+
+# Commands used to build an old-style archive.
+old_archive_cmds=$lt_old_archive_cmds
+
+# A language specific compiler.
+CC=$lt_compiler
+
+# Is the compiler the GNU compiler?
+with_gcc=$GCC
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc
+
+# Whether or not to disallow shared libs when runtime libs are static.
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec
+
+# Whether the compiler copes with passing no objects directly.
+compiler_needs_object=$lt_compiler_needs_object
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
+
+# Commands used to build a shared archive.
+archive_cmds=$lt_archive_cmds
+archive_expsym_cmds=$lt_archive_expsym_cmds
+
+# Commands used to build a loadable module if different from building
+# a shared archive.
+module_cmds=$lt_module_cmds
+module_expsym_cmds=$lt_module_expsym_cmds
+
+# Whether we are building with GNU ld or not.
+with_gnu_ld=$lt_with_gnu_ld
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag
+
+# Flag that enforces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
+
+# If ld is used when linking, flag to hardcode \$libdir into a binary
+# during linking.  This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld
+
+# Whether we need a single "-rpath" flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator
+
+# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
+# DIR into the resulting binary.
+hardcode_direct=$hardcode_direct
+
+# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
+# DIR into the resulting binary and the resulting library dependency is
+# "absolute",i.e impossible to change by setting \${shlibpath_var} if the
+# library is relocated.
+hardcode_direct_absolute=$hardcode_direct_absolute
+
+# Set to "yes" if using the -LDIR flag during linking hardcodes DIR
+# into the resulting binary.
+hardcode_minus_L=$hardcode_minus_L
+
+# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
+# into the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var
+
+# Set to "yes" if building a shared library automatically hardcodes DIR
+# into the library and all subsequent libraries and executables linked
+# against it.
+hardcode_automatic=$hardcode_automatic
+
+# Set to yes if linker adds runtime paths of dependent libraries
+# to runtime path list.
+inherit_rpath=$inherit_rpath
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path=$lt_fix_srcfile_path
+
+# Set to "yes" if exported symbols are required.
+always_export_symbols=$always_export_symbols
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms
+
+# Commands necessary for linking programs (against libraries) with templates.
+prelink_cmds=$lt_prelink_cmds
+
+# Specify filename containing input files.
+file_list_spec=$lt_file_list_spec
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action
+
+# ### END LIBTOOL CONFIG
+
+_LT_EOF
+
+  case $host_os in
+  aix3*)
+    cat <<\_LT_EOF >> "$cfgfile"
+# AIX sometimes has problems with the GCC collect2 program.  For some
+# reason, if we set the COLLECT_NAMES environment variable, the problems
+# vanish in a puff of smoke.
+if test "X${COLLECT_NAMES+set}" != Xset; then
+  COLLECT_NAMES=
+  export COLLECT_NAMES
+fi
+_LT_EOF
+    ;;
+  esac
+
+
+ltmain="$ac_aux_dir/ltmain.sh"
+
+
+  # We use sed instead of cat because bash on DJGPP gets confused if
+  # if finds mixed CR/LF and LF-only lines.  Since sed operates in
+  # text mode, it properly converts lines to CR/LF.  This bash problem
+  # is reportedly fixed, but why not run on old versions too?
+  sed '/^# Generated shell functions inserted here/q' "$ltmain" >> "$cfgfile" \
+    || (rm -f "$cfgfile"; exit 1)
+
+  case $xsi_shell in
+  yes)
+    cat << \_LT_EOF >> "$cfgfile"
+
+# func_dirname file append nondir_replacement
+# Compute the dirname of FILE.  If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+func_dirname ()
+{
+  case ${1} in
+    */*) func_dirname_result="${1%/*}${2}" ;;
+    *  ) func_dirname_result="${3}" ;;
+  esac
+}
+
+# func_basename file
+func_basename ()
+{
+  func_basename_result="${1##*/}"
+}
+
+# func_dirname_and_basename file append nondir_replacement
+# perform func_basename and func_dirname in a single function
+# call:
+#   dirname:  Compute the dirname of FILE.  If nonempty,
+#             add APPEND to the result, otherwise set result
+#             to NONDIR_REPLACEMENT.
+#             value returned in "$func_dirname_result"
+#   basename: Compute filename of FILE.
+#             value retuned in "$func_basename_result"
+# Implementation must be kept synchronized with func_dirname
+# and func_basename. For efficiency, we do not delegate to
+# those functions but instead duplicate the functionality here.
+func_dirname_and_basename ()
+{
+  case ${1} in
+    */*) func_dirname_result="${1%/*}${2}" ;;
+    *  ) func_dirname_result="${3}" ;;
+  esac
+  func_basename_result="${1##*/}"
+}
+
+# func_stripname prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+func_stripname ()
+{
+  # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are
+  # positional parameters, so assign one to ordinary parameter first.
+  func_stripname_result=${3}
+  func_stripname_result=${func_stripname_result#"${1}"}
+  func_stripname_result=${func_stripname_result%"${2}"}
+}
+
+# func_opt_split
+func_opt_split ()
+{
+  func_opt_split_opt=${1%%=*}
+  func_opt_split_arg=${1#*=}
+}
+
+# func_lo2o object
+func_lo2o ()
+{
+  case ${1} in
+    *.lo) func_lo2o_result=${1%.lo}.${objext} ;;
+    *)    func_lo2o_result=${1} ;;
+  esac
+}
+
+# func_xform libobj-or-source
+func_xform ()
+{
+  func_xform_result=${1%.*}.lo
+}
+
+# func_arith arithmetic-term...
+func_arith ()
+{
+  func_arith_result=$(( $* ))
+}
+
+# func_len string
+# STRING may not start with a hyphen.
+func_len ()
+{
+  func_len_result=${#1}
+}
+
+_LT_EOF
+    ;;
+  *) # Bourne compatible functions.
+    cat << \_LT_EOF >> "$cfgfile"
+
+# func_dirname file append nondir_replacement
+# Compute the dirname of FILE.  If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+func_dirname ()
+{
+  # Extract subdirectory from the argument.
+  func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"`
+  if test "X$func_dirname_result" = "X${1}"; then
+    func_dirname_result="${3}"
+  else
+    func_dirname_result="$func_dirname_result${2}"
+  fi
+}
+
+# func_basename file
+func_basename ()
+{
+  func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"`
+}
+
+
+# func_stripname prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+# func_strip_suffix prefix name
+func_stripname ()
+{
+  case ${2} in
+    .*) func_stripname_result=`$ECHO "X${3}" \
+           | $Xsed -e "s%^${1}%%" -e "s%\\\\${2}\$%%"`;;
+    *)  func_stripname_result=`$ECHO "X${3}" \
+           | $Xsed -e "s%^${1}%%" -e "s%${2}\$%%"`;;
+  esac
+}
+
+# sed scripts:
+my_sed_long_opt='1s/^\(-[^=]*\)=.*/\1/;q'
+my_sed_long_arg='1s/^-[^=]*=//'
+
+# func_opt_split
+func_opt_split ()
+{
+  func_opt_split_opt=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_opt"`
+  func_opt_split_arg=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_arg"`
+}
+
+# func_lo2o object
+func_lo2o ()
+{
+  func_lo2o_result=`$ECHO "X${1}" | $Xsed -e "$lo2o"`
+}
+
+# func_xform libobj-or-source
+func_xform ()
+{
+  func_xform_result=`$ECHO "X${1}" | $Xsed -e 's/\.[^.]*$/.lo/'`
+}
+
+# func_arith arithmetic-term...
+func_arith ()
+{
+  func_arith_result=`expr "$@"`
+}
+
+# func_len string
+# STRING may not start with a hyphen.
+func_len ()
+{
+  func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len`
+}
+
+_LT_EOF
+esac
+
+case $lt_shell_append in
+  yes)
+    cat << \_LT_EOF >> "$cfgfile"
+
+# func_append var value
+# Append VALUE to the end of shell variable VAR.
+func_append ()
+{
+  eval "$1+=\$2"
+}
+_LT_EOF
+    ;;
+  *)
+    cat << \_LT_EOF >> "$cfgfile"
+
+# func_append var value
+# Append VALUE to the end of shell variable VAR.
+func_append ()
+{
+  eval "$1=\$$1\$2"
+}
+
+_LT_EOF
+    ;;
+  esac
+
+
+  sed -n '/^# Generated shell functions inserted here/,$p' "$ltmain" >> "$cfgfile" \
+    || (rm -f "$cfgfile"; exit 1)
+
+  mv -f "$cfgfile" "$ofile" ||
+    (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
+  chmod +x "$ofile"
+
+ ;;
+
+  esac
+done # for ac_tag
+
+
+as_fn_exit 0
+_ACEOF
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+  as_fn_error "write failure creating $CONFIG_STATUS" "$LINENO" 5
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded.  So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status.  When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+  ac_cs_success=:
+  ac_config_status_args=
+  test "$silent" = yes &&
+    ac_config_status_args="$ac_config_status_args --quiet"
+  exec 5>/dev/null
+  $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+  exec 5>>config.log
+  # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+  # would make configure fail if this is the last instruction.
+  $ac_cs_success || as_fn_exit $?
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
+
+if test "$with_pam" = "yes"; then
+    case $host in
+	*-*-linux*)
+	    { $as_echo "$as_me:${as_lineno-$LINENO}: You will need to customize sample.pam and install it as /etc/pam.d/sudo" >&5
+$as_echo "$as_me: You will need to customize sample.pam and install it as /etc/pam.d/sudo" >&6;}
+	    ;;
+    esac
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/sudo-1.7.4p4/configure.in b/sudo-1.7.4p4/configure.in
new file mode 100644
index 0000000..4186b88
--- /dev/null
+++ b/sudo-1.7.4p4/configure.in
@@ -0,0 +1,2978 @@
+dnl
+dnl Process this file with GNU autoconf to produce a configure script.
+dnl
+dnl Copyright (c) 1994-1996,1998-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+dnl
+AC_INIT([sudo], [1.7.4p4], [http://www.sudo.ws/bugs/], [sudo])
+AC_CONFIG_HEADER(config.h pathnames.h)
+dnl
+dnl This won't work before AC_INIT
+dnl
+AC_MSG_NOTICE([Configuring Sudo version $PACKAGE_VERSION])
+dnl
+dnl Variables that get substituted in the Makefile and man pages
+dnl
+AC_SUBST([HAVE_BSM_AUDIT])
+AC_SUBST([SHELL])
+AC_SUBST([LIBTOOL])
+AC_SUBST([CFLAGS])
+AC_SUBST([PROGS])
+AC_SUBST([CPPFLAGS])
+AC_SUBST([LDFLAGS])
+AC_SUBST([COMMON_OBJS])
+AC_SUBST([SUDO_LDFLAGS])
+AC_SUBST([SUDO_OBJS])
+AC_SUBST([LIBS])
+AC_SUBST([SUDO_LIBS])
+AC_SUBST([NET_LIBS])
+AC_SUBST([AFS_LIBS])
+AC_SUBST([GETGROUPS_LIB])
+AC_SUBST([OSDEFS])
+AC_SUBST([AUTH_OBJS])
+AC_SUBST([MANTYPE])
+AC_SUBST([MAN_POSTINSTALL])
+AC_SUBST([SUDOERS_MODE])
+AC_SUBST([SUDOERS_UID])
+AC_SUBST([SUDOERS_GID])
+AC_SUBST([DEV])
+AC_SUBST([BAMAN])
+AC_SUBST([LCMAN])
+AC_SUBST([SEMAN])
+AC_SUBST([devdir])
+AC_SUBST([mansectsu])
+AC_SUBST([mansectform])
+AC_SUBST([mansrcdir])
+AC_SUBST([NOEXECFILE])
+AC_SUBST([NOEXECDIR])
+AC_SUBST([noexec_file])
+AC_SUBST([INSTALL_NOEXEC])
+AC_SUBST([DONT_LEAK_PATH_INFO])
+AC_SUBST([BSDAUTH_USAGE])
+AC_SUBST([SELINUX_USAGE])
+AC_SUBST([LDAP])
+AC_SUBST([REPLAY])
+AC_SUBST([LOGINCAP_USAGE])
+AC_SUBST([ZLIB])
+AC_SUBST([CONFIGURE_ARGS])
+dnl
+dnl Variables that get substituted in docs (not overridden by environment)
+dnl
+AC_SUBST([timedir])dnl real initial value from SUDO_TIMEDIR
+AC_SUBST([timeout])
+AC_SUBST([password_timeout])
+AC_SUBST([sudo_umask])
+AC_SUBST([passprompt])
+AC_SUBST([long_otp_prompt])
+AC_SUBST([lecture])
+AC_SUBST([logfac])
+AC_SUBST([goodpri])
+AC_SUBST([badpri])
+AC_SUBST([loglen])
+AC_SUBST([ignore_dot])
+AC_SUBST([mail_no_user])
+AC_SUBST([mail_no_host])
+AC_SUBST([mail_no_perms])
+AC_SUBST([mailto])
+AC_SUBST([mailsub])
+AC_SUBST([badpass_message])
+AC_SUBST([fqdn])
+AC_SUBST([runas_default])
+AC_SUBST([env_editor])
+AC_SUBST([passwd_tries])
+AC_SUBST([tty_tickets])
+AC_SUBST([insults])
+AC_SUBST([root_sudo])
+AC_SUBST([path_info])
+AC_SUBST([ldap_conf])
+AC_SUBST([ldap_secret])
+AC_SUBST([nsswitch_conf])
+AC_SUBST([netsvc_conf])
+AC_SUBST([secure_path])
+AC_SUBST([editor])
+#
+# Begin initial values for man page substitution
+#
+timedir=/var/adm/sudo
+timeout=5
+password_timeout=5
+sudo_umask=0022
+passprompt="Password:"
+long_otp_prompt=off
+lecture=once
+logfac=auth
+goodpri=notice
+badpri=alert
+loglen=80
+ignore_dot=off
+mail_no_user=on
+mail_no_host=off
+mail_no_perms=off
+mailto=root
+mailsub="*** SECURITY information for %h ***"
+badpass_message="Sorry, try again."
+fqdn=off
+runas_default=root
+env_editor=off
+editor=vi
+passwd_tries=3
+tty_tickets=on
+insults=off
+root_sudo=on
+path_info=on
+ldap_conf=/etc/ldap.conf
+ldap_secret=/etc/ldap.secret
+netsvc_conf=/etc/netsvc.conf
+noexec_file=/usr/local/libexec/sudo_noexec.so
+nsswitch_conf=/etc/nsswitch.conf
+secure_path="not set"
+#
+# End initial values for man page substitution
+#
+dnl
+dnl Initial values for Makefile variables listed above
+dnl May be overridden by environment variables..
+dnl
+INSTALL_NOEXEC=
+devdir='$(srcdir)'
+PROGS="sudo visudo"
+: ${MANTYPE='man'}
+: ${mansrcdir='.'}
+: ${SUDOERS_MODE='0440'}
+: ${SUDOERS_UID='0'}
+: ${SUDOERS_GID='0'}
+DEV="#"
+LDAP="#"
+REPLAY="#"
+BAMAN=0
+LCMAN=0
+SEMAN=0
+ZLIB=
+AUTH_OBJS=
+AUTH_REG=
+AUTH_EXCL=
+AUTH_EXCL_DEF=
+AUTH_DEF=passwd
+
+dnl
+dnl Other vaiables
+dnl
+CHECKSHADOW=true
+shadow_defs=
+shadow_funcs=
+shadow_libs=
+shadow_libs_optional=
+
+CONFIGURE_ARGS="$@"
+
+dnl
+dnl Deprecated --with options (these all warn or generate an error)
+dnl
+
+AC_ARG_WITH(otp-only, [AS_HELP_STRING([--with-otp-only], [deprecated])],
+[case $with_otp_only in
+    yes)	with_passwd="no"
+		AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
+		;;
+esac])
+
+AC_ARG_WITH(alertmail, [AS_HELP_STRING([--with-alertmail], [deprecated])],
+[case $with_alertmail in
+    *)		with_mailto="$with_alertmail"
+		AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
+		;;
+esac])
+
+dnl
+dnl Options for --with
+dnl
+
+AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])],
+[case $with_devel in
+    yes)	AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
+		PROGS="${PROGS} testsudoers"
+		OSDEFS="${OSDEFS} -DSUDO_DEVEL"
+		DEV=""
+		devdir=.
+		;;
+    no)		;;
+    *)		AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
+		;;
+esac])
+if test X"$with_devel" != X"yes"; then
+    ac_cv_prog_cc_g=no
+fi
+
+AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])],
+[case $with_CC in
+    yes)	AC_MSG_ERROR(["must give --with-CC an argument."])
+		;;
+    no)		AC_MSG_ERROR(["illegal argument: --without-CC."])
+		;;
+    *)		CC=$with_CC
+		;;
+esac])
+
+AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [pass -R flag in addition to -L for lib paths])],
+[case $with_rpath in
+    yes|no)	;;
+    *)		AC_MSG_ERROR(["--with-rpath does not take an argument."])
+		;;
+esac])
+
+AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [pass -blibpath flag to ld for additional lib paths])],
+[case $with_blibpath in
+    yes|no)	;;
+    *)		AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
+		;;
+esac])
+
+dnl
+dnl Handle BSM auditing support.
+dnl
+AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit support])],
+[case $with_bsm_audit in
+    yes)	AC_DEFINE(HAVE_BSM_AUDIT)
+		SUDO_LIBS="${SUDO_LIBS} -lbsm"
+		SUDO_OBJS="${SUDO_OBJS} bsm_audit.o"
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR(["--with-bsm-audit does not take an argument."])
+		;;
+esac])
+
+dnl
+dnl Handle Linux auditing support.
+dnl
+AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux-audit], [enable Linux audit support])],
+[case $with_linux_audit in
+    yes)	
+		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <libaudit.h>]], [[int i = AUDIT_USER_CMD; (void)i;]])], [
+		    AC_DEFINE(HAVE_LINUX_AUDIT)
+		    SUDO_LIBS="${SUDO_LIBS} -laudit"
+		    SUDO_OBJS="${SUDO_OBJS} linux_audit.o"
+		], [
+		    AC_MSG_ERROR([unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit])
+		])
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR(["--with-linux-audit does not take an argument."])
+		;;
+esac])
+
+AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])],
+[case $with_incpath in
+    yes)	AC_MSG_ERROR(["must give --with-incpath an argument."])
+		;;
+    no)		AC_MSG_ERROR(["--without-incpath not supported."])
+		;;
+    *)		AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
+		for i in ${with_incpath}; do
+		    CPPFLAGS="${CPPFLAGS} -I${i}"
+		done
+		;;
+esac])
+
+AC_ARG_WITH(libpath, [AS_HELP_STRING([--with-libpath], [additional places to look for libraries])],
+[case $with_libpath in
+    yes)	AC_MSG_ERROR(["must give --with-libpath an argument."])
+		;;
+    no)		AC_MSG_ERROR(["--without-libpath not supported."])
+		;;
+    *)		AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS])
+		;;
+esac])
+
+AC_ARG_WITH(libraries, [AS_HELP_STRING([--with-libraries], [additional libraries to link with])],
+[case $with_libraries in
+    yes)	AC_MSG_ERROR(["must give --with-libraries an argument."])
+		;;
+    no)		AC_MSG_ERROR(["--without-libraries not supported."])
+		;;
+    *)		AC_MSG_NOTICE([Adding ${with_libraries} to LIBS])
+		;;
+esac])
+
+AC_ARG_WITH(efence, [AS_HELP_STRING([--with-efence], [link with -lefence for malloc() debugging])],
+[case $with_efence in
+    yes)	AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
+		LIBS="${LIBS} -lefence"
+		if test -f /usr/local/lib/libefence.a; then
+		    with_libpath="${with_libpath} /usr/local/lib"
+		fi
+		;;
+    no)		;;
+    *)		AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence])
+		;;
+esac])
+
+AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])],
+[case $with_csops in
+    yes)	AC_MSG_NOTICE([Adding CSOps standard options])
+		CHECKSIA=false
+		with_ignore_dot=yes
+		insults=on
+		with_classic_insults=yes
+		with_csops_insults=yes
+		with_env_editor=yes
+		: ${mansectsu='8'}
+		: ${mansectform='5'}
+		;;
+    no)		;;
+    *)		AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
+		;;
+esac])
+
+AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])],
+[case $with_passwd in
+    yes|no)	AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
+		AC_MSG_RESULT($with_passwd)
+		AUTH_DEF=""
+		test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
+		;;
+    *)		AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
+		;;
+esac])
+
+AC_ARG_WITH(skey, [AS_HELP_STRING([--with-skey[=DIR]], [enable S/Key support ])],
+[case $with_skey in
+    no)		with_skey=""
+		;;
+    *)		AC_DEFINE(HAVE_SKEY)
+		AC_MSG_CHECKING(whether to try S/Key authentication)
+		AC_MSG_RESULT(yes)
+		AUTH_REG="$AUTH_REG S/Key"
+		;;
+esac])
+
+AC_ARG_WITH(opie, [AS_HELP_STRING([--with-opie[=DIR]], [enable OPIE support ])],
+[case $with_opie in
+    no)		with_opie=""
+		;;
+    *)		AC_DEFINE(HAVE_OPIE)
+		AC_MSG_CHECKING(whether to try NRL OPIE authentication)
+		AC_MSG_RESULT(yes)
+		AUTH_REG="$AUTH_REG NRL_OPIE"
+		;;
+esac])
+
+AC_ARG_WITH(long-otp-prompt, [AS_HELP_STRING([--with-long-otp-prompt], [use a two line OTP (skey/opie) prompt])],
+[case $with_long_otp_prompt in
+    yes)	AC_DEFINE(LONG_OTP_PROMPT)
+		AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
+		AC_MSG_RESULT(yes)
+		long_otp_prompt=on
+		;;
+    no)		long_otp_prompt=off
+		;;
+    *)		AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."])
+		;;
+esac])
+
+AC_ARG_WITH(SecurID, [AS_HELP_STRING([--with-SecurID[[=DIR]]], [enable SecurID support])],
+[case $with_SecurID in
+    no)		with_SecurID="";;
+    *)		AC_DEFINE(HAVE_SECURID)
+		AC_MSG_CHECKING(whether to use SecurID for authentication)
+		AC_MSG_RESULT(yes)
+		AUTH_EXCL="$AUTH_EXCL SecurID"
+		;;
+esac])
+
+AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]]], [enable FWTK AuthSRV support])],
+[case $with_fwtk in
+    no)		with_fwtk="";;
+    *)		AC_DEFINE(HAVE_FWTK)
+		AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
+		AC_MSG_RESULT(yes)
+		AUTH_EXCL="$AUTH_EXCL FWTK"
+		;;
+esac])
+
+AC_ARG_WITH(kerb4, [AS_HELP_STRING([--with-kerb4[[=DIR]]], [enable Kerberos IV support])],
+[case $with_kerb4 in
+    no)		with_kerb4="";;
+    *)		AC_MSG_CHECKING(whether to try kerberos IV authentication)
+		AC_MSG_RESULT(yes)
+		AUTH_REG="$AUTH_REG kerb4"
+		;;
+esac])
+
+AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])],
+[case $with_kerb5 in
+    no)		with_kerb5="";;
+    *)		AC_MSG_CHECKING(whether to try Kerberos V authentication)
+		AC_MSG_RESULT(yes)
+		AUTH_REG="$AUTH_REG kerb5"
+		;;
+esac])
+
+AC_ARG_WITH(aixauth, [AS_HELP_STRING([--with-aixauth], [enable AIX general authentication support])],
+[case $with_aixauth in
+    yes)	AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
+    no)		;;
+    *)		AC_MSG_ERROR(["--with-aixauth does not take an argument."])
+		;;
+esac])
+
+AC_ARG_WITH(pam, [AS_HELP_STRING([--with-pam], [enable PAM support])],
+[case $with_pam in
+    yes)	AUTH_EXCL="$AUTH_EXCL PAM";;
+    no)		;;
+    *)		AC_MSG_ERROR(["--with-pam does not take an argument."])
+		;;
+esac])
+
+AC_ARG_WITH(AFS, [AS_HELP_STRING([--with-AFS], [enable AFS support])],
+[case $with_AFS in
+    yes)	AC_DEFINE(HAVE_AFS)
+		AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
+		AC_MSG_RESULT(yes)
+		AUTH_REG="$AUTH_REG AFS"
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR(["--with-AFS does not take an argument."])
+		;;
+esac])
+
+AC_ARG_WITH(DCE, [AS_HELP_STRING([--with-DCE], [enable DCE support])],
+[case $with_DCE in
+    yes)	AC_DEFINE(HAVE_DCE)
+		AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
+		AC_MSG_RESULT(yes)
+		AUTH_REG="$AUTH_REG DCE"
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR(["--with-DCE does not take an argument."])
+		;;
+esac])
+
+AC_ARG_WITH(logincap, [AS_HELP_STRING([--with-logincap], [enable BSD login class support])],
+[case $with_logincap in
+    yes|no)	;;
+    *)		AC_MSG_ERROR(["--with-logincap does not take an argument."])
+		;;
+esac])
+
+AC_ARG_WITH(bsdauth, [AS_HELP_STRING([--with-bsdauth], [enable BSD authentication support])],
+[case $with_bsdauth in
+    yes)	AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
+    no)		;;
+    *)		AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
+		;;
+esac])
+
+AC_ARG_WITH(project, [AS_HELP_STRING([--with-project], [enable Solaris project support])],
+[case $with_project in
+    yes|no)	;;
+    no)	;;
+    *)		AC_MSG_ERROR(["--with-project does not take an argument."])
+		;;
+esac])
+
+AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
+AC_ARG_WITH(lecture, [AS_HELP_STRING([--without-lecture], [don't print lecture for first-time sudoer])],
+[case $with_lecture in
+    yes|short|always)	lecture=once
+		;;
+    no|none|never)	lecture=never
+		;;
+    *)		AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"])
+		;;
+esac])
+if test "$lecture" = "once"; then
+    AC_MSG_RESULT(yes)
+else
+    AC_DEFINE(NO_LECTURE)
+    AC_MSG_RESULT(no)
+fi
+
+AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
+AC_ARG_WITH(logging, [AS_HELP_STRING([--with-logging], [log via syslog, file, or both])],
+[case $with_logging in
+    yes)	AC_MSG_ERROR(["must give --with-logging an argument."])
+		;;
+    no)		AC_MSG_ERROR(["--without-logging not supported."])
+		;;
+    syslog)	AC_DEFINE(LOGGING, SLOG_SYSLOG)
+		AC_MSG_RESULT(syslog)
+		;;
+    file)	AC_DEFINE(LOGGING, SLOG_FILE)
+		AC_MSG_RESULT(file)
+		;;
+    both)	AC_DEFINE(LOGGING, SLOG_BOTH)
+		AC_MSG_RESULT(both)
+		;;
+    *)		AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"])
+		;;
+esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
+
+AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "auth")])],
+[case $with_logfac in
+    yes)	AC_MSG_ERROR(["must give --with-logfac an argument."])
+		;;
+    no)		AC_MSG_ERROR(["--without-logfac not supported."])
+		;;
+    authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7)		logfac=$with_logfac
+		;;
+    *)		AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
+		;;
+esac])
+
+AC_MSG_CHECKING(at which syslog priority to log commands)
+AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])],
+[case $with_goodpri in
+    yes)	AC_MSG_ERROR(["must give --with-goodpri an argument."])
+		;;
+    no)		AC_MSG_ERROR(["--without-goodpri not supported."])
+		;;
+    alert|crit|debug|emerg|err|info|notice|warning)
+		goodpri=$with_goodpri
+		;;
+    *)		AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."])
+		;;
+esac])
+AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
+AC_MSG_RESULT($goodpri)
+
+AC_MSG_CHECKING(at which syslog priority to log failures)
+AC_ARG_WITH(badpri, [AS_HELP_STRING([--with-badpri], [syslog priority for failures (def is "alert")])],
+[case $with_badpri in
+    yes)	AC_MSG_ERROR(["must give --with-badpri an argument."])
+		;;
+    no)		AC_MSG_ERROR(["--without-badpri not supported."])
+		;;
+    alert|crit|debug|emerg|err|info|notice|warning)
+		badpri=$with_badpri
+		;;
+    *)		AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
+		;;
+esac])
+AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
+AC_MSG_RESULT($badpri)
+
+AC_ARG_WITH(logpath, [AS_HELP_STRING([--with-logpath], [path to the sudo log file])],
+[case $with_logpath in
+    yes)	AC_MSG_ERROR(["must give --with-logpath an argument."])
+		;;
+    no)		AC_MSG_ERROR(["--without-logpath not supported."])
+		;;
+esac])
+
+AC_MSG_CHECKING(how long a line in the log file should be)
+AC_ARG_WITH(loglen, [AS_HELP_STRING([--with-loglen], [maximum length of a log file line (default is 80)])],
+[case $with_loglen in
+    yes)	AC_MSG_ERROR(["must give --with-loglen an argument."])
+		;;
+    no)		AC_MSG_ERROR(["--without-loglen not supported."])
+		;;
+    [[0-9]]*)	loglen=$with_loglen
+		;;
+    *)		AC_MSG_ERROR(["you must enter a number, not $with_loglen"])
+		;;
+esac])
+AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
+AC_MSG_RESULT($loglen)
+
+AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
+AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [ignore '.' in the PATH])],
+[case $with_ignore_dot in
+    yes)	ignore_dot=on
+		;;
+    no)		ignore_dot=off
+		;;
+    *)		AC_MSG_ERROR(["--with-ignore-dot does not take an argument."])
+		;;
+esac])
+if test "$ignore_dot" = "on"; then
+    AC_DEFINE(IGNORE_DOT_PATH)
+    AC_MSG_RESULT(yes)
+else
+    AC_MSG_RESULT(no)
+fi
+
+AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
+AC_ARG_WITH(mail-if-no-user, [AS_HELP_STRING([--without-mail-if-no-user], [do not send mail if user not in sudoers])],
+[case $with_mail_if_no_user in
+    yes)	mail_no_user=on
+		;;
+    no)		mail_no_user=off
+		;;
+    *)		AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."])
+		;;
+esac])
+if test "$mail_no_user" = "on"; then
+    AC_DEFINE(SEND_MAIL_WHEN_NO_USER)
+    AC_MSG_RESULT(yes)
+else
+    AC_MSG_RESULT(no)
+fi
+
+AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
+AC_ARG_WITH(mail-if-no-host, [AS_HELP_STRING([--with-mail-if-no-host], [send mail if user in sudoers but not for this host])],
+[case $with_mail_if_no_host in
+    yes)	mail_no_host=on
+		;;
+    no)		mail_no_host=off
+		;;
+    *)		AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."])
+		;;
+esac])
+if test "$mail_no_host" = "on"; then
+    AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
+    AC_MSG_RESULT(yes)
+else
+    AC_MSG_RESULT(no)
+fi
+
+AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
+AC_ARG_WITH(mail-if-noperms, [AS_HELP_STRING([--with-mail-if-noperms], [send mail if user not allowed to run command])],
+[case $with_mail_if_noperms in
+    yes)	mail_noperms=on
+		;;
+    no)		mail_noperms=off
+		;;
+    *)		AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."])
+		;;
+esac])
+if test "$mail_noperms" = "on"; then
+    AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
+    AC_MSG_RESULT(yes)
+else
+    AC_MSG_RESULT(no)
+fi
+
+AC_MSG_CHECKING(who should get the mail that sudo sends)
+AC_ARG_WITH(mailto, [AS_HELP_STRING([--with-mailto], [who should get sudo mail (default is "root")])],
+[case $with_mailto in
+    yes)	AC_MSG_ERROR(["must give --with-mailto an argument."])
+		;;
+    no)		AC_MSG_ERROR(["--without-mailto not supported."])
+		;;
+    *)		mailto=$with_mailto
+		;;
+esac])
+AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
+AC_MSG_RESULT([$mailto])
+
+AC_ARG_WITH(mailsubject, [AS_HELP_STRING([--with-mailsubject], [subject of sudo mail])],
+[case $with_mailsubject in
+    yes)	AC_MSG_ERROR(["must give --with-mailsubject an argument."])
+		;;
+    no)		AC_MSG_WARN([Sorry, --without-mailsubject not supported.])
+		;;
+    *)		mailsub="$with_mailsubject"
+		AC_MSG_CHECKING(sudo mail subject)
+		AC_MSG_RESULT([Using alert mail subject: $mailsub])
+		;;
+esac])
+AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
+
+AC_MSG_CHECKING(for bad password prompt)
+AC_ARG_WITH(passprompt, [AS_HELP_STRING([--with-passprompt], [default password prompt])],
+[case $with_passprompt in
+    yes)	AC_MSG_ERROR(["must give --with-passprompt an argument."])
+		;;
+    no)		AC_MSG_WARN([Sorry, --without-passprompt not supported.])
+		;;
+    *)		passprompt="$with_passprompt"
+esac])
+AC_MSG_RESULT($passprompt)
+AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
+
+AC_MSG_CHECKING(for bad password message)
+AC_ARG_WITH(badpass-message, [AS_HELP_STRING([--with-badpass-message], [message the user sees when the password is wrong])],
+[case $with_badpass_message in
+    yes)	AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
+		;;
+    no)		AC_MSG_WARN([Sorry, --without-badpass-message not supported.])
+		;;
+    *)		badpass_message="$with_badpass_message"
+		;;
+esac])
+AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
+AC_MSG_RESULT([$badpass_message])
+
+AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
+AC_ARG_WITH(fqdn, [AS_HELP_STRING([--with-fqdn], [expect fully qualified hosts in sudoers])],
+[case $with_fqdn in
+    yes)	fqdn=on
+		;;
+    no)		fqdn=off
+		;;
+    *)		AC_MSG_ERROR(["--with-fqdn does not take an argument."])
+		;;
+esac])
+if test "$fqdn" = "on"; then
+    AC_DEFINE(FQDN)
+    AC_MSG_RESULT(yes)
+else
+    AC_MSG_RESULT(no)
+fi
+
+AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir], [path to the sudo timestamp dir])],
+[case $with_timedir in
+    yes)	AC_MSG_ERROR(["must give --with-timedir an argument."])
+		;;
+    no)		AC_MSG_ERROR(["--without-timedir not supported."])
+		;;
+esac])
+
+AC_ARG_WITH(iologdir, [AS_HELP_STRING([--with-iologdir=DIR], [directory to store sudo I/O log files in])],
+[case $with_iologdir in
+    yes)	;;
+    no)		;;
+esac])
+
+AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail])
+AS_HELP_STRING([--without-sendmail], [do not send mail at all])],
+[case $with_sendmail in
+    yes)	with_sendmail=""
+		;;
+    no)		;;
+    *)		SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
+		;;
+esac])
+
+AC_ARG_WITH(sudoers-mode, [AS_HELP_STRING([--with-sudoers-mode], [mode of sudoers file (defaults to 0440)])],
+[case $with_sudoers_mode in
+    yes)	AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
+		;;
+    no)		AC_MSG_ERROR(["--without-sudoers-mode not supported."])
+		;;
+    [[1-9]]*)	SUDOERS_MODE=0${with_sudoers_mode}
+		;;
+    0*)		SUDOERS_MODE=$with_sudoers_mode
+		;;
+    *)		AC_MSG_ERROR(["you must use an octal mode, not a name."])
+		;;
+esac])
+
+AC_ARG_WITH(sudoers-uid, [AS_HELP_STRING([--with-sudoers-uid], [uid that owns sudoers file (defaults to 0)])],
+[case $with_sudoers_uid in
+    yes)	AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
+		;;
+    no)		AC_MSG_ERROR(["--without-sudoers-uid not supported."])
+		;;
+    [[0-9]]*)	SUDOERS_UID=$with_sudoers_uid
+		;;
+    *)		AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."])
+		;;
+esac])
+
+AC_ARG_WITH(sudoers-gid, [AS_HELP_STRING([--with-sudoers-gid], [gid that owns sudoers file (defaults to 0)])],
+[case $with_sudoers_gid in
+    yes)	AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
+		;;
+    no)		AC_MSG_ERROR(["--without-sudoers-gid not supported."])
+		;;
+    [[0-9]]*)	SUDOERS_GID=$with_sudoers_gid
+		;;
+    *)		AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."])
+		;;
+esac])
+
+AC_MSG_CHECKING(for umask programs should be run with)
+AC_ARG_WITH(umask, [AS_HELP_STRING([--with-umask], [umask with which the prog should run (default is 022)])
+AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo.])],
+[case $with_umask in
+    yes)	AC_MSG_ERROR(["must give --with-umask an argument."])
+		;;
+    no)		sudo_umask=0777
+		;;
+    [[0-9]]*)	sudo_umask=$with_umask
+		;;
+    *)		AC_MSG_ERROR(["you must enter a numeric mask."])
+		;;
+esac])
+AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.])
+if test "$sudo_umask" = "0777"; then
+    AC_MSG_RESULT(user)
+else
+    AC_MSG_RESULT($sudo_umask)
+fi
+
+AC_MSG_CHECKING(for default user to run commands as)
+AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])],
+[case $with_runas_default in
+    yes)	AC_MSG_ERROR(["must give --with-runas-default an argument."])
+		;;
+    no)		AC_MSG_ERROR(["--without-runas-default not supported."])
+		;;
+    *)		runas_default="$with_runas_default"
+		;;
+esac])
+AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
+AC_MSG_RESULT([$runas_default])
+
+AC_ARG_WITH(exempt, [AS_HELP_STRING([--with-exempt=group], [no passwd needed for users in this group])],
+[case $with_exempt in
+    yes)	AC_MSG_ERROR(["must give --with-exempt an argument."])
+		;;
+    no)		AC_MSG_ERROR(["--without-exempt not supported."])
+		;;
+    *)		AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
+		AC_MSG_CHECKING(for group to be exempt from password)
+		AC_MSG_RESULT([$with_exempt])
+		;;
+esac])
+
+AC_MSG_CHECKING(for editor that visudo should use)
+AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for visudo (defaults to vi)])],
+[case $with_editor in
+    yes)	AC_MSG_ERROR(["must give --with-editor an argument."])
+		;;
+    no)		AC_MSG_ERROR(["--without-editor not supported."])
+		;;
+    *)		AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
+		AC_MSG_RESULT([$with_editor])
+		editor="$with_editor"
+		;;
+esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
+
+AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
+AC_ARG_WITH(env-editor, [AS_HELP_STRING([--with-env-editor], [Use the environment variable EDITOR for visudo])],
+[case $with_env_editor in
+    yes)	env_editor=on
+		;;
+    no)		env_editor=off
+		;;
+    *)		AC_MSG_ERROR(["--with-env-editor does not take an argument."])
+		;;
+esac])
+if test "$env_editor" = "on"; then
+    AC_DEFINE(ENV_EDITOR)
+    AC_MSG_RESULT(yes)
+else
+    AC_MSG_RESULT(no)
+fi
+
+AC_MSG_CHECKING(number of tries a user gets to enter their password)
+AC_ARG_WITH(passwd-tries, [AS_HELP_STRING([--with-passwd-tries], [number of tries to enter password (default is 3)])],
+[case $with_passwd_tries in
+    yes)	;;
+    no)		AC_MSG_ERROR(["--without-editor not supported."])
+		;;
+    [[1-9]]*)	passwd_tries=$with_passwd_tries
+		;;
+    *)		AC_MSG_ERROR(["you must enter the numer of tries, > 0"])
+		;;
+esac])
+AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
+AC_MSG_RESULT($passwd_tries)
+
+AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
+AC_ARG_WITH(timeout, [AS_HELP_STRING([--with-timeout], [minutes before sudo asks for passwd again (def is 5 minutes)])],
+[case $with_timeout in
+    yes)	;;
+    no)		timeout=0
+		;;
+    [[0-9]]*)	timeout=$with_timeout
+		;;
+    *)		AC_MSG_ERROR(["you must enter the numer of minutes."])
+		;;
+esac])
+AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
+AC_MSG_RESULT($timeout)
+
+AC_MSG_CHECKING(time in minutes after the password prompt will time out)
+AC_ARG_WITH(password-timeout, [AS_HELP_STRING([--with-password-timeout], [passwd prompt timeout in minutes (default is 5 minutes)])],
+[case $with_password_timeout in
+    yes)	;;
+    no)		password_timeout=0
+		;;
+    [[0-9]]*)	password_timeout=$with_password_timeout
+		;;
+    *)		AC_MSG_ERROR(["you must enter the numer of minutes."])
+		;;
+esac])
+AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
+AC_MSG_RESULT($password_timeout)
+
+AC_MSG_CHECKING(whether to use per-tty ticket files)
+AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different ticket file for each tty])],
+[case $with_tty_tickets in
+    yes)	tty_tickets=on
+		;;
+    no)		tty_tickets=off
+		;;
+    *)		AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
+		;;
+esac])
+if test "$tty_tickets" = "off"; then
+    AC_DEFINE(NO_TTY_TICKETS)
+    AC_MSG_RESULT(no)
+else
+    AC_MSG_RESULT(yes)
+fi
+
+AC_MSG_CHECKING(whether to include insults)
+AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for entering an incorrect password])],
+[case $with_insults in
+    yes)	insults=on
+		with_classic_insults=yes
+		with_csops_insults=yes
+		;;
+    disabled)	insults=off
+		with_classic_insults=yes
+		with_csops_insults=yes
+		;;
+    no)		insults=off
+		;;
+    *)		AC_MSG_ERROR(["--with-insults does not take an argument."])
+		;;
+esac])
+if test "$insults" = "on"; then
+    AC_DEFINE(USE_INSULTS)
+    AC_MSG_RESULT(yes)
+else
+    AC_MSG_RESULT(no)
+fi
+
+AC_ARG_WITH(all-insults, [AS_HELP_STRING([--with-all-insults], [include all the sudo insult sets])],
+[case $with_all_insults in
+    yes)	with_classic_insults=yes
+		with_csops_insults=yes
+		with_hal_insults=yes
+		with_goons_insults=yes
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR(["--with-all-insults does not take an argument."])
+		;;
+esac])
+
+AC_ARG_WITH(classic-insults, [AS_HELP_STRING([--with-classic-insults], [include the insults from the "classic" sudo])],
+[case $with_classic_insults in
+    yes)	AC_DEFINE(CLASSIC_INSULTS)
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR(["--with-classic-insults does not take an argument."])
+		;;
+esac])
+
+AC_ARG_WITH(csops-insults, [AS_HELP_STRING([--with-csops-insults], [include CSOps insults])],
+[case $with_csops_insults in
+    yes)	AC_DEFINE(CSOPS_INSULTS)
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR(["--with-csops-insults does not take an argument."])
+		;;
+esac])
+
+AC_ARG_WITH(hal-insults, [AS_HELP_STRING([--with-hal-insults], [include 2001-like insults])],
+[case $with_hal_insults in
+    yes)	AC_DEFINE(HAL_INSULTS)
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR(["--with-hal-insults does not take an argument."])
+		;;
+esac])
+
+AC_ARG_WITH(goons-insults, [AS_HELP_STRING([--with-goons-insults], [include the insults from the "Goon Show"])],
+[case $with_goons_insults in
+    yes)	AC_DEFINE(GOONS_INSULTS)
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR(["--with-goons-insults does not take an argument."])
+		;;
+esac])
+
+AC_ARG_WITH(nsswitch, [AS_HELP_STRING([--with-nsswitch[[=PATH]]], [path to nsswitch.conf])],
+[case $with_nsswitch in
+    no)		;;
+    yes)	with_nsswitch="/etc/nsswitch.conf"
+		;;
+    *)		;;
+esac])
+
+AC_ARG_WITH(ldap, [AS_HELP_STRING([--with-ldap[[=DIR]]], [enable LDAP support])],
+[case $with_ldap in
+    no)		;;
+    *)		AC_DEFINE(HAVE_LDAP)
+		AC_MSG_CHECKING(whether to use sudoers from LDAP)
+		AC_MSG_RESULT(yes)
+		;;
+esac])
+
+AC_ARG_WITH(ldap-conf-file, [AS_HELP_STRING([--with-ldap-conf-file], [path to LDAP configuration file])])
+test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file"
+SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$ldap_conf", [Path to the ldap.conf file])
+
+AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path to LDAP secret password file])])
+test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file"
+SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file])
+
+AC_ARG_WITH(pc-insults, [AS_HELP_STRING([--with-pc-insults], [replace politically incorrect insults with less offensive ones])],
+[case $with_pc_insults in
+    yes)	AC_DEFINE(PC_INSULTS)
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR(["--with-pc-insults does not take an argument."])
+		;;
+esac])
+
+dnl include all insult sets on one line
+if test "$insults" = "on"; then
+    AC_MSG_CHECKING(which insult sets to include)
+    i=""
+    test "$with_goons_insults" = "yes" && i="goons ${i}"
+    test "$with_hal_insults" = "yes" && i="hal ${i}"
+    test "$with_csops_insults" = "yes" && i="csops ${i}"
+    test "$with_classic_insults" = "yes" && i="classic ${i}"
+    AC_MSG_RESULT([$i])
+fi
+
+AC_MSG_CHECKING(whether to override the user's path)
+AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])],
+[case $with_secure_path in
+    yes)	with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc"
+		AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
+		AC_MSG_RESULT([$with_secure_path])
+		secure_path="set to $with_secure_path"
+		;;
+    no)		AC_MSG_RESULT(no)
+		;;
+    *)		AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
+		AC_MSG_RESULT([$with_secure_path])
+		secure_path="set to F<$with_secure_path>"
+		;;
+esac], AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
+AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-interfaces], [don't try to read the ip addr of ether interfaces])],
+[case $with_interfaces in
+    yes)	AC_MSG_RESULT(yes)
+		;;
+    no)		AC_DEFINE(STUB_LOAD_INTERFACES)
+		AC_MSG_RESULT(no)
+		;;
+    *)		AC_MSG_ERROR(["--with-interfaces does not take an argument."])
+		;;
+esac], AC_MSG_RESULT(yes))
+
+AC_MSG_CHECKING(whether stow should be used)
+AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [properly handle GNU stow packaging])],
+[case $with_stow in
+    yes)	AC_MSG_RESULT(yes)
+		AC_DEFINE(USE_STOW)
+		;;
+    no)		AC_MSG_RESULT(no)
+		;;
+    *)		AC_MSG_ERROR(["--with-stow does not take an argument."])
+		;;
+esac], AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(whether to use an askpass helper)
+AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])],
+[case $with_askpass in
+    yes)	AC_MSG_ERROR(["--with-askpass takes a path as an argument."])
+		;;
+    no)		;;
+    *)		SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass])
+		;;
+esac], AC_MSG_RESULT(no))
+
+dnl
+dnl If enabled, set LIBVAS_SO, LIBVAS_RPATH and USING_NONUNIX_GROUPS
+dnl
+AC_ARG_WITH(libvas, [AS_HELP_STRING([--with-libvas=NAME], [Name of the libvas shared library (default=libvas.so)])],
+[case $with_libvas in
+    yes)	with_libvas=libvas.so
+		;;
+    no)		;;
+    *)		AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_libvas"], [The name of libvas.so])
+		;;
+esac
+if test X"$with_libvas" != X"no"; then
+    AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_libvas"], [The name of libvas.so])
+    AC_DEFINE(USING_NONUNIX_GROUPS)
+    COMMON_OBJS="$COMMON_OBJS vasgroups.o"
+    AC_ARG_WITH([libvas-rpath],
+       [AS_HELP_STRING([--with-libvas-rpath=PATH],
+		       [Path to look for libvas in [default=/opt/quest/lib]])],
+       [LIBVAS_RPATH=$withval],
+       [LIBVAS_RPATH=/opt/quest/lib])
+    dnl
+    dnl Some platforms require libdl for dlopen()
+    dnl
+    AC_CHECK_LIB([dl], [main])
+fi
+])
+
+dnl
+dnl Options for --enable
+dnl
+
+AC_MSG_CHECKING(whether to do user authentication by default)
+AC_ARG_ENABLE(authentication,
+[AS_HELP_STRING([--disable-authentication], [Do not require authentication by default])],
+[ case "$enableval" in
+    yes)	AC_MSG_RESULT(yes)
+		;;
+    no)		AC_MSG_RESULT(no)
+		AC_DEFINE(NO_AUTHENTICATION)
+		;;
+    *)		AC_MSG_RESULT(no)
+    		AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval])
+		;;
+  esac
+], AC_MSG_RESULT(yes))
+
+AC_MSG_CHECKING(whether to disable running the mailer as root)
+AC_ARG_ENABLE(root-mailer,
+[AS_HELP_STRING([--disable-root-mailer], [Don't run the mailer as root, run as the user])],
+[ case "$enableval" in
+    yes)	AC_MSG_RESULT(no)
+		;;
+    no)		AC_MSG_RESULT(yes)
+		AC_DEFINE(NO_ROOT_MAILER)
+		;;
+    *)		AC_MSG_RESULT(no)
+    		AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval])
+		;;
+  esac
+], AC_MSG_RESULT(no))
+
+AC_ARG_ENABLE(setreuid,
+[AS_HELP_STRING([--disable-setreuid], [Don't try to use the setreuid() function])],
+[ case "$enableval" in
+    no)		SKIP_SETREUID=yes
+		;;
+    *)		;;
+  esac
+])
+
+AC_ARG_ENABLE(setresuid,
+[AS_HELP_STRING([--disable-setresuid], [Don't try to use the setresuid() function])],
+[ case "$enableval" in
+    no)		SKIP_SETRESUID=yes
+		;;
+    *)		;;
+  esac
+])
+
+AC_MSG_CHECKING(whether to disable shadow password support)
+AC_ARG_ENABLE(shadow,
+[AS_HELP_STRING([--disable-shadow], [Never use shadow passwords])],
+[ case "$enableval" in
+    yes)	AC_MSG_RESULT(no)
+		;;
+    no)		AC_MSG_RESULT(yes)
+		CHECKSHADOW="false"
+		;;
+    *)		AC_MSG_RESULT(no)
+    		AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval])
+		;;
+  esac
+], AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(whether root should be allowed to use sudo)
+AC_ARG_ENABLE(root-sudo,
+[AS_HELP_STRING([--disable-root-sudo], [Don't allow root to run sudo])],
+[ case "$enableval" in
+    yes)	AC_MSG_RESULT(yes)
+		;;
+    no)		AC_DEFINE(NO_ROOT_SUDO)
+		AC_MSG_RESULT(no)
+		root_sudo=off
+		;;
+    *)		AC_MSG_ERROR(["--enable-root-sudo does not take an argument."])
+		;;
+  esac
+], AC_MSG_RESULT(yes))
+
+AC_MSG_CHECKING(whether to log the hostname in the log file)
+AC_ARG_ENABLE(log-host,
+[AS_HELP_STRING([--enable-log-host], [Log the hostname in the log file])],
+[ case "$enableval" in
+    yes)	AC_MSG_RESULT(yes)
+		AC_DEFINE(HOST_IN_LOG)
+		;;
+    no)		AC_MSG_RESULT(no)
+		;;
+    *)		AC_MSG_RESULT(no)
+    		AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval])
+		;;
+  esac
+], AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
+AC_ARG_ENABLE(noargs-shell,
+[AS_HELP_STRING([--enable-noargs-shell], [If sudo is given no arguments run a shell])],
+[ case "$enableval" in
+    yes)	AC_MSG_RESULT(yes)
+		AC_DEFINE(SHELL_IF_NO_ARGS)
+		;;
+    no)		AC_MSG_RESULT(no)
+		;;
+    *)		AC_MSG_RESULT(no)
+    		AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval])
+		;;
+  esac
+], AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
+AC_ARG_ENABLE(shell-sets-home,
+[AS_HELP_STRING([--enable-shell-sets-home], [Set $HOME to target user in shell mode])],
+[ case "$enableval" in
+    yes)	AC_MSG_RESULT(yes)
+		AC_DEFINE(SHELL_SETS_HOME)
+		;;
+    no)		AC_MSG_RESULT(no)
+		;;
+    *)		AC_MSG_RESULT(no)
+    		AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval])
+		;;
+  esac
+], AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(whether to disable 'command not found' messages)
+AC_ARG_ENABLE(path_info,
+[AS_HELP_STRING([--disable-path-info], [Print 'command not allowed' not 'command not found'])],
+[ case "$enableval" in
+    yes)	AC_MSG_RESULT(no)
+		;;
+    no)		AC_MSG_RESULT(yes)
+		AC_DEFINE(DONT_LEAK_PATH_INFO)
+		path_info=off
+		;;
+    *)		AC_MSG_RESULT(no)
+		AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval])
+		;;
+  esac
+], AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(whether to enable environment debugging)
+AC_ARG_ENABLE(env_debug,
+[AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])],
+[ case "$enableval" in
+    yes)	AC_MSG_RESULT(yes)
+		AC_DEFINE(ENV_DEBUG)
+		;;
+    no)		AC_MSG_RESULT(no)
+		;;
+    *)		AC_MSG_RESULT(no)
+    		AC_MSG_WARN([Ignoring unknown argument to --enable-env-debug: $enableval])
+		;;
+  esac
+], AC_MSG_RESULT(no))
+
+AC_ARG_ENABLE(warnings,
+[AS_HELP_STRING([--enable-warnings], [Whether to enable compiler warnings])],
+[ case "$enableval" in
+    yes)    if test X"$with_devel" != X"yes" -a -n "$GCC"; then
+		CFLAGS="${CFLAGS} -Wall"
+	    fi
+	    ;;
+    no)	    ;;
+    *)	    AC_MSG_WARN([Ignoring unknown argument to --enable-warnings: $enableval])
+	    ;;
+  esac
+])
+
+AC_ARG_ENABLE(admin-flag,
+[AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])],
+[ case "$enableval" in
+    yes)    AC_DEFINE(USE_ADMIN_FLAG)
+	    ;;
+    no)	    ;;
+    *)	    AC_MSG_WARN([Ignoring unknown argument to --enable-admin-flag: $enableval])
+	    ;;
+  esac
+])
+
+AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])],
+[case $with_selinux in
+    yes)	SELINUX_USAGE="[[-r role]] [[-t type]] "
+    		AC_DEFINE(HAVE_SELINUX)
+		SUDO_LIBS="${SUDO_LIBS} -lselinux"
+		SUDO_OBJS="${SUDO_OBJS} selinux.o"
+		PROGS="${PROGS} sesh"
+		SEMAN=1
+		AC_CHECK_LIB([selinux], [setkeycreatecon],
+		    [AC_DEFINE(HAVE_SETKEYCREATECON)])
+		;;
+    no)		;;
+    *)		AC_MSG_ERROR(["--with-selinux does not take an argument."])
+		;;
+esac])
+
+dnl
+dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default
+dnl
+AC_ARG_ENABLE(gss_krb5_ccache_name,
+[AS_HELP_STRING([--enable-gss-krb5-ccache-name], [Use GSS-API to set the Kerberos V cred cache name])],
+[check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no])
+
+dnl
+dnl C compiler checks
+dnl
+AC_SEARCH_LIBS([strerror], [cposix])
+AC_PROG_CPP
+AC_CHECK_TOOL(AR, ar, false)
+AC_CHECK_TOOL(RANLIB, ranlib, :)
+
+dnl
+dnl Libtool setup, we require libtool 2.2.6b or higher
+dnl
+AC_CANONICAL_HOST
+AC_CONFIG_MACRO_DIR([m4])
+LT_PREREQ([2.2.6b])
+LT_INIT
+
+dnl
+dnl Defer with_noexec until after libtool magic runs
+dnl
+if test "$enable_shared" = "no"; then
+    with_noexec=no
+else
+    eval _shrext="$shrext_cmds"
+fi
+AC_MSG_CHECKING(path to sudo_noexec.so)
+AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])],
+[case $with_noexec in
+    yes)	with_noexec="$libexecdir/sudo_noexec$_shrext"
+		;;
+    no)		;;
+    *)		;;
+esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
+AC_MSG_RESULT($with_noexec)
+NOEXECFILE="sudo_noexec$_shrext"
+NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
+
+dnl
+dnl It is now safe to modify CFLAGS and CPPFLAGS
+dnl
+if test X"$with_devel" = X"yes" -a -n "$GCC"; then
+    CFLAGS="${CFLAGS} -Wall"
+fi
+
+dnl
+dnl Find programs we use
+dnl
+AC_CHECK_PROG(UNAMEPROG, [uname], [uname])
+AC_CHECK_PROG(TRPROG, [tr], [tr])
+AC_CHECK_PROGS(NROFFPROG, [nroff mandoc])
+if test -z "$NROFFPROG"; then
+    MANTYPE="cat"
+    mansrcdir='$(srcdir)'
+fi
+
+dnl
+dnl What kind of beastie are we being run on?
+dnl Barf if config.cache was generated on another host.
+dnl
+if test -n "$sudo_cv_prev_host"; then
+    if test "$sudo_cv_prev_host" != "$host"; then
+	AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
+    else
+	AC_MSG_CHECKING(previous host type)
+	AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
+	AC_MSG_RESULT([$sudo_cv_prev_host])
+    fi
+else
+    # this will produce no output since there is no cached value
+    AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
+fi
+
+dnl
+dnl We want to be able to differentiate between different rev's
+dnl
+if test -n "$host_os"; then
+    OS=`echo $host_os | sed 's/[[0-9]].*//'`
+    OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'`
+    OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
+else
+    OS="unknown"
+    OSREV=0
+    OSMAJOR=0
+fi
+
+case "$host" in
+    *-*-sunos4*)
+		# getcwd(3) opens a pipe to getpwd(1)!?!
+		BROKEN_GETCWD=1
+
+		# system headers lack prototypes but gcc helps...
+		if test -n "$GCC"; then
+		    OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
+		fi
+
+		shadow_funcs="getpwanam issecure"
+		;;
+    *-*-solaris2*)
+		# To get the crypt(3) prototype (so we pass -Wall)
+		OSDEFS="${OSDEFS} -D__EXTENSIONS__"
+		# AFS support needs -lucb
+		if test "$with_AFS" = "yes"; then
+		    AFS_LIBS="-lc -lucb"
+		fi
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		: ${with_rpath='yes'}
+		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+		;;
+    *-*-aix*)
+		# To get all prototypes (so we pass -Wall)
+		OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT"
+		SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
+		if test X"$with_blibpath" != X"no"; then
+		    AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
+		    O_LDFLAGS="$LDFLAGS"
+		    LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
+		    AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [
+			if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
+			    blibpath="$with_blibpath"
+			elif test -n "$GCC"; then
+			    blibpath="/usr/lib:/lib:/usr/local/lib"
+			else
+			    blibpath="/usr/lib:/lib"
+			fi
+			AC_MSG_RESULT(yes)
+		    ], [AC_MSG_RESULT(no)])
+		fi
+		LDFLAGS="$O_LDFLAGS"
+
+		# Use authenticate(3) as the default authentication method
+		if test X"$with_aixauth" = X""; then
+		    AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
+		fi
+
+		# AIX analog of nsswitch.conf, enabled by default
+		AC_ARG_WITH(netsvc, [AS_HELP_STRING([--with-netsvc[[=PATH]]], [path to netsvc.conf])],
+		[case $with_netsvc in
+		    no)		;;
+		    yes)	with_netsvc="/etc/netsvc.conf"
+				;;
+		    *)		;;
+		esac])
+		if test -z "$with_nsswitch" -a -z "$with_netsvc"; then
+		    with_netsvc="/etc/netsvc.conf"
+		fi
+
+		# AIX-specific functions
+		AC_CHECK_FUNCS(getuserattr setauthdb)
+		COMMON_OBJS="$COMMON_OBJS aix.o"
+		;;
+    *-*-hiuxmpp*)
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		;;
+    *-*-hpux*)
+		# AFS support needs -lBSD
+		if test "$with_AFS" = "yes"; then
+		    AFS_LIBS="-lc -lBSD"
+		fi
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+
+		if test -z "$GCC"; then
+		    # HP-UX bundled compiler can't generate shared objects
+		    if -z "$pic_flag"; then
+			with_noexec=no
+		    fi
+
+		    # Use the +DAportable flag on hppa if it is supported
+		    case "$host_cpu" in
+		    hppa*)
+			_CFLAGS="$CFLAGS"
+			CFLAGS="$CFLAGS +DAportable"
+			AC_CACHE_CHECK([whether $CC understands +DAportable],
+			    [sudo_cv_var_daportable],
+			    [AC_LINK_IFELSE(
+				[AC_LANG_PROGRAM([[]], [[]])],
+				    [sudo_cv_var_daportable=yes],
+				    [sudo_cv_var_daportable=no]
+				)
+			    ]
+			)
+			if test X"$sudo_cv_var_daportable" != X"yes"; then
+			    CFLAGS="$_CFLAGS"
+			fi
+			;;
+		    esac
+		fi
+
+		case "$host" in
+			*-*-hpux[1-8].*)
+			    AC_DEFINE(BROKEN_SYSLOG)
+
+			    # Not sure if setuid binaries are safe in < 9.x
+			    if test -n "$GCC"; then
+				SUDO_LDFLAGS="${SUDO_LDFLAGS} -static"
+			    else
+				SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive"
+			    fi
+			;;
+			*-*-hpux9.*)
+			    AC_DEFINE(BROKEN_SYSLOG)
+
+			    shadow_funcs="getspwuid"
+
+			    # DCE support (requires ANSI C compiler)
+			    if test "$with_DCE" = "yes"; then
+				# order of libs in 9.X is important. -lc_r must be last
+				SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r"
+				LIBS="${LIBS} -ldce -lM -lc_r"
+				CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
+			    fi
+			;;
+			*-*-hpux10.*)
+			    shadow_funcs="getprpwnam iscomsec"
+			    shadow_libs="-lsec"
+			;;
+			*)
+			    shadow_funcs="getspnam iscomsec"
+			    shadow_libs="-lsec"
+			    test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+			;;
+		esac
+		;;
+    *-dec-osf*)
+		# ignore envariables wrt dynamic lib path
+		SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement"
+
+		: ${CHECKSIA='true'}
+		AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
+		AC_ARG_ENABLE(sia,
+		[AS_HELP_STRING([--disable-sia], [Disable SIA on Digital UNIX])],
+		[ case "$enableval" in
+		    yes)	AC_MSG_RESULT(no)
+				CHECKSIA=true
+				;;
+		    no)		AC_MSG_RESULT(yes)
+				CHECKSIA=false
+				;;
+		    *)		AC_MSG_RESULT(no)
+				AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval])
+				;;
+		  esac
+		], AC_MSG_RESULT(no))
+
+		shadow_funcs="getprpwnam dispcrypt"
+		# OSF/1 4.x and higher need -ldb too
+		if test $OSMAJOR -lt 4; then
+		    shadow_libs="-lsecurity -laud -lm"
+		else
+		    shadow_libs="-lsecurity -ldb -laud -lm"
+		fi
+
+		# use SIA by default, if we have it
+		test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
+
+		#
+		# Some versions of Digital Unix ship with a broken
+		# copy of prot.h, which we need for shadow passwords.
+		# XXX - make should remove this as part of distclean
+		#
+		AC_MSG_CHECKING([for broken prot.h])
+		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/security.h>
+#include <prot.h>
+		]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
+		sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
+		])
+		: ${mansectsu='8'}
+		: ${mansectform='4'}
+		;;
+    *-*-irix*)
+		OSDEFS="${OSDEFS} -D_BSD_TYPES"
+		if test -z "$NROFFPROG"; then
+		    MAN_POSTINSTALL='	/bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
+		    if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
+			if test -d /usr/share/catman/local; then
+			    mandir="/usr/share/catman/local"
+			else
+			    mandir="/usr/catman/local"
+			fi
+		    fi
+		else
+		    if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
+			if test -d "/usr/share/man/local"; then
+			    mandir="/usr/share/man/local"
+			else
+			    mandir="/usr/man/local"
+			fi
+		    fi
+		fi
+		# IRIX <= 4 needs -lsun
+		if test "$OSMAJOR" -le 4; then
+		    AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
+		fi
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		;;
+    *-*-linux*|*-*-k*bsd*-gnu)
+		OSDEFS="${OSDEFS} -D_GNU_SOURCE"
+		# Some Linux versions need to link with -lshadow
+		shadow_funcs="getspnam"
+		shadow_libs_optional="-lshadow"
+		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+		;;
+    *-convex-bsd*)
+		OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
+		if test -z "$GCC"; then
+		    CFLAGS="${CFLAGS} -D__STDC__"
+		fi
+
+		shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
+		shadow_funcs="getprpwnam"
+		shadow_libs="-lprot"
+		;;
+    *-*-ultrix*)
+		OS="ultrix"
+		shadow_funcs="getauthuid"
+		shadow_libs="-lauth"
+		;;
+    *-*-riscos*)
+		LIBS="${LIBS} -lsun -lbsd"
+		CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
+		OSDEFS="${OSDEFS} -D_MIPS"
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		;;
+    *-*-isc*)
+		OSDEFS="${OSDEFS} -D_ISC"
+		LIB_CRYPT=1
+		SUDO_LIBS="${SUDO_LIBS} -lcrypt"
+		LIBS="${LIBS} -lcrypt"
+
+		shadow_funcs="getspnam"
+		shadow_libs="-lsec"
+
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		;;
+    *-*-sco*|*-sco-*)
+		shadow_funcs="getprpwnam"
+		shadow_libs="-lprot -lx"
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		;;
+    m88k-motorola-sysv*)
+		# motorolla's cc (a variant of gcc) does -O but not -O2
+		CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		;;
+    *-sequent-sysv*)
+		shadow_funcs="getspnam"
+		shadow_libs="-lsec"
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		: ${with_rpath='yes'}
+		;;
+    *-ncr-sysv4*|*-ncr-sysvr4*)
+		AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes])
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		: ${with_rpath='yes'}
+		;;
+    *-ccur-sysv4*|*-ccur-sysvr4*)
+		LIBS="${LIBS} -lgen"
+		SUDO_LIBS="${SUDO_LIBS} -lgen"
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		: ${with_rpath='yes'}
+		;;
+    *-*-bsdi*)
+		SKIP_SETREUID=yes
+		# Use shlicc for BSD/OS [23].x unless asked to do otherwise
+		if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then
+		    case "$OSMAJOR" in
+			2|3)	AC_MSG_NOTICE([using shlicc as CC])
+				ac_cv_prog_CC=shlicc
+				CC="$ac_cv_prog_CC"
+				;;
+		    esac
+		fi
+		# Check for newer BSD auth API (just check for >= 3.0?)
+		if test -z "$with_bsdauth"; then
+		    AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
+		fi
+		;;
+    *-*-freebsd*)
+		# FreeBSD has a real setreuid(2) starting with 2.1 and
+		# backported to 2.0.5.  We just take 2.1 and above...
+		case "$OSREV" in
+		0.*|1.*|2.0*)
+		    SKIP_SETREUID=yes
+		    ;;
+		esac
+		if test "$with_skey" = "yes"; then
+		     SUDO_LIBS="${SUDO_LIBS} -lmd"
+		fi
+		CHECKSHADOW="false"
+		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+		: ${with_logincap='maybe'}
+		;;
+    *-*-*openbsd*)
+		# OpenBSD has a real setreuid(2) starting with 3.3 but
+		# we will use setreuid(2) instead.
+		SKIP_SETREUID=yes
+		CHECKSHADOW="false"
+		# OpenBSD >= 3.0 supports BSD auth
+		if test -z "$with_bsdauth"; then
+		    case "$OSREV" in
+		    [0-2].*)
+			;;
+		    *)
+			AUTH_EXCL_DEF="BSD_AUTH"
+			;;
+		    esac
+		fi
+		: ${with_logincap='maybe'}
+		;;
+    *-*-*netbsd*)
+		# NetBSD has a real setreuid(2) starting with 1.3.2
+		case "$OSREV" in
+		0.9*|1.[012]*|1.3|1.3.1)
+		    SKIP_SETREUID=yes
+		    ;;
+		esac
+		CHECKSHADOW="false"
+		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+		: ${with_logincap='maybe'}
+		;;
+    *-*-dragonfly*)
+		if test "$with_skey" = "yes"; then
+		     SUDO_LIBS="${SUDO_LIBS} -lmd"
+		fi
+		CHECKSHADOW="false"
+		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+		: ${with_logincap='yes'}
+		;;
+    *-*-*bsd*)
+		CHECKSHADOW="false"
+		;;
+    *-*-darwin*)
+		# Darwin has a real setreuid(2) starting with 9.0
+		if test $OSMAJOR -lt 9; then
+		    SKIP_SETREUID=yes
+		fi
+		CHECKSHADOW="false"
+		test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+		: ${with_logincap='yes'}
+		;;
+    *-*-nextstep*)
+		# lockf() on is broken on the NeXT -- use flock instead
+		ac_cv_func_lockf=no
+		ac_cv_func_flock=yes
+		;;
+    *-*-*sysv4*)
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		: ${with_rpath='yes'}
+		;;
+    *-*-sysv*)
+		: ${mansectsu='1m'}
+		: ${mansectform='4'}
+		;;
+    *-gnu*)
+		OSDEFS="${OSDEFS} -D_GNU_SOURCE"
+		;;
+esac
+
+dnl
+dnl Check for mixing mutually exclusive and regular auth methods
+dnl
+AUTH_REG=${AUTH_REG# }
+AUTH_EXCL=${AUTH_EXCL# }
+if test -n "$AUTH_EXCL"; then
+    set -- $AUTH_EXCL
+    if test $# != 1; then
+	AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL])
+    fi
+    if test -n "$AUTH_REG"; then
+	AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
+    fi
+fi
+dnl
+dnl Only one of S/Key and OPIE may be specified
+dnl
+if test X"${with_skey}${with_opie}" = X"yesyes"; then
+    AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
+fi
+
+dnl
+dnl Use BSD-style man sections by default
+dnl
+: ${mansectsu='8'}
+: ${mansectform='5'}
+
+dnl
+dnl Add in any libpaths or libraries specified via configure
+dnl
+if test -n "$with_libpath"; then
+    for i in ${with_libpath}; do
+	SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
+    done
+fi
+if test -n "$with_libraries"; then
+    for i in ${with_libraries}; do
+	case $i in
+	    -l*)	;;
+	    *.a)	;;
+	    *.o)	;;
+	    *)	i="-l${i}";;
+	esac
+	LIBS="${LIBS} ${i}"
+    done
+fi
+
+dnl
+dnl C compiler checks (to be done after os checks)
+dnl
+AC_PROG_GCC_TRADITIONAL
+AC_C_CONST
+AC_C_VOLATILE
+dnl
+dnl Program checks
+dnl
+AC_PROG_YACC
+AC_PATH_PROG([FLEX], [flex], [flex])
+SUDO_PROG_MV
+SUDO_PROG_BSHELL
+if test -z "$with_sendmail"; then
+    SUDO_PROG_SENDMAIL
+fi
+if test -z "$with_editor"; then
+    SUDO_PROG_VI
+fi
+dnl
+dnl Check for authpriv support in syslog
+dnl
+AC_MSG_CHECKING(which syslog facility sudo should log with)
+if test X"$with_logfac" = X""; then
+    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <syslog.h>]], [[int i = LOG_AUTHPRIV; (void)i;]])], [logfac=authpriv])
+fi
+AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
+AC_MSG_RESULT($logfac)
+dnl
+dnl Header file checks
+dnl
+AC_HEADER_STDC
+AC_HEADER_DIRENT
+AC_HEADER_TIME
+AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h)
+AC_SYS_POSIX_TERMIOS
+if test "$ac_cv_sys_posix_termios" = "yes"; then
+    AC_DEFINE(HAVE_TERMIOS_H)
+else
+    AC_CHECK_HEADERS(termio.h)
+fi
+SUDO_MAILDIR
+if test ${with_logincap-'no'} != "no"; then
+    AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1
+	case "$OS" in
+	    freebsd|netbsd)	SUDO_LIBS="${SUDO_LIBS} -lutil"
+	    ;;
+	esac
+    ])
+fi
+if test ${with_project-'no'} != "no"; then
+    AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H)
+	[SUDO_LIBS="${SUDO_LIBS} -lproject"], -)
+fi
+dnl
+dnl typedef checks
+dnl
+AC_TYPE_MODE_T
+AC_TYPE_UID_T
+AC_CHECK_TYPE([__signed char], [], [AC_CHECK_TYPE([signed char], [AC_DEFINE(__signed, signed)], [AC_DEFINE(__signed, [])])])
+AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
+#include <signal.h>])
+AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include <sys/types.h>
+#include <signal.h>])
+AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include <sys/types.h>
+#if TIME_WITH_SYS_TIME
+# include <sys/time.h>
+#endif
+#include <time.h>])
+AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include <sys/types.h>
+#include <netinet/in.h>])
+AC_TYPE_LONG_LONG_INT
+AC_CHECK_SIZEOF([long int])
+SUDO_TYPE_SIZE_T
+SUDO_TYPE_SSIZE_T
+SUDO_TYPE_DEV_T
+SUDO_TYPE_INO_T
+SUDO_UID_T_LEN
+SUDO_SOCK_SA_LEN
+dnl
+dnl only set RETSIGTYPE if it is not set already
+dnl
+case "$DEFS" in
+    *"RETSIGTYPE"*)	;;
+    *)			AC_TYPE_SIGNAL;;
+esac
+dnl
+dnl Function checks
+dnl
+AC_FUNC_GETGROUPS
+AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
+	       strftime setrlimit initgroups getgroups fstat gettimeofday \
+	       regcomp setlocale getaddrinfo setenv vhangup \
+	       mbr_check_membership setrlimit64)
+AC_CHECK_FUNCS(getline, [], [
+    AC_LIBOBJ(getline)
+    AC_CHECK_FUNCS(fgetln)
+])
+AC_CHECK_FUNCS(setsid, [], [
+    AC_LIBOBJ(setsid)
+    AC_FUNC_SETPGRP
+])
+
+AC_CHECK_FUNCS(sysctl getutid getutxid, [break])
+
+AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(util.h pty.h, [break])], [
+    AC_CHECK_LIB(util, openpty, [
+	AC_CHECK_HEADERS(util.h pty.h, [break])
+	SUDO_LIBS="${SUDO_LIBS} -lutil"
+	AC_DEFINE(HAVE_OPENPTY)
+    ], [
+	AC_CHECK_FUNCS(_getpty, [], [
+	    AC_CHECK_FUNCS(grantpt, [
+		AC_CHECK_FUNCS(posix_openpt)
+	    ], [
+		AC_CHECK_FUNCS(revoke)
+	    ])
+	])
+    ])
+])
+AC_CHECK_FUNCS(unsetenv, SUDO_FUNC_UNSETENV_VOID)
+SUDO_FUNC_PUTENV_CONST
+if test -z "$SKIP_SETRESUID"; then
+    AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
+fi
+if test -z "$SKIP_SETREUID"; then
+    AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
+fi
+if test -z "$SKIP_SETEUID"; then
+    AC_CHECK_FUNCS(seteuid)
+fi
+if test X"$with_interfaces" != X"no"; then
+    AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
+fi
+if test -z "$BROKEN_GETCWD"; then
+    AC_REPLACE_FUNCS(getcwd)
+fi
+AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h)
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <glob.h>]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB)
+    AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob)
+    AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)])
+AC_CHECK_FUNCS(lockf flock, [break])
+AC_CHECK_FUNCS(waitpid wait3, [break])
+AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
+AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
+AC_CHECK_FUNCS(killpg, [], [AC_LIBOBJ(killpg)])
+SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)])
+SUDO_FUNC_ISBLANK
+AC_REPLACE_FUNCS(memrchr strerror strcasecmp sigaction strlcpy strlcat)
+AC_CHECK_FUNCS(nanosleep, [], [
+    # On Solaris, nanosleep is in librt
+    AC_CHECK_LIB(rt, nanosleep, [LIBS="${LIBS} -lrt"], [AC_LIBOBJ(nanosleep)])
+])
+AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom)
+    AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [],
+	[ #include <limits.h>
+	  #include <fcntl.h> ])
+])
+AC_CHECK_FUNCS(mkstemps, [], [SUDO_OBJS="${SUDO_OBJS} mkstemps.o"
+    AC_CHECK_FUNCS(random lrand48, [break])
+])
+AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
+if test X"$ac_cv_type_struct_timespec" != X"no"; then
+    AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)]
+	[AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))],
+	[AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
+fi
+dnl
+dnl Check for the dirfd function/macro.  If not found, look for dd_fd in DIR.
+dnl
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+#include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+#include <$ac_header_dirent>]], [[DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);]])], [AC_DEFINE(HAVE_DD_FD)], [])])
+dnl
+dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
+dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
+dnl
+if test -n "$NEED_SNPRINTF"; then
+    AC_LIBOBJ(snprintf)
+fi
+dnl
+dnl If socket(2) not in libc, check -lsocket and -linet
+dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
+dnl In this case we look for main(), not socket() to avoid using a cached value
+dnl
+AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl)
+AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))])
+dnl
+dnl If inet_addr(3) not in libc, check -lnsl and -linet
+dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
+dnl
+AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl)
+AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))])
+dnl
+dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
+dnl
+AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))])
+dnl
+dnl Check for getprogname() or __progname
+dnl
+AC_CHECK_FUNCS(getprogname, , [
+    AC_MSG_CHECKING([for __progname])
+    AC_CACHE_VAL(sudo_cv___progname, [
+    AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
+    if test "$sudo_cv___progname" = "yes"; then
+	AC_DEFINE(HAVE___PROGNAME)
+    else
+	AC_LIBOBJ(getprogname)
+    fi
+    AC_MSG_RESULT($sudo_cv___progname)
+])
+
+dnl
+dnl Check for strsignal() or sys_siglist
+dnl
+AC_CHECK_FUNCS(strsignal, [], [
+    AC_LIBOBJ(strsignal)
+    HAVE_SIGLIST="false"
+    AC_CHECK_DECLS([sys_siglist, _sys_siglist, __sys_siglist], [
+	HAVE_SIGLIST="true"
+	break
+    ], [ ], [
+AC_INCLUDES_DEFAULT
+#include <signal.h>
+    ])
+    if test "$HAVE_SIGLIST" != "true"; then
+	AC_LIBOBJ(siglist)
+    fi
+])
+
+dnl
+dnl nsswitch.conf and its equivalents
+dnl
+if test ${with_netsvc-"no"} != "no"; then
+    SUDO_DEFINE_UNQUOTED(_PATH_NETSVC_CONF, "${with_netsvc-/etc/netsvc.conf}")
+    netsvc_conf=${with_netsvc-/etc/netsvc.conf}
+elif test ${with_nsswitch-"yes"} != "no"; then
+    SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}")
+    nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf}
+fi
+
+dnl
+dnl Mutually exclusive auth checks come first, followed by
+dnl non-exclusive ones.  Note: passwd must be last of all!
+dnl
+
+dnl
+dnl Convert default authentication methods to with_* if
+dnl no explicit authentication scheme was specified.
+dnl
+if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
+    for auth in $AUTH_EXCL_DEF; do
+	case $auth in
+	    AIX_AUTH)	with_aixauth=maybe;;
+	    BSD_AUTH)	with_bsdauth=maybe;;
+	    PAM)	with_pam=maybe;;
+	    SIA)	CHECKSIA=true;;
+	esac
+    done
+fi
+
+dnl
+dnl PAM support.  Systems that use PAM by default set with_pam=default
+dnl and we do the actual tests here.
+dnl
+if test ${with_pam-"no"} != "no"; then
+    dnl
+    dnl Some platforms need libdl for dlopen
+    dnl
+    case "$LIBS" in
+	*-ldl*)	SUDO_LIBS="${SUDO_LIBS} -lpam"
+		;;
+	*)	AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"])
+		ac_cv_lib_dl=ac_cv_lib_dl_main
+		;;
+    esac
+
+    dnl
+    dnl Some PAM implementations (MacOS X for example) put the PAM headers
+    dnl in /usr/include/pam instead of /usr/include/security...
+    dnl
+    AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break])
+    if test "$with_pam" = "yes"; then
+	AC_DEFINE(HAVE_PAM)
+	AUTH_OBJS="$AUTH_OBJS pam.o";
+	AUTH_EXCL=PAM
+
+	AC_ARG_WITH(pam-login, [AS_HELP_STRING([--with-pam-login], [enable specific PAM session for sudo -i])],
+	[case $with_pam_login in
+	    yes)	AC_DEFINE([HAVE_PAM_LOGIN])
+			AC_MSG_CHECKING(whether to use PAM login)
+			AC_MSG_RESULT(yes)
+			;;
+	    no)		;;
+	    *)		AC_MSG_ERROR(["--with-pam-login does not take an argument."])
+			;;
+	esac])
+
+	AC_MSG_CHECKING(whether to use PAM session support)
+	AC_ARG_ENABLE(pam_session,
+	[AS_HELP_STRING([--disable-pam-session], [Disable PAM session support])],
+	    [ case "$enableval" in
+		yes)	AC_MSG_RESULT(yes)
+			;;
+		no)		AC_MSG_RESULT(no)
+			    AC_DEFINE([NO_PAM_SESSION], [], [PAM session support disabled])
+			    ;;
+		*)		AC_MSG_RESULT(no)
+			    AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
+			    ;;
+	    esac], AC_MSG_RESULT(yes))
+
+	case $host in
+	    *-*-linux*|*-*-solaris*)
+		    # dgettext() may be defined to dgettext_libintl in the
+		    # header file, so first check that it links w/ additional
+		    # libs, then try with -lintl
+		    AC_LINK_IFELSE([AC_LANG_PROGRAM(
+		    [[#include <libintl.h>]], [(void)dgettext((char *)0, (char *)0);])],
+		    [AC_DEFINE(HAVE_DGETTEXT)],
+		    [AC_CHECK_LIB(intl, dgettext, [LIBS="${LIBS} -lintl"]
+			[AC_DEFINE(HAVE_DGETTEXT)])])
+		    ;;
+	esac
+    fi
+fi
+
+dnl
+dnl AIX general authentication
+dnl If set to "maybe" only enable if no other exclusive method in use.
+dnl
+if test ${with_aixauth-'no'} != "no"; then
+    if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
+	AC_MSG_NOTICE([using AIX general authentication])
+	AC_DEFINE(HAVE_AIXAUTH)
+	AUTH_OBJS="$AUTH_OBJS aix_auth.o";
+	SUDO_LIBS="${SUDO_LIBS} -ls"
+	AUTH_EXCL=AIX_AUTH
+    fi
+fi
+
+dnl
+dnl BSD authentication
+dnl If set to "maybe" only enable if no other exclusive method in use.
+dnl
+if test ${with_bsdauth-'no'} != "no"; then
+    AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
+	[AUTH_OBJS="$AUTH_OBJS bsdauth.o"]
+	[BSDAUTH_USAGE='[[-a auth_type]] ']
+	[AUTH_EXCL=BSD_AUTH; BAMAN=1],
+	[AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
+fi
+
+dnl
+dnl SIA authentication for Tru64 Unix
+dnl
+if test ${CHECKSIA-'false'} = "true"; then
+    AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
+    if test "$found" = "true"; then
+	AUTH_EXCL=SIA
+	AUTH_OBJS="$AUTH_OBJS sia.o"
+    fi
+fi
+
+dnl
+dnl extra FWTK libs + includes
+dnl
+if test ${with_fwtk-'no'} != "no"; then
+    if test "$with_fwtk" != "yes"; then
+	SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}])
+	CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
+	with_fwtk=yes
+    fi
+    SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall"
+    AUTH_OBJS="$AUTH_OBJS fwtk.o"
+fi
+
+dnl
+dnl extra SecurID lib + includes
+dnl
+if test ${with_SecurID-'no'} != "no"; then
+    if test "$with_SecurID" != "yes"; then
+	:
+    elif test -d /usr/ace/examples; then
+	with_SecurID=/usr/ace/examples
+    else
+	with_SecurID=/usr/ace
+    fi
+    CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
+    _LDFLAGS="${LDFLAGS}"
+    SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
+    #
+    # Determine whether to use the new or old SecurID API
+    #
+    AC_CHECK_LIB(aceclnt, SD_Init,
+	[
+	    AUTH_OBJS="$AUTH_OBJS securid5.o";
+	    SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"
+	]
+	[
+	    SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}])
+	], [
+	    AUTH_OBJS="$AUTH_OBJS securid.o";
+	    SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a"
+	],
+	[
+	    -lpthread
+	]
+    )
+    LDFLAGS="${_LDFLAGS}"
+fi
+
+dnl
+dnl Non-mutually exclusive auth checks come next.
+dnl Note: passwd must be last of all!
+dnl
+
+dnl
+dnl Convert default authentication methods to with_* if
+dnl no explicit authentication scheme was specified.
+dnl
+if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
+    for auth in $AUTH_DEF; do
+	case $auth in
+	    passwd)	: ${with_passwd='maybe'};;
+	esac
+    done
+fi
+
+dnl
+dnl Kerberos IV
+dnl
+if test ${with_kerb4-'no'} != "no"; then
+    AC_DEFINE(HAVE_KERB4)
+    dnl
+    dnl Use the specified directory, if any, else search for correct inc dir
+    dnl
+    O_LDFLAGS="$LDFLAGS"
+    if test "$with_kerb4" = "yes"; then
+	found=no
+	O_CPPFLAGS="$CPPFLAGS"
+	for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
+	    CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
+	    AC_PREPROC_IFELSE([#include <krb.h>], [found=yes; break])
+	done
+	test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
+    else
+	SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib])
+	SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib])
+	CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
+	AC_CHECK_HEADER([krb.h], [found=yes], [found=no])
+    fi
+    if test X"$found" = X"no"; then
+	AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
+    fi
+
+    dnl
+    dnl Check for -ldes vs. -ldes425
+    dnl
+    AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [
+	AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""])
+    ])
+    dnl
+    dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV
+    dnl
+    AC_MSG_CHECKING(whether we are using KTH Kerberos IV)
+    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]], [[const char *tmp = krb4_version;]])], [
+	    AC_MSG_RESULT(yes)
+	    K4LIBS="${K4LIBS} -lcom_err"
+	    AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"])
+	], [
+	    AC_MSG_RESULT(no)
+	]
+    )
+    dnl
+    dnl The actual Kerberos IV lib might be -lkrb or -lkrb4
+    dnl
+    AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [
+	AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"],
+	    [K4LIBS="-lkrb $K4LIBS"]
+	    [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])]
+	, [$K4LIBS])
+    ], [$K4LIBS])
+    LDFLAGS="$O_LDFLAGS"
+    SUDO_LIBS="${SUDO_LIBS} $K4LIBS"
+    AUTH_OBJS="$AUTH_OBJS kerb4.o"
+fi
+
+dnl
+dnl Kerberos V
+dnl There is an easy way and a hard way...
+dnl
+if test ${with_kerb5-'no'} != "no"; then
+    AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
+    if test -n "$KRB5CONFIG"; then
+	AC_DEFINE(HAVE_KERB5)
+	AUTH_OBJS="$AUTH_OBJS kerb5.o"
+	CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
+	SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`"
+	dnl
+	dnl Try to determine whether we have Heimdal or MIT Kerberos
+	dnl
+	AC_MSG_CHECKING(whether we are using Heimdal)
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
+		AC_MSG_RESULT(yes)
+		AC_DEFINE(HAVE_HEIMDAL)
+	    ], [
+		AC_MSG_RESULT(no)
+	    ]
+	)
+    fi
+fi
+if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then
+    AC_DEFINE(HAVE_KERB5)
+    dnl
+    dnl Use the specified directory, if any, else search for correct inc dir
+    dnl
+    if test "$with_kerb5" = "yes"; then
+	found=no
+	O_CPPFLAGS="$CPPFLAGS"
+	for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
+	    CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
+	    AC_PREPROC_IFELSE([#include <krb5.h>], [found=yes; break])
+	done
+	if test X"$found" = X"no"; then
+	    CPPFLAGS="$O_CPPFLAGS"
+	    AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
+	fi
+    else
+	dnl XXX - try to include krb5.h here too
+	SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib])
+	CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
+    fi
+
+    dnl
+    dnl Try to determine whether we have Heimdal or MIT Kerberos
+    dnl
+    AC_MSG_CHECKING(whether we are using Heimdal)
+    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
+	    AC_MSG_RESULT(yes)
+	    AC_DEFINE(HAVE_HEIMDAL)
+	    # XXX - need to check whether -lcrypo is needed!
+	    SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
+	    AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"])
+	], [
+	    AC_MSG_RESULT(no)
+	    SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
+	    AC_CHECK_LIB(krb5support, main, [SUDO_LIBS="${SUDO_LIBS} -lkrb5support"])
+    ])
+    AUTH_OBJS="$AUTH_OBJS kerb5.o"
+    _LIBS="$LIBS"
+    LIBS="${LIBS} ${SUDO_LIBS}"
+    AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
+    AC_CHECK_FUNCS(krb5_get_init_creds_opt_alloc, [
+	AC_CACHE_CHECK([whether krb5_get_init_creds_opt_free takes a context],
+	    sudo_cv_krb5_get_init_creds_opt_free_two_args, [
+	       AC_COMPILE_IFELSE(
+		   [AC_LANG_PROGRAM(
+		       [[#include <krb5.h>]],
+		       [[krb5_get_init_creds_opt_free(NULL, NULL);]]
+                   )],
+		    [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes],
+		    [sudo_cv_krb5_get_init_creds_opt_free_two_args=no]
+		)
+	    ]
+	)
+    ])
+    if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then
+  	AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS)
+    fi
+    LIBS="$_LIBS"
+fi
+
+dnl
+dnl extra AFS libs and includes
+dnl
+if test ${with_AFS-'no'} = "yes"; then
+
+    # looks like the "standard" place for AFS libs is /usr/afsws/lib
+    AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
+    for i in $AFSLIBDIRS; do
+	if test -d ${i}; then
+	    SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i])
+	    FOUND_AFSLIBDIR=true
+	fi
+    done
+    if test -z "$FOUND_AFSLIBDIR"; then
+	AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.])
+    fi
+
+    # Order is important here.  Note that we build AFS_LIBS from right to left
+    # since AFS_LIBS may be initialized with BSD compat libs that must go last
+    AFS_LIBS="-laudit ${AFS_LIBS}"
+    for i in $AFSLIBDIRS; do
+	if test -f ${i}/util.a; then
+	    AFS_LIBS="${i}/util.a ${AFS_LIBS}"
+	    FOUND_UTIL_A=true
+	    break;
+	fi
+    done
+    if test -z "$FOUND_UTIL_A"; then
+	AFS_LIBS="-lutil ${AFS_LIBS}"
+    fi
+    AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
+
+    # AFS includes may live in /usr/include on some machines...
+    for i in /usr/afsws/include; do
+	if test -d ${i}; then
+	    CPPFLAGS="${CPPFLAGS} -I${i}"
+	    FOUND_AFSINCDIR=true
+	fi
+    done
+
+    if test -z "$FOUND_AFSLIBDIR"; then
+	AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
+    fi
+
+    AUTH_OBJS="$AUTH_OBJS afs.o"
+fi
+
+dnl
+dnl extra DCE obj + lib
+dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
+dnl
+if test ${with_DCE-'no'} = "yes"; then
+    DCE_OBJS="${DCE_OBJS} dce_pwent.o"
+    SUDO_LIBS="${SUDO_LIBS} -ldce"
+    AUTH_OBJS="$AUTH_OBJS dce.o"
+fi
+
+dnl
+dnl extra S/Key lib and includes
+dnl
+if test ${with_skey-'no'} = "yes"; then
+    O_LDFLAGS="$LDFLAGS"
+    if test "$with_skey" != "yes"; then
+	CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
+	SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
+	SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib])
+	AC_PREPROC_IFELSE([#include <skey.h>], [found=yes], [found=no])
+    else
+	found=no
+	O_CPPFLAGS="$CPPFLAGS"
+	for dir in "" "/usr/local" "/usr/contrib"; do
+	    test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
+	    AC_PREPROC_IFELSE([#include <skey.h>], [found=yes; break])
+	done
+	if test "$found" = "no" -o -z "$dir"; then
+	    CPPFLAGS="$O_CPPFLAGS"
+	else
+	    SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
+	    SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
+	fi
+    fi
+    if test "$found" = "no"; then
+	AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
+    fi
+    AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])])
+    AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
+    LDFLAGS="$O_LDFLAGS"
+    SUDO_LIBS="${SUDO_LIBS} -lskey"
+    AUTH_OBJS="$AUTH_OBJS rfc1938.o"
+fi
+
+dnl
+dnl extra OPIE lib and includes
+dnl
+if test ${with_opie-'no'} = "yes"; then
+    O_LDFLAGS="$LDFLAGS"
+    if test "$with_opie" != "yes"; then
+	CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
+	SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
+	SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib])
+	AC_PREPROC_IFELSE([#include <opie.h>], [found=yes], [found=no])
+    else
+	found=no
+	O_CPPFLAGS="$CPPFLAGS"
+	for dir in "" "/usr/local" "/usr/contrib"; do
+	    test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
+	    AC_PREPROC_IFELSE([#include <opie.h>], [found=yes; break])
+	done
+	if test "$found" = "no" -o -z "$dir"; then
+	    CPPFLAGS="$O_CPPFLAGS"
+	else
+	    SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
+	    SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
+	fi
+    fi
+    if test "$found" = "no"; then
+	AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
+    fi
+    AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])])
+    LDFLAGS="$O_LDFLAGS"
+    SUDO_LIBS="${SUDO_LIBS} -lopie"
+    AUTH_OBJS="$AUTH_OBJS rfc1938.o"
+fi
+
+dnl
+dnl Check for shadow password routines if we have not already done so.
+dnl If there is a specific list of functions to check we do that first.
+dnl Otherwise, we check for SVR4-style and then SecureWare-style.
+dnl
+if test ${with_passwd-'no'} != "no"; then
+    dnl
+    dnl if crypt(3) not in libc, look elsewhere
+    dnl
+    if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then
+	AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
+    fi
+
+    if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
+	_LIBS="$LIBS"
+	LIBS="$LIBS $shadow_libs"
+	found=no
+	AC_CHECK_FUNCS($shadow_funcs, [found=yes])
+	if test "$found" = "yes"; then
+	    SUDO_LIBS="$SUDO_LIBS $shadow_libs"
+	elif test -n "$shadow_libs_optional"; then
+	    LIBS="$LIBS $shadow_libs_optional"
+	    AC_CHECK_FUNCS($shadow_funcs, [found=yes])
+	    if test "$found" = "yes"; then
+		SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional"
+	    fi
+	fi
+	if test "$found" = "yes"; then
+	    case "$shadow_funcs" in
+		*getprpwnam*) SECUREWARE=1;;
+	    esac
+	    test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
+	else
+	    LIBS="$_LIBS"
+	fi
+	CHECKSHADOW=false
+    fi
+    if test "$CHECKSHADOW" = "true"; then
+	AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
+    fi
+    if test "$CHECKSHADOW" = "true"; then
+	AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
+    fi
+    if test -n "$SECUREWARE"; then
+	AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
+	AUTH_OBJS="$AUTH_OBJS secureware.o"
+    fi
+fi
+
+dnl
+dnl extra lib and .o file for LDAP support
+dnl
+if test ${with_ldap-'no'} != "no"; then
+    _LDFLAGS="$LDFLAGS"
+    if test "$with_ldap" != "yes"; then
+	SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib])
+	SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
+	CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
+	with_ldap=yes
+    fi
+    SUDO_OBJS="${SUDO_OBJS} ldap.o"
+    LDAP=""
+
+    AC_MSG_CHECKING([for LDAP libraries])
+    LDAP_LIBS=""
+    _LIBS="$LIBS"
+    found=no
+    for l in -lldap -llber '-lssl -lcrypto'; do
+	LIBS="${LIBS} $l"
+	LDAP_LIBS="${LDAP_LIBS} $l"
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+	#include <lber.h>
+	#include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
+    done
+    dnl if nothing linked just try with -lldap
+    if test "$found" = "no"; then
+	LIBS="${_LIBS} -lldap"
+	LDAP_LIBS="-lldap"
+	AC_MSG_RESULT([not found, using -lldap])
+    else
+	AC_MSG_RESULT([$LDAP_LIBS])
+    fi
+    dnl check if we need to link with -llber for ber_set_option
+    OLIBS="$LIBS"
+    AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
+    if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
+	LDAP_LIBS="$LDAP_LIBS -llber"
+    fi
+    dnl check if ldap.h includes lber.h for us
+    AC_MSG_CHECKING([whether lber.h is needed])
+    AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+    #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
+    AC_MSG_RESULT([yes])
+    AC_DEFINE(HAVE_LBER_H)])
+
+    AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)], [break])
+    AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
+    AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_search_ext_s ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_client_init ldap_start_tls_s_np)
+
+    if test X"$check_gss_krb5_ccache_name" = X"yes"; then
+	AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,
+	    AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
+	    [LDAP_LIBS="${LDAP_LIBS} -lgssapi"],
+	    AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,
+		AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
+		[LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"])
+	)
+
+	# gssapi headers may be separate or part of Kerberos V
+	found=no
+	O_CPPFLAGS="$CPPFLAGS"
+	for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do
+	    test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
+	    AC_PREPROC_IFELSE([#include <gssapi/gssapi.h>], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([#include <gssapi.h>], [found="gssapi.h"; break])])
+	done
+	if test X"$found" != X"no"; then
+	    AC_CHECK_HEADERS([$found])
+	    if test X"$found" = X"gssapi/gssapi.h"; then
+		AC_CHECK_HEADERS([gssapi/gssapi_krb5.h])
+	    fi
+	else
+	    CPPFLAGS="$O_CPPFLAGS"
+	    AC_MSG_WARN([Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS])
+	fi
+    fi
+
+    SUDO_LIBS="${SUDO_LIBS} ${LDAP_LIBS}"
+    LIBS="$_LIBS"
+    LDFLAGS="$_LDFLAGS"
+fi
+
+dnl
+dnl Add LIBVAS_RPATH to LDFLAGS
+dnl GNU ld accepts -R/path/ as an alias for -rpath /path/
+dnl
+if test X"$LIBVAS_RPATH" != X""; then
+    if test -n "$blibpath"; then
+	blibpath_add="${blibpath_add}:$LIBVAS_RPATH"
+    else
+	case "$host" in
+	    *-*-hpux*)	LDFLAGS="$LDFLAGS -Wl,+b,$LIBVAS_RPATH"
+			;;
+	    *)		LDFLAGS="$LDFLAGS -Wl,-R$LIBVAS_RPATH"
+			;;
+	esac
+    fi
+fi
+
+dnl
+dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we
+dnl added -L dirpaths to SUDO_LDFLAGS.
+dnl
+if test -n "$blibpath"; then
+    if test -n "$blibpath_add"; then
+    	SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
+    elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
+    	SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}"
+    fi
+fi
+
+dnl
+dnl Check for log file, timestamp and iolog locations
+dnl
+SUDO_LOGFILE
+SUDO_TIMEDIR
+SUDO_IO_LOGDIR
+
+dnl
+dnl If I/O logging is enabled, build sudoreplay and exec_pty get_pty.o iolog.o
+dnl
+if test "${with_iologdir-yes}" != "no"; then
+    # Require POSIX job control for I/O log support
+    AC_CHECK_FUNCS(tcsetpgrp, [
+	SUDO_OBJS="${SUDO_OBJS} exec_pty.o get_pty.o iolog.o"
+	PROGS="$PROGS sudoreplay"
+	REPLAY=""
+
+	AC_ARG_ENABLE(zlib,
+	[AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])],
+	[ case "$enable_zlib" in
+	    yes)    AC_DEFINE(HAVE_ZLIB_H)
+		    ZLIB="-lz"
+		    ;;
+	    no)	    ;;
+	    *)	    AC_DEFINE(HAVE_ZLIB_H)
+		    CPPFLAGS="${CPPFLAGS} -I${enable_zlib}/include"
+		    SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib])
+		    ZLIB="${ZLIB} -lz"
+		    ;;
+	  esac
+	])
+	if test X"$enable_zlib" = X""; then
+	    AC_CHECK_LIB(z, gzdopen, [
+		AC_CHECK_HEADERS(zlib.h, [ZLIB="-lz"])
+	    ])
+	fi
+    ], [
+	AC_MSG_WARN([Disabling I/O log support due to lack of tcsetpgrp function])
+	with_iologdir=no
+    ])
+fi
+
+dnl
+dnl Use passwd (and secureware) auth modules?
+dnl
+case "$with_passwd" in
+yes|maybe)
+    AUTH_OBJS="$AUTH_OBJS passwd.o"
+    ;;
+*)
+    AC_DEFINE(WITHOUT_PASSWD)
+    if test -z "$AUTH_OBJS"; then
+	AC_MSG_ERROR([no authentication methods defined.])
+    fi
+    ;;
+esac
+AUTH_OBJS=${AUTH_OBJS# }
+_AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'`
+AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
+
+dnl
+dnl LIBS may contain duplicates from SUDO_LIBS or NET_LIBS so prune it.
+dnl
+if test -n "$LIBS"; then
+    L="$LIBS"
+    LIBS=
+    for l in ${L}; do
+	dupe=0
+	for sl in ${SUDO_LIBS} ${NET_LIBS}; do
+	    test $l = $sl && dupe=1
+	done
+	test $dupe = 0 && LIBS="${LIBS} $l"
+    done
+fi
+
+dnl
+dnl Set exec_prefix
+dnl
+test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
+
+dnl
+dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
+dnl XXX - this is gross!
+dnl
+if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
+    oexec_prefix="$exec_prefix"
+    if test "$exec_prefix" = '$(prefix)'; then
+	if test "$prefix" = "NONE"; then
+	    exec_prefix="$ac_default_prefix"
+	else
+	    exec_prefix="$prefix"
+	fi
+    fi
+    if test X"$with_noexec" != X"no"; then
+	PROGS="${PROGS} libsudo_noexec.la"
+	INSTALL_NOEXEC="install-noexec"
+
+	eval noexec_file="$with_noexec"
+	SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
+    fi
+    if test X"$with_selinux" != X"no"; then
+	eval sesh_file="$libexecdir/sesh"
+	SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
+    fi
+    exec_prefix="$oexec_prefix"
+fi
+
+dnl
+dnl Override default configure dirs for the Makefile
+dnl
+if test X"$prefix" = X"NONE"; then
+    test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
+else
+    test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man'
+fi
+test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
+test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
+test "$libexecdir" = '${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec'
+test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include'
+test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share'
+test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
+test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
+
+dnl
+dnl Substitute into the Makefile and man pages
+dnl
+AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudoreplay.man sudo_usage.h sudoers])
+AC_OUTPUT
+
+dnl
+dnl Spew any text the user needs to know about
+dnl
+if test "$with_pam" = "yes"; then
+    case $host in
+	*-*-linux*)
+	    AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
+	    ;;
+    esac
+fi
+
+dnl
+dnl Autoheader templates
+dnl
+AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
+AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
+AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
+AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
+AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
+AH_TEMPLATE(ENV_DEBUG, [Define to 1 to enable environment function debugging.])
+AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
+AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
+AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
+AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
+AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
+AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
+AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM audit support.])
+AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
+AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
+AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
+AH_TEMPLATE(HAVE_DGETTEXT, [Define to 1 if you have the `dgettext' function.])
+AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
+AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.])
+AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
+AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
+AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
+AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x  shadow passwords)])
+AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function.  (SecureWare-style shadow passwords)])
+AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
+AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
+AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
+AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.])
+AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
+AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if <netinet/in.h> contains struct in6_addr.])
+AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
+AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
+AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.])
+AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
+AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.])
+AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.])
+AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.])
+AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.])
+AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
+AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
+AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.])
+AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
+AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
+AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.])
+AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
+AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
+AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.])
+AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.])
+AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
+AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
+AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
+AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union])
+AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
+AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
+AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.])
+AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h])
+AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
+AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
+AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
+AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
+AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
+AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
+AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
+AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support])
+AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
+AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
+AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.])
+AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
+AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
+AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
+AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
+AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
+AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
+AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
+AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
+AH_TEMPLATE(USE_ADMIN_FLAG, [Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo.])
+AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
+AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
+AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
+AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
+AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.])
+AH_TEMPLATE(USING_NONUNIX_GROUPS, [Define to 1 if using a non-Unix group lookup implementation.])
+
+dnl
+dnl Bits to copy verbatim into config.h.in
+dnl
+AH_TOP([#ifndef _SUDO_CONFIG_H
+#define _SUDO_CONFIG_H])
+
+AH_BOTTOM([/*
+ * Macros to convert ctime and mtime into timevals.
+ */
+#define timespec2timeval(_ts, _tv) do {					\
+    (_tv)->tv_sec = (_ts)->tv_sec;					\
+    (_tv)->tv_usec = (_ts)->tv_nsec / 1000;				\
+} while (0)
+
+#ifdef HAVE_ST_MTIM
+# ifdef HAVE_ST__TIM
+#  define ctim_get(_x, _y)	timespec2timeval(&(_x)->st_ctim.st__tim, (_y))
+#  define mtim_get(_x, _y)	timespec2timeval(&(_x)->st_mtim.st__tim, (_y))
+# else
+#  define ctim_get(_x, _y)	timespec2timeval(&(_x)->st_ctim, (_y))
+#  define mtim_get(_x, _y)	timespec2timeval(&(_x)->st_mtim, (_y))
+# endif
+#else
+# ifdef HAVE_ST_MTIMESPEC
+#  define ctim_get(_x, _y)	timespec2timeval(&(_x)->st_ctimespec, (_y))
+#  define mtim_get(_x, _y)	timespec2timeval(&(_x)->st_mtimespec, (_y))
+# else
+#  define ctim_get(_x, _y)	do { (_y)->tv_sec = (_x)->st_ctime; (_y)->tv_usec = 0; } while (0)
+#  define mtim_get(_x, _y)	do { (_y)->tv_sec = (_x)->st_mtime; (_y)->tv_usec = 0; } while (0)
+# endif /* HAVE_ST_MTIMESPEC */
+#endif /* HAVE_ST_MTIM */
+
+/*
+ * Emulate a subset of waitpid() if we don't have it.
+ */
+#ifdef HAVE_WAITPID
+# define sudo_waitpid(p, s, o)	waitpid(p, s, o)
+#else
+# ifdef HAVE_WAIT3
+#  define sudo_waitpid(p, s, o)	wait3(s, o, NULL)
+# endif
+#endif
+
+/* GNU stow needs /etc/sudoers to be a symlink. */
+#ifdef USE_STOW
+# define stat_sudoers	stat
+#else
+# define stat_sudoers	lstat
+#endif
+
+/* Macros to set/clear/test flags. */
+#undef SET
+#define SET(t, f)	((t) |= (f))
+#undef CLR
+#define CLR(t, f)	((t) &= ~(f))
+#undef ISSET
+#define ISSET(t, f)     ((t) & (f))
+
+/* New ANSI-style OS defs for HP-UX and ConvexOS. */
+#if defined(hpux) && !defined(__hpux)
+# define __hpux		1
+#endif /* hpux */
+
+#if defined(convex) && !defined(__convex__)
+# define __convex__	1
+#endif /* convex */
+
+/* BSD compatibility on some SVR4 systems. */
+#ifdef __svr4__
+# define BSD_COMP
+#endif /* __svr4__ */
+
+#endif /* _SUDO_CONFIG_H */])
diff --git a/sudo-1.7.4p4/def_data.c b/sudo-1.7.4p4/def_data.c
new file mode 100644
index 0000000..fbdc0c7
--- /dev/null
+++ b/sudo-1.7.4p4/def_data.c
@@ -0,0 +1,336 @@
+static struct def_values def_data_lecture[] = {
+    { "never", never },
+    { "once", once },
+    { "always", always },
+    { NULL, 0 },
+};
+
+static struct def_values def_data_listpw[] = {
+    { "never", never },
+    { "any", any },
+    { "all", all },
+    { "always", always },
+    { NULL, 0 },
+};
+
+static struct def_values def_data_verifypw[] = {
+    { "never", never },
+    { "all", all },
+    { "any", any },
+    { "always", always },
+    { NULL, 0 },
+};
+
+struct sudo_defs_types sudo_defs_table[] = {
+    {
+	"syslog", T_LOGFAC|T_BOOL,
+	"Syslog facility if syslog is being used for logging: %s",
+	NULL,
+    }, {
+	"syslog_goodpri", T_LOGPRI,
+	"Syslog priority to use when user authenticates successfully: %s",
+	NULL,
+    }, {
+	"syslog_badpri", T_LOGPRI,
+	"Syslog priority to use when user authenticates unsuccessfully: %s",
+	NULL,
+    }, {
+	"long_otp_prompt", T_FLAG,
+	"Put OTP prompt on its own line",
+	NULL,
+    }, {
+	"ignore_dot", T_FLAG,
+	"Ignore '.' in $PATH",
+	NULL,
+    }, {
+	"mail_always", T_FLAG,
+	"Always send mail when sudo is run",
+	NULL,
+    }, {
+	"mail_badpass", T_FLAG,
+	"Send mail if user authentication fails",
+	NULL,
+    }, {
+	"mail_no_user", T_FLAG,
+	"Send mail if the user is not in sudoers",
+	NULL,
+    }, {
+	"mail_no_host", T_FLAG,
+	"Send mail if the user is not in sudoers for this host",
+	NULL,
+    }, {
+	"mail_no_perms", T_FLAG,
+	"Send mail if the user is not allowed to run a command",
+	NULL,
+    }, {
+	"tty_tickets", T_FLAG,
+	"Use a separate timestamp for each user/tty combo",
+	NULL,
+    }, {
+	"lecture", T_TUPLE|T_BOOL,
+	"Lecture user the first time they run sudo",
+	def_data_lecture,
+    }, {
+	"lecture_file", T_STR|T_PATH|T_BOOL,
+	"File containing the sudo lecture: %s",
+	NULL,
+    }, {
+	"authenticate", T_FLAG,
+	"Require users to authenticate by default",
+	NULL,
+    }, {
+	"root_sudo", T_FLAG,
+	"Root may run sudo",
+	NULL,
+    }, {
+	"log_host", T_FLAG,
+	"Log the hostname in the (non-syslog) log file",
+	NULL,
+    }, {
+	"log_year", T_FLAG,
+	"Log the year in the (non-syslog) log file",
+	NULL,
+    }, {
+	"shell_noargs", T_FLAG,
+	"If sudo is invoked with no arguments, start a shell",
+	NULL,
+    }, {
+	"set_home", T_FLAG,
+	"Set $HOME to the target user when starting a shell with -s",
+	NULL,
+    }, {
+	"always_set_home", T_FLAG,
+	"Always set $HOME to the target user's home directory",
+	NULL,
+    }, {
+	"path_info", T_FLAG,
+	"Allow some information gathering to give useful error messages",
+	NULL,
+    }, {
+	"fqdn", T_FLAG,
+	"Require fully-qualified hostnames in the sudoers file",
+	NULL,
+    }, {
+	"insults", T_FLAG,
+	"Insult the user when they enter an incorrect password",
+	NULL,
+    }, {
+	"requiretty", T_FLAG,
+	"Only allow the user to run sudo if they have a tty",
+	NULL,
+    }, {
+	"env_editor", T_FLAG,
+	"Visudo will honor the EDITOR environment variable",
+	NULL,
+    }, {
+	"rootpw", T_FLAG,
+	"Prompt for root's password, not the users's",
+	NULL,
+    }, {
+	"runaspw", T_FLAG,
+	"Prompt for the runas_default user's password, not the users's",
+	NULL,
+    }, {
+	"targetpw", T_FLAG,
+	"Prompt for the target user's password, not the users's",
+	NULL,
+    }, {
+	"use_loginclass", T_FLAG,
+	"Apply defaults in the target user's login class if there is one",
+	NULL,
+    }, {
+	"set_logname", T_FLAG,
+	"Set the LOGNAME and USER environment variables",
+	NULL,
+    }, {
+	"stay_setuid", T_FLAG,
+	"Only set the effective uid to the target user, not the real uid",
+	NULL,
+    }, {
+	"preserve_groups", T_FLAG,
+	"Don't initialize the group vector to that of the target user",
+	NULL,
+    }, {
+	"loglinelen", T_UINT|T_BOOL,
+	"Length at which to wrap log file lines (0 for no wrap): %d",
+	NULL,
+    }, {
+	"timestamp_timeout", T_FLOAT|T_BOOL,
+	"Authentication timestamp timeout: %.1f minutes",
+	NULL,
+    }, {
+	"passwd_timeout", T_FLOAT|T_BOOL,
+	"Password prompt timeout: %.1f minutes",
+	NULL,
+    }, {
+	"passwd_tries", T_UINT,
+	"Number of tries to enter a password: %d",
+	NULL,
+    }, {
+	"umask", T_MODE|T_BOOL,
+	"Umask to use or 0777 to use user's: 0%o",
+	NULL,
+    }, {
+	"logfile", T_STR|T_BOOL|T_PATH,
+	"Path to log file: %s",
+	NULL,
+    }, {
+	"mailerpath", T_STR|T_BOOL|T_PATH,
+	"Path to mail program: %s",
+	NULL,
+    }, {
+	"mailerflags", T_STR|T_BOOL,
+	"Flags for mail program: %s",
+	NULL,
+    }, {
+	"mailto", T_STR|T_BOOL,
+	"Address to send mail to: %s",
+	NULL,
+    }, {
+	"mailfrom", T_STR|T_BOOL,
+	"Address to send mail from: %s",
+	NULL,
+    }, {
+	"mailsub", T_STR,
+	"Subject line for mail messages: %s",
+	NULL,
+    }, {
+	"badpass_message", T_STR,
+	"Incorrect password message: %s",
+	NULL,
+    }, {
+	"timestampdir", T_STR|T_PATH,
+	"Path to authentication timestamp dir: %s",
+	NULL,
+    }, {
+	"timestampowner", T_STR,
+	"Owner of the authentication timestamp dir: %s",
+	NULL,
+    }, {
+	"exempt_group", T_STR|T_BOOL,
+	"Users in this group are exempt from password and PATH requirements: %s",
+	NULL,
+    }, {
+	"passprompt", T_STR,
+	"Default password prompt: %s",
+	NULL,
+    }, {
+	"passprompt_override", T_FLAG,
+	"If set, passprompt will override system prompt in all cases.",
+	NULL,
+    }, {
+	"runas_default", T_STR,
+	"Default user to run commands as: %s",
+	NULL,
+    }, {
+	"secure_path", T_STR|T_BOOL,
+	"Value to override user's $PATH with: %s",
+	NULL,
+    }, {
+	"editor", T_STR|T_PATH,
+	"Path to the editor for use by visudo: %s",
+	NULL,
+    }, {
+	"listpw", T_TUPLE|T_BOOL,
+	"When to require a password for 'list' pseudocommand: %s",
+	def_data_listpw,
+    }, {
+	"verifypw", T_TUPLE|T_BOOL,
+	"When to require a password for 'verify' pseudocommand: %s",
+	def_data_verifypw,
+    }, {
+	"noexec", T_FLAG,
+	"Preload the dummy exec functions contained in 'noexec_file'",
+	NULL,
+    }, {
+	"noexec_file", T_STR|T_PATH,
+	"File containing dummy exec functions: %s",
+	NULL,
+    }, {
+	"ignore_local_sudoers", T_FLAG,
+	"If LDAP directory is up, do we ignore local sudoers file",
+	NULL,
+    }, {
+	"closefrom", T_INT,
+	"File descriptors >= %d will be closed before executing a command",
+	NULL,
+    }, {
+	"closefrom_override", T_FLAG,
+	"If set, users may override the value of `closefrom' with the -C option",
+	NULL,
+    }, {
+	"setenv", T_FLAG,
+	"Allow users to set arbitrary environment variables",
+	NULL,
+    }, {
+	"env_reset", T_FLAG,
+	"Reset the environment to a default set of variables",
+	NULL,
+    }, {
+	"env_check", T_LIST|T_BOOL,
+	"Environment variables to check for sanity:",
+	NULL,
+    }, {
+	"env_delete", T_LIST|T_BOOL,
+	"Environment variables to remove:",
+	NULL,
+    }, {
+	"env_keep", T_LIST|T_BOOL,
+	"Environment variables to preserve:",
+	NULL,
+    }, {
+	"role", T_STR,
+	"SELinux role to use in the new security context: %s",
+	NULL,
+    }, {
+	"type", T_STR,
+	"SELinux type to use in the new security context: %s",
+	NULL,
+    }, {
+	"askpass", T_STR|T_PATH|T_BOOL,
+	"Path to the askpass helper program: %s",
+	NULL,
+    }, {
+	"env_file", T_STR|T_PATH|T_BOOL,
+	"Path to the sudo-specific environment file: %s",
+	NULL,
+    }, {
+	"sudoers_locale", T_STR,
+	"Locale to use while parsing sudoers: %s",
+	NULL,
+    }, {
+	"visiblepw", T_FLAG,
+	"Allow sudo to prompt for a password even if it would be visisble",
+	NULL,
+    }, {
+	"pwfeedback", T_FLAG,
+	"Provide visual feedback at the password prompt when there is user input",
+	NULL,
+    }, {
+	"fast_glob", T_FLAG,
+	"Use faster globbing that is less accurate but does not access the filesystem",
+	NULL,
+    }, {
+	"umask_override", T_FLAG,
+	"The umask specified in sudoers will override the user's, even if it is more permissive",
+	NULL,
+    }, {
+	"log_input", T_FLAG,
+	"Log user's input for the command being run",
+	NULL,
+    }, {
+	"log_output", T_FLAG,
+	"Log the output of the command being run",
+	NULL,
+    }, {
+	"compress_io", T_FLAG,
+	"Compress I/O logs using zlib",
+	NULL,
+    }, {
+	"use_pty", T_FLAG,
+	"Always run commands in a pseudo-tty",
+	NULL,
+    }, {
+	NULL, 0, NULL
+    }
+};
diff --git a/sudo-1.7.4p4/def_data.h b/sudo-1.7.4p4/def_data.h
new file mode 100644
index 0000000..e868d32
--- /dev/null
+++ b/sudo-1.7.4p4/def_data.h
@@ -0,0 +1,162 @@
+#define def_syslog              (sudo_defs_table[0].sd_un.ival)
+#define I_SYSLOG                0
+#define def_syslog_goodpri      (sudo_defs_table[1].sd_un.ival)
+#define I_SYSLOG_GOODPRI        1
+#define def_syslog_badpri       (sudo_defs_table[2].sd_un.ival)
+#define I_SYSLOG_BADPRI         2
+#define def_long_otp_prompt     (sudo_defs_table[3].sd_un.flag)
+#define I_LONG_OTP_PROMPT       3
+#define def_ignore_dot          (sudo_defs_table[4].sd_un.flag)
+#define I_IGNORE_DOT            4
+#define def_mail_always         (sudo_defs_table[5].sd_un.flag)
+#define I_MAIL_ALWAYS           5
+#define def_mail_badpass        (sudo_defs_table[6].sd_un.flag)
+#define I_MAIL_BADPASS          6
+#define def_mail_no_user        (sudo_defs_table[7].sd_un.flag)
+#define I_MAIL_NO_USER          7
+#define def_mail_no_host        (sudo_defs_table[8].sd_un.flag)
+#define I_MAIL_NO_HOST          8
+#define def_mail_no_perms       (sudo_defs_table[9].sd_un.flag)
+#define I_MAIL_NO_PERMS         9
+#define def_tty_tickets         (sudo_defs_table[10].sd_un.flag)
+#define I_TTY_TICKETS           10
+#define def_lecture             (sudo_defs_table[11].sd_un.tuple)
+#define I_LECTURE               11
+#define def_lecture_file        (sudo_defs_table[12].sd_un.str)
+#define I_LECTURE_FILE          12
+#define def_authenticate        (sudo_defs_table[13].sd_un.flag)
+#define I_AUTHENTICATE          13
+#define def_root_sudo           (sudo_defs_table[14].sd_un.flag)
+#define I_ROOT_SUDO             14
+#define def_log_host            (sudo_defs_table[15].sd_un.flag)
+#define I_LOG_HOST              15
+#define def_log_year            (sudo_defs_table[16].sd_un.flag)
+#define I_LOG_YEAR              16
+#define def_shell_noargs        (sudo_defs_table[17].sd_un.flag)
+#define I_SHELL_NOARGS          17
+#define def_set_home            (sudo_defs_table[18].sd_un.flag)
+#define I_SET_HOME              18
+#define def_always_set_home     (sudo_defs_table[19].sd_un.flag)
+#define I_ALWAYS_SET_HOME       19
+#define def_path_info           (sudo_defs_table[20].sd_un.flag)
+#define I_PATH_INFO             20
+#define def_fqdn                (sudo_defs_table[21].sd_un.flag)
+#define I_FQDN                  21
+#define def_insults             (sudo_defs_table[22].sd_un.flag)
+#define I_INSULTS               22
+#define def_requiretty          (sudo_defs_table[23].sd_un.flag)
+#define I_REQUIRETTY            23
+#define def_env_editor          (sudo_defs_table[24].sd_un.flag)
+#define I_ENV_EDITOR            24
+#define def_rootpw              (sudo_defs_table[25].sd_un.flag)
+#define I_ROOTPW                25
+#define def_runaspw             (sudo_defs_table[26].sd_un.flag)
+#define I_RUNASPW               26
+#define def_targetpw            (sudo_defs_table[27].sd_un.flag)
+#define I_TARGETPW              27
+#define def_use_loginclass      (sudo_defs_table[28].sd_un.flag)
+#define I_USE_LOGINCLASS        28
+#define def_set_logname         (sudo_defs_table[29].sd_un.flag)
+#define I_SET_LOGNAME           29
+#define def_stay_setuid         (sudo_defs_table[30].sd_un.flag)
+#define I_STAY_SETUID           30
+#define def_preserve_groups     (sudo_defs_table[31].sd_un.flag)
+#define I_PRESERVE_GROUPS       31
+#define def_loglinelen          (sudo_defs_table[32].sd_un.ival)
+#define I_LOGLINELEN            32
+#define def_timestamp_timeout   (sudo_defs_table[33].sd_un.fval)
+#define I_TIMESTAMP_TIMEOUT     33
+#define def_passwd_timeout      (sudo_defs_table[34].sd_un.fval)
+#define I_PASSWD_TIMEOUT        34
+#define def_passwd_tries        (sudo_defs_table[35].sd_un.ival)
+#define I_PASSWD_TRIES          35
+#define def_umask               (sudo_defs_table[36].sd_un.mode)
+#define I_UMASK                 36
+#define def_logfile             (sudo_defs_table[37].sd_un.str)
+#define I_LOGFILE               37
+#define def_mailerpath          (sudo_defs_table[38].sd_un.str)
+#define I_MAILERPATH            38
+#define def_mailerflags         (sudo_defs_table[39].sd_un.str)
+#define I_MAILERFLAGS           39
+#define def_mailto              (sudo_defs_table[40].sd_un.str)
+#define I_MAILTO                40
+#define def_mailfrom            (sudo_defs_table[41].sd_un.str)
+#define I_MAILFROM              41
+#define def_mailsub             (sudo_defs_table[42].sd_un.str)
+#define I_MAILSUB               42
+#define def_badpass_message     (sudo_defs_table[43].sd_un.str)
+#define I_BADPASS_MESSAGE       43
+#define def_timestampdir        (sudo_defs_table[44].sd_un.str)
+#define I_TIMESTAMPDIR          44
+#define def_timestampowner      (sudo_defs_table[45].sd_un.str)
+#define I_TIMESTAMPOWNER        45
+#define def_exempt_group        (sudo_defs_table[46].sd_un.str)
+#define I_EXEMPT_GROUP          46
+#define def_passprompt          (sudo_defs_table[47].sd_un.str)
+#define I_PASSPROMPT            47
+#define def_passprompt_override (sudo_defs_table[48].sd_un.flag)
+#define I_PASSPROMPT_OVERRIDE   48
+#define def_runas_default       (sudo_defs_table[49].sd_un.str)
+#define I_RUNAS_DEFAULT         49
+#define def_secure_path         (sudo_defs_table[50].sd_un.str)
+#define I_SECURE_PATH           50
+#define def_editor              (sudo_defs_table[51].sd_un.str)
+#define I_EDITOR                51
+#define def_listpw              (sudo_defs_table[52].sd_un.tuple)
+#define I_LISTPW                52
+#define def_verifypw            (sudo_defs_table[53].sd_un.tuple)
+#define I_VERIFYPW              53
+#define def_noexec              (sudo_defs_table[54].sd_un.flag)
+#define I_NOEXEC                54
+#define def_noexec_file         (sudo_defs_table[55].sd_un.str)
+#define I_NOEXEC_FILE           55
+#define def_ignore_local_sudoers (sudo_defs_table[56].sd_un.flag)
+#define I_IGNORE_LOCAL_SUDOERS  56
+#define def_closefrom           (sudo_defs_table[57].sd_un.ival)
+#define I_CLOSEFROM             57
+#define def_closefrom_override  (sudo_defs_table[58].sd_un.flag)
+#define I_CLOSEFROM_OVERRIDE    58
+#define def_setenv              (sudo_defs_table[59].sd_un.flag)
+#define I_SETENV                59
+#define def_env_reset           (sudo_defs_table[60].sd_un.flag)
+#define I_ENV_RESET             60
+#define def_env_check           (sudo_defs_table[61].sd_un.list)
+#define I_ENV_CHECK             61
+#define def_env_delete          (sudo_defs_table[62].sd_un.list)
+#define I_ENV_DELETE            62
+#define def_env_keep            (sudo_defs_table[63].sd_un.list)
+#define I_ENV_KEEP              63
+#define def_role                (sudo_defs_table[64].sd_un.str)
+#define I_ROLE                  64
+#define def_type                (sudo_defs_table[65].sd_un.str)
+#define I_TYPE                  65
+#define def_askpass             (sudo_defs_table[66].sd_un.str)
+#define I_ASKPASS               66
+#define def_env_file            (sudo_defs_table[67].sd_un.str)
+#define I_ENV_FILE              67
+#define def_sudoers_locale      (sudo_defs_table[68].sd_un.str)
+#define I_SUDOERS_LOCALE        68
+#define def_visiblepw           (sudo_defs_table[69].sd_un.flag)
+#define I_VISIBLEPW             69
+#define def_pwfeedback          (sudo_defs_table[70].sd_un.flag)
+#define I_PWFEEDBACK            70
+#define def_fast_glob           (sudo_defs_table[71].sd_un.flag)
+#define I_FAST_GLOB             71
+#define def_umask_override      (sudo_defs_table[72].sd_un.flag)
+#define I_UMASK_OVERRIDE        72
+#define def_log_input           (sudo_defs_table[73].sd_un.flag)
+#define I_LOG_INPUT             73
+#define def_log_output          (sudo_defs_table[74].sd_un.flag)
+#define I_LOG_OUTPUT            74
+#define def_compress_io         (sudo_defs_table[75].sd_un.flag)
+#define I_COMPRESS_IO           75
+#define def_use_pty             (sudo_defs_table[76].sd_un.flag)
+#define I_USE_PTY               76
+
+enum def_tupple {
+	never,
+	once,
+	always,
+	any,
+	all
+};
diff --git a/sudo-1.7.4p4/def_data.in b/sudo-1.7.4p4/def_data.in
new file mode 100644
index 0000000..d903cfa
--- /dev/null
+++ b/sudo-1.7.4p4/def_data.in
@@ -0,0 +1,246 @@
+#
+# Format:
+#
+# var_name
+#	TYPE
+#	description (or NULL)
+#	array of struct def_values if TYPE == T_TUPLE
+#
+# NOTE: for tuples that can be used in a boolean context the first
+#	value corresponds to boolean FALSE and the second to TRUE.
+#
+
+syslog
+	T_LOGFAC|T_BOOL
+	"Syslog facility if syslog is being used for logging: %s"
+syslog_goodpri
+	T_LOGPRI
+	"Syslog priority to use when user authenticates successfully: %s"
+syslog_badpri
+	T_LOGPRI
+	"Syslog priority to use when user authenticates unsuccessfully: %s"
+long_otp_prompt
+	T_FLAG
+	"Put OTP prompt on its own line"
+ignore_dot
+	T_FLAG
+	"Ignore '.' in $PATH"
+mail_always
+	T_FLAG
+	"Always send mail when sudo is run"
+mail_badpass
+	T_FLAG
+	"Send mail if user authentication fails"
+mail_no_user
+	T_FLAG
+	"Send mail if the user is not in sudoers"
+mail_no_host
+	T_FLAG
+	"Send mail if the user is not in sudoers for this host"
+mail_no_perms
+	T_FLAG
+	"Send mail if the user is not allowed to run a command"
+tty_tickets
+	T_FLAG
+	"Use a separate timestamp for each user/tty combo"
+lecture
+	T_TUPLE|T_BOOL
+	"Lecture user the first time they run sudo"
+	never once always
+lecture_file
+	T_STR|T_PATH|T_BOOL
+	"File containing the sudo lecture: %s"
+authenticate
+	T_FLAG
+	"Require users to authenticate by default"
+root_sudo
+	T_FLAG
+	"Root may run sudo"
+log_host
+	T_FLAG
+	"Log the hostname in the (non-syslog) log file"
+log_year
+	T_FLAG
+	"Log the year in the (non-syslog) log file"
+shell_noargs
+	T_FLAG
+	"If sudo is invoked with no arguments, start a shell"
+set_home
+	T_FLAG
+	"Set $HOME to the target user when starting a shell with -s"
+always_set_home
+	T_FLAG
+	"Always set $HOME to the target user's home directory"
+path_info
+	T_FLAG
+	"Allow some information gathering to give useful error messages"
+fqdn
+	T_FLAG
+	"Require fully-qualified hostnames in the sudoers file"
+insults
+	T_FLAG
+	"Insult the user when they enter an incorrect password"
+requiretty
+	T_FLAG
+	"Only allow the user to run sudo if they have a tty"
+env_editor
+	T_FLAG
+	"Visudo will honor the EDITOR environment variable"
+rootpw
+	T_FLAG
+	"Prompt for root's password, not the users's"
+runaspw
+	T_FLAG
+	"Prompt for the runas_default user's password, not the users's"
+targetpw
+	T_FLAG
+	"Prompt for the target user's password, not the users's"
+use_loginclass
+	T_FLAG
+	"Apply defaults in the target user's login class if there is one"
+set_logname
+	T_FLAG
+	"Set the LOGNAME and USER environment variables"
+stay_setuid
+	T_FLAG
+	"Only set the effective uid to the target user, not the real uid"
+preserve_groups
+	T_FLAG
+	"Don't initialize the group vector to that of the target user"
+loglinelen
+	T_UINT|T_BOOL
+	"Length at which to wrap log file lines (0 for no wrap): %d"
+timestamp_timeout
+	T_FLOAT|T_BOOL
+	"Authentication timestamp timeout: %.1f minutes"
+passwd_timeout
+	T_FLOAT|T_BOOL
+	"Password prompt timeout: %.1f minutes"
+passwd_tries
+	T_UINT
+	"Number of tries to enter a password: %d"
+umask
+	T_MODE|T_BOOL
+	"Umask to use or 0777 to use user's: 0%o"
+logfile
+	T_STR|T_BOOL|T_PATH
+	"Path to log file: %s"
+mailerpath
+	T_STR|T_BOOL|T_PATH
+	"Path to mail program: %s"
+mailerflags
+	T_STR|T_BOOL
+	"Flags for mail program: %s"
+mailto
+	T_STR|T_BOOL
+	"Address to send mail to: %s"
+mailfrom
+	T_STR|T_BOOL
+	"Address to send mail from: %s"
+mailsub
+	T_STR
+	"Subject line for mail messages: %s"
+badpass_message
+	T_STR
+	"Incorrect password message: %s"
+timestampdir
+	T_STR|T_PATH
+	"Path to authentication timestamp dir: %s"
+timestampowner
+	T_STR
+	"Owner of the authentication timestamp dir: %s"
+exempt_group
+	T_STR|T_BOOL
+	"Users in this group are exempt from password and PATH requirements: %s"
+passprompt
+	T_STR
+	"Default password prompt: %s"
+passprompt_override
+	T_FLAG
+	"If set, passprompt will override system prompt in all cases."
+runas_default
+	T_STR
+	"Default user to run commands as: %s"
+secure_path
+	T_STR|T_BOOL
+	"Value to override user's $PATH with: %s"
+editor
+	T_STR|T_PATH
+	"Path to the editor for use by visudo: %s"
+listpw
+	T_TUPLE|T_BOOL
+	"When to require a password for 'list' pseudocommand: %s"
+	never any all always
+verifypw
+	T_TUPLE|T_BOOL
+	"When to require a password for 'verify' pseudocommand: %s"
+	never all any always
+noexec
+	T_FLAG
+	"Preload the dummy exec functions contained in 'noexec_file'"
+noexec_file
+	T_STR|T_PATH
+	"File containing dummy exec functions: %s"
+ignore_local_sudoers
+	T_FLAG
+	"If LDAP directory is up, do we ignore local sudoers file"
+closefrom
+	T_INT
+	"File descriptors >= %d will be closed before executing a command"
+closefrom_override
+	T_FLAG
+	"If set, users may override the value of `closefrom' with the -C option"
+setenv
+	T_FLAG
+	"Allow users to set arbitrary environment variables"
+env_reset
+	T_FLAG
+	"Reset the environment to a default set of variables"
+env_check
+	T_LIST|T_BOOL
+	"Environment variables to check for sanity:"
+env_delete
+	T_LIST|T_BOOL
+	"Environment variables to remove:"
+env_keep
+	T_LIST|T_BOOL
+	"Environment variables to preserve:"
+role
+	T_STR
+	"SELinux role to use in the new security context: %s"
+type
+	T_STR
+	"SELinux type to use in the new security context: %s"
+askpass
+	T_STR|T_PATH|T_BOOL
+	"Path to the askpass helper program: %s"
+env_file
+	T_STR|T_PATH|T_BOOL
+	"Path to the sudo-specific environment file: %s"
+sudoers_locale
+	T_STR
+	"Locale to use while parsing sudoers: %s"
+visiblepw
+	T_FLAG
+	"Allow sudo to prompt for a password even if it would be visisble"
+pwfeedback
+	T_FLAG
+	"Provide visual feedback at the password prompt when there is user input"
+fast_glob
+	T_FLAG
+	"Use faster globbing that is less accurate but does not access the filesystem"
+umask_override
+	T_FLAG
+	"The umask specified in sudoers will override the user's, even if it is more permissive"
+log_input
+	T_FLAG
+	"Log user's input for the command being run"
+log_output
+	T_FLAG
+	"Log the output of the command being run"
+compress_io
+	T_FLAG
+	"Compress I/O logs using zlib"
+use_pty
+	T_FLAG
+	"Always run commands in a pseudo-tty"
diff --git a/sudo-1.7.4p4/defaults.c b/sudo-1.7.4p4/defaults.c
new file mode 100644
index 0000000..10757ee
--- /dev/null
+++ b/sudo-1.7.4p4/defaults.c
@@ -0,0 +1,839 @@
+/*
+ * Copyright (c) 1999-2005, 2007-2008, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+# ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <ctype.h>
+
+#include "sudo.h"
+#include "parse.h"
+#include <gram.h>
+
+/*
+ * For converting between syslog numbers and strings.
+ */
+struct strmap {
+    char *name;
+    int num;
+};
+
+#ifdef LOG_NFACILITIES
+static struct strmap facilities[] = {
+#ifdef LOG_AUTHPRIV
+	{ "authpriv",	LOG_AUTHPRIV },
+#endif
+	{ "auth",	LOG_AUTH },
+	{ "daemon",	LOG_DAEMON },
+	{ "user",	LOG_USER },
+	{ "local0",	LOG_LOCAL0 },
+	{ "local1",	LOG_LOCAL1 },
+	{ "local2",	LOG_LOCAL2 },
+	{ "local3",	LOG_LOCAL3 },
+	{ "local4",	LOG_LOCAL4 },
+	{ "local5",	LOG_LOCAL5 },
+	{ "local6",	LOG_LOCAL6 },
+	{ "local7",	LOG_LOCAL7 },
+	{ NULL,		-1 }
+};
+#endif /* LOG_NFACILITIES */
+
+static struct strmap priorities[] = {
+	{ "alert",	LOG_ALERT },
+	{ "crit",	LOG_CRIT },
+	{ "debug",	LOG_DEBUG },
+	{ "emerg",	LOG_EMERG },
+	{ "err",	LOG_ERR },
+	{ "info",	LOG_INFO },
+	{ "notice",	LOG_NOTICE },
+	{ "warning",	LOG_WARNING },
+	{ NULL,		-1 }
+};
+
+/*
+ * Local prototypes.
+ */
+static int store_int __P((char *, struct sudo_defs_types *, int));
+static int store_list __P((char *, struct sudo_defs_types *, int));
+static int store_mode __P((char *, struct sudo_defs_types *, int));
+static int store_str __P((char *, struct sudo_defs_types *, int));
+static int store_syslogfac __P((char *, struct sudo_defs_types *, int));
+static int store_syslogpri __P((char *, struct sudo_defs_types *, int));
+static int store_tuple __P((char *, struct sudo_defs_types *, int));
+static int store_uint __P((char *, struct sudo_defs_types *, int));
+static int store_float __P((char *, struct sudo_defs_types *, int));
+static void list_op __P((char *, size_t, struct sudo_defs_types *, enum list_ops));
+static const char *logfac2str __P((int));
+static const char *logpri2str __P((int));
+
+/*
+ * Table describing compile-time and run-time options.
+ */
+#include <def_data.c>
+
+/*
+ * Print version and configure info.
+ */
+void
+dump_defaults()
+{
+    struct sudo_defs_types *cur;
+    struct list_member *item;
+    struct def_values *def;
+
+    for (cur = sudo_defs_table; cur->name; cur++) {
+	if (cur->desc) {
+	    switch (cur->type & T_MASK) {
+		case T_FLAG:
+		    if (cur->sd_un.flag)
+			puts(cur->desc);
+		    break;
+		case T_STR:
+		    if (cur->sd_un.str) {
+			(void) printf(cur->desc, cur->sd_un.str);
+			putchar('\n');
+		    }
+		    break;
+		case T_LOGFAC:
+		    if (cur->sd_un.ival) {
+			(void) printf(cur->desc, logfac2str(cur->sd_un.ival));
+			putchar('\n');
+		    }
+		    break;
+		case T_LOGPRI:
+		    if (cur->sd_un.ival) {
+			(void) printf(cur->desc, logpri2str(cur->sd_un.ival));
+			putchar('\n');
+		    }
+		    break;
+		case T_UINT:
+		case T_INT:
+		    (void) printf(cur->desc, cur->sd_un.ival);
+		    putchar('\n');
+		    break;
+		case T_FLOAT:
+		    (void) printf(cur->desc, cur->sd_un.fval);
+		    putchar('\n');
+		    break;
+		case T_MODE:
+		    (void) printf(cur->desc, cur->sd_un.mode);
+		    putchar('\n');
+		    break;
+		case T_LIST:
+		    if (cur->sd_un.list) {
+			puts(cur->desc);
+			for (item = cur->sd_un.list; item; item = item->next)
+			    printf("\t%s\n", item->value);
+		    }
+		    break;
+		case T_TUPLE:
+		    for (def = cur->values; def->sval; def++) {
+			if (cur->sd_un.ival == def->ival) {
+			    (void) printf(cur->desc, def->sval);
+			    break;
+			}
+		    }
+		    putchar('\n');
+		    break;
+	    }
+	}
+    }
+}
+
+/*
+ * List each option along with its description.
+ */
+void
+list_options()
+{
+    struct sudo_defs_types *cur;
+    char *p;
+
+    (void) puts("Available options in a sudoers ``Defaults'' line:\n");
+    for (cur = sudo_defs_table; cur->name; cur++) {
+	if (cur->name && cur->desc) {
+	    switch (cur->type & T_MASK) {
+		case T_FLAG:
+		    (void) printf("%s: %s\n", cur->name, cur->desc);
+		    break;
+		default:
+		    p = strrchr(cur->desc, ':');
+		    if (p)
+			(void) printf("%s: %.*s\n", cur->name,
+			    (int) (p - cur->desc), cur->desc);
+		    else
+			(void) printf("%s: %s\n", cur->name, cur->desc);
+		    break;
+	    }
+	}
+    }
+}
+
+/*
+ * Sets/clears an entry in the defaults structure
+ * If a variable that takes a value is used in a boolean
+ * context with op == 0, disable that variable.
+ * Eg. you may want to turn off logging to a file for some hosts.
+ * This is only meaningful for variables that are *optional*.
+ */
+int
+set_default(var, val, op)
+    char *var;
+    char *val;
+    int op;     /* TRUE or FALSE */
+{
+    struct sudo_defs_types *cur;
+    int num;
+
+    for (cur = sudo_defs_table, num = 0; cur->name; cur++, num++) {
+	if (strcmp(var, cur->name) == 0)
+	    break;
+    }
+    if (!cur->name) {
+	warningx("unknown defaults entry `%s'", var);
+	return(FALSE);
+    }
+
+    switch (cur->type & T_MASK) {
+	case T_LOGFAC:
+	    if (!store_syslogfac(val, cur, op)) {
+		if (val)
+		    warningx("value `%s' is invalid for option `%s'", val, var);
+		else
+		    warningx("no value specified for `%s'", var);
+		return(FALSE);
+	    }
+	    break;
+	case T_LOGPRI:
+	    if (!store_syslogpri(val, cur, op)) {
+		if (val)
+		    warningx("value `%s' is invalid for option `%s'", val, var);
+		else
+		    warningx("no value specified for `%s'", var);
+		return(FALSE);
+	    }
+	    break;
+	case T_STR:
+	    if (!val) {
+		/* Check for bogus boolean usage or lack of a value. */
+		if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
+		    warningx("no value specified for `%s'", var);
+		    return(FALSE);
+		}
+	    }
+	    if (ISSET(cur->type, T_PATH) && val && *val != '/') {
+		warningx("values for `%s' must start with a '/'", var);
+		return(FALSE);
+	    }
+	    if (!store_str(val, cur, op)) {
+		warningx("value `%s' is invalid for option `%s'", val, var);
+		return(FALSE);
+	    }
+	    break;
+	case T_INT:
+	    if (!val) {
+		/* Check for bogus boolean usage or lack of a value. */
+		if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
+		    warningx("no value specified for `%s'", var);
+		    return(FALSE);
+		}
+	    }
+	    if (!store_int(val, cur, op)) {
+		warningx("value `%s' is invalid for option `%s'", val, var);
+		return(FALSE);
+	    }
+	    break;
+	case T_UINT:
+	    if (!val) {
+		/* Check for bogus boolean usage or lack of a value. */
+		if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
+		    warningx("no value specified for `%s'", var);
+		    return(FALSE);
+		}
+	    }
+	    if (!store_uint(val, cur, op)) {
+		warningx("value `%s' is invalid for option `%s'", val, var);
+		return(FALSE);
+	    }
+	    break;
+	case T_FLOAT:
+	    if (!val) {
+		/* Check for bogus boolean usage or lack of a value. */
+		if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
+		    warningx("no value specified for `%s'", var);
+		    return(FALSE);
+		}
+	    }
+	    if (!store_float(val, cur, op)) {
+		warningx("value `%s' is invalid for option `%s'", val, var);
+		return(FALSE);
+	    }
+	    break;
+	case T_MODE:
+	    if (!val) {
+		/* Check for bogus boolean usage or lack of a value. */
+		if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
+		    warningx("no value specified for `%s'", var);
+		    return(FALSE);
+		}
+	    }
+	    if (!store_mode(val, cur, op)) {
+		warningx("value `%s' is invalid for option `%s'", val, var);
+		return(FALSE);
+	    }
+	    break;
+	case T_FLAG:
+	    if (val) {
+		warningx("option `%s' does not take a value", var);
+		return(FALSE);
+	    }
+	    cur->sd_un.flag = op;
+	    break;
+	case T_LIST:
+	    if (!val) {
+		/* Check for bogus boolean usage or lack of a value. */
+		if (!ISSET(cur->type, T_BOOL) || op != FALSE) {
+		    warningx("no value specified for `%s'", var);
+		    return(FALSE);
+		}
+	    }
+	    if (!store_list(val, cur, op)) {
+		warningx("value `%s' is invalid for option `%s'", val, var);
+		return(FALSE);
+	    }
+	    break;
+	case T_TUPLE:
+	    if (!val && !ISSET(cur->type, T_BOOL)) {
+		warningx("no value specified for `%s'", var);
+		return(FALSE);
+	    }
+	    if (!store_tuple(val, cur, op)) {
+		warningx("value `%s' is invalid for option `%s'", val, var);
+		return(FALSE);
+	    }
+	    break;
+    }
+
+    return(TRUE);
+}
+
+/*
+ * Set default options to compiled-in values.
+ * Any of these may be overridden at runtime by a "Defaults" file.
+ */
+void
+init_defaults()
+{
+    static int firsttime = 1;
+    struct sudo_defs_types *def;
+
+    /* Clear any old settings. */
+    if (!firsttime) {
+	for (def = sudo_defs_table; def->name; def++) {
+	    switch (def->type & T_MASK) {
+		case T_STR:
+		    efree(def->sd_un.str);
+		    def->sd_un.str = NULL;
+		    break;
+		case T_LIST:
+		    list_op(NULL, 0, def, freeall);
+		    break;
+	    }
+	    zero_bytes(&def->sd_un, sizeof(def->sd_un));
+	}
+    }
+
+    /* First initialize the flags. */
+#ifdef LONG_OTP_PROMPT
+    def_long_otp_prompt = TRUE;
+#endif
+#ifdef IGNORE_DOT_PATH
+    def_ignore_dot = TRUE;
+#endif
+#ifdef ALWAYS_SEND_MAIL
+    def_mail_always = TRUE;
+#endif
+#ifdef SEND_MAIL_WHEN_NO_USER
+    def_mail_no_user = TRUE;
+#endif
+#ifdef SEND_MAIL_WHEN_NO_HOST
+    def_mail_no_host = TRUE;
+#endif
+#ifdef SEND_MAIL_WHEN_NOT_OK
+    def_mail_no_perms = TRUE;
+#endif
+#ifndef NO_TTY_TICKETS
+    def_tty_tickets = TRUE;
+#endif
+#ifndef NO_LECTURE
+    def_lecture = once;
+#endif
+#ifndef NO_AUTHENTICATION
+    def_authenticate = TRUE;
+#endif
+#ifndef NO_ROOT_SUDO
+    def_root_sudo = TRUE;
+#endif
+#ifdef HOST_IN_LOG
+    def_log_host = TRUE;
+#endif
+#ifdef SHELL_IF_NO_ARGS
+    def_shell_noargs = TRUE;
+#endif
+#ifdef SHELL_SETS_HOME
+    def_set_home = TRUE;
+#endif
+#ifndef DONT_LEAK_PATH_INFO
+    def_path_info = TRUE;
+#endif
+#ifdef FQDN
+    def_fqdn = TRUE;
+#endif
+#ifdef USE_INSULTS
+    def_insults = TRUE;
+#endif
+#ifdef ENV_EDITOR
+    def_env_editor = TRUE;
+#endif
+#ifdef _PATH_SUDO_ASKPASS
+    def_askpass = estrdup(_PATH_SUDO_ASKPASS);
+#endif
+    def_sudoers_locale = estrdup("C");
+    def_env_reset = TRUE;
+    def_set_logname = TRUE;
+    def_closefrom = STDERR_FILENO + 1;
+
+    /* Syslog options need special care since they both strings and ints */
+#if (LOGGING & SLOG_SYSLOG)
+    (void) store_syslogfac(LOGFAC, &sudo_defs_table[I_SYSLOG], TRUE);
+    (void) store_syslogpri(PRI_SUCCESS, &sudo_defs_table[I_SYSLOG_GOODPRI],
+	TRUE);
+    (void) store_syslogpri(PRI_FAILURE, &sudo_defs_table[I_SYSLOG_BADPRI],
+	TRUE);
+#endif
+
+    /* Password flags also have a string and integer component. */
+    (void) store_tuple("any", &sudo_defs_table[I_LISTPW], TRUE);
+    (void) store_tuple("all", &sudo_defs_table[I_VERIFYPW], TRUE);
+
+    /* Then initialize the int-like things. */
+#ifdef SUDO_UMASK
+    def_umask = SUDO_UMASK;
+#else
+    def_umask = 0777;
+#endif
+    def_loglinelen = MAXLOGFILELEN;
+    def_timestamp_timeout = TIMEOUT;
+    def_passwd_timeout = PASSWORD_TIMEOUT;
+    def_passwd_tries = TRIES_FOR_PASSWORD;
+#ifdef HAVE_ZLIB_H
+    def_compress_io = TRUE;
+#endif
+
+    /* Now do the strings */
+    def_mailto = estrdup(MAILTO);
+    def_mailsub = estrdup(MAILSUBJECT);
+    def_badpass_message = estrdup(INCORRECT_PASSWORD);
+    def_timestampdir = estrdup(_PATH_SUDO_TIMEDIR);
+    def_passprompt = estrdup(PASSPROMPT);
+    def_runas_default = estrdup(RUNAS_DEFAULT);
+#ifdef _PATH_SUDO_SENDMAIL
+    def_mailerpath = estrdup(_PATH_SUDO_SENDMAIL);
+    def_mailerflags = estrdup("-t");
+#endif
+#if (LOGGING & SLOG_FILE)
+    def_logfile = estrdup(_PATH_SUDO_LOGFILE);
+#endif
+#ifdef EXEMPTGROUP
+    def_exempt_group = estrdup(EXEMPTGROUP);
+#endif
+#ifdef SECURE_PATH
+    def_secure_path = estrdup(SECURE_PATH);
+#endif
+    def_editor = estrdup(EDITOR);
+#ifdef _PATH_SUDO_NOEXEC
+    def_noexec_file = estrdup(_PATH_SUDO_NOEXEC);
+#endif
+
+    /* Finally do the lists (currently just environment tables). */
+    init_envtables();
+
+    firsttime = 0;
+}
+
+/*
+ * Update the defaults based on what was set by sudoers.
+ * Pass in an OR'd list of which default types to update.
+ */
+int
+update_defaults(what)
+    int what;
+{
+    struct defaults *def;
+    int rc = TRUE;
+
+    tq_foreach_fwd(&defaults, def) {
+	switch (def->type) {
+	    case DEFAULTS:
+		if (ISSET(what, SETDEF_GENERIC) &&
+		    !set_default(def->var, def->val, def->op))
+		    rc = FALSE;
+		break;
+	    case DEFAULTS_USER:
+		if (ISSET(what, SETDEF_USER) &&
+		    userlist_matches(sudo_user.pw, &def->binding) == ALLOW &&
+		    !set_default(def->var, def->val, def->op))
+		    rc = FALSE;
+		break;
+	    case DEFAULTS_RUNAS:
+		if (ISSET(what, SETDEF_RUNAS) &&
+		    runaslist_matches(&def->binding, NULL) == ALLOW &&
+		    !set_default(def->var, def->val, def->op))
+		    rc = FALSE;
+		break;
+	    case DEFAULTS_HOST:
+		if (ISSET(what, SETDEF_HOST) &&
+		    hostlist_matches(&def->binding) == ALLOW &&
+		    !set_default(def->var, def->val, def->op))
+		    rc = FALSE;
+		break;
+	    case DEFAULTS_CMND:
+		if (ISSET(what, SETDEF_CMND) &&
+		    cmndlist_matches(&def->binding) == ALLOW &&
+		    !set_default(def->var, def->val, def->op))
+		    rc = FALSE;
+		break;
+	}
+    }
+    return(rc);
+}
+
+static int
+store_int(val, def, op)
+    char *val;
+    struct sudo_defs_types *def;
+    int op;
+{
+    char *endp;
+    long l;
+
+    if (op == FALSE) {
+	def->sd_un.ival = 0;
+    } else {
+	l = strtol(val, &endp, 10);
+	if (*endp != '\0')
+	    return(FALSE);
+	/* XXX - should check against INT_MAX */
+	def->sd_un.ival = (int)l;
+    }
+    if (def->callback)
+	return(def->callback(val));
+    return(TRUE);
+}
+
+static int
+store_uint(val, def, op)
+    char *val;
+    struct sudo_defs_types *def;
+    int op;
+{
+    char *endp;
+    long l;
+
+    if (op == FALSE) {
+	def->sd_un.ival = 0;
+    } else {
+	l = strtol(val, &endp, 10);
+	if (*endp != '\0' || l < 0)
+	    return(FALSE);
+	/* XXX - should check against INT_MAX */
+	def->sd_un.ival = (unsigned int)l;
+    }
+    if (def->callback)
+	return(def->callback(val));
+    return(TRUE);
+}
+
+static int
+store_float(val, def, op)
+    char *val;
+    struct sudo_defs_types *def;
+    int op;
+{
+    char *endp;
+    double d;
+
+    if (op == FALSE) {
+	def->sd_un.fval = 0.0;
+    } else {
+	d = strtod(val, &endp);
+	if (*endp != '\0')
+	    return(FALSE);
+	/* XXX - should check against HUGE_VAL */
+	def->sd_un.fval = d;
+    }
+    if (def->callback)
+	return(def->callback(val));
+    return(TRUE);
+}
+
+static int
+store_tuple(val, def, op)
+    char *val;
+    struct sudo_defs_types *def;
+    int op;
+{
+    struct def_values *v;
+
+    /*
+     * Since enums are really just ints we store the value as an ival.
+     * In the future, there may be multiple enums for different tuple
+     * types we want to avoid and special knowledge of the tuple type.
+     * This does assume that the first entry in the tuple enum will
+     * be the equivalent to a boolean "false".
+     */
+    if (!val) {
+	def->sd_un.ival = (op == FALSE) ? 0 : 1;
+    } else {
+	for (v = def->values; v->sval != NULL; v++) {
+	    if (strcmp(v->sval, val) == 0) {
+		def->sd_un.ival = v->ival;
+		break;
+	    }
+	}
+	if (v->sval == NULL)
+	    return(FALSE);
+    }
+    if (def->callback)
+	return(def->callback(val));
+    return(TRUE);
+}
+
+static int
+store_str(val, def, op)
+    char *val;
+    struct sudo_defs_types *def;
+    int op;
+{
+
+    efree(def->sd_un.str);
+    if (op == FALSE)
+	def->sd_un.str = NULL;
+    else
+	def->sd_un.str = estrdup(val);
+    if (def->callback)
+	return(def->callback(val));
+    return(TRUE);
+}
+
+static int
+store_list(str, def, op)
+    char *str;
+    struct sudo_defs_types *def;
+    int op;
+{
+    char *start, *end;
+
+    /* Remove all old members. */
+    if (op == FALSE || op == TRUE)
+	list_op(NULL, 0, def, freeall);
+
+    /* Split str into multiple space-separated words and act on each one. */
+    if (op != FALSE) {
+	end = str;
+	do {
+	    /* Remove leading blanks, if nothing but blanks we are done. */
+	    for (start = end; isblank(*start); start++)
+		;
+	    if (*start == '\0')
+		break;
+
+	    /* Find end position and perform operation. */
+	    for (end = start; *end && !isblank(*end); end++)
+		;
+	    list_op(start, end - start, def, op == '-' ? delete : add);
+	} while (*end++ != '\0');
+    }
+    return(TRUE);
+}
+
+static int
+store_syslogfac(val, def, op)
+    char *val;
+    struct sudo_defs_types *def;
+    int op;
+{
+    struct strmap *fac;
+
+    if (op == FALSE) {
+	def->sd_un.ival = FALSE;
+	return(TRUE);
+    }
+#ifdef LOG_NFACILITIES
+    if (!val)
+	return(FALSE);
+    for (fac = facilities; fac->name && strcmp(val, fac->name); fac++)
+	;
+    if (fac->name == NULL)
+	return(FALSE);				/* not found */
+
+    def->sd_un.ival = fac->num;
+#else
+    def->sd_un.ival = -1;
+#endif /* LOG_NFACILITIES */
+    return(TRUE);
+}
+
+static const char *
+logfac2str(n)
+    int n;
+{
+#ifdef LOG_NFACILITIES
+    struct strmap *fac;
+
+    for (fac = facilities; fac->name && fac->num != n; fac++)
+	;
+    return(fac->name);
+#else
+    return("default");
+#endif /* LOG_NFACILITIES */
+}
+
+static int
+store_syslogpri(val, def, op)
+    char *val;
+    struct sudo_defs_types *def;
+    int op;
+{
+    struct strmap *pri;
+
+    if (op == FALSE || !val)
+	return(FALSE);
+
+    for (pri = priorities; pri->name && strcmp(val, pri->name); pri++)
+	;
+    if (pri->name == NULL)
+	return(FALSE);				/* not found */
+
+    def->sd_un.ival = pri->num;
+    return(TRUE);
+}
+
+static const char *
+logpri2str(n)
+    int n;
+{
+    struct strmap *pri;
+
+    for (pri = priorities; pri->name && pri->num != n; pri++)
+	;
+    return(pri->name);
+}
+
+static int
+store_mode(val, def, op)
+    char *val;
+    struct sudo_defs_types *def;
+    int op;
+{
+    char *endp;
+    long l;
+
+    if (op == FALSE) {
+	def->sd_un.mode = (mode_t)0777;
+    } else {
+	l = strtol(val, &endp, 8);
+	if (*endp != '\0' || l < 0 || l > 0777)
+	    return(FALSE);
+	def->sd_un.mode = (mode_t)l;
+    }
+    if (def->callback)
+	return(def->callback(val));
+    return(TRUE);
+}
+
+static void
+list_op(val, len, def, op)
+    char *val;
+    size_t len;
+    struct sudo_defs_types *def;
+    enum list_ops op;
+{
+    struct list_member *cur, *prev, *tmp;
+
+    if (op == freeall) {
+	for (cur = def->sd_un.list; cur; ) {
+	    tmp = cur;
+	    cur = tmp->next;
+	    efree(tmp->value);
+	    efree(tmp);
+	}
+	def->sd_un.list = NULL;
+	return;
+    }
+
+    for (cur = def->sd_un.list, prev = NULL; cur; prev = cur, cur = cur->next) {
+	if ((strncmp(cur->value, val, len) == 0 && cur->value[len] == '\0')) {
+
+	    if (op == add)
+		return;			/* already exists */
+
+	    /* Delete node */
+	    if (prev != NULL)
+		prev->next = cur->next;
+	    else
+		def->sd_un.list = cur->next;
+	    efree(cur->value);
+	    efree(cur);
+	    break;
+	}
+    }
+
+    /* Add new node to the head of the list. */
+    if (op == add) {
+	cur = emalloc(sizeof(struct list_member));
+	cur->value = emalloc(len + 1);
+	(void) memcpy(cur->value, val, len);
+	cur->value[len] = '\0';
+	cur->next = def->sd_un.list;
+	def->sd_un.list = cur;
+    }
+}
diff --git a/sudo-1.7.4p4/defaults.h b/sudo-1.7.4p4/defaults.h
new file mode 100644
index 0000000..eb2188a
--- /dev/null
+++ b/sudo-1.7.4p4/defaults.h
@@ -0,0 +1,117 @@
+/*
+ * Copyright (c) 1999-2005, 2008, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#ifndef _SUDO_DEFAULTS_H
+#define _SUDO_DEFAULTS_H
+
+#include <def_data.h>
+
+struct list_member {
+    char *value;
+    struct list_member *next;
+};
+
+struct def_values {
+    char *sval;		/* string value */
+    int ival;		/* actually an enum */
+};
+
+enum list_ops {
+    add,
+    delete,
+    freeall
+};
+
+/*
+ * Structure describing compile-time and run-time options.
+ */
+struct sudo_defs_types {
+    char *name;
+    int type;
+    char *desc;
+    struct def_values *values;
+    int (*callback) __P((char *));
+    union {
+	int flag;
+	int ival;
+	double fval;
+	enum def_tupple tuple;
+	char *str;
+	mode_t mode;
+	struct list_member *list;
+    } sd_un;
+};
+
+/*
+ * Four types of defaults: strings, integers, and flags.
+ * Also, T_INT, T_FLOAT or T_STR may be ANDed with T_BOOL to indicate that
+ * a value is not required.  Flags are boolean by nature...
+ */
+#undef T_INT
+#define T_INT		0x001
+#undef T_UINT
+#define T_UINT		0x002
+#undef T_STR
+#define T_STR		0x003
+#undef T_FLAG
+#define T_FLAG		0x004
+#undef T_MODE
+#define T_MODE		0x005
+#undef T_LIST
+#define T_LIST		0x006
+#undef T_LOGFAC
+#define T_LOGFAC	0x007
+#undef T_LOGPRI
+#define T_LOGPRI	0x008
+#undef T_TUPLE
+#define T_TUPLE		0x009
+#undef T_FLOAT
+#define T_FLOAT		0x010
+#undef T_MASK
+#define T_MASK		0x0FF
+#undef T_BOOL
+#define T_BOOL		0x100
+#undef T_PATH
+#define T_PATH		0x200
+
+/*
+ * Argument to update_defaults()
+ */
+#define SETDEF_GENERIC	0x01
+#define	SETDEF_HOST	0x02
+#define	SETDEF_USER	0x04
+#define	SETDEF_RUNAS	0x08
+#define	SETDEF_CMND	0x10
+#define SETDEF_ALL	(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER|SETDEF_RUNAS|SETDEF_CMND)
+
+/*
+ * Prototypes
+ */
+int set_default		__P((char *, char *, int));
+int update_defaults	__P((int));
+void dump_default	__P((void));
+void dump_defaults	__P((void));
+void init_defaults	__P((void));
+void list_options	__P((void));
+
+extern struct sudo_defs_types sudo_defs_table[];
+
+#endif /* _SUDO_DEFAULTS_H */
diff --git a/sudo-1.7.4p4/emul/charclass.h b/sudo-1.7.4p4/emul/charclass.h
new file mode 100644
index 0000000..15463ff
--- /dev/null
+++ b/sudo-1.7.4p4/emul/charclass.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2008 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * POSIX character class support for fnmatch() and glob().
+ */
+static struct cclass {
+	const char *name;
+	int (*isctype) __P((int));
+} cclasses[] = {
+	{ "alnum",	isalnum },
+	{ "alpha",	isalpha },
+	{ "blank",	isblank },
+	{ "cntrl",	iscntrl },
+	{ "digit",	isdigit },
+	{ "graph",	isgraph },
+	{ "lower",	islower },
+	{ "print",	isprint },
+	{ "punct",	ispunct },
+	{ "space",	isspace },
+	{ "upper",	isupper },
+	{ "xdigit",	isxdigit },
+	{ NULL,		NULL }
+};
+
+#define NCCLASSES	(sizeof(cclasses) / sizeof(cclasses[0]) - 1)
diff --git a/sudo-1.7.4p4/emul/fnmatch.h b/sudo-1.7.4p4/emul/fnmatch.h
new file mode 100644
index 0000000..9f65bc5
--- /dev/null
+++ b/sudo-1.7.4p4/emul/fnmatch.h
@@ -0,0 +1,46 @@
+/*-
+ * Copyright (c) 1992, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)fnmatch.h	8.1 (Berkeley) 6/2/93
+ *	$OpenBSD: fnmatch.h,v 1.4 1997/09/22 05:25:32 millert Exp $
+ */
+
+#ifndef	_FNMATCH_H_
+#define	_FNMATCH_H_
+
+#define	FNM_NOMATCH	1	/* Match failed. */
+
+#define	FNM_NOESCAPE	0x01	/* Disable backslash escaping. */
+#define	FNM_PATHNAME	0x02	/* Slash must be matched by slash. */
+#define	FNM_PERIOD	0x04	/* Period must be matched by period. */
+#define	FNM_LEADING_DIR	0x08	/* Ignore /<tail> after Imatch. */
+#define	FNM_CASEFOLD	0x10	/* Case insensitive search. */
+
+int	 fnmatch __P((const char *, const char *, int));
+
+#endif /* !_FNMATCH_H_ */
diff --git a/sudo-1.7.4p4/emul/glob.h b/sudo-1.7.4p4/emul/glob.h
new file mode 100644
index 0000000..36efc00
--- /dev/null
+++ b/sudo-1.7.4p4/emul/glob.h
@@ -0,0 +1,84 @@
+/*	$OpenBSD: glob.h,v 1.8 2003/06/02 19:34:12 millert Exp $	*/
+
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)glob.h	8.1 (Berkeley) 6/2/93
+ */
+
+#ifndef _GLOB_H_
+#define	_GLOB_H_
+
+struct stat;
+typedef struct {
+	int gl_pathc;		/* Count of total paths so far. */
+	int gl_matchc;		/* Count of paths matching pattern. */
+	int gl_offs;		/* Reserved at beginning of gl_pathv. */
+	int gl_flags;		/* Copy of flags parameter to glob. */
+	char **gl_pathv;	/* List of paths matching pattern. */
+				/* Copy of errfunc parameter to glob. */
+#ifdef __STDC__
+	int (*gl_errfunc)(const char *, int);
+#else
+	int (*gl_errfunc)();
+#endif
+} glob_t;
+
+/* Flags */
+#define	GLOB_APPEND	0x0001	/* Append to output from previous call. */
+#define	GLOB_DOOFFS	0x0002	/* Use gl_offs. */
+#define	GLOB_ERR	0x0004	/* Return on error. */
+#define	GLOB_MARK	0x0008	/* Append / to matching directories. */
+#define	GLOB_NOCHECK	0x0010	/* Return pattern itself if nothing matches. */
+#define	GLOB_NOSORT	0x0020	/* Don't sort. */
+#define	GLOB_NOESCAPE	0x0040	/* Disable backslash escaping. */
+
+/* Non-POSIX extensions */
+#define	GLOB_MAGCHAR	0x0080	/* Pattern had globbing characters. */
+#define	GLOB_BRACE	0x0100	/* Expand braces ala csh. */
+#define	GLOB_TILDE	0x0200	/* Expand tilde names from the passwd file. */
+
+/* Error values returned by glob(3) */
+#define	GLOB_NOSPACE	(-1)	/* Malloc call failed. */
+#define	GLOB_ABORTED	(-2)	/* Unignored error. */
+#define	GLOB_NOMATCH	(-3)	/* No match and GLOB_NOCHECK not set. */
+#define	GLOB_NOSYS	(-4)	/* Function not supported. */
+#define GLOB_ABEND	GLOB_ABORTED
+
+#ifdef __STDC__
+int	glob(const char *, int, int (*)(const char *, int), glob_t *);
+void	globfree(glob_t *);
+#else
+int	glob();
+void	globfree();
+#endif
+
+#endif /* !_GLOB_H_ */
diff --git a/sudo-1.7.4p4/emul/timespec.h b/sudo-1.7.4p4/emul/timespec.h
new file mode 100644
index 0000000..681c523
--- /dev/null
+++ b/sudo-1.7.4p4/emul/timespec.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_TIMESPEC_H
+#define _SUDO_TIMESPEC_H
+
+struct timespec {
+    time_t	tv_sec;
+    long	tv_nsec;
+};
+
+#endif /* _SUDO_TIMESPEC_H */
diff --git a/sudo-1.7.4p4/emul/utime.h b/sudo-1.7.4p4/emul/utime.h
new file mode 100644
index 0000000..e5c63a5
--- /dev/null
+++ b/sudo-1.7.4p4/emul/utime.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 1996, 1998-2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef	_UTIME_H
+#define	_UTIME_H
+
+struct	utimbuf {
+	time_t	actime;		/* access time */
+	time_t	modtime;	/* mod time */
+};
+
+#ifdef __STDC__
+int utime(const char *, const struct utimbuf *);
+#else
+int utime();
+#endif
+
+#endif	/* _UTIME_H */
diff --git a/sudo-1.7.4p4/env.c b/sudo-1.7.4p4/env.c
new file mode 100644
index 0000000..739631f
--- /dev/null
+++ b/sudo-1.7.4p4/env.c
@@ -0,0 +1,980 @@
+/*
+ * Copyright (c) 2000-2005, 2007-2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <ctype.h>
+#include <errno.h>
+#include <pwd.h>
+
+#include "sudo.h"
+
+/*
+ * Flags used in rebuild_env()
+ */
+#undef DID_TERM
+#define DID_TERM	0x0001
+#undef DID_PATH
+#define DID_PATH	0x0002
+#undef DID_HOME
+#define DID_HOME	0x0004
+#undef DID_SHELL
+#define DID_SHELL	0x0008
+#undef DID_LOGNAME
+#define DID_LOGNAME	0x0010
+#undef DID_USER
+#define DID_USER    	0x0020
+#undef DID_USERNAME
+#define DID_USERNAME   	0x0040
+#undef DID_MAIL
+#define DID_MAIL   	0x0080
+#undef DID_MAX
+#define DID_MAX    	0x00ff
+
+#undef KEPT_TERM
+#define KEPT_TERM	0x0100
+#undef KEPT_PATH
+#define KEPT_PATH	0x0200
+#undef KEPT_HOME
+#define KEPT_HOME	0x0400
+#undef KEPT_SHELL
+#define KEPT_SHELL	0x0800
+#undef KEPT_LOGNAME
+#define KEPT_LOGNAME	0x1000
+#undef KEPT_USER
+#define KEPT_USER    	0x2000
+#undef KEPT_USERNAME
+#define KEPT_USERNAME	0x4000
+#undef KEPT_MAIL
+#define KEPT_MAIL	0x8000
+#undef KEPT_MAX
+#define KEPT_MAX    	0xff00
+
+struct environment {
+    char **envp;		/* pointer to the new environment */
+    size_t env_size;		/* size of new_environ in char **'s */
+    size_t env_len;		/* number of slots used, not counting NULL */
+    int owned;			/* do we own envp or is it the system's? */
+};
+
+/*
+ * Prototypes
+ */
+static void sudo_setenv		__P((const char *, const char *, int));
+static void sudo_putenv		__P((char *, int, int));
+
+extern char **environ;		/* global environment */
+
+/*
+ * Copy of the sudo-managed environment.
+ */
+static struct environment env;
+
+/*
+ * Default table of "bad" variables to remove from the environment.
+ * XXX - how to omit TERMCAP if it starts with '/'?
+ */
+static const char *initial_badenv_table[] = {
+    "IFS",
+    "CDPATH",
+    "LOCALDOMAIN",
+    "RES_OPTIONS",
+    "HOSTALIASES",
+    "NLSPATH",
+    "PATH_LOCALE",
+    "LD_*",
+    "_RLD*",
+#ifdef __hpux
+    "SHLIB_PATH",
+#endif /* __hpux */
+#ifdef _AIX
+    "LDR_*",
+    "LIBPATH",
+    "AUTHSTATE",
+#endif
+#ifdef __APPLE__
+    "DYLD_*",
+#endif
+#ifdef HAVE_KERB4
+    "KRB_CONF*",
+    "KRBCONFDIR",
+    "KRBTKFILE",
+#endif /* HAVE_KERB4 */
+#ifdef HAVE_KERB5
+    "KRB5_CONFIG*",
+    "KRB5_KTNAME",
+#endif /* HAVE_KERB5 */
+#ifdef HAVE_SECURID
+    "VAR_ACE",
+    "USR_ACE",
+    "DLC_ACE",
+#endif /* HAVE_SECURID */
+    "TERMINFO",			/* terminfo, exclusive path to terminfo files */
+    "TERMINFO_DIRS",		/* terminfo, path(s) to terminfo files */
+    "TERMPATH",			/* termcap, path(s) to termcap files */
+    "TERMCAP",			/* XXX - only if it starts with '/' */
+    "ENV",			/* ksh, file to source before script runs */
+    "BASH_ENV",			/* bash, file to source before script runs */
+    "PS4",			/* bash, prefix for lines in xtrace mode */
+    "GLOBIGNORE",		/* bash, globbing patterns to ignore */
+    "SHELLOPTS",		/* bash, extra command line options */
+    "JAVA_TOOL_OPTIONS",	/* java, extra command line options */
+    "PERLIO_DEBUG ",		/* perl, debugging output file */
+    "PERLLIB",			/* perl, search path for modules/includes */
+    "PERL5LIB",			/* perl 5, search path for modules/includes */
+    "PERL5OPT",			/* perl 5, extra command line options */
+    "PERL5DB",			/* perl 5, command used to load debugger */
+    "FPATH",			/* ksh, search path for functions */
+    "NULLCMD",			/* zsh, command for null file redirection */
+    "READNULLCMD",		/* zsh, command for null file redirection */
+    "ZDOTDIR",			/* zsh, search path for dot files */
+    "TMPPREFIX",		/* zsh, prefix for temporary files */
+    "PYTHONHOME",		/* python, module search path */
+    "PYTHONPATH",		/* python, search path */
+    "PYTHONINSPECT",		/* python, allow inspection */
+    "PYTHONUSERBASE",		/* python, per user site-packages directory */
+    "RUBYLIB",			/* ruby, library load path */
+    "RUBYOPT",			/* ruby, extra command line options */
+    NULL
+};
+
+/*
+ * Default table of variables to check for '%' and '/' characters.
+ */
+static const char *initial_checkenv_table[] = {
+    "COLORTERM",
+    "LANG",
+    "LANGUAGE",
+    "LC_*",
+    "LINGUAS",
+    "TERM",
+    NULL
+};
+
+/*
+ * Default table of variables to preserve in the environment.
+ */
+static const char *initial_keepenv_table[] = {
+    "COLORS",
+    "DISPLAY",
+    "HOSTNAME",
+    "KRB5CCNAME",
+    "LS_COLORS",
+    "PATH",
+    "PS1",
+    "PS2",
+    "TZ",
+    "XAUTHORITY",
+    "XAUTHORIZATION",
+    NULL
+};
+
+/*
+ * Initialize env based on envp.
+ */
+void
+env_init(lazy)
+    int lazy;
+{
+    char * const *ep;
+    size_t len;
+
+    for (ep = environ; *ep != NULL; ep++)
+	continue;
+    len = (size_t)(ep - environ);
+
+    if (lazy) {
+	/*
+	 * If we are already initialized due to lazy init (usualy via getenv())
+	 * we need to avoid calling malloc() as it may call getenv() itself.
+	 */
+	env.envp = environ;
+	env.env_len = len;
+	env.env_size = len;
+    } else if (!env.owned) {
+	env.env_len = len;
+	env.env_size = len + 1 + 128;
+	env.envp = emalloc2(env.env_size, sizeof(char *));
+#ifdef ENV_DEBUG
+	memset(env.envp, 0, env.env_size * sizeof(char *));
+#endif
+	memcpy(env.envp, environ, len * sizeof(char *));
+	env.envp[len] = '\0';
+	env.owned = TRUE;
+    }
+}
+
+char **
+env_get()
+{
+    return env.envp;
+}
+
+/*
+ * Similar to setenv(3) but operates on sudo's private copy of the environment
+ * (not environ) and it always overwrites.  The dupcheck param determines
+ * whether we need to verify that the variable is not already set.
+ */
+static void
+sudo_setenv(var, val, dupcheck)
+    const char *var;
+    const char *val;
+    int dupcheck;
+{
+    char *estring;
+    size_t esize;
+
+    esize = strlen(var) + 1 + strlen(val) + 1;
+    estring = emalloc(esize);
+
+    /* Build environment string and insert it. */
+    if (strlcpy(estring, var, esize) >= esize ||
+	strlcat(estring, "=", esize) >= esize ||
+	strlcat(estring, val, esize) >= esize) {
+
+	errorx(1, "internal error, sudo_setenv() overflow");
+    }
+    sudo_putenv(estring, dupcheck, TRUE);
+}
+
+/*
+ * Version of getenv(3) that uses our own environ pointer.
+ */
+char *
+getenv(var)
+    const char *var;
+{
+    char *cp, **ev;
+    size_t vlen = strlen(var);
+
+    if (env.envp == NULL)
+	env_init(TRUE);
+
+    for (ev = env.envp; (cp = *ev) != NULL; ev++) {
+	if (strncmp(var, cp, vlen) == 0 && cp[vlen] == '=')
+	    return cp + vlen + 1;
+    }
+    return NULL;
+}
+
+/*
+ * Version of setenv(3) that uses our own environ pointer.
+ */
+int
+setenv(var, val, overwrite)
+    const char *var;
+    const char *val;
+    int overwrite;
+{
+    char *estring, *ep;
+    const char *cp;
+    size_t esize;
+
+    if (!var || *var == '\0') {
+	errno = EINVAL;
+	return(-1);
+    }
+
+    if (env.envp == NULL)
+	env_init(TRUE);
+
+    /*
+     * POSIX says a var name with '=' is an error but BSD
+     * just ignores the '=' and anything after it.
+     */
+    for (cp = var; *cp && *cp != '='; cp++)
+	;
+    esize = (size_t)(cp - var) + 2;
+    if (val) {
+	esize += strlen(val);	/* glibc treats a NULL val as "" */
+    }
+
+    /* Allocate and fill in estring. */
+    estring = ep = emalloc(esize);
+    for (cp = var; *cp && *cp != '='; cp++)
+	*ep++ = *cp;
+    *ep++ = '=';
+    if (val) {
+	for (cp = val; *cp; cp++)
+	    *ep++ = *cp;
+    }
+    *ep = '\0';
+
+#ifdef ENV_DEBUG
+    if (env.envp[env.env_len] != NULL)
+	errorx(1, "setenv: corrupted envp, len mismatch");
+#endif
+    sudo_putenv(estring, TRUE, overwrite);
+    return(0);
+}
+
+/*
+ * Version of unsetenv(3) that uses our own environ pointer.
+ */
+#ifdef UNSETENV_VOID
+void
+#else
+int
+#endif
+unsetenv(var)
+    const char *var;
+{
+    char **ep;
+    size_t len;
+
+    if (var == NULL || *var == '\0' || strchr(var, '=') != NULL) {
+	errno = EINVAL;
+#ifdef UNSETENV_VOID
+	return;
+#else
+	return(-1);
+#endif
+    }
+
+    if (env.envp == NULL)
+	env_init(TRUE);
+
+#ifdef ENV_DEBUG
+    if (env.envp[env.env_len] != NULL)
+	errorx(1, "unsetenv: corrupted envp, len mismatch");
+#endif
+
+    len = strlen(var);
+    for (ep = env.envp; *ep != NULL;) {
+	if (strncmp(var, *ep, len) == 0 && (*ep)[len] == '=') {
+	    /* Found it; shift remainder + NULL over by one. */
+	    char **cur = ep;
+	    while ((*cur = *(cur + 1)) != NULL)
+		cur++;
+	    /* Keep going, could be multiple instances of the var. */
+	} else {
+	    ep++;
+	}
+    }
+    env.env_len = ep - env.envp;
+#ifndef UNSETENV_VOID
+    return(0);
+#endif
+}
+
+/*
+ * Version of putenv(3) that uses our own environ pointer.
+ */
+int
+#ifdef PUTENV_CONST
+putenv(const char *string)
+#else
+putenv(string)
+    char *string;
+#endif
+{
+    if (env.envp == NULL)
+	env_init(TRUE);
+
+    if (strchr(string, '=') == NULL) {
+	errno = EINVAL;
+	return(-1);
+    }
+#ifdef ENV_DEBUG
+    if (env.envp[env.env_len] != NULL)
+	errorx(1, "putenv: corrupted envp, len mismatch");
+#endif
+    sudo_putenv((char *)string, TRUE, TRUE);
+    return(0);
+}
+
+/*
+ * Similar to putenv(3) but operates on sudo's private copy of the
+ * environment (not environ) and it always overwrites.  The dupcheck param
+ * determines whether we need to verify that the variable is not already set.
+ * Will only overwrite an existing variable if overwrite is set.
+ */
+static void
+sudo_putenv(str, dupcheck, overwrite)
+    char *str;
+    int dupcheck;
+    int overwrite;
+{
+    char **ep;
+    size_t len;
+    int found = FALSE;
+
+    /* Make sure there is room for the new entry plus a NULL. */
+    if (env.env_len + 2 > env.env_size) {
+	env.env_size += 128;
+	if (env.owned) {
+	    env.envp = erealloc3(env.envp, env.env_size, sizeof(char *));
+	} else {
+	    /* We don't own env.envp, allocate a new one. */
+	    ep = emalloc2(env.env_size, sizeof(char *));
+	    memcpy(ep, env.envp, env.env_size * sizeof(char *));
+	    env.envp = ep;
+	    env.owned = TRUE;
+	}
+#ifdef ENV_DEBUG
+	memset(env.envp + env.env_len, 0,
+	    (env.env_size - env.env_len) * sizeof(char *));
+#endif
+    }
+
+#ifdef ENV_DEBUG
+    if (env.envp[env.env_len] != NULL)
+	errorx(1, "sudo_putenv: corrupted envp, len mismatch");
+#endif
+
+    if (dupcheck) {
+	len = (strchr(str, '=') - str) + 1;
+	for (ep = env.envp; !found && *ep != NULL; ep++) {
+	    if (strncmp(str, *ep, len) == 0) {
+		if (overwrite)
+		    *ep = str;
+		found = TRUE;
+	    }
+	}
+	/* Prune out duplicate variables. */
+	if (found && overwrite) {
+	    while (*ep != NULL) {
+		if (strncmp(str, *ep, len) == 0) {
+		    char **cur = ep;
+		    while ((*cur = *(cur + 1)) != NULL)
+			cur++;
+		} else {
+		    ep++;
+		}
+	    }
+	    env.env_len = ep - env.envp;
+	}
+    }
+
+    if (!found) {
+	ep = env.envp + env.env_len;
+	env.env_len++;
+	*ep++ = str;
+	*ep = NULL;
+    }
+}
+
+/*
+ * Check the env_delete blacklist.
+ * Returns TRUE if the variable was found, else false.
+ */
+static int
+matches_env_delete(var)
+    const char *var;
+{
+    struct list_member *cur;
+    size_t len;
+    int iswild, match = FALSE;
+
+    /* Skip anything listed in env_delete. */
+    for (cur = def_env_delete; cur; cur = cur->next) {
+	len = strlen(cur->value);
+	/* Deal with '*' wildcard */
+	if (cur->value[len - 1] == '*') {
+	    len--;
+	    iswild = TRUE;
+	} else
+	    iswild = FALSE;
+	if (strncmp(cur->value, var, len) == 0 &&
+	    (iswild || var[len] == '=')) {
+	    match = TRUE;
+	    break;
+	}
+    }
+    return(match);
+}
+
+/*
+ * Apply the env_check list.
+ * Returns TRUE if the variable is allowed, FALSE if denied
+ * or -1 if no match.
+ */
+static int
+matches_env_check(var)
+    const char *var;
+{
+    struct list_member *cur;
+    size_t len;
+    int iswild, keepit = -1;
+
+    for (cur = def_env_check; cur; cur = cur->next) {
+	len = strlen(cur->value);
+	/* Deal with '*' wildcard */
+	if (cur->value[len - 1] == '*') {
+	    len--;
+	    iswild = TRUE;
+	} else
+	    iswild = FALSE;
+	if (strncmp(cur->value, var, len) == 0 &&
+	    (iswild || var[len] == '=')) {
+	    keepit = !strpbrk(var, "/%");
+	    break;
+	}
+    }
+    return(keepit);
+}
+
+/*
+ * Check the env_keep list.
+ * Returns TRUE if the variable is allowed else FALSE.
+ */
+static int
+matches_env_keep(var)
+    const char *var;
+{
+    struct list_member *cur;
+    size_t len;
+    int iswild, keepit = FALSE;
+
+    for (cur = def_env_keep; cur; cur = cur->next) {
+	len = strlen(cur->value);
+	/* Deal with '*' wildcard */
+	if (cur->value[len - 1] == '*') {
+	    len--;
+	    iswild = TRUE;
+	} else
+	    iswild = FALSE;
+	if (strncmp(cur->value, var, len) == 0 &&
+	    (iswild || var[len] == '=')) {
+	    keepit = TRUE;
+	    break;
+	}
+    }
+    return(keepit);
+}
+
+/*
+ * Build a new environment and ether clear potentially dangerous
+ * variables from the old one or start with a clean slate.
+ * Also adds sudo-specific variables (SUDO_*).
+ */
+void
+rebuild_env(noexec)
+    int noexec;
+{
+    char **old_envp, **ep, *cp, *ps1;
+    char idbuf[MAX_UID_T_LEN];
+    unsigned int didvar;
+    int reset_home = FALSE;
+
+    /*
+     * Either clean out the environment or reset to a safe default.
+     */
+    ps1 = NULL;
+    didvar = 0;
+    env.env_len = 0;
+    env.env_size = 128;
+    old_envp = env.envp;
+    env.envp = emalloc2(env.env_size, sizeof(char *));
+#ifdef ENV_DEBUG
+    memset(env.envp, 0, env.env_size * sizeof(char *));
+#endif
+    if (def_env_reset || ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
+	/* Reset HOME based on target user unless keeping old value. */
+	reset_home = TRUE;
+
+	/* Pull in vars we want to keep from the old environment. */
+	for (ep = old_envp; *ep; ep++) {
+	    int keepit;
+
+	    /* Skip variables with values beginning with () (bash functions) */
+	    if ((cp = strchr(*ep, '=')) != NULL) {
+		if (strncmp(cp, "=() ", 3) == 0)
+		    continue;
+	    }
+
+	    /*
+	     * First check certain variables for '%' and '/' characters.
+	     * If no match there, check the keep list.
+	     * If nothing matched, we remove it from the environment.
+	     */
+	    keepit = matches_env_check(*ep);
+	    if (keepit == -1)
+		keepit = matches_env_keep(*ep);
+
+	    /* For SUDO_PS1 -> PS1 conversion. */
+	    if (strncmp(*ep, "SUDO_PS1=", 8) == 0)
+		ps1 = *ep + 5;
+
+	    if (keepit) {
+		/* Preserve variable. */
+		switch (**ep) {
+		    case 'H':
+			if (strncmp(*ep, "HOME=", 5) == 0)
+			    SET(didvar, DID_HOME);
+			break;
+		    case 'L':
+			if (strncmp(*ep, "LOGNAME=", 8) == 0)
+			    SET(didvar, DID_LOGNAME);
+			break;
+		    case 'M':
+			if (strncmp(*ep, "MAIL=", 5) == 0)
+			    SET(didvar, DID_MAIL);
+			break;
+		    case 'P':
+			if (strncmp(*ep, "PATH=", 5) == 0)
+			    SET(didvar, DID_PATH);
+			break;
+		    case 'S':
+			if (strncmp(*ep, "SHELL=", 6) == 0)
+			    SET(didvar, DID_SHELL);
+			break;
+		    case 'T':
+			if (strncmp(*ep, "TERM=", 5) == 0)
+			    SET(didvar, DID_TERM);
+			break;
+		    case 'U':
+			if (strncmp(*ep, "USER=", 5) == 0)
+			    SET(didvar, DID_USER);
+			if (strncmp(*ep, "USERNAME=", 5) == 0)
+			    SET(didvar, DID_USERNAME);
+			break;
+		}
+		sudo_putenv(*ep, FALSE, FALSE);
+	    }
+	}
+	didvar |= didvar << 8;		/* convert DID_* to KEPT_* */
+
+	/*
+	 * Add in defaults.  In -i mode these come from the runas user,
+	 * otherwise they may be from the user's environment (depends
+	 * on sudoers options).
+	 */
+	if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
+	    sudo_setenv("SHELL", runas_pw->pw_shell, ISSET(didvar, DID_SHELL));
+	    sudo_setenv("LOGNAME", runas_pw->pw_name,
+		ISSET(didvar, DID_LOGNAME));
+	    sudo_setenv("USER", runas_pw->pw_name, ISSET(didvar, DID_USER));
+	    sudo_setenv("USERNAME", runas_pw->pw_name,
+		ISSET(didvar, DID_USERNAME));
+	} else {
+	    if (!ISSET(didvar, DID_SHELL))
+		sudo_setenv("SHELL", sudo_user.pw->pw_shell, FALSE);
+	    if (!ISSET(didvar, DID_LOGNAME))
+		sudo_setenv("LOGNAME", user_name, FALSE);
+	    if (!ISSET(didvar, DID_USER))
+		sudo_setenv("USER", user_name, FALSE);
+	    if (!ISSET(didvar, DID_USERNAME))
+		sudo_setenv("USERNAME", user_name, FALSE);
+	}
+	/*
+	 * Set MAIL to target user in -i mode or if MAIL is not preserved
+	 * from user's environment.
+	 */
+	if (ISSET(sudo_mode, MODE_LOGIN_SHELL) || !ISSET(didvar, KEPT_MAIL)) {
+	    cp = _PATH_MAILDIR;
+	    if (cp[sizeof(_PATH_MAILDIR) - 2] == '/')
+		easprintf(&cp, "MAIL=%s%s", _PATH_MAILDIR, runas_pw->pw_name);
+	    else
+		easprintf(&cp, "MAIL=%s/%s", _PATH_MAILDIR, runas_pw->pw_name);
+	    sudo_putenv(cp, ISSET(didvar, DID_MAIL), TRUE);
+	}
+    } else {
+	/* Reset HOME based on target user if configured to. */
+	if (ISSET(sudo_mode, MODE_RUN)) {
+	    if (def_always_set_home || ISSET(sudo_mode, MODE_RESET_HOME) || 
+		(ISSET(sudo_mode, MODE_SHELL) && def_set_home))
+		reset_home = TRUE;
+	}
+
+	/*
+	 * Copy environ entries as long as they don't match env_delete or
+	 * env_check.
+	 */
+	for (ep = old_envp; *ep; ep++) {
+	    int okvar;
+
+	    /* Skip variables with values beginning with () (bash functions) */
+	    if ((cp = strchr(*ep, '=')) != NULL) {
+		if (strncmp(cp, "=() ", 3) == 0)
+		    continue;
+	    }
+
+	    /*
+	     * First check variables against the blacklist in env_delete.
+	     * If no match there check for '%' and '/' characters.
+	     */
+	    okvar = matches_env_delete(*ep) != TRUE;
+	    if (okvar)
+		okvar = matches_env_check(*ep) != FALSE;
+
+	    if (okvar) {
+		if (strncmp(*ep, "SUDO_PS1=", 9) == 0)
+		    ps1 = *ep + 5;
+		else if (strncmp(*ep, "PATH=", 5) == 0)
+		    SET(didvar, DID_PATH);
+		else if (strncmp(*ep, "TERM=", 5) == 0)
+		    SET(didvar, DID_TERM);
+		sudo_putenv(*ep, FALSE, FALSE);
+	    }
+	}
+    }
+    /* Replace the PATH envariable with a secure one? */
+    if (def_secure_path && !user_is_exempt()) {
+	sudo_setenv("PATH", def_secure_path, TRUE);
+	SET(didvar, DID_PATH);
+    }
+
+    /* Set $USER, $LOGNAME and $USERNAME to target if "set_logname" is true. */
+    if (def_set_logname && !ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
+	if (!ISSET(didvar, KEPT_LOGNAME))
+	    sudo_setenv("LOGNAME", runas_pw->pw_name, TRUE);
+	if (!ISSET(didvar, KEPT_USER))
+	    sudo_setenv("USER", runas_pw->pw_name, TRUE);
+	if (!ISSET(didvar, KEPT_USERNAME))
+	    sudo_setenv("USERNAME", runas_pw->pw_name, TRUE);
+    }
+
+    /* Set $HOME to target user if not preserving user's value. */
+    if (reset_home && !ISSET(didvar, KEPT_HOME))
+	sudo_setenv("HOME", runas_pw->pw_dir, TRUE);
+
+    /* Provide default values for $TERM and $PATH if they are not set. */
+    if (!ISSET(didvar, DID_TERM))
+	sudo_putenv("TERM=unknown", FALSE, FALSE);
+    if (!ISSET(didvar, DID_PATH))
+	sudo_setenv("PATH", _PATH_STDPATH, FALSE);
+
+    /*
+     * Preload a noexec file?  For a list of LD_PRELOAD-alikes, see
+     * http://www.fortran-2000.com/ArnaudRecipes/sharedlib.html
+     * XXX - should prepend to original value, if any
+     */
+    if (noexec && def_noexec_file != NULL) {
+#if defined(__darwin__) || defined(__APPLE__)
+	sudo_setenv("DYLD_INSERT_LIBRARIES", def_noexec_file, TRUE);
+	sudo_setenv("DYLD_FORCE_FLAT_NAMESPACE", "", TRUE);
+#else
+# if defined(__osf__) || defined(__sgi)
+	easprintf(&cp, "%s:DEFAULT", def_noexec_file);
+	sudo_setenv("_RLD_LIST", cp, TRUE);
+	efree(cp);
+# else
+#  ifdef _AIX
+	sudo_setenv("LDR_PRELOAD", def_noexec_file, TRUE);
+#  else
+	sudo_setenv("LD_PRELOAD", def_noexec_file, TRUE);
+#  endif /* _AIX */
+# endif /* __osf__ || __sgi */
+#endif /* __darwin__ || __APPLE__ */
+    }
+
+    /* Set PS1 if SUDO_PS1 is set. */
+    if (ps1 != NULL)
+	sudo_putenv(ps1, TRUE, TRUE);
+
+    /* Add the SUDO_COMMAND envariable (cmnd + args). */
+    if (user_args) {
+	easprintf(&cp, "%s %s", user_cmnd, user_args);
+	sudo_setenv("SUDO_COMMAND", cp, TRUE);
+	efree(cp);
+    } else {
+	sudo_setenv("SUDO_COMMAND", user_cmnd, TRUE);
+    }
+
+    /* Add the SUDO_USER, SUDO_UID, SUDO_GID environment variables. */
+    sudo_setenv("SUDO_USER", user_name, TRUE);
+    snprintf(idbuf, sizeof(idbuf), "%lu", (unsigned long) user_uid);
+    sudo_setenv("SUDO_UID", idbuf, TRUE);
+    snprintf(idbuf, sizeof(idbuf), "%lu", (unsigned long) user_gid);
+    sudo_setenv("SUDO_GID", idbuf, TRUE);
+
+    /* Free old environment. */
+    efree(old_envp);
+}
+
+void
+insert_env_vars(env_vars)
+    struct list_member *env_vars;
+{
+    struct list_member *cur;
+
+    /* Add user-specified environment variables. */
+    for (cur = env_vars; cur != NULL; cur = cur->next)
+	putenv(cur->value);
+}
+
+/*
+ * Validate the list of environment variables passed in on the command
+ * line against env_delete, env_check, and env_keep.
+ * Calls log_error() if any specified variables are not allowed.
+ */
+void
+validate_env_vars(env_vars)
+    struct list_member *env_vars;
+{
+    struct list_member *var;
+    char *eq, *bad = NULL;
+    size_t len, blen = 0, bsize = 0;
+    int okvar;
+
+    /* Add user-specified environment variables. */
+    for (var = env_vars; var != NULL; var = var->next) {
+	if (def_secure_path && !user_is_exempt() &&
+	    strncmp(var->value, "PATH=", 5) == 0) {
+	    okvar = FALSE;
+	} else if (def_env_reset) {
+	    okvar = matches_env_check(var->value);
+	    if (okvar == -1)
+		okvar = matches_env_keep(var->value);
+	} else {
+	    okvar = matches_env_delete(var->value) == FALSE;
+	    if (okvar == FALSE)
+		okvar = matches_env_check(var->value) != FALSE;
+	}
+	if (okvar == FALSE) {
+	    /* Not allowed, add to error string, allocating as needed. */
+	    if ((eq = strchr(var->value, '=')) != NULL)
+		*eq = '\0';
+	    len = strlen(var->value) + 2;
+	    if (blen + len >= bsize) {
+		do {
+		    bsize += 1024;
+		} while (blen + len >= bsize);
+		bad = erealloc(bad, bsize);
+		bad[blen] = '\0';
+	    }
+	    strlcat(bad, var->value, bsize);
+	    strlcat(bad, ", ", bsize);
+	    blen += len;
+	    if (eq != NULL)
+		*eq = '=';
+	}
+    }
+    if (bad != NULL) {
+	bad[blen - 2] = '\0';		/* remove trailing ", " */
+	log_error(NO_MAIL,
+	    "sorry, you are not allowed to set the following environment variables: %s", bad);
+	/* NOTREACHED */
+	efree(bad);
+    }
+}
+
+/*
+ * Read in /etc/environment ala AIX and Linux.
+ * Lines may be in either of three formats:
+ *  NAME=VALUE
+ *  NAME="VALUE"
+ *  NAME='VALUE'
+ * with an optional "export" prefix so the shell can source the file.
+ * Invalid lines, blank lines, or lines consisting solely of a comment
+ * character are skipped.
+ */
+void
+read_env_file(path, overwrite)
+    const char *path;
+    int overwrite;
+{
+    FILE *fp;
+    char *cp, *var, *val;
+    size_t var_len, val_len;
+
+    if ((fp = fopen(path, "r")) == NULL)
+	return;
+
+    while ((var = sudo_parseln(fp)) != NULL) {
+	/* Skip blank or comment lines */
+	if (*var == '\0')
+	    continue;
+
+	/* Skip optional "export " */
+	if (strncmp(var, "export", 6) == 0 && isspace((unsigned char) var[6])) {
+	    var += 7;
+	    while (isspace((unsigned char) *var)) {
+		var++;
+	    }
+	}
+
+	/* Must be of the form name=["']value['"] */
+	for (val = var; *val != '\0' && *val != '='; val++)
+	    ;
+	if (var == val || *val != '=')
+	    continue;
+	var_len = (size_t)(val - var);
+	val_len = strlen(++val);
+
+	/* Strip leading and trailing single/double quotes */
+	if ((val[0] == '\'' || val[0] == '\"') && val[0] == val[val_len - 1]) {
+	    val[val_len - 1] = '\0';
+	    val++;
+	    val_len -= 2;
+	}
+
+	cp = emalloc(var_len + 1 + val_len + 1);
+	memcpy(cp, var, var_len + 1); /* includes '=' */
+	memcpy(cp + var_len + 1, val, val_len + 1); /* includes NUL */
+
+	sudo_putenv(cp, TRUE, overwrite);
+    }
+    fclose(fp);
+}
+
+void
+init_envtables()
+{
+    struct list_member *cur;
+    const char **p;
+
+    /* Fill in the "env_delete" list. */
+    for (p = initial_badenv_table; *p; p++) {
+	cur = emalloc(sizeof(struct list_member));
+	cur->value = estrdup(*p);
+	cur->next = def_env_delete;
+	def_env_delete = cur;
+    }
+
+    /* Fill in the "env_check" list. */
+    for (p = initial_checkenv_table; *p; p++) {
+	cur = emalloc(sizeof(struct list_member));
+	cur->value = estrdup(*p);
+	cur->next = def_env_check;
+	def_env_check = cur;
+    }
+
+    /* Fill in the "env_keep" list. */
+    for (p = initial_keepenv_table; *p; p++) {
+	cur = emalloc(sizeof(struct list_member));
+	cur->value = estrdup(*p);
+	cur->next = def_env_keep;
+	def_env_keep = cur;
+    }
+}
diff --git a/sudo-1.7.4p4/error.c b/sudo-1.7.4p4/error.c
new file mode 100644
index 0000000..317f105
--- /dev/null
+++ b/sudo-1.7.4p4/error.c
@@ -0,0 +1,129 @@
+/*
+ * Copyright (c) 2004-2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <config.h>
+#include <compat.h>
+#include "error.h"
+
+static void _warning	__P((int, const char *, va_list));
+       void cleanup	__P((int));
+
+void
+#ifdef __STDC__
+error(int eval, const char *fmt, ...)
+#else
+error(eval, fmt, va_alist)
+	int eval;
+	const char *fmt;
+	va_dcl
+#endif
+{
+	va_list ap;
+#ifdef __STDC__
+	va_start(ap, fmt);
+#else
+	va_start(ap);
+#endif
+	_warning(1, fmt, ap);
+	va_end(ap);
+	cleanup(0);
+	exit(eval);
+}
+
+void
+#ifdef __STDC__
+errorx(int eval, const char *fmt, ...)
+#else
+errorx(eval, fmt, va_alist)
+	int eval;
+	const char *fmt;
+	va_dcl
+#endif
+{
+	va_list ap;
+#ifdef __STDC__
+	va_start(ap, fmt);
+#else
+	va_start(ap);
+#endif
+	_warning(0, fmt, ap);
+	va_end(ap);
+	cleanup(0);
+	exit(eval);
+}
+
+void
+#ifdef __STDC__
+warning(const char *fmt, ...)
+#else
+warning(fmt, va_alist)
+	const char *fmt;
+	va_dcl
+#endif
+{
+	va_list ap;
+#ifdef __STDC__
+	va_start(ap, fmt);
+#else
+	va_start(ap);
+#endif
+	_warning(1, fmt, ap);
+	va_end(ap);
+}
+
+void
+#ifdef __STDC__
+warningx(const char *fmt, ...)
+#else
+warningx(fmt, va_alist)
+	const char *fmt;
+	va_dcl
+#endif
+{
+	va_list ap;
+#ifdef __STDC__
+	va_start(ap, fmt);
+#else
+	va_start(ap);
+#endif
+	_warning(0, fmt, ap);
+	va_end(ap);
+}
+
+static void
+_warning(use_errno, fmt, ap)
+	int use_errno;
+	const char *fmt;
+	va_list ap;
+{
+	int serrno = errno;
+
+	fputs(getprogname(), stderr);
+	if (fmt != NULL) {
+		fputs(": ", stderr);
+		vfprintf(stderr, fmt, ap);
+	}
+	if (use_errno) {
+	    fputs(": ", stderr);
+	    fputs(strerror(serrno), stderr);
+	}
+	putc('\n', stderr);
+}
diff --git a/sudo-1.7.4p4/error.h b/sudo-1.7.4p4/error.h
new file mode 100644
index 0000000..5ac3076
--- /dev/null
+++ b/sudo-1.7.4p4/error.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2004 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_ERROR_H_
+#define	_SUDO_ERROR_H_
+
+#ifdef __STDC__
+# include <stdarg.h>
+void	error(int, const char *, ...) __attribute__((__noreturn__));
+void	errorx(int, const char *, ...) __attribute__((__noreturn__));
+void	warning(const char *, ...);
+void	warningx(const char *, ...);
+#else
+# include <varargs.h>
+void	error() __attribute__((__noreturn__));
+void	errorx() __attribute__((__noreturn__));
+void	warning();
+void	warningx();
+#endif /* __STDC__ */
+
+#endif /* _SUDO_ERROR_H_ */
diff --git a/sudo-1.7.4p4/exec.c b/sudo-1.7.4p4/exec.c
new file mode 100644
index 0000000..784f90a
--- /dev/null
+++ b/sudo-1.7.4p4/exec.c
@@ -0,0 +1,404 @@
+/*
+ * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/wait.h>
+#ifdef HAVE_TERMIOS_H
+# include <termios.h>
+#else
+# include <termio.h>
+#endif /* HAVE_TERMIOS_H */
+#include <sys/ioctl.h>
+#ifdef HAVE_SYS_SELECT_H
+# include <sys/select.h>
+#endif /* HAVE_SYS_SELECT_H */
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+#ifdef HAVE_SETLOCALE
+# include <locale.h>
+#endif
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#ifdef HAVE_SELINUX
+# include <selinux/selinux.h>
+#endif
+
+#include "sudo.h"
+#include "sudo_exec.h"
+
+/* shared with exec_pty.c */
+sig_atomic_t recvsig[NSIG];
+void handler __P((int s));
+
+/*
+ * Like execve(2) but falls back to running through /bin/sh
+ * ala execvp(3) if we get ENOEXEC.
+ */
+int
+my_execve(path, argv, envp)
+    const char *path;
+    char *argv[];
+    char *envp[];
+{
+    execve(path, argv, envp);
+    if (errno == ENOEXEC) {
+	argv--;			/* at least one extra slot... */
+	argv[0] = "sh";
+	argv[1] = (char *)path;
+	execve(_PATH_BSHELL, argv, envp);
+    }
+    return -1;
+}
+
+/*
+ * Fork and execute a command, returns the child's pid.
+ * Sends errno back on sv[1] if execve() fails.
+ */
+static int fork_cmnd(path, argv, envp, sv, rbac_enabled)
+    const char *path;
+    char *argv[];
+    char *envp[];
+    int sv[2];
+    int rbac_enabled;
+{
+    struct command_status cstat;
+    sigaction_t sa;
+    int pid;
+
+    zero_bytes(&sa, sizeof(sa));
+    sigemptyset(&sa.sa_mask);
+    sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */
+    sa.sa_handler = handler;
+    sigaction(SIGCONT, &sa, NULL);
+
+    pid = fork();
+    switch (pid) {
+    case -1:
+	error(1, "fork");
+	break;
+    case 0:
+	/* child */
+	close(sv[0]);
+	fcntl(sv[1], F_SETFD, FD_CLOEXEC);
+	if (exec_setup(rbac_enabled, user_ttypath, -1) == TRUE) {
+	    /* headed for execve() */
+	    closefrom(def_closefrom);
+#ifdef HAVE_SELINUX
+	    if (rbac_enabled)
+		selinux_execve(path, argv, envp);
+	    else
+#endif
+		my_execve(path, argv, envp);
+	}
+	cstat.type = CMD_ERRNO;
+	cstat.val = errno;
+	send(sv[1], &cstat, sizeof(cstat), 0);
+	_exit(1);
+    }
+    return pid;
+}
+
+/*
+ * Execute a command, potentially in a pty with I/O loggging.
+ * This is a little bit tricky due to how POSIX job control works and
+ * we fact that we have two different controlling terminals to deal with.
+ */
+int
+sudo_execve(path, argv, envp, uid, cstat, dowait, bgmode)
+    const char *path;
+    char *argv[];
+    char *envp[];
+    uid_t uid;
+    struct command_status *cstat;
+    int dowait;
+    int bgmode;
+{
+    sigaction_t sa;
+    fd_set *fdsr, *fdsw;
+    int maxfd, n, nready, status, sv[2];
+    int rbac_enabled = 0;
+    int log_io;
+    pid_t child;
+
+    /* If running in background mode, fork and exit. */
+    if (bgmode) {
+	switch (fork()) {
+	    case -1:
+		cstat->type = CMD_ERRNO;
+		cstat->val = errno;
+		return -1;
+	    case 0:
+		/* child continues */   
+		break;
+	    default:
+		/* parent exits */
+		exit(0);
+	}
+    }
+
+#ifdef _PATH_SUDO_IO_LOGDIR
+    log_io = def_log_output || def_log_input || def_use_pty;
+    if (log_io) {
+	if (!bgmode)
+	    pty_setup(uid);
+	io_log_open();
+	dowait = TRUE;
+    }
+#endif /* _PATH_SUDO_IO_LOGDIR */
+
+#ifdef HAVE_SELINUX
+    rbac_enabled = is_selinux_enabled() > 0 && user_role != NULL;
+    if (rbac_enabled)
+	dowait = TRUE;
+#endif
+
+    /*
+     * If we don't need to wait for the command to finish, just exec it.
+     */
+    if (!dowait) {
+	exec_setup(FALSE, NULL, -1);
+	closefrom(def_closefrom);
+	my_execve(path, argv, envp);
+	cstat->type = CMD_ERRNO;
+	cstat->val = errno;
+	return(127);
+    }
+
+    /*
+     * We communicate with the child over a bi-directional pair of sockets.
+     * Parent sends signal info to child and child sends back wait status.
+     */
+    if (socketpair(PF_UNIX, SOCK_DGRAM, 0, sv) != 0)
+	error(1, "cannot create sockets");
+
+    zero_bytes(&sa, sizeof(sa));
+    sigemptyset(&sa.sa_mask);
+
+    /* Note: HP-UX select() will not be interrupted if SA_RESTART set */
+    sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */
+    sa.sa_handler = handler;
+    sigaction(SIGCHLD, &sa, NULL);
+    sigaction(SIGHUP, &sa, NULL);
+    sigaction(SIGINT, &sa, NULL);
+    sigaction(SIGPIPE, &sa, NULL);
+    sigaction(SIGQUIT, &sa, NULL);
+    sigaction(SIGTERM, &sa, NULL);
+
+    /* Max fd we will be selecting on. */
+    maxfd = sv[0];
+
+    /*
+     * Child will run the command in the pty, parent will pass data
+     * to and from pty.  Adjusts maxfd as needed.
+     */
+#ifdef _PATH_SUDO_IO_LOGDIR
+    if (log_io)
+	child = fork_pty(path, argv, envp, sv, rbac_enabled, &maxfd);
+    else
+#endif
+	child = fork_cmnd(path, argv, envp, sv, rbac_enabled);
+    close(sv[1]);
+
+#ifdef HAVE_SETLOCALE
+    /*
+     * I/O logging must be in the C locale for floating point numbers
+     * to be logged consistently.
+     */
+    setlocale(LC_ALL, "C");
+#endif
+
+    /*
+     * In the event loop we pass input from user tty to master
+     * and pass output from master to stdout and IO plugin.
+     */
+    fdsr = (fd_set *)emalloc2(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask));
+    fdsw = (fd_set *)emalloc2(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask));
+    for (;;) {
+	if (recvsig[SIGCHLD]) {
+	    pid_t pid;
+
+	    /*
+	     * If logging I/O, child is the intermediate process,
+	     * otherwise it is the command itself.
+	     */
+	    recvsig[SIGCHLD] = FALSE;
+	    do {
+#ifdef sudo_waitpid
+		pid = sudo_waitpid(child, &status, WUNTRACED|WNOHANG);
+#else
+		pid = wait(&status);
+#endif
+	    } while (pid == -1 && errno == EINTR);
+	    if (pid == child) {
+		/* If not logging I/O and child has exited we are done. */
+		if (!log_io) {
+		    if (WIFSTOPPED(status)) {
+			/* Child may not have privs to suspend us itself. */
+			kill(getpid(), WSTOPSIG(status));
+		    } else {
+			/* Child has exited, we are done. */
+			cstat->type = CMD_WSTATUS;
+			cstat->val = status;
+			return 0;
+		    }
+		}
+		/* Else we get ECONNRESET on sv[0] if child dies. */
+	    }
+	}
+
+	zero_bytes(fdsw, howmany(maxfd + 1, NFDBITS) * sizeof(fd_mask));
+	zero_bytes(fdsr, howmany(maxfd + 1, NFDBITS) * sizeof(fd_mask));
+
+	FD_SET(sv[0], fdsr);
+#ifdef _PATH_SUDO_IO_LOGDIR
+	if (log_io)
+	    fd_set_iobs(fdsr, fdsw); /* XXX - better name */
+#endif
+	for (n = 0; n < NSIG; n++) {
+	    if (recvsig[n] && n != SIGCHLD) {
+		if (log_io) {
+		    FD_SET(sv[0], fdsw);
+		    break;
+		} else {
+		    /* nothing listening on sv[0], send directly */
+		    kill(child, n);
+		}
+	    }
+	}
+
+	if (recvsig[SIGCHLD])
+	    continue;
+	nready = select(maxfd + 1, fdsr, fdsw, NULL, NULL);
+	if (nready == -1) {
+	    if (errno == EINTR)
+		continue;
+	    error(1, "select failed");
+	}
+	if (FD_ISSET(sv[0], fdsr)) {
+	    /* read child status */
+	    n = recv(sv[0], cstat, sizeof(*cstat), 0);
+	    if (n == -1) {
+		if (errno == EINTR)
+		    continue;
+		/*
+		 * If not logging I/O we will receive ECONNRESET when
+		 * the command is executed.  It is safe to ignore this.
+		 */
+		if (log_io && errno != EAGAIN) {
+		    cstat->type = CMD_ERRNO;
+		    cstat->val = errno;
+		    break;
+		}
+	    }
+#ifdef _PATH_SUDO_IO_LOGDIR /* XXX */
+	    if (cstat->type == CMD_WSTATUS) {
+		if (WIFSTOPPED(cstat->val)) {
+		    /* Suspend parent and tell child how to resume on return. */
+		    n = suspend_parent(WSTOPSIG(cstat->val));
+		    recvsig[n] = TRUE;
+		    continue;
+		} else {
+		    /* Child exited or was killed, either way we are done. */
+		    break;
+		}
+	    } else
+#endif /* _PATH_SUDO_IO_LOGDIR */
+	    if (cstat->type == CMD_ERRNO) {
+		/* Child was unable to execute command or broken pipe. */
+		break;
+	    }
+	}
+
+#ifdef _PATH_SUDO_IO_LOGDIR
+	/* XXX - move this too */
+	if (FD_ISSET(sv[0], fdsw)) {
+	    for (n = 0; n < NSIG; n++) {
+		if (!recvsig[n])
+		    continue;
+		recvsig[n] = FALSE;
+		cstat->type = CMD_SIGNO;
+		cstat->val = n;
+		do {
+		    n = send(sv[0], cstat, sizeof(*cstat), 0);
+		} while (n == -1 && errno == EINTR);
+		if (n != sizeof(*cstat)) {
+		    recvsig[n] = TRUE;
+		    break;
+		}
+	    }
+	}
+	if (perform_io(fdsr, fdsw, cstat) != 0)
+	    break;
+#endif /* _PATH_SUDO_IO_LOGDIR */
+    }
+
+#ifdef _PATH_SUDO_IO_LOGDIR
+    if (log_io) {
+	/* Flush any remaining output and free pty-related memory. */
+	pty_close(cstat);
+    }
+#endif /* _PATH_SUDO_IO_LOGDIR */
+
+#ifdef HAVE_SELINUX
+    if (rbac_enabled) {
+	/* This is probably not needed in log_io mode. */
+	if (selinux_restore_tty() != 0)
+	    warningx("unable to restore tty label");
+    }
+#endif
+
+    efree(fdsr);
+    efree(fdsw);
+
+    return cstat->type == CMD_ERRNO ? -1 : 0;
+}
+
+/*
+ * Generic handler for signals passed from parent -> child.
+ * The recvsig[] array is checked in the main event loop.
+ */
+void
+handler(s)
+    int s;
+{
+    recvsig[s] = TRUE;
+}
diff --git a/sudo-1.7.4p4/exec_pty.c b/sudo-1.7.4p4/exec_pty.c
new file mode 100644
index 0000000..2d6b0e8
--- /dev/null
+++ b/sudo-1.7.4p4/exec_pty.c
@@ -0,0 +1,1057 @@
+/*
+ * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#include <sys/wait.h>
+#ifdef HAVE_TERMIOS_H
+# include <termios.h>
+#else
+# include <termio.h>
+#endif /* HAVE_TERMIOS_H */
+#include <sys/ioctl.h>
+#ifdef HAVE_SYS_SELECT_H
+# include <sys/select.h>
+#endif /* HAVE_SYS_SELECT_H */
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+#  include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+
+#include "sudo.h"
+#include "sudo_exec.h"
+
+#define SFD_STDIN	0
+#define SFD_STDOUT	1
+#define SFD_STDERR	2
+#define SFD_MASTER	3
+#define SFD_SLAVE	4
+#define SFD_USERTTY	5
+
+#define TERM_COOKED	0
+#define TERM_RAW	1
+
+/* Compatibility with older tty systems. */
+#if !defined(TIOCGSIZE) && defined(TIOCGWINSZ)
+# define TIOCGSIZE	TIOCGWINSZ
+# define TIOCSSIZE	TIOCSWINSZ
+# define ttysize	winsize
+# define ts_cols	ws_col
+#endif
+
+struct io_buffer {
+    struct io_buffer *next;
+    int len; /* buffer length (how much produced) */
+    int off; /* write position (how much already consumed) */
+    int rfd;  /* reader (producer) */
+    int wfd; /* writer (consumer) */
+    int (*action) __P((const char *buf, unsigned int len));
+    char buf[16 * 1024];
+};
+
+static char slavename[PATH_MAX];
+static int foreground;
+static int io_fds[6] = { -1, -1, -1, -1, -1, -1};
+static int pipeline = FALSE;
+static int tty_initialized;
+static int ttymode = TERM_COOKED;
+static pid_t ppgrp, child;
+static struct io_buffer *iobufs;
+
+static void flush_output __P((void));
+static int exec_monitor __P((const char *path, char *argv[],
+    char *envp[], int, int));
+static void exec_pty __P((const char *path, char *argv[],
+    char *envp[], int));
+static void sigwinch __P((int s));
+static void sync_ttysize __P((int src, int dst));
+static void deliver_signal __P((pid_t pid, int signo));
+static int safe_close __P((int fd));
+
+/*
+ * Allocate a pty if /dev/tty is a tty.
+ * Fills in io_fds[SFD_USERTTY], io_fds[SFD_MASTER], io_fds[SFD_SLAVE]
+ * and slavename globals.
+ */
+void
+pty_setup(uid)
+    uid_t uid;
+{
+    io_fds[SFD_USERTTY] = open(_PATH_TTY, O_RDWR|O_NOCTTY, 0);
+    if (io_fds[SFD_USERTTY] != -1) {
+	if (!get_pty(&io_fds[SFD_MASTER], &io_fds[SFD_SLAVE],
+	    slavename, sizeof(slavename), uid))
+	    error(1, "Can't get pty");
+    }
+}
+
+/*
+ * Check whether we are running in the foregroup.
+ * Updates the foreground global and does lazy init of the
+ * the pty slave as needed.
+ */
+static void
+check_foreground()
+{
+    if (io_fds[SFD_USERTTY] != -1) {
+	foreground = tcgetpgrp(io_fds[SFD_USERTTY]) == ppgrp;
+	if (foreground && !tty_initialized) {
+	    if (term_copy(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE])) {
+		tty_initialized = 1;
+		sync_ttysize(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE]);
+	    }
+	}
+    }
+}
+
+/*
+ * Suspend sudo if the underlying command is suspended.
+ * Returns SIGUSR1 if the child should be resume in foreground else SIGUSR2.
+ */
+int
+suspend_parent(signo)
+    int signo;
+{
+    sigaction_t sa, osa;
+    int n, oldmode = ttymode, rval = 0;
+
+    switch (signo) {
+    case SIGTTOU:
+    case SIGTTIN:
+	/*
+	 * If we are the foreground process, just resume the child.
+	 * Otherwise, re-send the signal with the handler disabled.
+	 */
+	if (!foreground)
+	    check_foreground();
+	if (foreground) {
+	    if (ttymode != TERM_RAW) {
+		do {
+		    n = term_raw(io_fds[SFD_USERTTY], 0);
+		} while (!n && errno == EINTR);
+		ttymode = TERM_RAW;
+	    }
+	    rval = SIGUSR1; /* resume child in foreground */
+	    break;
+	}
+	ttymode = TERM_RAW;
+	/* FALLTHROUGH */
+    case SIGSTOP:
+    case SIGTSTP:
+	/* Flush any remaining output before suspending. */
+	flush_output();
+
+	/* Restore original tty mode before suspending. */
+	if (oldmode != TERM_COOKED) {
+	    do {
+		n = term_restore(io_fds[SFD_USERTTY], 0);
+	    } while (!n && errno == EINTR);
+	}
+
+	/* Suspend self and continue child when we resume. */
+	sa.sa_handler = SIG_DFL;
+	sigaction(signo, &sa, &osa);
+	if (killpg(ppgrp, signo) != 0)
+	    warning("killpg(%d, %d)", ppgrp, signo);
+
+	/* Check foreground/background status on resume. */
+	check_foreground();
+
+	/*
+	 * Only modify term if we are foreground process and either
+	 * the old tty mode was not cooked or child got SIGTT{IN,OU}
+	 */
+	if (ttymode != TERM_COOKED) {
+	    if (foreground) {
+		/* Set raw mode. */
+		do {
+		    n = term_raw(io_fds[SFD_USERTTY], 0);
+		} while (!n && errno == EINTR);
+	    } else {
+		/* Background process, no access to tty. */
+		ttymode = TERM_COOKED;
+	    }
+	}
+
+	sigaction(signo, &osa, NULL);
+	rval = ttymode == TERM_RAW ? SIGUSR1 : SIGUSR2;
+	break;
+    }
+
+    return(rval);
+}
+
+/*
+ * Kill child with increasing urgency.
+ */
+static void
+terminate_child(pid, use_pgrp)
+    pid_t pid;
+    int use_pgrp;
+{
+    /*
+     * Note that SIGCHLD will interrupt the sleep()
+     */
+    if (use_pgrp) {
+	killpg(pid, SIGHUP);
+	killpg(pid, SIGTERM);
+	sleep(2);
+	killpg(pid, SIGKILL);
+    } else {
+	kill(pid, SIGHUP);
+	kill(pid, SIGTERM);
+	sleep(2);
+	kill(pid, SIGKILL);
+    }
+}
+
+/*
+ * Allocate a new io_buffer struct and insert it at the head of the list.
+ * Returns the new head element.
+ */
+static struct io_buffer *
+io_buf_new(rfd, wfd, action, head)
+    int rfd;
+    int wfd;
+    int (*action) __P((const char *, unsigned int));
+    struct io_buffer *head;
+{
+    struct io_buffer *iob;
+
+    iob = emalloc(sizeof(*iob));
+    zero_bytes(iob, sizeof(*iob));
+    iob->rfd = rfd;
+    iob->wfd = wfd;
+    iob->action = action;
+    iob->next = head;
+    return iob;
+}
+
+/*
+ * Read/write iobufs depending on fdsr and fdsw.
+ * Fills in cstat on error.
+ * Returns the number of errors.
+ */
+int
+perform_io(fdsr, fdsw, cstat)
+    fd_set *fdsr;
+    fd_set *fdsw;
+    struct command_status *cstat;
+{
+    struct io_buffer *iob;
+    int n, errors = 0;
+
+    for (iob = iobufs; iob; iob = iob->next) {
+	if (iob->rfd != -1 && FD_ISSET(iob->rfd, fdsr)) {
+	    do {
+		n = read(iob->rfd, iob->buf + iob->len,
+		    sizeof(iob->buf) - iob->len);
+	    } while (n == -1 && errno == EINTR);
+	    switch (n) {
+		case -1:
+		    if (errno == EAGAIN)
+			break;
+		    if (errno != ENXIO && errno != EBADF) {
+			errors++;
+			break;
+		    }
+		    /* FALLTHROUGH */
+		case 0:
+		    /* got EOF or pty has gone away */
+		    safe_close(iob->rfd);
+		    iob->rfd = -1;
+		    break;
+		default:
+		    if (!iob->action(iob->buf + iob->len, n))
+			terminate_child(child, TRUE);
+		    iob->len += n;
+		    break;
+	    }
+	}
+	if (iob->wfd != -1 && FD_ISSET(iob->wfd, fdsw)) {
+	    do {
+		n = write(iob->wfd, iob->buf + iob->off,
+		    iob->len - iob->off);
+	    } while (n == -1 && errno == EINTR);
+	    if (n == -1) {
+		if (errno == EPIPE || errno == ENXIO || errno == EBADF) {
+		    /* other end of pipe closed or pty revoked */
+		    if (iob->rfd != -1) {
+			safe_close(iob->rfd);
+			iob->rfd = -1;
+		    }
+		    safe_close(iob->wfd);
+		    iob->wfd = -1;
+		    continue;
+		}
+		if (errno != EAGAIN)
+		    errors++;
+	    } else {
+		iob->off += n;
+	    }
+	}
+    }
+    if (errors && cstat != NULL) {
+	cstat->type = CMD_ERRNO;
+	cstat->val = errno;
+    }
+    return errors;
+}
+
+/*
+ * Fork a monitor process which runs the actual command as its own child
+ * process with std{in,out,err} hooked up to the pty or pipes as appropriate.
+ * Returns the child pid.
+ */
+int
+fork_pty(path, argv, envp, sv, rbac_enabled, maxfd)
+    const char *path;
+    char *argv[];
+    char *envp[];
+    int sv[2];
+    int rbac_enabled;
+    int *maxfd;
+{
+    struct command_status cstat;
+    struct io_buffer *iob;
+    int io_pipe[3][2], n;
+    sigaction_t sa;
+
+    ppgrp = getpgrp(); /* parent's pgrp, so child can signal us */
+
+    zero_bytes(&sa, sizeof(sa));
+    sigemptyset(&sa.sa_mask);
+
+    if (io_fds[SFD_USERTTY] != -1) {
+	sa.sa_flags = SA_RESTART;
+	sa.sa_handler = sigwinch;
+	sigaction(SIGWINCH, &sa, NULL);
+    }
+
+    /*
+     * Setup stdin/stdout/stderr for child, to be duped after forking.
+     */
+    io_fds[SFD_STDIN] = io_fds[SFD_SLAVE];
+    io_fds[SFD_STDOUT] = io_fds[SFD_SLAVE];
+    io_fds[SFD_STDERR] = io_fds[SFD_SLAVE];
+
+    /* Copy /dev/tty -> pty master */
+    if (io_fds[SFD_USERTTY] != -1) {
+	iobufs = io_buf_new(io_fds[SFD_USERTTY], io_fds[SFD_MASTER],
+	    log_ttyin, iobufs);
+
+	/* Copy pty master -> /dev/tty */
+	iobufs = io_buf_new(io_fds[SFD_MASTER], io_fds[SFD_USERTTY],
+	    log_ttyout, iobufs);
+
+	/* Are we the foreground process? */
+	foreground = tcgetpgrp(io_fds[SFD_USERTTY]) == ppgrp;
+    }
+
+    /*
+     * If either stdin, stdout or stderr is not a tty we use a pipe
+     * to interpose ourselves instead of duping the pty fd.
+     */
+    memset(io_pipe, 0, sizeof(io_pipe));
+    if (io_fds[SFD_STDIN] == -1 || !isatty(STDIN_FILENO)) {
+	pipeline = TRUE;
+	if (pipe(io_pipe[STDIN_FILENO]) != 0)
+	    error(1, "unable to create pipe");
+	iobufs = io_buf_new(STDIN_FILENO, io_pipe[STDIN_FILENO][1],
+	    log_stdin, iobufs);
+	io_fds[SFD_STDIN] = io_pipe[STDIN_FILENO][0];
+    }
+    if (io_fds[SFD_STDOUT] == -1 || !isatty(STDOUT_FILENO)) {
+	pipeline = TRUE;
+	if (pipe(io_pipe[STDOUT_FILENO]) != 0)
+	    error(1, "unable to create pipe");
+	iobufs = io_buf_new(io_pipe[STDOUT_FILENO][0], STDOUT_FILENO,
+	    log_stdout, iobufs);
+	io_fds[SFD_STDOUT] = io_pipe[STDOUT_FILENO][1];
+    }
+    if (io_fds[SFD_STDERR] == -1 || !isatty(STDERR_FILENO)) {
+	if (pipe(io_pipe[STDERR_FILENO]) != 0)
+	    error(1, "unable to create pipe");
+	iobufs = io_buf_new(io_pipe[STDERR_FILENO][0], STDERR_FILENO,
+	    log_stderr, iobufs);
+	io_fds[SFD_STDERR] = io_pipe[STDERR_FILENO][1];
+    }
+
+    /* Job control signals to relay from parent to child. */
+    sa.sa_flags = SA_INTERRUPT; /* do not restart syscalls */
+    sa.sa_handler = handler;
+    sigaction(SIGTSTP, &sa, NULL);
+
+    if (foreground) {
+	/* Copy terminal attrs from user tty -> pty slave. */
+	if (term_copy(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE])) {
+	    tty_initialized = 1;
+	    sync_ttysize(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE]);
+	}
+
+	/* Start out in raw mode if we are not part of a pipeline. */
+	if (!pipeline) {
+	    ttymode = TERM_RAW;
+	    do {
+		n = term_raw(io_fds[SFD_USERTTY], 0);
+	    } while (!n && errno == EINTR);
+	    if (!n)
+		error(1, "Can't set terminal to raw mode");
+	}
+    }
+
+    child = fork();
+    switch (child) {
+    case -1:
+	error(1, "fork");
+	break;
+    case 0:
+	/* child */
+	close(sv[0]);
+	fcntl(sv[1], F_SETFD, FD_CLOEXEC);
+	if (exec_setup(rbac_enabled, slavename, io_fds[SFD_SLAVE]) == TRUE) {
+	    /* Close the other end of the stdin/stdout/stderr pipes and exec. */
+	    if (io_pipe[STDIN_FILENO][1])
+		close(io_pipe[STDIN_FILENO][1]);
+	    if (io_pipe[STDOUT_FILENO][0])
+		close(io_pipe[STDOUT_FILENO][0]);
+	    if (io_pipe[STDERR_FILENO][0])
+		close(io_pipe[STDERR_FILENO][0]);
+	    exec_monitor(path, argv, envp, sv[1], rbac_enabled);
+	}
+	cstat.type = CMD_ERRNO;
+	cstat.val = errno;
+	send(sv[1], &cstat, sizeof(cstat), 0);
+	_exit(1);
+    }
+
+    /* Close the other end of the stdin/stdout/stderr pipes. */
+    if (io_pipe[STDIN_FILENO][0])
+	close(io_pipe[STDIN_FILENO][0]);
+    if (io_pipe[STDOUT_FILENO][1])
+	close(io_pipe[STDOUT_FILENO][1]);
+    if (io_pipe[STDERR_FILENO][1])
+	close(io_pipe[STDERR_FILENO][1]);
+
+    for (iob = iobufs; iob; iob = iob->next) {
+	/* Adjust maxfd. */
+	if (iob->rfd > *maxfd)
+	    *maxfd = iob->rfd;
+	if (iob->wfd > *maxfd)
+	    *maxfd = iob->wfd;
+
+	/* Set non-blocking mode. */
+	n = fcntl(iob->rfd, F_GETFL, 0);
+	if (n != -1 && !ISSET(n, O_NONBLOCK))
+	    (void) fcntl(iob->rfd, F_SETFL, n | O_NONBLOCK);
+	n = fcntl(iob->wfd, F_GETFL, 0);
+	if (n != -1 && !ISSET(n, O_NONBLOCK))
+	    (void) fcntl(iob->wfd, F_SETFL, n | O_NONBLOCK);
+    }
+
+    return child;
+}
+
+/*
+ * Flush any remaining output and restore /dev/tty to the way we found it.
+ * If the command died due to a signal, writes the reason to stdout.
+ */
+void
+pty_close(cstat)
+    struct command_status *cstat;
+{
+    int n;
+
+    /* Flush any remaining output (the plugin already got it) */
+    if (io_fds[SFD_USERTTY] != -1) {
+	n = fcntl(io_fds[SFD_USERTTY], F_GETFL, 0);
+	if (n != -1 && ISSET(n, O_NONBLOCK)) {
+	    CLR(n, O_NONBLOCK);
+	    (void) fcntl(io_fds[SFD_USERTTY], F_SETFL, n);
+	}
+    }
+    flush_output();
+
+    if (io_fds[SFD_USERTTY] != -1) {
+	do {
+	    n = term_restore(io_fds[SFD_USERTTY], 0);
+	} while (!n && errno == EINTR);
+    }
+
+    /* If child was signalled, write the reason to stdout like the shell. */
+    if (cstat->type == CMD_WSTATUS && WIFSIGNALED(cstat->val)) {
+	int signo = WTERMSIG(cstat->val);
+	if (signo && signo != SIGINT && signo != SIGPIPE) {
+	    const char *reason = strsignal(signo);
+	    n = io_fds[SFD_USERTTY] != -1 ?
+		io_fds[SFD_USERTTY] : STDOUT_FILENO;
+	    write(n, reason, strlen(reason));
+	    if (WCOREDUMP(cstat->val))
+		write(n, " (core dumped)", 14);
+	    write(n, "\n", 1);
+	}
+    }
+}
+
+
+/*
+ * Fill in fdsr and fdsw based on the io buffers list.
+ * Called prior to select().
+ */
+void
+fd_set_iobs(fdsr, fdsw)
+    fd_set *fdsr;
+    fd_set *fdsw;
+{
+    struct io_buffer *iob;
+
+    for (iob = iobufs; iob; iob = iob->next) {
+	if (iob->rfd == -1 && iob->wfd == -1)
+	    continue;
+	if (iob->off == iob->len) {
+	    iob->off = iob->len = 0;
+	    /* Forward the EOF from reader to writer. */
+	    if (iob->rfd == -1) {
+		safe_close(iob->wfd);
+		iob->wfd = -1;
+	    }
+	}
+	/* Don't read/write /dev/tty if we are not in the foreground. */
+	if (iob->rfd != -1 &&
+	    (ttymode == TERM_RAW || iob->rfd != io_fds[SFD_USERTTY])) {
+	    if (iob->len != sizeof(iob->buf))
+		FD_SET(iob->rfd, fdsr);
+	}
+	if (iob->wfd != -1 &&
+	    (foreground || iob->wfd != io_fds[SFD_USERTTY])) {
+	    if (iob->len > iob->off)
+		FD_SET(iob->wfd, fdsw);
+	}
+    }
+}
+
+/*
+ * Deliver a relayed signal to the command.
+ */
+static void
+deliver_signal(pid, signo)
+    pid_t pid;
+    int signo;
+{
+    int status;
+
+    /* Handle signal from parent. */
+    switch (signo) {
+    case SIGKILL:
+	_exit(1); /* XXX */
+	/* NOTREACHED */
+    case SIGPIPE:
+    case SIGHUP:
+    case SIGTERM:
+    case SIGINT:
+    case SIGQUIT:
+    case SIGTSTP:
+	/* relay signal to child */
+	killpg(pid, signo);
+	break;
+    case SIGALRM:
+	terminate_child(pid, TRUE);
+	break;
+    case SIGUSR1:
+	/* foreground process, grant it controlling tty. */
+	do {
+	    status = tcsetpgrp(io_fds[SFD_SLAVE], pid);
+	} while (status == -1 && errno == EINTR);
+	killpg(pid, SIGCONT);
+	break;
+    case SIGUSR2:
+	/* background process, I take controlling tty. */
+	do {
+	    status = tcsetpgrp(io_fds[SFD_SLAVE], getpid());
+	} while (status == -1 && errno == EINTR);
+	killpg(pid, SIGCONT);
+	break;
+    default:
+	warningx("unexpected signal from child: %d", signo);
+	break;
+    }
+}
+
+/*
+ * Send status to parent over socketpair.
+ * Return value is the same as send(2).
+ */
+static int
+send_status(fd, cstat)
+    int fd;
+    struct command_status *cstat;
+{
+    int n = -1;
+
+    if (cstat->type != CMD_INVALID) {
+	do {
+	    n = send(fd, cstat, sizeof(*cstat), 0);
+	} while (n == -1 && errno == EINTR);
+	cstat->type = CMD_INVALID; /* prevent re-sending */
+    }
+    return n;
+}
+
+/*
+ * Wait for child status after receiving SIGCHLD.
+ * If the child was stopped, the status is send back to the parent.
+ * Otherwise, cstat is filled in but not sent.
+ * Returns TRUE if child is still alive, else FALSE.
+ */
+static int
+handle_sigchld(backchannel, cstat)
+    int backchannel;
+    struct command_status *cstat;
+{
+    int status, alive = TRUE;
+    pid_t pid;
+
+    /* read child status */
+    do {
+#ifdef sudo_waitpid
+	pid = sudo_waitpid(child, &status, WUNTRACED|WNOHANG);
+#else
+	pid = wait(&status);
+#endif
+    } while (pid == -1 && errno == EINTR);
+    if (pid == child) {
+	if (cstat->type != CMD_ERRNO) {
+	    cstat->type = CMD_WSTATUS;
+	    cstat->val = status;
+	    if (WIFSTOPPED(status)) {
+		if (send_status(backchannel, cstat) == -1)
+		    return alive; /* XXX */
+	    }
+	}
+	if (!WIFSTOPPED(status))
+	    alive = FALSE;
+    }
+    return alive;
+}
+
+/*
+ * Monitor process that creates a new session with the controlling tty,
+ * resets signal handlers and forks a child to call exec_pty().
+ * Waits for status changes from the command and relays them to the
+ * parent and relays signals from the parent to the command.
+ * Returns an error if fork(2) fails, else calls _exit(2).
+ */
+static int
+exec_monitor(path, argv, envp, backchannel, rbac)
+    const char *path;
+    char *argv[];
+    char *envp[];
+    int backchannel;
+    int rbac;
+{
+    struct command_status cstat;
+    struct timeval tv;
+    fd_set *fdsr;
+    sigaction_t sa;
+    int errpipe[2], maxfd, n, status;
+    int alive = TRUE;
+
+    /* Close unused fds. */
+    if (io_fds[SFD_MASTER] != -1)
+	close(io_fds[SFD_MASTER]);
+    if (io_fds[SFD_USERTTY] != -1)
+	close(io_fds[SFD_USERTTY]);
+
+    /* Reset SIGWINCH and SIGALRM. */
+    zero_bytes(&sa, sizeof(sa));
+    sigemptyset(&sa.sa_mask);
+    sa.sa_flags = SA_RESTART;
+    sa.sa_handler = SIG_DFL;
+    sigaction(SIGWINCH, &sa, NULL);
+    sigaction(SIGALRM, &sa, NULL);
+
+    /* Ignore any SIGTTIN or SIGTTOU we get. */
+    sa.sa_handler = SIG_IGN;
+    sigaction(SIGTTIN, &sa, NULL);
+    sigaction(SIGTTOU, &sa, NULL);
+
+    /* Note: HP-UX select() will not be interrupted if SA_RESTART set */
+    sa.sa_flags = SA_INTERRUPT;
+    sa.sa_handler = handler;
+    sigaction(SIGCHLD, &sa, NULL);
+
+    /*
+     * Start a new session with the parent as the session leader
+     * and the slave pty as the controlling terminal.
+     * This allows us to be notified when the child has been suspended.
+     */
+    if (setsid() == -1) {
+	warning("setsid");
+	goto bad;
+    }
+    if (io_fds[SFD_SLAVE] != -1) {
+#ifdef TIOCSCTTY
+	if (ioctl(io_fds[SFD_SLAVE], TIOCSCTTY, NULL) != 0)
+	    error(1, "unable to set controlling tty");
+#else
+	/* Set controlling tty by reopening slave. */
+	if ((n = open(slavename, O_RDWR)) >= 0)
+	    close(n);
+#endif
+    }
+
+    /*
+     * If stdin/stdout is not a tty, start command in the background
+     * since it might be part of a pipeline that reads from /dev/tty.
+     * In this case, we rely on the command receiving SIGTTOU or SIGTTIN
+     * when it needs access to the controlling tty.
+     */
+    if (pipeline)
+	foreground = 0;
+
+    /* Start command and wait for it to stop or exit */
+    if (pipe(errpipe) == -1)
+	error(1, "unable to create pipe");
+    child = fork();
+    if (child == -1) {
+	warning("Can't fork");
+	goto bad;
+    }
+    if (child == 0) {
+	/* We pass errno back to our parent via pipe on exec failure. */
+	close(backchannel);
+	close(errpipe[0]);
+	fcntl(errpipe[1], F_SETFD, FD_CLOEXEC);
+
+	/* setup tty and exec command */
+	exec_pty(path, argv, envp, rbac);
+	cstat.type = CMD_ERRNO;
+	cstat.val = errno;
+	write(errpipe[1], &cstat, sizeof(cstat));
+	_exit(1);
+    }
+    close(errpipe[1]);
+
+    /* If any of stdin/stdout/stderr are pipes, close them in parent. */
+    if (io_fds[SFD_STDIN] != io_fds[SFD_SLAVE])
+	close(io_fds[SFD_STDIN]);
+    if (io_fds[SFD_STDOUT] != io_fds[SFD_SLAVE])
+	close(io_fds[SFD_STDOUT]);
+    if (io_fds[SFD_STDERR] != io_fds[SFD_SLAVE])
+	close(io_fds[SFD_STDERR]);
+
+    /*
+     * Put child in its own process group.  If we are starting the command
+     * in the foreground, assign its pgrp to the tty.
+     */
+    setpgid(child, child);
+    if (foreground) {
+	do {
+	    status = tcsetpgrp(io_fds[SFD_SLAVE], child);
+	} while (status == -1 && errno == EINTR);
+    }
+
+    /* Wait for errno on pipe, signal on backchannel or for SIGCHLD */
+    maxfd = MAX(errpipe[0], backchannel);
+    fdsr = (fd_set *)emalloc2(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask));
+    zero_bytes(fdsr, howmany(maxfd + 1, NFDBITS) * sizeof(fd_mask));
+    zero_bytes(&cstat, sizeof(cstat));
+    tv.tv_sec = 0;
+    tv.tv_usec = 0;
+    for (;;) {
+	/* Read child status. */
+	if (recvsig[SIGCHLD]) {
+	    recvsig[SIGCHLD] = FALSE;
+	    alive = handle_sigchld(backchannel, &cstat);
+	}
+
+	/* Check for signal on backchannel or errno on errpipe. */
+	FD_SET(backchannel, fdsr);
+	if (errpipe[0] != -1)
+	    FD_SET(errpipe[0], fdsr);
+	maxfd = MAX(errpipe[0], backchannel);
+
+	if (recvsig[SIGCHLD])
+	    continue;
+	/* If command exited we just poll, there may be data on errpipe. */
+	n = select(maxfd + 1, fdsr, NULL, NULL, alive ? NULL : &tv);
+	if (n <= 0) {
+	    if (n == 0)
+		goto done;
+	    if (errno == EINTR)
+		continue;
+	    error(1, "select failed");
+	}
+
+	if (errpipe[0] != -1 && FD_ISSET(errpipe[0], fdsr)) {
+	    /* read errno or EOF from command pipe */
+	    n = read(errpipe[0], &cstat, sizeof(cstat));
+	    if (n == -1) {
+		if (errno == EINTR)
+		    continue;
+		warning("error reading from pipe");
+		goto done;
+	    }
+	    /* Got errno or EOF, either way we are done with errpipe. */
+	    FD_CLR(errpipe[0], fdsr);
+	    close(errpipe[0]);
+	    errpipe[0] = -1;
+	}
+	if (FD_ISSET(backchannel, fdsr)) {
+	    struct command_status cstmp;
+
+	    /* read command from backchannel, should be a signal */
+	    n = recv(backchannel, &cstmp, sizeof(cstmp), 0);
+	    if (n == -1) {
+		if (errno == EINTR)
+		    continue;
+		warning("error reading from socketpair");
+		goto done;
+	    }
+	    if (cstmp.type != CMD_SIGNO) {
+		warningx("unexpected reply type on backchannel: %d", cstmp.type);
+		continue;
+	    }
+	    deliver_signal(child, cstmp.val);
+	}
+    }
+
+done:
+    if (alive) {
+	/* XXX An error occurred, should send an error back. */
+	kill(child, SIGKILL);
+    } else {
+	/* Send parent status. */
+	send_status(backchannel, &cstat);
+    }
+    _exit(1);
+
+bad:
+    return errno;
+}
+
+/*
+ * Flush any output buffered in iobufs or readable from the fds.
+ * Does not read from /dev/tty.
+ */
+static void
+flush_output()
+{
+    struct io_buffer *iob;
+    struct timeval tv;
+    fd_set *fdsr, *fdsw;
+    int nready, nwriters, maxfd = -1;
+
+    /* Determine maxfd */
+    for (iob = iobufs; iob; iob = iob->next) {
+	if (iob->rfd > maxfd)
+	    maxfd = iob->rfd;
+	if (iob->wfd > maxfd)
+	    maxfd = iob->wfd;
+    }
+    if (maxfd == -1)
+	return;
+
+    fdsr = (fd_set *)emalloc2(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask));
+    fdsw = (fd_set *)emalloc2(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask));
+    for (;;) {
+	zero_bytes(fdsw, howmany(maxfd + 1, NFDBITS) * sizeof(fd_mask));
+	zero_bytes(fdsr, howmany(maxfd + 1, NFDBITS) * sizeof(fd_mask));
+
+	nwriters = 0;
+	for (iob = iobufs; iob; iob = iob->next) {
+	    /* Don't read from /dev/tty while flushing. */
+	    if (io_fds[SFD_USERTTY] != -1 && iob->rfd == io_fds[SFD_USERTTY])
+		continue;
+	    if (iob->rfd == -1 && iob->wfd == -1)
+	    	continue;
+	    if (iob->off == iob->len) {
+		iob->off = iob->len = 0;
+		/* Forward the EOF from reader to writer. */
+		if (iob->rfd == -1) {
+		    safe_close(iob->wfd);
+		    iob->wfd = -1;
+		}
+	    }
+	    if (iob->rfd != -1) {
+		if (iob->len != sizeof(iob->buf))
+		    FD_SET(iob->rfd, fdsr);
+	    }
+	    if (iob->wfd != -1) {
+		if (iob->len > iob->off) {
+		    nwriters++;
+		    FD_SET(iob->wfd, fdsw);
+		}
+	    }
+	}
+
+	/* Don't sleep in select if there are no buffers that need writing. */
+	tv.tv_sec = 0;
+	tv.tv_usec = 0;
+	nready = select(maxfd + 1, fdsr, fdsw, NULL, nwriters ? NULL : &tv);
+	if (nready <= 0) {
+	    if (nready == 0)
+		break; /* all I/O flushed */
+	    if (errno == EINTR)
+		continue;
+	    error(1, "select failed");
+	}
+	if (perform_io(fdsr, fdsw, NULL) != 0)
+	    break;
+    }
+    efree(fdsr);
+    efree(fdsw);
+}
+
+/*
+ * Sets up std{in,out,err} and executes the actual command.
+ * Returns only if execve() fails.
+ */
+static void
+exec_pty(path, argv, envp, rbac_enabled)
+    const char *path;
+    char *argv[];
+    char *envp[];
+    int rbac_enabled;
+{
+    sigaction_t sa;
+    pid_t self = getpid();
+
+    /* Reset signal handlers. */
+    zero_bytes(&sa, sizeof(sa));
+    sigemptyset(&sa.sa_mask);
+    sa.sa_flags = SA_RESTART;
+    sa.sa_handler = SIG_DFL;
+    sigaction(SIGHUP, &sa, NULL);
+    sigaction(SIGTERM, &sa, NULL);
+    sigaction(SIGINT, &sa, NULL);
+    sigaction(SIGQUIT, &sa, NULL);
+    sigaction(SIGTSTP, &sa, NULL);
+    sigaction(SIGTTIN, &sa, NULL);
+    sigaction(SIGTTOU, &sa, NULL);
+    sigaction(SIGUSR1, &sa, NULL);
+    sigaction(SIGUSR2, &sa, NULL);
+    sigaction(SIGCHLD, &sa, NULL);
+
+    /* Set child process group here too to avoid a race. */
+    setpgid(0, self);
+
+    /* Wire up standard fds, note that stdout/stderr may be pipes. */
+    if (dup2(io_fds[SFD_STDIN], STDIN_FILENO) == -1 ||
+	dup2(io_fds[SFD_STDOUT], STDOUT_FILENO) == -1 ||
+	dup2(io_fds[SFD_STDERR], STDERR_FILENO) == -1)
+	error(1, "dup2");
+
+    /* Wait for parent to grant us the tty if we are foreground. */
+    if (foreground) {
+	while (tcgetpgrp(io_fds[SFD_SLAVE]) != self)
+	    ; /* spin */
+    }
+
+    /* We have guaranteed that the slave fd is > 2 */
+    if (io_fds[SFD_SLAVE] != -1)
+	close(io_fds[SFD_SLAVE]);
+    if (io_fds[SFD_STDIN] != io_fds[SFD_SLAVE])
+	close(io_fds[SFD_STDIN]);
+    if (io_fds[SFD_STDOUT] != io_fds[SFD_SLAVE])
+	close(io_fds[SFD_STDOUT]);
+    if (io_fds[SFD_STDERR] != io_fds[SFD_SLAVE])
+	close(io_fds[SFD_STDERR]);
+
+    closefrom(def_closefrom);
+#ifdef HAVE_SELINUX
+    if (rbac_enabled)
+	selinux_execve(path, argv, envp);
+    else
+#endif
+	my_execve(path, argv, envp);
+}
+
+/*
+ * Propagates tty size change signals to pty being used by the command.
+ */
+static void
+sync_ttysize(src, dst)
+    int src;
+    int dst;
+{
+#ifdef TIOCGSIZE
+    struct ttysize tsize;
+    pid_t pgrp;
+
+    if (ioctl(src, TIOCGSIZE, &tsize) == 0) {
+	    ioctl(dst, TIOCSSIZE, &tsize);
+	    if ((pgrp = tcgetpgrp(dst)) != -1)
+		killpg(pgrp, SIGWINCH);
+    }
+#endif
+}
+
+/*
+ * Handler for SIGWINCH in parent.
+ */
+static void
+sigwinch(s)
+    int s;
+{
+    int serrno = errno;
+
+    sync_ttysize(io_fds[SFD_USERTTY], io_fds[SFD_SLAVE]);
+    errno = serrno;
+}
+
+/*
+ * Only close the fd if it is not /dev/tty or std{in,out,err}.
+ * Return value is the same as send(2).
+ */
+static int
+safe_close(fd)
+    int fd;
+{
+    /* Avoid closing /dev/tty or std{in,out,err}. */
+    if (fd < 3 || fd == io_fds[SFD_USERTTY]) {
+	errno = EINVAL;
+	return -1;
+    }
+    return close(fd);
+}
diff --git a/sudo-1.7.4p4/fileops.c b/sudo-1.7.4p4/fileops.c
new file mode 100644
index 0000000..ca4903f
--- /dev/null
+++ b/sudo-1.7.4p4/fileops.c
@@ -0,0 +1,177 @@
+/*
+ * Copyright (c) 1999-2005, 2007, 2009, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/time.h>
+#ifdef HAVE_FLOCK
+# include <sys/file.h>
+#endif /* HAVE_FLOCK */
+#include <stdio.h>
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#include <ctype.h>
+#include <limits.h>
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <fcntl.h>
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+#ifndef HAVE_TIMESPEC
+# include <emul/timespec.h>
+#endif
+
+#include "sudo.h"
+
+#ifndef LINE_MAX
+# define LINE_MAX 2048
+#endif
+
+/*
+ * Update the access and modify times on an fd or file.
+ */
+int
+touch(fd, path, tvp)
+    int fd;
+    char *path;
+    struct timeval *tvp;
+{
+    struct timeval times[2];
+
+    if (tvp != NULL) {
+	times[0].tv_sec = times[1].tv_sec = tvp->tv_sec;
+	times[0].tv_usec = times[1].tv_usec = tvp->tv_usec;
+    }
+
+#if defined(HAVE_FUTIME) || defined(HAVE_FUTIMES)
+    if (fd != -1)
+	return(futimes(fd, tvp ? times : NULL));
+    else
+#endif
+    if (path != NULL)
+	return(utimes(path, tvp ? times : NULL));
+    else
+	return(-1);
+}
+
+/*
+ * Lock/unlock a file.
+ */
+#ifdef HAVE_LOCKF
+int
+lock_file(fd, lockit)
+    int fd;
+    int lockit;
+{
+    int op = 0;
+
+    switch (lockit) {
+	case SUDO_LOCK:
+	    op = F_LOCK;
+	    break;
+	case SUDO_TLOCK:
+	    op = F_TLOCK;
+	    break;
+	case SUDO_UNLOCK:
+	    op = F_ULOCK;
+	    break;
+    }
+    return(lockf(fd, op, 0) == 0);
+}
+#elif HAVE_FLOCK
+int
+lock_file(fd, lockit)
+    int fd;
+    int lockit;
+{
+    int op = 0;
+
+    switch (lockit) {
+	case SUDO_LOCK:
+	    op = LOCK_EX;
+	    break;
+	case SUDO_TLOCK:
+	    op = LOCK_EX | LOCK_NB;
+	    break;
+	case SUDO_UNLOCK:
+	    op = LOCK_UN;
+	    break;
+    }
+    return(flock(fd, op) == 0);
+}
+#else
+int
+lock_file(fd, lockit)
+    int fd;
+    int lockit;
+{
+#ifdef F_SETLK
+    int func;
+    struct flock lock;
+
+    lock.l_start = 0;
+    lock.l_len = 0;
+    lock.l_pid = getpid();
+    lock.l_type = (lockit == SUDO_UNLOCK) ? F_UNLCK : F_WRLCK;
+    lock.l_whence = SEEK_SET;
+    func = (lockit == SUDO_LOCK) ? F_SETLKW : F_SETLK;
+
+    return(fcntl(fd, func, &lock) == 0);
+#else
+    return(TRUE);
+#endif
+}
+#endif
+
+/*
+ * Read a line of input, remove comments and strip off leading
+ * and trailing spaces.  Returns static storage that is reused.
+ */
+char *
+sudo_parseln(fp)
+    FILE *fp;
+{
+    size_t len;
+    char *cp = NULL;
+    static char buf[LINE_MAX];
+
+    if (fgets(buf, sizeof(buf), fp) != NULL) {
+	/* Remove comments */
+	if ((cp = strchr(buf, '#')) != NULL)
+	    *cp = '\0';
+
+	/* Trim leading and trailing whitespace/newline */
+	len = strlen(buf);
+	while (len > 0 && isspace((unsigned char)buf[len - 1]))
+	    buf[--len] = '\0';
+	for (cp = buf; isblank(*cp); cp++)
+	    continue;
+    }
+    return(cp);
+}
diff --git a/sudo-1.7.4p4/find_path.c b/sudo-1.7.4p4/find_path.c
new file mode 100644
index 0000000..78c96ea
--- /dev/null
+++ b/sudo-1.7.4p4/find_path.c
@@ -0,0 +1,136 @@
+/*
+ * Copyright (c) 1996, 1998-2005, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+
+#include "sudo.h"
+
+/*
+ * This function finds the full pathname for a command and
+ * stores it in a statically allocated array, filling in a pointer
+ * to the array.  Returns FOUND if the command was found, NOT_FOUND
+ * if it was not found, or NOT_FOUND_DOT if it would have been found
+ * but it is in '.' and IGNORE_DOT is set.
+ */
+int
+find_path(infile, outfile, sbp, path, ignore_dot)
+    char *infile;		/* file to find */
+    char **outfile;		/* result parameter */
+    struct stat *sbp;		/* stat result parameter */
+    char *path;			/* path to search */
+    int ignore_dot;		/* don't check cwd */
+{
+    static char command[PATH_MAX]; /* qualified filename */
+    char *n;			/* for traversing path */
+    char *origpath;		/* so we can free path later */
+    char *result = NULL;	/* result of path/file lookup */
+    int checkdot = 0;		/* check current dir? */
+    int len;			/* length parameter */
+
+    if (strlen(infile) >= PATH_MAX)
+	errorx(1, "%s: File name too long", infile);
+
+    /*
+     * If we were given a fully qualified or relative path
+     * there is no need to look at $PATH.
+     */
+    if (strchr(infile, '/')) {
+	strlcpy(command, infile, sizeof(command));	/* paranoia */
+	if (sudo_goodpath(command, sbp)) {
+	    *outfile = command;
+	    return(FOUND);
+	} else
+	    return(NOT_FOUND);
+    }
+
+    if (path == NULL)
+	return(NOT_FOUND);
+    path = estrdup(path);
+    origpath = path;
+
+    do {
+	if ((n = strchr(path, ':')))
+	    *n = '\0';
+
+	/*
+	 * Search current dir last if it is in PATH This will miss sneaky
+	 * things like using './' or './/'
+	 */
+	if (*path == '\0' || (*path == '.' && *(path + 1) == '\0')) {
+	    checkdot = 1;
+	    path = n + 1;
+	    continue;
+	}
+
+	/*
+	 * Resolve the path and exit the loop if found.
+	 */
+	len = snprintf(command, sizeof(command), "%s/%s", path, infile);
+	if (len <= 0 || len >= sizeof(command))
+	    errorx(1, "%s: File name too long", infile);
+	if ((result = sudo_goodpath(command, sbp)))
+	    break;
+
+	path = n + 1;
+
+    } while (n);
+    efree(origpath);
+
+    /*
+     * Check current dir if dot was in the PATH
+     */
+    if (!result && checkdot) {
+	len = snprintf(command, sizeof(command), "./%s", infile);
+	if (len <= 0 || len >= sizeof(command))
+	    errorx(1, "%s: File name too long", infile);
+	result = sudo_goodpath(command, sbp);
+	if (result && ignore_dot)
+	    return(NOT_FOUND_DOT);
+    }
+
+    if (result) {
+	*outfile = result;
+	return(FOUND);
+    } else
+	return(NOT_FOUND);
+}
diff --git a/sudo-1.7.4p4/fnmatch.c b/sudo-1.7.4p4/fnmatch.c
new file mode 100644
index 0000000..2255e52
--- /dev/null
+++ b/sudo-1.7.4p4/fnmatch.c
@@ -0,0 +1,281 @@
+/*
+ * Copyright (c) 2008, 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1989, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Function fnmatch() as specified in POSIX 1003.2-1992, section B.6.
+ * Compares a filename or pathname to a pattern.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <ctype.h>
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+
+#include <compat.h>
+#include "emul/fnmatch.h"
+#include "emul/charclass.h"
+
+#undef	EOS
+#define	EOS	'\0'
+
+#define	RANGE_MATCH	1
+#define	RANGE_NOMATCH	0
+#define	RANGE_ERROR	(-1)
+
+#if defined(LIBC_SCCS) && !defined(lint)
+__unused static const char rcsid[] = "$OpenBSD: fnmatch.c,v 1.6 1998/03/19 00:29:59 millert Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+static int rangematch __P((const char *, int, int, char **));
+static int classmatch __P((const char *, int, int, const char **));
+
+int
+fnmatch(pattern, string, flags)
+	const char *pattern, *string;
+	int flags;
+{
+	const char *stringstart;
+	char *newp;
+	char c, test;
+
+	for (stringstart = string;;)
+		switch (c = *pattern++) {
+		case EOS:
+			if (ISSET(flags, FNM_LEADING_DIR) && *string == '/')
+				return (0);
+			return (*string == EOS ? 0 : FNM_NOMATCH);
+		case '?':
+			if (*string == EOS)
+				return (FNM_NOMATCH);
+			if (*string == '/' && ISSET(flags, FNM_PATHNAME))
+				return (FNM_NOMATCH);
+			if (*string == '.' && ISSET(flags, FNM_PERIOD) &&
+			    (string == stringstart ||
+			    (ISSET(flags, FNM_PATHNAME) && *(string - 1) == '/')))
+				return (FNM_NOMATCH);
+			++string;
+			break;
+		case '*':
+			c = *pattern;
+			/* Collapse multiple stars. */
+			while (c == '*')
+				c = *++pattern;
+
+			if (*string == '.' && ISSET(flags, FNM_PERIOD) &&
+			    (string == stringstart ||
+			    (ISSET(flags, FNM_PATHNAME) && *(string - 1) == '/')))
+				return (FNM_NOMATCH);
+
+			/* Optimize for pattern with * at end or before /. */
+			if (c == EOS) {
+				if (ISSET(flags, FNM_PATHNAME))
+					return (ISSET(flags, FNM_LEADING_DIR) ||
+					    strchr(string, '/') == NULL ?
+					    0 : FNM_NOMATCH);
+				else
+					return (0);
+			} else if (c == '/' && ISSET(flags, FNM_PATHNAME)) {
+				if ((string = strchr(string, '/')) == NULL)
+					return (FNM_NOMATCH);
+				break;
+			}
+
+			/* General case, use recursion. */
+			while ((test = *string) != EOS) {
+				if (!fnmatch(pattern, string, flags & ~FNM_PERIOD))
+					return (0);
+				if (test == '/' && ISSET(flags, FNM_PATHNAME))
+					break;
+				++string;
+			}
+			return (FNM_NOMATCH);
+		case '[':
+			if (*string == EOS)
+				return (FNM_NOMATCH);
+			if (*string == '/' && ISSET(flags, FNM_PATHNAME))
+				return (FNM_NOMATCH);
+			if (*string == '.' && ISSET(flags, FNM_PERIOD) &&
+			    (string == stringstart ||
+			    (ISSET(flags, FNM_PATHNAME) && *(string - 1) == '/')))
+				return (FNM_NOMATCH);
+
+			switch (rangematch(pattern, *string, flags, &newp)) {
+			case RANGE_ERROR:
+				/* not a good range, treat as normal text */
+				goto normal;
+			case RANGE_MATCH:
+				pattern = newp;
+				break;
+			case RANGE_NOMATCH:
+				return (FNM_NOMATCH);
+			}
+			++string;
+			break;
+		case '\\':
+			if (!ISSET(flags, FNM_NOESCAPE)) {
+				if ((c = *pattern++) == EOS) {
+					c = '\\';
+					--pattern;
+				}
+			}
+			/* FALLTHROUGH */
+		default:
+		normal:
+			if (c != *string && !(ISSET(flags, FNM_CASEFOLD) &&
+				 (tolower((unsigned char)c) ==
+				 tolower((unsigned char)*string))))
+				return (FNM_NOMATCH);
+			++string;
+			break;
+		}
+	/* NOTREACHED */
+}
+
+static int
+#ifdef __STDC__
+rangematch(const char *pattern, int test, int flags, char **newp)
+#else
+rangematch(pattern, test, flags, newp)
+	const char *pattern;
+	int test;
+	int flags;
+	char **newp;
+#endif
+{
+	int negate, ok, rv;
+	char c, c2;
+
+	/*
+	 * A bracket expression starting with an unquoted circumflex
+	 * character produces unspecified results (IEEE 1003.2-1992,
+	 * 3.13.2).  This implementation treats it like '!', for
+	 * consistency with the regular expression syntax.
+	 * J.T. Conklin (conklin@ngai.kaleida.com)
+	 */
+	if ((negate = (*pattern == '!' || *pattern == '^')))
+		++pattern;
+
+	if (ISSET(flags, FNM_CASEFOLD))
+		test = tolower(test);
+
+	/*
+	 * A right bracket shall lose its special meaning and represent
+	 * itself in a bracket expression if it occurs first in the list.
+	 * -- POSIX.2 2.8.3.2
+	 */
+	ok = 0;
+	c = *pattern++;
+	do {
+		if (c == '[' && *pattern == ':') {
+			do {
+				rv = classmatch(pattern + 1, test,
+				    (flags & FNM_CASEFOLD), &pattern);
+				if (rv == RANGE_MATCH)
+					ok = 1;
+				c = *pattern++;
+			} while (rv != RANGE_ERROR && c == '[' && *pattern == ':');
+			if (c == ']')
+			break;
+		}
+		if (c == '\\' && !ISSET(flags, FNM_NOESCAPE))
+			c = *pattern++;
+		if (c == EOS)
+			return (RANGE_ERROR);
+		if (c == '/' && ISSET(flags, FNM_PATHNAME))
+			return (RANGE_NOMATCH);
+		if (ISSET(flags, FNM_CASEFOLD))
+			c = tolower((unsigned char)c);
+		if (*pattern == '-'
+		    && (c2 = *(pattern+1)) != EOS && c2 != ']') {
+			pattern += 2;
+			if (c2 == '\\' && !ISSET(flags, FNM_NOESCAPE))
+				c2 = *pattern++;
+			if (c2 == EOS)
+				return (RANGE_ERROR);
+			if (ISSET(flags, FNM_CASEFOLD))
+				c2 = tolower((unsigned char)c2);
+			if (c <= test && test <= c2)
+				ok = 1;
+		} else if (c == test)
+			ok = 1;
+	} while ((c = *pattern++) != ']');
+
+	*newp = (char *)pattern;
+	return (ok == negate ? RANGE_NOMATCH : RANGE_MATCH);
+}
+
+static int
+#ifdef __STDC__
+classmatch(const char *pattern, int test, int foldcase, const char **ep)
+#else
+classmatch(pattern, test, foldcase, ep)
+	const char *pattern;
+	int test;
+	int foldcase;
+	const char **ep;
+#endif
+{
+	struct cclass *cc;
+	const char *colon;
+	size_t len;
+	int rval = RANGE_NOMATCH;
+
+	if ((colon = strchr(pattern, ':')) == NULL || colon[1] != ']') {
+		*ep = pattern - 2;
+		return(RANGE_ERROR);
+	}
+	*ep = colon + 2;
+	len = (size_t)(colon - pattern);
+
+	if (foldcase && strncmp(pattern, "upper:]", 7) == 0)
+		pattern = "lower:]";
+	for (cc = cclasses; cc->name != NULL; cc++) {
+		if (!strncmp(pattern, cc->name, len) && cc->name[len] == '\0') {
+			if (cc->isctype(test))
+				rval = RANGE_MATCH;
+			break;
+		}
+	}
+	if (cc->name == NULL) {
+		/* invalid character class, return EOS */
+		*ep = colon + strlen(colon);
+		rval = RANGE_ERROR;
+	}
+	return(rval);
+}
diff --git a/sudo-1.7.4p4/get_pty.c b/sudo-1.7.4p4/get_pty.c
new file mode 100644
index 0000000..7b35108
--- /dev/null
+++ b/sudo-1.7.4p4/get_pty.c
@@ -0,0 +1,203 @@
+/*
+ * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/ioctl.h>
+#ifdef HAVE_SYS_STROPTS_H
+#include <sys/stropts.h>
+#endif /* HAVE_SYS_STROPTS_H */
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <errno.h>
+#include <fcntl.h>
+#include <grp.h>
+#include <pwd.h>
+
+#ifdef HAVE_UTIL_H
+# include <util.h>
+#endif
+#ifdef HAVE_PTY_H
+# include <pty.h>
+#endif
+
+#include "sudo.h"
+
+#if defined(HAVE_OPENPTY)
+int
+get_pty(master, slave, name, namesz, ttyuid)
+    int *master;
+    int *slave;
+    char *name;
+    size_t namesz;
+    uid_t ttyuid;
+{
+    struct group *gr;
+    gid_t ttygid = -1;
+
+    if ((gr = sudo_getgrnam("tty")) != NULL)
+	ttygid = gr->gr_gid;
+
+    if (openpty(master, slave, name, NULL, NULL) != 0)
+	return(0);
+    (void) chown(name, ttyuid, ttygid);
+    return(1);
+}
+
+#elif defined(HAVE__GETPTY)
+int
+get_pty(master, slave, name, namesz, ttyuid)
+    int *master;
+    int *slave;
+    char *name;
+    size_t namesz;
+    uid_t ttyuid;
+{
+    char *line;
+
+    /* IRIX-style dynamic ptys (may fork) */
+    line = _getpty(master, O_RDWR, S_IRUSR|S_IWUSR|S_IWGRP, 0);
+    if (line == NULL)
+	return (0);
+    *slave = open(line, O_RDWR|O_NOCTTY, 0);
+    if (*slave == -1) {
+	close(*master);
+	return(0);
+    }
+    (void) chown(line, ttyuid, -1);
+    strlcpy(name, line, namesz);
+    return(1);
+}
+#elif defined(HAVE_GRANTPT)
+# ifndef HAVE_POSIX_OPENPT
+static int
+posix_openpt(oflag)
+    int oflag;
+{
+    int fd;
+
+#  ifdef _AIX
+    fd = open("/dev/ptc", oflag);
+#  else
+    fd = open("/dev/ptmx", oflag);
+#  endif
+    return(fd);
+}
+# endif /* HAVE_POSIX_OPENPT */
+
+int
+get_pty(master, slave, name, namesz, ttyuid)
+    int *master;
+    int *slave;
+    char *name;
+    size_t namesz;
+    uid_t ttyuid;
+{
+    char *line;
+
+    *master = posix_openpt(O_RDWR|O_NOCTTY);
+    if (*master == -1)
+	return(0);
+
+    (void) grantpt(*master); /* may fork */
+    if (unlockpt(*master) != 0) {
+	close(*master);
+	return(0);
+    }
+    line = ptsname(*master);
+    if (line == NULL) {
+	close(*master);
+	return(0);
+    }
+    *slave = open(line, O_RDWR|O_NOCTTY, 0);
+    if (*slave == -1) {
+	close(*master);
+	return(0);
+    }
+# if defined(I_PUSH) && !defined(_AIX)
+    ioctl(*slave, I_PUSH, "ptem");	/* pseudo tty emulation module */
+    ioctl(*slave, I_PUSH, "ldterm");	/* line discipline module */
+# endif
+    (void) chown(line, ttyuid, -1);
+    strlcpy(name, line, namesz);
+    return(1);
+}
+
+#else /* Old-style BSD ptys */
+
+static char line[] = "/dev/ptyXX";
+
+int
+get_pty(master, slave, name, namesz, ttyuid)
+    int *master;
+    int *slave;
+    char *name;
+    size_t namesz;
+    uid_t ttyuid;
+{
+    char *bank, *cp;
+    struct group *gr;
+    gid_t ttygid = -1;
+
+    if ((gr = sudo_getgrnam("tty")) != NULL)
+	ttygid = gr->gr_gid;
+
+    for (bank = "pqrs"; *bank != '\0'; bank++) {
+	line[sizeof("/dev/ptyX") - 2] = *bank;
+	for (cp = "0123456789abcdef"; *cp != '\0'; cp++) {
+	    line[sizeof("/dev/ptyXX") - 2] = *cp;
+	    *master = open(line, O_RDWR|O_NOCTTY, 0);
+	    if (*master == -1) {
+		if (errno == ENOENT)
+		    return(0); /* out of ptys */
+		continue; /* already in use */
+	    }
+	    line[sizeof("/dev/p") - 2] = 't';
+	    (void) chown(line, ttyuid, ttygid);
+	    (void) chmod(line, S_IRUSR|S_IWUSR|S_IWGRP);
+# ifdef HAVE_REVOKE
+	    (void) revoke(line);
+# endif
+	    *slave = open(line, O_RDWR|O_NOCTTY, 0);
+	    if (*slave != -1) {
+		    strlcpy(name, line, namesz);
+		    return(1); /* success */
+	    }
+	    (void) close(*master);
+	}
+    }
+    return(0);
+}
+#endif /* HAVE_OPENPTY */
diff --git a/sudo-1.7.4p4/getcwd.c b/sudo-1.7.4p4/getcwd.c
new file mode 100644
index 0000000..109794a
--- /dev/null
+++ b/sudo-1.7.4p4/getcwd.c
@@ -0,0 +1,266 @@
+/*
+ * Copyright (c) 1989, 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+#include <sys/param.h>
+#include <sys/stat.h>
+
+#include <errno.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+# include <malloc.h>
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#ifdef HAVE_DIRENT_H
+# include <dirent.h>
+# define NAMLEN(dirent) strlen((dirent)->d_name)
+#else
+# define dirent direct
+# define NAMLEN(dirent) (dirent)->d_namlen
+# ifdef HAVE_SYS_NDIR_H
+#  include <sys/ndir.h>
+# endif
+# ifdef HAVE_SYS_DIR_H
+#  include <sys/dir.h>
+# endif
+# ifdef HAVE_NDIR_H
+#  include <ndir.h>
+# endif
+#endif
+
+#include <compat.h>
+
+#define	ISDOT(dp) \
+	(dp->d_name[0] == '.' && (dp->d_name[1] == '\0' || \
+	    (dp->d_name[1] == '.' && dp->d_name[2] == '\0')))
+
+char *
+getcwd(pt, size)
+	char *pt;
+	size_t size;
+{
+	struct dirent *dp;
+	DIR *dir = NULL;
+	dev_t dev;
+	ino_t ino;
+	int first;
+	char *bpt, *bup;
+	struct stat s;
+	dev_t root_dev;
+	ino_t root_ino;
+	size_t ptsize, upsize;
+	int save_errno;
+	char *ept, *eup, *up;
+
+	/*
+	 * If no buffer specified by the user, allocate one as necessary.
+	 * If a buffer is specified, the size has to be non-zero.  The path
+	 * is built from the end of the buffer backwards.
+	 */
+	if (pt) {
+		ptsize = 0;
+		if (!size) {
+			errno = EINVAL;
+			return (NULL);
+		}
+		ept = pt + size;
+	} else {
+		if ((pt = malloc(ptsize = 1024 - 4)) == NULL)
+			return (NULL);
+		ept = pt + ptsize;
+	}
+	bpt = ept - 1;
+	*bpt = '\0';
+
+	/*
+	 * Allocate bytes (1024 - malloc space) for the string of "../"'s.
+	 * Should always be enough (it's 340 levels).  If it's not, allocate
+	 * as necessary.  Special * case the first stat, it's ".", not "..".
+	 */
+	if ((up = malloc(upsize = 1024 - 4)) == NULL)
+		goto err;
+	eup = up + PATH_MAX;
+	bup = up;
+	up[0] = '.';
+	up[1] = '\0';
+
+	/* Save root values, so know when to stop. */
+	if (stat("/", &s))
+		goto err;
+	root_dev = s.st_dev;
+	root_ino = s.st_ino;
+
+	errno = 0;			/* XXX readdir has no error return. */
+
+	for (first = 1;; first = 0) {
+		/* Stat the current level. */
+		if (lstat(up, &s))
+			goto err;
+
+		/* Save current node values. */
+		ino = s.st_ino;
+		dev = s.st_dev;
+
+		/* Check for reaching root. */
+		if (root_dev == dev && root_ino == ino) {
+			*--bpt = '/';
+			/*
+			 * It's unclear that it's a requirement to copy the
+			 * path to the beginning of the buffer, but it's always
+			 * been that way and stuff would probably break.
+			 */
+			bcopy(bpt, pt, ept - bpt);
+			free(up);
+			return (pt);
+		}
+
+		/*
+		 * Build pointer to the parent directory, allocating memory
+		 * as necessary.  Max length is 3 for "../", the largest
+		 * possible component name, plus a trailing NULL.
+		 */
+		if (bup + 3  + MAXNAMLEN + 1 >= eup) {
+			char *nup;
+
+			if ((nup = realloc(up, upsize *= 2)) == NULL)
+				goto err;
+			up = nup;
+			bup = up;
+			eup = up + upsize;
+		}
+		*bup++ = '.';
+		*bup++ = '.';
+		*bup = '\0';
+
+		/* Open and stat parent directory. */
+		if (!(dir = opendir(up)) || fstat(dirfd(dir), &s))
+			goto err;
+
+		/* Add trailing slash for next directory. */
+		*bup++ = '/';
+
+		/*
+		 * If it's a mount point, have to stat each element because
+		 * the inode number in the directory is for the entry in the
+		 * parent directory, not the inode number of the mounted file.
+		 */
+		save_errno = 0;
+		if (s.st_dev == dev) {
+			for (;;) {
+				if (!(dp = readdir(dir)))
+					goto notfound;
+				if (dp->d_fileno == ino)
+					break;
+			}
+		} else
+			for (;;) {
+				if (!(dp = readdir(dir)))
+					goto notfound;
+				if (ISDOT(dp))
+					continue;
+				bcopy(dp->d_name, bup, NAMLEN(dp) + 1);
+
+				/* Save the first error for later. */
+				if (lstat(up, &s)) {
+					if (!save_errno)
+						save_errno = errno;
+					errno = 0;
+					continue;
+				}
+				if (s.st_dev == dev && s.st_ino == ino)
+					break;
+			}
+
+		/*
+		 * Check for length of the current name, preceding slash,
+		 * leading slash.
+		 */
+		if (bpt - pt <= NAMLEN(dp) + (first ? 1 : 2)) {
+			size_t len, off;
+			char *npt;
+
+			if (!ptsize) {
+				errno = ERANGE;
+				goto err;
+			}
+			off = bpt - pt;
+			len = ept - bpt;
+			if ((npt = realloc(pt, ptsize *= 2)) == NULL)
+				goto err;
+			pt = npt;
+			bpt = pt + off;
+			ept = pt + ptsize;
+			bcopy(bpt, ept - len, len);
+			bpt = ept - len;
+		}
+		if (!first)
+			*--bpt = '/';
+		bpt -= NAMLEN(dp);
+		bcopy(dp->d_name, bpt, NAMLEN(dp));
+		(void)closedir(dir);
+
+		/* Truncate any file name. */
+		*bup = '\0';
+	}
+
+notfound:
+	/*
+	 * If readdir set errno, use it, not any saved error; otherwise,
+	 * didn't find the current directory in its parent directory, set
+	 * errno to ENOENT.
+	 */
+	if (!errno)
+		errno = save_errno ? save_errno : ENOENT;
+	/* FALLTHROUGH */
+err:
+	if (ptsize)
+		free(pt);
+	if (up)
+		free(up);
+	if (dir)
+		(void)closedir(dir);
+	return (NULL);
+}
diff --git a/sudo-1.7.4p4/getdate.c b/sudo-1.7.4p4/getdate.c
new file mode 100644
index 0000000..928246b
--- /dev/null
+++ b/sudo-1.7.4p4/getdate.c
@@ -0,0 +1,1595 @@
+#include <stdlib.h>
+#include <string.h>
+#define YYBYACC 1
+#define YYMAJOR 1
+#define YYMINOR 9
+#define YYLEX yylex()
+#define YYEMPTY -1
+#define yyclearin (yychar=(YYEMPTY))
+#define yyerrok (yyerrflag=0)
+#define YYRECOVERING() (yyerrflag!=0)
+#define YYPREFIX "yy"
+#line 2 "getdate.y"
+/*
+**  Originally written by Steven M. Bellovin <smb@research.att.com> while
+**  at the University of North Carolina at Chapel Hill.  Later tweaked by
+**  a couple of people on Usenet.  Completely overhauled by Rich $alz
+**  <rsalz@bbn.com> and Jim Berets <jberets@bbn.com> in August, 1990;
+**
+**  This grammar has 10 shift/reduce conflicts.
+**
+**  This code is in the public domain and has no copyright.
+*/
+/* SUPPRESS 287 on yaccpar_sccsid *//* Unused static variable */
+/* SUPPRESS 288 on yyerrlab *//* Label unused */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+#  include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+#include <ctype.h>
+
+#include "compat.h"
+
+
+#define EPOCH		1970
+#define HOUR(x)		((time_t)(x) * 60)
+#define SECSPERDAY	(24L * 60L * 60L)
+
+
+/*
+**  An entry in the lexical lookup table.
+*/
+typedef struct _TABLE {
+    char	*name;
+    int		type;
+    time_t	value;
+} TABLE;
+
+
+/*
+**  Daylight-savings mode:  on, off, or not yet known.
+*/
+typedef enum _DSTMODE {
+    DSTon, DSToff, DSTmaybe
+} DSTMODE;
+
+/*
+**  Meridian:  am, pm, or 24-hour style.
+*/
+typedef enum _MERIDIAN {
+    MERam, MERpm, MER24
+} MERIDIAN;
+
+
+/*
+**  Global variables.  We could get rid of most of these by using a good
+**  union as the yacc stack.  (This routine was originally written before
+**  yacc had the %union construct.)  Maybe someday; right now we only use
+**  the %union very rarely.
+*/
+static char	*yyInput;
+static DSTMODE	yyDSTmode;
+static time_t	yyDayOrdinal;
+static time_t	yyDayNumber;
+static int	yyHaveDate;
+static int	yyHaveDay;
+static int	yyHaveRel;
+static int	yyHaveTime;
+static int	yyHaveZone;
+static time_t	yyTimezone;
+static time_t	yyDay;
+static time_t	yyHour;
+static time_t	yyMinutes;
+static time_t	yyMonth;
+static time_t	yySeconds;
+static time_t	yyYear;
+static MERIDIAN	yyMeridian;
+static time_t	yyRelMonth;
+static time_t	yyRelSeconds;
+
+static int	yyerror __P((char *s));
+static int	yylex __P((void));
+static int	yyparse __P((void));
+
+#line 107 "getdate.y"
+#ifndef YYSTYPE_DEFINED
+#define YYSTYPE_DEFINED
+typedef union {
+    time_t		Number;
+    enum _MERIDIAN	Meridian;
+} YYSTYPE;
+#endif /* YYSTYPE_DEFINED */
+#line 125 "y.tab.c"
+#define tAGO 257
+#define tDAY 258
+#define tDAYZONE 259
+#define tID 260
+#define tMERIDIAN 261
+#define tMINUTE_UNIT 262
+#define tMONTH 263
+#define tMONTH_UNIT 264
+#define tSEC_UNIT 265
+#define tSNUMBER 266
+#define tUNUMBER 267
+#define tZONE 268
+#define tDST 269
+#define YYERRCODE 256
+#if defined(__cplusplus) || defined(__STDC__)
+const short yylhs[] =
+#else
+short yylhs[] =
+#endif
+	{                                        -1,
+    0,    0,    2,    2,    2,    2,    2,    2,    3,    3,
+    3,    3,    3,    4,    4,    4,    6,    6,    6,    5,
+    5,    5,    5,    5,    5,    5,    5,    7,    7,    9,
+    9,    9,    9,    9,    9,    9,    9,    9,    8,    1,
+    1,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yylen[] =
+#else
+short yylen[] =
+#endif
+	{                                         2,
+    0,    2,    1,    1,    1,    1,    1,    1,    2,    4,
+    4,    6,    6,    1,    1,    2,    1,    2,    2,    3,
+    5,    3,    3,    2,    4,    2,    3,    2,    1,    2,
+    2,    1,    2,    2,    1,    2,    2,    1,    1,    0,
+    1,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yydefred[] =
+#else
+short yydefred[] =
+#endif
+	{                                      1,
+    0,    0,   15,   32,    0,   38,   35,    0,    0,    0,
+    2,    3,    4,    5,    6,    7,    8,    0,   18,    0,
+   31,   36,   33,   19,    9,   30,    0,   37,   34,    0,
+    0,    0,   16,   28,    0,   23,   27,   22,    0,    0,
+   25,   41,   11,    0,   10,    0,    0,   21,   13,   12,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yydgoto[] =
+#else
+short yydgoto[] =
+#endif
+	{                                       1,
+   45,   11,   12,   13,   14,   15,   16,   17,   18,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yysindex[] =
+#else
+short yysindex[] =
+#endif
+	{                                      0,
+ -249,  -38,    0,    0, -260,    0,    0, -240,  -47, -248,
+    0,    0,    0,    0,    0,    0,    0, -237,    0,  -18,
+    0,    0,    0,    0,    0,    0, -262,    0,    0, -239,
+ -238, -236,    0,    0, -235,    0,    0,    0,  -56,  -19,
+    0,    0,    0, -234,    0, -232, -258,    0,    0,    0,};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yyrindex[] =
+#else
+short yyrindex[] =
+#endif
+	{                                      0,
+    0,    1,    0,    0,    0,    0,    0,    0,   69,   12,
+    0,    0,    0,    0,    0,    0,    0,   23,    0,   34,
+    0,    0,    0,    0,    0,    0,   67,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,   56,   45,
+    0,    0,    0,    0,    0,    0,   56,    0,    0,    0,};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yygindex[] =
+#else
+short yygindex[] =
+#endif
+	{                                      0,
+  -17,    0,    0,    0,    0,    0,    0,    0,    0,
+};
+#define YYTABLESIZE 337
+#if defined(__cplusplus) || defined(__STDC__)
+const short yytable[] =
+#else
+short yytable[] =
+#endif
+	{                                      32,
+   17,   44,   42,   36,   37,   19,   20,   49,    2,    3,
+   31,   14,    4,    5,    6,    7,    8,    9,   10,   34,
+   33,   21,   29,   22,   23,   35,   38,   46,   39,   50,
+   40,   41,   47,   24,   48,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,   20,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,   40,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,   26,    0,   39,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,   42,    0,    0,    0,    0,   43,
+   24,    0,    0,   25,   26,   27,   28,   29,   30,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,   17,   17,
+    0,    0,   17,   17,   17,   17,   17,   17,   17,   14,
+   14,    0,    0,   14,   14,   14,   14,   14,   14,   14,
+   29,   29,    0,    0,   29,   29,   29,   29,   29,   29,
+   29,   24,   24,    0,    0,   24,   24,   24,   24,   24,
+   24,   24,   20,   20,    0,    0,   20,   20,   20,   20,
+   20,   20,   20,   40,   40,    0,    0,   40,   40,   40,
+   40,    0,   40,   40,   26,   26,    0,   39,   26,   26,
+   26,   26,    0,    0,   26,   39,   39,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yycheck[] =
+#else
+short yycheck[] =
+#endif
+	{                                      47,
+    0,   58,  261,  266,  267,   44,  267,  266,  258,  259,
+   58,    0,  262,  263,  264,  265,  266,  267,  268,  257,
+  269,  262,    0,  264,  265,   44,  266,   47,  267,   47,
+  267,  267,  267,    0,  267,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,    0,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,    0,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,    0,   -1,    0,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,  261,   -1,   -1,   -1,   -1,  266,
+  258,   -1,   -1,  261,  262,  263,  264,  265,  266,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,  258,  259,
+   -1,   -1,  262,  263,  264,  265,  266,  267,  268,  258,
+  259,   -1,   -1,  262,  263,  264,  265,  266,  267,  268,
+  258,  259,   -1,   -1,  262,  263,  264,  265,  266,  267,
+  268,  258,  259,   -1,   -1,  262,  263,  264,  265,  266,
+  267,  268,  258,  259,   -1,   -1,  262,  263,  264,  265,
+  266,  267,  268,  258,  259,   -1,   -1,  262,  263,  264,
+  265,   -1,  267,  268,  258,  259,   -1,  259,  262,  263,
+  264,  265,   -1,   -1,  268,  267,  268,
+};
+#define YYFINAL 1
+#ifndef YYDEBUG
+#define YYDEBUG 0
+#endif
+#define YYMAXTOKEN 269
+#if YYDEBUG
+#if defined(__cplusplus) || defined(__STDC__)
+const char * const yyname[] =
+#else
+char *yyname[] =
+#endif
+	{
+"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,"','",0,0,"'/'",0,0,0,0,0,0,0,0,0,0,"':'",0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"tAGO","tDAY",
+"tDAYZONE","tID","tMERIDIAN","tMINUTE_UNIT","tMONTH","tMONTH_UNIT","tSEC_UNIT",
+"tSNUMBER","tUNUMBER","tZONE","tDST",
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const char * const yyrule[] =
+#else
+char *yyrule[] =
+#endif
+	{"$accept : spec",
+"spec :",
+"spec : spec item",
+"item : time",
+"item : zone",
+"item : date",
+"item : day",
+"item : rel",
+"item : number",
+"time : tUNUMBER tMERIDIAN",
+"time : tUNUMBER ':' tUNUMBER o_merid",
+"time : tUNUMBER ':' tUNUMBER tSNUMBER",
+"time : tUNUMBER ':' tUNUMBER ':' tUNUMBER o_merid",
+"time : tUNUMBER ':' tUNUMBER ':' tUNUMBER tSNUMBER",
+"zone : tZONE",
+"zone : tDAYZONE",
+"zone : tZONE tDST",
+"day : tDAY",
+"day : tDAY ','",
+"day : tUNUMBER tDAY",
+"date : tUNUMBER '/' tUNUMBER",
+"date : tUNUMBER '/' tUNUMBER '/' tUNUMBER",
+"date : tUNUMBER tSNUMBER tSNUMBER",
+"date : tUNUMBER tMONTH tSNUMBER",
+"date : tMONTH tUNUMBER",
+"date : tMONTH tUNUMBER ',' tUNUMBER",
+"date : tUNUMBER tMONTH",
+"date : tUNUMBER tMONTH tUNUMBER",
+"rel : relunit tAGO",
+"rel : relunit",
+"relunit : tUNUMBER tMINUTE_UNIT",
+"relunit : tSNUMBER tMINUTE_UNIT",
+"relunit : tMINUTE_UNIT",
+"relunit : tSNUMBER tSEC_UNIT",
+"relunit : tUNUMBER tSEC_UNIT",
+"relunit : tSEC_UNIT",
+"relunit : tSNUMBER tMONTH_UNIT",
+"relunit : tUNUMBER tMONTH_UNIT",
+"relunit : tMONTH_UNIT",
+"number : tUNUMBER",
+"o_merid :",
+"o_merid : tMERIDIAN",
+};
+#endif
+#ifdef YYSTACKSIZE
+#undef YYMAXDEPTH
+#define YYMAXDEPTH YYSTACKSIZE
+#else
+#ifdef YYMAXDEPTH
+#define YYSTACKSIZE YYMAXDEPTH
+#else
+#define YYSTACKSIZE 10000
+#define YYMAXDEPTH 10000
+#endif
+#endif
+#define YYINITSTACKSIZE 200
+/* LINTUSED */
+int yydebug;
+int yynerrs;
+int yyerrflag;
+int yychar;
+short *yyssp;
+YYSTYPE *yyvsp;
+YYSTYPE yyval;
+YYSTYPE yylval;
+short *yyss;
+short *yysslim;
+YYSTYPE *yyvs;
+int yystacksize;
+#line 326 "getdate.y"
+
+/* Month and day table. */
+static TABLE const MonthDayTable[] = {
+    { "january",	tMONTH,  1 },
+    { "february",	tMONTH,  2 },
+    { "march",		tMONTH,  3 },
+    { "april",		tMONTH,  4 },
+    { "may",		tMONTH,  5 },
+    { "june",		tMONTH,  6 },
+    { "july",		tMONTH,  7 },
+    { "august",		tMONTH,  8 },
+    { "september",	tMONTH,  9 },
+    { "sept",		tMONTH,  9 },
+    { "october",	tMONTH, 10 },
+    { "november",	tMONTH, 11 },
+    { "december",	tMONTH, 12 },
+    { "sunday",		tDAY, 0 },
+    { "monday",		tDAY, 1 },
+    { "tuesday",	tDAY, 2 },
+    { "tues",		tDAY, 2 },
+    { "wednesday",	tDAY, 3 },
+    { "wednes",		tDAY, 3 },
+    { "thursday",	tDAY, 4 },
+    { "thur",		tDAY, 4 },
+    { "thurs",		tDAY, 4 },
+    { "friday",		tDAY, 5 },
+    { "saturday",	tDAY, 6 },
+    { NULL }
+};
+
+/* Time units table. */
+static TABLE const UnitsTable[] = {
+    { "year",		tMONTH_UNIT,	12 },
+    { "month",		tMONTH_UNIT,	1 },
+    { "fortnight",	tMINUTE_UNIT,	14 * 24 * 60 },
+    { "week",		tMINUTE_UNIT,	7 * 24 * 60 },
+    { "day",		tMINUTE_UNIT,	1 * 24 * 60 },
+    { "hour",		tMINUTE_UNIT,	60 },
+    { "minute",		tMINUTE_UNIT,	1 },
+    { "min",		tMINUTE_UNIT,	1 },
+    { "second",		tSEC_UNIT,	1 },
+    { "sec",		tSEC_UNIT,	1 },
+    { NULL }
+};
+
+/* Assorted relative-time words. */
+static TABLE const OtherTable[] = {
+    { "tomorrow",	tMINUTE_UNIT,	1 * 24 * 60 },
+    { "yesterday",	tMINUTE_UNIT,	-1 * 24 * 60 },
+    { "today",		tMINUTE_UNIT,	0 },
+    { "now",		tMINUTE_UNIT,	0 },
+    { "last",		tUNUMBER,	-1 },
+    { "this",		tMINUTE_UNIT,	0 },
+    { "next",		tUNUMBER,	2 },
+    { "first",		tUNUMBER,	1 },
+/*  { "second",		tUNUMBER,	2 }, */
+    { "third",		tUNUMBER,	3 },
+    { "fourth",		tUNUMBER,	4 },
+    { "fifth",		tUNUMBER,	5 },
+    { "sixth",		tUNUMBER,	6 },
+    { "seventh",	tUNUMBER,	7 },
+    { "eighth",		tUNUMBER,	8 },
+    { "ninth",		tUNUMBER,	9 },
+    { "tenth",		tUNUMBER,	10 },
+    { "eleventh",	tUNUMBER,	11 },
+    { "twelfth",	tUNUMBER,	12 },
+    { "ago",		tAGO,	1 },
+    { NULL }
+};
+
+/* The timezone table. */
+/* Some of these are commented out because a time_t can't store a float. */
+static TABLE const TimezoneTable[] = {
+    { "gmt",	tZONE,     HOUR( 0) },	/* Greenwich Mean */
+    { "ut",	tZONE,     HOUR( 0) },	/* Universal (Coordinated) */
+    { "utc",	tZONE,     HOUR( 0) },
+    { "wet",	tZONE,     HOUR( 0) },	/* Western European */
+    { "bst",	tDAYZONE,  HOUR( 0) },	/* British Summer */
+    { "wat",	tZONE,     HOUR( 1) },	/* West Africa */
+    { "at",	tZONE,     HOUR( 2) },	/* Azores */
+#if	0
+    /* For completeness.  BST is also British Summer, and GST is
+     * also Guam Standard. */
+    { "bst",	tZONE,     HOUR( 3) },	/* Brazil Standard */
+    { "gst",	tZONE,     HOUR( 3) },	/* Greenland Standard */
+#endif
+#if 0
+    { "nft",	tZONE,     HOUR(3.5) },	/* Newfoundland */
+    { "nst",	tZONE,     HOUR(3.5) },	/* Newfoundland Standard */
+    { "ndt",	tDAYZONE,  HOUR(3.5) },	/* Newfoundland Daylight */
+#endif
+    { "ast",	tZONE,     HOUR( 4) },	/* Atlantic Standard */
+    { "adt",	tDAYZONE,  HOUR( 4) },	/* Atlantic Daylight */
+    { "est",	tZONE,     HOUR( 5) },	/* Eastern Standard */
+    { "edt",	tDAYZONE,  HOUR( 5) },	/* Eastern Daylight */
+    { "cst",	tZONE,     HOUR( 6) },	/* Central Standard */
+    { "cdt",	tDAYZONE,  HOUR( 6) },	/* Central Daylight */
+    { "mst",	tZONE,     HOUR( 7) },	/* Mountain Standard */
+    { "mdt",	tDAYZONE,  HOUR( 7) },	/* Mountain Daylight */
+    { "pst",	tZONE,     HOUR( 8) },	/* Pacific Standard */
+    { "pdt",	tDAYZONE,  HOUR( 8) },	/* Pacific Daylight */
+    { "yst",	tZONE,     HOUR( 9) },	/* Yukon Standard */
+    { "ydt",	tDAYZONE,  HOUR( 9) },	/* Yukon Daylight */
+    { "hst",	tZONE,     HOUR(10) },	/* Hawaii Standard */
+    { "hdt",	tDAYZONE,  HOUR(10) },	/* Hawaii Daylight */
+    { "cat",	tZONE,     HOUR(10) },	/* Central Alaska */
+    { "ahst",	tZONE,     HOUR(10) },	/* Alaska-Hawaii Standard */
+    { "nt",	tZONE,     HOUR(11) },	/* Nome */
+    { "idlw",	tZONE,     HOUR(12) },	/* International Date Line West */
+    { "cet",	tZONE,     -HOUR(1) },	/* Central European */
+    { "met",	tZONE,     -HOUR(1) },	/* Middle European */
+    { "mewt",	tZONE,     -HOUR(1) },	/* Middle European Winter */
+    { "mest",	tDAYZONE,  -HOUR(1) },	/* Middle European Summer */
+    { "swt",	tZONE,     -HOUR(1) },	/* Swedish Winter */
+    { "sst",	tDAYZONE,  -HOUR(1) },	/* Swedish Summer */
+    { "fwt",	tZONE,     -HOUR(1) },	/* French Winter */
+    { "fst",	tDAYZONE,  -HOUR(1) },	/* French Summer */
+    { "eet",	tZONE,     -HOUR(2) },	/* Eastern Europe, USSR Zone 1 */
+    { "bt",	tZONE,     -HOUR(3) },	/* Baghdad, USSR Zone 2 */
+#if 0
+    { "it",	tZONE,     -HOUR(3.5) },/* Iran */
+#endif
+    { "zp4",	tZONE,     -HOUR(4) },	/* USSR Zone 3 */
+    { "zp5",	tZONE,     -HOUR(5) },	/* USSR Zone 4 */
+#if 0
+    { "ist",	tZONE,     -HOUR(5.5) },/* Indian Standard */
+#endif
+    { "zp6",	tZONE,     -HOUR(6) },	/* USSR Zone 5 */
+#if	0
+    /* For completeness.  NST is also Newfoundland Stanard, and SST is
+     * also Swedish Summer. */
+    { "nst",	tZONE,     -HOUR(6.5) },/* North Sumatra */
+    { "sst",	tZONE,     -HOUR(7) },	/* South Sumatra, USSR Zone 6 */
+#endif	/* 0 */
+    { "wast",	tZONE,     -HOUR(7) },	/* West Australian Standard */
+    { "wadt",	tDAYZONE,  -HOUR(7) },	/* West Australian Daylight */
+#if 0
+    { "jt",	tZONE,     -HOUR(7.5) },/* Java (3pm in Cronusland!) */
+#endif
+    { "cct",	tZONE,     -HOUR(8) },	/* China Coast, USSR Zone 7 */
+    { "jst",	tZONE,     -HOUR(9) },	/* Japan Standard, USSR Zone 8 */
+#if 0
+    { "cast",	tZONE,     -HOUR(9.5) },/* Central Australian Standard */
+    { "cadt",	tDAYZONE,  -HOUR(9.5) },/* Central Australian Daylight */
+#endif
+    { "east",	tZONE,     -HOUR(10) },	/* Eastern Australian Standard */
+    { "eadt",	tDAYZONE,  -HOUR(10) },	/* Eastern Australian Daylight */
+    { "gst",	tZONE,     -HOUR(10) },	/* Guam Standard, USSR Zone 9 */
+    { "nzt",	tZONE,     -HOUR(12) },	/* New Zealand */
+    { "nzst",	tZONE,     -HOUR(12) },	/* New Zealand Standard */
+    { "nzdt",	tDAYZONE,  -HOUR(12) },	/* New Zealand Daylight */
+    { "idle",	tZONE,     -HOUR(12) },	/* International Date Line East */
+    {  NULL  }
+};
+
+/* Military timezone table. */
+static TABLE const MilitaryTable[] = {
+    { "a",	tZONE,	HOUR(  1) },
+    { "b",	tZONE,	HOUR(  2) },
+    { "c",	tZONE,	HOUR(  3) },
+    { "d",	tZONE,	HOUR(  4) },
+    { "e",	tZONE,	HOUR(  5) },
+    { "f",	tZONE,	HOUR(  6) },
+    { "g",	tZONE,	HOUR(  7) },
+    { "h",	tZONE,	HOUR(  8) },
+    { "i",	tZONE,	HOUR(  9) },
+    { "k",	tZONE,	HOUR( 10) },
+    { "l",	tZONE,	HOUR( 11) },
+    { "m",	tZONE,	HOUR( 12) },
+    { "n",	tZONE,	HOUR(- 1) },
+    { "o",	tZONE,	HOUR(- 2) },
+    { "p",	tZONE,	HOUR(- 3) },
+    { "q",	tZONE,	HOUR(- 4) },
+    { "r",	tZONE,	HOUR(- 5) },
+    { "s",	tZONE,	HOUR(- 6) },
+    { "t",	tZONE,	HOUR(- 7) },
+    { "u",	tZONE,	HOUR(- 8) },
+    { "v",	tZONE,	HOUR(- 9) },
+    { "w",	tZONE,	HOUR(-10) },
+    { "x",	tZONE,	HOUR(-11) },
+    { "y",	tZONE,	HOUR(-12) },
+    { "z",	tZONE,	HOUR(  0) },
+    { NULL }
+};
+
+
+
+
+/* ARGSUSED */
+static int
+yyerror(s)
+    char	*s;
+{
+  return 0;
+}
+
+
+static time_t
+ToSeconds(Hours, Minutes, Seconds, Meridian)
+    time_t	Hours;
+    time_t	Minutes;
+    time_t	Seconds;
+    MERIDIAN	Meridian;
+{
+    if (Minutes < 0 || Minutes > 59 || Seconds < 0 || Seconds > 59)
+	return -1;
+    switch (Meridian) {
+    case MER24:
+	if (Hours < 0 || Hours > 23)
+	    return -1;
+	return (Hours * 60L + Minutes) * 60L + Seconds;
+    case MERam:
+	if (Hours < 1 || Hours > 12)
+	    return -1;
+	if (Hours == 12)
+	    Hours = 0;
+	return (Hours * 60L + Minutes) * 60L + Seconds;
+    case MERpm:
+	if (Hours < 1 || Hours > 12)
+	    return -1;
+	if (Hours == 12)
+	    Hours = 0;
+	return ((Hours + 12) * 60L + Minutes) * 60L + Seconds;
+    default:
+	abort ();
+    }
+    /* NOTREACHED */
+}
+
+
+/* Year is either
+   * A negative number, which means to use its absolute value (why?)
+   * A number from 0 to 99, which means a year from 1900 to 1999, or
+   * The actual year (>=100).  */
+static time_t
+Convert(Month, Day, Year, Hours, Minutes, Seconds, Meridian, DSTmode)
+    time_t	Month;
+    time_t	Day;
+    time_t	Year;
+    time_t	Hours;
+    time_t	Minutes;
+    time_t	Seconds;
+    MERIDIAN	Meridian;
+    DSTMODE	DSTmode;
+{
+    static int DaysInMonth[12] = {
+	31, 0, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
+    };
+    time_t	tod;
+    time_t	Julian;
+    int		i;
+
+    if (Year < 0)
+	Year = -Year;
+    if (Year < 69)
+	Year += 2000;
+    else if (Year < 100) {
+	Year += 1900;
+	if (Year < EPOCH)
+		Year += 100;
+    }
+    DaysInMonth[1] = Year % 4 == 0 && (Year % 100 != 0 || Year % 400 == 0)
+		    ? 29 : 28;
+    /* Checking for 2038 bogusly assumes that time_t is 32 bits.  But
+       I'm too lazy to try to check for time_t overflow in another way.  */
+    if (Year < EPOCH || Year > 2038
+     || Month < 1 || Month > 12
+     /* Lint fluff:  "conversion from long may lose accuracy" */
+     || Day < 1 || Day > DaysInMonth[(int)--Month])
+	return -1;
+
+    for (Julian = Day - 1, i = 0; i < Month; i++)
+	Julian += DaysInMonth[i];
+    for (i = EPOCH; i < Year; i++)
+	Julian += 365 + (i % 4 == 0);
+    Julian *= SECSPERDAY;
+    Julian += yyTimezone * 60L;
+    if ((tod = ToSeconds(Hours, Minutes, Seconds, Meridian)) < 0)
+	return -1;
+    Julian += tod;
+    if (DSTmode == DSTon
+     || (DSTmode == DSTmaybe && localtime(&Julian)->tm_isdst))
+	Julian -= 60 * 60;
+    return Julian;
+}
+
+
+static time_t
+DSTcorrect(Start, Future)
+    time_t	Start;
+    time_t	Future;
+{
+    time_t	StartDay;
+    time_t	FutureDay;
+
+    StartDay = (localtime(&Start)->tm_hour + 1) % 24;
+    FutureDay = (localtime(&Future)->tm_hour + 1) % 24;
+    return (Future - Start) + (StartDay - FutureDay) * 60L * 60L;
+}
+
+
+static time_t
+RelativeDate(Start, DayOrdinal, DayNumber)
+    time_t	Start;
+    time_t	DayOrdinal;
+    time_t	DayNumber;
+{
+    struct tm	*tm;
+    time_t	now;
+
+    now = Start;
+    tm = localtime(&now);
+    now += SECSPERDAY * ((DayNumber - tm->tm_wday + 7) % 7);
+    now += 7 * SECSPERDAY * (DayOrdinal <= 0 ? DayOrdinal : DayOrdinal - 1);
+    return DSTcorrect(Start, now);
+}
+
+
+static time_t
+RelativeMonth(Start, RelMonth)
+    time_t	Start;
+    time_t	RelMonth;
+{
+    struct tm	*tm;
+    time_t	Month;
+    time_t	Year;
+
+    if (RelMonth == 0)
+	return 0;
+    tm = localtime(&Start);
+    Month = 12 * (tm->tm_year + 1900) + tm->tm_mon + RelMonth;
+    Year = Month / 12;
+    Month = Month % 12 + 1;
+    return DSTcorrect(Start,
+	    Convert(Month, (time_t)tm->tm_mday, Year,
+		(time_t)tm->tm_hour, (time_t)tm->tm_min, (time_t)tm->tm_sec,
+		MER24, DSTmaybe));
+}
+
+
+static int
+LookupWord(buff)
+    char		*buff;
+{
+    char		*p;
+    char		*q;
+    const TABLE		*tp;
+    int			i;
+    int			abbrev;
+
+    /* Make it lowercase. */
+    for (p = buff; *p; p++)
+	if (isupper((unsigned char)*p))
+	    *p = tolower((unsigned char)*p);
+
+    if (strcmp(buff, "am") == 0 || strcmp(buff, "a.m.") == 0) {
+	yylval.Meridian = MERam;
+	return tMERIDIAN;
+    }
+    if (strcmp(buff, "pm") == 0 || strcmp(buff, "p.m.") == 0) {
+	yylval.Meridian = MERpm;
+	return tMERIDIAN;
+    }
+
+    /* See if we have an abbreviation for a month. */
+    if (strlen(buff) == 3)
+	abbrev = 1;
+    else if (strlen(buff) == 4 && buff[3] == '.') {
+	abbrev = 1;
+	buff[3] = '\0';
+    }
+    else
+	abbrev = 0;
+
+    for (tp = MonthDayTable; tp->name; tp++) {
+	if (abbrev) {
+	    if (strncmp(buff, tp->name, 3) == 0) {
+		yylval.Number = tp->value;
+		return tp->type;
+	    }
+	}
+	else if (strcmp(buff, tp->name) == 0) {
+	    yylval.Number = tp->value;
+	    return tp->type;
+	}
+    }
+
+    for (tp = TimezoneTable; tp->name; tp++)
+	if (strcmp(buff, tp->name) == 0) {
+	    yylval.Number = tp->value;
+	    return tp->type;
+	}
+
+    if (strcmp(buff, "dst") == 0) 
+	return tDST;
+
+    for (tp = UnitsTable; tp->name; tp++)
+	if (strcmp(buff, tp->name) == 0) {
+	    yylval.Number = tp->value;
+	    return tp->type;
+	}
+
+    /* Strip off any plural and try the units table again. */
+    i = strlen(buff) - 1;
+    if (buff[i] == 's') {
+	buff[i] = '\0';
+	for (tp = UnitsTable; tp->name; tp++)
+	    if (strcmp(buff, tp->name) == 0) {
+		yylval.Number = tp->value;
+		return tp->type;
+	    }
+	buff[i] = 's';		/* Put back for "this" in OtherTable. */
+    }
+
+    for (tp = OtherTable; tp->name; tp++)
+	if (strcmp(buff, tp->name) == 0) {
+	    yylval.Number = tp->value;
+	    return tp->type;
+	}
+
+    /* Military timezones. */
+    if (buff[1] == '\0' && isalpha((unsigned char)*buff)) {
+	for (tp = MilitaryTable; tp->name; tp++)
+	    if (strcmp(buff, tp->name) == 0) {
+		yylval.Number = tp->value;
+		return tp->type;
+	    }
+    }
+
+    /* Drop out any periods and try the timezone table again. */
+    for (i = 0, p = q = buff; *q; q++)
+	if (*q != '.')
+	    *p++ = *q;
+	else
+	    i++;
+    *p = '\0';
+    if (i)
+	for (tp = TimezoneTable; tp->name; tp++)
+	    if (strcmp(buff, tp->name) == 0) {
+		yylval.Number = tp->value;
+		return tp->type;
+	    }
+
+    return tID;
+}
+
+
+static int
+yylex()
+{
+    char		c;
+    char		*p;
+    char		buff[20];
+    int			Count;
+    int			sign;
+
+    for ( ; ; ) {
+	while (isspace((unsigned char)*yyInput))
+	    yyInput++;
+
+	if (isdigit((unsigned char)(c = *yyInput)) || c == '-' || c == '+') {
+	    if (c == '-' || c == '+') {
+		sign = c == '-' ? -1 : 1;
+		if (!isdigit((unsigned char)*++yyInput))
+		    /* skip the '-' sign */
+		    continue;
+	    }
+	    else
+		sign = 0;
+	    for (yylval.Number = 0; isdigit((unsigned char)(c = *yyInput++)); )
+		yylval.Number = 10 * yylval.Number + c - '0';
+	    yyInput--;
+	    if (sign < 0)
+		yylval.Number = -yylval.Number;
+	    return sign ? tSNUMBER : tUNUMBER;
+	}
+	if (isalpha((unsigned char)c)) {
+	    for (p = buff; isalpha((unsigned char)(c = *yyInput++)) || c == '.'; )
+		if (p < &buff[sizeof buff - 1])
+		    *p++ = c;
+	    *p = '\0';
+	    yyInput--;
+	    return LookupWord(buff);
+	}
+	if (c != '(')
+	    return *yyInput++;
+	Count = 0;
+	do {
+	    c = *yyInput++;
+	    if (c == '\0')
+		return c;
+	    if (c == '(')
+		Count++;
+	    else if (c == ')')
+		Count--;
+	} while (Count > 0);
+    }
+}
+
+#define TM_YEAR_ORIGIN 1900
+
+/* Yield A - B, measured in seconds.  */
+static long
+difftm (a, b)
+     struct tm *a, *b;
+{
+  int ay = a->tm_year + (TM_YEAR_ORIGIN - 1);
+  int by = b->tm_year + (TM_YEAR_ORIGIN - 1);
+  int days = (
+	      /* difference in day of year */
+	      a->tm_yday - b->tm_yday
+	      /* + intervening leap days */
+	      +  ((ay >> 2) - (by >> 2))
+	      -  (ay/100 - by/100)
+	      +  ((ay/100 >> 2) - (by/100 >> 2))
+	      /* + difference in years * 365 */
+	      +  (long)(ay-by) * 365
+	      );
+  return (60*(60*(24*days + (a->tm_hour - b->tm_hour))
+	      + (a->tm_min - b->tm_min))
+	  + (a->tm_sec - b->tm_sec));
+}
+
+time_t
+get_date(p)
+    char		*p;
+{
+    struct tm		*tm, *gmt, gmtbuf;
+    time_t		Start;
+    time_t		tod;
+    time_t		now;
+    time_t		timezone;
+
+    yyInput = p;
+    (void)time (&now);
+
+    gmt = gmtime (&now);
+    if (gmt != NULL)
+    {
+	/* Make a copy, in case localtime modifies *tm (I think
+	   that comment now applies to *gmt, but I am too
+	   lazy to dig into how gmtime and locatime allocate the
+	   structures they return pointers to).  */
+	gmtbuf = *gmt;
+	gmt = &gmtbuf;
+    }
+
+    if (! (tm = localtime (&now)))
+	return -1;
+
+    if (gmt != NULL)
+	timezone = difftm (gmt, tm) / 60;
+    else
+	/* We are on a system like VMS, where the system clock is
+	   in local time and the system has no concept of timezones.
+	   Hopefully we can fake this out (for the case in which the
+	   user specifies no timezone) by just saying the timezone
+	   is zero.  */
+	timezone = 0;
+
+    if(tm->tm_isdst)
+	timezone += 60;
+
+    tm = localtime(&now);
+    yyYear = tm->tm_year + 1900;
+    yyMonth = tm->tm_mon + 1;
+    yyDay = tm->tm_mday;
+    yyTimezone = timezone;
+    yyDSTmode = DSTmaybe;
+    yyHour = 0;
+    yyMinutes = 0;
+    yySeconds = 0;
+    yyMeridian = MER24;
+    yyRelSeconds = 0;
+    yyRelMonth = 0;
+    yyHaveDate = 0;
+    yyHaveDay = 0;
+    yyHaveRel = 0;
+    yyHaveTime = 0;
+    yyHaveZone = 0;
+
+    if (yyparse()
+     || yyHaveTime > 1 || yyHaveZone > 1 || yyHaveDate > 1 || yyHaveDay > 1)
+	return -1;
+
+    if (yyHaveDate || yyHaveTime || yyHaveDay) {
+	Start = Convert(yyMonth, yyDay, yyYear, yyHour, yyMinutes, yySeconds,
+		    yyMeridian, yyDSTmode);
+	if (Start < 0)
+	    return -1;
+    }
+    else {
+	Start = now;
+	if (!yyHaveRel)
+	    Start -= ((tm->tm_hour * 60L + tm->tm_min) * 60L) + tm->tm_sec;
+    }
+
+    Start += yyRelSeconds;
+    Start += RelativeMonth(Start, yyRelMonth);
+
+    if (yyHaveDay && !yyHaveDate) {
+	tod = RelativeDate(Start, yyDayOrdinal, yyDayNumber);
+	Start += tod;
+    }
+
+    /* Have to do *something* with a legitimate -1 so it's distinguishable
+     * from the error return value.  (Alternately could set errno on error.) */
+    return Start == -1 ? 0 : Start;
+}
+
+
+#if	defined(TEST)
+
+/* ARGSUSED */
+int
+main(ac, av)
+    int		ac;
+    char	*av[];
+{
+    char	buff[128];
+    time_t	d;
+
+    (void)printf("Enter date, or blank line to exit.\n\t> ");
+    (void)fflush(stdout);
+    while (gets(buff) && buff[0]) {
+	d = get_date(buff);
+	if (d == -1)
+	    (void)printf("Bad format - couldn't convert.\n");
+	else
+	    (void)printf("%s", ctime(&d));
+	(void)printf("\t> ");
+	(void)fflush(stdout);
+    }
+    exit(0);
+    /* NOTREACHED */
+}
+#endif	/* defined(TEST) */
+#line 979 "y.tab.c"
+/* allocate initial stack or double stack size, up to YYMAXDEPTH */
+#if defined(__cplusplus) || defined(__STDC__)
+static int yygrowstack(void)
+#else
+static int yygrowstack()
+#endif
+{
+    int newsize, i;
+    short *newss;
+    YYSTYPE *newvs;
+
+    if ((newsize = yystacksize) == 0)
+        newsize = YYINITSTACKSIZE;
+    else if (newsize >= YYMAXDEPTH)
+        return -1;
+    else if ((newsize *= 2) > YYMAXDEPTH)
+        newsize = YYMAXDEPTH;
+    i = yyssp - yyss;
+#ifdef SIZE_MAX
+#define YY_SIZE_MAX SIZE_MAX
+#else
+#define YY_SIZE_MAX 0x7fffffff
+#endif
+    if (newsize && YY_SIZE_MAX / newsize < sizeof *newss)
+        goto bail;
+    newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) :
+      (short *)malloc(newsize * sizeof *newss); /* overflow check above */
+    if (newss == NULL)
+        goto bail;
+    yyss = newss;
+    yyssp = newss + i;
+    if (newsize && YY_SIZE_MAX / newsize < sizeof *newvs)
+        goto bail;
+    newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) :
+      (YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */
+    if (newvs == NULL)
+        goto bail;
+    yyvs = newvs;
+    yyvsp = newvs + i;
+    yystacksize = newsize;
+    yysslim = yyss + newsize - 1;
+    return 0;
+bail:
+    if (yyss)
+            free(yyss);
+    if (yyvs)
+            free(yyvs);
+    yyss = yyssp = NULL;
+    yyvs = yyvsp = NULL;
+    yystacksize = 0;
+    return -1;
+}
+
+#define YYABORT goto yyabort
+#define YYREJECT goto yyabort
+#define YYACCEPT goto yyaccept
+#define YYERROR goto yyerrlab
+int
+#if defined(__cplusplus) || defined(__STDC__)
+yyparse(void)
+#else
+yyparse()
+#endif
+{
+    int yym, yyn, yystate;
+#if YYDEBUG
+#if defined(__cplusplus) || defined(__STDC__)
+    const char *yys;
+#else /* !(defined(__cplusplus) || defined(__STDC__)) */
+    char *yys;
+#endif /* !(defined(__cplusplus) || defined(__STDC__)) */
+
+    if ((yys = getenv("YYDEBUG")))
+    {
+        yyn = *yys;
+        if (yyn >= '0' && yyn <= '9')
+            yydebug = yyn - '0';
+    }
+#endif /* YYDEBUG */
+
+    yynerrs = 0;
+    yyerrflag = 0;
+    yychar = (-1);
+
+    if (yyss == NULL && yygrowstack()) goto yyoverflow;
+    yyssp = yyss;
+    yyvsp = yyvs;
+    *yyssp = yystate = 0;
+
+yyloop:
+    if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
+    if (yychar < 0)
+    {
+        if ((yychar = yylex()) < 0) yychar = 0;
+#if YYDEBUG
+        if (yydebug)
+        {
+            yys = 0;
+            if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
+            if (!yys) yys = "illegal-symbol";
+            printf("%sdebug: state %d, reading %d (%s)\n",
+                    YYPREFIX, yystate, yychar, yys);
+        }
+#endif
+    }
+    if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 &&
+            yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
+    {
+#if YYDEBUG
+        if (yydebug)
+            printf("%sdebug: state %d, shifting to state %d\n",
+                    YYPREFIX, yystate, yytable[yyn]);
+#endif
+        if (yyssp >= yysslim && yygrowstack())
+        {
+            goto yyoverflow;
+        }
+        *++yyssp = yystate = yytable[yyn];
+        *++yyvsp = yylval;
+        yychar = (-1);
+        if (yyerrflag > 0)  --yyerrflag;
+        goto yyloop;
+    }
+    if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 &&
+            yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
+    {
+        yyn = yytable[yyn];
+        goto yyreduce;
+    }
+    if (yyerrflag) goto yyinrecovery;
+#if defined(lint) || defined(__GNUC__)
+    goto yynewerror;
+#endif
+yynewerror:
+    yyerror("syntax error");
+#if defined(lint) || defined(__GNUC__)
+    goto yyerrlab;
+#endif
+yyerrlab:
+    ++yynerrs;
+yyinrecovery:
+    if (yyerrflag < 3)
+    {
+        yyerrflag = 3;
+        for (;;)
+        {
+            if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 &&
+                    yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
+            {
+#if YYDEBUG
+                if (yydebug)
+                    printf("%sdebug: state %d, error recovery shifting\
+ to state %d\n", YYPREFIX, *yyssp, yytable[yyn]);
+#endif
+                if (yyssp >= yysslim && yygrowstack())
+                {
+                    goto yyoverflow;
+                }
+                *++yyssp = yystate = yytable[yyn];
+                *++yyvsp = yylval;
+                goto yyloop;
+            }
+            else
+            {
+#if YYDEBUG
+                if (yydebug)
+                    printf("%sdebug: error recovery discarding state %d\n",
+                            YYPREFIX, *yyssp);
+#endif
+                if (yyssp <= yyss) goto yyabort;
+                --yyssp;
+                --yyvsp;
+            }
+        }
+    }
+    else
+    {
+        if (yychar == 0) goto yyabort;
+#if YYDEBUG
+        if (yydebug)
+        {
+            yys = 0;
+            if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
+            if (!yys) yys = "illegal-symbol";
+            printf("%sdebug: state %d, error recovery discards token %d (%s)\n",
+                    YYPREFIX, yystate, yychar, yys);
+        }
+#endif
+        yychar = (-1);
+        goto yyloop;
+    }
+yyreduce:
+#if YYDEBUG
+    if (yydebug)
+        printf("%sdebug: state %d, reducing by rule %d (%s)\n",
+                YYPREFIX, yystate, yyn, yyrule[yyn]);
+#endif
+    yym = yylen[yyn];
+    if (yym)
+        yyval = yyvsp[1-yym];
+    else
+        memset(&yyval, 0, sizeof yyval);
+    switch (yyn)
+    {
+case 3:
+#line 125 "getdate.y"
+{
+	    yyHaveTime++;
+	}
+break;
+case 4:
+#line 128 "getdate.y"
+{
+	    yyHaveZone++;
+	}
+break;
+case 5:
+#line 131 "getdate.y"
+{
+	    yyHaveDate++;
+	}
+break;
+case 6:
+#line 134 "getdate.y"
+{
+	    yyHaveDay++;
+	}
+break;
+case 7:
+#line 137 "getdate.y"
+{
+	    yyHaveRel++;
+	}
+break;
+case 9:
+#line 143 "getdate.y"
+{
+	    yyHour = yyvsp[-1].Number;
+	    yyMinutes = 0;
+	    yySeconds = 0;
+	    yyMeridian = yyvsp[0].Meridian;
+	}
+break;
+case 10:
+#line 149 "getdate.y"
+{
+	    yyHour = yyvsp[-3].Number;
+	    yyMinutes = yyvsp[-1].Number;
+	    yySeconds = 0;
+	    yyMeridian = yyvsp[0].Meridian;
+	}
+break;
+case 11:
+#line 155 "getdate.y"
+{
+	    yyHour = yyvsp[-3].Number;
+	    yyMinutes = yyvsp[-1].Number;
+	    yyMeridian = MER24;
+	    yyDSTmode = DSToff;
+	    yyTimezone = - (yyvsp[0].Number % 100 + (yyvsp[0].Number / 100) * 60);
+	}
+break;
+case 12:
+#line 162 "getdate.y"
+{
+	    yyHour = yyvsp[-5].Number;
+	    yyMinutes = yyvsp[-3].Number;
+	    yySeconds = yyvsp[-1].Number;
+	    yyMeridian = yyvsp[0].Meridian;
+	}
+break;
+case 13:
+#line 168 "getdate.y"
+{
+	    yyHour = yyvsp[-5].Number;
+	    yyMinutes = yyvsp[-3].Number;
+	    yySeconds = yyvsp[-1].Number;
+	    yyMeridian = MER24;
+	    yyDSTmode = DSToff;
+	    yyTimezone = - (yyvsp[0].Number % 100 + (yyvsp[0].Number / 100) * 60);
+	}
+break;
+case 14:
+#line 178 "getdate.y"
+{
+	    yyTimezone = yyvsp[0].Number;
+	    yyDSTmode = DSToff;
+	}
+break;
+case 15:
+#line 182 "getdate.y"
+{
+	    yyTimezone = yyvsp[0].Number;
+	    yyDSTmode = DSTon;
+	}
+break;
+case 16:
+#line 187 "getdate.y"
+{
+	    yyTimezone = yyvsp[-1].Number;
+	    yyDSTmode = DSTon;
+	}
+break;
+case 17:
+#line 193 "getdate.y"
+{
+	    yyDayOrdinal = 1;
+	    yyDayNumber = yyvsp[0].Number;
+	}
+break;
+case 18:
+#line 197 "getdate.y"
+{
+	    yyDayOrdinal = 1;
+	    yyDayNumber = yyvsp[-1].Number;
+	}
+break;
+case 19:
+#line 201 "getdate.y"
+{
+	    yyDayOrdinal = yyvsp[-1].Number;
+	    yyDayNumber = yyvsp[0].Number;
+	}
+break;
+case 20:
+#line 207 "getdate.y"
+{
+	    yyMonth = yyvsp[-2].Number;
+	    yyDay = yyvsp[0].Number;
+	}
+break;
+case 21:
+#line 211 "getdate.y"
+{
+	    if (yyvsp[-4].Number >= 100) {
+		yyYear = yyvsp[-4].Number;
+		yyMonth = yyvsp[-2].Number;
+		yyDay = yyvsp[0].Number;
+	    } else {
+		yyMonth = yyvsp[-4].Number;
+		yyDay = yyvsp[-2].Number;
+		yyYear = yyvsp[0].Number;
+	    }
+	}
+break;
+case 22:
+#line 222 "getdate.y"
+{
+	    /* ISO 8601 format.  yyyy-mm-dd.  */
+	    yyYear = yyvsp[-2].Number;
+	    yyMonth = -yyvsp[-1].Number;
+	    yyDay = -yyvsp[0].Number;
+	}
+break;
+case 23:
+#line 228 "getdate.y"
+{
+	    /* e.g. 17-JUN-1992.  */
+	    yyDay = yyvsp[-2].Number;
+	    yyMonth = yyvsp[-1].Number;
+	    yyYear = -yyvsp[0].Number;
+	}
+break;
+case 24:
+#line 234 "getdate.y"
+{
+	    yyMonth = yyvsp[-1].Number;
+	    yyDay = yyvsp[0].Number;
+	}
+break;
+case 25:
+#line 238 "getdate.y"
+{
+	    yyMonth = yyvsp[-3].Number;
+	    yyDay = yyvsp[-2].Number;
+	    yyYear = yyvsp[0].Number;
+	}
+break;
+case 26:
+#line 243 "getdate.y"
+{
+	    yyMonth = yyvsp[0].Number;
+	    yyDay = yyvsp[-1].Number;
+	}
+break;
+case 27:
+#line 247 "getdate.y"
+{
+	    yyMonth = yyvsp[-1].Number;
+	    yyDay = yyvsp[-2].Number;
+	    yyYear = yyvsp[0].Number;
+	}
+break;
+case 28:
+#line 254 "getdate.y"
+{
+	    yyRelSeconds = -yyRelSeconds;
+	    yyRelMonth = -yyRelMonth;
+	}
+break;
+case 30:
+#line 261 "getdate.y"
+{
+	    yyRelSeconds += yyvsp[-1].Number * yyvsp[0].Number * 60L;
+	}
+break;
+case 31:
+#line 264 "getdate.y"
+{
+	    yyRelSeconds += yyvsp[-1].Number * yyvsp[0].Number * 60L;
+	}
+break;
+case 32:
+#line 267 "getdate.y"
+{
+	    yyRelSeconds += yyvsp[0].Number * 60L;
+	}
+break;
+case 33:
+#line 270 "getdate.y"
+{
+	    yyRelSeconds += yyvsp[-1].Number;
+	}
+break;
+case 34:
+#line 273 "getdate.y"
+{
+	    yyRelSeconds += yyvsp[-1].Number;
+	}
+break;
+case 35:
+#line 276 "getdate.y"
+{
+	    yyRelSeconds++;
+	}
+break;
+case 36:
+#line 279 "getdate.y"
+{
+	    yyRelMonth += yyvsp[-1].Number * yyvsp[0].Number;
+	}
+break;
+case 37:
+#line 282 "getdate.y"
+{
+	    yyRelMonth += yyvsp[-1].Number * yyvsp[0].Number;
+	}
+break;
+case 38:
+#line 285 "getdate.y"
+{
+	    yyRelMonth += yyvsp[0].Number;
+	}
+break;
+case 39:
+#line 290 "getdate.y"
+{
+	    if (yyHaveTime && yyHaveDate && !yyHaveRel)
+		yyYear = yyvsp[0].Number;
+	    else {
+		if(yyvsp[0].Number>10000) {
+		    yyHaveDate++;
+		    yyDay= (yyvsp[0].Number)%100;
+		    yyMonth= (yyvsp[0].Number/100)%100;
+		    yyYear = yyvsp[0].Number/10000;
+		}
+		else {
+		    yyHaveTime++;
+		    if (yyvsp[0].Number < 100) {
+			yyHour = yyvsp[0].Number;
+			yyMinutes = 0;
+		    }
+		    else {
+		    	yyHour = yyvsp[0].Number / 100;
+		    	yyMinutes = yyvsp[0].Number % 100;
+		    }
+		    yySeconds = 0;
+		    yyMeridian = MER24;
+	        }
+	    }
+	}
+break;
+case 40:
+#line 317 "getdate.y"
+{
+	    yyval.Meridian = MER24;
+	}
+break;
+case 41:
+#line 320 "getdate.y"
+{
+	    yyval.Meridian = yyvsp[0].Meridian;
+	}
+break;
+#line 1474 "y.tab.c"
+    }
+    yyssp -= yym;
+    yystate = *yyssp;
+    yyvsp -= yym;
+    yym = yylhs[yyn];
+    if (yystate == 0 && yym == 0)
+    {
+#if YYDEBUG
+        if (yydebug)
+            printf("%sdebug: after reduction, shifting from state 0 to\
+ state %d\n", YYPREFIX, YYFINAL);
+#endif
+        yystate = YYFINAL;
+        *++yyssp = YYFINAL;
+        *++yyvsp = yyval;
+        if (yychar < 0)
+        {
+            if ((yychar = yylex()) < 0) yychar = 0;
+#if YYDEBUG
+            if (yydebug)
+            {
+                yys = 0;
+                if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
+                if (!yys) yys = "illegal-symbol";
+                printf("%sdebug: state %d, reading %d (%s)\n",
+                        YYPREFIX, YYFINAL, yychar, yys);
+            }
+#endif
+        }
+        if (yychar == 0) goto yyaccept;
+        goto yyloop;
+    }
+    if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 &&
+            yyn <= YYTABLESIZE && yycheck[yyn] == yystate)
+        yystate = yytable[yyn];
+    else
+        yystate = yydgoto[yym];
+#if YYDEBUG
+    if (yydebug)
+        printf("%sdebug: after reduction, shifting from state %d \
+to state %d\n", YYPREFIX, *yyssp, yystate);
+#endif
+    if (yyssp >= yysslim && yygrowstack())
+    {
+        goto yyoverflow;
+    }
+    *++yyssp = yystate;
+    *++yyvsp = yyval;
+    goto yyloop;
+yyoverflow:
+    yyerror("yacc stack overflow");
+yyabort:
+    if (yyss)
+            free(yyss);
+    if (yyvs)
+            free(yyvs);
+    yyss = yyssp = NULL;
+    yyvs = yyvsp = NULL;
+    yystacksize = 0;
+    return (1);
+yyaccept:
+    if (yyss)
+            free(yyss);
+    if (yyvs)
+            free(yyvs);
+    yyss = yyssp = NULL;
+    yyvs = yyvsp = NULL;
+    yystacksize = 0;
+    return (0);
+}
diff --git a/sudo-1.7.4p4/getdate.y b/sudo-1.7.4p4/getdate.y
new file mode 100644
index 0000000..2b2e3c9
--- /dev/null
+++ b/sudo-1.7.4p4/getdate.y
@@ -0,0 +1,962 @@
+%{
+/*
+**  Originally written by Steven M. Bellovin <smb@research.att.com> while
+**  at the University of North Carolina at Chapel Hill.  Later tweaked by
+**  a couple of people on Usenet.  Completely overhauled by Rich $alz
+**  <rsalz@bbn.com> and Jim Berets <jberets@bbn.com> in August, 1990;
+**
+**  This grammar has 10 shift/reduce conflicts.
+**
+**  This code is in the public domain and has no copyright.
+*/
+/* SUPPRESS 287 on yaccpar_sccsid *//* Unused static variable */
+/* SUPPRESS 288 on yyerrlab *//* Label unused */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+#  include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+#include <ctype.h>
+
+#include "compat.h"
+
+
+#define EPOCH		1970
+#define HOUR(x)		((time_t)(x) * 60)
+#define SECSPERDAY	(24L * 60L * 60L)
+
+
+/*
+**  An entry in the lexical lookup table.
+*/
+typedef struct _TABLE {
+    char	*name;
+    int		type;
+    time_t	value;
+} TABLE;
+
+
+/*
+**  Daylight-savings mode:  on, off, or not yet known.
+*/
+typedef enum _DSTMODE {
+    DSTon, DSToff, DSTmaybe
+} DSTMODE;
+
+/*
+**  Meridian:  am, pm, or 24-hour style.
+*/
+typedef enum _MERIDIAN {
+    MERam, MERpm, MER24
+} MERIDIAN;
+
+
+/*
+**  Global variables.  We could get rid of most of these by using a good
+**  union as the yacc stack.  (This routine was originally written before
+**  yacc had the %union construct.)  Maybe someday; right now we only use
+**  the %union very rarely.
+*/
+static char	*yyInput;
+static DSTMODE	yyDSTmode;
+static time_t	yyDayOrdinal;
+static time_t	yyDayNumber;
+static int	yyHaveDate;
+static int	yyHaveDay;
+static int	yyHaveRel;
+static int	yyHaveTime;
+static int	yyHaveZone;
+static time_t	yyTimezone;
+static time_t	yyDay;
+static time_t	yyHour;
+static time_t	yyMinutes;
+static time_t	yyMonth;
+static time_t	yySeconds;
+static time_t	yyYear;
+static MERIDIAN	yyMeridian;
+static time_t	yyRelMonth;
+static time_t	yyRelSeconds;
+
+static int	yyerror __P((char *s));
+static int	yylex __P((void));
+static int	yyparse __P((void));
+
+%}
+
+%union {
+    time_t		Number;
+    enum _MERIDIAN	Meridian;
+}
+
+%token	tAGO tDAY tDAYZONE tID tMERIDIAN tMINUTE_UNIT tMONTH tMONTH_UNIT
+%token	tSEC_UNIT tSNUMBER tUNUMBER tZONE tDST
+
+%type	<Number>	tDAY tDAYZONE tMINUTE_UNIT tMONTH tMONTH_UNIT
+%type	<Number>	tSEC_UNIT tSNUMBER tUNUMBER tZONE
+%type	<Meridian>	tMERIDIAN o_merid
+
+%%
+
+spec	: /* NULL */
+	| spec item
+	;
+
+item	: time {
+	    yyHaveTime++;
+	}
+	| zone {
+	    yyHaveZone++;
+	}
+	| date {
+	    yyHaveDate++;
+	}
+	| day {
+	    yyHaveDay++;
+	}
+	| rel {
+	    yyHaveRel++;
+	}
+	| number
+	;
+
+time	: tUNUMBER tMERIDIAN {
+	    yyHour = $1;
+	    yyMinutes = 0;
+	    yySeconds = 0;
+	    yyMeridian = $2;
+	}
+	| tUNUMBER ':' tUNUMBER o_merid {
+	    yyHour = $1;
+	    yyMinutes = $3;
+	    yySeconds = 0;
+	    yyMeridian = $4;
+	}
+	| tUNUMBER ':' tUNUMBER tSNUMBER {
+	    yyHour = $1;
+	    yyMinutes = $3;
+	    yyMeridian = MER24;
+	    yyDSTmode = DSToff;
+	    yyTimezone = - ($4 % 100 + ($4 / 100) * 60);
+	}
+	| tUNUMBER ':' tUNUMBER ':' tUNUMBER o_merid {
+	    yyHour = $1;
+	    yyMinutes = $3;
+	    yySeconds = $5;
+	    yyMeridian = $6;
+	}
+	| tUNUMBER ':' tUNUMBER ':' tUNUMBER tSNUMBER {
+	    yyHour = $1;
+	    yyMinutes = $3;
+	    yySeconds = $5;
+	    yyMeridian = MER24;
+	    yyDSTmode = DSToff;
+	    yyTimezone = - ($6 % 100 + ($6 / 100) * 60);
+	}
+	;
+
+zone	: tZONE {
+	    yyTimezone = $1;
+	    yyDSTmode = DSToff;
+	}
+	| tDAYZONE {
+	    yyTimezone = $1;
+	    yyDSTmode = DSTon;
+	}
+	|
+	  tZONE tDST {
+	    yyTimezone = $1;
+	    yyDSTmode = DSTon;
+	}
+	;
+
+day	: tDAY {
+	    yyDayOrdinal = 1;
+	    yyDayNumber = $1;
+	}
+	| tDAY ',' {
+	    yyDayOrdinal = 1;
+	    yyDayNumber = $1;
+	}
+	| tUNUMBER tDAY {
+	    yyDayOrdinal = $1;
+	    yyDayNumber = $2;
+	}
+	;
+
+date	: tUNUMBER '/' tUNUMBER {
+	    yyMonth = $1;
+	    yyDay = $3;
+	}
+	| tUNUMBER '/' tUNUMBER '/' tUNUMBER {
+	    if ($1 >= 100) {
+		yyYear = $1;
+		yyMonth = $3;
+		yyDay = $5;
+	    } else {
+		yyMonth = $1;
+		yyDay = $3;
+		yyYear = $5;
+	    }
+	}
+	| tUNUMBER tSNUMBER tSNUMBER {
+	    /* ISO 8601 format.  yyyy-mm-dd.  */
+	    yyYear = $1;
+	    yyMonth = -$2;
+	    yyDay = -$3;
+	}
+	| tUNUMBER tMONTH tSNUMBER {
+	    /* e.g. 17-JUN-1992.  */
+	    yyDay = $1;
+	    yyMonth = $2;
+	    yyYear = -$3;
+	}
+	| tMONTH tUNUMBER {
+	    yyMonth = $1;
+	    yyDay = $2;
+	}
+	| tMONTH tUNUMBER ',' tUNUMBER {
+	    yyMonth = $1;
+	    yyDay = $2;
+	    yyYear = $4;
+	}
+	| tUNUMBER tMONTH {
+	    yyMonth = $2;
+	    yyDay = $1;
+	}
+	| tUNUMBER tMONTH tUNUMBER {
+	    yyMonth = $2;
+	    yyDay = $1;
+	    yyYear = $3;
+	}
+	;
+
+rel	: relunit tAGO {
+	    yyRelSeconds = -yyRelSeconds;
+	    yyRelMonth = -yyRelMonth;
+	}
+	| relunit
+	;
+
+relunit	: tUNUMBER tMINUTE_UNIT {
+	    yyRelSeconds += $1 * $2 * 60L;
+	}
+	| tSNUMBER tMINUTE_UNIT {
+	    yyRelSeconds += $1 * $2 * 60L;
+	}
+	| tMINUTE_UNIT {
+	    yyRelSeconds += $1 * 60L;
+	}
+	| tSNUMBER tSEC_UNIT {
+	    yyRelSeconds += $1;
+	}
+	| tUNUMBER tSEC_UNIT {
+	    yyRelSeconds += $1;
+	}
+	| tSEC_UNIT {
+	    yyRelSeconds++;
+	}
+	| tSNUMBER tMONTH_UNIT {
+	    yyRelMonth += $1 * $2;
+	}
+	| tUNUMBER tMONTH_UNIT {
+	    yyRelMonth += $1 * $2;
+	}
+	| tMONTH_UNIT {
+	    yyRelMonth += $1;
+	}
+	;
+
+number	: tUNUMBER {
+	    if (yyHaveTime && yyHaveDate && !yyHaveRel)
+		yyYear = $1;
+	    else {
+		if($1>10000) {
+		    yyHaveDate++;
+		    yyDay= ($1)%100;
+		    yyMonth= ($1/100)%100;
+		    yyYear = $1/10000;
+		}
+		else {
+		    yyHaveTime++;
+		    if ($1 < 100) {
+			yyHour = $1;
+			yyMinutes = 0;
+		    }
+		    else {
+		    	yyHour = $1 / 100;
+		    	yyMinutes = $1 % 100;
+		    }
+		    yySeconds = 0;
+		    yyMeridian = MER24;
+	        }
+	    }
+	}
+	;
+
+o_merid	: /* NULL */ {
+	    $$ = MER24;
+	}
+	| tMERIDIAN {
+	    $$ = $1;
+	}
+	;
+
+%%
+
+/* Month and day table. */
+static TABLE const MonthDayTable[] = {
+    { "january",	tMONTH,  1 },
+    { "february",	tMONTH,  2 },
+    { "march",		tMONTH,  3 },
+    { "april",		tMONTH,  4 },
+    { "may",		tMONTH,  5 },
+    { "june",		tMONTH,  6 },
+    { "july",		tMONTH,  7 },
+    { "august",		tMONTH,  8 },
+    { "september",	tMONTH,  9 },
+    { "sept",		tMONTH,  9 },
+    { "october",	tMONTH, 10 },
+    { "november",	tMONTH, 11 },
+    { "december",	tMONTH, 12 },
+    { "sunday",		tDAY, 0 },
+    { "monday",		tDAY, 1 },
+    { "tuesday",	tDAY, 2 },
+    { "tues",		tDAY, 2 },
+    { "wednesday",	tDAY, 3 },
+    { "wednes",		tDAY, 3 },
+    { "thursday",	tDAY, 4 },
+    { "thur",		tDAY, 4 },
+    { "thurs",		tDAY, 4 },
+    { "friday",		tDAY, 5 },
+    { "saturday",	tDAY, 6 },
+    { NULL }
+};
+
+/* Time units table. */
+static TABLE const UnitsTable[] = {
+    { "year",		tMONTH_UNIT,	12 },
+    { "month",		tMONTH_UNIT,	1 },
+    { "fortnight",	tMINUTE_UNIT,	14 * 24 * 60 },
+    { "week",		tMINUTE_UNIT,	7 * 24 * 60 },
+    { "day",		tMINUTE_UNIT,	1 * 24 * 60 },
+    { "hour",		tMINUTE_UNIT,	60 },
+    { "minute",		tMINUTE_UNIT,	1 },
+    { "min",		tMINUTE_UNIT,	1 },
+    { "second",		tSEC_UNIT,	1 },
+    { "sec",		tSEC_UNIT,	1 },
+    { NULL }
+};
+
+/* Assorted relative-time words. */
+static TABLE const OtherTable[] = {
+    { "tomorrow",	tMINUTE_UNIT,	1 * 24 * 60 },
+    { "yesterday",	tMINUTE_UNIT,	-1 * 24 * 60 },
+    { "today",		tMINUTE_UNIT,	0 },
+    { "now",		tMINUTE_UNIT,	0 },
+    { "last",		tUNUMBER,	-1 },
+    { "this",		tMINUTE_UNIT,	0 },
+    { "next",		tUNUMBER,	2 },
+    { "first",		tUNUMBER,	1 },
+/*  { "second",		tUNUMBER,	2 }, */
+    { "third",		tUNUMBER,	3 },
+    { "fourth",		tUNUMBER,	4 },
+    { "fifth",		tUNUMBER,	5 },
+    { "sixth",		tUNUMBER,	6 },
+    { "seventh",	tUNUMBER,	7 },
+    { "eighth",		tUNUMBER,	8 },
+    { "ninth",		tUNUMBER,	9 },
+    { "tenth",		tUNUMBER,	10 },
+    { "eleventh",	tUNUMBER,	11 },
+    { "twelfth",	tUNUMBER,	12 },
+    { "ago",		tAGO,	1 },
+    { NULL }
+};
+
+/* The timezone table. */
+/* Some of these are commented out because a time_t can't store a float. */
+static TABLE const TimezoneTable[] = {
+    { "gmt",	tZONE,     HOUR( 0) },	/* Greenwich Mean */
+    { "ut",	tZONE,     HOUR( 0) },	/* Universal (Coordinated) */
+    { "utc",	tZONE,     HOUR( 0) },
+    { "wet",	tZONE,     HOUR( 0) },	/* Western European */
+    { "bst",	tDAYZONE,  HOUR( 0) },	/* British Summer */
+    { "wat",	tZONE,     HOUR( 1) },	/* West Africa */
+    { "at",	tZONE,     HOUR( 2) },	/* Azores */
+#if	0
+    /* For completeness.  BST is also British Summer, and GST is
+     * also Guam Standard. */
+    { "bst",	tZONE,     HOUR( 3) },	/* Brazil Standard */
+    { "gst",	tZONE,     HOUR( 3) },	/* Greenland Standard */
+#endif
+#if 0
+    { "nft",	tZONE,     HOUR(3.5) },	/* Newfoundland */
+    { "nst",	tZONE,     HOUR(3.5) },	/* Newfoundland Standard */
+    { "ndt",	tDAYZONE,  HOUR(3.5) },	/* Newfoundland Daylight */
+#endif
+    { "ast",	tZONE,     HOUR( 4) },	/* Atlantic Standard */
+    { "adt",	tDAYZONE,  HOUR( 4) },	/* Atlantic Daylight */
+    { "est",	tZONE,     HOUR( 5) },	/* Eastern Standard */
+    { "edt",	tDAYZONE,  HOUR( 5) },	/* Eastern Daylight */
+    { "cst",	tZONE,     HOUR( 6) },	/* Central Standard */
+    { "cdt",	tDAYZONE,  HOUR( 6) },	/* Central Daylight */
+    { "mst",	tZONE,     HOUR( 7) },	/* Mountain Standard */
+    { "mdt",	tDAYZONE,  HOUR( 7) },	/* Mountain Daylight */
+    { "pst",	tZONE,     HOUR( 8) },	/* Pacific Standard */
+    { "pdt",	tDAYZONE,  HOUR( 8) },	/* Pacific Daylight */
+    { "yst",	tZONE,     HOUR( 9) },	/* Yukon Standard */
+    { "ydt",	tDAYZONE,  HOUR( 9) },	/* Yukon Daylight */
+    { "hst",	tZONE,     HOUR(10) },	/* Hawaii Standard */
+    { "hdt",	tDAYZONE,  HOUR(10) },	/* Hawaii Daylight */
+    { "cat",	tZONE,     HOUR(10) },	/* Central Alaska */
+    { "ahst",	tZONE,     HOUR(10) },	/* Alaska-Hawaii Standard */
+    { "nt",	tZONE,     HOUR(11) },	/* Nome */
+    { "idlw",	tZONE,     HOUR(12) },	/* International Date Line West */
+    { "cet",	tZONE,     -HOUR(1) },	/* Central European */
+    { "met",	tZONE,     -HOUR(1) },	/* Middle European */
+    { "mewt",	tZONE,     -HOUR(1) },	/* Middle European Winter */
+    { "mest",	tDAYZONE,  -HOUR(1) },	/* Middle European Summer */
+    { "swt",	tZONE,     -HOUR(1) },	/* Swedish Winter */
+    { "sst",	tDAYZONE,  -HOUR(1) },	/* Swedish Summer */
+    { "fwt",	tZONE,     -HOUR(1) },	/* French Winter */
+    { "fst",	tDAYZONE,  -HOUR(1) },	/* French Summer */
+    { "eet",	tZONE,     -HOUR(2) },	/* Eastern Europe, USSR Zone 1 */
+    { "bt",	tZONE,     -HOUR(3) },	/* Baghdad, USSR Zone 2 */
+#if 0
+    { "it",	tZONE,     -HOUR(3.5) },/* Iran */
+#endif
+    { "zp4",	tZONE,     -HOUR(4) },	/* USSR Zone 3 */
+    { "zp5",	tZONE,     -HOUR(5) },	/* USSR Zone 4 */
+#if 0
+    { "ist",	tZONE,     -HOUR(5.5) },/* Indian Standard */
+#endif
+    { "zp6",	tZONE,     -HOUR(6) },	/* USSR Zone 5 */
+#if	0
+    /* For completeness.  NST is also Newfoundland Stanard, and SST is
+     * also Swedish Summer. */
+    { "nst",	tZONE,     -HOUR(6.5) },/* North Sumatra */
+    { "sst",	tZONE,     -HOUR(7) },	/* South Sumatra, USSR Zone 6 */
+#endif	/* 0 */
+    { "wast",	tZONE,     -HOUR(7) },	/* West Australian Standard */
+    { "wadt",	tDAYZONE,  -HOUR(7) },	/* West Australian Daylight */
+#if 0
+    { "jt",	tZONE,     -HOUR(7.5) },/* Java (3pm in Cronusland!) */
+#endif
+    { "cct",	tZONE,     -HOUR(8) },	/* China Coast, USSR Zone 7 */
+    { "jst",	tZONE,     -HOUR(9) },	/* Japan Standard, USSR Zone 8 */
+#if 0
+    { "cast",	tZONE,     -HOUR(9.5) },/* Central Australian Standard */
+    { "cadt",	tDAYZONE,  -HOUR(9.5) },/* Central Australian Daylight */
+#endif
+    { "east",	tZONE,     -HOUR(10) },	/* Eastern Australian Standard */
+    { "eadt",	tDAYZONE,  -HOUR(10) },	/* Eastern Australian Daylight */
+    { "gst",	tZONE,     -HOUR(10) },	/* Guam Standard, USSR Zone 9 */
+    { "nzt",	tZONE,     -HOUR(12) },	/* New Zealand */
+    { "nzst",	tZONE,     -HOUR(12) },	/* New Zealand Standard */
+    { "nzdt",	tDAYZONE,  -HOUR(12) },	/* New Zealand Daylight */
+    { "idle",	tZONE,     -HOUR(12) },	/* International Date Line East */
+    {  NULL  }
+};
+
+/* Military timezone table. */
+static TABLE const MilitaryTable[] = {
+    { "a",	tZONE,	HOUR(  1) },
+    { "b",	tZONE,	HOUR(  2) },
+    { "c",	tZONE,	HOUR(  3) },
+    { "d",	tZONE,	HOUR(  4) },
+    { "e",	tZONE,	HOUR(  5) },
+    { "f",	tZONE,	HOUR(  6) },
+    { "g",	tZONE,	HOUR(  7) },
+    { "h",	tZONE,	HOUR(  8) },
+    { "i",	tZONE,	HOUR(  9) },
+    { "k",	tZONE,	HOUR( 10) },
+    { "l",	tZONE,	HOUR( 11) },
+    { "m",	tZONE,	HOUR( 12) },
+    { "n",	tZONE,	HOUR(- 1) },
+    { "o",	tZONE,	HOUR(- 2) },
+    { "p",	tZONE,	HOUR(- 3) },
+    { "q",	tZONE,	HOUR(- 4) },
+    { "r",	tZONE,	HOUR(- 5) },
+    { "s",	tZONE,	HOUR(- 6) },
+    { "t",	tZONE,	HOUR(- 7) },
+    { "u",	tZONE,	HOUR(- 8) },
+    { "v",	tZONE,	HOUR(- 9) },
+    { "w",	tZONE,	HOUR(-10) },
+    { "x",	tZONE,	HOUR(-11) },
+    { "y",	tZONE,	HOUR(-12) },
+    { "z",	tZONE,	HOUR(  0) },
+    { NULL }
+};
+
+
+
+
+/* ARGSUSED */
+static int
+yyerror(s)
+    char	*s;
+{
+  return 0;
+}
+
+
+static time_t
+ToSeconds(Hours, Minutes, Seconds, Meridian)
+    time_t	Hours;
+    time_t	Minutes;
+    time_t	Seconds;
+    MERIDIAN	Meridian;
+{
+    if (Minutes < 0 || Minutes > 59 || Seconds < 0 || Seconds > 59)
+	return -1;
+    switch (Meridian) {
+    case MER24:
+	if (Hours < 0 || Hours > 23)
+	    return -1;
+	return (Hours * 60L + Minutes) * 60L + Seconds;
+    case MERam:
+	if (Hours < 1 || Hours > 12)
+	    return -1;
+	if (Hours == 12)
+	    Hours = 0;
+	return (Hours * 60L + Minutes) * 60L + Seconds;
+    case MERpm:
+	if (Hours < 1 || Hours > 12)
+	    return -1;
+	if (Hours == 12)
+	    Hours = 0;
+	return ((Hours + 12) * 60L + Minutes) * 60L + Seconds;
+    default:
+	abort ();
+    }
+    /* NOTREACHED */
+}
+
+
+/* Year is either
+   * A negative number, which means to use its absolute value (why?)
+   * A number from 0 to 99, which means a year from 1900 to 1999, or
+   * The actual year (>=100).  */
+static time_t
+Convert(Month, Day, Year, Hours, Minutes, Seconds, Meridian, DSTmode)
+    time_t	Month;
+    time_t	Day;
+    time_t	Year;
+    time_t	Hours;
+    time_t	Minutes;
+    time_t	Seconds;
+    MERIDIAN	Meridian;
+    DSTMODE	DSTmode;
+{
+    static int DaysInMonth[12] = {
+	31, 0, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
+    };
+    time_t	tod;
+    time_t	Julian;
+    int		i;
+
+    if (Year < 0)
+	Year = -Year;
+    if (Year < 69)
+	Year += 2000;
+    else if (Year < 100) {
+	Year += 1900;
+	if (Year < EPOCH)
+		Year += 100;
+    }
+    DaysInMonth[1] = Year % 4 == 0 && (Year % 100 != 0 || Year % 400 == 0)
+		    ? 29 : 28;
+    /* Checking for 2038 bogusly assumes that time_t is 32 bits.  But
+       I'm too lazy to try to check for time_t overflow in another way.  */
+    if (Year < EPOCH || Year > 2038
+     || Month < 1 || Month > 12
+     /* Lint fluff:  "conversion from long may lose accuracy" */
+     || Day < 1 || Day > DaysInMonth[(int)--Month])
+	return -1;
+
+    for (Julian = Day - 1, i = 0; i < Month; i++)
+	Julian += DaysInMonth[i];
+    for (i = EPOCH; i < Year; i++)
+	Julian += 365 + (i % 4 == 0);
+    Julian *= SECSPERDAY;
+    Julian += yyTimezone * 60L;
+    if ((tod = ToSeconds(Hours, Minutes, Seconds, Meridian)) < 0)
+	return -1;
+    Julian += tod;
+    if (DSTmode == DSTon
+     || (DSTmode == DSTmaybe && localtime(&Julian)->tm_isdst))
+	Julian -= 60 * 60;
+    return Julian;
+}
+
+
+static time_t
+DSTcorrect(Start, Future)
+    time_t	Start;
+    time_t	Future;
+{
+    time_t	StartDay;
+    time_t	FutureDay;
+
+    StartDay = (localtime(&Start)->tm_hour + 1) % 24;
+    FutureDay = (localtime(&Future)->tm_hour + 1) % 24;
+    return (Future - Start) + (StartDay - FutureDay) * 60L * 60L;
+}
+
+
+static time_t
+RelativeDate(Start, DayOrdinal, DayNumber)
+    time_t	Start;
+    time_t	DayOrdinal;
+    time_t	DayNumber;
+{
+    struct tm	*tm;
+    time_t	now;
+
+    now = Start;
+    tm = localtime(&now);
+    now += SECSPERDAY * ((DayNumber - tm->tm_wday + 7) % 7);
+    now += 7 * SECSPERDAY * (DayOrdinal <= 0 ? DayOrdinal : DayOrdinal - 1);
+    return DSTcorrect(Start, now);
+}
+
+
+static time_t
+RelativeMonth(Start, RelMonth)
+    time_t	Start;
+    time_t	RelMonth;
+{
+    struct tm	*tm;
+    time_t	Month;
+    time_t	Year;
+
+    if (RelMonth == 0)
+	return 0;
+    tm = localtime(&Start);
+    Month = 12 * (tm->tm_year + 1900) + tm->tm_mon + RelMonth;
+    Year = Month / 12;
+    Month = Month % 12 + 1;
+    return DSTcorrect(Start,
+	    Convert(Month, (time_t)tm->tm_mday, Year,
+		(time_t)tm->tm_hour, (time_t)tm->tm_min, (time_t)tm->tm_sec,
+		MER24, DSTmaybe));
+}
+
+
+static int
+LookupWord(buff)
+    char		*buff;
+{
+    char		*p;
+    char		*q;
+    const TABLE		*tp;
+    int			i;
+    int			abbrev;
+
+    /* Make it lowercase. */
+    for (p = buff; *p; p++)
+	if (isupper((unsigned char)*p))
+	    *p = tolower((unsigned char)*p);
+
+    if (strcmp(buff, "am") == 0 || strcmp(buff, "a.m.") == 0) {
+	yylval.Meridian = MERam;
+	return tMERIDIAN;
+    }
+    if (strcmp(buff, "pm") == 0 || strcmp(buff, "p.m.") == 0) {
+	yylval.Meridian = MERpm;
+	return tMERIDIAN;
+    }
+
+    /* See if we have an abbreviation for a month. */
+    if (strlen(buff) == 3)
+	abbrev = 1;
+    else if (strlen(buff) == 4 && buff[3] == '.') {
+	abbrev = 1;
+	buff[3] = '\0';
+    }
+    else
+	abbrev = 0;
+
+    for (tp = MonthDayTable; tp->name; tp++) {
+	if (abbrev) {
+	    if (strncmp(buff, tp->name, 3) == 0) {
+		yylval.Number = tp->value;
+		return tp->type;
+	    }
+	}
+	else if (strcmp(buff, tp->name) == 0) {
+	    yylval.Number = tp->value;
+	    return tp->type;
+	}
+    }
+
+    for (tp = TimezoneTable; tp->name; tp++)
+	if (strcmp(buff, tp->name) == 0) {
+	    yylval.Number = tp->value;
+	    return tp->type;
+	}
+
+    if (strcmp(buff, "dst") == 0) 
+	return tDST;
+
+    for (tp = UnitsTable; tp->name; tp++)
+	if (strcmp(buff, tp->name) == 0) {
+	    yylval.Number = tp->value;
+	    return tp->type;
+	}
+
+    /* Strip off any plural and try the units table again. */
+    i = strlen(buff) - 1;
+    if (buff[i] == 's') {
+	buff[i] = '\0';
+	for (tp = UnitsTable; tp->name; tp++)
+	    if (strcmp(buff, tp->name) == 0) {
+		yylval.Number = tp->value;
+		return tp->type;
+	    }
+	buff[i] = 's';		/* Put back for "this" in OtherTable. */
+    }
+
+    for (tp = OtherTable; tp->name; tp++)
+	if (strcmp(buff, tp->name) == 0) {
+	    yylval.Number = tp->value;
+	    return tp->type;
+	}
+
+    /* Military timezones. */
+    if (buff[1] == '\0' && isalpha((unsigned char)*buff)) {
+	for (tp = MilitaryTable; tp->name; tp++)
+	    if (strcmp(buff, tp->name) == 0) {
+		yylval.Number = tp->value;
+		return tp->type;
+	    }
+    }
+
+    /* Drop out any periods and try the timezone table again. */
+    for (i = 0, p = q = buff; *q; q++)
+	if (*q != '.')
+	    *p++ = *q;
+	else
+	    i++;
+    *p = '\0';
+    if (i)
+	for (tp = TimezoneTable; tp->name; tp++)
+	    if (strcmp(buff, tp->name) == 0) {
+		yylval.Number = tp->value;
+		return tp->type;
+	    }
+
+    return tID;
+}
+
+
+static int
+yylex()
+{
+    char		c;
+    char		*p;
+    char		buff[20];
+    int			Count;
+    int			sign;
+
+    for ( ; ; ) {
+	while (isspace((unsigned char)*yyInput))
+	    yyInput++;
+
+	if (isdigit((unsigned char)(c = *yyInput)) || c == '-' || c == '+') {
+	    if (c == '-' || c == '+') {
+		sign = c == '-' ? -1 : 1;
+		if (!isdigit((unsigned char)*++yyInput))
+		    /* skip the '-' sign */
+		    continue;
+	    }
+	    else
+		sign = 0;
+	    for (yylval.Number = 0; isdigit((unsigned char)(c = *yyInput++)); )
+		yylval.Number = 10 * yylval.Number + c - '0';
+	    yyInput--;
+	    if (sign < 0)
+		yylval.Number = -yylval.Number;
+	    return sign ? tSNUMBER : tUNUMBER;
+	}
+	if (isalpha((unsigned char)c)) {
+	    for (p = buff; isalpha((unsigned char)(c = *yyInput++)) || c == '.'; )
+		if (p < &buff[sizeof buff - 1])
+		    *p++ = c;
+	    *p = '\0';
+	    yyInput--;
+	    return LookupWord(buff);
+	}
+	if (c != '(')
+	    return *yyInput++;
+	Count = 0;
+	do {
+	    c = *yyInput++;
+	    if (c == '\0')
+		return c;
+	    if (c == '(')
+		Count++;
+	    else if (c == ')')
+		Count--;
+	} while (Count > 0);
+    }
+}
+
+#define TM_YEAR_ORIGIN 1900
+
+/* Yield A - B, measured in seconds.  */
+static long
+difftm (a, b)
+     struct tm *a, *b;
+{
+  int ay = a->tm_year + (TM_YEAR_ORIGIN - 1);
+  int by = b->tm_year + (TM_YEAR_ORIGIN - 1);
+  int days = (
+	      /* difference in day of year */
+	      a->tm_yday - b->tm_yday
+	      /* + intervening leap days */
+	      +  ((ay >> 2) - (by >> 2))
+	      -  (ay/100 - by/100)
+	      +  ((ay/100 >> 2) - (by/100 >> 2))
+	      /* + difference in years * 365 */
+	      +  (long)(ay-by) * 365
+	      );
+  return (60*(60*(24*days + (a->tm_hour - b->tm_hour))
+	      + (a->tm_min - b->tm_min))
+	  + (a->tm_sec - b->tm_sec));
+}
+
+time_t
+get_date(p)
+    char		*p;
+{
+    struct tm		*tm, *gmt, gmtbuf;
+    time_t		Start;
+    time_t		tod;
+    time_t		now;
+    time_t		timezone;
+
+    yyInput = p;
+    (void)time (&now);
+
+    gmt = gmtime (&now);
+    if (gmt != NULL)
+    {
+	/* Make a copy, in case localtime modifies *tm (I think
+	   that comment now applies to *gmt, but I am too
+	   lazy to dig into how gmtime and locatime allocate the
+	   structures they return pointers to).  */
+	gmtbuf = *gmt;
+	gmt = &gmtbuf;
+    }
+
+    if (! (tm = localtime (&now)))
+	return -1;
+
+    if (gmt != NULL)
+	timezone = difftm (gmt, tm) / 60;
+    else
+	/* We are on a system like VMS, where the system clock is
+	   in local time and the system has no concept of timezones.
+	   Hopefully we can fake this out (for the case in which the
+	   user specifies no timezone) by just saying the timezone
+	   is zero.  */
+	timezone = 0;
+
+    if(tm->tm_isdst)
+	timezone += 60;
+
+    tm = localtime(&now);
+    yyYear = tm->tm_year + 1900;
+    yyMonth = tm->tm_mon + 1;
+    yyDay = tm->tm_mday;
+    yyTimezone = timezone;
+    yyDSTmode = DSTmaybe;
+    yyHour = 0;
+    yyMinutes = 0;
+    yySeconds = 0;
+    yyMeridian = MER24;
+    yyRelSeconds = 0;
+    yyRelMonth = 0;
+    yyHaveDate = 0;
+    yyHaveDay = 0;
+    yyHaveRel = 0;
+    yyHaveTime = 0;
+    yyHaveZone = 0;
+
+    if (yyparse()
+     || yyHaveTime > 1 || yyHaveZone > 1 || yyHaveDate > 1 || yyHaveDay > 1)
+	return -1;
+
+    if (yyHaveDate || yyHaveTime || yyHaveDay) {
+	Start = Convert(yyMonth, yyDay, yyYear, yyHour, yyMinutes, yySeconds,
+		    yyMeridian, yyDSTmode);
+	if (Start < 0)
+	    return -1;
+    }
+    else {
+	Start = now;
+	if (!yyHaveRel)
+	    Start -= ((tm->tm_hour * 60L + tm->tm_min) * 60L) + tm->tm_sec;
+    }
+
+    Start += yyRelSeconds;
+    Start += RelativeMonth(Start, yyRelMonth);
+
+    if (yyHaveDay && !yyHaveDate) {
+	tod = RelativeDate(Start, yyDayOrdinal, yyDayNumber);
+	Start += tod;
+    }
+
+    /* Have to do *something* with a legitimate -1 so it's distinguishable
+     * from the error return value.  (Alternately could set errno on error.) */
+    return Start == -1 ? 0 : Start;
+}
+
+
+#if	defined(TEST)
+
+/* ARGSUSED */
+int
+main(ac, av)
+    int		ac;
+    char	*av[];
+{
+    char	buff[128];
+    time_t	d;
+
+    (void)printf("Enter date, or blank line to exit.\n\t> ");
+    (void)fflush(stdout);
+    while (gets(buff) && buff[0]) {
+	d = get_date(buff);
+	if (d == -1)
+	    (void)printf("Bad format - couldn't convert.\n");
+	else
+	    (void)printf("%s", ctime(&d));
+	(void)printf("\t> ");
+	(void)fflush(stdout);
+    }
+    exit(0);
+    /* NOTREACHED */
+}
+#endif	/* defined(TEST) */
diff --git a/sudo-1.7.4p4/getline.c b/sudo-1.7.4p4/getline.c
new file mode 100644
index 0000000..b7db379
--- /dev/null
+++ b/sudo-1.7.4p4/getline.c
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#include <limits.h>
+
+#include "compat.h"
+#include "alloc.h"
+
+#ifndef LINE_MAX
+# define LINE_MAX 2048
+#endif
+
+#ifdef HAVE_FGETLN
+ssize_t
+getline(bufp, bufsizep, fp)
+    char **bufp;
+    size_t *bufsizep;
+    FILE *fp;
+{
+    char *buf;
+    size_t bufsize;
+    size_t len;
+
+    buf = fgetln(fp, &len);
+    if (buf) {
+	bufsize = *bufp ? *bufsizep : 0;
+	if (bufsize < len + 1) {
+	    bufsize = len + 1;
+	    *bufp = erealloc(*bufp, bufsize);
+	    *bufsizep = bufsize;
+	}
+	memcpy(*bufp, buf, len);
+	(*bufp)[len] = '\0';
+    }
+    return(buf ? len : -1);
+}
+#else
+ssize_t
+getline(bufp, bufsizep, fp)
+    char **bufp;
+    size_t *bufsizep;
+    FILE *fp;
+{
+    char *buf;
+    size_t bufsize;
+    ssize_t len = 0;
+
+    buf = *bufp;
+    bufsize = *bufsizep;
+    if (buf == NULL || bufsize == 0) {
+	bufsize = LINE_MAX;
+	buf = erealloc(buf, LINE_MAX);
+    }
+
+    for (;;) {
+	if (fgets(buf + len, bufsize - len, fp) == NULL) {
+	    len = -1;
+	    break;
+	}
+	len = strlen(buf);
+	if (!len || buf[len - 1] == '\n' || feof(fp))
+	    break;
+	bufsize *= 2;
+	buf = erealloc(buf, bufsize);
+    }
+    *bufp = buf;
+    *bufsizep = bufsize;
+    return(len);
+}
+#endif
diff --git a/sudo-1.7.4p4/getprogname.c b/sudo-1.7.4p4/getprogname.c
new file mode 100644
index 0000000..f269405
--- /dev/null
+++ b/sudo-1.7.4p4/getprogname.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2003-2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <config.h>
+#include <compat.h>
+
+const char *
+getprogname()
+{
+    static const char *progname;
+    extern int Argc;
+    extern char **Argv;
+
+    if (progname == NULL) {
+	if (Argc < 0)
+	    progname = "sudo";
+	else if ((progname = strrchr(Argv[0], '/')) != NULL)
+	    progname++;
+	else
+	    progname = Argv[0];
+    }
+    return(progname);
+}
diff --git a/sudo-1.7.4p4/getspwuid.c b/sudo-1.7.4p4/getspwuid.c
new file mode 100644
index 0000000..7ee5eba
--- /dev/null
+++ b/sudo-1.7.4p4/getspwuid.c
@@ -0,0 +1,195 @@
+/*
+ * Copyright (c) 1996, 1998-2005, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <grp.h>
+#ifdef HAVE_GETSPNAM
+# include <shadow.h>
+#endif /* HAVE_GETSPNAM */
+#ifdef HAVE_GETPRPWNAM
+# ifdef __hpux
+#  undef MAXINT
+#  include <hpsecurity.h>
+# else
+#  include <sys/security.h>
+# endif /* __hpux */
+# include <prot.h>
+#endif /* HAVE_GETPRPWNAM */
+#ifdef HAVE_GETPWANAM
+# include <sys/label.h>
+# include <sys/audit.h>
+# include <pwdadj.h>
+#endif /* HAVE_GETPWANAM */
+#ifdef HAVE_GETAUTHUID
+# include <auth.h>
+#endif /* HAVE_GETAUTHUID */
+
+#include "sudo.h"
+
+/*
+ * Exported for auth/secureware.c
+ */
+#if defined(HAVE_GETPRPWNAM) && defined(__alpha)
+int crypt_type = INT_MAX;
+#endif /* HAVE_GETPRPWNAM && __alpha */
+
+/*
+ * Return a copy of the encrypted password for the user described by pw.
+ * If shadow passwords are in use, look in the shadow file.
+ */
+char *
+sudo_getepw(pw)
+    const struct passwd *pw;
+{
+    char *epw;
+
+    /* If there is a function to check for shadow enabled, use it... */
+#ifdef HAVE_ISCOMSEC
+    if (!iscomsec())
+	return(estrdup(pw->pw_passwd));
+#endif /* HAVE_ISCOMSEC */
+#ifdef HAVE_ISSECURE
+    if (!issecure())
+	return(estrdup(pw->pw_passwd));
+#endif /* HAVE_ISSECURE */
+
+    epw = NULL;
+#ifdef HAVE_GETPRPWNAM
+    {
+	struct pr_passwd *spw;
+
+	if ((spw = getprpwnam(pw->pw_name)) && spw->ufld.fd_encrypt) {
+# ifdef __alpha
+	    crypt_type = spw->ufld.fd_oldcrypt;
+# endif /* __alpha */
+	    epw = estrdup(spw->ufld.fd_encrypt);
+	}
+	if (epw)
+	    return(epw);
+    }
+#endif /* HAVE_GETPRPWNAM */
+#ifdef HAVE_GETSPNAM
+    {
+	struct spwd *spw;
+
+	if ((spw = getspnam(pw->pw_name)) && spw->sp_pwdp)
+	    epw = estrdup(spw->sp_pwdp);
+	if (epw)
+	    return(epw);
+    }
+#endif /* HAVE_GETSPNAM */
+#ifdef HAVE_GETSPWUID
+    {
+	struct s_passwd *spw;
+
+	if ((spw = getspwuid(pw->pw_uid)) && spw->pw_passwd)
+	    epw = estrdup(spw->pw_passwd);
+	if (epw)
+	    return(epw);
+    }
+#endif /* HAVE_GETSPWUID */
+#ifdef HAVE_GETPWANAM
+    {
+	struct passwd_adjunct *spw;
+
+	if ((spw = getpwanam(pw->pw_name)) && spw->pwa_passwd)
+	    epw = estrdup(spw->pwa_passwd);
+	if (epw)
+	    return(epw);
+    }
+#endif /* HAVE_GETPWANAM */
+#ifdef HAVE_GETAUTHUID
+    {
+	AUTHORIZATION *spw;
+
+	if ((spw = getauthuid(pw->pw_uid)) && spw->a_password)
+	    epw = estrdup(spw->a_password);
+	if (epw)
+	    return(epw);
+    }
+#endif /* HAVE_GETAUTHUID */
+
+    /* Fall back on normal password. */
+    return(estrdup(pw->pw_passwd));
+}
+
+void
+sudo_setspent()
+{
+#ifdef HAVE_GETPRPWNAM
+    setprpwent();
+#endif
+#ifdef HAVE_GETSPNAM
+    setspent();
+#endif
+#ifdef HAVE_GETSPWUID
+    setspwent();
+#endif
+#ifdef HAVE_GETPWANAM
+    setpwaent();
+#endif
+#ifdef HAVE_GETAUTHUID
+    setauthent();
+#endif
+}
+
+void
+sudo_endspent()
+{
+#ifdef HAVE_GETPRPWNAM
+    endprpwent();
+#endif
+#ifdef HAVE_GETSPNAM
+    endspent();
+#endif
+#ifdef HAVE_GETSPWUID
+    endspwent();
+#endif
+#ifdef HAVE_GETPWANAM
+    endpwaent();
+#endif
+#ifdef HAVE_GETAUTHUID
+    endauthent();
+#endif
+}
diff --git a/sudo-1.7.4p4/gettime.c b/sudo-1.7.4p4/gettime.c
new file mode 100644
index 0000000..9a13003
--- /dev/null
+++ b/sudo-1.7.4p4/gettime.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2004-2005, 2008, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <stdio.h>
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+
+#include <compat.h>
+
+/*
+ * Get the current time via gettimeofday() for systems with
+ * timespecs in struct stat or, otherwise, using time().
+ */
+int
+gettime(tv)
+    struct timeval *tv;
+{
+    int rval;
+#if defined(HAVE_GETTIMEOFDAY) && (defined(HAVE_ST_MTIM) || defined(HAVE_ST_MTIMESPEC))
+    rval = gettimeofday(tv, NULL);
+#else
+    rval = (int)time(&tv->tv_sec);
+    tv->tv_usec = 0;
+#endif
+    return (rval);
+}
diff --git a/sudo-1.7.4p4/glob.c b/sudo-1.7.4p4/glob.c
new file mode 100644
index 0000000..9673626
--- /dev/null
+++ b/sudo-1.7.4p4/glob.c
@@ -0,0 +1,949 @@
+/*
+ * Copyright (c) 2008-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)glob.c	8.3 (Berkeley) 10/13/93
+ */
+
+/*
+ * glob(3) -- a superset of the one defined in POSIX 1003.2.
+ *
+ * The [!...] convention to negate a range is supported (SysV, Posix, ksh).
+ *
+ * Optional extra services, controlled by flags not defined by POSIX:
+ *
+ * GLOB_MAGCHAR:
+ *	Set in gl_flags if pattern contained a globbing character.
+ * GLOB_TILDE:
+ *	expand ~user/foo to the /home/dir/of/user/foo
+ * GLOB_BRACE:
+ *	expand {1,2}{a,b} to 1a 1b 2a 2b
+ * gl_matchc:
+ *	Number of matches in the current invocation of glob.
+ */
+
+#include <config.h>
+
+#include <sys/param.h>
+#include <sys/stat.h>
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+# include <malloc.h>
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <ctype.h>
+#ifdef HAVE_DIRENT_H
+# include <dirent.h>
+#else
+# define dirent direct
+# ifdef HAVE_SYS_NDIR_H
+#  include <sys/ndir.h>
+# endif
+# ifdef HAVE_SYS_DIR_H
+#  include <sys/dir.h>
+# endif
+# ifdef HAVE_NDIR_H
+#  include <ndir.h>
+# endif
+#endif
+#include <errno.h>
+#include <limits.h>
+#include <pwd.h>
+
+#include <compat.h>
+#include "emul/glob.h"
+#include "emul/charclass.h"
+
+#define	DOLLAR		'$'
+#define	DOT		'.'
+#define	EOS		'\0'
+#define	LBRACKET	'['
+#define	NOT		'!'
+#define	QUESTION	'?'
+#define	QUOTE		'\\'
+#define	RANGE		'-'
+#define	RBRACKET	']'
+#define	SEP		'/'
+#define	STAR		'*'
+#define	TILDE		'~'
+#define	UNDERSCORE	'_'
+#define	LBRACE		'{'
+#define	RBRACE		'}'
+#define	SLASH		'/'
+#define	COMMA		','
+
+#ifndef DEBUG
+
+#define	M_QUOTE		0x8000
+#define	M_PROTECT	0x4000
+#define	M_MASK		0xffff
+#define	M_ASCII		0x00ff
+
+typedef unsigned short Char;
+
+#else
+
+#define	M_QUOTE		0x80
+#define	M_PROTECT	0x40
+#define	M_MASK		0xff
+#define	M_ASCII		0x7f
+
+typedef char Char;
+
+#endif
+
+
+#define	CHAR(c)		((Char)((c)&M_ASCII))
+#define	META(c)		((Char)((c)|M_QUOTE))
+#define	M_ALL		META('*')
+#define	M_END		META(']')
+#define	M_NOT		META('!')
+#define	M_ONE		META('?')
+#define	M_RNG		META('-')
+#define	M_SET		META('[')
+#define	M_CLASS		META(':')
+#define	ismeta(c)	(((c)&M_QUOTE) != 0)
+
+
+static int	 compare __P((const void *, const void *));
+static int	 g_Ctoc __P((const Char *, char *, unsigned int));
+static int	 g_lstat __P((Char *, struct stat *, glob_t *));
+static DIR	*g_opendir __P((Char *, glob_t *));
+static Char	*g_strchr __P((const Char *, int));
+static int	 g_strncmp __P((const Char *, const char *, size_t));
+static int	 g_stat __P((Char *, struct stat *, glob_t *));
+static int	 glob0 __P((const Char *, glob_t *));
+static int	 glob1 __P((Char *, Char *, glob_t *));
+static int	 glob2 __P((Char *, Char *, Char *, Char *, Char *, Char *,
+		    glob_t *));
+static int	 glob3 __P((Char *, Char *, Char *, Char *, Char *, Char *,
+		    Char *, Char *, glob_t *));
+static int	 globextend __P((const Char *, glob_t *));
+static const Char *
+		 globtilde __P((const Char *, Char *, size_t, glob_t *));
+static int	 globexp1 __P((const Char *, glob_t *));
+static int	 globexp2 __P((const Char *, const Char *, glob_t *, int *));
+static int	 match __P((Char *, Char *, Char *));
+#ifdef DEBUG
+static void	 qprintf __P((const char *, Char *));
+#endif
+
+extern struct passwd *sudo_getpwnam __P((const char *));
+extern struct passwd *sudo_getpwuid __P((uid_t));
+
+int
+glob(pattern, flags, errfunc, pglob)
+	const char *pattern;
+	int flags, (*errfunc) __P((const char *, int));
+	glob_t *pglob;
+{
+	const unsigned char *patnext;
+	int c;
+	Char *bufnext, *bufend, patbuf[PATH_MAX];
+
+	patnext = (unsigned char *) pattern;
+	if (!(flags & GLOB_APPEND)) {
+		pglob->gl_pathc = 0;
+		pglob->gl_pathv = NULL;
+		if (!(flags & GLOB_DOOFFS))
+			pglob->gl_offs = 0;
+	}
+	pglob->gl_flags = flags & ~GLOB_MAGCHAR;
+	pglob->gl_errfunc = errfunc;
+	pglob->gl_matchc = 0;
+
+	bufnext = patbuf;
+	bufend = bufnext + PATH_MAX - 1;
+	if (flags & GLOB_NOESCAPE)
+		while (bufnext < bufend && (c = *patnext++) != EOS)
+			*bufnext++ = c;
+	else {
+		/* Protect the quoted characters. */
+		while (bufnext < bufend && (c = *patnext++) != EOS)
+			if (c == QUOTE) {
+				if ((c = *patnext++) == EOS) {
+					c = QUOTE;
+					--patnext;
+				}
+				*bufnext++ = c | M_PROTECT;
+			} else
+				*bufnext++ = c;
+	}
+	*bufnext = EOS;
+
+	if (flags & GLOB_BRACE)
+		return globexp1(patbuf, pglob);
+	else
+		return glob0(patbuf, pglob);
+}
+
+/*
+ * Expand recursively a glob {} pattern. When there is no more expansion
+ * invoke the standard globbing routine to glob the rest of the magic
+ * characters
+ */
+static int
+globexp1(pattern, pglob)
+	const Char *pattern;
+	glob_t *pglob;
+{
+	const Char* ptr = pattern;
+	int rv;
+
+	/* Protect a single {}, for find(1), like csh */
+	if (pattern[0] == LBRACE && pattern[1] == RBRACE && pattern[2] == EOS)
+		return glob0(pattern, pglob);
+
+	while ((ptr = (const Char *) g_strchr(ptr, LBRACE)) != NULL)
+		if (!globexp2(ptr, pattern, pglob, &rv))
+			return rv;
+
+	return glob0(pattern, pglob);
+}
+
+
+/*
+ * Recursive brace globbing helper. Tries to expand a single brace.
+ * If it succeeds then it invokes globexp1 with the new pattern.
+ * If it fails then it tries to glob the rest of the pattern and returns.
+ */
+static int
+globexp2(ptr, pattern, pglob, rv)
+	const Char *ptr, *pattern;
+	glob_t *pglob;
+	int *rv;
+{
+	int     i;
+	Char   *lm, *ls;
+	const Char *pe, *pm, *pl;
+	Char    patbuf[PATH_MAX];
+
+	/* copy part up to the brace */
+	for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++)
+		continue;
+	*lm = EOS;
+	ls = lm;
+
+	/* Find the balanced brace */
+	for (i = 0, pe = ++ptr; *pe; pe++)
+		if (*pe == LBRACKET) {
+			/* Ignore everything between [] */
+			for (pm = pe++; *pe != RBRACKET && *pe != EOS; pe++)
+				continue;
+			if (*pe == EOS) {
+				/*
+				 * We could not find a matching RBRACKET.
+				 * Ignore and just look for RBRACE
+				 */
+				pe = pm;
+			}
+		} else if (*pe == LBRACE)
+			i++;
+		else if (*pe == RBRACE) {
+			if (i == 0)
+				break;
+			i--;
+		}
+
+	/* Non matching braces; just glob the pattern */
+	if (i != 0 || *pe == EOS) {
+		*rv = glob0(patbuf, pglob);
+		return 0;
+	}
+
+	for (i = 0, pl = pm = ptr; pm <= pe; pm++) {
+		switch (*pm) {
+		case LBRACKET:
+			/* Ignore everything between [] */
+			for (pl = pm++; *pm != RBRACKET && *pm != EOS; pm++)
+				continue;
+			if (*pm == EOS) {
+				/*
+				 * We could not find a matching RBRACKET.
+				 * Ignore and just look for RBRACE
+				 */
+				pm = pl;
+			}
+			break;
+
+		case LBRACE:
+			i++;
+			break;
+
+		case RBRACE:
+			if (i) {
+				i--;
+				break;
+			}
+			/* FALLTHROUGH */
+		case COMMA:
+			if (i && *pm == COMMA)
+				break;
+			else {
+				/* Append the current string */
+				for (lm = ls; (pl < pm); *lm++ = *pl++)
+					continue;
+
+				/*
+				 * Append the rest of the pattern after the
+				 * closing brace
+				 */
+				for (pl = pe + 1; (*lm++ = *pl++) != EOS; )
+					continue;
+
+				/* Expand the current pattern */
+#ifdef DEBUG
+				qprintf("globexp2:", patbuf);
+#endif
+				*rv = globexp1(patbuf, pglob);
+
+				/* move after the comma, to the next string */
+				pl = pm + 1;
+			}
+			break;
+
+		default:
+			break;
+		}
+	}
+	*rv = 0;
+	return 0;
+}
+
+
+
+/*
+ * expand tilde from the passwd file.
+ */
+static const Char *
+globtilde(pattern, patbuf, patbuf_len, pglob)
+	const Char *pattern;
+	Char *patbuf;
+	size_t patbuf_len;
+	glob_t *pglob;
+{
+	struct passwd *pwd;
+	char *h;
+	const Char *p;
+	Char *b, *eb;
+
+	if (*pattern != TILDE || !(pglob->gl_flags & GLOB_TILDE))
+		return pattern;
+
+	/* Copy up to the end of the string or / */
+	eb = &patbuf[patbuf_len - 1];
+	for (p = pattern + 1, h = (char *) patbuf;
+	    h < (char *)eb && *p && *p != SLASH; *h++ = *p++)
+		continue;
+
+	*h = EOS;
+
+	if (((char *) patbuf)[0] == EOS) {
+		/*
+		 * handle a plain ~ or ~/ by expanding $HOME
+		 * first and then trying the password file
+		 */
+		if ((h = getenv("HOME")) == NULL) {
+			if ((pwd = sudo_getpwuid(getuid())) == NULL)
+				return pattern;
+			else
+				h = pwd->pw_dir;
+		}
+	} else {
+		/*
+		 * Expand a ~user
+		 */
+		if ((pwd = sudo_getpwnam((char*) patbuf)) == NULL)
+			return pattern;
+		else
+			h = pwd->pw_dir;
+	}
+
+	/* Copy the home directory */
+	for (b = patbuf; b < eb && *h; *b++ = *h++)
+		continue;
+
+	/* Append the rest of the pattern */
+	while (b < eb && (*b++ = *p++) != EOS)
+		continue;
+	*b = EOS;
+
+	return patbuf;
+}
+
+static int
+g_strncmp(s1, s2, n)
+	const Char *s1;
+	const char *s2;
+	size_t n;
+{
+	int rv = 0;
+
+	while (n--) {
+		rv = *(Char *)s1 - *(const unsigned char *)s2++;
+		if (rv)
+			break;
+		if (*s1++ == '\0')
+			break;
+	}
+	return rv;
+}
+
+static int
+g_charclass(patternp, bufnextp)
+	const Char **patternp;
+	Char **bufnextp;
+{
+	const Char *pattern = *patternp + 1;
+	Char *bufnext = *bufnextp;
+	const Char *colon;
+	struct cclass *cc;
+	size_t len;
+
+	if ((colon = g_strchr(pattern, ':')) == NULL || colon[1] != ']')
+		return 1;	/* not a character class */
+
+	len = (size_t)(colon - pattern);
+	for (cc = cclasses; cc->name != NULL; cc++) {
+		if (!g_strncmp(pattern, cc->name, len) && cc->name[len] == '\0')
+			break;
+	}
+	if (cc->name == NULL)
+		return -1;	/* invalid character class */
+	*bufnext++ = M_CLASS;
+	*bufnext++ = (Char)(cc - &cclasses[0]);
+	*bufnextp = bufnext;
+	*patternp += len + 3;
+
+	return 0;
+}
+
+/*
+ * The main glob() routine: compiles the pattern (optionally processing
+ * quotes), calls glob1() to do the real pattern matching, and finally
+ * sorts the list (unless unsorted operation is requested).  Returns 0
+ * if things went well, nonzero if errors occurred.  It is not an error
+ * to find no matches.
+ */
+static int
+glob0(pattern, pglob)
+	const Char *pattern;
+	glob_t *pglob;
+{
+	const Char *qpatnext;
+	int c, err, oldpathc;
+	Char *bufnext, patbuf[PATH_MAX];
+
+	qpatnext = globtilde(pattern, patbuf, PATH_MAX, pglob);
+	oldpathc = pglob->gl_pathc;
+	bufnext = patbuf;
+
+	/* We don't need to check for buffer overflow any more. */
+	while ((c = *qpatnext++) != EOS) {
+		switch (c) {
+		case LBRACKET:
+			c = *qpatnext;
+			if (c == NOT)
+				++qpatnext;
+			if (*qpatnext == EOS ||
+			    g_strchr(qpatnext+1, RBRACKET) == NULL) {
+				*bufnext++ = LBRACKET;
+				if (c == NOT)
+					--qpatnext;
+				break;
+			}
+			*bufnext++ = M_SET;
+			if (c == NOT)
+				*bufnext++ = M_NOT;
+			c = *qpatnext++;
+			do {
+				if (c == LBRACKET && *qpatnext == ':') {
+					do {
+						err = g_charclass(&qpatnext,
+						    &bufnext);
+						if (err)
+							break;
+						c = *qpatnext++;
+					} while (c == LBRACKET && *qpatnext == ':');
+					if (err == -1 &&
+					    !(pglob->gl_flags & GLOB_NOCHECK))
+						return GLOB_NOMATCH;
+					if (c == RBRACKET)
+						break;
+				}
+				*bufnext++ = CHAR(c);
+				if (*qpatnext == RANGE &&
+				    (c = qpatnext[1]) != RBRACKET) {
+					*bufnext++ = M_RNG;
+					*bufnext++ = CHAR(c);
+					qpatnext += 2;
+				}
+			} while ((c = *qpatnext++) != RBRACKET);
+			pglob->gl_flags |= GLOB_MAGCHAR;
+			*bufnext++ = M_END;
+			break;
+		case QUESTION:
+			pglob->gl_flags |= GLOB_MAGCHAR;
+			*bufnext++ = M_ONE;
+			break;
+		case STAR:
+			pglob->gl_flags |= GLOB_MAGCHAR;
+			/* collapse adjacent stars to one,
+			 * to avoid exponential behavior
+			 */
+			if (bufnext == patbuf || bufnext[-1] != M_ALL)
+				*bufnext++ = M_ALL;
+			break;
+		default:
+			*bufnext++ = CHAR(c);
+			break;
+		}
+	}
+	*bufnext = EOS;
+#ifdef DEBUG
+	qprintf("glob0:", patbuf);
+#endif
+
+	if ((err = glob1(patbuf, patbuf + PATH_MAX - 1, pglob)) != 0)
+		return(err);
+
+	/*
+	 * If there was no match we are going to append the pattern
+	 * if GLOB_NOCHECK was specified.
+	 */
+	if (pglob->gl_pathc == oldpathc) {
+		if (pglob->gl_flags & GLOB_NOCHECK)
+			return(globextend(pattern, pglob));
+		else
+			return(GLOB_NOMATCH);
+	}
+	if (!(pglob->gl_flags & GLOB_NOSORT))
+		qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc,
+		    pglob->gl_pathc - oldpathc, sizeof(char *), compare);
+	return(0);
+}
+
+static int
+compare(p, q)
+	const void *p, *q;
+{
+	return(strcmp(*(char **)p, *(char **)q));
+}
+
+static int
+glob1(pattern, pattern_last,  pglob)
+	Char *pattern, *pattern_last;
+	glob_t *pglob;
+{
+	Char pathbuf[PATH_MAX];
+
+	/* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */
+	if (*pattern == EOS)
+		return(0);
+	return(glob2(pathbuf, pathbuf + PATH_MAX - 1,
+	    pathbuf, pathbuf + PATH_MAX - 1,
+	    pattern, pattern_last, pglob));
+}
+
+/*
+ * The functions glob2 and glob3 are mutually recursive; there is one level
+ * of recursion for each segment in the pattern that contains one or more
+ * meta characters.
+ */
+static int
+glob2(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last, pglob)
+	Char *pathbuf, *pathbuf_last;
+	Char *pathend, *pathend_last;
+	Char *pattern, *pattern_last;
+	glob_t *pglob;
+{
+	struct stat sb;
+	Char *p, *q;
+	int anymeta;
+
+	/*
+	 * Loop over pattern segments until end of pattern or until
+	 * segment with meta character found.
+	 */
+	for (anymeta = 0;;) {
+		if (*pattern == EOS) {		/* End of pattern? */
+			*pathend = EOS;
+			if (g_lstat(pathbuf, &sb, pglob))
+				return(0);
+
+			if (((pglob->gl_flags & GLOB_MARK) &&
+			    pathend[-1] != SEP) && (S_ISDIR(sb.st_mode) ||
+			    (S_ISLNK(sb.st_mode) &&
+			    (g_stat(pathbuf, &sb, pglob) == 0) &&
+			    S_ISDIR(sb.st_mode)))) {
+				if (pathend+1 > pathend_last)
+					return (1);
+				*pathend++ = SEP;
+				*pathend = EOS;
+			}
+			++pglob->gl_matchc;
+			return(globextend(pathbuf, pglob));
+		}
+
+		/* Find end of next segment, copy tentatively to pathend. */
+		q = pathend;
+		p = pattern;
+		while (*p != EOS && *p != SEP) {
+			if (ismeta(*p))
+				anymeta = 1;
+			if (q+1 > pathend_last)
+				return (1);
+			*q++ = *p++;
+		}
+
+		if (!anymeta) {		/* No expansion, do next segment. */
+			pathend = q;
+			pattern = p;
+			while (*pattern == SEP) {
+				if (pathend+1 > pathend_last)
+					return (1);
+				*pathend++ = *pattern++;
+			}
+		} else
+			/* Need expansion, recurse. */
+			return(glob3(pathbuf, pathbuf_last, pathend,
+			    pathend_last, pattern, pattern_last,
+			    p, pattern_last, pglob));
+	}
+	/* NOTREACHED */
+}
+
+static int
+glob3(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last,
+    restpattern, restpattern_last, pglob)
+	Char *pathbuf, *pathbuf_last, *pathend, *pathend_last;
+	Char *pattern, *pattern_last, *restpattern, *restpattern_last;
+	glob_t *pglob;
+{
+	struct dirent *dp;
+	DIR *dirp;
+	int err;
+	char buf[PATH_MAX];
+
+	if (pathend > pathend_last)
+		return (1);
+	*pathend = EOS;
+	errno = 0;
+
+	if ((dirp = g_opendir(pathbuf, pglob)) == NULL) {
+		/* TODO: don't call for ENOENT or ENOTDIR? */
+		if (pglob->gl_errfunc) {
+			if (g_Ctoc(pathbuf, buf, sizeof(buf)))
+				return(GLOB_ABORTED);
+			if (pglob->gl_errfunc(buf, errno) ||
+			    pglob->gl_flags & GLOB_ERR)
+				return(GLOB_ABORTED);
+		}
+		return(0);
+	}
+
+	err = 0;
+
+	/* Search directory for matching names. */
+	while ((dp = readdir(dirp))) {
+		unsigned char *sc;
+		Char *dc;
+
+		/* Initial DOT must be matched literally. */
+		if (dp->d_name[0] == DOT && *pattern != DOT)
+			continue;
+		dc = pathend;
+		sc = (unsigned char *) dp->d_name;
+		while (dc < pathend_last && (*dc++ = *sc++) != EOS)
+			continue;
+		if (dc >= pathend_last) {
+			*dc = EOS;
+			err = 1;
+			break;
+		}
+
+		if (!match(pathend, pattern, restpattern)) {
+			*pathend = EOS;
+			continue;
+		}
+		err = glob2(pathbuf, pathbuf_last, --dc, pathend_last,
+		    restpattern, restpattern_last, pglob);
+		if (err)
+			break;
+	}
+
+	closedir(dirp);
+	return(err);
+}
+
+/*
+ * Extend the gl_pathv member of a glob_t structure to accommodate a new item,
+ * add the new item, and update gl_pathc.
+ *
+ * This assumes the BSD realloc, which only copies the block when its size
+ * crosses a power-of-two boundary; for v7 realloc, this would cause quadratic
+ * behavior.
+ *
+ * Return 0 if new item added, error code if memory couldn't be allocated.
+ *
+ * Invariant of the glob_t structure:
+ *	Either gl_pathc is zero and gl_pathv is NULL; or gl_pathc > 0 and
+ *	gl_pathv points to (gl_offs + gl_pathc + 1) items.
+ */
+static int
+globextend(path, pglob)
+	const Char *path;
+	glob_t *pglob;
+{
+	char **pathv;
+	int i;
+	unsigned int newsize, len;
+	char *copy;
+	const Char *p;
+
+	newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs);
+	pathv = pglob->gl_pathv ?
+	    (char **)realloc((char *)pglob->gl_pathv, newsize) :
+	    (char **)malloc(newsize);
+	if (pathv == NULL) {
+		if (pglob->gl_pathv) {
+			free(pglob->gl_pathv);
+			pglob->gl_pathv = NULL;
+		}
+		return(GLOB_NOSPACE);
+	}
+
+	if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) {
+		/* first time around -- clear initial gl_offs items */
+		pathv += pglob->gl_offs;
+		for (i = pglob->gl_offs; --i >= 0; )
+			*--pathv = NULL;
+	}
+	pglob->gl_pathv = pathv;
+
+	for (p = path; *p++;)
+		continue;
+	len = (size_t)(p - path);
+	if ((copy = malloc(len)) != NULL) {
+		if (g_Ctoc(path, copy, len)) {
+			free(copy);
+			return(GLOB_NOSPACE);
+		}
+		pathv[pglob->gl_offs + pglob->gl_pathc++] = copy;
+	}
+	pathv[pglob->gl_offs + pglob->gl_pathc] = NULL;
+
+	return(copy == NULL ? GLOB_NOSPACE : 0);
+}
+
+/*
+ * pattern matching function for filenames.  Each occurrence of the *
+ * pattern causes a recursion level.
+ */
+static int
+match(name, pat, patend)
+	Char *name, *pat, *patend;
+{
+	int ok, negate_range;
+	Char c, k;
+
+	while (pat < patend) {
+		c = *pat++;
+		switch (c & M_MASK) {
+		case M_ALL:
+			if (pat == patend)
+				return(1);
+			do {
+			    if (match(name, pat, patend))
+				    return(1);
+			} while (*name++ != EOS);
+			return(0);
+		case M_ONE:
+			if (*name++ == EOS)
+				return(0);
+			break;
+		case M_SET:
+			ok = 0;
+			if ((k = *name++) == EOS)
+				return(0);
+			if ((negate_range = ((*pat & M_MASK) == M_NOT)) != EOS)
+				++pat;
+			while (((c = *pat++) & M_MASK) != M_END) {
+				if ((c & M_MASK) == M_CLASS) {
+					int idx = *pat & M_MASK;
+					if (idx < NCCLASSES &&
+					    cclasses[idx].isctype(k))
+						ok = 1;
+					++pat;
+				}
+				if ((*pat & M_MASK) == M_RNG) {
+					if (c <= k && k <= pat[1])
+						ok = 1;
+					pat += 2;
+				} else if (c == k)
+					ok = 1;
+			}
+			if (ok == negate_range)
+				return(0);
+			break;
+		default:
+			if (*name++ != c)
+				return(0);
+			break;
+		}
+	}
+	return(*name == EOS);
+}
+
+/* Free allocated data belonging to a glob_t structure. */
+void
+globfree(pglob)
+	glob_t *pglob;
+{
+	int i;
+	char **pp;
+
+	if (pglob->gl_pathv != NULL) {
+		pp = pglob->gl_pathv + pglob->gl_offs;
+		for (i = pglob->gl_pathc; i--; ++pp)
+			if (*pp)
+				free(*pp);
+		free(pglob->gl_pathv);
+		pglob->gl_pathv = NULL;
+	}
+}
+
+static DIR *
+g_opendir(str, pglob)
+	Char *str;
+	glob_t *pglob;
+{
+	char buf[PATH_MAX];
+
+	if (!*str) {
+		buf[0] = '.';
+		buf[1] = '\0';
+	} else {
+		if (g_Ctoc(str, buf, sizeof(buf)))
+			return(NULL);
+	}
+	return(opendir(buf));
+}
+
+static int
+g_lstat(fn, sb, pglob)
+	Char *fn;
+	struct stat *sb;
+	glob_t *pglob;
+{
+	char buf[PATH_MAX];
+
+	if (g_Ctoc(fn, buf, sizeof(buf)))
+		return(-1);
+	return(lstat(buf, sb));
+}
+
+static int
+g_stat(fn, sb, pglob)
+	Char *fn;
+	struct stat *sb;
+	glob_t *pglob;
+{
+	char buf[PATH_MAX];
+
+	if (g_Ctoc(fn, buf, sizeof(buf)))
+		return(-1);
+	return(stat(buf, sb));
+}
+
+static Char *
+g_strchr(str, ch)
+	const Char *str;
+	int ch;
+{
+	do {
+		if (*str == ch)
+			return ((Char *)str);
+	} while (*str++);
+	return (NULL);
+}
+
+static int
+g_Ctoc(str, buf, len)
+	const Char *str;
+	char *buf;
+	unsigned int len;
+{
+
+	while (len--) {
+		if ((*buf++ = *str++) == EOS)
+			return (0);
+	}
+	return (1);
+}
+
+#ifdef DEBUG
+static void
+qprintf(str, s)
+	const char *str;
+	Char *s;
+{
+	Char *p;
+
+	(void)printf("%s:\n", str);
+	for (p = s; *p; p++)
+		(void)printf("%c", CHAR(*p));
+	(void)printf("\n");
+	for (p = s; *p; p++)
+		(void)printf("%c", *p & M_PROTECT ? '"' : ' ');
+	(void)printf("\n");
+	for (p = s; *p; p++)
+		(void)printf("%c", ismeta(*p) ? '_' : ' ');
+	(void)printf("\n");
+}
+#endif
diff --git a/sudo-1.7.4p4/goodpath.c b/sudo-1.7.4p4/goodpath.c
new file mode 100644
index 0000000..1971314
--- /dev/null
+++ b/sudo-1.7.4p4/goodpath.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 1996, 1998-2005, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <errno.h>
+
+#include "sudo.h"
+
+/*
+ * Verify that path is a normal file and executable by root.
+ */
+char *
+sudo_goodpath(path, sbp)
+    const char *path;
+    struct stat *sbp;
+{
+    struct stat sb;
+
+    /* Check for brain damage */
+    if (path == NULL || path[0] == '\0')
+	return(NULL);
+
+    if (stat(path, &sb))
+	return(NULL);
+
+    /* Make sure path describes an executable regular file. */
+    if (!S_ISREG(sb.st_mode) || !(sb.st_mode & 0000111)) {
+	errno = EACCES;
+	return(NULL);
+    }
+
+    if (sbp != NULL)
+	(void) memcpy(sbp, &sb, sizeof(struct stat));
+    return((char *)path);
+}
diff --git a/sudo-1.7.4p4/gram.c b/sudo-1.7.4p4/gram.c
new file mode 100644
index 0000000..d2e8b46
--- /dev/null
+++ b/sudo-1.7.4p4/gram.c
@@ -0,0 +1,1665 @@
+#include <stdlib.h>
+#include <string.h>
+#define YYBYACC 1
+#define YYMAJOR 1
+#define YYMINOR 9
+#define YYLEX yylex()
+#define YYEMPTY -1
+#define yyclearin (yychar=(YYEMPTY))
+#define yyerrok (yyerrflag=0)
+#define YYRECOVERING() (yyerrflag!=0)
+#define YYPREFIX "yy"
+#line 2 "gram.y"
+/*
+ * Copyright (c) 1996, 1998-2005, 2007-2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__)
+# include <alloca.h>
+#endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */
+#include <limits.h>
+
+#include "sudo.h"
+#include "parse.h"
+
+/*
+ * We must define SIZE_MAX for yacc's skeleton.c.
+ * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t
+ * could be signed (as it is on SunOS 4.x).
+ */
+#ifndef SIZE_MAX
+# ifdef SIZE_T_MAX
+#  define SIZE_MAX	SIZE_T_MAX
+# else
+#  define SIZE_MAX	INT_MAX
+# endif /* SIZE_T_MAX */
+#endif /* SIZE_MAX */
+
+/*
+ * Globals
+ */
+extern int sudolineno;
+extern char *sudoers;
+int parse_error;
+int pedantic = FALSE;
+int verbose = FALSE;
+int errorlineno = -1;
+char *errorfile = NULL;
+
+struct defaults_list defaults;
+struct userspec_list userspecs;
+
+/*
+ * Local protoypes
+ */
+static void  add_defaults	__P((int, struct member *, struct defaults *));
+static void  add_userspec	__P((struct member *, struct privilege *));
+static struct defaults *new_default __P((char *, char *, int));
+static struct member *new_member __P((char *, int));
+       void  yyerror		__P((const char *));
+
+void
+yyerror(s)
+    const char *s;
+{
+    /* Save the line the first error occurred on. */
+    if (errorlineno == -1) {
+	errorlineno = sudolineno ? sudolineno - 1 : 0;
+	errorfile = estrdup(sudoers);
+    }
+    if (verbose && s != NULL) {
+#ifndef TRACELEXER
+	(void) fprintf(stderr, ">>> %s: %s near line %d <<<\n", sudoers, s,
+	    sudolineno ? sudolineno - 1 : 0);
+#else
+	(void) fprintf(stderr, "<*> ");
+#endif
+    }
+    parse_error = TRUE;
+}
+#line 112 "gram.y"
+#ifndef YYSTYPE_DEFINED
+#define YYSTYPE_DEFINED
+typedef union {
+    struct cmndspec *cmndspec;
+    struct defaults *defaults;
+    struct member *member;
+    struct runascontainer *runas;
+    struct privilege *privilege;
+    struct sudo_command command;
+    struct cmndtag tag;
+    struct selinux_info seinfo;
+    char *string;
+    int tok;
+} YYSTYPE;
+#endif /* YYSTYPE_DEFINED */
+#line 138 "y.tab.c"
+#define COMMAND 257
+#define ALIAS 258
+#define DEFVAR 259
+#define NTWKADDR 260
+#define NETGROUP 261
+#define USERGROUP 262
+#define WORD 263
+#define DEFAULTS 264
+#define DEFAULTS_HOST 265
+#define DEFAULTS_USER 266
+#define DEFAULTS_RUNAS 267
+#define DEFAULTS_CMND 268
+#define NOPASSWD 269
+#define PASSWD 270
+#define NOEXEC 271
+#define EXEC 272
+#define SETENV 273
+#define NOSETENV 274
+#define LOG_INPUT 275
+#define NOLOG_INPUT 276
+#define LOG_OUTPUT 277
+#define NOLOG_OUTPUT 278
+#define ALL 279
+#define COMMENT 280
+#define HOSTALIAS 281
+#define CMNDALIAS 282
+#define USERALIAS 283
+#define RUNASALIAS 284
+#define ERROR 285
+#define TYPE 286
+#define ROLE 287
+#define YYERRCODE 256
+#if defined(__cplusplus) || defined(__STDC__)
+const short yylhs[] =
+#else
+short yylhs[] =
+#endif
+	{                                        -1,
+    0,    0,   25,   25,   26,   26,   26,   26,   26,   26,
+   26,   26,   26,   26,   26,   26,    4,    4,    3,    3,
+    3,    3,    3,   20,   20,   19,   10,   10,    8,    8,
+    8,    8,    8,    2,    2,    1,    6,    6,   23,   24,
+   22,   22,   22,   22,   22,   17,   17,   18,   18,   18,
+   21,   21,   21,   21,   21,   21,   21,   21,   21,   21,
+   21,    5,    5,    5,   28,   28,   31,    9,    9,   29,
+   29,   32,    7,    7,   30,   30,   33,   27,   27,   34,
+   13,   13,   11,   11,   12,   12,   12,   12,   12,   16,
+   16,   14,   14,   15,   15,   15,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yylen[] =
+#else
+short yylen[] =
+#endif
+	{                                         2,
+    0,    1,    1,    2,    1,    2,    2,    2,    2,    2,
+    2,    2,    3,    3,    3,    3,    1,    3,    1,    2,
+    3,    3,    3,    1,    3,    3,    1,    2,    1,    1,
+    1,    1,    1,    1,    3,    4,    1,    2,    3,    3,
+    0,    1,    1,    2,    2,    0,    3,    1,    3,    2,
+    0,    2,    2,    2,    2,    2,    2,    2,    2,    2,
+    2,    1,    1,    1,    1,    3,    3,    1,    3,    1,
+    3,    3,    1,    3,    1,    3,    3,    1,    3,    3,
+    1,    3,    1,    2,    1,    1,    1,    1,    1,    1,
+    3,    1,    2,    1,    1,    1,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yydefred[] =
+#else
+short yydefred[] =
+#endif
+	{                                      0,
+    0,   85,   87,   88,   89,    0,    0,    0,    0,    0,
+   86,    5,    0,    0,    0,    0,    0,    0,   81,   83,
+    0,    0,    3,    6,    0,    0,   17,    0,   29,   32,
+   31,   33,   30,    0,   27,    0,   68,    0,    0,   64,
+   63,   62,    0,   37,   73,    0,    0,    0,   65,    0,
+    0,   70,    0,    0,   78,    0,    0,   75,   84,    0,
+    0,   24,    0,    4,    0,    0,    0,   20,    0,   28,
+    0,    0,    0,    0,   38,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,   82,    0,    0,   21,   22,
+   23,   18,   69,   74,    0,   66,    0,   71,    0,   79,
+    0,   76,    0,   34,    0,    0,   25,    0,    0,    0,
+    0,    0,    0,   51,    0,    0,   94,   96,   95,    0,
+   90,   92,    0,    0,   47,   35,    0,    0,    0,   44,
+   45,   93,    0,    0,   40,   39,   52,   53,   54,   55,
+   56,   57,   58,   59,   60,   61,   36,   91,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yydgoto[] =
+#else
+short yydgoto[] =
+#endif
+	{                                      18,
+  104,  105,   27,   28,   44,   45,   46,   35,   61,   37,
+   19,   20,   21,  121,  122,  123,  106,  110,   62,   63,
+  129,  114,  115,  116,   22,   23,   54,   48,   51,   57,
+   49,   52,   58,   55,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yysindex[] =
+#else
+short yysindex[] =
+#endif
+	{                                    475,
+ -270,    0,    0,    0,    0,  -29,  567,  594,  594,   -2,
+    0,    0, -240, -222, -216, -212, -241,    0,    0,    0,
+  -25,  475,    0,    0,  -10, -207,    0,    9,    0,    0,
+    0,    0,    0, -235,    0,  -33,    0,  -31,  -31,    0,
+    0,    0, -242,    0,    0,  -30,   -7,    3,    0,   -6,
+    4,    0,   -5,    6,    0,   -1,    8,    0,    0,  594,
+  -20,    0,   10,    0, -205, -196, -194,    0,  -29,    0,
+  567,    9,    9,    9,    0,   -2,    9,  567, -240,   -2,
+ -222,  594, -216,  594, -212,    0,   31,  567,    0,    0,
+    0,    0,    0,    0,   26,    0,   28,    0,   29,    0,
+   29,    0,  541,    0,   32, -247,    0,   86,  -15,   33,
+   31,   14,   16,    0, -208, -204,    0,    0,    0, -231,
+    0,    0,   38,   86,    0,    0, -179, -178,  491,    0,
+    0,    0,   86,   38,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yyrindex[] =
+#else
+short yyrindex[] =
+#endif
+	{                                     87,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,   90,    0,    0,    1,    0,    0,  177,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,  207,    0,    0,
+  237,    0,    0,  271,    0,    0,  300,    0,    0,    0,
+    0,    0,  329,    0,    0,    0,    0,    0,    0,    0,
+    0,  358,  387,  417,    0,    0,  446,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,  -26,    0,    0,    0,
+    0,    0,    0,    0,   30,    0,   59,    0,   89,    0,
+  118,    0,    0,    0,  148,  514,    0,    0,   45,    0,
+  -26,    0,    0,    0,  537,  565,    0,    0,    0,    0,
+    0,    0,   50,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,   52,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yygindex[] =
+#else
+short yygindex[] =
+#endif
+	{                                      0,
+  -17,    0,   27,   11,   54,  -64,   15,   64,    2,   34,
+   39,   84,   -3,  -27,  -18,  -21,    0,    0,   19,    0,
+    0,    0,  -12,   -4,    0,   88,    0,    0,    0,    0,
+   35,   40,   23,   37,
+};
+#define YYTABLESIZE 873
+#if defined(__cplusplus) || defined(__STDC__)
+const short yytable[] =
+#else
+short yytable[] =
+#endif
+	{                                      26,
+   19,   26,   26,   26,   38,   39,   46,   34,   36,   24,
+   71,   94,   60,   76,   40,   41,    2,   47,   60,    3,
+    4,    5,   29,   71,   30,   31,  117,   32,   60,   67,
+   43,  118,   66,   19,   67,   50,   42,   11,  112,  113,
+   87,   53,  124,   33,   19,   56,   72,  119,   73,   74,
+   65,   68,   69,   78,   80,   82,   77,   89,   72,   84,
+   79,   81,   67,   83,  147,   85,   90,   88,   91,   71,
+  103,   76,   60,  125,  127,  111,  128,  112,   99,   95,
+  101,  133,  113,  135,  136,   48,    1,   67,   80,    2,
+   50,   72,   49,  126,   97,   92,   75,   70,   86,  109,
+   59,  132,  134,  131,   93,  148,  107,  102,    0,   64,
+  130,    0,    0,   96,    0,    0,   72,   77,  120,  100,
+   98,   80,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,   80,   26,    0,    0,
+   77,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,   77,   12,    0,    0,    0,
+   26,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,   26,    9,    0,    0,   12,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,   25,    0,   25,   25,   25,
+   46,   46,   29,    0,   30,   31,   10,   32,    0,    9,
+    0,    0,   46,   46,   46,   46,   46,   46,   46,   46,
+   46,   46,   46,   33,   40,   41,   19,    0,   19,   46,
+   46,   19,   19,   19,   19,   19,   19,   19,   19,   10,
+    8,    0,    0,    0,    0,    0,   42,    0,    0,   19,
+   19,   19,   19,   19,   19,   67,    0,   67,    0,    0,
+   67,   67,   67,   67,   67,   67,   67,   67,    0,   11,
+    0,    0,    0,    8,    0,    0,    0,    0,   67,   67,
+   67,   67,   67,   67,   72,    0,   72,    0,    0,   72,
+   72,   72,   72,   72,   72,   72,   72,    0,    7,    0,
+    0,    0,   11,    0,    0,    0,    0,   72,   72,   72,
+   72,   72,   72,  117,   80,    0,   80,    0,  118,   80,
+   80,   80,   80,   80,   80,   80,   80,   15,    0,    0,
+    0,    7,    0,    0,  119,    0,    0,   80,   80,   80,
+   80,   80,   80,   77,    0,   77,    0,    0,   77,   77,
+   77,   77,   77,   77,   77,   77,   13,    0,    0,    0,
+   15,    0,    0,    0,    0,    0,   77,   77,   77,   77,
+   77,   77,    0,   26,    0,   26,    0,    0,   26,   26,
+   26,   26,   26,   26,   26,   26,   14,    0,    0,   13,
+    0,    0,    0,    0,    0,    0,   26,   26,   26,   26,
+   26,   26,   12,    0,   12,    0,    0,   12,   12,   12,
+   12,   12,   12,   12,   12,   16,    0,    0,    0,   14,
+    0,    0,    0,    0,    0,   12,   12,   12,   12,   12,
+   12,    0,    9,    0,    9,    0,    0,    9,    9,    9,
+    9,    9,    9,    9,    9,    0,    0,    0,   16,    0,
+    0,    0,    0,    0,    0,    9,    9,    9,    9,    9,
+    9,    0,   10,    0,   10,    0,    0,   10,   10,   10,
+   10,   10,   10,   10,   10,    0,    0,   17,    0,    0,
+    0,    0,    0,    0,    0,   10,   10,   10,   10,   10,
+   10,    0,    0,   43,    0,    0,    8,    0,    8,    0,
+    0,    8,    8,    8,    8,    8,    8,    8,    8,    0,
+    0,    0,    0,    0,    0,    0,   41,    0,    0,    8,
+    8,    8,    8,    8,    8,   11,    0,   11,    0,    0,
+   11,   11,   11,   11,   11,   11,   11,   11,    0,   42,
+    0,    0,    0,   17,    0,    0,    0,    0,   11,   11,
+   11,   11,   11,   11,    7,    0,    7,    0,    0,    7,
+    7,    7,    7,    7,    7,    7,    7,   43,  108,   34,
+    0,    0,    0,    0,    0,    0,    0,    7,    7,    7,
+    7,    7,    7,   15,    0,   15,    0,    0,   15,   15,
+   15,   15,   15,   15,   15,   15,   17,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,   15,   15,   15,   15,
+   15,   15,   13,    0,   13,    0,    0,   13,   13,   13,
+   13,   13,   13,   13,   13,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,   13,   13,   13,   13,   13,
+   13,    0,   14,    0,   14,    0,    0,   14,   14,   14,
+   14,   14,   14,   14,   14,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,    0,   14,   14,   14,   14,   14,
+   14,   16,    0,   16,    0,    0,   16,   16,   16,   16,
+   16,   16,   16,   16,    0,    0,    0,    0,    0,    0,
+    0,    0,    0,    0,   16,   16,   16,   16,   16,   16,
+    1,    0,    2,    0,    0,    3,    4,    5,    6,    7,
+    8,    9,   10,    0,    0,    0,    0,   40,   41,    0,
+    0,    0,    0,   11,   12,   13,   14,   15,   16,  137,
+  138,  139,  140,  141,  142,  143,  144,  145,  146,   42,
+   41,   41,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,   41,   41,   41,   41,   41,   41,   41,   41,
+   41,   41,   41,   42,   42,    0,    0,    0,    2,    0,
+    0,    3,    4,    5,    0,   42,   42,   42,   42,   42,
+   42,   42,   42,   42,   42,   42,    0,    0,    0,   11,
+    0,   43,   43,    0,   29,    0,   30,   31,    0,   32,
+    0,    0,    0,   43,   43,   43,   43,   43,   43,   43,
+   43,   43,   43,   43,    0,   33,    0,    0,    0,    0,
+    0,    2,    0,    0,    3,    4,    5,    0,    0,    0,
+    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+    0,    0,   11,
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const short yycheck[] =
+#else
+short yycheck[] =
+#endif
+	{                                      33,
+    0,   33,   33,   33,    8,    9,   33,   33,    7,  280,
+   44,   76,   44,   44,  257,  258,  258,  258,   44,  261,
+  262,  263,  258,   44,  260,  261,  258,  263,   44,    0,
+   33,  263,   43,   33,   45,  258,  279,  279,  286,  287,
+   61,  258,   58,  279,   44,  258,   36,  279,   38,   39,
+   61,  259,   44,   61,   61,   61,   46,  263,    0,   61,
+   58,   58,   33,   58,  129,   58,  263,   58,  263,   44,
+   40,   44,   44,   41,   61,   44,   61,  286,   82,   78,
+   84,   44,  287,  263,  263,   41,    0,   58,    0,    0,
+   41,   33,   41,  111,   80,   69,   43,   34,   60,  103,
+   17,  120,  124,  116,   71,  133,   88,   85,   -1,   22,
+  115,   -1,   -1,   79,   -1,   -1,   58,    0,   33,   83,
+   81,   33,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   58,    0,   -1,   -1,
+   33,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   58,    0,   -1,   -1,   -1,
+   33,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   58,    0,   -1,   -1,   33,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,  259,   -1,  259,  259,  259,
+  257,  258,  258,   -1,  260,  261,    0,  263,   -1,   33,
+   -1,   -1,  269,  270,  271,  272,  273,  274,  275,  276,
+  277,  278,  279,  279,  257,  258,  256,   -1,  258,  286,
+  287,  261,  262,  263,  264,  265,  266,  267,  268,   33,
+    0,   -1,   -1,   -1,   -1,   -1,  279,   -1,   -1,  279,
+  280,  281,  282,  283,  284,  256,   -1,  258,   -1,   -1,
+  261,  262,  263,  264,  265,  266,  267,  268,   -1,    0,
+   -1,   -1,   -1,   33,   -1,   -1,   -1,   -1,  279,  280,
+  281,  282,  283,  284,  256,   -1,  258,   -1,   -1,  261,
+  262,  263,  264,  265,  266,  267,  268,   -1,    0,   -1,
+   -1,   -1,   33,   -1,   -1,   -1,   -1,  279,  280,  281,
+  282,  283,  284,  258,  256,   -1,  258,   -1,  263,  261,
+  262,  263,  264,  265,  266,  267,  268,    0,   -1,   -1,
+   -1,   33,   -1,   -1,  279,   -1,   -1,  279,  280,  281,
+  282,  283,  284,  256,   -1,  258,   -1,   -1,  261,  262,
+  263,  264,  265,  266,  267,  268,    0,   -1,   -1,   -1,
+   33,   -1,   -1,   -1,   -1,   -1,  279,  280,  281,  282,
+  283,  284,   -1,  256,   -1,  258,   -1,   -1,  261,  262,
+  263,  264,  265,  266,  267,  268,    0,   -1,   -1,   33,
+   -1,   -1,   -1,   -1,   -1,   -1,  279,  280,  281,  282,
+  283,  284,  256,   -1,  258,   -1,   -1,  261,  262,  263,
+  264,  265,  266,  267,  268,    0,   -1,   -1,   -1,   33,
+   -1,   -1,   -1,   -1,   -1,  279,  280,  281,  282,  283,
+  284,   -1,  256,   -1,  258,   -1,   -1,  261,  262,  263,
+  264,  265,  266,  267,  268,   -1,   -1,   -1,   33,   -1,
+   -1,   -1,   -1,   -1,   -1,  279,  280,  281,  282,  283,
+  284,   -1,  256,   -1,  258,   -1,   -1,  261,  262,  263,
+  264,  265,  266,  267,  268,   -1,   -1,   33,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,  279,  280,  281,  282,  283,
+  284,   -1,   -1,   33,   -1,   -1,  256,   -1,  258,   -1,
+   -1,  261,  262,  263,  264,  265,  266,  267,  268,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   33,   -1,   -1,  279,
+  280,  281,  282,  283,  284,  256,   -1,  258,   -1,   -1,
+  261,  262,  263,  264,  265,  266,  267,  268,   -1,   33,
+   -1,   -1,   -1,   33,   -1,   -1,   -1,   -1,  279,  280,
+  281,  282,  283,  284,  256,   -1,  258,   -1,   -1,  261,
+  262,  263,  264,  265,  266,  267,  268,   33,   58,   33,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,  279,  280,  281,
+  282,  283,  284,  256,   -1,  258,   -1,   -1,  261,  262,
+  263,  264,  265,  266,  267,  268,   33,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,  279,  280,  281,  282,
+  283,  284,  256,   -1,  258,   -1,   -1,  261,  262,  263,
+  264,  265,  266,  267,  268,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,  279,  280,  281,  282,  283,
+  284,   -1,  256,   -1,  258,   -1,   -1,  261,  262,  263,
+  264,  265,  266,  267,  268,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,  279,  280,  281,  282,  283,
+  284,  256,   -1,  258,   -1,   -1,  261,  262,  263,  264,
+  265,  266,  267,  268,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,  279,  280,  281,  282,  283,  284,
+  256,   -1,  258,   -1,   -1,  261,  262,  263,  264,  265,
+  266,  267,  268,   -1,   -1,   -1,   -1,  257,  258,   -1,
+   -1,   -1,   -1,  279,  280,  281,  282,  283,  284,  269,
+  270,  271,  272,  273,  274,  275,  276,  277,  278,  279,
+  257,  258,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,  269,  270,  271,  272,  273,  274,  275,  276,
+  277,  278,  279,  257,  258,   -1,   -1,   -1,  258,   -1,
+   -1,  261,  262,  263,   -1,  269,  270,  271,  272,  273,
+  274,  275,  276,  277,  278,  279,   -1,   -1,   -1,  279,
+   -1,  257,  258,   -1,  258,   -1,  260,  261,   -1,  263,
+   -1,   -1,   -1,  269,  270,  271,  272,  273,  274,  275,
+  276,  277,  278,  279,   -1,  279,   -1,   -1,   -1,   -1,
+   -1,  258,   -1,   -1,  261,  262,  263,   -1,   -1,   -1,
+   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,
+   -1,   -1,  279,
+};
+#define YYFINAL 18
+#ifndef YYDEBUG
+#define YYDEBUG 0
+#endif
+#define YYMAXTOKEN 287
+#if YYDEBUG
+#if defined(__cplusplus) || defined(__STDC__)
+const char * const yyname[] =
+#else
+char *yyname[] =
+#endif
+	{
+"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+"'!'",0,0,0,0,0,0,"'('","')'",0,"'+'","','","'-'",0,0,0,0,0,0,0,0,0,0,0,0,"':'",
+0,0,"'='",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+"COMMAND","ALIAS","DEFVAR","NTWKADDR","NETGROUP","USERGROUP","WORD","DEFAULTS",
+"DEFAULTS_HOST","DEFAULTS_USER","DEFAULTS_RUNAS","DEFAULTS_CMND","NOPASSWD",
+"PASSWD","NOEXEC","EXEC","SETENV","NOSETENV","LOG_INPUT","NOLOG_INPUT",
+"LOG_OUTPUT","NOLOG_OUTPUT","ALL","COMMENT","HOSTALIAS","CMNDALIAS","USERALIAS",
+"RUNASALIAS","ERROR","TYPE","ROLE",
+};
+#if defined(__cplusplus) || defined(__STDC__)
+const char * const yyrule[] =
+#else
+char *yyrule[] =
+#endif
+	{"$accept : file",
+"file :",
+"file : line",
+"line : entry",
+"line : line entry",
+"entry : COMMENT",
+"entry : error COMMENT",
+"entry : userlist privileges",
+"entry : USERALIAS useraliases",
+"entry : HOSTALIAS hostaliases",
+"entry : CMNDALIAS cmndaliases",
+"entry : RUNASALIAS runasaliases",
+"entry : DEFAULTS defaults_list",
+"entry : DEFAULTS_USER userlist defaults_list",
+"entry : DEFAULTS_RUNAS userlist defaults_list",
+"entry : DEFAULTS_HOST hostlist defaults_list",
+"entry : DEFAULTS_CMND cmndlist defaults_list",
+"defaults_list : defaults_entry",
+"defaults_list : defaults_list ',' defaults_entry",
+"defaults_entry : DEFVAR",
+"defaults_entry : '!' DEFVAR",
+"defaults_entry : DEFVAR '=' WORD",
+"defaults_entry : DEFVAR '+' WORD",
+"defaults_entry : DEFVAR '-' WORD",
+"privileges : privilege",
+"privileges : privileges ':' privilege",
+"privilege : hostlist '=' cmndspeclist",
+"ophost : host",
+"ophost : '!' host",
+"host : ALIAS",
+"host : ALL",
+"host : NETGROUP",
+"host : NTWKADDR",
+"host : WORD",
+"cmndspeclist : cmndspec",
+"cmndspeclist : cmndspeclist ',' cmndspec",
+"cmndspec : runasspec selinux cmndtag opcmnd",
+"opcmnd : cmnd",
+"opcmnd : '!' cmnd",
+"rolespec : ROLE '=' WORD",
+"typespec : TYPE '=' WORD",
+"selinux :",
+"selinux : rolespec",
+"selinux : typespec",
+"selinux : rolespec typespec",
+"selinux : typespec rolespec",
+"runasspec :",
+"runasspec : '(' runaslist ')'",
+"runaslist : userlist",
+"runaslist : userlist ':' grouplist",
+"runaslist : ':' grouplist",
+"cmndtag :",
+"cmndtag : cmndtag NOPASSWD",
+"cmndtag : cmndtag PASSWD",
+"cmndtag : cmndtag NOEXEC",
+"cmndtag : cmndtag EXEC",
+"cmndtag : cmndtag SETENV",
+"cmndtag : cmndtag NOSETENV",
+"cmndtag : cmndtag LOG_INPUT",
+"cmndtag : cmndtag NOLOG_INPUT",
+"cmndtag : cmndtag LOG_OUTPUT",
+"cmndtag : cmndtag NOLOG_OUTPUT",
+"cmnd : ALL",
+"cmnd : ALIAS",
+"cmnd : COMMAND",
+"hostaliases : hostalias",
+"hostaliases : hostaliases ':' hostalias",
+"hostalias : ALIAS '=' hostlist",
+"hostlist : ophost",
+"hostlist : hostlist ',' ophost",
+"cmndaliases : cmndalias",
+"cmndaliases : cmndaliases ':' cmndalias",
+"cmndalias : ALIAS '=' cmndlist",
+"cmndlist : opcmnd",
+"cmndlist : cmndlist ',' opcmnd",
+"runasaliases : runasalias",
+"runasaliases : runasaliases ':' runasalias",
+"runasalias : ALIAS '=' userlist",
+"useraliases : useralias",
+"useraliases : useraliases ':' useralias",
+"useralias : ALIAS '=' userlist",
+"userlist : opuser",
+"userlist : userlist ',' opuser",
+"opuser : user",
+"opuser : '!' user",
+"user : ALIAS",
+"user : ALL",
+"user : NETGROUP",
+"user : USERGROUP",
+"user : WORD",
+"grouplist : opgroup",
+"grouplist : grouplist ',' opgroup",
+"opgroup : group",
+"opgroup : '!' group",
+"group : ALIAS",
+"group : ALL",
+"group : WORD",
+};
+#endif
+#ifdef YYSTACKSIZE
+#undef YYMAXDEPTH
+#define YYMAXDEPTH YYSTACKSIZE
+#else
+#ifdef YYMAXDEPTH
+#define YYSTACKSIZE YYMAXDEPTH
+#else
+#define YYSTACKSIZE 10000
+#define YYMAXDEPTH 10000
+#endif
+#endif
+#define YYINITSTACKSIZE 200
+/* LINTUSED */
+int yydebug;
+int yynerrs;
+int yyerrflag;
+int yychar;
+short *yyssp;
+YYSTYPE *yyvsp;
+YYSTYPE yyval;
+YYSTYPE yylval;
+short *yyss;
+short *yysslim;
+YYSTYPE *yyvs;
+int yystacksize;
+#line 606 "gram.y"
+static struct defaults *
+new_default(var, val, op)
+    char *var;
+    char *val;
+    int op;
+{
+    struct defaults *d;
+
+    d = emalloc(sizeof(struct defaults));
+    d->var = var;
+    d->val = val;
+    tq_init(&d->binding);
+    d->type = 0;
+    d->op = op;
+    d->prev = d;
+    d->next = NULL;
+
+    return(d);
+}
+
+static struct member *
+new_member(name, type)
+    char *name;
+    int type;
+{
+    struct member *m;
+
+    m = emalloc(sizeof(struct member));
+    m->name = name;
+    m->type = type;
+    m->prev = m;
+    m->next = NULL;
+
+    return(m);
+}
+
+/*
+ * Add a list of defaults structures to the defaults list.
+ * The binding, if non-NULL, specifies a list of hosts, users, or
+ * runas users the entries apply to (specified by the type).
+ */
+static void
+add_defaults(type, bmem, defs)
+    int type;
+    struct member *bmem;
+    struct defaults *defs;
+{
+    struct defaults *d;
+    struct member_list binding;
+
+    /*
+     * We can only call list2tq once on bmem as it will zero
+     * out the prev pointer when it consumes bmem.
+     */
+    list2tq(&binding, bmem);
+
+    /*
+     * Set type and binding (who it applies to) for new entries.
+     */
+    for (d = defs; d != NULL; d = d->next) {
+	d->type = type;
+	d->binding = binding;
+    }
+    tq_append(&defaults, defs);
+}
+
+/*
+ * Allocate a new struct userspec, populate it, and insert it at the
+ * and of the userspecs list.
+ */
+static void
+add_userspec(members, privs)
+    struct member *members;
+    struct privilege *privs;
+{
+    struct userspec *u;
+
+    u = emalloc(sizeof(*u));
+    list2tq(&u->users, members);
+    list2tq(&u->privileges, privs);
+    u->prev = u;
+    u->next = NULL;
+    tq_append(&userspecs, u);
+}
+
+/*
+ * Free up space used by data structures from a previous parser run and sets
+ * the current sudoers file to path.
+ */
+void
+init_parser(path, quiet)
+    char *path;
+    int quiet;
+{
+    struct defaults *d;
+    struct member *m, *binding;
+    struct userspec *us;
+    struct privilege *priv;
+    struct cmndspec *cs;
+    struct sudo_command *c;
+
+    while ((us = tq_pop(&userspecs)) != NULL) {
+	while ((m = tq_pop(&us->users)) != NULL) {
+	    efree(m->name);
+	    efree(m);
+	}
+	while ((priv = tq_pop(&us->privileges)) != NULL) {
+	    struct member *runasuser = NULL, *runasgroup = NULL;
+#ifdef HAVE_SELINUX
+	    char *role = NULL, *type = NULL;
+#endif /* HAVE_SELINUX */
+
+	    while ((m = tq_pop(&priv->hostlist)) != NULL) {
+		efree(m->name);
+		efree(m);
+	    }
+	    while ((cs = tq_pop(&priv->cmndlist)) != NULL) {
+#ifdef HAVE_SELINUX
+		/* Only free the first instance of a role/type. */
+		if (cs->role != role) {
+		    role = cs->role;
+		    efree(cs->role);
+		}
+		if (cs->type != type) {
+		    type = cs->type;
+		    efree(cs->type);
+		}
+#endif /* HAVE_SELINUX */
+		if (tq_last(&cs->runasuserlist) != runasuser) {
+		    runasuser = tq_last(&cs->runasuserlist);
+		    while ((m = tq_pop(&cs->runasuserlist)) != NULL) {
+			efree(m->name);
+			efree(m);
+		    }
+		}
+		if (tq_last(&cs->runasgrouplist) != runasgroup) {
+		    runasgroup = tq_last(&cs->runasgrouplist);
+		    while ((m = tq_pop(&cs->runasgrouplist)) != NULL) {
+			efree(m->name);
+			efree(m);
+		    }
+		}
+		if (cs->cmnd->type == COMMAND) {
+			c = (struct sudo_command *) cs->cmnd->name;
+			efree(c->cmnd);
+			efree(c->args);
+		}
+		efree(cs->cmnd->name);
+		efree(cs->cmnd);
+		efree(cs);
+	    }
+	    efree(priv);
+	}
+	efree(us);
+    }
+    tq_init(&userspecs);
+
+    binding = NULL;
+    while ((d = tq_pop(&defaults)) != NULL) {
+	if (tq_last(&d->binding) != binding) {
+	    binding = tq_last(&d->binding);
+	    while ((m = tq_pop(&d->binding)) != NULL) {
+		if (m->type == COMMAND) {
+			c = (struct sudo_command *) m->name;
+			efree(c->cmnd);
+			efree(c->args);
+		}
+		efree(m->name);
+		efree(m);
+	    }
+	}
+	efree(d->var);
+	efree(d->val);
+	efree(d);
+    }
+    tq_init(&defaults);
+
+    init_aliases();
+
+    init_lexer();
+
+    efree(sudoers);
+    sudoers = path ? estrdup(path) : NULL;
+
+    parse_error = FALSE;
+    errorlineno = -1;
+    errorfile = NULL;
+    sudolineno = 1;
+    verbose = !quiet;
+}
+#line 775 "y.tab.c"
+/* allocate initial stack or double stack size, up to YYMAXDEPTH */
+#if defined(__cplusplus) || defined(__STDC__)
+static int yygrowstack(void)
+#else
+static int yygrowstack()
+#endif
+{
+    int newsize, i;
+    short *newss;
+    YYSTYPE *newvs;
+
+    if ((newsize = yystacksize) == 0)
+        newsize = YYINITSTACKSIZE;
+    else if (newsize >= YYMAXDEPTH)
+        return -1;
+    else if ((newsize *= 2) > YYMAXDEPTH)
+        newsize = YYMAXDEPTH;
+    i = yyssp - yyss;
+#ifdef SIZE_MAX
+#define YY_SIZE_MAX SIZE_MAX
+#else
+#define YY_SIZE_MAX 0x7fffffff
+#endif
+    if (newsize && YY_SIZE_MAX / newsize < sizeof *newss)
+        goto bail;
+    newss = yyss ? (short *)realloc(yyss, newsize * sizeof *newss) :
+      (short *)malloc(newsize * sizeof *newss); /* overflow check above */
+    if (newss == NULL)
+        goto bail;
+    yyss = newss;
+    yyssp = newss + i;
+    if (newsize && YY_SIZE_MAX / newsize < sizeof *newvs)
+        goto bail;
+    newvs = yyvs ? (YYSTYPE *)realloc(yyvs, newsize * sizeof *newvs) :
+      (YYSTYPE *)malloc(newsize * sizeof *newvs); /* overflow check above */
+    if (newvs == NULL)
+        goto bail;
+    yyvs = newvs;
+    yyvsp = newvs + i;
+    yystacksize = newsize;
+    yysslim = yyss + newsize - 1;
+    return 0;
+bail:
+    if (yyss)
+            free(yyss);
+    if (yyvs)
+            free(yyvs);
+    yyss = yyssp = NULL;
+    yyvs = yyvsp = NULL;
+    yystacksize = 0;
+    return -1;
+}
+
+#define YYABORT goto yyabort
+#define YYREJECT goto yyabort
+#define YYACCEPT goto yyaccept
+#define YYERROR goto yyerrlab
+int
+#if defined(__cplusplus) || defined(__STDC__)
+yyparse(void)
+#else
+yyparse()
+#endif
+{
+    int yym, yyn, yystate;
+#if YYDEBUG
+#if defined(__cplusplus) || defined(__STDC__)
+    const char *yys;
+#else /* !(defined(__cplusplus) || defined(__STDC__)) */
+    char *yys;
+#endif /* !(defined(__cplusplus) || defined(__STDC__)) */
+
+    if ((yys = getenv("YYDEBUG")))
+    {
+        yyn = *yys;
+        if (yyn >= '0' && yyn <= '9')
+            yydebug = yyn - '0';
+    }
+#endif /* YYDEBUG */
+
+    yynerrs = 0;
+    yyerrflag = 0;
+    yychar = (-1);
+
+    if (yyss == NULL && yygrowstack()) goto yyoverflow;
+    yyssp = yyss;
+    yyvsp = yyvs;
+    *yyssp = yystate = 0;
+
+yyloop:
+    if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
+    if (yychar < 0)
+    {
+        if ((yychar = yylex()) < 0) yychar = 0;
+#if YYDEBUG
+        if (yydebug)
+        {
+            yys = 0;
+            if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
+            if (!yys) yys = "illegal-symbol";
+            printf("%sdebug: state %d, reading %d (%s)\n",
+                    YYPREFIX, yystate, yychar, yys);
+        }
+#endif
+    }
+    if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 &&
+            yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
+    {
+#if YYDEBUG
+        if (yydebug)
+            printf("%sdebug: state %d, shifting to state %d\n",
+                    YYPREFIX, yystate, yytable[yyn]);
+#endif
+        if (yyssp >= yysslim && yygrowstack())
+        {
+            goto yyoverflow;
+        }
+        *++yyssp = yystate = yytable[yyn];
+        *++yyvsp = yylval;
+        yychar = (-1);
+        if (yyerrflag > 0)  --yyerrflag;
+        goto yyloop;
+    }
+    if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 &&
+            yyn <= YYTABLESIZE && yycheck[yyn] == yychar)
+    {
+        yyn = yytable[yyn];
+        goto yyreduce;
+    }
+    if (yyerrflag) goto yyinrecovery;
+#if defined(lint) || defined(__GNUC__)
+    goto yynewerror;
+#endif
+yynewerror:
+    yyerror("syntax error");
+#if defined(lint) || defined(__GNUC__)
+    goto yyerrlab;
+#endif
+yyerrlab:
+    ++yynerrs;
+yyinrecovery:
+    if (yyerrflag < 3)
+    {
+        yyerrflag = 3;
+        for (;;)
+        {
+            if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 &&
+                    yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE)
+            {
+#if YYDEBUG
+                if (yydebug)
+                    printf("%sdebug: state %d, error recovery shifting\
+ to state %d\n", YYPREFIX, *yyssp, yytable[yyn]);
+#endif
+                if (yyssp >= yysslim && yygrowstack())
+                {
+                    goto yyoverflow;
+                }
+                *++yyssp = yystate = yytable[yyn];
+                *++yyvsp = yylval;
+                goto yyloop;
+            }
+            else
+            {
+#if YYDEBUG
+                if (yydebug)
+                    printf("%sdebug: error recovery discarding state %d\n",
+                            YYPREFIX, *yyssp);
+#endif
+                if (yyssp <= yyss) goto yyabort;
+                --yyssp;
+                --yyvsp;
+            }
+        }
+    }
+    else
+    {
+        if (yychar == 0) goto yyabort;
+#if YYDEBUG
+        if (yydebug)
+        {
+            yys = 0;
+            if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
+            if (!yys) yys = "illegal-symbol";
+            printf("%sdebug: state %d, error recovery discards token %d (%s)\n",
+                    YYPREFIX, yystate, yychar, yys);
+        }
+#endif
+        yychar = (-1);
+        goto yyloop;
+    }
+yyreduce:
+#if YYDEBUG
+    if (yydebug)
+        printf("%sdebug: state %d, reducing by rule %d (%s)\n",
+                YYPREFIX, yystate, yyn, yyrule[yyn]);
+#endif
+    yym = yylen[yyn];
+    if (yym)
+        yyval = yyvsp[1-yym];
+    else
+        memset(&yyval, 0, sizeof yyval);
+    switch (yyn)
+    {
+case 1:
+#line 187 "gram.y"
+{ ; }
+break;
+case 5:
+#line 195 "gram.y"
+{
+			    ;
+			}
+break;
+case 6:
+#line 198 "gram.y"
+{
+			    yyerrok;
+			}
+break;
+case 7:
+#line 201 "gram.y"
+{
+			    add_userspec(yyvsp[-1].member, yyvsp[0].privilege);
+			}
+break;
+case 8:
+#line 204 "gram.y"
+{
+			    ;
+			}
+break;
+case 9:
+#line 207 "gram.y"
+{
+			    ;
+			}
+break;
+case 10:
+#line 210 "gram.y"
+{
+			    ;
+			}
+break;
+case 11:
+#line 213 "gram.y"
+{
+			    ;
+			}
+break;
+case 12:
+#line 216 "gram.y"
+{
+			    add_defaults(DEFAULTS, NULL, yyvsp[0].defaults);
+			}
+break;
+case 13:
+#line 219 "gram.y"
+{
+			    add_defaults(DEFAULTS_USER, yyvsp[-1].member, yyvsp[0].defaults);
+			}
+break;
+case 14:
+#line 222 "gram.y"
+{
+			    add_defaults(DEFAULTS_RUNAS, yyvsp[-1].member, yyvsp[0].defaults);
+			}
+break;
+case 15:
+#line 225 "gram.y"
+{
+			    add_defaults(DEFAULTS_HOST, yyvsp[-1].member, yyvsp[0].defaults);
+			}
+break;
+case 16:
+#line 228 "gram.y"
+{
+			    add_defaults(DEFAULTS_CMND, yyvsp[-1].member, yyvsp[0].defaults);
+			}
+break;
+case 18:
+#line 234 "gram.y"
+{
+			    list_append(yyvsp[-2].defaults, yyvsp[0].defaults);
+			    yyval.defaults = yyvsp[-2].defaults;
+			}
+break;
+case 19:
+#line 240 "gram.y"
+{
+			    yyval.defaults = new_default(yyvsp[0].string, NULL, TRUE);
+			}
+break;
+case 20:
+#line 243 "gram.y"
+{
+			    yyval.defaults = new_default(yyvsp[0].string, NULL, FALSE);
+			}
+break;
+case 21:
+#line 246 "gram.y"
+{
+			    yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, TRUE);
+			}
+break;
+case 22:
+#line 249 "gram.y"
+{
+			    yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '+');
+			}
+break;
+case 23:
+#line 252 "gram.y"
+{
+			    yyval.defaults = new_default(yyvsp[-2].string, yyvsp[0].string, '-');
+			}
+break;
+case 25:
+#line 258 "gram.y"
+{
+			    list_append(yyvsp[-2].privilege, yyvsp[0].privilege);
+			    yyval.privilege = yyvsp[-2].privilege;
+			}
+break;
+case 26:
+#line 264 "gram.y"
+{
+			    struct privilege *p = emalloc(sizeof(*p));
+			    list2tq(&p->hostlist, yyvsp[-2].member);
+			    list2tq(&p->cmndlist, yyvsp[0].cmndspec);
+			    p->prev = p;
+			    p->next = NULL;
+			    yyval.privilege = p;
+			}
+break;
+case 27:
+#line 274 "gram.y"
+{
+			    yyval.member = yyvsp[0].member;
+			    yyval.member->negated = FALSE;
+			}
+break;
+case 28:
+#line 278 "gram.y"
+{
+			    yyval.member = yyvsp[0].member;
+			    yyval.member->negated = TRUE;
+			}
+break;
+case 29:
+#line 284 "gram.y"
+{
+			    yyval.member = new_member(yyvsp[0].string, ALIAS);
+			}
+break;
+case 30:
+#line 287 "gram.y"
+{
+			    yyval.member = new_member(NULL, ALL);
+			}
+break;
+case 31:
+#line 290 "gram.y"
+{
+			    yyval.member = new_member(yyvsp[0].string, NETGROUP);
+			}
+break;
+case 32:
+#line 293 "gram.y"
+{
+			    yyval.member = new_member(yyvsp[0].string, NTWKADDR);
+			}
+break;
+case 33:
+#line 296 "gram.y"
+{
+			    yyval.member = new_member(yyvsp[0].string, WORD);
+			}
+break;
+case 35:
+#line 302 "gram.y"
+{
+			    list_append(yyvsp[-2].cmndspec, yyvsp[0].cmndspec);
+#ifdef HAVE_SELINUX
+			    /* propagate role and type */
+			    if (yyvsp[0].cmndspec->role == NULL)
+				yyvsp[0].cmndspec->role = yyvsp[0].cmndspec->prev->role;
+			    if (yyvsp[0].cmndspec->type == NULL)
+				yyvsp[0].cmndspec->type = yyvsp[0].cmndspec->prev->type;
+#endif /* HAVE_SELINUX */
+			    /* propagate tags and runas list */
+			    if (yyvsp[0].cmndspec->tags.nopasswd == UNSPEC)
+				yyvsp[0].cmndspec->tags.nopasswd = yyvsp[0].cmndspec->prev->tags.nopasswd;
+			    if (yyvsp[0].cmndspec->tags.noexec == UNSPEC)
+				yyvsp[0].cmndspec->tags.noexec = yyvsp[0].cmndspec->prev->tags.noexec;
+			    if (yyvsp[0].cmndspec->tags.setenv == UNSPEC &&
+				yyvsp[0].cmndspec->prev->tags.setenv != IMPLIED)
+				yyvsp[0].cmndspec->tags.setenv = yyvsp[0].cmndspec->prev->tags.setenv;
+			    if (yyvsp[0].cmndspec->tags.log_input == UNSPEC)
+				yyvsp[0].cmndspec->tags.log_input = yyvsp[0].cmndspec->prev->tags.log_input;
+			    if (yyvsp[0].cmndspec->tags.log_output == UNSPEC)
+				yyvsp[0].cmndspec->tags.log_output = yyvsp[0].cmndspec->prev->tags.log_output;
+			    if ((tq_empty(&yyvsp[0].cmndspec->runasuserlist) &&
+				 tq_empty(&yyvsp[0].cmndspec->runasgrouplist)) &&
+				(!tq_empty(&yyvsp[0].cmndspec->prev->runasuserlist) ||
+				 !tq_empty(&yyvsp[0].cmndspec->prev->runasgrouplist))) {
+				yyvsp[0].cmndspec->runasuserlist = yyvsp[0].cmndspec->prev->runasuserlist;
+				yyvsp[0].cmndspec->runasgrouplist = yyvsp[0].cmndspec->prev->runasgrouplist;
+			    }
+			    yyval.cmndspec = yyvsp[-2].cmndspec;
+			}
+break;
+case 36:
+#line 334 "gram.y"
+{
+			    struct cmndspec *cs = emalloc(sizeof(*cs));
+			    if (yyvsp[-3].runas != NULL) {
+				list2tq(&cs->runasuserlist, yyvsp[-3].runas->runasusers);
+				list2tq(&cs->runasgrouplist, yyvsp[-3].runas->runasgroups);
+				efree(yyvsp[-3].runas);
+			    } else {
+				tq_init(&cs->runasuserlist);
+				tq_init(&cs->runasgrouplist);
+			    }
+#ifdef HAVE_SELINUX
+			    cs->role = yyvsp[-2].seinfo.role;
+			    cs->type = yyvsp[-2].seinfo.type;
+#endif
+			    cs->tags = yyvsp[-1].tag;
+			    cs->cmnd = yyvsp[0].member;
+			    cs->prev = cs;
+			    cs->next = NULL;
+			    /* sudo "ALL" implies the SETENV tag */
+			    if (cs->cmnd->type == ALL && !cs->cmnd->negated &&
+				cs->tags.setenv == UNSPEC)
+				cs->tags.setenv = IMPLIED;
+			    yyval.cmndspec = cs;
+			}
+break;
+case 37:
+#line 360 "gram.y"
+{
+			    yyval.member = yyvsp[0].member;
+			    yyval.member->negated = FALSE;
+			}
+break;
+case 38:
+#line 364 "gram.y"
+{
+			    yyval.member = yyvsp[0].member;
+			    yyval.member->negated = TRUE;
+			}
+break;
+case 39:
+#line 370 "gram.y"
+{
+			    yyval.string = yyvsp[0].string;
+			}
+break;
+case 40:
+#line 375 "gram.y"
+{
+			    yyval.string = yyvsp[0].string;
+			}
+break;
+case 41:
+#line 380 "gram.y"
+{
+			    yyval.seinfo.role = NULL;
+			    yyval.seinfo.type = NULL;
+			}
+break;
+case 42:
+#line 384 "gram.y"
+{
+			    yyval.seinfo.role = yyvsp[0].string;
+			    yyval.seinfo.type = NULL;
+			}
+break;
+case 43:
+#line 388 "gram.y"
+{
+			    yyval.seinfo.type = yyvsp[0].string;
+			    yyval.seinfo.role = NULL;
+			}
+break;
+case 44:
+#line 392 "gram.y"
+{
+			    yyval.seinfo.role = yyvsp[-1].string;
+			    yyval.seinfo.type = yyvsp[0].string;
+			}
+break;
+case 45:
+#line 396 "gram.y"
+{
+			    yyval.seinfo.type = yyvsp[-1].string;
+			    yyval.seinfo.role = yyvsp[0].string;
+			}
+break;
+case 46:
+#line 402 "gram.y"
+{
+			    yyval.runas = NULL;
+			}
+break;
+case 47:
+#line 405 "gram.y"
+{
+			    yyval.runas = yyvsp[-1].runas;
+			}
+break;
+case 48:
+#line 410 "gram.y"
+{
+			    yyval.runas = emalloc(sizeof(struct runascontainer));
+			    yyval.runas->runasusers = yyvsp[0].member;
+			    yyval.runas->runasgroups = NULL;
+			}
+break;
+case 49:
+#line 415 "gram.y"
+{
+			    yyval.runas = emalloc(sizeof(struct runascontainer));
+			    yyval.runas->runasusers = yyvsp[-2].member;
+			    yyval.runas->runasgroups = yyvsp[0].member;
+			}
+break;
+case 50:
+#line 420 "gram.y"
+{
+			    yyval.runas = emalloc(sizeof(struct runascontainer));
+			    yyval.runas->runasusers = NULL;
+			    yyval.runas->runasgroups = yyvsp[0].member;
+			}
+break;
+case 51:
+#line 427 "gram.y"
+{
+			    yyval.tag.nopasswd = yyval.tag.noexec = yyval.tag.setenv =
+				yyval.tag.log_input = yyval.tag.log_output = UNSPEC;
+			}
+break;
+case 52:
+#line 431 "gram.y"
+{
+			    yyval.tag.nopasswd = TRUE;
+			}
+break;
+case 53:
+#line 434 "gram.y"
+{
+			    yyval.tag.nopasswd = FALSE;
+			}
+break;
+case 54:
+#line 437 "gram.y"
+{
+			    yyval.tag.noexec = TRUE;
+			}
+break;
+case 55:
+#line 440 "gram.y"
+{
+			    yyval.tag.noexec = FALSE;
+			}
+break;
+case 56:
+#line 443 "gram.y"
+{
+			    yyval.tag.setenv = TRUE;
+			}
+break;
+case 57:
+#line 446 "gram.y"
+{
+			    yyval.tag.setenv = FALSE;
+			}
+break;
+case 58:
+#line 449 "gram.y"
+{
+			    yyval.tag.log_input = TRUE;
+			}
+break;
+case 59:
+#line 452 "gram.y"
+{
+			    yyval.tag.log_input = FALSE;
+			}
+break;
+case 60:
+#line 455 "gram.y"
+{
+			    yyval.tag.log_output = TRUE;
+			}
+break;
+case 61:
+#line 458 "gram.y"
+{
+			    yyval.tag.log_output = FALSE;
+			}
+break;
+case 62:
+#line 463 "gram.y"
+{
+			    yyval.member = new_member(NULL, ALL);
+			}
+break;
+case 63:
+#line 466 "gram.y"
+{
+			    yyval.member = new_member(yyvsp[0].string, ALIAS);
+			}
+break;
+case 64:
+#line 469 "gram.y"
+{
+			    struct sudo_command *c = emalloc(sizeof(*c));
+			    c->cmnd = yyvsp[0].command.cmnd;
+			    c->args = yyvsp[0].command.args;
+			    yyval.member = new_member((char *)c, COMMAND);
+			}
+break;
+case 67:
+#line 481 "gram.y"
+{
+			    char *s;
+			    if ((s = alias_add(yyvsp[-2].string, HOSTALIAS, yyvsp[0].member)) != NULL) {
+				yyerror(s);
+				YYERROR;
+			    }
+			}
+break;
+case 69:
+#line 491 "gram.y"
+{
+			    list_append(yyvsp[-2].member, yyvsp[0].member);
+			    yyval.member = yyvsp[-2].member;
+			}
+break;
+case 72:
+#line 501 "gram.y"
+{
+			    char *s;
+			    if ((s = alias_add(yyvsp[-2].string, CMNDALIAS, yyvsp[0].member)) != NULL) {
+				yyerror(s);
+				YYERROR;
+			    }
+			}
+break;
+case 74:
+#line 511 "gram.y"
+{
+			    list_append(yyvsp[-2].member, yyvsp[0].member);
+			    yyval.member = yyvsp[-2].member;
+			}
+break;
+case 77:
+#line 521 "gram.y"
+{
+			    char *s;
+			    if ((s = alias_add(yyvsp[-2].string, RUNASALIAS, yyvsp[0].member)) != NULL) {
+				yyerror(s);
+				YYERROR;
+			    }
+			}
+break;
+case 80:
+#line 534 "gram.y"
+{
+			    char *s;
+			    if ((s = alias_add(yyvsp[-2].string, USERALIAS, yyvsp[0].member)) != NULL) {
+				yyerror(s);
+				YYERROR;
+			    }
+			}
+break;
+case 82:
+#line 544 "gram.y"
+{
+			    list_append(yyvsp[-2].member, yyvsp[0].member);
+			    yyval.member = yyvsp[-2].member;
+			}
+break;
+case 83:
+#line 550 "gram.y"
+{
+			    yyval.member = yyvsp[0].member;
+			    yyval.member->negated = FALSE;
+			}
+break;
+case 84:
+#line 554 "gram.y"
+{
+			    yyval.member = yyvsp[0].member;
+			    yyval.member->negated = TRUE;
+			}
+break;
+case 85:
+#line 560 "gram.y"
+{
+			    yyval.member = new_member(yyvsp[0].string, ALIAS);
+			}
+break;
+case 86:
+#line 563 "gram.y"
+{
+			    yyval.member = new_member(NULL, ALL);
+			}
+break;
+case 87:
+#line 566 "gram.y"
+{
+			    yyval.member = new_member(yyvsp[0].string, NETGROUP);
+			}
+break;
+case 88:
+#line 569 "gram.y"
+{
+			    yyval.member = new_member(yyvsp[0].string, USERGROUP);
+			}
+break;
+case 89:
+#line 572 "gram.y"
+{
+			    yyval.member = new_member(yyvsp[0].string, WORD);
+			}
+break;
+case 91:
+#line 578 "gram.y"
+{
+			    list_append(yyvsp[-2].member, yyvsp[0].member);
+			    yyval.member = yyvsp[-2].member;
+			}
+break;
+case 92:
+#line 584 "gram.y"
+{
+			    yyval.member = yyvsp[0].member;
+			    yyval.member->negated = FALSE;
+			}
+break;
+case 93:
+#line 588 "gram.y"
+{
+			    yyval.member = yyvsp[0].member;
+			    yyval.member->negated = TRUE;
+			}
+break;
+case 94:
+#line 594 "gram.y"
+{
+			    yyval.member = new_member(yyvsp[0].string, ALIAS);
+			}
+break;
+case 95:
+#line 597 "gram.y"
+{
+			    yyval.member = new_member(NULL, ALL);
+			}
+break;
+case 96:
+#line 600 "gram.y"
+{
+			    yyval.member = new_member(yyvsp[0].string, WORD);
+			}
+break;
+#line 1544 "y.tab.c"
+    }
+    yyssp -= yym;
+    yystate = *yyssp;
+    yyvsp -= yym;
+    yym = yylhs[yyn];
+    if (yystate == 0 && yym == 0)
+    {
+#if YYDEBUG
+        if (yydebug)
+            printf("%sdebug: after reduction, shifting from state 0 to\
+ state %d\n", YYPREFIX, YYFINAL);
+#endif
+        yystate = YYFINAL;
+        *++yyssp = YYFINAL;
+        *++yyvsp = yyval;
+        if (yychar < 0)
+        {
+            if ((yychar = yylex()) < 0) yychar = 0;
+#if YYDEBUG
+            if (yydebug)
+            {
+                yys = 0;
+                if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
+                if (!yys) yys = "illegal-symbol";
+                printf("%sdebug: state %d, reading %d (%s)\n",
+                        YYPREFIX, YYFINAL, yychar, yys);
+            }
+#endif
+        }
+        if (yychar == 0) goto yyaccept;
+        goto yyloop;
+    }
+    if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 &&
+            yyn <= YYTABLESIZE && yycheck[yyn] == yystate)
+        yystate = yytable[yyn];
+    else
+        yystate = yydgoto[yym];
+#if YYDEBUG
+    if (yydebug)
+        printf("%sdebug: after reduction, shifting from state %d \
+to state %d\n", YYPREFIX, *yyssp, yystate);
+#endif
+    if (yyssp >= yysslim && yygrowstack())
+    {
+        goto yyoverflow;
+    }
+    *++yyssp = yystate;
+    *++yyvsp = yyval;
+    goto yyloop;
+yyoverflow:
+    yyerror("yacc stack overflow");
+yyabort:
+    if (yyss)
+            free(yyss);
+    if (yyvs)
+            free(yyvs);
+    yyss = yyssp = NULL;
+    yyvs = yyvsp = NULL;
+    yystacksize = 0;
+    return (1);
+yyaccept:
+    if (yyss)
+            free(yyss);
+    if (yyvs)
+            free(yyvs);
+    yyss = yyssp = NULL;
+    yyvs = yyvsp = NULL;
+    yystacksize = 0;
+    return (0);
+}
diff --git a/sudo-1.7.4p4/gram.h b/sudo-1.7.4p4/gram.h
new file mode 100644
index 0000000..2bec420
--- /dev/null
+++ b/sudo-1.7.4p4/gram.h
@@ -0,0 +1,47 @@
+#define COMMAND 257
+#define ALIAS 258
+#define DEFVAR 259
+#define NTWKADDR 260
+#define NETGROUP 261
+#define USERGROUP 262
+#define WORD 263
+#define DEFAULTS 264
+#define DEFAULTS_HOST 265
+#define DEFAULTS_USER 266
+#define DEFAULTS_RUNAS 267
+#define DEFAULTS_CMND 268
+#define NOPASSWD 269
+#define PASSWD 270
+#define NOEXEC 271
+#define EXEC 272
+#define SETENV 273
+#define NOSETENV 274
+#define LOG_INPUT 275
+#define NOLOG_INPUT 276
+#define LOG_OUTPUT 277
+#define NOLOG_OUTPUT 278
+#define ALL 279
+#define COMMENT 280
+#define HOSTALIAS 281
+#define CMNDALIAS 282
+#define USERALIAS 283
+#define RUNASALIAS 284
+#define ERROR 285
+#define TYPE 286
+#define ROLE 287
+#ifndef YYSTYPE_DEFINED
+#define YYSTYPE_DEFINED
+typedef union {
+    struct cmndspec *cmndspec;
+    struct defaults *defaults;
+    struct member *member;
+    struct runascontainer *runas;
+    struct privilege *privilege;
+    struct sudo_command command;
+    struct cmndtag tag;
+    struct selinux_info seinfo;
+    char *string;
+    int tok;
+} YYSTYPE;
+#endif /* YYSTYPE_DEFINED */
+extern YYSTYPE yylval;
diff --git a/sudo-1.7.4p4/gram.y b/sudo-1.7.4p4/gram.y
new file mode 100644
index 0000000..f319eea
--- /dev/null
+++ b/sudo-1.7.4p4/gram.y
@@ -0,0 +1,795 @@
+%{
+/*
+ * Copyright (c) 1996, 1998-2005, 2007-2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#if defined(YYBISON) && defined(HAVE_ALLOCA_H) && !defined(__GNUC__)
+# include <alloca.h>
+#endif /* YYBISON && HAVE_ALLOCA_H && !__GNUC__ */
+#include <limits.h>
+
+#include "sudo.h"
+#include "parse.h"
+
+/*
+ * We must define SIZE_MAX for yacc's skeleton.c.
+ * If there is no SIZE_MAX or SIZE_T_MAX we have to assume that size_t
+ * could be signed (as it is on SunOS 4.x).
+ */
+#ifndef SIZE_MAX
+# ifdef SIZE_T_MAX
+#  define SIZE_MAX	SIZE_T_MAX
+# else
+#  define SIZE_MAX	INT_MAX
+# endif /* SIZE_T_MAX */
+#endif /* SIZE_MAX */
+
+/*
+ * Globals
+ */
+extern int sudolineno;
+extern char *sudoers;
+int parse_error;
+int pedantic = FALSE;
+int verbose = FALSE;
+int errorlineno = -1;
+char *errorfile = NULL;
+
+struct defaults_list defaults;
+struct userspec_list userspecs;
+
+/*
+ * Local protoypes
+ */
+static void  add_defaults	__P((int, struct member *, struct defaults *));
+static void  add_userspec	__P((struct member *, struct privilege *));
+static struct defaults *new_default __P((char *, char *, int));
+static struct member *new_member __P((char *, int));
+       void  yyerror		__P((const char *));
+
+void
+yyerror(s)
+    const char *s;
+{
+    /* Save the line the first error occurred on. */
+    if (errorlineno == -1) {
+	errorlineno = sudolineno ? sudolineno - 1 : 0;
+	errorfile = estrdup(sudoers);
+    }
+    if (verbose && s != NULL) {
+#ifndef TRACELEXER
+	(void) fprintf(stderr, ">>> %s: %s near line %d <<<\n", sudoers, s,
+	    sudolineno ? sudolineno - 1 : 0);
+#else
+	(void) fprintf(stderr, "<*> ");
+#endif
+    }
+    parse_error = TRUE;
+}
+%}
+
+%union {
+    struct cmndspec *cmndspec;
+    struct defaults *defaults;
+    struct member *member;
+    struct runascontainer *runas;
+    struct privilege *privilege;
+    struct sudo_command command;
+    struct cmndtag tag;
+    struct selinux_info seinfo;
+    char *string;
+    int tok;
+}
+
+%start file				/* special start symbol */
+%token <command> COMMAND		/* absolute pathname w/ optional args */
+%token <string>  ALIAS			/* an UPPERCASE alias name */
+%token <string>	 DEFVAR			/* a Defaults variable name */
+%token <string>  NTWKADDR		/* ipv4 or ipv6 address */
+%token <string>  NETGROUP		/* a netgroup (+NAME) */
+%token <string>  USERGROUP		/* a usergroup (%NAME) */
+%token <string>  WORD			/* a word */
+%token <tok>	 DEFAULTS		/* Defaults entry */
+%token <tok>	 DEFAULTS_HOST		/* Host-specific defaults entry */
+%token <tok>	 DEFAULTS_USER		/* User-specific defaults entry */
+%token <tok>	 DEFAULTS_RUNAS		/* Runas-specific defaults entry */
+%token <tok>	 DEFAULTS_CMND		/* Command-specific defaults entry */
+%token <tok> 	 NOPASSWD		/* no passwd req for command */
+%token <tok> 	 PASSWD			/* passwd req for command (default) */
+%token <tok> 	 NOEXEC			/* preload dummy execve() for cmnd */
+%token <tok> 	 EXEC			/* don't preload dummy execve() */
+%token <tok>	 SETENV			/* user may set environment for cmnd */
+%token <tok>	 NOSETENV		/* user may not set environment */
+%token <tok>	 LOG_INPUT		/* log user's cmnd input */
+%token <tok>	 NOLOG_INPUT		/* don't log user's cmnd input */
+%token <tok>	 LOG_OUTPUT		/* log cmnd output */
+%token <tok>	 NOLOG_OUTPUT		/* don't log cmnd output */
+%token <tok>	 ALL			/* ALL keyword */
+%token <tok>	 COMMENT		/* comment and/or carriage return */
+%token <tok>	 HOSTALIAS		/* Host_Alias keyword */
+%token <tok>	 CMNDALIAS		/* Cmnd_Alias keyword */
+%token <tok>	 USERALIAS		/* User_Alias keyword */
+%token <tok>	 RUNASALIAS		/* Runas_Alias keyword */
+%token <tok>	 ':' '=' ',' '!' '+' '-' /* union member tokens */
+%token <tok>	 '(' ')'		/* runas tokens */
+%token <tok>	 ERROR
+%token <tok>	 TYPE			/* SELinux type */
+%token <tok>	 ROLE			/* SELinux role */
+
+%type <cmndspec>  cmndspec
+%type <cmndspec>  cmndspeclist
+%type <defaults>  defaults_entry
+%type <defaults>  defaults_list
+%type <member>	  cmnd
+%type <member>	  opcmnd
+%type <member>	  cmndlist
+%type <member>	  host
+%type <member>	  hostlist
+%type <member>	  ophost
+%type <member>	  opuser
+%type <member>	  user
+%type <member>	  userlist
+%type <member>	  opgroup
+%type <member>	  group
+%type <member>	  grouplist
+%type <runas>	  runasspec
+%type <runas>	  runaslist
+%type <privilege> privilege
+%type <privilege> privileges
+%type <tag>	  cmndtag
+%type <seinfo>	  selinux
+%type <string>	  rolespec
+%type <string>	  typespec
+
+%%
+
+file		:	{ ; }
+		|	line
+		;
+
+line		:	entry
+		|	line entry
+		;
+
+entry		:	COMMENT {
+			    ;
+			}
+                |       error COMMENT {
+			    yyerrok;
+			}
+		|	userlist privileges {
+			    add_userspec($1, $2);
+			}
+		|	USERALIAS useraliases {
+			    ;
+			}
+		|	HOSTALIAS hostaliases {
+			    ;
+			}
+		|	CMNDALIAS cmndaliases {
+			    ;
+			}
+		|	RUNASALIAS runasaliases {
+			    ;
+			}
+		|	DEFAULTS defaults_list {
+			    add_defaults(DEFAULTS, NULL, $2);
+			}
+		|	DEFAULTS_USER userlist defaults_list {
+			    add_defaults(DEFAULTS_USER, $2, $3);
+			}
+		|	DEFAULTS_RUNAS userlist defaults_list {
+			    add_defaults(DEFAULTS_RUNAS, $2, $3);
+			}
+		|	DEFAULTS_HOST hostlist defaults_list {
+			    add_defaults(DEFAULTS_HOST, $2, $3);
+			}
+		|	DEFAULTS_CMND cmndlist defaults_list {
+			    add_defaults(DEFAULTS_CMND, $2, $3);
+			}
+		;
+
+defaults_list	:	defaults_entry
+		|	defaults_list ',' defaults_entry {
+			    list_append($1, $3);
+			    $$ = $1;
+			}
+		;
+
+defaults_entry	:	DEFVAR {
+			    $$ = new_default($1, NULL, TRUE);
+			}
+		|	'!' DEFVAR {
+			    $$ = new_default($2, NULL, FALSE);
+			}
+		|	DEFVAR '=' WORD {
+			    $$ = new_default($1, $3, TRUE);
+			}
+		|	DEFVAR '+' WORD {
+			    $$ = new_default($1, $3, '+');
+			}
+		|	DEFVAR '-' WORD {
+			    $$ = new_default($1, $3, '-');
+			}
+		;
+
+privileges	:	privilege
+		|	privileges ':' privilege {
+			    list_append($1, $3);
+			    $$ = $1;
+			}
+		;
+
+privilege	:	hostlist '=' cmndspeclist {
+			    struct privilege *p = emalloc(sizeof(*p));
+			    list2tq(&p->hostlist, $1);
+			    list2tq(&p->cmndlist, $3);
+			    p->prev = p;
+			    p->next = NULL;
+			    $$ = p;
+			}
+		;
+
+ophost		:	host {
+			    $$ = $1;
+			    $$->negated = FALSE;
+			}
+		|	'!' host {
+			    $$ = $2;
+			    $$->negated = TRUE;
+			}
+		;
+
+host		:	ALIAS {
+			    $$ = new_member($1, ALIAS);
+			}
+		|	ALL {
+			    $$ = new_member(NULL, ALL);
+			}
+		|	NETGROUP {
+			    $$ = new_member($1, NETGROUP);
+			}
+		|	NTWKADDR {
+			    $$ = new_member($1, NTWKADDR);
+			}
+		|	WORD {
+			    $$ = new_member($1, WORD);
+			}
+		;
+
+cmndspeclist	:	cmndspec
+		|	cmndspeclist ',' cmndspec {
+			    list_append($1, $3);
+#ifdef HAVE_SELINUX
+			    /* propagate role and type */
+			    if ($3->role == NULL)
+				$3->role = $3->prev->role;
+			    if ($3->type == NULL)
+				$3->type = $3->prev->type;
+#endif /* HAVE_SELINUX */
+			    /* propagate tags and runas list */
+			    if ($3->tags.nopasswd == UNSPEC)
+				$3->tags.nopasswd = $3->prev->tags.nopasswd;
+			    if ($3->tags.noexec == UNSPEC)
+				$3->tags.noexec = $3->prev->tags.noexec;
+			    if ($3->tags.setenv == UNSPEC &&
+				$3->prev->tags.setenv != IMPLIED)
+				$3->tags.setenv = $3->prev->tags.setenv;
+			    if ($3->tags.log_input == UNSPEC)
+				$3->tags.log_input = $3->prev->tags.log_input;
+			    if ($3->tags.log_output == UNSPEC)
+				$3->tags.log_output = $3->prev->tags.log_output;
+			    if ((tq_empty(&$3->runasuserlist) &&
+				 tq_empty(&$3->runasgrouplist)) &&
+				(!tq_empty(&$3->prev->runasuserlist) ||
+				 !tq_empty(&$3->prev->runasgrouplist))) {
+				$3->runasuserlist = $3->prev->runasuserlist;
+				$3->runasgrouplist = $3->prev->runasgrouplist;
+			    }
+			    $$ = $1;
+			}
+		;
+
+cmndspec	:	runasspec selinux cmndtag opcmnd {
+			    struct cmndspec *cs = emalloc(sizeof(*cs));
+			    if ($1 != NULL) {
+				list2tq(&cs->runasuserlist, $1->runasusers);
+				list2tq(&cs->runasgrouplist, $1->runasgroups);
+				efree($1);
+			    } else {
+				tq_init(&cs->runasuserlist);
+				tq_init(&cs->runasgrouplist);
+			    }
+#ifdef HAVE_SELINUX
+			    cs->role = $2.role;
+			    cs->type = $2.type;
+#endif
+			    cs->tags = $3;
+			    cs->cmnd = $4;
+			    cs->prev = cs;
+			    cs->next = NULL;
+			    /* sudo "ALL" implies the SETENV tag */
+			    if (cs->cmnd->type == ALL && !cs->cmnd->negated &&
+				cs->tags.setenv == UNSPEC)
+				cs->tags.setenv = IMPLIED;
+			    $$ = cs;
+			}
+		;
+
+opcmnd		:	cmnd {
+			    $$ = $1;
+			    $$->negated = FALSE;
+			}
+		|	'!' cmnd {
+			    $$ = $2;
+			    $$->negated = TRUE;
+			}
+		;
+
+rolespec	:	ROLE '=' WORD {
+			    $$ = $3;
+			}
+		;
+
+typespec	:	TYPE '=' WORD {
+			    $$ = $3;
+			}
+		;
+
+selinux		:	/* empty */ {
+			    $$.role = NULL;
+			    $$.type = NULL;
+			}
+		|	rolespec {
+			    $$.role = $1;
+			    $$.type = NULL;
+			}
+		|	typespec {
+			    $$.type = $1;
+			    $$.role = NULL;
+			}
+		|	rolespec typespec {
+			    $$.role = $1;
+			    $$.type = $2;
+			}
+		|	typespec rolespec {
+			    $$.type = $1;
+			    $$.role = $2;
+			}
+		;
+
+runasspec	:	/* empty */ {
+			    $$ = NULL;
+			}
+		|	'(' runaslist ')' {
+			    $$ = $2;
+			}
+		;
+
+runaslist	:	userlist {
+			    $$ = emalloc(sizeof(struct runascontainer));
+			    $$->runasusers = $1;
+			    $$->runasgroups = NULL;
+			}
+		|	userlist ':' grouplist {
+			    $$ = emalloc(sizeof(struct runascontainer));
+			    $$->runasusers = $1;
+			    $$->runasgroups = $3;
+			}
+		|	':' grouplist {
+			    $$ = emalloc(sizeof(struct runascontainer));
+			    $$->runasusers = NULL;
+			    $$->runasgroups = $2;
+			}
+		;
+
+cmndtag		:	/* empty */ {
+			    $$.nopasswd = $$.noexec = $$.setenv =
+				$$.log_input = $$.log_output = UNSPEC;
+			}
+		|	cmndtag NOPASSWD {
+			    $$.nopasswd = TRUE;
+			}
+		|	cmndtag PASSWD {
+			    $$.nopasswd = FALSE;
+			}
+		|	cmndtag NOEXEC {
+			    $$.noexec = TRUE;
+			}
+		|	cmndtag EXEC {
+			    $$.noexec = FALSE;
+			}
+		|	cmndtag SETENV {
+			    $$.setenv = TRUE;
+			}
+		|	cmndtag NOSETENV {
+			    $$.setenv = FALSE;
+			}
+		|	cmndtag LOG_INPUT {
+			    $$.log_input = TRUE;
+			}
+		|	cmndtag NOLOG_INPUT {
+			    $$.log_input = FALSE;
+			}
+		|	cmndtag LOG_OUTPUT {
+			    $$.log_output = TRUE;
+			}
+		|	cmndtag NOLOG_OUTPUT {
+			    $$.log_output = FALSE;
+			}
+		;
+
+cmnd		:	ALL {
+			    $$ = new_member(NULL, ALL);
+			}
+		|	ALIAS {
+			    $$ = new_member($1, ALIAS);
+			}
+		|	COMMAND {
+			    struct sudo_command *c = emalloc(sizeof(*c));
+			    c->cmnd = $1.cmnd;
+			    c->args = $1.args;
+			    $$ = new_member((char *)c, COMMAND);
+			}
+		;
+
+hostaliases	:	hostalias
+		|	hostaliases ':' hostalias
+		;
+
+hostalias	:	ALIAS '=' hostlist {
+			    char *s;
+			    if ((s = alias_add($1, HOSTALIAS, $3)) != NULL) {
+				yyerror(s);
+				YYERROR;
+			    }
+			}
+		;
+
+hostlist	:	ophost
+		|	hostlist ',' ophost {
+			    list_append($1, $3);
+			    $$ = $1;
+			}
+		;
+
+cmndaliases	:	cmndalias
+		|	cmndaliases ':' cmndalias
+		;
+
+cmndalias	:	ALIAS '=' cmndlist {
+			    char *s;
+			    if ((s = alias_add($1, CMNDALIAS, $3)) != NULL) {
+				yyerror(s);
+				YYERROR;
+			    }
+			}
+		;
+
+cmndlist	:	opcmnd
+		|	cmndlist ',' opcmnd {
+			    list_append($1, $3);
+			    $$ = $1;
+			}
+		;
+
+runasaliases	:	runasalias
+		|	runasaliases ':' runasalias
+		;
+
+runasalias	:	ALIAS '=' userlist {
+			    char *s;
+			    if ((s = alias_add($1, RUNASALIAS, $3)) != NULL) {
+				yyerror(s);
+				YYERROR;
+			    }
+			}
+		;
+
+useraliases	:	useralias
+		|	useraliases ':' useralias
+		;
+
+useralias	:	ALIAS '=' userlist {
+			    char *s;
+			    if ((s = alias_add($1, USERALIAS, $3)) != NULL) {
+				yyerror(s);
+				YYERROR;
+			    }
+			}
+		;
+
+userlist	:	opuser
+		|	userlist ',' opuser {
+			    list_append($1, $3);
+			    $$ = $1;
+			}
+		;
+
+opuser		:	user {
+			    $$ = $1;
+			    $$->negated = FALSE;
+			}
+		|	'!' user {
+			    $$ = $2;
+			    $$->negated = TRUE;
+			}
+		;
+
+user		:	ALIAS {
+			    $$ = new_member($1, ALIAS);
+			}
+		|	ALL {
+			    $$ = new_member(NULL, ALL);
+			}
+		|	NETGROUP {
+			    $$ = new_member($1, NETGROUP);
+			}
+		|	USERGROUP {
+			    $$ = new_member($1, USERGROUP);
+			}
+		|	WORD {
+			    $$ = new_member($1, WORD);
+			}
+		;
+
+grouplist	:	opgroup
+		|	grouplist ',' opgroup {
+			    list_append($1, $3);
+			    $$ = $1;
+			}
+		;
+
+opgroup		:	group {
+			    $$ = $1;
+			    $$->negated = FALSE;
+			}
+		|	'!' group {
+			    $$ = $2;
+			    $$->negated = TRUE;
+			}
+		;
+
+group		:	ALIAS {
+			    $$ = new_member($1, ALIAS);
+			}
+		|	ALL {
+			    $$ = new_member(NULL, ALL);
+			}
+		|	WORD {
+			    $$ = new_member($1, WORD);
+			}
+		;
+
+%%
+static struct defaults *
+new_default(var, val, op)
+    char *var;
+    char *val;
+    int op;
+{
+    struct defaults *d;
+
+    d = emalloc(sizeof(struct defaults));
+    d->var = var;
+    d->val = val;
+    tq_init(&d->binding);
+    d->type = 0;
+    d->op = op;
+    d->prev = d;
+    d->next = NULL;
+
+    return(d);
+}
+
+static struct member *
+new_member(name, type)
+    char *name;
+    int type;
+{
+    struct member *m;
+
+    m = emalloc(sizeof(struct member));
+    m->name = name;
+    m->type = type;
+    m->prev = m;
+    m->next = NULL;
+
+    return(m);
+}
+
+/*
+ * Add a list of defaults structures to the defaults list.
+ * The binding, if non-NULL, specifies a list of hosts, users, or
+ * runas users the entries apply to (specified by the type).
+ */
+static void
+add_defaults(type, bmem, defs)
+    int type;
+    struct member *bmem;
+    struct defaults *defs;
+{
+    struct defaults *d;
+    struct member_list binding;
+
+    /*
+     * We can only call list2tq once on bmem as it will zero
+     * out the prev pointer when it consumes bmem.
+     */
+    list2tq(&binding, bmem);
+
+    /*
+     * Set type and binding (who it applies to) for new entries.
+     */
+    for (d = defs; d != NULL; d = d->next) {
+	d->type = type;
+	d->binding = binding;
+    }
+    tq_append(&defaults, defs);
+}
+
+/*
+ * Allocate a new struct userspec, populate it, and insert it at the
+ * and of the userspecs list.
+ */
+static void
+add_userspec(members, privs)
+    struct member *members;
+    struct privilege *privs;
+{
+    struct userspec *u;
+
+    u = emalloc(sizeof(*u));
+    list2tq(&u->users, members);
+    list2tq(&u->privileges, privs);
+    u->prev = u;
+    u->next = NULL;
+    tq_append(&userspecs, u);
+}
+
+/*
+ * Free up space used by data structures from a previous parser run and sets
+ * the current sudoers file to path.
+ */
+void
+init_parser(path, quiet)
+    char *path;
+    int quiet;
+{
+    struct defaults *d;
+    struct member *m, *binding;
+    struct userspec *us;
+    struct privilege *priv;
+    struct cmndspec *cs;
+    struct sudo_command *c;
+
+    while ((us = tq_pop(&userspecs)) != NULL) {
+	while ((m = tq_pop(&us->users)) != NULL) {
+	    efree(m->name);
+	    efree(m);
+	}
+	while ((priv = tq_pop(&us->privileges)) != NULL) {
+	    struct member *runasuser = NULL, *runasgroup = NULL;
+#ifdef HAVE_SELINUX
+	    char *role = NULL, *type = NULL;
+#endif /* HAVE_SELINUX */
+
+	    while ((m = tq_pop(&priv->hostlist)) != NULL) {
+		efree(m->name);
+		efree(m);
+	    }
+	    while ((cs = tq_pop(&priv->cmndlist)) != NULL) {
+#ifdef HAVE_SELINUX
+		/* Only free the first instance of a role/type. */
+		if (cs->role != role) {
+		    role = cs->role;
+		    efree(cs->role);
+		}
+		if (cs->type != type) {
+		    type = cs->type;
+		    efree(cs->type);
+		}
+#endif /* HAVE_SELINUX */
+		if (tq_last(&cs->runasuserlist) != runasuser) {
+		    runasuser = tq_last(&cs->runasuserlist);
+		    while ((m = tq_pop(&cs->runasuserlist)) != NULL) {
+			efree(m->name);
+			efree(m);
+		    }
+		}
+		if (tq_last(&cs->runasgrouplist) != runasgroup) {
+		    runasgroup = tq_last(&cs->runasgrouplist);
+		    while ((m = tq_pop(&cs->runasgrouplist)) != NULL) {
+			efree(m->name);
+			efree(m);
+		    }
+		}
+		if (cs->cmnd->type == COMMAND) {
+			c = (struct sudo_command *) cs->cmnd->name;
+			efree(c->cmnd);
+			efree(c->args);
+		}
+		efree(cs->cmnd->name);
+		efree(cs->cmnd);
+		efree(cs);
+	    }
+	    efree(priv);
+	}
+	efree(us);
+    }
+    tq_init(&userspecs);
+
+    binding = NULL;
+    while ((d = tq_pop(&defaults)) != NULL) {
+	if (tq_last(&d->binding) != binding) {
+	    binding = tq_last(&d->binding);
+	    while ((m = tq_pop(&d->binding)) != NULL) {
+		if (m->type == COMMAND) {
+			c = (struct sudo_command *) m->name;
+			efree(c->cmnd);
+			efree(c->args);
+		}
+		efree(m->name);
+		efree(m);
+	    }
+	}
+	efree(d->var);
+	efree(d->val);
+	efree(d);
+    }
+    tq_init(&defaults);
+
+    init_aliases();
+
+    init_lexer();
+
+    efree(sudoers);
+    sudoers = path ? estrdup(path) : NULL;
+
+    parse_error = FALSE;
+    errorlineno = -1;
+    errorfile = NULL;
+    sudolineno = 1;
+    verbose = !quiet;
+}
diff --git a/sudo-1.7.4p4/indent.pro b/sudo-1.7.4p4/indent.pro
new file mode 100644
index 0000000..db27ed3
--- /dev/null
+++ b/sudo-1.7.4p4/indent.pro
@@ -0,0 +1,36 @@
+-br
+-cdb
+-ce
+-d0
+-di1
+-ei
+-i4
+-nlp
+-npcs
+-npsl
+-ps
+-sc
+-TYYSTYPE
+-TLIST
+-TLINK
+-Tu_char
+-Tu_short
+-Tu_int
+-Tu_long
+-Tushort
+-Tuint
+-Tdaddr_t
+-Tcaddr_t
+-Tino_t
+-Tswblk_t
+-Tsize_t
+-Ttime_t
+-Tdev_t
+-Toff_t
+-Tuid_t
+-Tgid_t
+-Tfixpt_t
+-Tkey_t
+-Tpaddr_t
+-Tfd_mask
+-Tfd_set
diff --git a/sudo-1.7.4p4/ins_2001.h b/sudo-1.7.4p4/ins_2001.h
new file mode 100644
index 0000000..63a5d64
--- /dev/null
+++ b/sudo-1.7.4p4/ins_2001.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_INS_2001_H
+#define _SUDO_INS_2001_H
+
+    /*
+     * HAL insults (paraphrased) from 2001.
+     */
+
+    "Just what do you think you're doing Dave?",
+    "It can only be attributed to human error.",
+    "That's something I cannot allow to happen.",
+    "My mind is going. I can feel it.",
+    "Sorry about this, I know it's a bit silly.",
+    "Take a stress pill and think things over.",
+    "This mission is too important for me to allow you to jeopardize it.",
+    "I feel much better now.",
+
+#endif /* _SUDO_INS_2001_H */
diff --git a/sudo-1.7.4p4/ins_classic.h b/sudo-1.7.4p4/ins_classic.h
new file mode 100644
index 0000000..b1942bd
--- /dev/null
+++ b/sudo-1.7.4p4/ins_classic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_INS_CLASSIC_H
+#define _SUDO_INS_CLASSIC_H
+
+    /*
+     * Insults from the original sudo(8).
+     */
+
+    "Wrong!  You cheating scum!",
+#ifdef PC_INSULTS
+    "And you call yourself a Rocket Scientist!",
+#else
+    "No soap, honkie-lips.",
+#endif
+    "Where did you learn to type?",
+    "Are you on drugs?",
+    "My pet ferret can type better than you!",
+    "You type like i drive.",
+    "Do you think like you type?",
+    "Your mind just hasn't been the same since the electro-shock, has it?",
+
+#endif /* _SUDO_INS_CLASSIC_H */
diff --git a/sudo-1.7.4p4/ins_csops.h b/sudo-1.7.4p4/ins_csops.h
new file mode 100644
index 0000000..20e9b02
--- /dev/null
+++ b/sudo-1.7.4p4/ins_csops.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 1996, 1998, 1999, 2004
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_INS_CSOPS_H
+#define _SUDO_INS_CSOPS_H
+
+    /*
+     * CSOps insults (may be site dependent).
+     */
+
+    "Maybe if you used more than just two fingers...",
+    "BOB says:  You seem to have forgotten your passwd, enter another!",
+    "stty: unknown mode: doofus",
+    "I can't hear you -- I'm using the scrambler.",
+    "The more you drive -- the dumber you get.",
+#ifdef PC_INSULTS
+    "Listen, broccoli brains, I don't have time to listen to this trash.",
+#else
+    "Listen, burrito brains, I don't have time to listen to this trash.",
+#endif
+    "I've seen penguins that can type better than that.",
+    "Have you considered trying to match wits with a rutabaga?",
+    "You speak an infinite deal of nothing",
+
+#endif /* _SUDO_INS_CSOPS_H */
diff --git a/sudo-1.7.4p4/ins_goons.h b/sudo-1.7.4p4/ins_goons.h
new file mode 100644
index 0000000..16a262a
--- /dev/null
+++ b/sudo-1.7.4p4/ins_goons.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1996, 1998, 1999 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_INS_GOONS_H
+#define _SUDO_INS_GOONS_H
+
+    /*
+     * Insults from the "Goon Show."
+     */
+
+    "You silly, twisted boy you.",
+    "He has fallen in the water!",
+    "We'll all be murdered in our beds!",
+    "You can't come in. Our tiger has got flu",
+    "I don't wish to know that.",
+    "What, what, what, what, what, what, what, what, what, what?",
+    "You can't get the wood, you know.",
+    "You'll starve!",
+    "... and it used to be so popular...",
+    "Pauses for audience applause, not a sausage",
+    "Hold it up to the light --- not a brain in sight!",
+    "Have a gorilla...",
+    "There must be cure for it!",
+    "There's a lot of it about, you know.",
+    "You do that again and see what happens...",
+    "Ying Tong Iddle I Po",
+    "Harm can come to a young lad like that!",
+    "And with that remarks folks, the case of the Crown vs yourself was proven.",
+    "Speak English you fool --- there are no subtitles in this scene.",
+    "You gotta go owwwww!",
+    "I have been called worse.",
+    "It's only your word against mine.",
+    "I think ... err ... I think ... I think I'll go home",
+
+#endif /* _SUDO_INS_GOONS_H */
diff --git a/sudo-1.7.4p4/install-sh b/sudo-1.7.4p4/install-sh
new file mode 100755
index 0000000..7a207e2
--- /dev/null
+++ b/sudo-1.7.4p4/install-sh
@@ -0,0 +1,233 @@
+#! /bin/sh
+
+## (From INN-1.4, written by Rich Salz)
+##  $Revision$
+##  A script to install files and directories.
+
+PROGNAME=`basename $0`
+
+##  Paths to programs.  CHOWN, STRIP and WHOAMI are checked below.
+CHOWN=chown
+CHGRP=chgrp
+CHMOD=chmod
+CP=cp
+LN=ln
+MKDIR=mkdir
+MV=mv
+RM=rm
+STRIP=strip
+WHOAMI="echo root"
+
+##  Some systems don't support -x, so we have to use -f.
+for d in /sbin /etc /usr/sbin /usr/etc; do
+    if [ -f $d/chown ]; then
+	CHOWN=${d}/chown
+	break
+    fi
+done
+
+for d in /usr/bin /bin /usr/ucb /usr/bsd; do
+    if [ -f $d/whoami ]; then
+	WHOAMI=${d}/whoami
+	break
+    elif [ -f $d/id ]; then
+	WHOAMI=${d}/id | sed -n 's/^[^(]*(\([^)]*\)).*/\1/p'
+    fi
+done
+
+for d in /usr/ccs/bin /usr/bin /bin; do
+    if [ -f $d/strip ]; then
+	STRIP=${d}/strip
+	break
+    fi
+done
+
+##  Defaults.
+CHOWNIT=false
+CHGROUPIT=false
+CHMODIT=false
+STRIPIT=false
+BACKIT=false
+TOUCHIT=true
+DIRMODE=false
+
+case `${WHOAMI}` in
+root)
+    ROOT=true
+    ;;
+*)
+    ROOT=false
+    ;;
+esac
+
+##  Process JCL.
+MORETODO=true
+while ${MORETODO} ; do
+    case X"$1" in
+    X-b)
+	BACKIT=true
+	BACKUP="$2"
+	shift
+	;;
+    X-b*)
+	BACKIT=true
+	BACKUP=`expr "$1" : '-b\(.*\)'`
+	;;
+    X-c)
+	# backwards compatibility
+	;;
+    X-d)
+	DIRMODE=true
+	;;
+    X-g)
+	GROUP="$2"
+	CHGROUPIT=true
+	shift
+	;;
+    X-g*)
+	GROUP=`expr "$1" : '-g\(.*\)'`
+	CHGROUPIT=true
+	;;
+    X-G)
+	GROUP="$2"
+	shift
+	${ROOT} && CHGROUPIT=true
+	;;
+    X-G*)
+	if ${ROOT} ; then
+	    GROUP=`expr "$1" : '-g\(.*\)'`
+	    CHGROUPIT=true
+	fi
+	;;
+    X-m)
+	MODE="$2"
+	CHMODIT=true
+	shift
+	;;
+    X-m*)
+	MODE=`expr "$1" : '-m\(.*\)'`
+	CHMODIT=true
+	;;
+    X-M)
+	MODE="$2"
+	${ROOT} && CHMODIT=true
+	shift
+	;;
+    X-M*)
+	MODE=`expr "$1" : '-m\(.*\)'`
+	${ROOT} && CHMODIT=true
+	;;
+    X-n)
+	TOUCHIT=false
+	;;
+    X-o)
+	OWNER="$2"
+	CHOWNIT=true
+	shift
+	;;
+    X-o*)
+	OWNER=`expr "$1" : '-o\(.*\)'`
+	CHOWNIT=true
+	;;
+    X-O)
+	OWNER="$2"
+	shift
+	${ROOT} && CHOWNIT=true
+	;;
+    X-O*)
+	if ${ROOT} ; then
+	    OWNER=`expr "$1" : '-o\(.*\)'`
+	    CHOWNIT=true
+	fi
+	;;
+    X-s)
+	STRIPIT=true
+	;;
+    X--)
+	shift
+	MORETODO=false
+	;;
+    X-*)
+	echo "${PROGNAME}:  Unknown flag $1" 1>&2
+	exit 1
+	;;
+    *)
+	MORETODO=false
+	;;
+    esac
+    ${MORETODO} && shift
+done
+
+##  Making a directory?
+if ${DIRMODE} ; then
+    while test $# != 0; do
+	DEST="$1"
+	if [ ! -d "${DEST}" ] ; then
+	    ${MKDIR} "${DEST}" || exit 1
+	fi
+	if ${CHOWNIT} ; then
+	    ${CHOWN} "${OWNER}" "${DEST}" || exit 1
+	fi
+	if ${CHGROUPIT} ; then
+	    ${CHGRP} "${GROUP}" "${DEST}" || exit 1
+	fi
+	if ${CHMODIT} ; then
+	    ${CHMOD} "${MODE}"  "${DEST}" || exit 1
+	fi
+	shift;
+    done
+    exit 0
+fi
+
+##  Process arguments.
+if [ $# -ne 2 ] ; then
+    echo "Usage:  ${PROGNAME} [flags] source destination"
+    exit 1
+fi
+
+##  Get the destination and a temp file in the destination diretory.
+if [ -d "$2" ] ; then
+    DEST="$2/`basename $1`"
+    TEMP="$2/$$.tmp"
+else
+    DEST="$2"
+    TEMP="`expr "$2" : '\(.*\)/.*'`/$$.tmp"
+fi
+
+##  If not given the same name, we must try to copy.
+if [ X"$1" != X"$2" ] ; then
+    if cmp -s "$1" "${DEST}" ; then
+	##  Files are same; touch or not.
+	${TOUCHIT} && touch "${DEST}"
+    else
+	##  If destination exists and we wish to backup, link to backup.
+	if [ -f "${DEST}" ] ; then
+	    if ${BACKIT} ; then
+		${RM} -f "${DEST}${BACKUP}"
+		${LN} "${DEST}" "${DEST}${BACKUP}"
+	    fi
+	fi
+	##  Copy source to the right dir, then move to right spot.
+	##  Done in two parts so we can hope for atomicity.
+	##  We need to rm DEST due to bugs in "mv -f" on some systems.
+	${RM} -f "${TEMP}" || exit 1
+	${CP} "$1" "${TEMP}" || exit 1
+	${RM} -f "${DEST}" || exit 1
+	${MV} -f "${TEMP}" "${DEST}" || exit 1
+    fi
+fi
+
+##  Strip and set the modes.
+if ${STRIPIT} ; then
+    ${STRIP} "${DEST}" || exit 1
+fi
+if ${CHOWNIT} ; then
+    ${CHOWN} "${OWNER}" "${DEST}" || exit 1
+fi
+if ${CHGROUPIT} ; then
+    ${CHGRP} "${GROUP}" "${DEST}" || exit 1
+fi
+if ${CHMODIT} ; then
+    ${CHMOD} "${MODE}"  "${DEST}" || exit 1
+fi
+exit 0
diff --git a/sudo-1.7.4p4/insults.h b/sudo-1.7.4p4/insults.h
new file mode 100644
index 0000000..bdb3fc6
--- /dev/null
+++ b/sudo-1.7.4p4/insults.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 1994-1996, 1998-1999, 2004
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_INSULTS_H
+#define _SUDO_INSULTS_H
+
+#if defined(HAL_INSULTS) || defined(GOONS_INSULTS) || defined(CLASSIC_INSULTS) || defined(CSOPS_INSULTS)
+
+/*
+ * Use one or more set of insults as determined by configure
+ */
+
+char *insults[] = {
+
+# ifdef HAL_INSULTS
+#  include "ins_2001.h"
+# endif
+
+# ifdef GOONS_INSULTS
+#  include "ins_goons.h"
+# endif
+
+# ifdef CLASSIC_INSULTS
+#  include "ins_classic.h"
+# endif
+
+# ifdef CSOPS_INSULTS
+#  include "ins_csops.h"
+# endif
+
+    (char *) 0
+
+};
+
+/*
+ * How may I insult you?  Let me count the ways...
+ */
+#define NOFINSULTS (sizeof(insults) / sizeof(insults[0]) - 1)
+
+/*
+ * return a pseudo-random insult.
+ */
+#define INSULT		(insults[time(NULL) % NOFINSULTS])
+
+#endif /* HAL_INSULTS || GOONS_INSULTS || CLASSIC_INSULTS || CSOPS_INSULTS */
+
+#endif /* _SUDO_INSULTS_H */
diff --git a/sudo-1.7.4p4/interfaces.c b/sudo-1.7.4p4/interfaces.c
new file mode 100644
index 0000000..502cb94
--- /dev/null
+++ b/sudo-1.7.4p4/interfaces.c
@@ -0,0 +1,353 @@
+/*
+ * Copyright (c) 1996, 1998-2005, 2007-2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+/*
+ * Suppress a warning w/ gcc on Digital UN*X.
+ * The system headers should really do this....
+ */
+#if defined(__osf__) && !defined(__cplusplus)
+struct mbuf;
+struct rtentry;
+#endif
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/param.h>
+#include <sys/time.h>
+#include <sys/ioctl.h>
+#if defined(HAVE_SYS_SOCKIO_H) && !defined(SIOCGIFCONF)
+# include <sys/sockio.h>
+#endif
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+#  include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <netdb.h>
+#include <errno.h>
+#ifdef _ISC
+# include <sys/stream.h>
+# include <sys/sioctl.h>
+# include <sys/stropts.h>
+# define STRSET(cmd, param, len) {strioctl.ic_cmd=(cmd);\
+				 strioctl.ic_dp=(param);\
+				 strioctl.ic_timout=0;\
+				 strioctl.ic_len=(len);}
+#endif /* _ISC */
+#ifdef _MIPS
+# include <net/soioctl.h>
+#endif /* _MIPS */
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <net/if.h>
+#ifdef HAVE_GETIFADDRS
+# include <ifaddrs.h>
+#endif
+
+#include "sudo.h"
+#include "interfaces.h"
+
+/* Minix apparently lacks IFF_LOOPBACK */
+#ifndef IFF_LOOPBACK
+# define IFF_LOOPBACK	0
+#endif
+
+#ifdef HAVE_GETIFADDRS
+
+/*
+ * Allocate and fill in the interfaces global variable with the
+ * machine's ip addresses and netmasks.
+ */
+void
+load_interfaces()
+{
+    struct ifaddrs *ifa, *ifaddrs;
+    struct sockaddr_in *sin;
+#ifdef HAVE_IN6_ADDR
+    struct sockaddr_in6 *sin6;
+#endif
+    int i;
+
+    if (getifaddrs(&ifaddrs))
+	return;
+
+    /* Allocate space for the interfaces list. */
+    for (ifa = ifaddrs; ifa != NULL; ifa = ifa -> ifa_next) {
+	/* Skip interfaces marked "down" and "loopback". */
+	if (ifa->ifa_addr == NULL || !ISSET(ifa->ifa_flags, IFF_UP) ||
+	    ISSET(ifa->ifa_flags, IFF_LOOPBACK))
+	    continue;
+
+	switch(ifa->ifa_addr->sa_family) {
+	    case AF_INET:
+#ifdef HAVE_IN6_ADDR
+	    case AF_INET6:
+#endif
+		num_interfaces++;
+		break;
+	}
+    }
+    if (num_interfaces == 0)
+	return;
+    interfaces =
+	(struct interface *) emalloc2(num_interfaces, sizeof(struct interface));
+
+    /* Store the ip addr / netmask pairs. */
+    for (ifa = ifaddrs, i = 0; ifa != NULL; ifa = ifa -> ifa_next) {
+	/* Skip interfaces marked "down" and "loopback". */
+	if (ifa->ifa_addr == NULL || !ISSET(ifa->ifa_flags, IFF_UP) ||
+	    ISSET(ifa->ifa_flags, IFF_LOOPBACK))
+		continue;
+
+	switch(ifa->ifa_addr->sa_family) {
+	    case AF_INET:
+		sin = (struct sockaddr_in *)ifa->ifa_addr;
+		if (sin == NULL)
+		    continue;
+		memcpy(&interfaces[i].addr, &sin->sin_addr,
+		    sizeof(struct in_addr));
+		sin = (struct sockaddr_in *)ifa->ifa_netmask;
+		if (sin == NULL)
+		    continue;
+		memcpy(&interfaces[i].netmask, &sin->sin_addr,
+		    sizeof(struct in_addr));
+		interfaces[i].family = AF_INET;
+		i++;
+		break;
+#ifdef HAVE_IN6_ADDR
+	    case AF_INET6:
+		sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
+		if (sin6 == NULL)
+		    continue;
+		memcpy(&interfaces[i].addr, &sin6->sin6_addr,
+		    sizeof(struct in6_addr));
+		sin6 = (struct sockaddr_in6 *)ifa->ifa_netmask;
+		if (sin6 == NULL)
+		    continue;
+		memcpy(&interfaces[i].netmask, &sin6->sin6_addr,
+		    sizeof(struct in6_addr));
+		interfaces[i].family = AF_INET6;
+		i++;
+		break;
+#endif /* HAVE_IN6_ADDR */
+	}
+    }
+#ifdef HAVE_FREEIFADDRS
+    freeifaddrs(ifaddrs);
+#else
+    efree(ifaddrs);
+#endif
+}
+
+#elif defined(SIOCGIFCONF) && !defined(STUB_LOAD_INTERFACES)
+
+/*
+ * Allocate and fill in the interfaces global variable with the
+ * machine's ip addresses and netmasks.
+ */
+void
+load_interfaces()
+{
+    struct ifconf *ifconf;
+    struct ifreq *ifr, ifr_tmp;
+    struct sockaddr_in *sin;
+    int sock, n, i;
+    size_t len = sizeof(struct ifconf) + BUFSIZ;
+    char *previfname = "", *ifconf_buf = NULL;
+#ifdef _ISC
+    struct strioctl strioctl;
+#endif /* _ISC */
+
+    sock = socket(AF_INET, SOCK_DGRAM, 0);
+    if (sock < 0)
+	error(1, "cannot open socket");
+
+    /*
+     * Get interface configuration or return (leaving num_interfaces == 0)
+     */
+    for (;;) {
+	ifconf_buf = erealloc(ifconf_buf, len);
+	ifconf = (struct ifconf *) ifconf_buf;
+	ifconf->ifc_len = len - sizeof(struct ifconf);
+	ifconf->ifc_buf = (caddr_t) (ifconf_buf + sizeof(struct ifconf));
+
+#ifdef _ISC
+	STRSET(SIOCGIFCONF, (caddr_t) ifconf, len);
+	if (ioctl(sock, I_STR, (caddr_t) &strioctl) < 0) {
+#else
+	/* Note that some kernels return EINVAL if the buffer is too small */
+	if (ioctl(sock, SIOCGIFCONF, (caddr_t) ifconf) < 0 && errno != EINVAL) {
+#endif /* _ISC */
+	    efree(ifconf_buf);
+	    (void) close(sock);
+	    return;
+	}
+
+	/* Break out of loop if we have a big enough buffer. */
+	if (ifconf->ifc_len + sizeof(struct ifreq) < len)
+	    break;
+	len += BUFSIZ;
+    }
+
+    /* Allocate space for the maximum number of interfaces that could exist. */
+    if ((n = ifconf->ifc_len / sizeof(struct ifreq)) == 0)
+	return;
+    interfaces = (struct interface *) emalloc2(n, sizeof(struct interface));
+
+    /* For each interface, store the ip address and netmask. */
+    for (i = 0; i < ifconf->ifc_len; ) {
+	/* Get a pointer to the current interface. */
+	ifr = (struct ifreq *) &ifconf->ifc_buf[i];
+
+	/* Set i to the subscript of the next interface. */
+	i += sizeof(struct ifreq);
+#ifdef HAVE_SA_LEN
+	if (ifr->ifr_addr.sa_len > sizeof(ifr->ifr_addr))
+	    i += ifr->ifr_addr.sa_len - sizeof(struct sockaddr);
+#endif /* HAVE_SA_LEN */
+
+	/* Skip duplicates and interfaces with NULL addresses. */
+	sin = (struct sockaddr_in *) &ifr->ifr_addr;
+	if (sin->sin_addr.s_addr == 0 ||
+	    strncmp(previfname, ifr->ifr_name, sizeof(ifr->ifr_name) - 1) == 0)
+	    continue;
+
+	if (ifr->ifr_addr.sa_family != AF_INET)
+		continue;
+
+#ifdef SIOCGIFFLAGS
+	zero_bytes(&ifr_tmp, sizeof(ifr_tmp));
+	strncpy(ifr_tmp.ifr_name, ifr->ifr_name, sizeof(ifr_tmp.ifr_name) - 1);
+	if (ioctl(sock, SIOCGIFFLAGS, (caddr_t) &ifr_tmp) < 0)
+#endif
+	    ifr_tmp = *ifr;
+	
+	/* Skip interfaces marked "down" and "loopback". */
+	if (!ISSET(ifr_tmp.ifr_flags, IFF_UP) ||
+	    ISSET(ifr_tmp.ifr_flags, IFF_LOOPBACK))
+		continue;
+
+	sin = (struct sockaddr_in *) &ifr->ifr_addr;
+	interfaces[num_interfaces].addr.ip4.s_addr = sin->sin_addr.s_addr;
+
+	/* Stash the name of the interface we saved. */
+	previfname = ifr->ifr_name;
+
+	/* Get the netmask. */
+	zero_bytes(&ifr_tmp, sizeof(ifr_tmp));
+	strncpy(ifr_tmp.ifr_name, ifr->ifr_name, sizeof(ifr_tmp.ifr_name) - 1);
+#ifdef SIOCGIFNETMASK
+#ifdef _ISC
+	STRSET(SIOCGIFNETMASK, (caddr_t) &ifr_tmp, sizeof(ifr_tmp));
+	if (ioctl(sock, I_STR, (caddr_t) &strioctl) == 0) {
+#else
+	if (ioctl(sock, SIOCGIFNETMASK, (caddr_t) &ifr_tmp) == 0) {
+#endif /* _ISC */
+	    sin = (struct sockaddr_in *) &ifr_tmp.ifr_addr;
+
+	    interfaces[num_interfaces].netmask.ip4.s_addr = sin->sin_addr.s_addr;
+	} else {
+#else
+	{
+#endif /* SIOCGIFNETMASK */
+	    if (IN_CLASSC(interfaces[num_interfaces].addr.ip4.s_addr))
+		interfaces[num_interfaces].netmask.ip4.s_addr = htonl(IN_CLASSC_NET);
+	    else if (IN_CLASSB(interfaces[num_interfaces].addr.ip4.s_addr))
+		interfaces[num_interfaces].netmask.ip4.s_addr = htonl(IN_CLASSB_NET);
+	    else
+		interfaces[num_interfaces].netmask.ip4.s_addr = htonl(IN_CLASSA_NET);
+	}
+
+	/* Only now can we be sure it was a good/interesting interface. */
+	interfaces[num_interfaces].family = AF_INET;
+	num_interfaces++;
+    }
+
+    /* If the expected size < real size, realloc the array. */
+    if (n != num_interfaces) {
+	if (num_interfaces != 0)
+	    interfaces = (struct interface *) erealloc3(interfaces,
+		num_interfaces, sizeof(struct interface));
+	else
+	    efree(interfaces);
+    }
+    efree(ifconf_buf);
+    (void) close(sock);
+}
+
+#else /* !SIOCGIFCONF || STUB_LOAD_INTERFACES */
+
+/*
+ * Stub function for those without SIOCGIFCONF
+ */
+void
+load_interfaces()
+{
+    return;
+}
+
+#endif /* SIOCGIFCONF && !STUB_LOAD_INTERFACES */
+
+void
+dump_interfaces()
+{
+    int i;
+#ifdef HAVE_IN6_ADDR
+    char addrbuf[INET6_ADDRSTRLEN], maskbuf[INET6_ADDRSTRLEN];
+#endif
+
+    puts("Local IP address and netmask pairs:");
+    for (i = 0; i < num_interfaces; i++) {
+	switch(interfaces[i].family) {
+	    case AF_INET:
+		printf("\t%s / ", inet_ntoa(interfaces[i].addr.ip4));
+		puts(inet_ntoa(interfaces[i].netmask.ip4));
+		break;
+#ifdef HAVE_IN6_ADDR
+	    case AF_INET6:
+		inet_ntop(AF_INET6, &interfaces[i].addr.ip6,
+		    addrbuf, sizeof(addrbuf));
+		inet_ntop(AF_INET6, &interfaces[i].netmask.ip6,
+		    maskbuf, sizeof(maskbuf));
+		printf("\t%s / %s\n", addrbuf, maskbuf);
+		break;
+#endif /* HAVE_IN6_ADDR */
+	}
+    }
+}
diff --git a/sudo-1.7.4p4/interfaces.h b/sudo-1.7.4p4/interfaces.h
new file mode 100644
index 0000000..06b0b85
--- /dev/null
+++ b/sudo-1.7.4p4/interfaces.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 1996, 1998-2005, 2007
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#ifndef _SUDO_INTERFACES_H
+#define _SUDO_INTERFACES_H
+
+/*
+ * Union to hold either strucr in_addr or in6_add
+ */
+union sudo_in_addr_un {
+    struct in_addr ip4;
+#ifdef HAVE_IN6_ADDR
+    struct in6_addr ip6;
+#endif
+};
+
+/*
+ * IP address and netmask pairs for checking against local interfaces.
+ */
+struct interface {
+    int family;	/* AF_INET or AF_INET6 */
+    union sudo_in_addr_un addr;
+    union sudo_in_addr_un netmask;
+};
+
+/*
+ * Prototypes for external functions.
+ */
+void load_interfaces	__P((void));
+void dump_interfaces	__P((void));
+
+/*
+ * Definitions for external variables.
+ */
+#ifndef _SUDO_MAIN
+extern struct interface *interfaces;
+extern int num_interfaces;
+#endif
+
+#endif /* _SUDO_INTERFACES_H */
diff --git a/sudo-1.7.4p4/iolog.c b/sudo-1.7.4p4/iolog.c
new file mode 100644
index 0000000..4e492b6
--- /dev/null
+++ b/sudo-1.7.4p4/iolog.c
@@ -0,0 +1,404 @@
+/*
+ * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <pwd.h>
+#include <grp.h>
+#ifdef HAVE_ZLIB_H
+# include <zlib.h>
+#endif
+
+#include "sudo.h"
+
+union io_fd {
+    FILE *f;
+#ifdef HAVE_ZLIB_H
+    gzFile g;
+#endif
+    void *v;
+};
+
+struct script_buf {
+    int len; /* buffer length (how much read in) */
+    int off; /* write position (how much already consumed) */
+    char buf[16 * 1024];
+};
+
+#define IOFD_STDIN	0
+#define IOFD_STDOUT	1
+#define IOFD_STDERR	2
+#define IOFD_TTYIN	3
+#define IOFD_TTYOUT	4
+#define IOFD_TIMING	5
+#define IOFD_MAX	6
+
+#ifdef __STDC__
+# define SESSID_MAX	2176782336U
+#else
+# define SESSID_MAX	(unsigned long)2176782336
+#endif
+
+static sigset_t ttyblock;
+static struct timeval last_time;
+static union io_fd io_fds[IOFD_MAX];
+
+void
+io_nextid()
+{
+    struct stat sb;
+    char buf[32], *ep;
+    int fd, i, ch;
+    unsigned long id = 0;
+    int len;
+    ssize_t nread;
+    char pathbuf[PATH_MAX];
+
+    /*
+     * Create _PATH_SUDO_IO_LOGDIR if it doesn't already exist.
+     */
+    if (stat(_PATH_SUDO_IO_LOGDIR, &sb) != 0) {
+	if (mkdir(_PATH_SUDO_IO_LOGDIR, S_IRWXU) != 0)
+	    log_error(USE_ERRNO, "Can't mkdir %s", _PATH_SUDO_IO_LOGDIR);
+    } else if (!S_ISDIR(sb.st_mode)) {
+	log_error(0, "%s exists but is not a directory (0%o)",
+	    _PATH_SUDO_IO_LOGDIR, (unsigned int) sb.st_mode);
+    }
+
+    /*
+     * Open sequence file
+     */
+    len = snprintf(pathbuf, sizeof(pathbuf), "%s/seq", _PATH_SUDO_IO_LOGDIR);
+    if (len <= 0 || len >= sizeof(pathbuf)) {
+	errno = ENAMETOOLONG;
+	log_error(USE_ERRNO, "%s/seq", pathbuf);
+    }
+    fd = open(pathbuf, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR);
+    if (fd == -1)
+	log_error(USE_ERRNO, "cannot open %s", pathbuf);
+    lock_file(fd, SUDO_LOCK);
+
+    /* Read seq number (base 36). */
+    nread = read(fd, buf, sizeof(buf));
+    if (nread != 0) {
+	if (nread == -1)
+	    log_error(USE_ERRNO, "cannot read %s", pathbuf);
+	id = strtoul(buf, &ep, 36);
+	if (buf == ep || id >= SESSID_MAX)
+	    log_error(0, "invalid sequence number %s", pathbuf);
+    }
+    id++;
+
+    /*
+     * Convert id to a string and stash in sudo_user.sessid.
+     * Note that that least significant digits go at the end of the string.
+     */
+    for (i = 5; i >= 0; i--) {
+	ch = id % 36;
+	id /= 36;
+	buf[i] = ch < 10 ? ch + '0' : ch - 10 + 'A';
+    }
+    buf[6] = '\n';
+
+    /* Stash id logging purposes */
+    memcpy(sudo_user.sessid, buf, 6);
+    sudo_user.sessid[6] = '\0';
+
+    /* Rewind and overwrite old seq file. */
+    if (lseek(fd, 0, SEEK_SET) == (off_t)-1 || write(fd, buf, 7) != 7)
+	log_error(USE_ERRNO, "Can't write to %s", pathbuf);
+    close(fd);
+}
+
+static int
+build_idpath(pathbuf, pathsize)
+    char *pathbuf;
+    size_t pathsize;
+{
+    struct stat sb;
+    int i, len;
+
+    if (sudo_user.sessid[0] == '\0')
+	log_error(0, "tried to build a session id path without a session id");
+
+    /*
+     * Path is of the form /var/log/sudo-session/00/00/01.
+     */
+    len = snprintf(pathbuf, pathsize, "%s/%c%c/%c%c/%c%c", _PATH_SUDO_IO_LOGDIR,
+	sudo_user.sessid[0], sudo_user.sessid[1], sudo_user.sessid[2],
+	sudo_user.sessid[3], sudo_user.sessid[4], sudo_user.sessid[5]);
+    if (len <= 0 && len >= pathsize) {
+	errno = ENAMETOOLONG;
+	log_error(USE_ERRNO, "%s/%s", _PATH_SUDO_IO_LOGDIR, sudo_user.sessid);
+    }
+
+    /*
+     * Create the intermediate subdirs as needed.
+     */
+    for (i = 6; i > 0; i -= 3) {
+	pathbuf[len - i] = '\0';
+	if (stat(pathbuf, &sb) != 0) {
+	    if (mkdir(pathbuf, S_IRWXU) != 0)
+		log_error(USE_ERRNO, "Can't mkdir %s", pathbuf);
+	} else if (!S_ISDIR(sb.st_mode)) {
+	    log_error(0, "%s: %s", pathbuf, strerror(ENOTDIR));
+	}
+	pathbuf[len - i] = '/';
+    }
+
+    return(len);
+}
+
+static void *
+open_io_fd(pathbuf, len, suffix, docompress)
+    char *pathbuf;
+    int len;
+    const char *suffix;
+    int docompress;
+{
+    void *vfd = NULL;
+    int fd;
+
+    pathbuf[len] = '\0';
+    strlcat(pathbuf, suffix, PATH_MAX);
+    fd = open(pathbuf, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR);
+    if (fd != -1) {
+	fcntl(fd, F_SETFD, FD_CLOEXEC);
+#ifdef HAVE_ZLIB_H
+	if (docompress)
+	    vfd = gzdopen(fd, "w");
+	else
+#endif
+	    vfd = fdopen(fd, "w");
+    }
+    return vfd;
+}
+
+int
+io_log_open()
+{
+    char pathbuf[PATH_MAX];
+    FILE *io_logfile;
+    int len;
+
+    if (!def_log_input && !def_log_output)
+	return FALSE;
+
+    /*
+     * Build a path containing the session id split into two-digit subdirs,
+     * so ID 000001 becomes /var/log/sudo-session/00/00/01.
+     */
+    len = build_idpath(pathbuf, sizeof(pathbuf));
+    if (len == -1)
+	return -1;
+
+    if (mkdir(pathbuf, S_IRUSR|S_IWUSR|S_IXUSR) != 0)
+	log_error(USE_ERRNO, "Can't mkdir %s", pathbuf);
+
+    /*
+     * We create 7 files: a log file, a timing file and 5 for input/output.
+     */
+    io_logfile = open_io_fd(pathbuf, len, "/log", FALSE);
+    if (io_logfile == NULL)
+	log_error(USE_ERRNO, "Can't create %s", pathbuf);
+
+    io_fds[IOFD_TIMING].v = open_io_fd(pathbuf, len, "/timing", def_compress_io);
+    if (io_fds[IOFD_TIMING].v == NULL)
+	log_error(USE_ERRNO, "Can't create %s", pathbuf);
+
+    if (def_log_input) {
+	io_fds[IOFD_TTYIN].v = open_io_fd(pathbuf, len, "/ttyin", def_compress_io);
+	if (io_fds[IOFD_TTYIN].v == NULL)
+	    log_error(USE_ERRNO, "Can't create %s", pathbuf);
+    }
+
+    if (def_log_output) {
+	io_fds[IOFD_TTYOUT].v = open_io_fd(pathbuf, len, "/ttyout", def_compress_io);
+	if (io_fds[IOFD_TTYOUT].v == NULL)
+	    log_error(USE_ERRNO, "Can't create %s", pathbuf);
+    }
+
+    if (def_log_input) {
+	io_fds[IOFD_STDIN].v = open_io_fd(pathbuf, len, "/stdin", def_compress_io);
+	if (io_fds[IOFD_STDIN].v == NULL)
+	    log_error(USE_ERRNO, "Can't create %s", pathbuf);
+    }
+
+    if (def_log_output) {
+	io_fds[IOFD_STDOUT].v = open_io_fd(pathbuf, len, "/stdout", def_compress_io);
+	if (io_fds[IOFD_STDOUT].v == NULL)
+	    log_error(USE_ERRNO, "Can't create %s", pathbuf);
+    }
+
+    if (def_log_output) {
+	io_fds[IOFD_STDERR].v = open_io_fd(pathbuf, len, "/stderr", def_compress_io);
+	if (io_fds[IOFD_STDERR].v == NULL)
+	    log_error(USE_ERRNO, "Can't create %s", pathbuf);
+    }
+
+    /* So we can block tty-generated signals */
+    sigemptyset(&ttyblock);
+    sigaddset(&ttyblock, SIGINT);
+    sigaddset(&ttyblock, SIGQUIT);
+    sigaddset(&ttyblock, SIGTSTP);
+    sigaddset(&ttyblock, SIGTTIN);
+    sigaddset(&ttyblock, SIGTTOU);
+
+    gettimeofday(&last_time, NULL);
+
+    /* XXX - log more stuff?  window size? environment? */
+    fprintf(io_logfile, "%ld:%s:%s:%s:%s\n", (long)last_time.tv_sec, user_name,
+        runas_pw->pw_name, runas_gr ? runas_gr->gr_name : "", user_tty);
+    fprintf(io_logfile, "%s\n", user_cwd);
+    fprintf(io_logfile, "%s%s%s\n", user_cmnd, user_args ? " " : "",
+        user_args ? user_args : "");
+    fclose(io_logfile);
+
+    return TRUE;
+}
+
+void
+io_log_close()
+{
+    int i;
+
+    for (i = 0; i < IOFD_MAX; i++) {
+	if (io_fds[i].v == NULL)
+	    continue;
+#ifdef HAVE_ZLIB_H
+	if (def_compress_io)
+	    gzclose(io_fds[i].g);
+	else
+#endif
+	    fclose(io_fds[i].f);
+    }
+}
+
+static int
+log_io(buf, len, idx)
+    const char *buf;
+    unsigned int len;
+    int idx;
+{
+    struct timeval now, delay;
+    sigset_t omask;
+
+    gettimeofday(&now, NULL);
+
+    sigprocmask(SIG_BLOCK, &ttyblock, &omask);
+
+#ifdef HAVE_ZLIB_H
+    if (def_compress_io)
+	gzwrite(io_fds[idx].g, buf, len);
+    else
+#endif
+	fwrite(buf, 1, len, io_fds[idx].f);
+    delay.tv_sec = now.tv_sec;
+    delay.tv_usec = now.tv_usec;
+    timevalsub(&delay, &last_time);
+#ifdef HAVE_ZLIB_H
+    if (def_compress_io)
+	gzprintf(io_fds[IOFD_TIMING].g, "%d %f %d\n", idx,
+	    delay.tv_sec + ((double)delay.tv_usec / 1000000), len);
+    else
+#endif
+	fprintf(io_fds[IOFD_TIMING].f, "%d %f %d\n", idx,
+	    delay.tv_sec + ((double)delay.tv_usec / 1000000), len);
+    last_time.tv_sec = now.tv_sec;
+    last_time.tv_usec = now.tv_usec;
+
+    sigprocmask(SIG_SETMASK, &omask, NULL);
+
+    return TRUE;
+}
+
+int
+log_ttyin(buf, len)
+    const char *buf;
+    unsigned int len;
+{
+    if (!io_fds[IOFD_TTYIN].v)
+	return TRUE;
+    return log_io(buf, len, IOFD_TTYIN);
+}
+
+int
+log_ttyout(buf, len)
+    const char *buf;
+    unsigned int len;
+{
+    if (!io_fds[IOFD_TTYOUT].v)
+	return TRUE;
+    return log_io(buf, len, IOFD_TTYOUT);
+}
+
+int
+log_stdin(buf, len)
+    const char *buf;
+    unsigned int len;
+{
+    if (!io_fds[IOFD_STDIN].v)
+	return TRUE;
+    return log_io(buf, len, IOFD_STDIN);
+}
+
+int
+log_stdout(buf, len)
+    const char *buf;
+    unsigned int len;
+{
+    if (!io_fds[IOFD_STDOUT].v)
+	return TRUE;
+    return log_io(buf, len, IOFD_STDOUT);
+}
+
+int
+log_stderr(buf, len)
+    const char *buf;
+    unsigned int len;
+{
+    if (!io_fds[IOFD_STDOUT].v)
+	return TRUE;
+    return log_io(buf, len, IOFD_STDERR);
+}
diff --git a/sudo-1.7.4p4/isblank.c b/sudo-1.7.4p4/isblank.c
new file mode 100644
index 0000000..e6ad58d
--- /dev/null
+++ b/sudo-1.7.4p4/isblank.c
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2008 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+#include <compat.h>
+
+#undef isblank
+int
+isblank(ch)
+    int ch;
+{
+    return(ch == ' ' || ch == '\t');
+}
diff --git a/sudo-1.7.4p4/lbuf.c b/sudo-1.7.4p4/lbuf.c
new file mode 100644
index 0000000..bd218da
--- /dev/null
+++ b/sudo-1.7.4p4/lbuf.c
@@ -0,0 +1,305 @@
+/*
+ * Copyright (c) 2007-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <ctype.h>
+#ifdef HAVE_TERMIOS_H
+# include <termios.h>
+#else
+# ifdef HAVE_TERMIO_H
+#  include <termio.h>
+# endif
+#endif
+
+#include "sudo.h"
+#include "lbuf.h"
+
+#if !defined(TIOCGSIZE) && defined(TIOCGWINSZ)
+# define TIOCGSIZE	TIOCGWINSZ
+# define ttysize	winsize
+# define ts_cols	ws_col
+#endif
+
+int
+get_ttycols()
+{
+    char *p;
+    int cols;
+#ifdef TIOCGSIZE
+    struct ttysize win;
+
+    if (ioctl(STDERR_FILENO, TIOCGSIZE, &win) == 0 && win.ts_cols != 0)
+	return((int)win.ts_cols);
+#endif
+
+    /* Fall back on $COLUMNS. */
+    if ((p = getenv("COLUMNS")) == NULL || (cols = atoi(p)) <= 0)
+	cols = 80;
+    return(cols);
+}
+
+void
+lbuf_init(lbuf, output, indent, continuation)
+    struct lbuf *lbuf;
+    int (*output)__P((const char *));
+    int indent;
+    const char *continuation;
+{
+    lbuf->output = output;
+    lbuf->continuation = continuation;
+    lbuf->indent = indent;
+    lbuf->cols = get_ttycols();
+    lbuf->len = 0;
+    lbuf->size = 0;
+    lbuf->buf = NULL;
+}
+
+void
+lbuf_destroy(lbuf)
+    struct lbuf *lbuf;
+{
+    efree(lbuf->buf);
+    lbuf->buf = NULL;
+}
+
+/*
+ * Append strings to the buffer, expanding it as needed.
+ */
+void
+#ifdef __STDC__
+lbuf_append_quoted(struct lbuf *lbuf, const char *set, ...)
+#else
+lbuf_append_quoted(lbuf, set, va_alist)
+	struct lbuf *lbuf;
+	const char *set;
+	va_dcl
+#endif
+{
+    va_list ap;
+    int len = 0;
+    char *cp, *s;
+
+#ifdef __STDC__
+    va_start(ap, set);
+#else
+    va_start(ap);
+#endif
+    while ((s = va_arg(ap, char *)) != NULL) {
+	len += strlen(s);
+	for (cp = s; (cp = strpbrk(cp, set)) != NULL; cp++)
+	    len++;
+    }
+    va_end(ap);
+
+    /* Expand buffer as needed. */
+    if (lbuf->len + len >= lbuf->size) {
+	do {
+	    lbuf->size += 256;
+	} while (lbuf->len + len >= lbuf->size);
+	lbuf->buf = erealloc(lbuf->buf, lbuf->size);
+    }
+
+#ifdef __STDC__
+    va_start(ap, set);
+#else
+    va_start(ap);
+#endif
+    /* Append each string. */
+    while ((s = va_arg(ap, char *)) != NULL) {
+	while ((cp = strpbrk(s, set)) != NULL) {
+	    len = (int)(cp - s);
+	    memcpy(lbuf->buf + lbuf->len, s, len);
+	    lbuf->len += len;
+	    lbuf->buf[lbuf->len++] = '\\';
+	    lbuf->buf[lbuf->len++] = *cp;
+	    s = cp + 1;
+	}
+	if (*s != '\0') {
+	    len = strlen(s);
+	    memcpy(lbuf->buf + lbuf->len, s, len);
+	    lbuf->len += len;
+	}
+    }
+    lbuf->buf[lbuf->len] = '\0';
+    va_end(ap);
+}
+
+/*
+ * Append strings to the buffer, expanding it as needed.
+ */
+void
+#ifdef __STDC__
+lbuf_append(struct lbuf *lbuf, ...)
+#else
+lbuf_append(lbuf, va_alist)
+	struct lbuf *lbuf;
+	va_dcl
+#endif
+{
+    va_list ap;
+    int len = 0;
+    char *s;
+
+#ifdef __STDC__
+    va_start(ap, lbuf);
+#else
+    va_start(ap);
+#endif
+    while ((s = va_arg(ap, char *)) != NULL)
+	len += strlen(s);
+    va_end(ap);
+
+    /* Expand buffer as needed. */
+    if (lbuf->len + len >= lbuf->size) {
+	do {
+	    lbuf->size += 256;
+	} while (lbuf->len + len >= lbuf->size);
+	lbuf->buf = erealloc(lbuf->buf, lbuf->size);
+    }
+
+#ifdef __STDC__
+    va_start(ap, lbuf);
+#else
+    va_start(ap);
+#endif
+    /* Append each string. */
+    while ((s = va_arg(ap, char *)) != NULL) {
+	len = strlen(s);
+	memcpy(lbuf->buf + lbuf->len, s, len);
+	lbuf->len += len;
+    }
+    lbuf->buf[lbuf->len] = '\0';
+    va_end(ap);
+}
+
+static void
+lbuf_println(lbuf, line, len)
+    struct lbuf *lbuf;
+    char *line;
+    int len;
+{
+    char *cp, save;
+    int i, have, contlen;
+
+    contlen = lbuf->continuation ? strlen(lbuf->continuation) : 0;
+
+    /*
+     * Print the buffer, splitting the line as needed on a word
+     * boundary.
+     */
+    cp = line;
+    have = lbuf->cols;
+    while (cp != NULL && *cp != '\0') {
+	char *ep = NULL;
+	int need = len - (int)(cp - line);
+
+	if (need > have) {
+	    have -= contlen;		/* subtract for continuation char */
+	    if ((ep = memrchr(cp, ' ', have)) == NULL)
+		ep = memchr(cp + have, ' ', need - have);
+	    if (ep != NULL)
+		need = (int)(ep - cp);
+	}
+	if (cp != line) {
+	    /* indent continued lines */
+	    /* XXX - build up string instead? */
+	    for (i = 0; i < lbuf->indent; i++)
+		lbuf->output(" ");
+	}
+	/* NUL-terminate cp for the output function and restore afterwards */
+	save = cp[need];
+	cp[need] = '\0';
+	lbuf->output(cp);
+	cp[need] = save;
+	cp = ep;
+
+	/*
+	 * If there is more to print, reset have, incremement cp past
+	 * the whitespace, and print a line continuaton char if needed.
+	 */
+	if (cp != NULL) {
+	    have = lbuf->cols - lbuf->indent;
+	    ep = line + len;
+	    while (cp < ep && isblank((unsigned char)*cp)) {
+		cp++;
+	    }
+	    if (contlen)
+		lbuf->output(lbuf->continuation);
+	}
+	lbuf->output("\n");
+    }
+}
+
+/*
+ * Print the buffer with word wrap based on the tty width.
+ * The lbuf is reset on return.
+ */
+void
+lbuf_print(lbuf)
+    struct lbuf *lbuf;
+{
+    char *cp, *ep;
+    int len, contlen;
+
+    contlen = lbuf->continuation ? strlen(lbuf->continuation) : 0;
+
+    /* For very small widths just give up... */
+    if (lbuf->cols <= lbuf->indent + contlen + 20) {
+	lbuf->output(lbuf->buf);
+	lbuf->output("\n");
+	goto done;
+    }
+
+    /* Print each line in the buffer */
+    for (cp = lbuf->buf; cp != NULL && *cp != '\0'; ) {
+	if (*cp == '\n') {
+	    lbuf->output("\n");
+	    cp++;
+	} else {
+	    ep = memchr(cp, '\n', lbuf->len - (cp - lbuf->buf));
+	    len = ep ? (int)(ep - cp) : lbuf->len;
+	    lbuf_println(lbuf, cp, len);
+	    cp = ep ? ep + 1 : NULL;
+	}
+    }
+
+done:
+    lbuf->len = 0;		/* reset the buffer for re-use. */
+}
diff --git a/sudo-1.7.4p4/lbuf.h b/sudo-1.7.4p4/lbuf.h
new file mode 100644
index 0000000..db6f964
--- /dev/null
+++ b/sudo-1.7.4p4/lbuf.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2007, 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _SUDO_LBUF_H
+#define _SUDO_LBUF_H
+
+/*
+ * Line buffer struct.
+ */
+struct lbuf {
+    int (*output)__P((const char *));
+    char *buf;
+    const char *continuation;
+    int indent;
+    int len;
+    int size;
+    int cols;
+};
+
+int get_ttycols		__P((void));
+void lbuf_append	__P((struct lbuf *, ...));
+void lbuf_append_quoted	__P((struct lbuf *, const char *, ...));
+void lbuf_destroy	__P((struct lbuf *));
+void lbuf_init		__P((struct lbuf *, int (*)(const char *), int, const char *));
+void lbuf_print		__P((struct lbuf *));
+
+#endif /* _SUDO_LBUF_H */
diff --git a/sudo-1.7.4p4/ldap.c b/sudo-1.7.4p4/ldap.c
new file mode 100644
index 0000000..81d3c40
--- /dev/null
+++ b/sudo-1.7.4p4/ldap.c
@@ -0,0 +1,2049 @@
+/*
+ * Copyright (c) 2003-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * This code is derived from software contributed by Aaron Spangler.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+# include <malloc.h>
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <ctype.h>
+#include <pwd.h>
+#include <grp.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#ifdef HAVE_LBER_H
+# include <lber.h>
+#endif
+#include <ldap.h>
+#if defined(HAVE_LDAP_SSL_H)
+# include <ldap_ssl.h>
+#elif defined(HAVE_MPS_LDAP_SSL_H)
+# include <mps/ldap_ssl.h>
+#endif
+#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
+# ifdef HAVE_SASL_SASL_H
+#  include <sasl/sasl.h>
+# else
+#  include <sasl.h>
+# endif
+# if HAVE_GSS_KRB5_CCACHE_NAME
+#  if defined(HAVE_GSSAPI_GSSAPI_KRB5_H)
+#   include <gssapi/gssapi.h>
+#   include <gssapi/gssapi_krb5.h>
+#  elif defined(HAVE_GSSAPI_GSSAPI_H)
+#   include <gssapi/gssapi.h>
+#  else
+#   include <gssapi.h>
+#  endif
+# endif
+#endif
+
+#include "sudo.h"
+#include "parse.h"
+#include "lbuf.h"
+
+#ifndef LDAP_OPT_SUCCESS
+# define LDAP_OPT_SUCCESS LDAP_SUCCESS
+#endif
+
+#ifndef LDAPS_PORT
+# define LDAPS_PORT 636
+#endif
+
+#if defined(HAVE_LDAP_SASL_INTERACTIVE_BIND_S) && !defined(LDAP_SASL_QUIET)
+# define LDAP_SASL_QUIET	0
+#endif
+
+#ifndef HAVE_LDAP_UNBIND_EXT_S
+#define ldap_unbind_ext_s(a, b, c)	ldap_unbind_s(a)
+#endif
+
+#ifndef HAVE_LDAP_SEARCH_EXT_S
+#define ldap_search_ext_s(a, b, c, d, e, f, g, h, i, j, k)		\
+	ldap_search_s(a, b, c, d, e, f, k)
+#endif
+
+#define LDAP_FOREACH(var, ld, res)					\
+    for ((var) = ldap_first_entry((ld), (res));				\
+	(var) != NULL;							\
+	(var) = ldap_next_entry((ld), (var)))
+
+#define	DPRINTF(args, level)	if (ldap_conf.debug >= level) warningx args
+
+#define CONF_BOOL	0
+#define CONF_INT	1
+#define CONF_STR	2
+#define CONF_LIST_STR	4
+
+#define SUDO_LDAP_SSL		1
+#define SUDO_LDAP_STARTTLS	2
+
+struct ldap_config_table {
+    const char *conf_str;	/* config file string */
+    short type;			/* CONF_BOOL, CONF_INT, CONF_STR */
+    short connected;		/* connection-specific value? */
+    int opt_val;		/* LDAP_OPT_* (or -1 for sudo internal) */
+    void *valp;			/* pointer into ldap_conf */
+};
+
+struct ldap_config_list_str {
+    struct ldap_config_list_str *next;
+    char val[1];
+};
+
+/* ldap configuration structure */
+static struct ldap_config {
+    int port;
+    int version;
+    int debug;
+    int ldap_debug;
+    int tls_checkpeer;
+    int timelimit;
+    int bind_timelimit;
+    int use_sasl;
+    int rootuse_sasl;
+    int ssl_mode;
+    char *host;
+    struct ldap_config_list_str *uri;
+    char *binddn;
+    char *bindpw;
+    char *rootbinddn;
+    struct ldap_config_list_str *base;
+    char *ssl;
+    char *tls_cacertfile;
+    char *tls_cacertdir;
+    char *tls_random_file;
+    char *tls_cipher_suite;
+    char *tls_certfile;
+    char *tls_keyfile;
+    char *sasl_auth_id;
+    char *rootsasl_auth_id;
+    char *sasl_secprops;
+    char *krb5_ccname;
+} ldap_conf;
+
+static struct ldap_config_table ldap_conf_table[] = {
+    { "sudoers_debug", CONF_INT, FALSE, -1, &ldap_conf.debug },
+    { "host", CONF_STR, FALSE, -1, &ldap_conf.host },
+    { "port", CONF_INT, FALSE, -1, &ldap_conf.port },
+    { "ssl", CONF_STR, FALSE, -1, &ldap_conf.ssl },
+    { "sslpath", CONF_STR, FALSE, -1, &ldap_conf.tls_certfile },
+    { "uri", CONF_LIST_STR, FALSE, -1, &ldap_conf.uri },
+#ifdef LDAP_OPT_DEBUG_LEVEL
+    { "debug", CONF_INT, FALSE, LDAP_OPT_DEBUG_LEVEL, &ldap_conf.ldap_debug },
+#endif
+#ifdef LDAP_OPT_PROTOCOL_VERSION
+    { "ldap_version", CONF_INT, TRUE, LDAP_OPT_PROTOCOL_VERSION,
+	&ldap_conf.version },
+#endif
+#ifdef LDAP_OPT_X_TLS_REQUIRE_CERT
+    { "tls_checkpeer", CONF_BOOL, FALSE, LDAP_OPT_X_TLS_REQUIRE_CERT,
+	&ldap_conf.tls_checkpeer },
+#else
+    { "tls_checkpeer", CONF_BOOL, FALSE, -1, &ldap_conf.tls_checkpeer },
+#endif
+#ifdef LDAP_OPT_X_TLS_CACERTFILE
+    { "tls_cacertfile", CONF_STR, FALSE, LDAP_OPT_X_TLS_CACERTFILE,
+	&ldap_conf.tls_cacertfile },
+    { "tls_cacert", CONF_STR, FALSE, LDAP_OPT_X_TLS_CACERTFILE,
+	&ldap_conf.tls_cacertfile },
+#endif
+#ifdef LDAP_OPT_X_TLS_CACERTDIR
+    { "tls_cacertdir", CONF_STR, FALSE, LDAP_OPT_X_TLS_CACERTDIR,
+	&ldap_conf.tls_cacertdir },
+#endif
+#ifdef LDAP_OPT_X_TLS_RANDOM_FILE
+    { "tls_randfile", CONF_STR, FALSE, LDAP_OPT_X_TLS_RANDOM_FILE,
+	&ldap_conf.tls_random_file },
+#endif
+#ifdef LDAP_OPT_X_TLS_CIPHER_SUITE
+    { "tls_ciphers", CONF_STR, FALSE, LDAP_OPT_X_TLS_CIPHER_SUITE,
+	&ldap_conf.tls_cipher_suite },
+#endif
+#ifdef LDAP_OPT_X_TLS_CERTFILE
+    { "tls_cert", CONF_STR, FALSE, LDAP_OPT_X_TLS_CERTFILE,
+	&ldap_conf.tls_certfile },
+#else
+    { "tls_cert", CONF_STR, FALSE, -1, &ldap_conf.tls_certfile },
+#endif
+#ifdef LDAP_OPT_X_TLS_KEYFILE
+    { "tls_key", CONF_STR, FALSE, LDAP_OPT_X_TLS_KEYFILE,
+	&ldap_conf.tls_keyfile },
+#else
+    { "tls_key", CONF_STR, FALSE, -1, &ldap_conf.tls_keyfile },
+#endif
+#ifdef LDAP_OPT_NETWORK_TIMEOUT
+    { "bind_timelimit", CONF_INT, TRUE, -1 /* needs timeval, set manually */,
+	&ldap_conf.bind_timelimit },
+#elif defined(LDAP_X_OPT_CONNECT_TIMEOUT)
+    { "bind_timelimit", CONF_INT, TRUE, LDAP_X_OPT_CONNECT_TIMEOUT,
+	&ldap_conf.bind_timelimit },
+#endif
+    { "timelimit", CONF_INT, TRUE, LDAP_OPT_TIMELIMIT, &ldap_conf.timelimit },
+    { "binddn", CONF_STR, FALSE, -1, &ldap_conf.binddn },
+    { "bindpw", CONF_STR, FALSE, -1, &ldap_conf.bindpw },
+    { "rootbinddn", CONF_STR, FALSE, -1, &ldap_conf.rootbinddn },
+    { "sudoers_base", CONF_LIST_STR, FALSE, -1, &ldap_conf.base },
+#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
+    { "use_sasl", CONF_BOOL, FALSE, -1, &ldap_conf.use_sasl },
+    { "sasl_auth_id", CONF_STR, FALSE, -1, &ldap_conf.sasl_auth_id },
+    { "rootuse_sasl", CONF_BOOL, FALSE, -1, &ldap_conf.rootuse_sasl },
+    { "rootsasl_auth_id", CONF_STR, FALSE, -1, &ldap_conf.rootsasl_auth_id },
+# ifdef LDAP_OPT_X_SASL_SECPROPS
+    { "sasl_secprops", CONF_STR, TRUE, LDAP_OPT_X_SASL_SECPROPS,
+	&ldap_conf.sasl_secprops },
+# endif
+    { "krb5_ccname", CONF_STR, FALSE, -1, &ldap_conf.krb5_ccname },
+#endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */
+    { NULL }
+};
+
+/* sudo_nss implementation */
+static int sudo_ldap_open __P((struct sudo_nss *nss));
+static int sudo_ldap_close __P((struct sudo_nss *nss));
+static int sudo_ldap_parse __P((struct sudo_nss *nss));
+static int sudo_ldap_setdefs __P((struct sudo_nss *nss));
+static int sudo_ldap_lookup __P((struct sudo_nss *nss, int ret, int pwflag));
+static int sudo_ldap_display_cmnd __P((struct sudo_nss *nss,
+    struct passwd *pw));
+static int sudo_ldap_display_defaults __P((struct sudo_nss *nss,
+    struct passwd *pw, struct lbuf *lbuf));
+static int sudo_ldap_display_bound_defaults __P((struct sudo_nss *nss,
+    struct passwd *pw, struct lbuf *lbuf));
+static int sudo_ldap_display_privs __P((struct sudo_nss *nss,
+    struct passwd *pw, struct lbuf *lbuf));
+
+struct sudo_nss sudo_nss_ldap = {
+    &sudo_nss_ldap,
+    NULL,
+    sudo_ldap_open,
+    sudo_ldap_close,
+    sudo_ldap_parse,
+    sudo_ldap_setdefs,
+    sudo_ldap_lookup,
+    sudo_ldap_display_cmnd,
+    sudo_ldap_display_defaults,
+    sudo_ldap_display_bound_defaults,
+    sudo_ldap_display_privs
+};
+
+#ifdef HAVE_LDAP_CREATE
+/*
+ * Rebuild the hosts list and include a specific port for each host.
+ * ldap_create() does not take a default port parameter so we must
+ * append one if we want something other than LDAP_PORT.
+ */
+static void
+sudo_ldap_conf_add_ports()
+{
+
+    char *host, *port, defport[13];
+    char hostbuf[LINE_MAX * 2];
+
+    hostbuf[0] = '\0';
+    if (snprintf(defport, sizeof(defport), ":%d", ldap_conf.port) >= sizeof(defport))
+	errorx(1, "sudo_ldap_conf_add_ports: port too large");
+
+    for ((host = strtok(ldap_conf.host, " \t")); host; (host = strtok(NULL, " \t"))) {
+	if (hostbuf[0] != '\0') {
+	    if (strlcat(hostbuf, " ", sizeof(hostbuf)) >= sizeof(hostbuf))
+		goto toobig;
+	}
+
+	if (strlcat(hostbuf, host, sizeof(hostbuf)) >= sizeof(hostbuf))
+	    goto toobig;
+	/* Append port if there is not one already. */
+	if ((port = strrchr(host, ':')) == NULL ||
+	    !isdigit((unsigned char)port[1])) {
+	    if (strlcat(hostbuf, defport, sizeof(hostbuf)) >= sizeof(hostbuf))
+		goto toobig;
+	}
+    }
+
+    free(ldap_conf.host);
+    ldap_conf.host = estrdup(hostbuf);
+    return;
+
+toobig:
+    errorx(1, "sudo_ldap_conf_add_ports: out of space expanding hostbuf");
+}
+#endif
+
+#ifndef HAVE_LDAP_INITIALIZE
+/*
+ * For each uri, convert to host:port pairs.  For ldaps:// enable SSL
+ * Accepts: uris of the form ldap:/// or ldap://hostname:portnum/
+ * where the trailing slash is optional.
+ */
+static int
+sudo_ldap_parse_uri(uri_list)
+    const struct ldap_config_list_str *uri_list;
+{
+    char *buf, *uri, *host, *cp, *port;
+    char hostbuf[LINE_MAX];
+    int nldap = 0, nldaps = 0;
+    int rc = -1;
+
+    do {
+	buf = estrdup(uri_list->val);
+	hostbuf[0] = '\0';
+	for ((uri = strtok(buf, " \t")); uri != NULL; (uri = strtok(NULL, " \t"))) {
+	    if (strncasecmp(uri, "ldap://", 7) == 0) {
+		nldap++;
+		host = uri + 7;
+	    } else if (strncasecmp(uri, "ldaps://", 8) == 0) {
+		nldaps++;
+		host = uri + 8;
+	    } else {
+		warningx("unsupported LDAP uri type: %s", uri);
+		goto done;
+	    }
+
+	    /* trim optional trailing slash */
+	    if ((cp = strrchr(host, '/')) != NULL && cp[1] == '\0') {
+		*cp = '\0';
+	    }
+
+	    if (hostbuf[0] != '\0') {
+		if (strlcat(hostbuf, " ", sizeof(hostbuf)) >= sizeof(hostbuf))
+		    goto toobig;
+	    }
+
+	    if (*host == '\0')
+		host = "localhost";		/* no host specified, use localhost */
+
+	    if (strlcat(hostbuf, host, sizeof(hostbuf)) >= sizeof(hostbuf))
+		goto toobig;
+
+	    /* If using SSL and no port specified, add port 636 */
+	    if (nldaps) {
+		if ((port = strrchr(host, ':')) == NULL ||
+		    !isdigit((unsigned char)port[1]))
+		    if (strlcat(hostbuf, ":636", sizeof(hostbuf)) >= sizeof(hostbuf))
+			goto toobig;
+	    }
+	}
+	if (hostbuf[0] == '\0') {
+	    warningx("invalid uri: %s", uri_list);
+	    goto done;
+	}
+
+	if (nldaps != 0) {
+	    if (nldap != 0) {
+		warningx("cannot mix ldap and ldaps URIs");
+		goto done;
+	    }
+	    if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) {
+		warningx("cannot mix ldaps and starttls");
+		goto done;
+	    }
+	    ldap_conf.ssl_mode = SUDO_LDAP_SSL;
+	}
+
+	free(ldap_conf.host);
+	ldap_conf.host = estrdup(hostbuf);
+	efree(buf);
+    } while ((uri_list = uri_list->next));
+
+    buf = NULL;
+    rc = 0;
+
+done:
+    efree(buf);
+    return(rc);
+
+toobig:
+    errorx(1, "sudo_ldap_parse_uri: out of space building hostbuf");
+}
+#else
+static char *
+sudo_ldap_join_uri(uri_list)
+    struct ldap_config_list_str *uri_list;
+{
+    struct ldap_config_list_str *uri;
+    size_t len = 0;
+    char *buf, *cp;
+
+    /* Usually just a single entry. */
+    if (uri_list->next == NULL)
+	return(estrdup(uri_list->val));
+
+    for (uri = uri_list; uri != NULL; uri = uri->next) {
+	len += strlen(uri->val) + 1;
+    }
+    buf = cp = emalloc(len);
+    buf[0] = '\0';
+    for (uri = uri_list; uri != NULL; uri = uri->next) {
+	cp += strlcpy(cp, uri->val, len - (cp - buf));
+	*cp++ = ' ';
+    }
+    cp[-1] = '\0';
+    return(buf);
+}
+#endif /* HAVE_LDAP_INITIALIZE */
+
+static int
+sudo_ldap_init(ldp, host, port)
+    LDAP **ldp;
+    const char *host;
+    int port;
+{
+    LDAP *ld = NULL;
+    int rc = LDAP_CONNECT_ERROR;
+
+#ifdef HAVE_LDAPSSL_INIT
+    if (ldap_conf.ssl_mode == SUDO_LDAP_SSL) {
+	DPRINTF(("ldapssl_clientauth_init(%s, %s)",
+	    ldap_conf.tls_certfile ? ldap_conf.tls_certfile : "NULL",
+	    ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL"), 2);
+	rc = ldapssl_clientauth_init(ldap_conf.tls_certfile, NULL,
+	    ldap_conf.tls_keyfile != NULL, ldap_conf.tls_keyfile, NULL);
+	/*
+	 * Mozilla-derived SDKs have a bug starting with version 5.0
+	 * where the path can no longer be a file name and must be a dir.
+	 */
+	if (rc != LDAP_SUCCESS) {
+	    char *cp;
+	    if (ldap_conf.tls_certfile) {
+		cp = strrchr(ldap_conf.tls_certfile, '/');
+		if (cp != NULL && strncmp(cp + 1, "cert", 4) == 0)
+		    *cp = '\0';
+	    }
+	    if (ldap_conf.tls_keyfile) {
+		cp = strrchr(ldap_conf.tls_keyfile, '/');
+		if (cp != NULL && strncmp(cp + 1, "key", 3) == 0)
+		    *cp = '\0';
+	    }
+	    DPRINTF(("ldapssl_clientauth_init(%s, %s)",
+		ldap_conf.tls_certfile ? ldap_conf.tls_certfile : "NULL",
+		ldap_conf.tls_keyfile ? ldap_conf.tls_keyfile : "NULL"), 2);
+	    rc = ldapssl_clientauth_init(ldap_conf.tls_certfile, NULL,
+		ldap_conf.tls_keyfile != NULL, ldap_conf.tls_keyfile, NULL);
+	    if (rc != LDAP_SUCCESS) {
+		warningx("unable to initialize SSL cert and key db: %s",
+		    ldapssl_err2string(rc));
+		goto done;
+	    }
+	}
+
+	DPRINTF(("ldapssl_init(%s, %d, 1)", host, port), 2);
+	if ((ld = ldapssl_init(host, port, 1)) != NULL)
+	    rc = LDAP_SUCCESS;
+    } else
+#endif
+    {
+#ifdef HAVE_LDAP_CREATE
+	DPRINTF(("ldap_create()"), 2);
+	if ((rc = ldap_create(&ld)) != LDAP_SUCCESS)
+	    goto done;
+	DPRINTF(("ldap_set_option(LDAP_OPT_HOST_NAME, %s)", host), 2);
+	rc = ldap_set_option(ld, LDAP_OPT_HOST_NAME, host);
+#else
+	DPRINTF(("ldap_init(%s, %d)", host, port), 2);
+	if ((ld = ldap_init(host, port)) != NULL)
+	    rc = LDAP_SUCCESS;
+#endif
+    }
+
+done:
+    *ldp = ld;
+    return(rc);
+}
+
+/*
+ * Walk through search results and return TRUE if we have a matching
+ * netgroup, else FALSE.
+ */
+static int
+sudo_ldap_check_user_netgroup(ld, entry, user)
+    LDAP *ld;
+    LDAPMessage *entry;
+    char *user;
+{
+    struct berval **bv, **p;
+    char *val;
+    int ret = FALSE;
+
+    if (!entry)
+	return(ret);
+
+    /* get the values from the entry */
+    bv = ldap_get_values_len(ld, entry, "sudoUser");
+    if (bv == NULL)
+	return(ret);
+
+    /* walk through values */
+    for (p = bv; *p != NULL && !ret; p++) {
+	val = (*p)->bv_val;
+	/* match any */
+	if (netgr_matches(val, NULL, NULL, user))
+	    ret = TRUE;
+	DPRINTF(("ldap sudoUser netgroup '%s' ... %s", val,
+	    ret ? "MATCH!" : "not"), 2);
+    }
+
+    ldap_value_free_len(bv);	/* cleanup */
+
+    return(ret);
+}
+
+/*
+ * Walk through search results and return TRUE if we have a
+ * host match, else FALSE.
+ */
+static int
+sudo_ldap_check_host(ld, entry)
+    LDAP *ld;
+    LDAPMessage *entry;
+{
+    struct berval **bv, **p;
+    char *val;
+    int ret = FALSE;
+
+    if (!entry)
+	return(ret);
+
+    /* get the values from the entry */
+    bv = ldap_get_values_len(ld, entry, "sudoHost");
+    if (bv == NULL)
+	return(ret);
+
+    /* walk through values */
+    for (p = bv; *p != NULL && !ret; p++) {
+	val = (*p)->bv_val;
+	/* match any or address or netgroup or hostname */
+	if (!strcmp(val, "ALL") || addr_matches(val) ||
+	    netgr_matches(val, user_host, user_shost, NULL) ||
+	    hostname_matches(user_shost, user_host, val))
+	    ret = TRUE;
+	DPRINTF(("ldap sudoHost '%s' ... %s", val,
+	    ret ? "MATCH!" : "not"), 2);
+    }
+
+    ldap_value_free_len(bv);	/* cleanup */
+
+    return(ret);
+}
+
+static int
+sudo_ldap_check_runas_user(ld, entry)
+    LDAP *ld;
+    LDAPMessage *entry;
+{
+    struct berval **bv, **p;
+    char *val;
+    int ret = FALSE;
+
+    if (!runas_pw)
+	return(UNSPEC);
+
+    /* get the runas user from the entry */
+    bv = ldap_get_values_len(ld, entry, "sudoRunAsUser");
+    if (bv == NULL)
+	bv = ldap_get_values_len(ld, entry, "sudoRunAs"); /* old style */
+
+    /*
+     * BUG:
+     * 
+     * if runas is not specified on the command line, the only information
+     * as to which user to run as is in the runas_default option.  We should
+     * check to see if we have the local option present.  Unfortunately we
+     * don't parse these options until after this routine says yes or no.
+     * The query has already returned, so we could peek at the attribute
+     * values here though.
+     * 
+     * For now just require users to always use -u option unless its set
+     * in the global defaults. This behaviour is no different than the global
+     * /etc/sudoers.
+     * 
+     * Sigh - maybe add this feature later
+     */
+
+    /*
+     * If there are no runas entries, match runas_default against
+     * what the user specified on the command line.
+     */
+    if (bv == NULL)
+	return(!strcasecmp(runas_pw->pw_name, def_runas_default));
+
+    /* walk through values returned, looking for a match */
+    for (p = bv; *p != NULL && !ret; p++) {
+	val = (*p)->bv_val;
+	switch (val[0]) {
+	case '+':
+	    if (netgr_matches(val, NULL, NULL, runas_pw->pw_name))
+		ret = TRUE;
+	    break;
+	case '%':
+	    if (usergr_matches(val, runas_pw->pw_name, runas_pw))
+		ret = TRUE;
+	    break;
+	case 'A':
+	    if (strcmp(val, "ALL") == 0) {
+		ret = TRUE;
+		break;
+	    }
+	    /* FALLTHROUGH */
+	default:
+	    if (strcasecmp(val, runas_pw->pw_name) == 0)
+		ret = TRUE;
+	    break;
+	}
+	DPRINTF(("ldap sudoRunAsUser '%s' ... %s", val,
+	    ret ? "MATCH!" : "not"), 2);
+    }
+
+    ldap_value_free_len(bv);	/* cleanup */
+
+    return(ret);
+}
+
+static int
+sudo_ldap_check_runas_group(ld, entry)
+    LDAP *ld;
+    LDAPMessage *entry;
+{
+    struct berval **bv, **p;
+    char *val;
+    int ret = FALSE;
+
+    /* runas_gr is only set if the user specified the -g flag */
+    if (!runas_gr)
+	return(UNSPEC);
+
+    /* get the values from the entry */
+    bv = ldap_get_values_len(ld, entry, "sudoRunAsGroup");
+    if (bv == NULL)
+	return(ret);
+
+    /* walk through values returned, looking for a match */
+    for (p = bv; *p != NULL && !ret; p++) {
+	val = (*p)->bv_val;
+	if (strcmp(val, "ALL") == 0 || group_matches(val, runas_gr))
+	    ret = TRUE;
+	DPRINTF(("ldap sudoRunAsGroup '%s' ... %s", val,
+	    ret ? "MATCH!" : "not"), 2);
+    }
+
+    ldap_value_free_len(bv);	/* cleanup */
+
+    return(ret);
+}
+
+/*
+ * Walk through search results and return TRUE if we have a runas match,
+ * else FALSE.  RunAs info is optional.
+ */
+static int
+sudo_ldap_check_runas(ld, entry)
+    LDAP *ld;
+    LDAPMessage *entry;
+{
+    int ret;
+
+    if (!entry)
+	return(FALSE);
+
+    ret = sudo_ldap_check_runas_user(ld, entry) != FALSE &&
+	sudo_ldap_check_runas_group(ld, entry) != FALSE;
+
+    return(ret);
+}
+
+/*
+ * Walk through search results and return TRUE if we have a command match,
+ * FALSE if disallowed and UNSPEC if not matched.
+ */
+static int
+sudo_ldap_check_command(ld, entry, setenv_implied)
+    LDAP *ld;
+    LDAPMessage *entry;
+    int *setenv_implied;
+{
+    struct berval **bv, **p;
+    char *allowed_cmnd, *allowed_args, *val;
+    int foundbang, ret = UNSPEC;
+
+    if (!entry)
+	return(ret);
+
+    bv = ldap_get_values_len(ld, entry, "sudoCommand");
+    if (bv == NULL)
+	return(ret);
+
+    for (p = bv; *p != NULL && ret != FALSE; p++) {
+	val = (*p)->bv_val;
+	/* Match against ALL ? */
+	if (!strcmp(val, "ALL")) {
+	    ret = TRUE;
+	    if (setenv_implied != NULL)
+		*setenv_implied = TRUE;
+	    DPRINTF(("ldap sudoCommand '%s' ... MATCH!", val), 2);
+	    continue;
+	}
+
+	/* check for !command */
+	if (*val == '!') {
+	    foundbang = TRUE;
+	    allowed_cmnd = estrdup(1 + val);	/* !command */
+	} else {
+	    foundbang = FALSE;
+	    allowed_cmnd = estrdup(val);	/* command */
+	}
+
+	/* split optional args away from command */
+	allowed_args = strchr(allowed_cmnd, ' ');
+	if (allowed_args)
+	    *allowed_args++ = '\0';
+
+	/* check the command like normal */
+	if (command_matches(allowed_cmnd, allowed_args)) {
+	    /*
+	     * If allowed (no bang) set ret but keep on checking.
+	     * If disallowed (bang), exit loop.
+	     */
+	    ret = foundbang ? FALSE : TRUE;
+	}
+	DPRINTF(("ldap sudoCommand '%s' ... %s", val,
+	    ret == TRUE ? "MATCH!" : "not"), 2);
+
+	efree(allowed_cmnd);	/* cleanup */
+    }
+
+    ldap_value_free_len(bv);	/* more cleanup */
+
+    return(ret);
+}
+
+/*
+ * Search for boolean "option" in sudoOption.
+ * Returns TRUE if found and allowed, FALSE if negated, else UNSPEC.
+ */
+static int
+sudo_ldap_check_bool(ld, entry, option)
+    LDAP *ld;
+    LDAPMessage *entry;
+    char *option;
+{
+    struct berval **bv, **p;
+    char ch, *var;
+    int ret = UNSPEC;
+
+    if (entry == NULL)
+	return(UNSPEC);
+
+    bv = ldap_get_values_len(ld, entry, "sudoOption");
+    if (bv == NULL)
+	return(ret);
+
+    /* walk through options */
+    for (p = bv; *p != NULL; p++) {
+	var = (*p)->bv_val;;
+	DPRINTF(("ldap sudoOption: '%s'", var), 2);
+
+	if ((ch = *var) == '!')
+	    var++;
+	if (strcmp(var, option) == 0)
+	    ret = (ch != '!');
+    }
+
+    ldap_value_free_len(bv);
+
+    return(ret);
+}
+
+/*
+ * Read sudoOption and modify the defaults as we go.  This is used once
+ * from the cn=defaults entry and also once when a final sudoRole is matched.
+ */
+static void
+sudo_ldap_parse_options(ld, entry)
+    LDAP *ld;
+    LDAPMessage *entry;
+{
+    struct berval **bv, **p;
+    char op, *var, *val;
+
+    if (entry == NULL)
+	return;
+
+    bv = ldap_get_values_len(ld, entry, "sudoOption");
+    if (bv == NULL)
+	return;
+
+    /* walk through options */
+    for (p = bv; *p != NULL; p++) {
+	var = estrdup((*p)->bv_val);
+	DPRINTF(("ldap sudoOption: '%s'", var), 2);
+
+	/* check for equals sign past first char */
+	val = strchr(var, '=');
+	if (val > var) {
+	    *val++ = '\0';	/* split on = and truncate var */
+	    op = *(val - 2);	/* peek for += or -= cases */
+	    if (op == '+' || op == '-') {
+		*(val - 2) = '\0';	/* found, remove extra char */
+		/* case var+=val or var-=val */
+		set_default(var, val, (int) op);
+	    } else {
+		/* case var=val */
+		set_default(var, val, TRUE);
+	    }
+	} else if (*var == '!') {
+	    /* case !var Boolean False */
+	    set_default(var + 1, NULL, FALSE);
+	} else {
+	    /* case var Boolean True */
+	    set_default(var, NULL, TRUE);
+	}
+	efree(var);
+    }
+
+    ldap_value_free_len(bv);
+}
+
+/*
+ * builds together a filter to check against ldap
+ */
+static char *
+sudo_ldap_build_pass1(pw)
+    struct passwd *pw;
+{
+    struct group *grp;
+    size_t sz;
+    char *buf;
+    int i;
+
+    /* Start with (|(sudoUser=USERNAME)(sudoUser=ALL)) + NUL */
+    sz = 29 + strlen(pw->pw_name);
+
+    /* Add space for groups */
+    if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL)
+	sz += 12 + strlen(grp->gr_name);	/* primary group */
+    for (i = 0; i < user_ngroups; i++) {
+	if (user_groups[i] == pw->pw_gid)
+	    continue;
+	if ((grp = sudo_getgrgid(user_groups[i])) != NULL)
+	    sz += 12 + strlen(grp->gr_name);	/* supplementary group */
+    }
+    buf = emalloc(sz);
+
+    /* Global OR + sudoUser=user_name filter */
+    (void) strlcpy(buf, "(|(sudoUser=", sz);
+    (void) strlcat(buf, pw->pw_name, sz);
+    (void) strlcat(buf, ")", sz);
+
+    /* Append primary group */
+    if ((grp = sudo_getgrgid(pw->pw_gid)) != NULL) {
+	(void) strlcat(buf, "(sudoUser=%", sz);
+	(void) strlcat(buf, grp->gr_name, sz);
+	(void) strlcat(buf, ")", sz);
+    }
+
+    /* Append supplementary groups */
+    for (i = 0; i < user_ngroups; i++) {
+	if (user_groups[i] == pw->pw_gid)
+	    continue;
+	if ((grp = sudo_getgrgid(user_groups[i])) != NULL) {
+	    (void) strlcat(buf, "(sudoUser=%", sz);
+	    (void) strlcat(buf, grp->gr_name, sz);
+	    (void) strlcat(buf, ")", sz);
+	}
+    }
+
+    /* Add ALL to list and end the global OR */
+    if (strlcat(buf, "(sudoUser=ALL))", sz) >= sz)
+	errorx(1, "sudo_ldap_build_pass1 allocation mismatch");
+
+    return(buf);
+}
+
+/*
+ * Map yes/true/on to TRUE, no/false/off to FALSE, else -1
+ */
+static int
+_atobool(s)
+    const char *s;
+{
+    switch (*s) {
+	case 'y':
+	case 'Y':
+	    if (strcasecmp(s, "yes") == 0)
+		return(TRUE);
+	    break;
+	case 't':
+	case 'T':
+	    if (strcasecmp(s, "true") == 0)
+		return(TRUE);
+	    break;
+	case 'o':
+	case 'O':
+	    if (strcasecmp(s, "on") == 0)
+		return(TRUE);
+	    if (strcasecmp(s, "off") == 0)
+		return(FALSE);
+	    break;
+	case 'n':
+	case 'N':
+	    if (strcasecmp(s, "no") == 0)
+		return(FALSE);
+	    break;
+	case 'f':
+	case 'F':
+	    if (strcasecmp(s, "false") == 0)
+		return(FALSE);
+	    break;
+    }
+    return(-1);
+}
+
+static void
+sudo_ldap_read_secret(path)
+    const char *path;
+{
+    FILE *fp;
+    char buf[LINE_MAX], *cp;
+
+    if ((fp = fopen(_PATH_LDAP_SECRET, "r")) != NULL) {
+	if (fgets(buf, sizeof(buf), fp) != NULL) {
+	    if ((cp = strchr(buf, '\n')) != NULL)
+		*cp = '\0';
+	    /* copy to bindpw and binddn */
+	    efree(ldap_conf.bindpw);
+	    ldap_conf.bindpw = estrdup(buf);
+	    efree(ldap_conf.binddn);
+	    ldap_conf.binddn = ldap_conf.rootbinddn;
+	    ldap_conf.rootbinddn = NULL;
+	}
+	fclose(fp);
+    }
+}
+
+static int
+sudo_ldap_read_config()
+{
+    FILE *fp;
+    char *cp, *keyword, *value;
+    struct ldap_config_table *cur;
+
+    /* defaults */
+    ldap_conf.version = 3;
+    ldap_conf.port = -1;
+    ldap_conf.tls_checkpeer = -1;
+    ldap_conf.timelimit = -1;
+    ldap_conf.bind_timelimit = -1;
+    ldap_conf.use_sasl = -1;
+    ldap_conf.rootuse_sasl = -1;
+
+    if ((fp = fopen(_PATH_LDAP_CONF, "r")) == NULL)
+	return(FALSE);
+
+    while ((cp = sudo_parseln(fp)) != NULL) {
+	if (*cp == '\0')
+	    continue;		/* skip empty line */
+
+	/* split into keyword and value */
+	keyword = cp;
+	while (*cp && !isblank((unsigned char) *cp))
+	    cp++;
+	if (*cp)
+	    *cp++ = '\0';	/* terminate keyword */
+
+	/* skip whitespace before value */
+	while (isblank((unsigned char) *cp))
+	    cp++;
+	value = cp;
+
+	/* Look up keyword in config table. */
+	for (cur = ldap_conf_table; cur->conf_str != NULL; cur++) {
+	    if (strcasecmp(keyword, cur->conf_str) == 0) {
+		switch (cur->type) {
+		case CONF_BOOL:
+		    *(int *)(cur->valp) = _atobool(value);
+		    break;
+		case CONF_INT:
+		    *(int *)(cur->valp) = atoi(value);
+		    break;
+		case CONF_STR:
+		    efree(*(char **)(cur->valp));
+		    *(char **)(cur->valp) = estrdup(value);
+		    break;
+		case CONF_LIST_STR:
+		    {
+			struct ldap_config_list_str **p;
+			size_t len = strlen(value);
+
+			if (len > 0) {
+			    p = (struct ldap_config_list_str **)cur->valp;
+			    while (*p != NULL)
+			    	p = &(*p)->next;
+			    *p = emalloc(sizeof(struct ldap_config_list_str) + len);
+			    memcpy((*p)->val, value, len + 1);
+			    (*p)->next = NULL;
+			}
+		    }
+		    break;
+		}
+		break;
+	    }
+	}
+    }
+    fclose(fp);
+
+    if (!ldap_conf.host)
+	ldap_conf.host = estrdup("localhost");
+
+    if (ldap_conf.bind_timelimit > 0)
+	ldap_conf.bind_timelimit *= 1000;	/* convert to ms */
+
+    if (ldap_conf.debug > 1) {
+	fprintf(stderr, "LDAP Config Summary\n");
+	fprintf(stderr, "===================\n");
+	if (ldap_conf.uri) {
+	    struct ldap_config_list_str *uri = ldap_conf.uri;
+
+	    do {
+		fprintf(stderr, "uri              %s\n", uri->val);
+	    } while ((uri = uri->next) != NULL);
+	} else {
+	    fprintf(stderr, "host             %s\n", ldap_conf.host ?
+		ldap_conf.host : "(NONE)");
+	    fprintf(stderr, "port             %d\n", ldap_conf.port);
+	}
+	fprintf(stderr, "ldap_version     %d\n", ldap_conf.version);
+	if (ldap_conf.base) {
+	    struct ldap_config_list_str *base = ldap_conf.base;
+
+	    do {
+		fprintf(stderr, "sudoers_base     %s\n", base->val);
+	    } while ((base = base->next) != NULL);
+	} else {
+	    fprintf(stderr, "sudoers_base     %s\n",
+		"(NONE) <---Sudo will ignore ldap)");
+	}
+	fprintf(stderr, "binddn           %s\n", ldap_conf.binddn ?
+	    ldap_conf.binddn : "(anonymous)");
+	fprintf(stderr, "bindpw           %s\n", ldap_conf.bindpw ?
+	    ldap_conf.bindpw : "(anonymous)");
+	if (ldap_conf.bind_timelimit > 0)
+	    fprintf(stderr, "bind_timelimit   %d\n", ldap_conf.bind_timelimit);
+	if (ldap_conf.timelimit > 0)
+	    fprintf(stderr, "timelimit        %d\n", ldap_conf.timelimit);
+	fprintf(stderr, "ssl              %s\n", ldap_conf.ssl ?
+	    ldap_conf.ssl : "(no)");
+	if (ldap_conf.tls_checkpeer != -1)
+	    fprintf(stderr, "tls_checkpeer    %s\n", ldap_conf.tls_checkpeer ?
+		"(yes)" : "(no)");
+	if (ldap_conf.tls_cacertfile != NULL)
+	    fprintf(stderr, "tls_cacertfile   %s\n", ldap_conf.tls_cacertfile);
+	if (ldap_conf.tls_cacertdir != NULL)
+	    fprintf(stderr, "tls_cacertdir    %s\n", ldap_conf.tls_cacertdir);
+	if (ldap_conf.tls_random_file != NULL)
+	    fprintf(stderr, "tls_random_file  %s\n", ldap_conf.tls_random_file);
+	if (ldap_conf.tls_cipher_suite != NULL)
+	    fprintf(stderr, "tls_cipher_suite %s\n", ldap_conf.tls_cipher_suite);
+	if (ldap_conf.tls_certfile != NULL)
+	    fprintf(stderr, "tls_certfile     %s\n", ldap_conf.tls_certfile);
+	if (ldap_conf.tls_keyfile != NULL)
+	    fprintf(stderr, "tls_keyfile      %s\n", ldap_conf.tls_keyfile);
+#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
+	if (ldap_conf.use_sasl != -1) {
+	    fprintf(stderr, "use_sasl         %s\n",
+		ldap_conf.use_sasl ? "yes" : "no");
+	    fprintf(stderr, "sasl_auth_id     %s\n", ldap_conf.sasl_auth_id ?
+		ldap_conf.sasl_auth_id : "(NONE)");
+	    fprintf(stderr, "rootuse_sasl     %d\n", ldap_conf.rootuse_sasl);
+	    fprintf(stderr, "rootsasl_auth_id %s\n", ldap_conf.rootsasl_auth_id ?
+		ldap_conf.rootsasl_auth_id : "(NONE)");
+	    fprintf(stderr, "sasl_secprops    %s\n", ldap_conf.sasl_secprops ?
+		ldap_conf.sasl_secprops : "(NONE)");
+	    fprintf(stderr, "krb5_ccname      %s\n", ldap_conf.krb5_ccname ?
+		ldap_conf.krb5_ccname : "(NONE)");
+	}
+#endif
+	fprintf(stderr, "===================\n");
+    }
+    if (!ldap_conf.base)
+	return(FALSE);		/* if no base is defined, ignore LDAP */
+
+    /*
+     * Interpret SSL option
+     */
+    if (ldap_conf.ssl != NULL) {
+	if (strcasecmp(ldap_conf.ssl, "start_tls") == 0)
+	    ldap_conf.ssl_mode = SUDO_LDAP_STARTTLS;
+	else if (_atobool(ldap_conf.ssl))
+	    ldap_conf.ssl_mode = SUDO_LDAP_SSL;
+    }
+
+#if defined(HAVE_LDAPSSL_SET_STRENGTH) && !defined(LDAP_OPT_X_TLS_REQUIRE_CERT)
+    if (ldap_conf.tls_checkpeer != -1) {
+	ldapssl_set_strength(NULL,
+	    ldap_conf.tls_checkpeer ? LDAPSSL_AUTH_CERT : LDAPSSL_AUTH_WEAK);
+    }
+#endif
+
+#ifndef HAVE_LDAP_INITIALIZE
+    /* Convert uri list to host list if no ldap_initialize(). */
+    if (ldap_conf.uri) {
+	struct ldap_config_list_str *uri = ldap_conf.uri;
+	if (sudo_ldap_parse_uri(uri) != 0)
+	    return(FALSE);
+	do {
+	    ldap_conf.uri = uri->next;
+	    efree(uri);
+	} while ((uri = ldap_conf.uri));
+	ldap_conf.port = LDAP_PORT;
+    }
+#endif
+
+    if (!ldap_conf.uri) {
+	/* Use port 389 for plaintext LDAP and port 636 for SSL LDAP */
+	if (ldap_conf.port < 0)
+	    ldap_conf.port =
+		ldap_conf.ssl_mode == SUDO_LDAP_SSL ? LDAPS_PORT : LDAP_PORT;
+
+#ifdef HAVE_LDAP_CREATE
+	/*
+	 * Cannot specify port directly to ldap_create(), each host must
+	 * include :port to override the default.
+	 */
+	if (ldap_conf.port != LDAP_PORT)
+	    sudo_ldap_conf_add_ports();
+#endif
+    }
+
+    /* If rootbinddn set, read in /etc/ldap.secret if it exists. */
+    if (ldap_conf.rootbinddn)
+	sudo_ldap_read_secret(_PATH_LDAP_SECRET);
+
+#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
+    /*
+     * Make sure we can open the file specified by krb5_ccname.
+     */
+    if (ldap_conf.krb5_ccname != NULL) {
+	if (strncasecmp(ldap_conf.krb5_ccname, "FILE:", 5) == 0 ||
+	    strncasecmp(ldap_conf.krb5_ccname, "WRFILE:", 7) == 0) {
+	    value = ldap_conf.krb5_ccname +
+		(ldap_conf.krb5_ccname[4] == ':' ? 5 : 7);
+	    if ((fp = fopen(value, "r")) != NULL) {
+		DPRINTF(("using krb5 credential cache: %s", value), 1);
+		fclose(fp);
+	    } else {
+		/* Can't open it, just ignore the entry. */
+		DPRINTF(("unable to open krb5 credential cache: %s", value), 1);
+		efree(ldap_conf.krb5_ccname);
+		ldap_conf.krb5_ccname = NULL;
+	    }
+	}
+    }
+#endif
+    return(TRUE);
+}
+
+/*
+ * Extract the dn from an entry and return the first rdn from it.
+ */
+static char *
+sudo_ldap_get_first_rdn(ld, entry)
+    LDAP *ld;
+    LDAPMessage *entry;
+{
+#ifdef HAVE_LDAP_STR2DN
+    char *dn, *rdn = NULL;
+    LDAPDN tmpDN;
+
+    if ((dn = ldap_get_dn(ld, entry)) == NULL)
+	return(NULL);
+    if (ldap_str2dn(dn, &tmpDN, LDAP_DN_FORMAT_LDAP) == LDAP_SUCCESS) {
+	ldap_rdn2str(tmpDN[0], &rdn, LDAP_DN_FORMAT_UFN);
+	ldap_dnfree(tmpDN);
+    }
+    ldap_memfree(dn);
+    return(rdn);
+#else
+    char *dn, **edn;
+
+    if ((dn = ldap_get_dn(ld, entry)) == NULL)
+	return(NULL);
+    edn = ldap_explode_dn(dn, 1);
+    ldap_memfree(dn);
+    return(edn ? edn[0] : NULL);
+#endif
+}
+
+/*
+ * Fetch and display the global Options.
+ */
+static int
+sudo_ldap_display_defaults(nss, pw, lbuf)
+    struct sudo_nss *nss;
+    struct passwd *pw;
+    struct lbuf *lbuf;
+{
+    struct berval **bv, **p;
+    struct ldap_config_list_str *base;
+    LDAP *ld = (LDAP *) nss->handle;
+    LDAPMessage *entry, *result;
+    char *prefix;
+    int rc, count = 0;
+
+    if (ld == NULL)
+	goto done;
+
+    for (base = ldap_conf.base; base != NULL; base = base->next) {
+	result = NULL;
+	rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE,
+	    "cn=defaults", NULL, 0, NULL, NULL, NULL, 0, &result);
+	if (rc == LDAP_SUCCESS && (entry = ldap_first_entry(ld, result))) {
+	    bv = ldap_get_values_len(ld, entry, "sudoOption");
+	    if (bv != NULL) {
+		if (lbuf->len == 0 || isspace((unsigned char)lbuf->buf[lbuf->len - 1]))
+		    prefix = "    ";
+		else
+		    prefix = ", ";
+		for (p = bv; *p != NULL; p++) {
+		    lbuf_append(lbuf, prefix, (*p)->bv_val, NULL);
+		    prefix = ", ";
+		    count++;
+		}
+		ldap_value_free_len(bv);
+	    }
+	}
+	if (result)
+	    ldap_msgfree(result);
+    }
+done:
+    return(count);
+}
+
+/*
+ * STUB
+ */
+static int
+sudo_ldap_display_bound_defaults(nss, pw, lbuf)
+    struct sudo_nss *nss;
+    struct passwd *pw;
+    struct lbuf *lbuf;
+{
+    return(0);
+}
+
+/*
+ * Print a record in the short form, ala file sudoers.
+ */
+static int
+sudo_ldap_display_entry_short(ld, entry, lbuf)
+    LDAP *ld;
+    LDAPMessage *entry;
+    struct lbuf *lbuf;
+{
+    struct berval **bv, **p;
+    int count = 0;
+
+    lbuf_append(lbuf, "    (", NULL);
+
+    /* get the RunAsUser Values from the entry */
+    bv = ldap_get_values_len(ld, entry, "sudoRunAsUser");
+    if (bv == NULL)
+	bv = ldap_get_values_len(ld, entry, "sudoRunAs");
+    if (bv != NULL) {
+	for (p = bv; *p != NULL; p++) {
+	    if (p != bv)
+		lbuf_append(lbuf, ", ", NULL);
+	    lbuf_append(lbuf, (*p)->bv_val, NULL);
+	}
+	ldap_value_free_len(bv);
+    } else
+	lbuf_append(lbuf, def_runas_default, NULL);
+
+    /* get the RunAsGroup Values from the entry */
+    bv = ldap_get_values_len(ld, entry, "sudoRunAsGroup");
+    if (bv != NULL) {
+	lbuf_append(lbuf, " : ", NULL);
+	for (p = bv; *p != NULL; p++) {
+	    if (p != bv)
+		lbuf_append(lbuf, ", ", NULL);
+	    lbuf_append(lbuf, (*p)->bv_val, NULL);
+	}
+	ldap_value_free_len(bv);
+    }
+    lbuf_append(lbuf, ") ", NULL);
+
+    /* get the Option Values from the entry */
+    bv = ldap_get_values_len(ld, entry, "sudoOption");
+    if (bv != NULL) {
+	char *cp, *tag;
+
+	for (p = bv; *p != NULL; p++) {
+	    cp = (*p)->bv_val;
+	    if (*cp == '!')
+		cp++;
+	    tag = NULL;
+	    if (strcmp(cp, "authenticate") == 0)
+		tag = (*p)->bv_val[0] == '!' ?
+		    "NOPASSWD: " : "PASSWD: ";
+	    else if (strcmp(cp, "noexec") == 0)
+		tag = (*p)->bv_val[0] == '!' ?
+		    "EXEC: " : "NOEXEC: ";
+	    else if (strcmp(cp, "setenv") == 0)
+		tag = (*p)->bv_val[0] == '!' ?
+		    "NOSETENV: " : "SETENV: ";
+	    if (tag != NULL)
+		lbuf_append(lbuf, tag, NULL);
+	    /* XXX - ignores other options */
+	}
+	ldap_value_free_len(bv);
+    }
+
+    /* get the Command Values from the entry */
+    bv = ldap_get_values_len(ld, entry, "sudoCommand");
+    if (bv != NULL) {
+	for (p = bv; *p != NULL; p++) {
+	    if (p != bv)
+		lbuf_append(lbuf, ", ", NULL);
+	    lbuf_append(lbuf, (*p)->bv_val, NULL);
+	    count++;
+	}
+	ldap_value_free_len(bv);
+    }
+    lbuf_append(lbuf, "\n", NULL);
+
+    return(count);
+}
+
+/*
+ * Print a record in the long form.
+ */
+static int
+sudo_ldap_display_entry_long(ld, entry, lbuf)
+    LDAP *ld;
+    LDAPMessage *entry;
+    struct lbuf *lbuf;
+{
+    struct berval **bv, **p;
+    char *rdn;
+    int count = 0;
+
+    /* extract the dn, only show the first rdn */
+    rdn = sudo_ldap_get_first_rdn(ld, entry);
+    lbuf_append(lbuf, "\nLDAP Role: ", rdn ? rdn : "UNKNOWN", "\n", NULL);
+    if (rdn)
+	ldap_memfree(rdn);
+
+    /* get the RunAsUser Values from the entry */
+    lbuf_append(lbuf, "    RunAsUsers: ", NULL);
+    bv = ldap_get_values_len(ld, entry, "sudoRunAsUser");
+    if (bv == NULL)
+	bv = ldap_get_values_len(ld, entry, "sudoRunAs");
+    if (bv != NULL) {
+	for (p = bv; *p != NULL; p++) {
+	    if (p != bv)
+		lbuf_append(lbuf, ", ", NULL);
+	    lbuf_append(lbuf, (*p)->bv_val, NULL);
+	}
+	ldap_value_free_len(bv);
+    } else
+	lbuf_append(lbuf, def_runas_default, NULL);
+    lbuf_append(lbuf, "\n", NULL);
+
+    /* get the RunAsGroup Values from the entry */
+    bv = ldap_get_values_len(ld, entry, "sudoRunAsGroup");
+    if (bv != NULL) {
+	lbuf_append(lbuf, "    RunAsGroups: ", NULL);
+	for (p = bv; *p != NULL; p++) {
+	    if (p != bv)
+		lbuf_append(lbuf, ", ", NULL);
+	    lbuf_append(lbuf, (*p)->bv_val, NULL);
+	}
+	ldap_value_free_len(bv);
+	lbuf_append(lbuf, "\n", NULL);
+    }
+
+    /* get the Option Values from the entry */
+    bv = ldap_get_values_len(ld, entry, "sudoOption");
+    if (bv != NULL) {
+	lbuf_append(lbuf, "    Options: ", NULL);
+	for (p = bv; *p != NULL; p++) {
+	    if (p != bv)
+		lbuf_append(lbuf, ", ", NULL);
+	    lbuf_append(lbuf, (*p)->bv_val, NULL);
+	}
+	ldap_value_free_len(bv);
+	lbuf_append(lbuf, "\n", NULL);
+    }
+
+    /* get the Command Values from the entry */
+    bv = ldap_get_values_len(ld, entry, "sudoCommand");
+    if (bv != NULL) {
+	lbuf_append(lbuf, "    Commands:\n", NULL);
+	for (p = bv; *p != NULL; p++) {
+	    lbuf_append(lbuf, "\t", (*p)->bv_val, "\n", NULL);
+	    count++;
+	}
+	ldap_value_free_len(bv);
+    }
+
+    return(count);
+}
+
+/*
+ * Like sudo_ldap_lookup(), except we just print entries.
+ */
+static int
+sudo_ldap_display_privs(nss, pw, lbuf)
+    struct sudo_nss *nss;
+    struct passwd *pw;
+    struct lbuf *lbuf;
+{
+    struct ldap_config_list_str *base;
+    LDAP *ld = (LDAP *) nss->handle;
+    LDAPMessage *entry, *result;
+    char *filt;
+    int rc, do_netgr, count = 0;
+
+    if (ld == NULL)
+	goto done;
+
+    /*
+     * Okay - time to search for anything that matches this user
+     * Lets limit it to only two queries of the LDAP server
+     *
+     * The first pass will look by the username, groups, and
+     * the keyword ALL.  We will then inspect the results that
+     * came back from the query.  We don't need to inspect the
+     * sudoUser in this pass since the LDAP server already scanned
+     * it for us.
+     *
+     * The second pass will return all the entries that contain
+     * user netgroups.  Then we take the netgroups returned and
+     * try to match them against the username.
+     */
+    for (do_netgr = 0; do_netgr < 2; do_netgr++) {
+	filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw);
+	DPRINTF(("ldap search '%s'", filt), 1);
+	for (base = ldap_conf.base; base != NULL; base = base->next) {
+	    result = NULL;
+	    rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt,
+		NULL, 0, NULL, NULL, NULL, 0, &result);
+	    if (rc != LDAP_SUCCESS)
+		continue;	/* no entries for this pass */
+
+	    /* print each matching entry */
+	    LDAP_FOREACH(entry, ld, result) {
+		if ((!do_netgr ||
+		    sudo_ldap_check_user_netgroup(ld, entry, pw->pw_name)) &&
+		    sudo_ldap_check_host(ld, entry)) {
+
+		    if (long_list)
+			count += sudo_ldap_display_entry_long(ld, entry, lbuf);
+		    else
+			count += sudo_ldap_display_entry_short(ld, entry, lbuf);
+		}
+	    }
+	    ldap_msgfree(result);
+	}
+	efree(filt);
+    }
+done:
+    return(count);
+}
+
+static int
+sudo_ldap_display_cmnd(nss, pw)
+    struct sudo_nss *nss;
+    struct passwd *pw;
+{
+    struct ldap_config_list_str *base;
+    LDAP *ld = (LDAP *) nss->handle;
+    LDAPMessage *entry, *result;		/* used for searches */
+    char *filt;					/* used to parse attributes */
+    int rc, found, do_netgr;			/* temp/final return values */
+
+    if (ld == NULL)
+	return(1);
+
+    /*
+     * Okay - time to search for anything that matches this user
+     * Lets limit it to only two queries of the LDAP server
+     *
+     * The first pass will look by the username, groups, and
+     * the keyword ALL.  We will then inspect the results that
+     * came back from the query.  We don't need to inspect the
+     * sudoUser in this pass since the LDAP server already scanned
+     * it for us.
+     *
+     * The second pass will return all the entries that contain
+     * user netgroups.  Then we take the netgroups returned and
+     * try to match them against the username.
+     */
+    for (found = FALSE, do_netgr = 0; !found && do_netgr < 2; do_netgr++) {
+	filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw);
+	DPRINTF(("ldap search '%s'", filt), 1);
+	for (base = ldap_conf.base; base != NULL; base = base->next) {
+	    result = NULL;
+	    rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt,
+		NULL, 0, NULL, NULL, NULL, 0, &result);
+	    if (rc != LDAP_SUCCESS)
+		continue;	/* no entries for this pass */
+
+	    LDAP_FOREACH(entry, ld, result) {
+		if ((!do_netgr ||
+		    sudo_ldap_check_user_netgroup(ld, entry, pw->pw_name)) &&
+		    sudo_ldap_check_host(ld, entry) &&
+		    sudo_ldap_check_command(ld, entry, NULL) &&
+		    sudo_ldap_check_runas(ld, entry)) {
+
+		    found = TRUE;
+		    break;
+		}
+	    }
+	    ldap_msgfree(result);
+	}
+	efree(filt);
+    }
+
+    if (found)
+	printf("%s%s%s\n", safe_cmnd ? safe_cmnd : user_cmnd,
+	    user_args ? " " : "", user_args ? user_args : "");
+   return(!found);
+}
+
+#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
+static int
+sudo_ldap_sasl_interact(ld, flags, _auth_id, _interact)
+    LDAP *ld;
+    unsigned int flags;
+    void *_auth_id;
+    void *_interact;
+{
+    char *auth_id = (char *)_auth_id;
+    sasl_interact_t *interact = (sasl_interact_t *)_interact;
+
+    for (; interact->id != SASL_CB_LIST_END; interact++) {
+	if (interact->id != SASL_CB_USER)
+	    return(LDAP_PARAM_ERROR);
+
+	if (auth_id != NULL)
+	    interact->result = auth_id;
+	else if (interact->defresult != NULL)
+	    interact->result = interact->defresult;
+	else
+	    interact->result = "";
+
+	interact->len = strlen(interact->result);
+#if SASL_VERSION_MAJOR < 2
+	interact->result = estrdup(interact->result);
+#endif /* SASL_VERSION_MAJOR < 2 */
+    }
+    return(LDAP_SUCCESS);
+}
+#endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */
+
+/*
+ * Set LDAP options based on the config table.
+ */
+static int
+sudo_ldap_set_options(ld)
+    LDAP *ld;
+{
+    struct ldap_config_table *cur;
+    int rc;
+
+    /* Set ber options */
+#ifdef LBER_OPT_DEBUG_LEVEL
+    if (ldap_conf.ldap_debug)
+	ber_set_option(NULL, LBER_OPT_DEBUG_LEVEL, &ldap_conf.ldap_debug);
+#endif
+
+    /* Set simple LDAP options */
+    for (cur = ldap_conf_table; cur->conf_str != NULL; cur++) {
+	LDAP *conn;
+	int ival;
+	char *sval;
+
+	if (cur->opt_val == -1)
+	    continue;
+
+	conn = cur->connected ? ld : NULL;
+	switch (cur->type) {
+	case CONF_BOOL:
+	case CONF_INT:
+	    ival = *(int *)(cur->valp);
+	    if (ival >= 0) {
+		rc = ldap_set_option(conn, cur->opt_val, &ival);
+		if (rc != LDAP_OPT_SUCCESS) {
+		    warningx("ldap_set_option: %s -> %d: %s",
+			cur->conf_str, ival, ldap_err2string(rc));
+		    return(-1);
+		}
+		DPRINTF(("ldap_set_option: %s -> %d", cur->conf_str, ival), 1);
+	    }
+	    break;
+	case CONF_STR:
+	    sval = *(char **)(cur->valp);
+	    if (sval != NULL) {
+		rc = ldap_set_option(conn, cur->opt_val, sval);
+		if (rc != LDAP_OPT_SUCCESS) {
+		    warningx("ldap_set_option: %s -> %s: %s",
+			cur->conf_str, sval, ldap_err2string(rc));
+		    return(-1);
+		}
+		DPRINTF(("ldap_set_option: %s -> %s", cur->conf_str, sval), 1);
+	    }
+	    break;
+	}
+    }
+
+#ifdef LDAP_OPT_NETWORK_TIMEOUT
+    /* Convert bind_timelimit to a timeval */
+    if (ldap_conf.bind_timelimit > 0) {
+	struct timeval tv;
+	tv.tv_sec = ldap_conf.bind_timelimit / 1000;
+	tv.tv_usec = 0;
+	rc = ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tv);
+	if (rc != LDAP_OPT_SUCCESS) {
+	    warningx("ldap_set_option(NETWORK_TIMEOUT, %ld): %s",
+		(long)tv.tv_sec, ldap_err2string(rc));
+	    return(-1);
+	}
+	DPRINTF(("ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, %ld)",
+	    (long)tv.tv_sec), 1);
+    }
+#endif
+
+#if defined(LDAP_OPT_X_TLS) && !defined(HAVE_LDAPSSL_INIT)
+    if (ldap_conf.ssl_mode == SUDO_LDAP_SSL) {
+	int val = LDAP_OPT_X_TLS_HARD;
+	rc = ldap_set_option(ld, LDAP_OPT_X_TLS, &val);
+	if (rc != LDAP_SUCCESS) {
+	    warningx("ldap_set_option(LDAP_OPT_X_TLS, LDAP_OPT_X_TLS_HARD): %s",
+		ldap_err2string(rc));
+	    return(-1);
+	}
+	DPRINTF(("ldap_set_option(LDAP_OPT_X_TLS, LDAP_OPT_X_TLS_HARD)"), 1);
+    }
+#endif
+    return(0);
+}
+
+/*
+ * Connect to the LDAP server specified by ld
+ */
+static int
+sudo_ldap_bind_s(ld)
+    LDAP *ld;
+{
+    int rc;
+#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
+    const char *old_ccname = user_ccname;
+# ifdef HAVE_GSS_KRB5_CCACHE_NAME
+    unsigned int status;
+# endif
+#endif
+
+#ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
+    if (ldap_conf.rootuse_sasl == TRUE ||
+	(ldap_conf.rootuse_sasl != FALSE && ldap_conf.use_sasl == TRUE)) {
+	void *auth_id = ldap_conf.rootsasl_auth_id ?
+	    ldap_conf.rootsasl_auth_id : ldap_conf.sasl_auth_id;
+
+	if (ldap_conf.krb5_ccname != NULL) {
+# ifdef HAVE_GSS_KRB5_CCACHE_NAME
+	    if (gss_krb5_ccache_name(&status, ldap_conf.krb5_ccname, &old_ccname)
+		!= GSS_S_COMPLETE) {
+		old_ccname = NULL;
+		DPRINTF(("gss_krb5_ccache_name() failed: %d", status), 1);
+	    }
+# else
+	    setenv("KRB5CCNAME", ldap_conf.krb5_ccname, TRUE);
+# endif
+	}
+	rc = ldap_sasl_interactive_bind_s(ld, ldap_conf.binddn, "GSSAPI",
+	    NULL, NULL, LDAP_SASL_QUIET, sudo_ldap_sasl_interact, auth_id);
+	if (ldap_conf.krb5_ccname != NULL) {
+# ifdef HAVE_GSS_KRB5_CCACHE_NAME
+	    if (gss_krb5_ccache_name(&status, old_ccname, NULL) != GSS_S_COMPLETE)
+		    DPRINTF(("gss_krb5_ccache_name() failed: %d", status), 1);
+# else
+	    if (old_ccname != NULL)
+		setenv("KRB5CCNAME", old_ccname, TRUE);
+	    else
+		unsetenv("KRB5CCNAME");
+# endif
+	}
+	if (rc != LDAP_SUCCESS) {
+	    warningx("ldap_sasl_interactive_bind_s(): %s", ldap_err2string(rc));
+	    return(-1);
+	}
+	DPRINTF(("ldap_sasl_interactive_bind_s() ok"), 1);
+    } else
+#endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */
+#ifdef HAVE_LDAP_SASL_BIND_S
+    {
+	struct berval bv;
+
+	bv.bv_val = ldap_conf.bindpw ? ldap_conf.bindpw : "";
+	bv.bv_len = strlen(bv.bv_val);
+
+	rc = ldap_sasl_bind_s(ld, ldap_conf.binddn, LDAP_SASL_SIMPLE, &bv,
+	    NULL, NULL, NULL);
+	if (rc != LDAP_SUCCESS) {
+	    warningx("ldap_sasl_bind_s(): %s", ldap_err2string(rc));
+	    return(-1);
+	}
+	DPRINTF(("ldap_sasl_bind_s() ok"), 1);
+    }
+#else
+    {
+	rc = ldap_simple_bind_s(ld, ldap_conf.binddn, ldap_conf.bindpw);
+	if (rc != LDAP_SUCCESS) {
+	    warningx("ldap_simple_bind_s(): %s", ldap_err2string(rc));
+	    return(-1);
+	}
+	DPRINTF(("ldap_simple_bind_s() ok"), 1);
+    }
+#endif
+    return(0);
+}
+
+/*
+ * Open a connection to the LDAP server.
+ * Returns 0 on success and non-zero on failure.
+ */
+static int
+sudo_ldap_open(nss)
+    struct sudo_nss *nss;
+{
+    LDAP *ld;
+    int rc, ldapnoinit = FALSE;
+
+    if (!sudo_ldap_read_config())
+	return(-1);
+
+    /* Prevent reading of user ldaprc and system defaults. */
+    if (getenv("LDAPNOINIT") == NULL) {
+	ldapnoinit = TRUE;
+	setenv("LDAPNOINIT", "1", TRUE);
+    }
+
+    /* Connect to LDAP server */
+#ifdef HAVE_LDAP_INITIALIZE
+    if (ldap_conf.uri != NULL) {
+	char *buf = sudo_ldap_join_uri(ldap_conf.uri);
+	DPRINTF(("ldap_initialize(ld, %s)", buf), 2);
+	rc = ldap_initialize(&ld, buf);
+	efree(buf);
+    } else
+#endif
+	rc = sudo_ldap_init(&ld, ldap_conf.host, ldap_conf.port);
+    if (rc != LDAP_SUCCESS) {
+	warningx("unable to initialize LDAP: %s", ldap_err2string(rc));
+	return(-1);
+    }
+
+    if (ldapnoinit)
+	unsetenv("LDAPNOINIT");
+
+    /* Set LDAP options */
+    if (sudo_ldap_set_options(ld) < 0)
+	return(-1);
+
+    if (ldap_conf.ssl_mode == SUDO_LDAP_STARTTLS) {
+#if defined(HAVE_LDAP_START_TLS_S)
+	rc = ldap_start_tls_s(ld, NULL, NULL);
+	if (rc != LDAP_SUCCESS) {
+	    warningx("ldap_start_tls_s(): %s", ldap_err2string(rc));
+	    return(-1);
+	}
+	DPRINTF(("ldap_start_tls_s() ok"), 1);
+#elif defined(HAVE_LDAP_SSL_CLIENT_INIT) && defined(HAVE_LDAP_START_TLS_S_NP)
+	if (ldap_ssl_client_init(NULL, NULL, 0, &rc) != LDAP_SUCCESS) {
+	    warningx("ldap_ssl_client_init(): %s", ldap_err2string(rc));
+	    return(-1);
+	}
+	rc = ldap_start_tls_s_np(ld, NULL);
+	if (rc != LDAP_SUCCESS) {
+	    warningx("ldap_start_tls_s_np(): %s", ldap_err2string(rc));
+	    return(-1);
+	}
+	DPRINTF(("ldap_start_tls_s_np() ok"), 1);
+#else
+	warningx("start_tls specified but LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()");
+#endif /* !HAVE_LDAP_START_TLS_S && !HAVE_LDAP_START_TLS_S_NP */
+    }
+
+    /* Actually connect */
+    if (sudo_ldap_bind_s(ld) != 0)
+	return(-1);
+
+    nss->handle = ld;
+    return(0);
+}
+
+static int
+sudo_ldap_setdefs(nss)
+    struct sudo_nss *nss;
+{
+    struct ldap_config_list_str *base;
+    LDAP *ld = (LDAP *) nss->handle;
+    LDAPMessage *entry, *result;		 /* used for searches */
+    int rc;					 /* temp return value */
+
+    if (ld == NULL)
+	return(-1);
+
+    for (base = ldap_conf.base; base != NULL; base = base->next) {
+	result = NULL;
+	rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE,
+	    "cn=defaults", NULL, 0, NULL, NULL, NULL, 0, &result);
+	if (rc == LDAP_SUCCESS && (entry = ldap_first_entry(ld, result))) {
+	    DPRINTF(("found:%s", ldap_get_dn(ld, entry)), 1);
+	    sudo_ldap_parse_options(ld, entry);
+	} else
+	    DPRINTF(("no default options found in %s", base->val), 1);
+
+	if (result)
+	    ldap_msgfree(result);
+    }
+
+    return(0);
+}
+
+/*
+ * like sudoers_lookup() - only LDAP style
+ */
+static int
+sudo_ldap_lookup(nss, ret, pwflag)
+    struct sudo_nss *nss;
+    int ret;
+    int pwflag;
+{
+    struct ldap_config_list_str *base;
+    LDAP *ld = (LDAP *) nss->handle;
+    LDAPMessage *entry, *result;
+    char *filt;
+    int do_netgr, rc, matched;
+    int setenv_implied;
+    int ldap_user_matches = FALSE, ldap_host_matches = FALSE;
+    struct passwd *pw = list_pw ? list_pw : sudo_user.pw;
+
+    if (ld == NULL)
+	return(ret);
+
+    if (pwflag) {
+	int doauth = UNSPEC;
+	enum def_tupple pwcheck = 
+	    (pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple;
+
+	for (matched = 0, do_netgr = 0; !matched && do_netgr < 2; do_netgr++) {
+	    filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw);
+	    for (base = ldap_conf.base; base != NULL; base = base->next) {
+		result = NULL;
+		rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt,
+		    NULL, 0, NULL, NULL, NULL, 0, &result);
+		if (rc != LDAP_SUCCESS)
+		    continue;
+
+		LDAP_FOREACH(entry, ld, result) {
+		    /* only verify netgroup matches in pass 2 */
+		    if (do_netgr && !sudo_ldap_check_user_netgroup(ld, entry, pw->pw_name))
+			continue;
+
+		    ldap_user_matches = TRUE;
+		    if (sudo_ldap_check_host(ld, entry)) {
+			ldap_host_matches = TRUE;
+			if ((pwcheck == any && doauth != FALSE) ||
+			    (pwcheck == all && doauth == FALSE))
+			    doauth = sudo_ldap_check_bool(ld, entry, "authenticate");
+			/* Only check the command when listing another user. */
+			if (user_uid == 0 || list_pw == NULL ||
+			    user_uid == list_pw->pw_uid ||
+			    sudo_ldap_check_command(ld, entry, NULL)) {
+			    matched = 1;
+			    break;	/* end foreach */
+			}
+		    }
+		}
+		ldap_msgfree(result);
+	    }
+	    efree(filt);
+	}
+	if (matched || user_uid == 0) {
+	    SET(ret, VALIDATE_OK);
+	    CLR(ret, VALIDATE_NOT_OK);
+	    if (def_authenticate) {
+		switch (pwcheck) {
+		    case always:
+			SET(ret, FLAG_CHECK_USER);
+			break;
+		    case all:
+		    case any:
+			if (doauth == FALSE)
+			    def_authenticate = FALSE;
+			break;
+		    case never:
+			def_authenticate = FALSE;
+			break;
+		    default:
+			break;
+		}
+	    }
+	}
+	goto done;
+    }
+
+    /*
+     * Okay - time to search for anything that matches this user
+     * Lets limit it to only two queries of the LDAP server
+     *
+     * The first pass will look by the username, groups, and
+     * the keyword ALL.  We will then inspect the results that
+     * came back from the query.  We don't need to inspect the
+     * sudoUser in this pass since the LDAP server already scanned
+     * it for us.
+     *
+     * The second pass will return all the entries that contain
+     * user netgroups.  Then we take the netgroups returned and
+     * try to match them against the username.
+     */
+    setenv_implied = FALSE;
+    for (matched = 0, do_netgr = 0; !matched && do_netgr < 2; do_netgr++) {
+	filt = do_netgr ? estrdup("sudoUser=+*") : sudo_ldap_build_pass1(pw);
+	DPRINTF(("ldap search '%s'", filt), 1);
+	for (base = ldap_conf.base; base != NULL; base = base->next) {
+	    result = NULL;
+	    rc = ldap_search_ext_s(ld, base->val, LDAP_SCOPE_SUBTREE, filt,
+		NULL, 0, NULL, NULL, NULL, 0, &result);
+	    if (rc != LDAP_SUCCESS) {
+		DPRINTF(("nothing found for '%s'", filt), 1);
+		continue;
+	    }
+
+	    /* parse each entry returned from this most recent search */
+	    LDAP_FOREACH(entry, ld, result) {
+		DPRINTF(("found:%s", ldap_get_dn(ld, entry)), 1);
+		if (
+		/* first verify user netgroup matches - only if in pass 2 */
+		    (!do_netgr || sudo_ldap_check_user_netgroup(ld, entry, pw->pw_name)) &&
+		/* remember that user matched */
+		    (ldap_user_matches = TRUE) &&
+		/* verify host match */
+		    sudo_ldap_check_host(ld, entry) &&
+		/* remember that host matched */
+		    (ldap_host_matches = TRUE) &&
+		/* verify runas match */
+		    sudo_ldap_check_runas(ld, entry) &&
+		/* verify command match */
+		    (rc = sudo_ldap_check_command(ld, entry, &setenv_implied)) != UNSPEC
+		    ) {
+		    /* We have a match! */
+		    DPRINTF(("Command %sallowed", rc == TRUE ? "" : "NOT "), 1);
+		    matched = TRUE;
+		    if (rc == TRUE) {
+			/* pick up any options */
+			if (setenv_implied)
+			    def_setenv = TRUE;
+			sudo_ldap_parse_options(ld, entry);
+#ifdef HAVE_SELINUX
+			/* Set role and type if not specified on command line. */
+			if (user_role == NULL)
+			    user_role = def_role;
+			if (user_type == NULL)
+			    user_type = def_type;
+#endif /* HAVE_SELINUX */
+			/* make sure we don't reenter loop */
+			SET(ret, VALIDATE_OK);
+			CLR(ret, VALIDATE_NOT_OK);
+		    } else {
+			SET(ret, VALIDATE_NOT_OK);
+			CLR(ret, VALIDATE_OK);
+		    }
+		    /* break from inside for loop */
+		    break;
+		}
+	    }
+	    ldap_msgfree(result);
+	}
+	efree(filt);
+    }
+
+done:
+    DPRINTF(("user_matches=%d", ldap_user_matches), 1);
+    DPRINTF(("host_matches=%d", ldap_host_matches), 1);
+
+    if (!ISSET(ret, VALIDATE_OK)) {
+	/* we do not have a match */
+	if (pwflag && list_pw == NULL)
+	    SET(ret, FLAG_NO_CHECK);
+    }
+    if (ldap_user_matches)
+	CLR(ret, FLAG_NO_USER);
+    if (ldap_host_matches)
+	CLR(ret, FLAG_NO_HOST);
+    DPRINTF(("sudo_ldap_lookup(%d)=0x%02x", pwflag, ret), 1);
+
+    return(ret);
+}
+
+/*
+ * shut down LDAP connection
+ */
+static int
+sudo_ldap_close(nss)
+    struct sudo_nss *nss;
+{
+    if (nss->handle != NULL) {
+	ldap_unbind_ext_s((LDAP *) nss->handle, NULL, NULL);
+	nss->handle = NULL;
+    }
+    return(0);
+}
+
+/*
+ * STUB
+ */
+static int
+sudo_ldap_parse(nss)
+    struct sudo_nss *nss;
+{
+    return(0);
+}
diff --git a/sudo-1.7.4p4/linux_audit.c b/sudo-1.7.4p4/linux_audit.c
new file mode 100644
index 0000000..ba87e78
--- /dev/null
+++ b/sudo-1.7.4p4/linux_audit.c
@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#include <errno.h>
+#include <fcntl.h>
+#include <string.h>
+#include <libaudit.h>
+
+#include "compat.h"
+#include "error.h"
+#include "alloc.h"
+#include "missing.h"
+#include "linux_audit.h"
+
+/*
+ * Open audit connection if possible.
+ * Returns audit fd on success and -1 on failure.
+ */
+static int
+linux_audit_open(void)
+{
+    static int au_fd = -1;
+
+    if (au_fd != -1)
+	return au_fd;
+    au_fd = audit_open();
+    if (au_fd == -1) {
+	/* Kernel may not have audit support. */
+	if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT)
+	    error(1, "unable to open audit system");
+    } else {
+	(void)fcntl(au_fd, F_SETFD, FD_CLOEXEC);
+    }
+    return au_fd;
+}
+
+int
+linux_audit_command(char *argv[], int result)
+{
+    int au_fd, rc;
+    char *command, *cp, **av;
+    size_t size, n;
+
+    if ((au_fd = linux_audit_open()) == -1)
+	return -1;
+
+    /* Convert argv to a flat string. */
+    for (size = 0, av = argv; *av != NULL; av++)
+	size += strlen(*av) + 1;
+    command = cp = emalloc(size);
+    for (av = argv; *av != NULL; av++) {
+	n = strlcpy(cp, *av, size - (cp - command));
+	if (n >= size - (cp - command))
+	    errorx(1, "internal error, linux_audit_command() overflow");
+	cp += n;
+	*cp++ = ' ';
+    }
+    *--cp = '\0';
+
+    /* Log command, ignoring EPERM on error. */
+    rc = audit_log_user_command(au_fd, AUDIT_USER_CMD, command, NULL, result);
+    if (rc <= 0)
+	warning("unable to send audit message");
+
+    efree(command);
+
+    return rc;
+}
+
+#ifdef HAVE_SELINUX
+int
+linux_audit_role_change(const char *old_context,
+    const char *new_context, const char *ttyn)
+{
+    int au_fd, rc;
+    char *message;
+
+    if ((au_fd = linux_audit_open()) == -1)
+	return -1;
+
+    /* audit role change using the same format as newrole(1) */
+    easprintf(&message, "newrole: old-context=%s new-context=%s",
+	old_context, new_context);
+    rc = audit_log_user_message(au_fd, AUDIT_USER_ROLE_CHANGE,
+	message, NULL, NULL, ttyn, 1);
+    if (rc <= 0)
+	warning("unable to send audit message");
+
+    efree(message);
+
+    return rc;
+}
+#endif /* HAVE_SELINUX */
diff --git a/sudo-1.7.4p4/linux_audit.h b/sudo-1.7.4p4/linux_audit.h
new file mode 100644
index 0000000..f2574f6
--- /dev/null
+++ b/sudo-1.7.4p4/linux_audit.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_LINUX_AUDIT_H
+#define	_SUDO_LINUX_AUDIT_H
+
+int	linux_audit_command(char *argv[], int result);
+int	linux_audit_role_change(const char *old_context,
+	    const char *new_context, const char *ttyn);
+
+#endif /* _SUDO_LINUX_AUDIT_H */
diff --git a/sudo-1.7.4p4/list.c b/sudo-1.7.4p4/list.c
new file mode 100644
index 0000000..60c1138
--- /dev/null
+++ b/sudo-1.7.4p4/list.c
@@ -0,0 +1,133 @@
+/*
+ * Copyright (c) 2007-2008 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+
+#include "sudo.h"
+
+struct list_proto {
+    struct list_proto *prev;
+    struct list_proto *next;
+};
+
+struct list_head_proto {
+    struct list_proto *first;
+    struct list_proto *last;
+};
+
+/*
+ * Pop the last element off the end of vh.
+ * Returns the popped element.
+ */
+void *
+tq_pop(vh)
+    void *vh;
+{
+    struct list_head_proto *h = (struct list_head_proto *)vh;
+    void *last = NULL;
+
+    if (!tq_empty(h)) {
+	last = (void *)h->last;
+	if (h->first == h->last) {
+	    h->first = NULL;
+	    h->last = NULL;
+	} else {
+	    h->last = h->last->prev;
+	    h->last->next = NULL;
+	}
+    }
+    return (last);
+}
+
+/*
+ * Convert from a semi-circle queue to normal doubly-linked list
+ * with a head node.
+ */
+void
+list2tq(vh, vl)
+    void *vh;
+    void *vl;
+{
+    struct list_head_proto *h = (struct list_head_proto *)vh;
+    struct list_proto *l = (struct list_proto *)vl;
+
+    if (l != NULL) {
+#ifdef DEBUG
+	if (l->prev == NULL) {
+	    warningx("list2tq called with non-semicircular list");
+	    abort();
+	}
+#endif
+	h->first = l;
+	h->last = l->prev;	/* l->prev points to the last member of l */
+	l->prev = NULL;		/* zero last ptr now that we have a head */
+    } else {
+	h->first = NULL;
+	h->last = NULL;
+    }
+}
+
+/*
+ * Append one queue (or single entry) to another using the
+ * circular properties of the prev pointer to simplify the logic.
+ */
+void
+list_append(vl1, vl2)
+    void *vl1;
+    void *vl2;
+{
+    struct list_proto *l1 = (struct list_proto *)vl1;
+    struct list_proto *l2 = (struct list_proto *)vl2;
+    void *tail = l2->prev;
+
+    l1->prev->next = l2;
+    l2->prev = l1->prev;
+    l1->prev = tail;
+}
+
+/*
+ * Append the list of entries to the head node and convert 
+ * e from a semi-circle queue to normal doubly-linked list. 
+ */
+void
+tq_append(vh, vl)
+    void *vh;
+    void *vl;
+{
+    struct list_head_proto *h = (struct list_head_proto *)vh;
+    struct list_proto *l = (struct list_proto *)vl;
+    void *tail = l->prev;
+
+    if (h->first == NULL)
+	h->first = l;
+    else
+	h->last->next = l;
+    l->prev = h->last;
+    h->last = tail;
+}
diff --git a/sudo-1.7.4p4/list.h b/sudo-1.7.4p4/list.h
new file mode 100644
index 0000000..17aab41
--- /dev/null
+++ b/sudo-1.7.4p4/list.h
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2007 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_LIST_H
+#define _SUDO_LIST_H
+
+/*
+ * Convenience macro for declaring a list head.
+ */
+#ifdef __STDC__
+#define TQ_DECLARE(n)					\
+struct n##_list {					\
+    struct n *first;					\
+    struct n *last;					\
+};
+#else
+#define TQ_DECLARE(n)					\
+struct n/**/_list {					\
+    struct n *first;					\
+    struct n *last;					\
+};
+#endif
+
+/*
+ * Foreach loops: forward and reverse
+ */
+#undef tq_foreach_fwd
+#define tq_foreach_fwd(h, v)				\
+    for ((v) = (h)->first; (v) != NULL; (v) = (v)->next)
+
+#undef tq_foreach_rev
+#define tq_foreach_rev(h, v)				\
+    for ((v) = (h)->last; (v) != NULL; (v) = (v)->prev)
+
+/*
+ * Init a list head.
+ */
+#undef tq_init
+#define tq_init(h) do {					\
+    (h)->first = NULL;					\
+    (h)->last = NULL;					\
+} while (0)
+
+/*
+ * Simple macros to avoid exposing first/last and prev/next.
+ */
+#undef tq_empty
+#define tq_empty(h)	((h)->first == NULL)
+
+#undef tq_first
+#define tq_first(h)	((h)->first)
+
+#undef tq_last
+#define tq_last(h)	((h)->last)
+
+#undef list_next
+#define list_next(e)	((e)->next)
+
+#undef list_prev
+#define list_prev(e)	((e)->prev)
+
+/*
+ * Prototypes for list.c
+ */
+void *tq_pop		__P((void *));
+void tq_append		__P((void *, void *));
+void list_append	__P((void *, void *));
+void list2tq		__P((void *, void *));
+
+#endif /* _SUDO_LIST_H */
diff --git a/sudo-1.7.4p4/logging.c b/sudo-1.7.4p4/logging.c
new file mode 100644
index 0000000..2b32968
--- /dev/null
+++ b/sudo-1.7.4p4/logging.c
@@ -0,0 +1,737 @@
+/*
+ * Copyright (c) 1994-1996, 1998-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#ifdef __TANDEM
+# include <floss.h>
+#endif
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/ioctl.h>
+#include <sys/wait.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <grp.h>
+#include <signal.h>
+#include <time.h>
+#include <errno.h>
+#include <fcntl.h>
+
+#include "sudo.h"
+
+static void do_syslog		__P((int, char *));
+static void do_logfile		__P((char *));
+static void send_mail		__P((const char *fmt, ...));
+static int should_mail		__P((int));
+static void mysyslog		__P((int, const char *, ...));
+static char *new_logline	__P((const char *, int));
+
+#define MAXSYSLOGTRIES	16	/* num of retries for broken syslogs */
+
+/*
+ * We do an openlog(3)/closelog(3) for each message because some
+ * authentication methods (notably PAM) use syslog(3) for their
+ * own nefarious purposes and may call openlog(3) and closelog(3).
+ * Note that because we don't want to assume that all systems have
+ * vsyslog(3) (HP-UX doesn't) "%m" will not be expanded.
+ * Sadly this is a maze of #ifdefs.
+ */
+static void
+#ifdef __STDC__
+mysyslog(int pri, const char *fmt, ...)
+#else
+mysyslog(pri, fmt, va_alist)
+    int pri;
+    const char *fmt;
+    va_dcl
+#endif
+{
+#ifdef BROKEN_SYSLOG
+    int i;
+#endif
+    char buf[MAXSYSLOGLEN+1];
+    va_list ap;
+
+#ifdef __STDC__
+    va_start(ap, fmt);
+#else
+    va_start(ap);
+#endif
+#ifdef LOG_NFACILITIES
+    openlog("sudo", 0, def_syslog);
+#else
+    openlog("sudo", 0);
+#endif
+    vsnprintf(buf, sizeof(buf), fmt, ap);
+#ifdef BROKEN_SYSLOG
+    /*
+     * Some versions of syslog(3) don't guarantee success and return
+     * an int (notably HP-UX < 10.0).  So, if at first we don't succeed,
+     * try, try again...
+     */
+    for (i = 0; i < MAXSYSLOGTRIES; i++)
+	if (syslog(pri, "%s", buf) == 0)
+	    break;
+#else
+    syslog(pri, "%s", buf);
+#endif /* BROKEN_SYSLOG */
+    va_end(ap);
+    closelog();
+}
+
+#define FMT_FIRST "%8s : %s"
+#define FMT_CONTD "%8s : (command continued) %s"
+
+/*
+ * Log a message to syslog, pre-pending the username and splitting the
+ * message into parts if it is longer than MAXSYSLOGLEN.
+ */
+static void
+do_syslog(pri, msg)
+    int pri;
+    char *msg;
+{
+    size_t len, maxlen;
+    char *p, *tmp, save;
+    const char *fmt;
+
+    /*
+     * Log the full line, breaking into multiple syslog(3) calls if necessary
+     */
+    fmt = FMT_FIRST;
+    maxlen = MAXSYSLOGLEN - (sizeof(FMT_FIRST) - 6 + strlen(user_name));
+    for (p = msg; *p != '\0'; ) {
+	len = strlen(p);
+	if (len > maxlen) {
+	    /*
+	     * Break up the line into what will fit on one syslog(3) line
+	     * Try to avoid breaking words into several lines if possible.
+	     */
+	    tmp = memrchr(p, ' ', maxlen);
+	    if (tmp == NULL)
+		tmp = p + maxlen;
+
+	    /* NULL terminate line, but save the char to restore later */
+	    save = *tmp;
+	    *tmp = '\0';
+
+	    mysyslog(pri, fmt, user_name, p);
+
+	    *tmp = save;			/* restore saved character */
+
+	    /* Advance p and eliminate leading whitespace */
+	    for (p = tmp; *p == ' '; p++)
+		;
+	} else {
+	    mysyslog(pri, fmt, user_name, p);
+	    p += len;
+	}
+	fmt = FMT_CONTD;
+	maxlen = MAXSYSLOGLEN - (sizeof(FMT_CONTD) - 6 + strlen(user_name));
+    }
+}
+
+static void
+do_logfile(msg)
+    char *msg;
+{
+    char *full_line;
+    char *beg, *oldend, *end;
+    FILE *fp;
+    mode_t oldmask;
+    size_t maxlen;
+
+    oldmask = umask(077);
+    maxlen = def_loglinelen > 0 ? def_loglinelen : 0;
+    fp = fopen(def_logfile, "a");
+    (void) umask(oldmask);
+    if (fp == NULL) {
+	send_mail("Can't open log file: %s: %s", def_logfile, strerror(errno));
+    } else if (!lock_file(fileno(fp), SUDO_LOCK)) {
+	send_mail("Can't lock log file: %s: %s", def_logfile, strerror(errno));
+    } else {
+	time_t now;
+
+	now = time(NULL);
+	if (def_loglinelen == 0) {
+	    /* Don't pretty-print long log file lines (hard to grep) */
+	    if (def_log_host)
+		(void) fprintf(fp, "%s : %s : HOST=%s : %s\n",
+		    get_timestr(now, def_log_year), user_name, user_shost, msg);
+	    else
+		(void) fprintf(fp, "%s : %s : %s\n",
+		    get_timestr(now, def_log_year), user_name, msg);
+	} else {
+	    if (def_log_host)
+		easprintf(&full_line, "%s : %s : HOST=%s : %s",
+		    get_timestr(now, def_log_year), user_name, user_shost, msg);
+	    else
+		easprintf(&full_line, "%s : %s : %s",
+		    get_timestr(now, def_log_year), user_name, msg);
+
+	    /*
+	     * Print out full_line with word wrap
+	     */
+	    beg = end = full_line;
+	    while (beg) {
+		oldend = end;
+		end = strchr(oldend, ' ');
+
+		if (maxlen > 0 && end) {
+		    *end = '\0';
+		    if (strlen(beg) > maxlen) {
+			/* too far, need to back up & print the line */
+
+			if (beg == (char *)full_line)
+			    maxlen -= 4;	/* don't indent first line */
+
+			*end = ' ';
+			if (oldend != beg) {
+			    /* rewind & print */
+			    end = oldend-1;
+			    while (*end == ' ')
+				--end;
+			    *(++end) = '\0';
+			    (void) fprintf(fp, "%s\n    ", beg);
+			    *end = ' ';
+			} else {
+			    (void) fprintf(fp, "%s\n    ", beg);
+			}
+
+			/* reset beg to point to the start of the new substr */
+			beg = end;
+			while (*beg == ' ')
+			    ++beg;
+		    } else {
+			/* we still have room */
+			*end = ' ';
+		    }
+
+		    /* remove leading whitespace */
+		    while (*end == ' ')
+			++end;
+		} else {
+		    /* final line */
+		    (void) fprintf(fp, "%s\n", beg);
+		    beg = NULL;			/* exit condition */
+		}
+	    }
+	    efree(full_line);
+	}
+	(void) fflush(fp);
+	(void) lock_file(fileno(fp), SUDO_UNLOCK);
+	(void) fclose(fp);
+    }
+}
+
+/*
+ * Log and mail the denial message, optionally informing the user.
+ */
+void
+log_denial(status, inform_user)
+    int status;
+    int inform_user;
+{
+    char *message;
+    char *logline;
+
+    /* Set error message. */
+    if (ISSET(status, FLAG_NO_USER))
+	message = "user NOT in sudoers";
+    else if (ISSET(status, FLAG_NO_HOST))
+	message = "user NOT authorized on host";
+    else
+	message = "command not allowed";
+
+    logline = new_logline(message, 0);
+
+    if (should_mail(status))
+	send_mail("%s", logline);	/* send mail based on status */
+
+    /* Inform the user if they failed to authenticate.  */
+    if (inform_user) {
+	if (ISSET(status, FLAG_NO_USER))
+	    (void) fprintf(stderr, "%s is not in the sudoers file.  %s",
+		user_name, "This incident will be reported.\n");
+	else if (ISSET(status, FLAG_NO_HOST))
+	    (void) fprintf(stderr, "%s is not allowed to run sudo on %s.  %s",
+		user_name, user_shost, "This incident will be reported.\n");
+	else if (ISSET(status, FLAG_NO_CHECK))
+	    (void) fprintf(stderr, "Sorry, user %s may not run sudo on %s.\n",
+		user_name, user_shost);
+	else
+	    (void) fprintf(stderr,
+		"Sorry, user %s is not allowed to execute '%s%s%s' as %s%s%s on %s.\n",
+		user_name, user_cmnd, user_args ? " " : "",
+		user_args ? user_args : "",
+		list_pw ? list_pw->pw_name : runas_pw ?
+		runas_pw->pw_name : user_name, runas_gr ? ":" : "",
+		runas_gr ? runas_gr->gr_name : "", user_host);
+    }
+
+    /*
+     * Log via syslog and/or a file.
+     */
+    if (def_syslog)
+	do_syslog(def_syslog_badpri, logline);
+    if (def_logfile)
+	do_logfile(logline);
+
+    efree(logline);
+}
+
+/*
+ * Log and potentially mail the allowed command.
+ */
+void
+log_allowed(status)
+    int status;
+{
+    char *logline;
+
+    logline = new_logline(NULL, 0);
+
+    if (should_mail(status))
+	send_mail("%s", logline);	/* send mail based on status */
+
+    /*
+     * Log via syslog and/or a file.
+     */
+    if (def_syslog)
+	do_syslog(def_syslog_goodpri, logline);
+    if (def_logfile)
+	do_logfile(logline);
+
+    efree(logline);
+}
+
+void
+#ifdef __STDC__
+log_error(int flags, const char *fmt, ...)
+#else
+log_error(flags, fmt, va_alist)
+    int flags;
+    const char *fmt;
+    va_dcl
+#endif
+{
+    int serrno = errno;
+    char *message;
+    char *logline;
+    va_list ap;
+#ifdef __STDC__
+    va_start(ap, fmt);
+#else
+    va_start(ap);
+#endif
+
+    /* Become root if we are not already to avoid user interference */
+    set_perms(PERM_ROOT|PERM_NOEXIT);
+
+    /* Expand printf-style format + args. */
+    evasprintf(&message, fmt, ap);
+    va_end(ap);
+
+    if (ISSET(flags, MSG_ONLY))
+	logline = message;
+    else
+	logline = new_logline(message, ISSET(flags, USE_ERRNO) ? serrno : 0);
+
+    /*
+     * Tell the user.
+     */
+    if (!ISSET(flags, NO_STDERR)) {
+	if (ISSET(flags, USE_ERRNO))
+	    warning("%s", message);
+	else
+	    warningx("%s", message);
+    }
+    if (logline != message)
+        efree(message);
+
+    /*
+     * Send a copy of the error via mail.
+     */
+    if (!ISSET(flags, NO_MAIL))
+	send_mail("%s", logline);
+
+    /*
+     * Log to syslog and/or a file.
+     */
+    if (def_syslog)
+	do_syslog(def_syslog_badpri, logline);
+    if (def_logfile)
+	do_logfile(logline);
+
+    efree(logline);
+
+    if (!ISSET(flags, NO_EXIT)) {
+	cleanup(0);
+	exit(1);
+    }
+}
+
+#define MAX_MAILFLAGS	63
+
+/*
+ * Send a message to MAILTO user
+ */
+static void
+#ifdef __STDC__
+send_mail(const char *fmt, ...)
+#else
+send_mail(fmt, va_alist)
+    const char *fmt;
+    va_dcl
+#endif
+{
+    FILE *mail;
+    char *p;
+    int fd, pfd[2], status;
+    pid_t pid, rv;
+    sigaction_t sa;
+    va_list ap;
+#ifndef NO_ROOT_MAILER
+    static char *root_envp[] = {
+	"HOME=/",
+	"PATH=/usr/bin:/bin:/usr/sbin:/sbin",
+	"LOGNAME=root",
+	"USERNAME=root",
+	"USER=root",
+	NULL
+    };
+#endif
+
+    /* Just return if mailer is disabled. */
+    if (!def_mailerpath || !def_mailto)
+	return;
+
+    /* Fork and return, child will daemonize. */
+    switch (pid = fork()) {
+	case -1:
+	    /* Error. */
+	    error(1, "cannot fork");
+	    break;
+	case 0:
+	    /* Child. */
+	    switch (pid = fork()) {
+		case -1:
+		    /* Error. */
+		    mysyslog(LOG_ERR, "cannot fork: %m");
+		    _exit(1);
+		case 0:
+		    /* Grandchild continues below. */
+		    break;
+		default:
+		    /* Parent will wait for us. */
+		    _exit(0);
+	    }
+	    break;
+	default:
+	    /* Parent. */
+	    do {
+#ifdef HAVE_WAITPID
+		rv = waitpid(pid, &status, 0);
+#else
+		rv = wait(&status);
+#endif
+	    } while (rv == -1 && errno == EINTR);
+	    return;
+    }
+
+    /* Daemonize - disassociate from session/tty. */
+    if (setsid() == -1)
+      warning("setsid");
+    (void) chdir("/");
+    if ((fd = open(_PATH_DEVNULL, O_RDWR, 0644)) != -1) {
+	(void) dup2(fd, STDIN_FILENO);
+	(void) dup2(fd, STDOUT_FILENO);
+	(void) dup2(fd, STDERR_FILENO);
+    }
+
+    /* Close password, group and other fds so we don't leak. */
+    sudo_endpwent();
+    sudo_endgrent();
+    closefrom(STDERR_FILENO + 1);
+
+    /* Ignore SIGPIPE in case mailer exits prematurely (or is missing). */
+    zero_bytes(&sa, sizeof(sa));
+    sigemptyset(&sa.sa_mask);
+    sa.sa_flags = SA_INTERRUPT;
+    sa.sa_handler = SIG_IGN;
+    (void) sigaction(SIGPIPE, &sa, NULL);
+
+    if (pipe(pfd) == -1) {
+	mysyslog(LOG_ERR, "cannot open pipe: %m");
+	_exit(1);
+    }
+
+    switch (pid = fork()) {
+	case -1:
+	    /* Error. */
+	    mysyslog(LOG_ERR, "cannot fork: %m");
+	    _exit(1);
+	    break;
+	case 0:
+	    {
+		char *argv[MAX_MAILFLAGS + 1];
+		char *mpath, *mflags;
+		int i;
+
+		/* Child, set stdin to output side of the pipe */
+		if (pfd[0] != STDIN_FILENO) {
+		    if (dup2(pfd[0], STDIN_FILENO) == -1) {
+			mysyslog(LOG_ERR, "cannot dup stdin: %m");
+			_exit(127);
+		    }
+		    (void) close(pfd[0]);
+		}
+		(void) close(pfd[1]);
+
+		/* Build up an argv based on the mailer path and flags */
+		mflags = estrdup(def_mailerflags);
+		mpath = estrdup(def_mailerpath);
+		if ((argv[0] = strrchr(mpath, ' ')))
+		    argv[0]++;
+		else
+		    argv[0] = mpath;
+
+		i = 1;
+		if ((p = strtok(mflags, " \t"))) {
+		    do {
+			argv[i] = p;
+		    } while (++i < MAX_MAILFLAGS && (p = strtok(NULL, " \t")));
+		}
+		argv[i] = NULL;
+
+		/*
+		 * Depending on the config, either run the mailer as root
+		 * (so user cannot kill it) or as the user (for the paranoid).
+		 */
+#ifndef NO_ROOT_MAILER
+		set_perms(PERM_ROOT|PERM_NOEXIT);
+		execve(mpath, argv, root_envp);
+#else
+		set_perms(PERM_FULL_USER|PERM_NOEXIT);
+		execv(mpath, argv);
+#endif /* NO_ROOT_MAILER */
+		mysyslog(LOG_ERR, "cannot execute %s: %m", mpath);
+		_exit(127);
+	    }
+	    break;
+    }
+
+    (void) close(pfd[0]);
+    mail = fdopen(pfd[1], "w");
+
+    /* Pipes are all setup, send message. */
+    (void) fprintf(mail, "To: %s\nFrom: %s\nAuto-Submitted: %s\nSubject: ",
+	def_mailto, def_mailfrom ? def_mailfrom : user_name, "auto-generated");
+    for (p = def_mailsub; *p; p++) {
+	/* Expand escapes in the subject */
+	if (*p == '%' && *(p+1) != '%') {
+	    switch (*(++p)) {
+		case 'h':
+		    (void) fputs(user_host, mail);
+		    break;
+		case 'u':
+		    (void) fputs(user_name, mail);
+		    break;
+		default:
+		    p--;
+		    break;
+	    }
+	} else
+	    (void) fputc(*p, mail);
+    }
+
+    (void) fprintf(mail, "\n\n%s : %s : %s : ", user_host,
+	get_timestr(time(NULL), def_log_year), user_name);
+#ifdef __STDC__
+    va_start(ap, fmt);
+#else
+    va_start(ap);
+#endif
+    (void) vfprintf(mail, fmt, ap);
+    va_end(ap);
+    fputs("\n\n", mail);
+
+    fclose(mail);
+    do {
+#ifdef HAVE_WAITPID
+        rv = waitpid(pid, &status, 0);
+#else
+        rv = wait(&status);
+#endif
+    } while (rv == -1 && errno == EINTR);
+    _exit(0);
+}
+
+/*
+ * Determine whether we should send mail based on "status" and defaults options.
+ */
+static int
+should_mail(status)
+    int status;
+{
+
+    return(def_mail_always || ISSET(status, VALIDATE_ERROR) ||
+	(def_mail_no_user && ISSET(status, FLAG_NO_USER)) ||
+	(def_mail_no_host && ISSET(status, FLAG_NO_HOST)) ||
+	(def_mail_no_perms && !ISSET(status, VALIDATE_OK)));
+}
+
+#define	LL_TTY_STR	"TTY="
+#define	LL_CWD_STR	"PWD="		/* XXX - should be CWD= */
+#define	LL_USER_STR	"USER="
+#define	LL_GROUP_STR	"GROUP="
+#define	LL_ENV_STR	"ENV="
+#define	LL_CMND_STR	"COMMAND="
+#define	LL_TSID_STR	"TSID="
+
+/*
+ * Allocate and fill in a new logline.
+ */
+static char *
+new_logline(message, serrno)
+    const char *message;
+    int serrno;
+{
+    size_t len = 0;
+    char *evstr = NULL;
+    char *errstr = NULL;
+    char *line;
+
+    /*
+     * Compute line length
+     */
+    if (message != NULL)
+	len += strlen(message) + 3;
+    if (serrno) {
+	errstr = strerror(serrno);
+	len += strlen(errstr) + 3;
+    }
+    len += sizeof(LL_TTY_STR) + 2 + strlen(user_tty);
+    len += sizeof(LL_CWD_STR) + 2 + strlen(user_cwd);
+    if (runas_pw != NULL)
+	len += sizeof(LL_USER_STR) + 2 + strlen(runas_pw->pw_name);
+    if (runas_gr != NULL)
+	len += sizeof(LL_GROUP_STR) + 2 + strlen(runas_gr->gr_name);
+    if (sudo_user.sessid[0] != '\0')
+	len += sizeof(LL_TSID_STR) + 2 + strlen(sudo_user.sessid);
+    if (sudo_user.env_vars != NULL) {
+	size_t evlen = 0;
+	struct list_member *cur;
+	for (cur = sudo_user.env_vars; cur != NULL; cur = cur->next)
+	    evlen += strlen(cur->value) + 1;
+	evstr = emalloc(evlen);
+	evstr[0] = '\0';
+	for (cur = sudo_user.env_vars; cur != NULL; cur = cur->next) {
+	    strlcat(evstr, cur->value, evlen);
+	    strlcat(evstr, " ", evlen);	/* NOTE: last one will fail */
+	}
+	len += sizeof(LL_ENV_STR) + 2 + evlen;
+    }
+    len += sizeof(LL_CMND_STR) - 1 + strlen(user_cmnd);
+    if (user_args != NULL)
+	len += strlen(user_args) + 1;
+
+    /*
+     * Allocate and build up the line.
+     */
+    line = emalloc(++len);
+    line[0] = '\0';
+
+    if (message != NULL) {
+	if (strlcat(line, message, len) >= len ||
+	    strlcat(line, errstr ? " : " : " ; ", len) >= len)
+	    goto toobig;
+    }
+    if (serrno) {
+	if (strlcat(line, errstr, len) >= len ||
+	    strlcat(line, " ; ", len) >= len)
+	    goto toobig;
+    }
+    if (strlcat(line, LL_TTY_STR, len) >= len ||
+	strlcat(line, user_tty, len) >= len ||
+	strlcat(line, " ; ", len) >= len)
+	goto toobig;
+    if (strlcat(line, LL_CWD_STR, len) >= len ||
+	strlcat(line, user_cwd, len) >= len ||
+	strlcat(line, " ; ", len) >= len)
+	goto toobig;
+    if (runas_pw != NULL) {
+	if (strlcat(line, LL_USER_STR, len) >= len ||
+	    strlcat(line, runas_pw->pw_name, len) >= len ||
+	    strlcat(line, " ; ", len) >= len)
+	    goto toobig;
+    }
+    if (runas_gr != NULL) {
+	if (strlcat(line, LL_GROUP_STR, len) >= len ||
+	    strlcat(line, runas_gr->gr_name, len) >= len ||
+	    strlcat(line, " ; ", len) >= len)
+	    goto toobig;
+    }
+    if (sudo_user.sessid[0] != '\0') {
+	if (strlcat(line, LL_TSID_STR, len) >= len ||
+	    strlcat(line, sudo_user.sessid, len) >= len ||
+	    strlcat(line, " ; ", len) >= len)
+	    goto toobig;
+    }
+    if (evstr != NULL) {
+	if (strlcat(line, LL_ENV_STR, len) >= len ||
+	    strlcat(line, evstr, len) >= len ||
+	    strlcat(line, " ; ", len) >= len)
+	    goto toobig;
+	efree(evstr);
+    }
+    if (strlcat(line, LL_CMND_STR, len) >= len ||
+	strlcat(line, user_cmnd, len) >= len)
+	goto toobig;
+    if (user_args != NULL) {
+	if (strlcat(line, " ", len) >= len ||
+	    strlcat(line, user_args, len) >= len)
+	    goto toobig;
+    }
+
+    return (line);
+toobig:
+    errorx(1, "internal error: insufficient space for log line");
+}
diff --git a/sudo-1.7.4p4/logging.h b/sudo-1.7.4p4/logging.h
new file mode 100644
index 0000000..c95423e
--- /dev/null
+++ b/sudo-1.7.4p4/logging.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 1999-2005, 2009
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _LOGGING_H
+#define _LOGGING_H
+
+#include <syslog.h>
+#ifdef __STDC__
+# include <stdarg.h>
+#else
+# include <varargs.h>
+#endif
+
+/* Logging types */
+#define SLOG_SYSLOG		0x01
+#define SLOG_FILE		0x02
+#define SLOG_BOTH		0x03
+
+/* Flags for log_error() */
+#define MSG_ONLY		0x01
+#define USE_ERRNO		0x02
+#define NO_MAIL			0x04
+#define NO_EXIT			0x08
+#define NO_STDERR		0x10
+
+/*
+ * Maximum number of characters to log per entry.  The syslogger
+ * will log this much, after that, it truncates the log line.
+ * We need this here to make sure that we continue with another
+ * syslog(3) call if the internal buffer is more than 1023 characters.
+ */
+#ifndef MAXSYSLOGLEN
+# define MAXSYSLOGLEN		960
+#endif
+
+void audit_success		__P((char *[]));
+void audit_failure		__P((char *[], char const * const, ...));
+void log_allowed		__P((int));
+void log_denial			__P((int, int));
+void log_error			__P((int flags, const char *fmt, ...))
+				    __printflike(2, 3);
+RETSIGTYPE reapchild		__P((int));
+
+#endif /* _LOGGING_H */
diff --git a/sudo-1.7.4p4/ltmain.sh b/sudo-1.7.4p4/ltmain.sh
new file mode 100644
index 0000000..a72f2fd
--- /dev/null
+++ b/sudo-1.7.4p4/ltmain.sh
@@ -0,0 +1,8406 @@
+# Generated from ltmain.m4sh.
+
+# ltmain.sh (GNU libtool) 2.2.6b
+# Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, 2007 2008 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.  There is NO
+# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# GNU Libtool is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# As a special exception to the GNU General Public License,
+# if you distribute this file as part of a program or library that
+# is built using GNU Libtool, you may include this file under the
+# same distribution terms that you use for the rest of that program.
+#
+# GNU Libtool is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GNU Libtool; see the file COPYING.  If not, a copy
+# can be downloaded from http://www.gnu.org/licenses/gpl.html,
+# or obtained by writing to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# Usage: $progname [OPTION]... [MODE-ARG]...
+#
+# Provide generalized library-building support services.
+#
+#     --config             show all configuration variables
+#     --debug              enable verbose shell tracing
+# -n, --dry-run            display commands without modifying any files
+#     --features           display basic configuration information and exit
+#     --mode=MODE          use operation mode MODE
+#     --preserve-dup-deps  don't remove duplicate dependency libraries
+#     --quiet, --silent    don't print informational messages
+#     --tag=TAG            use configuration variables from tag TAG
+# -v, --verbose            print informational messages (default)
+#     --version            print version information
+# -h, --help               print short or long help message
+#
+# MODE must be one of the following:
+#
+#       clean              remove files from the build directory
+#       compile            compile a source file into a libtool object
+#       execute            automatically set library path, then run a program
+#       finish             complete the installation of libtool libraries
+#       install            install libraries or executables
+#       link               create a library or an executable
+#       uninstall          remove libraries from an installed directory
+#
+# MODE-ARGS vary depending on the MODE.
+# Try `$progname --help --mode=MODE' for a more detailed description of MODE.
+#
+# When reporting a bug, please describe a test case to reproduce it and
+# include the following information:
+#
+#       host-triplet:	$host
+#       shell:		$SHELL
+#       compiler:		$LTCC
+#       compiler flags:		$LTCFLAGS
+#       linker:		$LD (gnu? $with_gnu_ld)
+#       $progname:		(GNU libtool) 2.2.6b
+#       automake:		$automake_version
+#       autoconf:		$autoconf_version
+#
+# Report bugs to <bug-libtool@gnu.org>.
+
+PROGRAM=ltmain.sh
+PACKAGE=libtool
+VERSION=2.2.6b
+TIMESTAMP=""
+package_revision=1.3017
+
+# Be Bourne compatible
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac
+fi
+BIN_SH=xpg4; export BIN_SH # for Tru64
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# NLS nuisances: We save the old values to restore during execute mode.
+# Only set LANG and LC_ALL to C if already set.
+# These must not be set unconditionally because not all systems understand
+# e.g. LANG=C (notably SCO).
+lt_user_locale=
+lt_safe_locale=
+for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
+do
+  eval "if test \"\${$lt_var+set}\" = set; then
+          save_$lt_var=\$$lt_var
+          $lt_var=C
+	  export $lt_var
+	  lt_user_locale=\"$lt_var=\\\$save_\$lt_var; \$lt_user_locale\"
+	  lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\"
+	fi"
+done
+
+$lt_unset CDPATH
+
+
+
+
+
+: ${CP="cp -f"}
+: ${ECHO="echo"}
+: ${EGREP="/bin/grep -E"}
+: ${FGREP="/bin/grep -F"}
+: ${GREP="/bin/grep"}
+: ${LN_S="ln -s"}
+: ${MAKE="make"}
+: ${MKDIR="mkdir"}
+: ${MV="mv -f"}
+: ${RM="rm -f"}
+: ${SED="/bin/sed"}
+: ${SHELL="${CONFIG_SHELL-/bin/sh}"}
+: ${Xsed="$SED -e 1s/^X//"}
+
+# Global variables:
+EXIT_SUCCESS=0
+EXIT_FAILURE=1
+EXIT_MISMATCH=63  # $? = 63 is used to indicate version mismatch to missing.
+EXIT_SKIP=77	  # $? = 77 is used to indicate a skipped test to automake.
+
+exit_status=$EXIT_SUCCESS
+
+# Make sure IFS has a sensible default
+lt_nl='
+'
+IFS=" 	$lt_nl"
+
+dirname="s,/[^/]*$,,"
+basename="s,^.*/,,"
+
+# func_dirname_and_basename file append nondir_replacement
+# perform func_basename and func_dirname in a single function
+# call:
+#   dirname:  Compute the dirname of FILE.  If nonempty,
+#             add APPEND to the result, otherwise set result
+#             to NONDIR_REPLACEMENT.
+#             value returned in "$func_dirname_result"
+#   basename: Compute filename of FILE.
+#             value retuned in "$func_basename_result"
+# Implementation must be kept synchronized with func_dirname
+# and func_basename. For efficiency, we do not delegate to
+# those functions but instead duplicate the functionality here.
+func_dirname_and_basename ()
+{
+  # Extract subdirectory from the argument.
+  func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"`
+  if test "X$func_dirname_result" = "X${1}"; then
+    func_dirname_result="${3}"
+  else
+    func_dirname_result="$func_dirname_result${2}"
+  fi
+  func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"`
+}
+
+# Generated shell functions inserted here.
+
+# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh
+# is ksh but when the shell is invoked as "sh" and the current value of
+# the _XPG environment variable is not equal to 1 (one), the special
+# positional parameter $0, within a function call, is the name of the
+# function.
+progpath="$0"
+
+# The name of this program:
+# In the unlikely event $progname began with a '-', it would play havoc with
+# func_echo (imagine progname=-n), so we prepend ./ in that case:
+func_dirname_and_basename "$progpath"
+progname=$func_basename_result
+case $progname in
+  -*) progname=./$progname ;;
+esac
+
+# Make sure we have an absolute path for reexecution:
+case $progpath in
+  [\\/]*|[A-Za-z]:\\*) ;;
+  *[\\/]*)
+     progdir=$func_dirname_result
+     progdir=`cd "$progdir" && pwd`
+     progpath="$progdir/$progname"
+     ;;
+  *)
+     save_IFS="$IFS"
+     IFS=:
+     for progdir in $PATH; do
+       IFS="$save_IFS"
+       test -x "$progdir/$progname" && break
+     done
+     IFS="$save_IFS"
+     test -n "$progdir" || progdir=`pwd`
+     progpath="$progdir/$progname"
+     ;;
+esac
+
+# Sed substitution that helps us do robust quoting.  It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed="${SED}"' -e 1s/^X//'
+sed_quote_subst='s/\([`"$\\]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\(["`\\]\)/\\\1/g'
+
+# Re-`\' parameter expansions in output of double_quote_subst that were
+# `\'-ed in input to the same.  If an odd number of `\' preceded a '$'
+# in input to double_quote_subst, that '$' was protected from expansion.
+# Since each input `\' is now two `\'s, look for any number of runs of
+# four `\'s followed by two `\'s and then a '$'.  `\' that '$'.
+bs='\\'
+bs2='\\\\'
+bs4='\\\\\\\\'
+dollar='\$'
+sed_double_backslash="\
+  s/$bs4/&\\
+/g
+  s/^$bs2$dollar/$bs&/
+  s/\\([^$bs]\\)$bs2$dollar/\\1$bs2$bs$dollar/g
+  s/\n//g"
+
+# Standard options:
+opt_dry_run=false
+opt_help=false
+opt_quiet=false
+opt_verbose=false
+opt_warning=:
+
+# func_echo arg...
+# Echo program name prefixed message, along with the current mode
+# name if it has been set yet.
+func_echo ()
+{
+    $ECHO "$progname${mode+: }$mode: $*"
+}
+
+# func_verbose arg...
+# Echo program name prefixed message in verbose mode only.
+func_verbose ()
+{
+    $opt_verbose && func_echo ${1+"$@"}
+
+    # A bug in bash halts the script if the last line of a function
+    # fails when set -e is in force, so we need another command to
+    # work around that:
+    :
+}
+
+# func_error arg...
+# Echo program name prefixed message to standard error.
+func_error ()
+{
+    $ECHO "$progname${mode+: }$mode: "${1+"$@"} 1>&2
+}
+
+# func_warning arg...
+# Echo program name prefixed warning message to standard error.
+func_warning ()
+{
+    $opt_warning && $ECHO "$progname${mode+: }$mode: warning: "${1+"$@"} 1>&2
+
+    # bash bug again:
+    :
+}
+
+# func_fatal_error arg...
+# Echo program name prefixed message to standard error, and exit.
+func_fatal_error ()
+{
+    func_error ${1+"$@"}
+    exit $EXIT_FAILURE
+}
+
+# func_fatal_help arg...
+# Echo program name prefixed message to standard error, followed by
+# a help hint, and exit.
+func_fatal_help ()
+{
+    func_error ${1+"$@"}
+    func_fatal_error "$help"
+}
+help="Try \`$progname --help' for more information."  ## default
+
+
+# func_grep expression filename
+# Check whether EXPRESSION matches any line of FILENAME, without output.
+func_grep ()
+{
+    $GREP "$1" "$2" >/dev/null 2>&1
+}
+
+
+# func_mkdir_p directory-path
+# Make sure the entire path to DIRECTORY-PATH is available.
+func_mkdir_p ()
+{
+    my_directory_path="$1"
+    my_dir_list=
+
+    if test -n "$my_directory_path" && test "$opt_dry_run" != ":"; then
+
+      # Protect directory names starting with `-'
+      case $my_directory_path in
+        -*) my_directory_path="./$my_directory_path" ;;
+      esac
+
+      # While some portion of DIR does not yet exist...
+      while test ! -d "$my_directory_path"; do
+        # ...make a list in topmost first order.  Use a colon delimited
+	# list incase some portion of path contains whitespace.
+        my_dir_list="$my_directory_path:$my_dir_list"
+
+        # If the last portion added has no slash in it, the list is done
+        case $my_directory_path in */*) ;; *) break ;; esac
+
+        # ...otherwise throw away the child directory and loop
+        my_directory_path=`$ECHO "X$my_directory_path" | $Xsed -e "$dirname"`
+      done
+      my_dir_list=`$ECHO "X$my_dir_list" | $Xsed -e 's,:*$,,'`
+
+      save_mkdir_p_IFS="$IFS"; IFS=':'
+      for my_dir in $my_dir_list; do
+	IFS="$save_mkdir_p_IFS"
+        # mkdir can fail with a `File exist' error if two processes
+        # try to create one of the directories concurrently.  Don't
+        # stop in that case!
+        $MKDIR "$my_dir" 2>/dev/null || :
+      done
+      IFS="$save_mkdir_p_IFS"
+
+      # Bail out if we (or some other process) failed to create a directory.
+      test -d "$my_directory_path" || \
+        func_fatal_error "Failed to create \`$1'"
+    fi
+}
+
+
+# func_mktempdir [string]
+# Make a temporary directory that won't clash with other running
+# libtool processes, and avoids race conditions if possible.  If
+# given, STRING is the basename for that directory.
+func_mktempdir ()
+{
+    my_template="${TMPDIR-/tmp}/${1-$progname}"
+
+    if test "$opt_dry_run" = ":"; then
+      # Return a directory name, but don't create it in dry-run mode
+      my_tmpdir="${my_template}-$$"
+    else
+
+      # If mktemp works, use that first and foremost
+      my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null`
+
+      if test ! -d "$my_tmpdir"; then
+        # Failing that, at least try and use $RANDOM to avoid a race
+        my_tmpdir="${my_template}-${RANDOM-0}$$"
+
+        save_mktempdir_umask=`umask`
+        umask 0077
+        $MKDIR "$my_tmpdir"
+        umask $save_mktempdir_umask
+      fi
+
+      # If we're not in dry-run mode, bomb out on failure
+      test -d "$my_tmpdir" || \
+        func_fatal_error "cannot create temporary directory \`$my_tmpdir'"
+    fi
+
+    $ECHO "X$my_tmpdir" | $Xsed
+}
+
+
+# func_quote_for_eval arg
+# Aesthetically quote ARG to be evaled later.
+# This function returns two values: FUNC_QUOTE_FOR_EVAL_RESULT
+# is double-quoted, suitable for a subsequent eval, whereas
+# FUNC_QUOTE_FOR_EVAL_UNQUOTED_RESULT has merely all characters
+# which are still active within double quotes backslashified.
+func_quote_for_eval ()
+{
+    case $1 in
+      *[\\\`\"\$]*)
+	func_quote_for_eval_unquoted_result=`$ECHO "X$1" | $Xsed -e "$sed_quote_subst"` ;;
+      *)
+        func_quote_for_eval_unquoted_result="$1" ;;
+    esac
+
+    case $func_quote_for_eval_unquoted_result in
+      # Double-quote args containing shell metacharacters to delay
+      # word splitting, command substitution and and variable
+      # expansion for a subsequent eval.
+      # Many Bourne shells cannot handle close brackets correctly
+      # in scan sets, so we specify it separately.
+      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+        func_quote_for_eval_result="\"$func_quote_for_eval_unquoted_result\""
+        ;;
+      *)
+        func_quote_for_eval_result="$func_quote_for_eval_unquoted_result"
+    esac
+}
+
+
+# func_quote_for_expand arg
+# Aesthetically quote ARG to be evaled later; same as above,
+# but do not quote variable references.
+func_quote_for_expand ()
+{
+    case $1 in
+      *[\\\`\"]*)
+	my_arg=`$ECHO "X$1" | $Xsed \
+	    -e "$double_quote_subst" -e "$sed_double_backslash"` ;;
+      *)
+        my_arg="$1" ;;
+    esac
+
+    case $my_arg in
+      # Double-quote args containing shell metacharacters to delay
+      # word splitting and command substitution for a subsequent eval.
+      # Many Bourne shells cannot handle close brackets correctly
+      # in scan sets, so we specify it separately.
+      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+        my_arg="\"$my_arg\""
+        ;;
+    esac
+
+    func_quote_for_expand_result="$my_arg"
+}
+
+
+# func_show_eval cmd [fail_exp]
+# Unless opt_silent is true, then output CMD.  Then, if opt_dryrun is
+# not true, evaluate CMD.  If the evaluation of CMD fails, and FAIL_EXP
+# is given, then evaluate it.
+func_show_eval ()
+{
+    my_cmd="$1"
+    my_fail_exp="${2-:}"
+
+    ${opt_silent-false} || {
+      func_quote_for_expand "$my_cmd"
+      eval "func_echo $func_quote_for_expand_result"
+    }
+
+    if ${opt_dry_run-false}; then :; else
+      eval "$my_cmd"
+      my_status=$?
+      if test "$my_status" -eq 0; then :; else
+	eval "(exit $my_status); $my_fail_exp"
+      fi
+    fi
+}
+
+
+# func_show_eval_locale cmd [fail_exp]
+# Unless opt_silent is true, then output CMD.  Then, if opt_dryrun is
+# not true, evaluate CMD.  If the evaluation of CMD fails, and FAIL_EXP
+# is given, then evaluate it.  Use the saved locale for evaluation.
+func_show_eval_locale ()
+{
+    my_cmd="$1"
+    my_fail_exp="${2-:}"
+
+    ${opt_silent-false} || {
+      func_quote_for_expand "$my_cmd"
+      eval "func_echo $func_quote_for_expand_result"
+    }
+
+    if ${opt_dry_run-false}; then :; else
+      eval "$lt_user_locale
+	    $my_cmd"
+      my_status=$?
+      eval "$lt_safe_locale"
+      if test "$my_status" -eq 0; then :; else
+	eval "(exit $my_status); $my_fail_exp"
+      fi
+    fi
+}
+
+
+
+
+
+# func_version
+# Echo version message to standard output and exit.
+func_version ()
+{
+    $SED -n '/^# '$PROGRAM' (GNU /,/# warranty; / {
+        s/^# //
+	s/^# *$//
+        s/\((C)\)[ 0-9,-]*\( [1-9][0-9]*\)/\1\2/
+        p
+     }' < "$progpath"
+     exit $?
+}
+
+# func_usage
+# Echo short help message to standard output and exit.
+func_usage ()
+{
+    $SED -n '/^# Usage:/,/# -h/ {
+        s/^# //
+	s/^# *$//
+	s/\$progname/'$progname'/
+	p
+    }' < "$progpath"
+    $ECHO
+    $ECHO "run \`$progname --help | more' for full usage"
+    exit $?
+}
+
+# func_help
+# Echo long help message to standard output and exit.
+func_help ()
+{
+    $SED -n '/^# Usage:/,/# Report bugs to/ {
+        s/^# //
+	s/^# *$//
+	s*\$progname*'$progname'*
+	s*\$host*'"$host"'*
+	s*\$SHELL*'"$SHELL"'*
+	s*\$LTCC*'"$LTCC"'*
+	s*\$LTCFLAGS*'"$LTCFLAGS"'*
+	s*\$LD*'"$LD"'*
+	s/\$with_gnu_ld/'"$with_gnu_ld"'/
+	s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/
+	s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/
+	p
+     }' < "$progpath"
+    exit $?
+}
+
+# func_missing_arg argname
+# Echo program name prefixed message to standard error and set global
+# exit_cmd.
+func_missing_arg ()
+{
+    func_error "missing argument for $1"
+    exit_cmd=exit
+}
+
+exit_cmd=:
+
+
+
+
+
+# Check that we have a working $ECHO.
+if test "X$1" = X--no-reexec; then
+  # Discard the --no-reexec flag, and continue.
+  shift
+elif test "X$1" = X--fallback-echo; then
+  # Avoid inline document here, it may be left over
+  :
+elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t'; then
+  # Yippee, $ECHO works!
+  :
+else
+  # Restart under the correct shell, and then maybe $ECHO will work.
+  exec $SHELL "$progpath" --no-reexec ${1+"$@"}
+fi
+
+if test "X$1" = X--fallback-echo; then
+  # used as fallback echo
+  shift
+  cat <<EOF
+$*
+EOF
+  exit $EXIT_SUCCESS
+fi
+
+magic="%%%MAGIC variable%%%"
+magic_exe="%%%MAGIC EXE variable%%%"
+
+# Global variables.
+# $mode is unset
+nonopt=
+execute_dlfiles=
+preserve_args=
+lo2o="s/\\.lo\$/.${objext}/"
+o2lo="s/\\.${objext}\$/.lo/"
+extracted_archives=
+extracted_serial=0
+
+opt_dry_run=false
+opt_duplicate_deps=false
+opt_silent=false
+opt_debug=:
+
+# If this variable is set in any of the actions, the command in it
+# will be execed at the end.  This prevents here-documents from being
+# left over by shells.
+exec_cmd=
+
+# func_fatal_configuration arg...
+# Echo program name prefixed message to standard error, followed by
+# a configuration failure hint, and exit.
+func_fatal_configuration ()
+{
+    func_error ${1+"$@"}
+    func_error "See the $PACKAGE documentation for more information."
+    func_fatal_error "Fatal configuration error."
+}
+
+
+# func_config
+# Display the configuration for all the tags in this script.
+func_config ()
+{
+    re_begincf='^# ### BEGIN LIBTOOL'
+    re_endcf='^# ### END LIBTOOL'
+
+    # Default configuration.
+    $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath"
+
+    # Now print the configurations for the tags.
+    for tagname in $taglist; do
+      $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath"
+    done
+
+    exit $?
+}
+
+# func_features
+# Display the features supported by this script.
+func_features ()
+{
+    $ECHO "host: $host"
+    if test "$build_libtool_libs" = yes; then
+      $ECHO "enable shared libraries"
+    else
+      $ECHO "disable shared libraries"
+    fi
+    if test "$build_old_libs" = yes; then
+      $ECHO "enable static libraries"
+    else
+      $ECHO "disable static libraries"
+    fi
+
+    exit $?
+}
+
+# func_enable_tag tagname
+# Verify that TAGNAME is valid, and either flag an error and exit, or
+# enable the TAGNAME tag.  We also add TAGNAME to the global $taglist
+# variable here.
+func_enable_tag ()
+{
+  # Global variable:
+  tagname="$1"
+
+  re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$"
+  re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$"
+  sed_extractcf="/$re_begincf/,/$re_endcf/p"
+
+  # Validate tagname.
+  case $tagname in
+    *[!-_A-Za-z0-9,/]*)
+      func_fatal_error "invalid tag name: $tagname"
+      ;;
+  esac
+
+  # Don't test for the "default" C tag, as we know it's
+  # there but not specially marked.
+  case $tagname in
+    CC) ;;
+    *)
+      if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then
+	taglist="$taglist $tagname"
+
+	# Evaluate the configuration.  Be careful to quote the path
+	# and the sed script, to avoid splitting on whitespace, but
+	# also don't use non-portable quotes within backquotes within
+	# quotes we have to do it in 2 steps:
+	extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"`
+	eval "$extractedcf"
+      else
+	func_error "ignoring unknown tag $tagname"
+      fi
+      ;;
+  esac
+}
+
+# Parse options once, thoroughly.  This comes as soon as possible in
+# the script to make things like `libtool --version' happen quickly.
+{
+
+  # Shorthand for --mode=foo, only valid as the first argument
+  case $1 in
+  clean|clea|cle|cl)
+    shift; set dummy --mode clean ${1+"$@"}; shift
+    ;;
+  compile|compil|compi|comp|com|co|c)
+    shift; set dummy --mode compile ${1+"$@"}; shift
+    ;;
+  execute|execut|execu|exec|exe|ex|e)
+    shift; set dummy --mode execute ${1+"$@"}; shift
+    ;;
+  finish|finis|fini|fin|fi|f)
+    shift; set dummy --mode finish ${1+"$@"}; shift
+    ;;
+  install|instal|insta|inst|ins|in|i)
+    shift; set dummy --mode install ${1+"$@"}; shift
+    ;;
+  link|lin|li|l)
+    shift; set dummy --mode link ${1+"$@"}; shift
+    ;;
+  uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u)
+    shift; set dummy --mode uninstall ${1+"$@"}; shift
+    ;;
+  esac
+
+  # Parse non-mode specific arguments:
+  while test "$#" -gt 0; do
+    opt="$1"
+    shift
+
+    case $opt in
+      --config)		func_config					;;
+
+      --debug)		preserve_args="$preserve_args $opt"
+			func_echo "enabling shell trace mode"
+			opt_debug='set -x'
+			$opt_debug
+			;;
+
+      -dlopen)		test "$#" -eq 0 && func_missing_arg "$opt" && break
+			execute_dlfiles="$execute_dlfiles $1"
+			shift
+			;;
+
+      --dry-run | -n)	opt_dry_run=:					;;
+      --features)       func_features					;;
+      --finish)		mode="finish"					;;
+
+      --mode)		test "$#" -eq 0 && func_missing_arg "$opt" && break
+			case $1 in
+			  # Valid mode arguments:
+			  clean)	;;
+			  compile)	;;
+			  execute)	;;
+			  finish)	;;
+			  install)	;;
+			  link)		;;
+			  relink)	;;
+			  uninstall)	;;
+
+			  # Catch anything else as an error
+			  *) func_error "invalid argument for $opt"
+			     exit_cmd=exit
+			     break
+			     ;;
+		        esac
+
+			mode="$1"
+			shift
+			;;
+
+      --preserve-dup-deps)
+			opt_duplicate_deps=:				;;
+
+      --quiet|--silent)	preserve_args="$preserve_args $opt"
+			opt_silent=:
+			;;
+
+      --verbose| -v)	preserve_args="$preserve_args $opt"
+			opt_silent=false
+			;;
+
+      --tag)		test "$#" -eq 0 && func_missing_arg "$opt" && break
+			preserve_args="$preserve_args $opt $1"
+			func_enable_tag "$1"	# tagname is set here
+			shift
+			;;
+
+      # Separate optargs to long options:
+      -dlopen=*|--mode=*|--tag=*)
+			func_opt_split "$opt"
+			set dummy "$func_opt_split_opt" "$func_opt_split_arg" ${1+"$@"}
+			shift
+			;;
+
+      -\?|-h)		func_usage					;;
+      --help)		opt_help=:					;;
+      --version)	func_version					;;
+
+      -*)		func_fatal_help "unrecognized option \`$opt'"	;;
+
+      *)		nonopt="$opt"
+			break
+			;;
+    esac
+  done
+
+
+  case $host in
+    *cygwin* | *mingw* | *pw32* | *cegcc*)
+      # don't eliminate duplications in $postdeps and $predeps
+      opt_duplicate_compiler_generated_deps=:
+      ;;
+    *)
+      opt_duplicate_compiler_generated_deps=$opt_duplicate_deps
+      ;;
+  esac
+
+  # Having warned about all mis-specified options, bail out if
+  # anything was wrong.
+  $exit_cmd $EXIT_FAILURE
+}
+
+# func_check_version_match
+# Ensure that we are using m4 macros, and libtool script from the same
+# release of libtool.
+func_check_version_match ()
+{
+  if test "$package_revision" != "$macro_revision"; then
+    if test "$VERSION" != "$macro_version"; then
+      if test -z "$macro_version"; then
+        cat >&2 <<_LT_EOF
+$progname: Version mismatch error.  This is $PACKAGE $VERSION, but the
+$progname: definition of this LT_INIT comes from an older release.
+$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
+$progname: and run autoconf again.
+_LT_EOF
+      else
+        cat >&2 <<_LT_EOF
+$progname: Version mismatch error.  This is $PACKAGE $VERSION, but the
+$progname: definition of this LT_INIT comes from $PACKAGE $macro_version.
+$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
+$progname: and run autoconf again.
+_LT_EOF
+      fi
+    else
+      cat >&2 <<_LT_EOF
+$progname: Version mismatch error.  This is $PACKAGE $VERSION, revision $package_revision,
+$progname: but the definition of this LT_INIT comes from revision $macro_revision.
+$progname: You should recreate aclocal.m4 with macros from revision $package_revision
+$progname: of $PACKAGE $VERSION and run autoconf again.
+_LT_EOF
+    fi
+
+    exit $EXIT_MISMATCH
+  fi
+}
+
+
+## ----------- ##
+##    Main.    ##
+## ----------- ##
+
+$opt_help || {
+  # Sanity checks first:
+  func_check_version_match
+
+  if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then
+    func_fatal_configuration "not configured to build any kind of library"
+  fi
+
+  test -z "$mode" && func_fatal_error "error: you must specify a MODE."
+
+
+  # Darwin sucks
+  eval std_shrext=\"$shrext_cmds\"
+
+
+  # Only execute mode is allowed to have -dlopen flags.
+  if test -n "$execute_dlfiles" && test "$mode" != execute; then
+    func_error "unrecognized option \`-dlopen'"
+    $ECHO "$help" 1>&2
+    exit $EXIT_FAILURE
+  fi
+
+  # Change the help message to a mode-specific one.
+  generic_help="$help"
+  help="Try \`$progname --help --mode=$mode' for more information."
+}
+
+
+# func_lalib_p file
+# True iff FILE is a libtool `.la' library or `.lo' object file.
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_lalib_p ()
+{
+    test -f "$1" &&
+      $SED -e 4q "$1" 2>/dev/null \
+        | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1
+}
+
+# func_lalib_unsafe_p file
+# True iff FILE is a libtool `.la' library or `.lo' object file.
+# This function implements the same check as func_lalib_p without
+# resorting to external programs.  To this end, it redirects stdin and
+# closes it afterwards, without saving the original file descriptor.
+# As a safety measure, use it only where a negative result would be
+# fatal anyway.  Works if `file' does not exist.
+func_lalib_unsafe_p ()
+{
+    lalib_p=no
+    if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then
+	for lalib_p_l in 1 2 3 4
+	do
+	    read lalib_p_line
+	    case "$lalib_p_line" in
+		\#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;;
+	    esac
+	done
+	exec 0<&5 5<&-
+    fi
+    test "$lalib_p" = yes
+}
+
+# func_ltwrapper_script_p file
+# True iff FILE is a libtool wrapper script
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_script_p ()
+{
+    func_lalib_p "$1"
+}
+
+# func_ltwrapper_executable_p file
+# True iff FILE is a libtool wrapper executable
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_executable_p ()
+{
+    func_ltwrapper_exec_suffix=
+    case $1 in
+    *.exe) ;;
+    *) func_ltwrapper_exec_suffix=.exe ;;
+    esac
+    $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1
+}
+
+# func_ltwrapper_scriptname file
+# Assumes file is an ltwrapper_executable
+# uses $file to determine the appropriate filename for a
+# temporary ltwrapper_script.
+func_ltwrapper_scriptname ()
+{
+    func_ltwrapper_scriptname_result=""
+    if func_ltwrapper_executable_p "$1"; then
+	func_dirname_and_basename "$1" "" "."
+	func_stripname '' '.exe' "$func_basename_result"
+	func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper"
+    fi
+}
+
+# func_ltwrapper_p file
+# True iff FILE is a libtool wrapper script or wrapper executable
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_p ()
+{
+    func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1"
+}
+
+
+# func_execute_cmds commands fail_cmd
+# Execute tilde-delimited COMMANDS.
+# If FAIL_CMD is given, eval that upon failure.
+# FAIL_CMD may read-access the current command in variable CMD!
+func_execute_cmds ()
+{
+    $opt_debug
+    save_ifs=$IFS; IFS='~'
+    for cmd in $1; do
+      IFS=$save_ifs
+      eval cmd=\"$cmd\"
+      func_show_eval "$cmd" "${2-:}"
+    done
+    IFS=$save_ifs
+}
+
+
+# func_source file
+# Source FILE, adding directory component if necessary.
+# Note that it is not necessary on cygwin/mingw to append a dot to
+# FILE even if both FILE and FILE.exe exist: automatic-append-.exe
+# behavior happens only for exec(3), not for open(2)!  Also, sourcing
+# `FILE.' does not work on cygwin managed mounts.
+func_source ()
+{
+    $opt_debug
+    case $1 in
+    */* | *\\*)	. "$1" ;;
+    *)		. "./$1" ;;
+    esac
+}
+
+
+# func_infer_tag arg
+# Infer tagged configuration to use if any are available and
+# if one wasn't chosen via the "--tag" command line option.
+# Only attempt this if the compiler in the base compile
+# command doesn't match the default compiler.
+# arg is usually of the form 'gcc ...'
+func_infer_tag ()
+{
+    $opt_debug
+    if test -n "$available_tags" && test -z "$tagname"; then
+      CC_quoted=
+      for arg in $CC; do
+        func_quote_for_eval "$arg"
+	CC_quoted="$CC_quoted $func_quote_for_eval_result"
+      done
+      case $@ in
+      # Blanks in the command may have been stripped by the calling shell,
+      # but not from the CC environment variable when configure was run.
+      " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*) ;;
+      # Blanks at the start of $base_compile will cause this to fail
+      # if we don't check for them as well.
+      *)
+	for z in $available_tags; do
+	  if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then
+	    # Evaluate the configuration.
+	    eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`"
+	    CC_quoted=
+	    for arg in $CC; do
+	      # Double-quote args containing other shell metacharacters.
+	      func_quote_for_eval "$arg"
+	      CC_quoted="$CC_quoted $func_quote_for_eval_result"
+	    done
+	    case "$@ " in
+	      " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*)
+	      # The compiler in the base compile command matches
+	      # the one in the tagged configuration.
+	      # Assume this is the tagged configuration we want.
+	      tagname=$z
+	      break
+	      ;;
+	    esac
+	  fi
+	done
+	# If $tagname still isn't set, then no tagged configuration
+	# was found and let the user know that the "--tag" command
+	# line option must be used.
+	if test -z "$tagname"; then
+	  func_echo "unable to infer tagged configuration"
+	  func_fatal_error "specify a tag with \`--tag'"
+#	else
+#	  func_verbose "using $tagname tagged configuration"
+	fi
+	;;
+      esac
+    fi
+}
+
+
+
+# func_write_libtool_object output_name pic_name nonpic_name
+# Create a libtool object file (analogous to a ".la" file),
+# but don't create it if we're doing a dry run.
+func_write_libtool_object ()
+{
+    write_libobj=${1}
+    if test "$build_libtool_libs" = yes; then
+      write_lobj=\'${2}\'
+    else
+      write_lobj=none
+    fi
+
+    if test "$build_old_libs" = yes; then
+      write_oldobj=\'${3}\'
+    else
+      write_oldobj=none
+    fi
+
+    $opt_dry_run || {
+      cat >${write_libobj}T <<EOF
+# $write_libobj - a libtool object file
+# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# Name of the PIC object.
+pic_object=$write_lobj
+
+# Name of the non-PIC object
+non_pic_object=$write_oldobj
+
+EOF
+      $MV "${write_libobj}T" "${write_libobj}"
+    }
+}
+
+# func_mode_compile arg...
+func_mode_compile ()
+{
+    $opt_debug
+    # Get the compilation command and the source file.
+    base_compile=
+    srcfile="$nonopt"  #  always keep a non-empty value in "srcfile"
+    suppress_opt=yes
+    suppress_output=
+    arg_mode=normal
+    libobj=
+    later=
+    pie_flag=
+
+    for arg
+    do
+      case $arg_mode in
+      arg  )
+	# do not "continue".  Instead, add this to base_compile
+	lastarg="$arg"
+	arg_mode=normal
+	;;
+
+      target )
+	libobj="$arg"
+	arg_mode=normal
+	continue
+	;;
+
+      normal )
+	# Accept any command-line options.
+	case $arg in
+	-o)
+	  test -n "$libobj" && \
+	    func_fatal_error "you cannot specify \`-o' more than once"
+	  arg_mode=target
+	  continue
+	  ;;
+
+	-pie | -fpie | -fPIE)
+          pie_flag="$pie_flag $arg"
+	  continue
+	  ;;
+
+	-shared | -static | -prefer-pic | -prefer-non-pic)
+	  later="$later $arg"
+	  continue
+	  ;;
+
+	-no-suppress)
+	  suppress_opt=no
+	  continue
+	  ;;
+
+	-Xcompiler)
+	  arg_mode=arg  #  the next one goes into the "base_compile" arg list
+	  continue      #  The current "srcfile" will either be retained or
+	  ;;            #  replaced later.  I would guess that would be a bug.
+
+	-Wc,*)
+	  func_stripname '-Wc,' '' "$arg"
+	  args=$func_stripname_result
+	  lastarg=
+	  save_ifs="$IFS"; IFS=','
+	  for arg in $args; do
+	    IFS="$save_ifs"
+	    func_quote_for_eval "$arg"
+	    lastarg="$lastarg $func_quote_for_eval_result"
+	  done
+	  IFS="$save_ifs"
+	  func_stripname ' ' '' "$lastarg"
+	  lastarg=$func_stripname_result
+
+	  # Add the arguments to base_compile.
+	  base_compile="$base_compile $lastarg"
+	  continue
+	  ;;
+
+	*)
+	  # Accept the current argument as the source file.
+	  # The previous "srcfile" becomes the current argument.
+	  #
+	  lastarg="$srcfile"
+	  srcfile="$arg"
+	  ;;
+	esac  #  case $arg
+	;;
+      esac    #  case $arg_mode
+
+      # Aesthetically quote the previous argument.
+      func_quote_for_eval "$lastarg"
+      base_compile="$base_compile $func_quote_for_eval_result"
+    done # for arg
+
+    case $arg_mode in
+    arg)
+      func_fatal_error "you must specify an argument for -Xcompile"
+      ;;
+    target)
+      func_fatal_error "you must specify a target with \`-o'"
+      ;;
+    *)
+      # Get the name of the library object.
+      test -z "$libobj" && {
+	func_basename "$srcfile"
+	libobj="$func_basename_result"
+      }
+      ;;
+    esac
+
+    # Recognize several different file suffixes.
+    # If the user specifies -o file.o, it is replaced with file.lo
+    case $libobj in
+    *.[cCFSifmso] | \
+    *.ada | *.adb | *.ads | *.asm | \
+    *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \
+    *.[fF][09]? | *.for | *.java | *.obj | *.sx)
+      func_xform "$libobj"
+      libobj=$func_xform_result
+      ;;
+    esac
+
+    case $libobj in
+    *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;;
+    *)
+      func_fatal_error "cannot determine name of library object from \`$libobj'"
+      ;;
+    esac
+
+    func_infer_tag $base_compile
+
+    for arg in $later; do
+      case $arg in
+      -shared)
+	test "$build_libtool_libs" != yes && \
+	  func_fatal_configuration "can not build a shared library"
+	build_old_libs=no
+	continue
+	;;
+
+      -static)
+	build_libtool_libs=no
+	build_old_libs=yes
+	continue
+	;;
+
+      -prefer-pic)
+	pic_mode=yes
+	continue
+	;;
+
+      -prefer-non-pic)
+	pic_mode=no
+	continue
+	;;
+      esac
+    done
+
+    func_quote_for_eval "$libobj"
+    test "X$libobj" != "X$func_quote_for_eval_result" \
+      && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"'	 &()|`$[]' \
+      && func_warning "libobj name \`$libobj' may not contain shell special characters."
+    func_dirname_and_basename "$obj" "/" ""
+    objname="$func_basename_result"
+    xdir="$func_dirname_result"
+    lobj=${xdir}$objdir/$objname
+
+    test -z "$base_compile" && \
+      func_fatal_help "you must specify a compilation command"
+
+    # Delete any leftover library objects.
+    if test "$build_old_libs" = yes; then
+      removelist="$obj $lobj $libobj ${libobj}T"
+    else
+      removelist="$lobj $libobj ${libobj}T"
+    fi
+
+    # On Cygwin there's no "real" PIC flag so we must build both object types
+    case $host_os in
+    cygwin* | mingw* | pw32* | os2* | cegcc*)
+      pic_mode=default
+      ;;
+    esac
+    if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then
+      # non-PIC code in shared libraries is not supported
+      pic_mode=default
+    fi
+
+    # Calculate the filename of the output object if compiler does
+    # not support -o with -c
+    if test "$compiler_c_o" = no; then
+      output_obj=`$ECHO "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext}
+      lockfile="$output_obj.lock"
+    else
+      output_obj=
+      need_locks=no
+      lockfile=
+    fi
+
+    # Lock this critical section if it is needed
+    # We use this script file to make the link, it avoids creating a new file
+    if test "$need_locks" = yes; then
+      until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do
+	func_echo "Waiting for $lockfile to be removed"
+	sleep 2
+      done
+    elif test "$need_locks" = warn; then
+      if test -f "$lockfile"; then
+	$ECHO "\
+*** ERROR, $lockfile exists and contains:
+`cat $lockfile 2>/dev/null`
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together.  If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+	$opt_dry_run || $RM $removelist
+	exit $EXIT_FAILURE
+      fi
+      removelist="$removelist $output_obj"
+      $ECHO "$srcfile" > "$lockfile"
+    fi
+
+    $opt_dry_run || $RM $removelist
+    removelist="$removelist $lockfile"
+    trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15
+
+    if test -n "$fix_srcfile_path"; then
+      eval srcfile=\"$fix_srcfile_path\"
+    fi
+    func_quote_for_eval "$srcfile"
+    qsrcfile=$func_quote_for_eval_result
+
+    # Only build a PIC object if we are building libtool libraries.
+    if test "$build_libtool_libs" = yes; then
+      # Without this assignment, base_compile gets emptied.
+      fbsd_hideous_sh_bug=$base_compile
+
+      if test "$pic_mode" != no; then
+	command="$base_compile $qsrcfile $pic_flag"
+      else
+	# Don't build PIC code
+	command="$base_compile $qsrcfile"
+      fi
+
+      func_mkdir_p "$xdir$objdir"
+
+      if test -z "$output_obj"; then
+	# Place PIC objects in $objdir
+	command="$command -o $lobj"
+      fi
+
+      func_show_eval_locale "$command"	\
+          'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE'
+
+      if test "$need_locks" = warn &&
+	 test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+	$ECHO "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together.  If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+	$opt_dry_run || $RM $removelist
+	exit $EXIT_FAILURE
+      fi
+
+      # Just move the object if needed, then go on to compile the next one
+      if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then
+	func_show_eval '$MV "$output_obj" "$lobj"' \
+	  'error=$?; $opt_dry_run || $RM $removelist; exit $error'
+      fi
+
+      # Allow error messages only from the first compilation.
+      if test "$suppress_opt" = yes; then
+	suppress_output=' >/dev/null 2>&1'
+      fi
+    fi
+
+    # Only build a position-dependent object if we build old libraries.
+    if test "$build_old_libs" = yes; then
+      if test "$pic_mode" != yes; then
+	# Don't build PIC code
+	command="$base_compile $qsrcfile$pie_flag"
+      else
+	command="$base_compile $qsrcfile $pic_flag"
+      fi
+      if test "$compiler_c_o" = yes; then
+	command="$command -o $obj"
+      fi
+
+      # Suppress compiler output if we already did a PIC compilation.
+      command="$command$suppress_output"
+      func_show_eval_locale "$command" \
+        '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE'
+
+      if test "$need_locks" = warn &&
+	 test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+	$ECHO "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together.  If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+	$opt_dry_run || $RM $removelist
+	exit $EXIT_FAILURE
+      fi
+
+      # Just move the object if needed
+      if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then
+	func_show_eval '$MV "$output_obj" "$obj"' \
+	  'error=$?; $opt_dry_run || $RM $removelist; exit $error'
+      fi
+    fi
+
+    $opt_dry_run || {
+      func_write_libtool_object "$libobj" "$objdir/$objname" "$objname"
+
+      # Unlock the critical section if it was locked
+      if test "$need_locks" != no; then
+	removelist=$lockfile
+        $RM "$lockfile"
+      fi
+    }
+
+    exit $EXIT_SUCCESS
+}
+
+$opt_help || {
+test "$mode" = compile && func_mode_compile ${1+"$@"}
+}
+
+func_mode_help ()
+{
+    # We need to display help for each of the modes.
+    case $mode in
+      "")
+        # Generic help is extracted from the usage comments
+        # at the start of this file.
+        func_help
+        ;;
+
+      clean)
+        $ECHO \
+"Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE...
+
+Remove files from the build directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically \`/bin/rm').  RM-OPTIONS are options (such as \`-f') to be passed
+to RM.
+
+If FILE is a libtool library, object or program, all the files associated
+with it are deleted. Otherwise, only FILE itself is deleted using RM."
+        ;;
+
+      compile)
+      $ECHO \
+"Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE
+
+Compile a source file into a libtool library object.
+
+This mode accepts the following additional options:
+
+  -o OUTPUT-FILE    set the output file name to OUTPUT-FILE
+  -no-suppress      do not suppress compiler output for multiple passes
+  -prefer-pic       try to building PIC objects only
+  -prefer-non-pic   try to building non-PIC objects only
+  -shared           do not build a \`.o' file suitable for static linking
+  -static           only build a \`.o' file suitable for static linking
+
+COMPILE-COMMAND is a command to be used in creating a \`standard' object file
+from the given SOURCEFILE.
+
+The output file name is determined by removing the directory component from
+SOURCEFILE, then substituting the C source code suffix \`.c' with the
+library object suffix, \`.lo'."
+        ;;
+
+      execute)
+        $ECHO \
+"Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]...
+
+Automatically set library path, then run a program.
+
+This mode accepts the following additional options:
+
+  -dlopen FILE      add the directory containing FILE to the library path
+
+This mode sets the library path environment variable according to \`-dlopen'
+flags.
+
+If any of the ARGS are libtool executable wrappers, then they are translated
+into their corresponding uninstalled binary, and any of their required library
+directories are added to the library path.
+
+Then, COMMAND is executed, with ARGS as arguments."
+        ;;
+
+      finish)
+        $ECHO \
+"Usage: $progname [OPTION]... --mode=finish [LIBDIR]...
+
+Complete the installation of libtool libraries.
+
+Each LIBDIR is a directory that contains libtool libraries.
+
+The commands that this mode executes may require superuser privileges.  Use
+the \`--dry-run' option if you just want to see what would be executed."
+        ;;
+
+      install)
+        $ECHO \
+"Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND...
+
+Install executables or libraries.
+
+INSTALL-COMMAND is the installation command.  The first component should be
+either the \`install' or \`cp' program.
+
+The following components of INSTALL-COMMAND are treated specially:
+
+  -inst-prefix PREFIX-DIR  Use PREFIX-DIR as a staging area for installation
+
+The rest of the components are interpreted as arguments to that command (only
+BSD-compatible install options are recognized)."
+        ;;
+
+      link)
+        $ECHO \
+"Usage: $progname [OPTION]... --mode=link LINK-COMMAND...
+
+Link object files or libraries together to form another library, or to
+create an executable program.
+
+LINK-COMMAND is a command using the C compiler that you would use to create
+a program from several object files.
+
+The following components of LINK-COMMAND are treated specially:
+
+  -all-static       do not do any dynamic linking at all
+  -avoid-version    do not add a version suffix if possible
+  -dlopen FILE      \`-dlpreopen' FILE if it cannot be dlopened at runtime
+  -dlpreopen FILE   link in FILE and add its symbols to lt_preloaded_symbols
+  -export-dynamic   allow symbols from OUTPUT-FILE to be resolved with dlsym(3)
+  -export-symbols SYMFILE
+                    try to export only the symbols listed in SYMFILE
+  -export-symbols-regex REGEX
+                    try to export only the symbols matching REGEX
+  -LLIBDIR          search LIBDIR for required installed libraries
+  -lNAME            OUTPUT-FILE requires the installed library libNAME
+  -module           build a library that can dlopened
+  -no-fast-install  disable the fast-install mode
+  -no-install       link a not-installable executable
+  -no-undefined     declare that a library does not refer to external symbols
+  -o OUTPUT-FILE    create OUTPUT-FILE from the specified objects
+  -objectlist FILE  Use a list of object files found in FILE to specify objects
+  -precious-files-regex REGEX
+                    don't remove output files matching REGEX
+  -release RELEASE  specify package release information
+  -rpath LIBDIR     the created library will eventually be installed in LIBDIR
+  -R[ ]LIBDIR       add LIBDIR to the runtime path of programs and libraries
+  -shared           only do dynamic linking of libtool libraries
+  -shrext SUFFIX    override the standard shared library file extension
+  -static           do not do any dynamic linking of uninstalled libtool libraries
+  -static-libtool-libs
+                    do not do any dynamic linking of libtool libraries
+  -version-info CURRENT[:REVISION[:AGE]]
+                    specify library version info [each variable defaults to 0]
+  -weak LIBNAME     declare that the target provides the LIBNAME interface
+
+All other options (arguments beginning with \`-') are ignored.
+
+Every other argument is treated as a filename.  Files ending in \`.la' are
+treated as uninstalled libtool libraries, other files are standard or library
+object files.
+
+If the OUTPUT-FILE ends in \`.la', then a libtool library is created,
+only library objects (\`.lo' files) may be specified, and \`-rpath' is
+required, except when creating a convenience library.
+
+If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created
+using \`ar' and \`ranlib', or on Windows using \`lib'.
+
+If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file
+is created, otherwise an executable program is created."
+        ;;
+
+      uninstall)
+        $ECHO \
+"Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE...
+
+Remove libraries from an installation directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically \`/bin/rm').  RM-OPTIONS are options (such as \`-f') to be passed
+to RM.
+
+If FILE is a libtool library, all the files associated with it are deleted.
+Otherwise, only FILE itself is deleted using RM."
+        ;;
+
+      *)
+        func_fatal_help "invalid operation mode \`$mode'"
+        ;;
+    esac
+
+    $ECHO
+    $ECHO "Try \`$progname --help' for more information about other modes."
+
+    exit $?
+}
+
+  # Now that we've collected a possible --mode arg, show help if necessary
+  $opt_help && func_mode_help
+
+
+# func_mode_execute arg...
+func_mode_execute ()
+{
+    $opt_debug
+    # The first argument is the command name.
+    cmd="$nonopt"
+    test -z "$cmd" && \
+      func_fatal_help "you must specify a COMMAND"
+
+    # Handle -dlopen flags immediately.
+    for file in $execute_dlfiles; do
+      test -f "$file" \
+	|| func_fatal_help "\`$file' is not a file"
+
+      dir=
+      case $file in
+      *.la)
+	# Check to see that this really is a libtool archive.
+	func_lalib_unsafe_p "$file" \
+	  || func_fatal_help "\`$lib' is not a valid libtool archive"
+
+	# Read the libtool library.
+	dlname=
+	library_names=
+	func_source "$file"
+
+	# Skip this library if it cannot be dlopened.
+	if test -z "$dlname"; then
+	  # Warn if it was a shared library.
+	  test -n "$library_names" && \
+	    func_warning "\`$file' was not linked with \`-export-dynamic'"
+	  continue
+	fi
+
+	func_dirname "$file" "" "."
+	dir="$func_dirname_result"
+
+	if test -f "$dir/$objdir/$dlname"; then
+	  dir="$dir/$objdir"
+	else
+	  if test ! -f "$dir/$dlname"; then
+	    func_fatal_error "cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'"
+	  fi
+	fi
+	;;
+
+      *.lo)
+	# Just add the directory containing the .lo file.
+	func_dirname "$file" "" "."
+	dir="$func_dirname_result"
+	;;
+
+      *)
+	func_warning "\`-dlopen' is ignored for non-libtool libraries and objects"
+	continue
+	;;
+      esac
+
+      # Get the absolute pathname.
+      absdir=`cd "$dir" && pwd`
+      test -n "$absdir" && dir="$absdir"
+
+      # Now add the directory to shlibpath_var.
+      if eval "test -z \"\$$shlibpath_var\""; then
+	eval "$shlibpath_var=\"\$dir\""
+      else
+	eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\""
+      fi
+    done
+
+    # This variable tells wrapper scripts just to set shlibpath_var
+    # rather than running their programs.
+    libtool_execute_magic="$magic"
+
+    # Check if any of the arguments is a wrapper script.
+    args=
+    for file
+    do
+      case $file in
+      -*) ;;
+      *)
+	# Do a test to see if this is really a libtool program.
+	if func_ltwrapper_script_p "$file"; then
+	  func_source "$file"
+	  # Transform arg to wrapped name.
+	  file="$progdir/$program"
+	elif func_ltwrapper_executable_p "$file"; then
+	  func_ltwrapper_scriptname "$file"
+	  func_source "$func_ltwrapper_scriptname_result"
+	  # Transform arg to wrapped name.
+	  file="$progdir/$program"
+	fi
+	;;
+      esac
+      # Quote arguments (to preserve shell metacharacters).
+      func_quote_for_eval "$file"
+      args="$args $func_quote_for_eval_result"
+    done
+
+    if test "X$opt_dry_run" = Xfalse; then
+      if test -n "$shlibpath_var"; then
+	# Export the shlibpath_var.
+	eval "export $shlibpath_var"
+      fi
+
+      # Restore saved environment variables
+      for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
+      do
+	eval "if test \"\${save_$lt_var+set}\" = set; then
+                $lt_var=\$save_$lt_var; export $lt_var
+	      else
+		$lt_unset $lt_var
+	      fi"
+      done
+
+      # Now prepare to actually exec the command.
+      exec_cmd="\$cmd$args"
+    else
+      # Display what would be done.
+      if test -n "$shlibpath_var"; then
+	eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\""
+	$ECHO "export $shlibpath_var"
+      fi
+      $ECHO "$cmd$args"
+      exit $EXIT_SUCCESS
+    fi
+}
+
+test "$mode" = execute && func_mode_execute ${1+"$@"}
+
+
+# func_mode_finish arg...
+func_mode_finish ()
+{
+    $opt_debug
+    libdirs="$nonopt"
+    admincmds=
+
+    if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
+      for dir
+      do
+	libdirs="$libdirs $dir"
+      done
+
+      for libdir in $libdirs; do
+	if test -n "$finish_cmds"; then
+	  # Do each command in the finish commands.
+	  func_execute_cmds "$finish_cmds" 'admincmds="$admincmds
+'"$cmd"'"'
+	fi
+	if test -n "$finish_eval"; then
+	  # Do the single finish_eval.
+	  eval cmds=\"$finish_eval\"
+	  $opt_dry_run || eval "$cmds" || admincmds="$admincmds
+       $cmds"
+	fi
+      done
+    fi
+
+    # Exit here if they wanted silent mode.
+    $opt_silent && exit $EXIT_SUCCESS
+
+    $ECHO "X----------------------------------------------------------------------" | $Xsed
+    $ECHO "Libraries have been installed in:"
+    for libdir in $libdirs; do
+      $ECHO "   $libdir"
+    done
+    $ECHO
+    $ECHO "If you ever happen to want to link against installed libraries"
+    $ECHO "in a given directory, LIBDIR, you must either use libtool, and"
+    $ECHO "specify the full pathname of the library, or use the \`-LLIBDIR'"
+    $ECHO "flag during linking and do at least one of the following:"
+    if test -n "$shlibpath_var"; then
+      $ECHO "   - add LIBDIR to the \`$shlibpath_var' environment variable"
+      $ECHO "     during execution"
+    fi
+    if test -n "$runpath_var"; then
+      $ECHO "   - add LIBDIR to the \`$runpath_var' environment variable"
+      $ECHO "     during linking"
+    fi
+    if test -n "$hardcode_libdir_flag_spec"; then
+      libdir=LIBDIR
+      eval flag=\"$hardcode_libdir_flag_spec\"
+
+      $ECHO "   - use the \`$flag' linker flag"
+    fi
+    if test -n "$admincmds"; then
+      $ECHO "   - have your system administrator run these commands:$admincmds"
+    fi
+    if test -f /etc/ld.so.conf; then
+      $ECHO "   - have your system administrator add LIBDIR to \`/etc/ld.so.conf'"
+    fi
+    $ECHO
+
+    $ECHO "See any operating system documentation about shared libraries for"
+    case $host in
+      solaris2.[6789]|solaris2.1[0-9])
+        $ECHO "more information, such as the ld(1), crle(1) and ld.so(8) manual"
+	$ECHO "pages."
+	;;
+      *)
+        $ECHO "more information, such as the ld(1) and ld.so(8) manual pages."
+        ;;
+    esac
+    $ECHO "X----------------------------------------------------------------------" | $Xsed
+    exit $EXIT_SUCCESS
+}
+
+test "$mode" = finish && func_mode_finish ${1+"$@"}
+
+
+# func_mode_install arg...
+func_mode_install ()
+{
+    $opt_debug
+    # There may be an optional sh(1) argument at the beginning of
+    # install_prog (especially on Windows NT).
+    if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh ||
+       # Allow the use of GNU shtool's install command.
+       $ECHO "X$nonopt" | $GREP shtool >/dev/null; then
+      # Aesthetically quote it.
+      func_quote_for_eval "$nonopt"
+      install_prog="$func_quote_for_eval_result "
+      arg=$1
+      shift
+    else
+      install_prog=
+      arg=$nonopt
+    fi
+
+    # The real first argument should be the name of the installation program.
+    # Aesthetically quote it.
+    func_quote_for_eval "$arg"
+    install_prog="$install_prog$func_quote_for_eval_result"
+
+    # We need to accept at least all the BSD install flags.
+    dest=
+    files=
+    opts=
+    prev=
+    install_type=
+    isdir=no
+    stripme=
+    for arg
+    do
+      if test -n "$dest"; then
+	files="$files $dest"
+	dest=$arg
+	continue
+      fi
+
+      case $arg in
+      -d) isdir=yes ;;
+      -f)
+	case " $install_prog " in
+	*[\\\ /]cp\ *) ;;
+	*) prev=$arg ;;
+	esac
+	;;
+      -g | -m | -o)
+	prev=$arg
+	;;
+      -s)
+	stripme=" -s"
+	continue
+	;;
+      -*)
+	;;
+      *)
+	# If the previous option needed an argument, then skip it.
+	if test -n "$prev"; then
+	  prev=
+	else
+	  dest=$arg
+	  continue
+	fi
+	;;
+      esac
+
+      # Aesthetically quote the argument.
+      func_quote_for_eval "$arg"
+      install_prog="$install_prog $func_quote_for_eval_result"
+    done
+
+    test -z "$install_prog" && \
+      func_fatal_help "you must specify an install program"
+
+    test -n "$prev" && \
+      func_fatal_help "the \`$prev' option requires an argument"
+
+    if test -z "$files"; then
+      if test -z "$dest"; then
+	func_fatal_help "no file or destination specified"
+      else
+	func_fatal_help "you must specify a destination"
+      fi
+    fi
+
+    # Strip any trailing slash from the destination.
+    func_stripname '' '/' "$dest"
+    dest=$func_stripname_result
+
+    # Check to see that the destination is a directory.
+    test -d "$dest" && isdir=yes
+    if test "$isdir" = yes; then
+      destdir="$dest"
+      destname=
+    else
+      func_dirname_and_basename "$dest" "" "."
+      destdir="$func_dirname_result"
+      destname="$func_basename_result"
+
+      # Not a directory, so check to see that there is only one file specified.
+      set dummy $files; shift
+      test "$#" -gt 1 && \
+	func_fatal_help "\`$dest' is not a directory"
+    fi
+    case $destdir in
+    [\\/]* | [A-Za-z]:[\\/]*) ;;
+    *)
+      for file in $files; do
+	case $file in
+	*.lo) ;;
+	*)
+	  func_fatal_help "\`$destdir' must be an absolute directory name"
+	  ;;
+	esac
+      done
+      ;;
+    esac
+
+    # This variable tells wrapper scripts just to set variables rather
+    # than running their programs.
+    libtool_install_magic="$magic"
+
+    staticlibs=
+    future_libdirs=
+    current_libdirs=
+    for file in $files; do
+
+      # Do each installation.
+      case $file in
+      *.$libext)
+	# Do the static libraries later.
+	staticlibs="$staticlibs $file"
+	;;
+
+      *.la)
+	# Check to see that this really is a libtool archive.
+	func_lalib_unsafe_p "$file" \
+	  || func_fatal_help "\`$file' is not a valid libtool archive"
+
+	library_names=
+	old_library=
+	relink_command=
+	func_source "$file"
+
+	# Add the libdir to current_libdirs if it is the destination.
+	if test "X$destdir" = "X$libdir"; then
+	  case "$current_libdirs " in
+	  *" $libdir "*) ;;
+	  *) current_libdirs="$current_libdirs $libdir" ;;
+	  esac
+	else
+	  # Note the libdir as a future libdir.
+	  case "$future_libdirs " in
+	  *" $libdir "*) ;;
+	  *) future_libdirs="$future_libdirs $libdir" ;;
+	  esac
+	fi
+
+	func_dirname "$file" "/" ""
+	dir="$func_dirname_result"
+	dir="$dir$objdir"
+
+	if test -n "$relink_command"; then
+	  # Determine the prefix the user has applied to our future dir.
+	  inst_prefix_dir=`$ECHO "X$destdir" | $Xsed -e "s%$libdir\$%%"`
+
+	  # Don't allow the user to place us outside of our expected
+	  # location b/c this prevents finding dependent libraries that
+	  # are installed to the same prefix.
+	  # At present, this check doesn't affect windows .dll's that
+	  # are installed into $libdir/../bin (currently, that works fine)
+	  # but it's something to keep an eye on.
+	  test "$inst_prefix_dir" = "$destdir" && \
+	    func_fatal_error "error: cannot install \`$file' to a directory not ending in $libdir"
+
+	  if test -n "$inst_prefix_dir"; then
+	    # Stick the inst_prefix_dir data into the link command.
+	    relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"`
+	  else
+	    relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%%"`
+	  fi
+
+	  func_warning "relinking \`$file'"
+	  func_show_eval "$relink_command" \
+	    'func_fatal_error "error: relink \`$file'\'' with the above command before installing it"'
+	fi
+
+	# See the names of the shared library.
+	set dummy $library_names; shift
+	if test -n "$1"; then
+	  realname="$1"
+	  shift
+
+	  srcname="$realname"
+	  test -n "$relink_command" && srcname="$realname"T
+
+	  # Install the shared library and build the symlinks.
+	  func_show_eval "$install_prog $dir/$srcname $destdir/$realname" \
+	      'exit $?'
+	  tstripme="$stripme"
+	  case $host_os in
+	  cygwin* | mingw* | pw32* | cegcc*)
+	    case $realname in
+	    *.dll.a)
+	      tstripme=""
+	      ;;
+	    esac
+	    ;;
+	  esac
+	  if test -n "$tstripme" && test -n "$striplib"; then
+	    func_show_eval "$striplib $destdir/$realname" 'exit $?'
+	  fi
+
+	  if test "$#" -gt 0; then
+	    # Delete the old symlinks, and create new ones.
+	    # Try `ln -sf' first, because the `ln' binary might depend on
+	    # the symlink we replace!  Solaris /bin/ln does not understand -f,
+	    # so we also need to try rm && ln -s.
+	    for linkname
+	    do
+	      test "$linkname" != "$realname" \
+		&& func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })"
+	    done
+	  fi
+
+	  # Do each command in the postinstall commands.
+	  lib="$destdir/$realname"
+	  func_execute_cmds "$postinstall_cmds" 'exit $?'
+	fi
+
+	# Install the pseudo-library for information purposes.
+	func_basename "$file"
+	name="$func_basename_result"
+	instname="$dir/$name"i
+	func_show_eval "$install_prog $instname $destdir/$name" 'exit $?'
+
+	# Maybe install the static library, too.
+	test -n "$old_library" && staticlibs="$staticlibs $dir/$old_library"
+	;;
+
+      *.lo)
+	# Install (i.e. copy) a libtool object.
+
+	# Figure out destination file name, if it wasn't already specified.
+	if test -n "$destname"; then
+	  destfile="$destdir/$destname"
+	else
+	  func_basename "$file"
+	  destfile="$func_basename_result"
+	  destfile="$destdir/$destfile"
+	fi
+
+	# Deduce the name of the destination old-style object file.
+	case $destfile in
+	*.lo)
+	  func_lo2o "$destfile"
+	  staticdest=$func_lo2o_result
+	  ;;
+	*.$objext)
+	  staticdest="$destfile"
+	  destfile=
+	  ;;
+	*)
+	  func_fatal_help "cannot copy a libtool object to \`$destfile'"
+	  ;;
+	esac
+
+	# Install the libtool object if requested.
+	test -n "$destfile" && \
+	  func_show_eval "$install_prog $file $destfile" 'exit $?'
+
+	# Install the old object if enabled.
+	if test "$build_old_libs" = yes; then
+	  # Deduce the name of the old-style object file.
+	  func_lo2o "$file"
+	  staticobj=$func_lo2o_result
+	  func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?'
+	fi
+	exit $EXIT_SUCCESS
+	;;
+
+      *)
+	# Figure out destination file name, if it wasn't already specified.
+	if test -n "$destname"; then
+	  destfile="$destdir/$destname"
+	else
+	  func_basename "$file"
+	  destfile="$func_basename_result"
+	  destfile="$destdir/$destfile"
+	fi
+
+	# If the file is missing, and there is a .exe on the end, strip it
+	# because it is most likely a libtool script we actually want to
+	# install
+	stripped_ext=""
+	case $file in
+	  *.exe)
+	    if test ! -f "$file"; then
+	      func_stripname '' '.exe' "$file"
+	      file=$func_stripname_result
+	      stripped_ext=".exe"
+	    fi
+	    ;;
+	esac
+
+	# Do a test to see if this is really a libtool program.
+	case $host in
+	*cygwin* | *mingw*)
+	    if func_ltwrapper_executable_p "$file"; then
+	      func_ltwrapper_scriptname "$file"
+	      wrapper=$func_ltwrapper_scriptname_result
+	    else
+	      func_stripname '' '.exe' "$file"
+	      wrapper=$func_stripname_result
+	    fi
+	    ;;
+	*)
+	    wrapper=$file
+	    ;;
+	esac
+	if func_ltwrapper_script_p "$wrapper"; then
+	  notinst_deplibs=
+	  relink_command=
+
+	  func_source "$wrapper"
+
+	  # Check the variables that should have been set.
+	  test -z "$generated_by_libtool_version" && \
+	    func_fatal_error "invalid libtool wrapper script \`$wrapper'"
+
+	  finalize=yes
+	  for lib in $notinst_deplibs; do
+	    # Check to see that each library is installed.
+	    libdir=
+	    if test -f "$lib"; then
+	      func_source "$lib"
+	    fi
+	    libfile="$libdir/"`$ECHO "X$lib" | $Xsed -e 's%^.*/%%g'` ### testsuite: skip nested quoting test
+	    if test -n "$libdir" && test ! -f "$libfile"; then
+	      func_warning "\`$lib' has not been installed in \`$libdir'"
+	      finalize=no
+	    fi
+	  done
+
+	  relink_command=
+	  func_source "$wrapper"
+
+	  outputname=
+	  if test "$fast_install" = no && test -n "$relink_command"; then
+	    $opt_dry_run || {
+	      if test "$finalize" = yes; then
+	        tmpdir=`func_mktempdir`
+		func_basename "$file$stripped_ext"
+		file="$func_basename_result"
+	        outputname="$tmpdir/$file"
+	        # Replace the output file specification.
+	        relink_command=`$ECHO "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'`
+
+	        $opt_silent || {
+	          func_quote_for_expand "$relink_command"
+		  eval "func_echo $func_quote_for_expand_result"
+	        }
+	        if eval "$relink_command"; then :
+	          else
+		  func_error "error: relink \`$file' with the above command before installing it"
+		  $opt_dry_run || ${RM}r "$tmpdir"
+		  continue
+	        fi
+	        file="$outputname"
+	      else
+	        func_warning "cannot relink \`$file'"
+	      fi
+	    }
+	  else
+	    # Install the binary that we compiled earlier.
+	    file=`$ECHO "X$file$stripped_ext" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"`
+	  fi
+	fi
+
+	# remove .exe since cygwin /usr/bin/install will append another
+	# one anyway
+	case $install_prog,$host in
+	*/usr/bin/install*,*cygwin*)
+	  case $file:$destfile in
+	  *.exe:*.exe)
+	    # this is ok
+	    ;;
+	  *.exe:*)
+	    destfile=$destfile.exe
+	    ;;
+	  *:*.exe)
+	    func_stripname '' '.exe' "$destfile"
+	    destfile=$func_stripname_result
+	    ;;
+	  esac
+	  ;;
+	esac
+	func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?'
+	$opt_dry_run || if test -n "$outputname"; then
+	  ${RM}r "$tmpdir"
+	fi
+	;;
+      esac
+    done
+
+    for file in $staticlibs; do
+      func_basename "$file"
+      name="$func_basename_result"
+
+      # Set up the ranlib parameters.
+      oldlib="$destdir/$name"
+
+      func_show_eval "$install_prog \$file \$oldlib" 'exit $?'
+
+      if test -n "$stripme" && test -n "$old_striplib"; then
+	func_show_eval "$old_striplib $oldlib" 'exit $?'
+      fi
+
+      # Do each command in the postinstall commands.
+      func_execute_cmds "$old_postinstall_cmds" 'exit $?'
+    done
+
+    test -n "$future_libdirs" && \
+      func_warning "remember to run \`$progname --finish$future_libdirs'"
+
+    if test -n "$current_libdirs"; then
+      # Maybe just do a dry run.
+      $opt_dry_run && current_libdirs=" -n$current_libdirs"
+      exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs'
+    else
+      exit $EXIT_SUCCESS
+    fi
+}
+
+test "$mode" = install && func_mode_install ${1+"$@"}
+
+
+# func_generate_dlsyms outputname originator pic_p
+# Extract symbols from dlprefiles and create ${outputname}S.o with
+# a dlpreopen symbol table.
+func_generate_dlsyms ()
+{
+    $opt_debug
+    my_outputname="$1"
+    my_originator="$2"
+    my_pic_p="${3-no}"
+    my_prefix=`$ECHO "$my_originator" | sed 's%[^a-zA-Z0-9]%_%g'`
+    my_dlsyms=
+
+    if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+      if test -n "$NM" && test -n "$global_symbol_pipe"; then
+	my_dlsyms="${my_outputname}S.c"
+      else
+	func_error "not configured to extract global symbols from dlpreopened files"
+      fi
+    fi
+
+    if test -n "$my_dlsyms"; then
+      case $my_dlsyms in
+      "") ;;
+      *.c)
+	# Discover the nlist of each of the dlfiles.
+	nlist="$output_objdir/${my_outputname}.nm"
+
+	func_show_eval "$RM $nlist ${nlist}S ${nlist}T"
+
+	# Parse the name list into a source file.
+	func_verbose "creating $output_objdir/$my_dlsyms"
+
+	$opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\
+/* $my_dlsyms - symbol resolution table for \`$my_outputname' dlsym emulation. */
+/* Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION */
+
+#ifdef __cplusplus
+extern \"C\" {
+#endif
+
+/* External symbol declarations for the compiler. */\
+"
+
+	if test "$dlself" = yes; then
+	  func_verbose "generating symbol list for \`$output'"
+
+	  $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist"
+
+	  # Add our own program objects to the symbol list.
+	  progfiles=`$ECHO "X$objs$old_deplibs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+	  for progfile in $progfiles; do
+	    func_verbose "extracting global C symbols from \`$progfile'"
+	    $opt_dry_run || eval "$NM $progfile | $global_symbol_pipe >> '$nlist'"
+	  done
+
+	  if test -n "$exclude_expsyms"; then
+	    $opt_dry_run || {
+	      eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T'
+	      eval '$MV "$nlist"T "$nlist"'
+	    }
+	  fi
+
+	  if test -n "$export_symbols_regex"; then
+	    $opt_dry_run || {
+	      eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T'
+	      eval '$MV "$nlist"T "$nlist"'
+	    }
+	  fi
+
+	  # Prepare the list of exported symbols
+	  if test -z "$export_symbols"; then
+	    export_symbols="$output_objdir/$outputname.exp"
+	    $opt_dry_run || {
+	      $RM $export_symbols
+	      eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
+	      case $host in
+	      *cygwin* | *mingw* | *cegcc* )
+                eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+                eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"'
+	        ;;
+	      esac
+	    }
+	  else
+	    $opt_dry_run || {
+	      eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"'
+	      eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T'
+	      eval '$MV "$nlist"T "$nlist"'
+	      case $host in
+	        *cygwin | *mingw* | *cegcc* )
+	          eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+	          eval 'cat "$nlist" >> "$output_objdir/$outputname.def"'
+	          ;;
+	      esac
+	    }
+	  fi
+	fi
+
+	for dlprefile in $dlprefiles; do
+	  func_verbose "extracting global C symbols from \`$dlprefile'"
+	  func_basename "$dlprefile"
+	  name="$func_basename_result"
+	  $opt_dry_run || {
+	    eval '$ECHO ": $name " >> "$nlist"'
+	    eval "$NM $dlprefile 2>/dev/null | $global_symbol_pipe >> '$nlist'"
+	  }
+	done
+
+	$opt_dry_run || {
+	  # Make sure we have at least an empty file.
+	  test -f "$nlist" || : > "$nlist"
+
+	  if test -n "$exclude_expsyms"; then
+	    $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T
+	    $MV "$nlist"T "$nlist"
+	  fi
+
+	  # Try sorting and uniquifying the output.
+	  if $GREP -v "^: " < "$nlist" |
+	      if sort -k 3 </dev/null >/dev/null 2>&1; then
+		sort -k 3
+	      else
+		sort +2
+	      fi |
+	      uniq > "$nlist"S; then
+	    :
+	  else
+	    $GREP -v "^: " < "$nlist" > "$nlist"S
+	  fi
+
+	  if test -f "$nlist"S; then
+	    eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"'
+	  else
+	    $ECHO '/* NONE */' >> "$output_objdir/$my_dlsyms"
+	  fi
+
+	  $ECHO >> "$output_objdir/$my_dlsyms" "\
+
+/* The mapping between symbol names and symbols.  */
+typedef struct {
+  const char *name;
+  void *address;
+} lt_dlsymlist;
+"
+	  case $host in
+	  *cygwin* | *mingw* | *cegcc* )
+	    $ECHO >> "$output_objdir/$my_dlsyms" "\
+/* DATA imports from DLLs on WIN32 con't be const, because
+   runtime relocations are performed -- see ld's documentation
+   on pseudo-relocs.  */"
+	    lt_dlsym_const= ;;
+	  *osf5*)
+	    echo >> "$output_objdir/$my_dlsyms" "\
+/* This system does not cope well with relocations in const data */"
+	    lt_dlsym_const= ;;
+	  *)
+	    lt_dlsym_const=const ;;
+	  esac
+
+	  $ECHO >> "$output_objdir/$my_dlsyms" "\
+extern $lt_dlsym_const lt_dlsymlist
+lt_${my_prefix}_LTX_preloaded_symbols[];
+$lt_dlsym_const lt_dlsymlist
+lt_${my_prefix}_LTX_preloaded_symbols[] =
+{\
+  { \"$my_originator\", (void *) 0 },"
+
+	  case $need_lib_prefix in
+	  no)
+	    eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms"
+	    ;;
+	  *)
+	    eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms"
+	    ;;
+	  esac
+	  $ECHO >> "$output_objdir/$my_dlsyms" "\
+  {0, (void *) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+  return lt_${my_prefix}_LTX_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif\
+"
+	} # !$opt_dry_run
+
+	pic_flag_for_symtable=
+	case "$compile_command " in
+	*" -static "*) ;;
+	*)
+	  case $host in
+	  # compiling the symbol table file with pic_flag works around
+	  # a FreeBSD bug that causes programs to crash when -lm is
+	  # linked before any other PIC object.  But we must not use
+	  # pic_flag when linking with -static.  The problem exists in
+	  # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
+	  *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
+	    pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;;
+	  *-*-hpux*)
+	    pic_flag_for_symtable=" $pic_flag"  ;;
+	  *)
+	    if test "X$my_pic_p" != Xno; then
+	      pic_flag_for_symtable=" $pic_flag"
+	    fi
+	    ;;
+	  esac
+	  ;;
+	esac
+	symtab_cflags=
+	for arg in $LTCFLAGS; do
+	  case $arg in
+	  -pie | -fpie | -fPIE) ;;
+	  *) symtab_cflags="$symtab_cflags $arg" ;;
+	  esac
+	done
+
+	# Now compile the dynamic symbol file.
+	func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?'
+
+	# Clean up the generated files.
+	func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T"'
+
+	# Transform the symbol file into the correct name.
+	symfileobj="$output_objdir/${my_outputname}S.$objext"
+	case $host in
+	*cygwin* | *mingw* | *cegcc* )
+	  if test -f "$output_objdir/$my_outputname.def"; then
+	    compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
+	    finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
+	  else
+	    compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+	    finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+	  fi
+	  ;;
+	*)
+	  compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+	  finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+	  ;;
+	esac
+	;;
+      *)
+	func_fatal_error "unknown suffix for \`$my_dlsyms'"
+	;;
+      esac
+    else
+      # We keep going just in case the user didn't refer to
+      # lt_preloaded_symbols.  The linker will fail if global_symbol_pipe
+      # really was required.
+
+      # Nullify the symbol file.
+      compile_command=`$ECHO "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"`
+      finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"`
+    fi
+}
+
+# func_win32_libid arg
+# return the library type of file 'arg'
+#
+# Need a lot of goo to handle *both* DLLs and import libs
+# Has to be a shell function in order to 'eat' the argument
+# that is supplied when $file_magic_command is called.
+func_win32_libid ()
+{
+  $opt_debug
+  win32_libid_type="unknown"
+  win32_fileres=`file -L $1 2>/dev/null`
+  case $win32_fileres in
+  *ar\ archive\ import\ library*) # definitely import
+    win32_libid_type="x86 archive import"
+    ;;
+  *ar\ archive*) # could be an import, or static
+    if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null |
+       $EGREP 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then
+      win32_nmres=`eval $NM -f posix -A $1 |
+	$SED -n -e '
+	    1,100{
+		/ I /{
+		    s,.*,import,
+		    p
+		    q
+		}
+	    }'`
+      case $win32_nmres in
+      import*)  win32_libid_type="x86 archive import";;
+      *)        win32_libid_type="x86 archive static";;
+      esac
+    fi
+    ;;
+  *DLL*)
+    win32_libid_type="x86 DLL"
+    ;;
+  *executable*) # but shell scripts are "executable" too...
+    case $win32_fileres in
+    *MS\ Windows\ PE\ Intel*)
+      win32_libid_type="x86 DLL"
+      ;;
+    esac
+    ;;
+  esac
+  $ECHO "$win32_libid_type"
+}
+
+
+
+# func_extract_an_archive dir oldlib
+func_extract_an_archive ()
+{
+    $opt_debug
+    f_ex_an_ar_dir="$1"; shift
+    f_ex_an_ar_oldlib="$1"
+    func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" 'exit $?'
+    if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then
+     :
+    else
+      func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib"
+    fi
+}
+
+
+# func_extract_archives gentop oldlib ...
+func_extract_archives ()
+{
+    $opt_debug
+    my_gentop="$1"; shift
+    my_oldlibs=${1+"$@"}
+    my_oldobjs=""
+    my_xlib=""
+    my_xabs=""
+    my_xdir=""
+
+    for my_xlib in $my_oldlibs; do
+      # Extract the objects.
+      case $my_xlib in
+	[\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;;
+	*) my_xabs=`pwd`"/$my_xlib" ;;
+      esac
+      func_basename "$my_xlib"
+      my_xlib="$func_basename_result"
+      my_xlib_u=$my_xlib
+      while :; do
+        case " $extracted_archives " in
+	*" $my_xlib_u "*)
+	  func_arith $extracted_serial + 1
+	  extracted_serial=$func_arith_result
+	  my_xlib_u=lt$extracted_serial-$my_xlib ;;
+	*) break ;;
+	esac
+      done
+      extracted_archives="$extracted_archives $my_xlib_u"
+      my_xdir="$my_gentop/$my_xlib_u"
+
+      func_mkdir_p "$my_xdir"
+
+      case $host in
+      *-darwin*)
+	func_verbose "Extracting $my_xabs"
+	# Do not bother doing anything if just a dry run
+	$opt_dry_run || {
+	  darwin_orig_dir=`pwd`
+	  cd $my_xdir || exit $?
+	  darwin_archive=$my_xabs
+	  darwin_curdir=`pwd`
+	  darwin_base_archive=`basename "$darwin_archive"`
+	  darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true`
+	  if test -n "$darwin_arches"; then
+	    darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'`
+	    darwin_arch=
+	    func_verbose "$darwin_base_archive has multiple architectures $darwin_arches"
+	    for darwin_arch in  $darwin_arches ; do
+	      func_mkdir_p "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+	      $LIPO -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}"
+	      cd "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+	      func_extract_an_archive "`pwd`" "${darwin_base_archive}"
+	      cd "$darwin_curdir"
+	      $RM "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}"
+	    done # $darwin_arches
+            ## Okay now we've a bunch of thin objects, gotta fatten them up :)
+	    darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$basename" | sort -u`
+	    darwin_file=
+	    darwin_files=
+	    for darwin_file in $darwin_filelist; do
+	      darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP`
+	      $LIPO -create -output "$darwin_file" $darwin_files
+	    done # $darwin_filelist
+	    $RM -rf unfat-$$
+	    cd "$darwin_orig_dir"
+	  else
+	    cd $darwin_orig_dir
+	    func_extract_an_archive "$my_xdir" "$my_xabs"
+	  fi # $darwin_arches
+	} # !$opt_dry_run
+	;;
+      *)
+        func_extract_an_archive "$my_xdir" "$my_xabs"
+	;;
+      esac
+      my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP`
+    done
+
+    func_extract_archives_result="$my_oldobjs"
+}
+
+
+
+# func_emit_wrapper_part1 [arg=no]
+#
+# Emit the first part of a libtool wrapper script on stdout.
+# For more information, see the description associated with
+# func_emit_wrapper(), below.
+func_emit_wrapper_part1 ()
+{
+	func_emit_wrapper_part1_arg1=no
+	if test -n "$1" ; then
+	  func_emit_wrapper_part1_arg1=$1
+	fi
+
+	$ECHO "\
+#! $SHELL
+
+# $output - temporary wrapper script for $objdir/$outputname
+# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+#
+# The $output program cannot be directly executed until all the libtool
+# libraries that it depends on are installed.
+#
+# This wrapper script should never be moved out of the build directory.
+# If it is, it will not operate correctly.
+
+# Sed substitution that helps us do robust quoting.  It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed='${SED} -e 1s/^X//'
+sed_quote_subst='$sed_quote_subst'
+
+# Be Bourne compatible
+if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '\${1+\"\$@\"}'='\"\$@\"'
+  setopt NO_GLOB_SUBST
+else
+  case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac
+fi
+BIN_SH=xpg4; export BIN_SH # for Tru64
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+relink_command=\"$relink_command\"
+
+# This environment variable determines our operation mode.
+if test \"\$libtool_install_magic\" = \"$magic\"; then
+  # install mode needs the following variables:
+  generated_by_libtool_version='$macro_version'
+  notinst_deplibs='$notinst_deplibs'
+else
+  # When we are sourced in execute mode, \$file and \$ECHO are already set.
+  if test \"\$libtool_execute_magic\" != \"$magic\"; then
+    ECHO=\"$qecho\"
+    file=\"\$0\"
+    # Make sure echo works.
+    if test \"X\$1\" = X--no-reexec; then
+      # Discard the --no-reexec flag, and continue.
+      shift
+    elif test \"X\`{ \$ECHO '\t'; } 2>/dev/null\`\" = 'X\t'; then
+      # Yippee, \$ECHO works!
+      :
+    else
+      # Restart under the correct shell, and then maybe \$ECHO will work.
+      exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"}
+    fi
+  fi\
+"
+	$ECHO "\
+
+  # Find the directory that this script lives in.
+  thisdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\`
+  test \"x\$thisdir\" = \"x\$file\" && thisdir=.
+
+  # Follow symbolic links until we get to the real thisdir.
+  file=\`ls -ld \"\$file\" | ${SED} -n 's/.*-> //p'\`
+  while test -n \"\$file\"; do
+    destdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\`
+
+    # If there was a directory component, then change thisdir.
+    if test \"x\$destdir\" != \"x\$file\"; then
+      case \"\$destdir\" in
+      [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;;
+      *) thisdir=\"\$thisdir/\$destdir\" ;;
+      esac
+    fi
+
+    file=\`\$ECHO \"X\$file\" | \$Xsed -e 's%^.*/%%'\`
+    file=\`ls -ld \"\$thisdir/\$file\" | ${SED} -n 's/.*-> //p'\`
+  done
+"
+}
+# end: func_emit_wrapper_part1
+
+# func_emit_wrapper_part2 [arg=no]
+#
+# Emit the second part of a libtool wrapper script on stdout.
+# For more information, see the description associated with
+# func_emit_wrapper(), below.
+func_emit_wrapper_part2 ()
+{
+	func_emit_wrapper_part2_arg1=no
+	if test -n "$1" ; then
+	  func_emit_wrapper_part2_arg1=$1
+	fi
+
+	$ECHO "\
+
+  # Usually 'no', except on cygwin/mingw when embedded into
+  # the cwrapper.
+  WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_part2_arg1
+  if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then
+    # special case for '.'
+    if test \"\$thisdir\" = \".\"; then
+      thisdir=\`pwd\`
+    fi
+    # remove .libs from thisdir
+    case \"\$thisdir\" in
+    *[\\\\/]$objdir ) thisdir=\`\$ECHO \"X\$thisdir\" | \$Xsed -e 's%[\\\\/][^\\\\/]*$%%'\` ;;
+    $objdir )   thisdir=. ;;
+    esac
+  fi
+
+  # Try to get the absolute directory name.
+  absdir=\`cd \"\$thisdir\" && pwd\`
+  test -n \"\$absdir\" && thisdir=\"\$absdir\"
+"
+
+	if test "$fast_install" = yes; then
+	  $ECHO "\
+  program=lt-'$outputname'$exeext
+  progdir=\"\$thisdir/$objdir\"
+
+  if test ! -f \"\$progdir/\$program\" ||
+     { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\
+       test \"X\$file\" != \"X\$progdir/\$program\"; }; then
+
+    file=\"\$\$-\$program\"
+
+    if test ! -d \"\$progdir\"; then
+      $MKDIR \"\$progdir\"
+    else
+      $RM \"\$progdir/\$file\"
+    fi"
+
+	  $ECHO "\
+
+    # relink executable if necessary
+    if test -n \"\$relink_command\"; then
+      if relink_command_output=\`eval \$relink_command 2>&1\`; then :
+      else
+	$ECHO \"\$relink_command_output\" >&2
+	$RM \"\$progdir/\$file\"
+	exit 1
+      fi
+    fi
+
+    $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null ||
+    { $RM \"\$progdir/\$program\";
+      $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; }
+    $RM \"\$progdir/\$file\"
+  fi"
+	else
+	  $ECHO "\
+  program='$outputname'
+  progdir=\"\$thisdir/$objdir\"
+"
+	fi
+
+	$ECHO "\
+
+  if test -f \"\$progdir/\$program\"; then"
+
+	# Export our shlibpath_var if we have one.
+	if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
+	  $ECHO "\
+    # Add our own library path to $shlibpath_var
+    $shlibpath_var=\"$temp_rpath\$$shlibpath_var\"
+
+    # Some systems cannot cope with colon-terminated $shlibpath_var
+    # The second colon is a workaround for a bug in BeOS R4 sed
+    $shlibpath_var=\`\$ECHO \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\`
+
+    export $shlibpath_var
+"
+	fi
+
+	# fixup the dll searchpath if we need to.
+	if test -n "$dllsearchpath"; then
+	  $ECHO "\
+    # Add the dll search path components to the executable PATH
+    PATH=$dllsearchpath:\$PATH
+"
+	fi
+
+	$ECHO "\
+    if test \"\$libtool_execute_magic\" != \"$magic\"; then
+      # Run the actual program with our arguments.
+"
+	case $host in
+	# Backslashes separate directories on plain windows
+	*-*-mingw | *-*-os2* | *-cegcc*)
+	  $ECHO "\
+      exec \"\$progdir\\\\\$program\" \${1+\"\$@\"}
+"
+	  ;;
+
+	*)
+	  $ECHO "\
+      exec \"\$progdir/\$program\" \${1+\"\$@\"}
+"
+	  ;;
+	esac
+	$ECHO "\
+      \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2
+      exit 1
+    fi
+  else
+    # The program doesn't exist.
+    \$ECHO \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2
+    \$ECHO \"This script is just a wrapper for \$program.\" 1>&2
+    $ECHO \"See the $PACKAGE documentation for more information.\" 1>&2
+    exit 1
+  fi
+fi\
+"
+}
+# end: func_emit_wrapper_part2
+
+
+# func_emit_wrapper [arg=no]
+#
+# Emit a libtool wrapper script on stdout.
+# Don't directly open a file because we may want to
+# incorporate the script contents within a cygwin/mingw
+# wrapper executable.  Must ONLY be called from within
+# func_mode_link because it depends on a number of variables
+# set therein.
+#
+# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR
+# variable will take.  If 'yes', then the emitted script
+# will assume that the directory in which it is stored is
+# the $objdir directory.  This is a cygwin/mingw-specific
+# behavior.
+func_emit_wrapper ()
+{
+	func_emit_wrapper_arg1=no
+	if test -n "$1" ; then
+	  func_emit_wrapper_arg1=$1
+	fi
+
+	# split this up so that func_emit_cwrapperexe_src
+	# can call each part independently.
+	func_emit_wrapper_part1 "${func_emit_wrapper_arg1}"
+	func_emit_wrapper_part2 "${func_emit_wrapper_arg1}"
+}
+
+
+# func_to_host_path arg
+#
+# Convert paths to host format when used with build tools.
+# Intended for use with "native" mingw (where libtool itself
+# is running under the msys shell), or in the following cross-
+# build environments:
+#    $build          $host
+#    mingw (msys)    mingw  [e.g. native]
+#    cygwin          mingw
+#    *nix + wine     mingw
+# where wine is equipped with the `winepath' executable.
+# In the native mingw case, the (msys) shell automatically
+# converts paths for any non-msys applications it launches,
+# but that facility isn't available from inside the cwrapper.
+# Similar accommodations are necessary for $host mingw and
+# $build cygwin.  Calling this function does no harm for other
+# $host/$build combinations not listed above.
+#
+# ARG is the path (on $build) that should be converted to
+# the proper representation for $host. The result is stored
+# in $func_to_host_path_result.
+func_to_host_path ()
+{
+  func_to_host_path_result="$1"
+  if test -n "$1" ; then
+    case $host in
+      *mingw* )
+        lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g'
+        case $build in
+          *mingw* ) # actually, msys
+            # awkward: cmd appends spaces to result
+            lt_sed_strip_trailing_spaces="s/[ ]*\$//"
+            func_to_host_path_tmp1=`( cmd //c echo "$1" |\
+              $SED -e "$lt_sed_strip_trailing_spaces" ) 2>/dev/null || echo ""`
+            func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\
+              $SED -e "$lt_sed_naive_backslashify"`
+            ;;
+          *cygwin* )
+            func_to_host_path_tmp1=`cygpath -w "$1"`
+            func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\
+              $SED -e "$lt_sed_naive_backslashify"`
+            ;;
+          * )
+            # Unfortunately, winepath does not exit with a non-zero
+            # error code, so we are forced to check the contents of
+            # stdout. On the other hand, if the command is not
+            # found, the shell will set an exit code of 127 and print
+            # *an error message* to stdout. So we must check for both
+            # error code of zero AND non-empty stdout, which explains
+            # the odd construction:
+            func_to_host_path_tmp1=`winepath -w "$1" 2>/dev/null`
+            if test "$?" -eq 0 && test -n "${func_to_host_path_tmp1}"; then
+              func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\
+                $SED -e "$lt_sed_naive_backslashify"`
+            else
+              # Allow warning below.
+              func_to_host_path_result=""
+            fi
+            ;;
+        esac
+        if test -z "$func_to_host_path_result" ; then
+          func_error "Could not determine host path corresponding to"
+          func_error "  '$1'"
+          func_error "Continuing, but uninstalled executables may not work."
+          # Fallback:
+          func_to_host_path_result="$1"
+        fi
+        ;;
+    esac
+  fi
+}
+# end: func_to_host_path
+
+# func_to_host_pathlist arg
+#
+# Convert pathlists to host format when used with build tools.
+# See func_to_host_path(), above. This function supports the
+# following $build/$host combinations (but does no harm for
+# combinations not listed here):
+#    $build          $host
+#    mingw (msys)    mingw  [e.g. native]
+#    cygwin          mingw
+#    *nix + wine     mingw
+#
+# Path separators are also converted from $build format to
+# $host format. If ARG begins or ends with a path separator
+# character, it is preserved (but converted to $host format)
+# on output.
+#
+# ARG is a pathlist (on $build) that should be converted to
+# the proper representation on $host. The result is stored
+# in $func_to_host_pathlist_result.
+func_to_host_pathlist ()
+{
+  func_to_host_pathlist_result="$1"
+  if test -n "$1" ; then
+    case $host in
+      *mingw* )
+        lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g'
+        # Remove leading and trailing path separator characters from
+        # ARG. msys behavior is inconsistent here, cygpath turns them
+        # into '.;' and ';.', and winepath ignores them completely.
+        func_to_host_pathlist_tmp2="$1"
+        # Once set for this call, this variable should not be
+        # reassigned. It is used in tha fallback case.
+        func_to_host_pathlist_tmp1=`echo "$func_to_host_pathlist_tmp2" |\
+          $SED -e 's|^:*||' -e 's|:*$||'`
+        case $build in
+          *mingw* ) # Actually, msys.
+            # Awkward: cmd appends spaces to result.
+            lt_sed_strip_trailing_spaces="s/[ ]*\$//"
+            func_to_host_pathlist_tmp2=`( cmd //c echo "$func_to_host_pathlist_tmp1" |\
+              $SED -e "$lt_sed_strip_trailing_spaces" ) 2>/dev/null || echo ""`
+            func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp2" |\
+              $SED -e "$lt_sed_naive_backslashify"`
+            ;;
+          *cygwin* )
+            func_to_host_pathlist_tmp2=`cygpath -w -p "$func_to_host_pathlist_tmp1"`
+            func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp2" |\
+              $SED -e "$lt_sed_naive_backslashify"`
+            ;;
+          * )
+            # unfortunately, winepath doesn't convert pathlists
+            func_to_host_pathlist_result=""
+            func_to_host_pathlist_oldIFS=$IFS
+            IFS=:
+            for func_to_host_pathlist_f in $func_to_host_pathlist_tmp1 ; do
+              IFS=$func_to_host_pathlist_oldIFS
+              if test -n "$func_to_host_pathlist_f" ; then
+                func_to_host_path "$func_to_host_pathlist_f"
+                if test -n "$func_to_host_path_result" ; then
+                  if test -z "$func_to_host_pathlist_result" ; then
+                    func_to_host_pathlist_result="$func_to_host_path_result"
+                  else
+                    func_to_host_pathlist_result="$func_to_host_pathlist_result;$func_to_host_path_result"
+                  fi
+                fi
+              fi
+              IFS=:
+            done
+            IFS=$func_to_host_pathlist_oldIFS
+            ;;
+        esac
+        if test -z "$func_to_host_pathlist_result" ; then
+          func_error "Could not determine the host path(s) corresponding to"
+          func_error "  '$1'"
+          func_error "Continuing, but uninstalled executables may not work."
+          # Fallback. This may break if $1 contains DOS-style drive
+          # specifications. The fix is not to complicate the expression
+          # below, but for the user to provide a working wine installation
+          # with winepath so that path translation in the cross-to-mingw
+          # case works properly.
+          lt_replace_pathsep_nix_to_dos="s|:|;|g"
+          func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp1" |\
+            $SED -e "$lt_replace_pathsep_nix_to_dos"`
+        fi
+        # Now, add the leading and trailing path separators back
+        case "$1" in
+          :* ) func_to_host_pathlist_result=";$func_to_host_pathlist_result"
+            ;;
+        esac
+        case "$1" in
+          *: ) func_to_host_pathlist_result="$func_to_host_pathlist_result;"
+            ;;
+        esac
+        ;;
+    esac
+  fi
+}
+# end: func_to_host_pathlist
+
+# func_emit_cwrapperexe_src
+# emit the source code for a wrapper executable on stdout
+# Must ONLY be called from within func_mode_link because
+# it depends on a number of variable set therein.
+func_emit_cwrapperexe_src ()
+{
+	cat <<EOF
+
+/* $cwrappersource - temporary wrapper executable for $objdir/$outputname
+   Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+
+   The $output program cannot be directly executed until all the libtool
+   libraries that it depends on are installed.
+
+   This wrapper executable should never be moved out of the build directory.
+   If it is, it will not operate correctly.
+
+   Currently, it simply execs the wrapper *script* "$SHELL $output",
+   but could eventually absorb all of the scripts functionality and
+   exec $objdir/$outputname directly.
+*/
+EOF
+	    cat <<"EOF"
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef _MSC_VER
+# include <direct.h>
+# include <process.h>
+# include <io.h>
+# define setmode _setmode
+#else
+# include <unistd.h>
+# include <stdint.h>
+# ifdef __CYGWIN__
+#  include <io.h>
+#  define HAVE_SETENV
+#  ifdef __STRICT_ANSI__
+char *realpath (const char *, char *);
+int putenv (char *);
+int setenv (const char *, const char *, int);
+#  endif
+# endif
+#endif
+#include <malloc.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+
+#if defined(PATH_MAX)
+# define LT_PATHMAX PATH_MAX
+#elif defined(MAXPATHLEN)
+# define LT_PATHMAX MAXPATHLEN
+#else
+# define LT_PATHMAX 1024
+#endif
+
+#ifndef S_IXOTH
+# define S_IXOTH 0
+#endif
+#ifndef S_IXGRP
+# define S_IXGRP 0
+#endif
+
+#ifdef _MSC_VER
+# define S_IXUSR _S_IEXEC
+# define stat _stat
+# ifndef _INTPTR_T_DEFINED
+#  define intptr_t int
+# endif
+#endif
+
+#ifndef DIR_SEPARATOR
+# define DIR_SEPARATOR '/'
+# define PATH_SEPARATOR ':'
+#endif
+
+#if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \
+  defined (__OS2__)
+# define HAVE_DOS_BASED_FILE_SYSTEM
+# define FOPEN_WB "wb"
+# ifndef DIR_SEPARATOR_2
+#  define DIR_SEPARATOR_2 '\\'
+# endif
+# ifndef PATH_SEPARATOR_2
+#  define PATH_SEPARATOR_2 ';'
+# endif
+#endif
+
+#ifndef DIR_SEPARATOR_2
+# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR)
+#else /* DIR_SEPARATOR_2 */
+# define IS_DIR_SEPARATOR(ch) \
+	(((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2))
+#endif /* DIR_SEPARATOR_2 */
+
+#ifndef PATH_SEPARATOR_2
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR)
+#else /* PATH_SEPARATOR_2 */
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2)
+#endif /* PATH_SEPARATOR_2 */
+
+#ifdef __CYGWIN__
+# define FOPEN_WB "wb"
+#endif
+
+#ifndef FOPEN_WB
+# define FOPEN_WB "w"
+#endif
+#ifndef _O_BINARY
+# define _O_BINARY 0
+#endif
+
+#define XMALLOC(type, num)      ((type *) xmalloc ((num) * sizeof(type)))
+#define XFREE(stale) do { \
+  if (stale) { free ((void *) stale); stale = 0; } \
+} while (0)
+
+#undef LTWRAPPER_DEBUGPRINTF
+#if defined DEBUGWRAPPER
+# define LTWRAPPER_DEBUGPRINTF(args) ltwrapper_debugprintf args
+static void
+ltwrapper_debugprintf (const char *fmt, ...)
+{
+    va_list args;
+    va_start (args, fmt);
+    (void) vfprintf (stderr, fmt, args);
+    va_end (args);
+}
+#else
+# define LTWRAPPER_DEBUGPRINTF(args)
+#endif
+
+const char *program_name = NULL;
+
+void *xmalloc (size_t num);
+char *xstrdup (const char *string);
+const char *base_name (const char *name);
+char *find_executable (const char *wrapper);
+char *chase_symlinks (const char *pathspec);
+int make_executable (const char *path);
+int check_executable (const char *path);
+char *strendzap (char *str, const char *pat);
+void lt_fatal (const char *message, ...);
+void lt_setenv (const char *name, const char *value);
+char *lt_extend_str (const char *orig_value, const char *add, int to_end);
+void lt_opt_process_env_set (const char *arg);
+void lt_opt_process_env_prepend (const char *arg);
+void lt_opt_process_env_append (const char *arg);
+int lt_split_name_value (const char *arg, char** name, char** value);
+void lt_update_exe_path (const char *name, const char *value);
+void lt_update_lib_path (const char *name, const char *value);
+
+static const char *script_text_part1 =
+EOF
+
+	    func_emit_wrapper_part1 yes |
+	        $SED -e 's/\([\\"]\)/\\\1/g' \
+	             -e 's/^/  "/' -e 's/$/\\n"/'
+	    echo ";"
+	    cat <<EOF
+
+static const char *script_text_part2 =
+EOF
+	    func_emit_wrapper_part2 yes |
+	        $SED -e 's/\([\\"]\)/\\\1/g' \
+	             -e 's/^/  "/' -e 's/$/\\n"/'
+	    echo ";"
+
+	    cat <<EOF
+const char * MAGIC_EXE = "$magic_exe";
+const char * LIB_PATH_VARNAME = "$shlibpath_var";
+EOF
+
+	    if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
+              func_to_host_pathlist "$temp_rpath"
+	      cat <<EOF
+const char * LIB_PATH_VALUE   = "$func_to_host_pathlist_result";
+EOF
+	    else
+	      cat <<"EOF"
+const char * LIB_PATH_VALUE   = "";
+EOF
+	    fi
+
+	    if test -n "$dllsearchpath"; then
+              func_to_host_pathlist "$dllsearchpath:"
+	      cat <<EOF
+const char * EXE_PATH_VARNAME = "PATH";
+const char * EXE_PATH_VALUE   = "$func_to_host_pathlist_result";
+EOF
+	    else
+	      cat <<"EOF"
+const char * EXE_PATH_VARNAME = "";
+const char * EXE_PATH_VALUE   = "";
+EOF
+	    fi
+
+	    if test "$fast_install" = yes; then
+	      cat <<EOF
+const char * TARGET_PROGRAM_NAME = "lt-$outputname"; /* hopefully, no .exe */
+EOF
+	    else
+	      cat <<EOF
+const char * TARGET_PROGRAM_NAME = "$outputname"; /* hopefully, no .exe */
+EOF
+	    fi
+
+
+	    cat <<"EOF"
+
+#define LTWRAPPER_OPTION_PREFIX         "--lt-"
+#define LTWRAPPER_OPTION_PREFIX_LENGTH  5
+
+static const size_t opt_prefix_len         = LTWRAPPER_OPTION_PREFIX_LENGTH;
+static const char *ltwrapper_option_prefix = LTWRAPPER_OPTION_PREFIX;
+
+static const char *dumpscript_opt       = LTWRAPPER_OPTION_PREFIX "dump-script";
+
+static const size_t env_set_opt_len     = LTWRAPPER_OPTION_PREFIX_LENGTH + 7;
+static const char *env_set_opt          = LTWRAPPER_OPTION_PREFIX "env-set";
+  /* argument is putenv-style "foo=bar", value of foo is set to bar */
+
+static const size_t env_prepend_opt_len = LTWRAPPER_OPTION_PREFIX_LENGTH + 11;
+static const char *env_prepend_opt      = LTWRAPPER_OPTION_PREFIX "env-prepend";
+  /* argument is putenv-style "foo=bar", new value of foo is bar${foo} */
+
+static const size_t env_append_opt_len  = LTWRAPPER_OPTION_PREFIX_LENGTH + 10;
+static const char *env_append_opt       = LTWRAPPER_OPTION_PREFIX "env-append";
+  /* argument is putenv-style "foo=bar", new value of foo is ${foo}bar */
+
+int
+main (int argc, char *argv[])
+{
+  char **newargz;
+  int  newargc;
+  char *tmp_pathspec;
+  char *actual_cwrapper_path;
+  char *actual_cwrapper_name;
+  char *target_name;
+  char *lt_argv_zero;
+  intptr_t rval = 127;
+
+  int i;
+
+  program_name = (char *) xstrdup (base_name (argv[0]));
+  LTWRAPPER_DEBUGPRINTF (("(main) argv[0]      : %s\n", argv[0]));
+  LTWRAPPER_DEBUGPRINTF (("(main) program_name : %s\n", program_name));
+
+  /* very simple arg parsing; don't want to rely on getopt */
+  for (i = 1; i < argc; i++)
+    {
+      if (strcmp (argv[i], dumpscript_opt) == 0)
+	{
+EOF
+	    case "$host" in
+	      *mingw* | *cygwin* )
+		# make stdout use "unix" line endings
+		echo "          setmode(1,_O_BINARY);"
+		;;
+	      esac
+
+	    cat <<"EOF"
+	  printf ("%s", script_text_part1);
+	  printf ("%s", script_text_part2);
+	  return 0;
+	}
+    }
+
+  newargz = XMALLOC (char *, argc + 1);
+  tmp_pathspec = find_executable (argv[0]);
+  if (tmp_pathspec == NULL)
+    lt_fatal ("Couldn't find %s", argv[0]);
+  LTWRAPPER_DEBUGPRINTF (("(main) found exe (before symlink chase) at : %s\n",
+			  tmp_pathspec));
+
+  actual_cwrapper_path = chase_symlinks (tmp_pathspec);
+  LTWRAPPER_DEBUGPRINTF (("(main) found exe (after symlink chase) at : %s\n",
+			  actual_cwrapper_path));
+  XFREE (tmp_pathspec);
+
+  actual_cwrapper_name = xstrdup( base_name (actual_cwrapper_path));
+  strendzap (actual_cwrapper_path, actual_cwrapper_name);
+
+  /* wrapper name transforms */
+  strendzap (actual_cwrapper_name, ".exe");
+  tmp_pathspec = lt_extend_str (actual_cwrapper_name, ".exe", 1);
+  XFREE (actual_cwrapper_name);
+  actual_cwrapper_name = tmp_pathspec;
+  tmp_pathspec = 0;
+
+  /* target_name transforms -- use actual target program name; might have lt- prefix */
+  target_name = xstrdup (base_name (TARGET_PROGRAM_NAME));
+  strendzap (target_name, ".exe");
+  tmp_pathspec = lt_extend_str (target_name, ".exe", 1);
+  XFREE (target_name);
+  target_name = tmp_pathspec;
+  tmp_pathspec = 0;
+
+  LTWRAPPER_DEBUGPRINTF (("(main) libtool target name: %s\n",
+			  target_name));
+EOF
+
+	    cat <<EOF
+  newargz[0] =
+    XMALLOC (char, (strlen (actual_cwrapper_path) +
+		    strlen ("$objdir") + 1 + strlen (actual_cwrapper_name) + 1));
+  strcpy (newargz[0], actual_cwrapper_path);
+  strcat (newargz[0], "$objdir");
+  strcat (newargz[0], "/");
+EOF
+
+	    cat <<"EOF"
+  /* stop here, and copy so we don't have to do this twice */
+  tmp_pathspec = xstrdup (newargz[0]);
+
+  /* do NOT want the lt- prefix here, so use actual_cwrapper_name */
+  strcat (newargz[0], actual_cwrapper_name);
+
+  /* DO want the lt- prefix here if it exists, so use target_name */
+  lt_argv_zero = lt_extend_str (tmp_pathspec, target_name, 1);
+  XFREE (tmp_pathspec);
+  tmp_pathspec = NULL;
+EOF
+
+	    case $host_os in
+	      mingw*)
+	    cat <<"EOF"
+  {
+    char* p;
+    while ((p = strchr (newargz[0], '\\')) != NULL)
+      {
+	*p = '/';
+      }
+    while ((p = strchr (lt_argv_zero, '\\')) != NULL)
+      {
+	*p = '/';
+      }
+  }
+EOF
+	    ;;
+	    esac
+
+	    cat <<"EOF"
+  XFREE (target_name);
+  XFREE (actual_cwrapper_path);
+  XFREE (actual_cwrapper_name);
+
+  lt_setenv ("BIN_SH", "xpg4"); /* for Tru64 */
+  lt_setenv ("DUALCASE", "1");  /* for MSK sh */
+  lt_update_lib_path (LIB_PATH_VARNAME, LIB_PATH_VALUE);
+  lt_update_exe_path (EXE_PATH_VARNAME, EXE_PATH_VALUE);
+
+  newargc=0;
+  for (i = 1; i < argc; i++)
+    {
+      if (strncmp (argv[i], env_set_opt, env_set_opt_len) == 0)
+        {
+          if (argv[i][env_set_opt_len] == '=')
+            {
+              const char *p = argv[i] + env_set_opt_len + 1;
+              lt_opt_process_env_set (p);
+            }
+          else if (argv[i][env_set_opt_len] == '\0' && i + 1 < argc)
+            {
+              lt_opt_process_env_set (argv[++i]); /* don't copy */
+            }
+          else
+            lt_fatal ("%s missing required argument", env_set_opt);
+          continue;
+        }
+      if (strncmp (argv[i], env_prepend_opt, env_prepend_opt_len) == 0)
+        {
+          if (argv[i][env_prepend_opt_len] == '=')
+            {
+              const char *p = argv[i] + env_prepend_opt_len + 1;
+              lt_opt_process_env_prepend (p);
+            }
+          else if (argv[i][env_prepend_opt_len] == '\0' && i + 1 < argc)
+            {
+              lt_opt_process_env_prepend (argv[++i]); /* don't copy */
+            }
+          else
+            lt_fatal ("%s missing required argument", env_prepend_opt);
+          continue;
+        }
+      if (strncmp (argv[i], env_append_opt, env_append_opt_len) == 0)
+        {
+          if (argv[i][env_append_opt_len] == '=')
+            {
+              const char *p = argv[i] + env_append_opt_len + 1;
+              lt_opt_process_env_append (p);
+            }
+          else if (argv[i][env_append_opt_len] == '\0' && i + 1 < argc)
+            {
+              lt_opt_process_env_append (argv[++i]); /* don't copy */
+            }
+          else
+            lt_fatal ("%s missing required argument", env_append_opt);
+          continue;
+        }
+      if (strncmp (argv[i], ltwrapper_option_prefix, opt_prefix_len) == 0)
+        {
+          /* however, if there is an option in the LTWRAPPER_OPTION_PREFIX
+             namespace, but it is not one of the ones we know about and
+             have already dealt with, above (inluding dump-script), then
+             report an error. Otherwise, targets might begin to believe
+             they are allowed to use options in the LTWRAPPER_OPTION_PREFIX
+             namespace. The first time any user complains about this, we'll
+             need to make LTWRAPPER_OPTION_PREFIX a configure-time option
+             or a configure.ac-settable value.
+           */
+          lt_fatal ("Unrecognized option in %s namespace: '%s'",
+                    ltwrapper_option_prefix, argv[i]);
+        }
+      /* otherwise ... */
+      newargz[++newargc] = xstrdup (argv[i]);
+    }
+  newargz[++newargc] = NULL;
+
+  LTWRAPPER_DEBUGPRINTF     (("(main) lt_argv_zero : %s\n", (lt_argv_zero ? lt_argv_zero : "<NULL>")));
+  for (i = 0; i < newargc; i++)
+    {
+      LTWRAPPER_DEBUGPRINTF (("(main) newargz[%d]   : %s\n", i, (newargz[i] ? newargz[i] : "<NULL>")));
+    }
+
+EOF
+
+	    case $host_os in
+	      mingw*)
+		cat <<"EOF"
+  /* execv doesn't actually work on mingw as expected on unix */
+  rval = _spawnv (_P_WAIT, lt_argv_zero, (const char * const *) newargz);
+  if (rval == -1)
+    {
+      /* failed to start process */
+      LTWRAPPER_DEBUGPRINTF (("(main) failed to launch target \"%s\": errno = %d\n", lt_argv_zero, errno));
+      return 127;
+    }
+  return rval;
+EOF
+		;;
+	      *)
+		cat <<"EOF"
+  execv (lt_argv_zero, newargz);
+  return rval; /* =127, but avoids unused variable warning */
+EOF
+		;;
+	    esac
+
+	    cat <<"EOF"
+}
+
+void *
+xmalloc (size_t num)
+{
+  void *p = (void *) malloc (num);
+  if (!p)
+    lt_fatal ("Memory exhausted");
+
+  return p;
+}
+
+char *
+xstrdup (const char *string)
+{
+  return string ? strcpy ((char *) xmalloc (strlen (string) + 1),
+			  string) : NULL;
+}
+
+const char *
+base_name (const char *name)
+{
+  const char *base;
+
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+  /* Skip over the disk name in MSDOS pathnames. */
+  if (isalpha ((unsigned char) name[0]) && name[1] == ':')
+    name += 2;
+#endif
+
+  for (base = name; *name; name++)
+    if (IS_DIR_SEPARATOR (*name))
+      base = name + 1;
+  return base;
+}
+
+int
+check_executable (const char *path)
+{
+  struct stat st;
+
+  LTWRAPPER_DEBUGPRINTF (("(check_executable)  : %s\n",
+			  path ? (*path ? path : "EMPTY!") : "NULL!"));
+  if ((!path) || (!*path))
+    return 0;
+
+  if ((stat (path, &st) >= 0)
+      && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)))
+    return 1;
+  else
+    return 0;
+}
+
+int
+make_executable (const char *path)
+{
+  int rval = 0;
+  struct stat st;
+
+  LTWRAPPER_DEBUGPRINTF (("(make_executable)   : %s\n",
+			  path ? (*path ? path : "EMPTY!") : "NULL!"));
+  if ((!path) || (!*path))
+    return 0;
+
+  if (stat (path, &st) >= 0)
+    {
+      rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR);
+    }
+  return rval;
+}
+
+/* Searches for the full path of the wrapper.  Returns
+   newly allocated full path name if found, NULL otherwise
+   Does not chase symlinks, even on platforms that support them.
+*/
+char *
+find_executable (const char *wrapper)
+{
+  int has_slash = 0;
+  const char *p;
+  const char *p_next;
+  /* static buffer for getcwd */
+  char tmp[LT_PATHMAX + 1];
+  int tmp_len;
+  char *concat_name;
+
+  LTWRAPPER_DEBUGPRINTF (("(find_executable)   : %s\n",
+			  wrapper ? (*wrapper ? wrapper : "EMPTY!") : "NULL!"));
+
+  if ((wrapper == NULL) || (*wrapper == '\0'))
+    return NULL;
+
+  /* Absolute path? */
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+  if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':')
+    {
+      concat_name = xstrdup (wrapper);
+      if (check_executable (concat_name))
+	return concat_name;
+      XFREE (concat_name);
+    }
+  else
+    {
+#endif
+      if (IS_DIR_SEPARATOR (wrapper[0]))
+	{
+	  concat_name = xstrdup (wrapper);
+	  if (check_executable (concat_name))
+	    return concat_name;
+	  XFREE (concat_name);
+	}
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+    }
+#endif
+
+  for (p = wrapper; *p; p++)
+    if (*p == '/')
+      {
+	has_slash = 1;
+	break;
+      }
+  if (!has_slash)
+    {
+      /* no slashes; search PATH */
+      const char *path = getenv ("PATH");
+      if (path != NULL)
+	{
+	  for (p = path; *p; p = p_next)
+	    {
+	      const char *q;
+	      size_t p_len;
+	      for (q = p; *q; q++)
+		if (IS_PATH_SEPARATOR (*q))
+		  break;
+	      p_len = q - p;
+	      p_next = (*q == '\0' ? q : q + 1);
+	      if (p_len == 0)
+		{
+		  /* empty path: current directory */
+		  if (getcwd (tmp, LT_PATHMAX) == NULL)
+		    lt_fatal ("getcwd failed");
+		  tmp_len = strlen (tmp);
+		  concat_name =
+		    XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1);
+		  memcpy (concat_name, tmp, tmp_len);
+		  concat_name[tmp_len] = '/';
+		  strcpy (concat_name + tmp_len + 1, wrapper);
+		}
+	      else
+		{
+		  concat_name =
+		    XMALLOC (char, p_len + 1 + strlen (wrapper) + 1);
+		  memcpy (concat_name, p, p_len);
+		  concat_name[p_len] = '/';
+		  strcpy (concat_name + p_len + 1, wrapper);
+		}
+	      if (check_executable (concat_name))
+		return concat_name;
+	      XFREE (concat_name);
+	    }
+	}
+      /* not found in PATH; assume curdir */
+    }
+  /* Relative path | not found in path: prepend cwd */
+  if (getcwd (tmp, LT_PATHMAX) == NULL)
+    lt_fatal ("getcwd failed");
+  tmp_len = strlen (tmp);
+  concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1);
+  memcpy (concat_name, tmp, tmp_len);
+  concat_name[tmp_len] = '/';
+  strcpy (concat_name + tmp_len + 1, wrapper);
+
+  if (check_executable (concat_name))
+    return concat_name;
+  XFREE (concat_name);
+  return NULL;
+}
+
+char *
+chase_symlinks (const char *pathspec)
+{
+#ifndef S_ISLNK
+  return xstrdup (pathspec);
+#else
+  char buf[LT_PATHMAX];
+  struct stat s;
+  char *tmp_pathspec = xstrdup (pathspec);
+  char *p;
+  int has_symlinks = 0;
+  while (strlen (tmp_pathspec) && !has_symlinks)
+    {
+      LTWRAPPER_DEBUGPRINTF (("checking path component for symlinks: %s\n",
+			      tmp_pathspec));
+      if (lstat (tmp_pathspec, &s) == 0)
+	{
+	  if (S_ISLNK (s.st_mode) != 0)
+	    {
+	      has_symlinks = 1;
+	      break;
+	    }
+
+	  /* search backwards for last DIR_SEPARATOR */
+	  p = tmp_pathspec + strlen (tmp_pathspec) - 1;
+	  while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p)))
+	    p--;
+	  if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p)))
+	    {
+	      /* no more DIR_SEPARATORS left */
+	      break;
+	    }
+	  *p = '\0';
+	}
+      else
+	{
+	  char *errstr = strerror (errno);
+	  lt_fatal ("Error accessing file %s (%s)", tmp_pathspec, errstr);
+	}
+    }
+  XFREE (tmp_pathspec);
+
+  if (!has_symlinks)
+    {
+      return xstrdup (pathspec);
+    }
+
+  tmp_pathspec = realpath (pathspec, buf);
+  if (tmp_pathspec == 0)
+    {
+      lt_fatal ("Could not follow symlinks for %s", pathspec);
+    }
+  return xstrdup (tmp_pathspec);
+#endif
+}
+
+char *
+strendzap (char *str, const char *pat)
+{
+  size_t len, patlen;
+
+  assert (str != NULL);
+  assert (pat != NULL);
+
+  len = strlen (str);
+  patlen = strlen (pat);
+
+  if (patlen <= len)
+    {
+      str += len - patlen;
+      if (strcmp (str, pat) == 0)
+	*str = '\0';
+    }
+  return str;
+}
+
+static void
+lt_error_core (int exit_status, const char *mode,
+	       const char *message, va_list ap)
+{
+  fprintf (stderr, "%s: %s: ", program_name, mode);
+  vfprintf (stderr, message, ap);
+  fprintf (stderr, ".\n");
+
+  if (exit_status >= 0)
+    exit (exit_status);
+}
+
+void
+lt_fatal (const char *message, ...)
+{
+  va_list ap;
+  va_start (ap, message);
+  lt_error_core (EXIT_FAILURE, "FATAL", message, ap);
+  va_end (ap);
+}
+
+void
+lt_setenv (const char *name, const char *value)
+{
+  LTWRAPPER_DEBUGPRINTF (("(lt_setenv) setting '%s' to '%s'\n",
+                          (name ? name : "<NULL>"),
+                          (value ? value : "<NULL>")));
+  {
+#ifdef HAVE_SETENV
+    /* always make a copy, for consistency with !HAVE_SETENV */
+    char *str = xstrdup (value);
+    setenv (name, str, 1);
+#else
+    int len = strlen (name) + 1 + strlen (value) + 1;
+    char *str = XMALLOC (char, len);
+    sprintf (str, "%s=%s", name, value);
+    if (putenv (str) != EXIT_SUCCESS)
+      {
+        XFREE (str);
+      }
+#endif
+  }
+}
+
+char *
+lt_extend_str (const char *orig_value, const char *add, int to_end)
+{
+  char *new_value;
+  if (orig_value && *orig_value)
+    {
+      int orig_value_len = strlen (orig_value);
+      int add_len = strlen (add);
+      new_value = XMALLOC (char, add_len + orig_value_len + 1);
+      if (to_end)
+        {
+          strcpy (new_value, orig_value);
+          strcpy (new_value + orig_value_len, add);
+        }
+      else
+        {
+          strcpy (new_value, add);
+          strcpy (new_value + add_len, orig_value);
+        }
+    }
+  else
+    {
+      new_value = xstrdup (add);
+    }
+  return new_value;
+}
+
+int
+lt_split_name_value (const char *arg, char** name, char** value)
+{
+  const char *p;
+  int len;
+  if (!arg || !*arg)
+    return 1;
+
+  p = strchr (arg, (int)'=');
+
+  if (!p)
+    return 1;
+
+  *value = xstrdup (++p);
+
+  len = strlen (arg) - strlen (*value);
+  *name = XMALLOC (char, len);
+  strncpy (*name, arg, len-1);
+  (*name)[len - 1] = '\0';
+
+  return 0;
+}
+
+void
+lt_opt_process_env_set (const char *arg)
+{
+  char *name = NULL;
+  char *value = NULL;
+
+  if (lt_split_name_value (arg, &name, &value) != 0)
+    {
+      XFREE (name);
+      XFREE (value);
+      lt_fatal ("bad argument for %s: '%s'", env_set_opt, arg);
+    }
+
+  lt_setenv (name, value);
+  XFREE (name);
+  XFREE (value);
+}
+
+void
+lt_opt_process_env_prepend (const char *arg)
+{
+  char *name = NULL;
+  char *value = NULL;
+  char *new_value = NULL;
+
+  if (lt_split_name_value (arg, &name, &value) != 0)
+    {
+      XFREE (name);
+      XFREE (value);
+      lt_fatal ("bad argument for %s: '%s'", env_prepend_opt, arg);
+    }
+
+  new_value = lt_extend_str (getenv (name), value, 0);
+  lt_setenv (name, new_value);
+  XFREE (new_value);
+  XFREE (name);
+  XFREE (value);
+}
+
+void
+lt_opt_process_env_append (const char *arg)
+{
+  char *name = NULL;
+  char *value = NULL;
+  char *new_value = NULL;
+
+  if (lt_split_name_value (arg, &name, &value) != 0)
+    {
+      XFREE (name);
+      XFREE (value);
+      lt_fatal ("bad argument for %s: '%s'", env_append_opt, arg);
+    }
+
+  new_value = lt_extend_str (getenv (name), value, 1);
+  lt_setenv (name, new_value);
+  XFREE (new_value);
+  XFREE (name);
+  XFREE (value);
+}
+
+void
+lt_update_exe_path (const char *name, const char *value)
+{
+  LTWRAPPER_DEBUGPRINTF (("(lt_update_exe_path) modifying '%s' by prepending '%s'\n",
+                          (name ? name : "<NULL>"),
+                          (value ? value : "<NULL>")));
+
+  if (name && *name && value && *value)
+    {
+      char *new_value = lt_extend_str (getenv (name), value, 0);
+      /* some systems can't cope with a ':'-terminated path #' */
+      int len = strlen (new_value);
+      while (((len = strlen (new_value)) > 0) && IS_PATH_SEPARATOR (new_value[len-1]))
+        {
+          new_value[len-1] = '\0';
+        }
+      lt_setenv (name, new_value);
+      XFREE (new_value);
+    }
+}
+
+void
+lt_update_lib_path (const char *name, const char *value)
+{
+  LTWRAPPER_DEBUGPRINTF (("(lt_update_lib_path) modifying '%s' by prepending '%s'\n",
+                          (name ? name : "<NULL>"),
+                          (value ? value : "<NULL>")));
+
+  if (name && *name && value && *value)
+    {
+      char *new_value = lt_extend_str (getenv (name), value, 0);
+      lt_setenv (name, new_value);
+      XFREE (new_value);
+    }
+}
+
+
+EOF
+}
+# end: func_emit_cwrapperexe_src
+
+# func_mode_link arg...
+func_mode_link ()
+{
+    $opt_debug
+    case $host in
+    *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+      # It is impossible to link a dll without this setting, and
+      # we shouldn't force the makefile maintainer to figure out
+      # which system we are compiling for in order to pass an extra
+      # flag for every libtool invocation.
+      # allow_undefined=no
+
+      # FIXME: Unfortunately, there are problems with the above when trying
+      # to make a dll which has undefined symbols, in which case not
+      # even a static library is built.  For now, we need to specify
+      # -no-undefined on the libtool link line when we can be certain
+      # that all symbols are satisfied, otherwise we get a static library.
+      allow_undefined=yes
+      ;;
+    *)
+      allow_undefined=yes
+      ;;
+    esac
+    libtool_args=$nonopt
+    base_compile="$nonopt $@"
+    compile_command=$nonopt
+    finalize_command=$nonopt
+
+    compile_rpath=
+    finalize_rpath=
+    compile_shlibpath=
+    finalize_shlibpath=
+    convenience=
+    old_convenience=
+    deplibs=
+    old_deplibs=
+    compiler_flags=
+    linker_flags=
+    dllsearchpath=
+    lib_search_path=`pwd`
+    inst_prefix_dir=
+    new_inherited_linker_flags=
+
+    avoid_version=no
+    dlfiles=
+    dlprefiles=
+    dlself=no
+    export_dynamic=no
+    export_symbols=
+    export_symbols_regex=
+    generated=
+    libobjs=
+    ltlibs=
+    module=no
+    no_install=no
+    objs=
+    non_pic_objects=
+    precious_files_regex=
+    prefer_static_libs=no
+    preload=no
+    prev=
+    prevarg=
+    release=
+    rpath=
+    xrpath=
+    perm_rpath=
+    temp_rpath=
+    thread_safe=no
+    vinfo=
+    vinfo_number=no
+    weak_libs=
+    single_module="${wl}-single_module"
+    func_infer_tag $base_compile
+
+    # We need to know -static, to get the right output filenames.
+    for arg
+    do
+      case $arg in
+      -shared)
+	test "$build_libtool_libs" != yes && \
+	  func_fatal_configuration "can not build a shared library"
+	build_old_libs=no
+	break
+	;;
+      -all-static | -static | -static-libtool-libs)
+	case $arg in
+	-all-static)
+	  if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then
+	    func_warning "complete static linking is impossible in this configuration"
+	  fi
+	  if test -n "$link_static_flag"; then
+	    dlopen_self=$dlopen_self_static
+	  fi
+	  prefer_static_libs=yes
+	  ;;
+	-static)
+	  if test -z "$pic_flag" && test -n "$link_static_flag"; then
+	    dlopen_self=$dlopen_self_static
+	  fi
+	  prefer_static_libs=built
+	  ;;
+	-static-libtool-libs)
+	  if test -z "$pic_flag" && test -n "$link_static_flag"; then
+	    dlopen_self=$dlopen_self_static
+	  fi
+	  prefer_static_libs=yes
+	  ;;
+	esac
+	build_libtool_libs=no
+	build_old_libs=yes
+	break
+	;;
+      esac
+    done
+
+    # See if our shared archives depend on static archives.
+    test -n "$old_archive_from_new_cmds" && build_old_libs=yes
+
+    # Go through the arguments, transforming them on the way.
+    while test "$#" -gt 0; do
+      arg="$1"
+      shift
+      func_quote_for_eval "$arg"
+      qarg=$func_quote_for_eval_unquoted_result
+      func_append libtool_args " $func_quote_for_eval_result"
+
+      # If the previous option needs an argument, assign it.
+      if test -n "$prev"; then
+	case $prev in
+	output)
+	  func_append compile_command " @OUTPUT@"
+	  func_append finalize_command " @OUTPUT@"
+	  ;;
+	esac
+
+	case $prev in
+	dlfiles|dlprefiles)
+	  if test "$preload" = no; then
+	    # Add the symbol object into the linking commands.
+	    func_append compile_command " @SYMFILE@"
+	    func_append finalize_command " @SYMFILE@"
+	    preload=yes
+	  fi
+	  case $arg in
+	  *.la | *.lo) ;;  # We handle these cases below.
+	  force)
+	    if test "$dlself" = no; then
+	      dlself=needless
+	      export_dynamic=yes
+	    fi
+	    prev=
+	    continue
+	    ;;
+	  self)
+	    if test "$prev" = dlprefiles; then
+	      dlself=yes
+	    elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then
+	      dlself=yes
+	    else
+	      dlself=needless
+	      export_dynamic=yes
+	    fi
+	    prev=
+	    continue
+	    ;;
+	  *)
+	    if test "$prev" = dlfiles; then
+	      dlfiles="$dlfiles $arg"
+	    else
+	      dlprefiles="$dlprefiles $arg"
+	    fi
+	    prev=
+	    continue
+	    ;;
+	  esac
+	  ;;
+	expsyms)
+	  export_symbols="$arg"
+	  test -f "$arg" \
+	    || func_fatal_error "symbol file \`$arg' does not exist"
+	  prev=
+	  continue
+	  ;;
+	expsyms_regex)
+	  export_symbols_regex="$arg"
+	  prev=
+	  continue
+	  ;;
+	framework)
+	  case $host in
+	    *-*-darwin*)
+	      case "$deplibs " in
+		*" $qarg.ltframework "*) ;;
+		*) deplibs="$deplibs $qarg.ltframework" # this is fixed later
+		   ;;
+	      esac
+	      ;;
+	  esac
+	  prev=
+	  continue
+	  ;;
+	inst_prefix)
+	  inst_prefix_dir="$arg"
+	  prev=
+	  continue
+	  ;;
+	objectlist)
+	  if test -f "$arg"; then
+	    save_arg=$arg
+	    moreargs=
+	    for fil in `cat "$save_arg"`
+	    do
+#	      moreargs="$moreargs $fil"
+	      arg=$fil
+	      # A libtool-controlled object.
+
+	      # Check to see that this really is a libtool object.
+	      if func_lalib_unsafe_p "$arg"; then
+		pic_object=
+		non_pic_object=
+
+		# Read the .lo file
+		func_source "$arg"
+
+		if test -z "$pic_object" ||
+		   test -z "$non_pic_object" ||
+		   test "$pic_object" = none &&
+		   test "$non_pic_object" = none; then
+		  func_fatal_error "cannot find name of object for \`$arg'"
+		fi
+
+		# Extract subdirectory from the argument.
+		func_dirname "$arg" "/" ""
+		xdir="$func_dirname_result"
+
+		if test "$pic_object" != none; then
+		  # Prepend the subdirectory the object is found in.
+		  pic_object="$xdir$pic_object"
+
+		  if test "$prev" = dlfiles; then
+		    if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+		      dlfiles="$dlfiles $pic_object"
+		      prev=
+		      continue
+		    else
+		      # If libtool objects are unsupported, then we need to preload.
+		      prev=dlprefiles
+		    fi
+		  fi
+
+		  # CHECK ME:  I think I busted this.  -Ossama
+		  if test "$prev" = dlprefiles; then
+		    # Preload the old-style object.
+		    dlprefiles="$dlprefiles $pic_object"
+		    prev=
+		  fi
+
+		  # A PIC object.
+		  func_append libobjs " $pic_object"
+		  arg="$pic_object"
+		fi
+
+		# Non-PIC object.
+		if test "$non_pic_object" != none; then
+		  # Prepend the subdirectory the object is found in.
+		  non_pic_object="$xdir$non_pic_object"
+
+		  # A standard non-PIC object
+		  func_append non_pic_objects " $non_pic_object"
+		  if test -z "$pic_object" || test "$pic_object" = none ; then
+		    arg="$non_pic_object"
+		  fi
+		else
+		  # If the PIC object exists, use it instead.
+		  # $xdir was prepended to $pic_object above.
+		  non_pic_object="$pic_object"
+		  func_append non_pic_objects " $non_pic_object"
+		fi
+	      else
+		# Only an error if not doing a dry-run.
+		if $opt_dry_run; then
+		  # Extract subdirectory from the argument.
+		  func_dirname "$arg" "/" ""
+		  xdir="$func_dirname_result"
+
+		  func_lo2o "$arg"
+		  pic_object=$xdir$objdir/$func_lo2o_result
+		  non_pic_object=$xdir$func_lo2o_result
+		  func_append libobjs " $pic_object"
+		  func_append non_pic_objects " $non_pic_object"
+	        else
+		  func_fatal_error "\`$arg' is not a valid libtool object"
+		fi
+	      fi
+	    done
+	  else
+	    func_fatal_error "link input file \`$arg' does not exist"
+	  fi
+	  arg=$save_arg
+	  prev=
+	  continue
+	  ;;
+	precious_regex)
+	  precious_files_regex="$arg"
+	  prev=
+	  continue
+	  ;;
+	release)
+	  release="-$arg"
+	  prev=
+	  continue
+	  ;;
+	rpath | xrpath)
+	  # We need an absolute path.
+	  case $arg in
+	  [\\/]* | [A-Za-z]:[\\/]*) ;;
+	  *)
+	    func_fatal_error "only absolute run-paths are allowed"
+	    ;;
+	  esac
+	  if test "$prev" = rpath; then
+	    case "$rpath " in
+	    *" $arg "*) ;;
+	    *) rpath="$rpath $arg" ;;
+	    esac
+	  else
+	    case "$xrpath " in
+	    *" $arg "*) ;;
+	    *) xrpath="$xrpath $arg" ;;
+	    esac
+	  fi
+	  prev=
+	  continue
+	  ;;
+	shrext)
+	  shrext_cmds="$arg"
+	  prev=
+	  continue
+	  ;;
+	weak)
+	  weak_libs="$weak_libs $arg"
+	  prev=
+	  continue
+	  ;;
+	xcclinker)
+	  linker_flags="$linker_flags $qarg"
+	  compiler_flags="$compiler_flags $qarg"
+	  prev=
+	  func_append compile_command " $qarg"
+	  func_append finalize_command " $qarg"
+	  continue
+	  ;;
+	xcompiler)
+	  compiler_flags="$compiler_flags $qarg"
+	  prev=
+	  func_append compile_command " $qarg"
+	  func_append finalize_command " $qarg"
+	  continue
+	  ;;
+	xlinker)
+	  linker_flags="$linker_flags $qarg"
+	  compiler_flags="$compiler_flags $wl$qarg"
+	  prev=
+	  func_append compile_command " $wl$qarg"
+	  func_append finalize_command " $wl$qarg"
+	  continue
+	  ;;
+	*)
+	  eval "$prev=\"\$arg\""
+	  prev=
+	  continue
+	  ;;
+	esac
+      fi # test -n "$prev"
+
+      prevarg="$arg"
+
+      case $arg in
+      -all-static)
+	if test -n "$link_static_flag"; then
+	  # See comment for -static flag below, for more details.
+	  func_append compile_command " $link_static_flag"
+	  func_append finalize_command " $link_static_flag"
+	fi
+	continue
+	;;
+
+      -allow-undefined)
+	# FIXME: remove this flag sometime in the future.
+	func_fatal_error "\`-allow-undefined' must not be used because it is the default"
+	;;
+
+      -avoid-version)
+	avoid_version=yes
+	continue
+	;;
+
+      -dlopen)
+	prev=dlfiles
+	continue
+	;;
+
+      -dlpreopen)
+	prev=dlprefiles
+	continue
+	;;
+
+      -export-dynamic)
+	export_dynamic=yes
+	continue
+	;;
+
+      -export-symbols | -export-symbols-regex)
+	if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
+	  func_fatal_error "more than one -exported-symbols argument is not allowed"
+	fi
+	if test "X$arg" = "X-export-symbols"; then
+	  prev=expsyms
+	else
+	  prev=expsyms_regex
+	fi
+	continue
+	;;
+
+      -framework)
+	prev=framework
+	continue
+	;;
+
+      -inst-prefix-dir)
+	prev=inst_prefix
+	continue
+	;;
+
+      # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:*
+      # so, if we see these flags be careful not to treat them like -L
+      -L[A-Z][A-Z]*:*)
+	case $with_gcc/$host in
+	no/*-*-irix* | /*-*-irix*)
+	  func_append compile_command " $arg"
+	  func_append finalize_command " $arg"
+	  ;;
+	esac
+	continue
+	;;
+
+      -L*)
+	func_stripname '-L' '' "$arg"
+	dir=$func_stripname_result
+	if test -z "$dir"; then
+	  if test "$#" -gt 0; then
+	    func_fatal_error "require no space between \`-L' and \`$1'"
+	  else
+	    func_fatal_error "need path for \`-L' option"
+	  fi
+	fi
+	# We need an absolute path.
+	case $dir in
+	[\\/]* | [A-Za-z]:[\\/]*) ;;
+	*)
+	  absdir=`cd "$dir" && pwd`
+	  test -z "$absdir" && \
+	    func_fatal_error "cannot determine absolute directory name of \`$dir'"
+	  dir="$absdir"
+	  ;;
+	esac
+	case "$deplibs " in
+	*" -L$dir "*) ;;
+	*)
+	  deplibs="$deplibs -L$dir"
+	  lib_search_path="$lib_search_path $dir"
+	  ;;
+	esac
+	case $host in
+	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+	  testbindir=`$ECHO "X$dir" | $Xsed -e 's*/lib$*/bin*'`
+	  case :$dllsearchpath: in
+	  *":$dir:"*) ;;
+	  ::) dllsearchpath=$dir;;
+	  *) dllsearchpath="$dllsearchpath:$dir";;
+	  esac
+	  case :$dllsearchpath: in
+	  *":$testbindir:"*) ;;
+	  ::) dllsearchpath=$testbindir;;
+	  *) dllsearchpath="$dllsearchpath:$testbindir";;
+	  esac
+	  ;;
+	esac
+	continue
+	;;
+
+      -l*)
+	if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then
+	  case $host in
+	  *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc*)
+	    # These systems don't actually have a C or math library (as such)
+	    continue
+	    ;;
+	  *-*-os2*)
+	    # These systems don't actually have a C library (as such)
+	    test "X$arg" = "X-lc" && continue
+	    ;;
+	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+	    # Do not include libc due to us having libc/libc_r.
+	    test "X$arg" = "X-lc" && continue
+	    ;;
+	  *-*-rhapsody* | *-*-darwin1.[012])
+	    # Rhapsody C and math libraries are in the System framework
+	    deplibs="$deplibs System.ltframework"
+	    continue
+	    ;;
+	  *-*-sco3.2v5* | *-*-sco5v6*)
+	    # Causes problems with __ctype
+	    test "X$arg" = "X-lc" && continue
+	    ;;
+	  *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
+	    # Compiler inserts libc in the correct place for threads to work
+	    test "X$arg" = "X-lc" && continue
+	    ;;
+	  esac
+	elif test "X$arg" = "X-lc_r"; then
+	 case $host in
+	 *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+	   # Do not include libc_r directly, use -pthread flag.
+	   continue
+	   ;;
+	 esac
+	fi
+	deplibs="$deplibs $arg"
+	continue
+	;;
+
+      -module)
+	module=yes
+	continue
+	;;
+
+      # Tru64 UNIX uses -model [arg] to determine the layout of C++
+      # classes, name mangling, and exception handling.
+      # Darwin uses the -arch flag to determine output architecture.
+      -model|-arch|-isysroot)
+	compiler_flags="$compiler_flags $arg"
+	func_append compile_command " $arg"
+	func_append finalize_command " $arg"
+	prev=xcompiler
+	continue
+	;;
+
+      -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
+	compiler_flags="$compiler_flags $arg"
+	func_append compile_command " $arg"
+	func_append finalize_command " $arg"
+	case "$new_inherited_linker_flags " in
+	    *" $arg "*) ;;
+	    * ) new_inherited_linker_flags="$new_inherited_linker_flags $arg" ;;
+	esac
+	continue
+	;;
+
+      -multi_module)
+	single_module="${wl}-multi_module"
+	continue
+	;;
+
+      -no-fast-install)
+	fast_install=no
+	continue
+	;;
+
+      -no-install)
+	case $host in
+	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*)
+	  # The PATH hackery in wrapper scripts is required on Windows
+	  # and Darwin in order for the loader to find any dlls it needs.
+	  func_warning "\`-no-install' is ignored for $host"
+	  func_warning "assuming \`-no-fast-install' instead"
+	  fast_install=no
+	  ;;
+	*) no_install=yes ;;
+	esac
+	continue
+	;;
+
+      -no-undefined)
+	allow_undefined=no
+	continue
+	;;
+
+      -objectlist)
+	prev=objectlist
+	continue
+	;;
+
+      -o) prev=output ;;
+
+      -precious-files-regex)
+	prev=precious_regex
+	continue
+	;;
+
+      -release)
+	prev=release
+	continue
+	;;
+
+      -rpath)
+	prev=rpath
+	continue
+	;;
+
+      -R)
+	prev=xrpath
+	continue
+	;;
+
+      -R*)
+	func_stripname '-R' '' "$arg"
+	dir=$func_stripname_result
+	# We need an absolute path.
+	case $dir in
+	[\\/]* | [A-Za-z]:[\\/]*) ;;
+	*)
+	  func_fatal_error "only absolute run-paths are allowed"
+	  ;;
+	esac
+	case "$xrpath " in
+	*" $dir "*) ;;
+	*) xrpath="$xrpath $dir" ;;
+	esac
+	continue
+	;;
+
+      -shared)
+	# The effects of -shared are defined in a previous loop.
+	continue
+	;;
+
+      -shrext)
+	prev=shrext
+	continue
+	;;
+
+      -static | -static-libtool-libs)
+	# The effects of -static are defined in a previous loop.
+	# We used to do the same as -all-static on platforms that
+	# didn't have a PIC flag, but the assumption that the effects
+	# would be equivalent was wrong.  It would break on at least
+	# Digital Unix and AIX.
+	continue
+	;;
+
+      -thread-safe)
+	thread_safe=yes
+	continue
+	;;
+
+      -version-info)
+	prev=vinfo
+	continue
+	;;
+
+      -version-number)
+	prev=vinfo
+	vinfo_number=yes
+	continue
+	;;
+
+      -weak)
+        prev=weak
+	continue
+	;;
+
+      -Wc,*)
+	func_stripname '-Wc,' '' "$arg"
+	args=$func_stripname_result
+	arg=
+	save_ifs="$IFS"; IFS=','
+	for flag in $args; do
+	  IFS="$save_ifs"
+          func_quote_for_eval "$flag"
+	  arg="$arg $wl$func_quote_for_eval_result"
+	  compiler_flags="$compiler_flags $func_quote_for_eval_result"
+	done
+	IFS="$save_ifs"
+	func_stripname ' ' '' "$arg"
+	arg=$func_stripname_result
+	;;
+
+      -Wl,*)
+	func_stripname '-Wl,' '' "$arg"
+	args=$func_stripname_result
+	arg=
+	save_ifs="$IFS"; IFS=','
+	for flag in $args; do
+	  IFS="$save_ifs"
+          func_quote_for_eval "$flag"
+	  arg="$arg $wl$func_quote_for_eval_result"
+	  compiler_flags="$compiler_flags $wl$func_quote_for_eval_result"
+	  linker_flags="$linker_flags $func_quote_for_eval_result"
+	done
+	IFS="$save_ifs"
+	func_stripname ' ' '' "$arg"
+	arg=$func_stripname_result
+	;;
+
+      -Xcompiler)
+	prev=xcompiler
+	continue
+	;;
+
+      -Xlinker)
+	prev=xlinker
+	continue
+	;;
+
+      -XCClinker)
+	prev=xcclinker
+	continue
+	;;
+
+      # -msg_* for osf cc
+      -msg_*)
+	func_quote_for_eval "$arg"
+	arg="$func_quote_for_eval_result"
+	;;
+
+      # -64, -mips[0-9] enable 64-bit mode on the SGI compiler
+      # -r[0-9][0-9]* specifies the processor on the SGI compiler
+      # -xarch=*, -xtarget=* enable 64-bit mode on the Sun compiler
+      # +DA*, +DD* enable 64-bit mode on the HP compiler
+      # -q* pass through compiler args for the IBM compiler
+      # -m*, -t[45]*, -txscale* pass through architecture-specific
+      # compiler args for GCC
+      # -F/path gives path to uninstalled frameworks, gcc on darwin
+      # -p, -pg, --coverage, -fprofile-* pass through profiling flag for GCC
+      # @file GCC response files
+      -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
+      -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*)
+        func_quote_for_eval "$arg"
+	arg="$func_quote_for_eval_result"
+        func_append compile_command " $arg"
+        func_append finalize_command " $arg"
+        compiler_flags="$compiler_flags $arg"
+        continue
+        ;;
+
+      # Some other compiler flag.
+      -* | +*)
+        func_quote_for_eval "$arg"
+	arg="$func_quote_for_eval_result"
+	;;
+
+      *.$objext)
+	# A standard object.
+	objs="$objs $arg"
+	;;
+
+      *.lo)
+	# A libtool-controlled object.
+
+	# Check to see that this really is a libtool object.
+	if func_lalib_unsafe_p "$arg"; then
+	  pic_object=
+	  non_pic_object=
+
+	  # Read the .lo file
+	  func_source "$arg"
+
+	  if test -z "$pic_object" ||
+	     test -z "$non_pic_object" ||
+	     test "$pic_object" = none &&
+	     test "$non_pic_object" = none; then
+	    func_fatal_error "cannot find name of object for \`$arg'"
+	  fi
+
+	  # Extract subdirectory from the argument.
+	  func_dirname "$arg" "/" ""
+	  xdir="$func_dirname_result"
+
+	  if test "$pic_object" != none; then
+	    # Prepend the subdirectory the object is found in.
+	    pic_object="$xdir$pic_object"
+
+	    if test "$prev" = dlfiles; then
+	      if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+		dlfiles="$dlfiles $pic_object"
+		prev=
+		continue
+	      else
+		# If libtool objects are unsupported, then we need to preload.
+		prev=dlprefiles
+	      fi
+	    fi
+
+	    # CHECK ME:  I think I busted this.  -Ossama
+	    if test "$prev" = dlprefiles; then
+	      # Preload the old-style object.
+	      dlprefiles="$dlprefiles $pic_object"
+	      prev=
+	    fi
+
+	    # A PIC object.
+	    func_append libobjs " $pic_object"
+	    arg="$pic_object"
+	  fi
+
+	  # Non-PIC object.
+	  if test "$non_pic_object" != none; then
+	    # Prepend the subdirectory the object is found in.
+	    non_pic_object="$xdir$non_pic_object"
+
+	    # A standard non-PIC object
+	    func_append non_pic_objects " $non_pic_object"
+	    if test -z "$pic_object" || test "$pic_object" = none ; then
+	      arg="$non_pic_object"
+	    fi
+	  else
+	    # If the PIC object exists, use it instead.
+	    # $xdir was prepended to $pic_object above.
+	    non_pic_object="$pic_object"
+	    func_append non_pic_objects " $non_pic_object"
+	  fi
+	else
+	  # Only an error if not doing a dry-run.
+	  if $opt_dry_run; then
+	    # Extract subdirectory from the argument.
+	    func_dirname "$arg" "/" ""
+	    xdir="$func_dirname_result"
+
+	    func_lo2o "$arg"
+	    pic_object=$xdir$objdir/$func_lo2o_result
+	    non_pic_object=$xdir$func_lo2o_result
+	    func_append libobjs " $pic_object"
+	    func_append non_pic_objects " $non_pic_object"
+	  else
+	    func_fatal_error "\`$arg' is not a valid libtool object"
+	  fi
+	fi
+	;;
+
+      *.$libext)
+	# An archive.
+	deplibs="$deplibs $arg"
+	old_deplibs="$old_deplibs $arg"
+	continue
+	;;
+
+      *.la)
+	# A libtool-controlled library.
+
+	if test "$prev" = dlfiles; then
+	  # This library was specified with -dlopen.
+	  dlfiles="$dlfiles $arg"
+	  prev=
+	elif test "$prev" = dlprefiles; then
+	  # The library was specified with -dlpreopen.
+	  dlprefiles="$dlprefiles $arg"
+	  prev=
+	else
+	  deplibs="$deplibs $arg"
+	fi
+	continue
+	;;
+
+      # Some other compiler argument.
+      *)
+	# Unknown arguments in both finalize_command and compile_command need
+	# to be aesthetically quoted because they are evaled later.
+	func_quote_for_eval "$arg"
+	arg="$func_quote_for_eval_result"
+	;;
+      esac # arg
+
+      # Now actually substitute the argument into the commands.
+      if test -n "$arg"; then
+	func_append compile_command " $arg"
+	func_append finalize_command " $arg"
+      fi
+    done # argument parsing loop
+
+    test -n "$prev" && \
+      func_fatal_help "the \`$prevarg' option requires an argument"
+
+    if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then
+      eval arg=\"$export_dynamic_flag_spec\"
+      func_append compile_command " $arg"
+      func_append finalize_command " $arg"
+    fi
+
+    oldlibs=
+    # calculate the name of the file, without its directory
+    func_basename "$output"
+    outputname="$func_basename_result"
+    libobjs_save="$libobjs"
+
+    if test -n "$shlibpath_var"; then
+      # get the directories listed in $shlibpath_var
+      eval shlib_search_path=\`\$ECHO \"X\${$shlibpath_var}\" \| \$Xsed -e \'s/:/ /g\'\`
+    else
+      shlib_search_path=
+    fi
+    eval sys_lib_search_path=\"$sys_lib_search_path_spec\"
+    eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\"
+
+    func_dirname "$output" "/" ""
+    output_objdir="$func_dirname_result$objdir"
+    # Create the object directory.
+    func_mkdir_p "$output_objdir"
+
+    # Determine the type of output
+    case $output in
+    "")
+      func_fatal_help "you must specify an output file"
+      ;;
+    *.$libext) linkmode=oldlib ;;
+    *.lo | *.$objext) linkmode=obj ;;
+    *.la) linkmode=lib ;;
+    *) linkmode=prog ;; # Anything else should be a program.
+    esac
+
+    specialdeplibs=
+
+    libs=
+    # Find all interdependent deplibs by searching for libraries
+    # that are linked more than once (e.g. -la -lb -la)
+    for deplib in $deplibs; do
+      if $opt_duplicate_deps ; then
+	case "$libs " in
+	*" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+	esac
+      fi
+      libs="$libs $deplib"
+    done
+
+    if test "$linkmode" = lib; then
+      libs="$predeps $libs $compiler_lib_search_path $postdeps"
+
+      # Compute libraries that are listed more than once in $predeps
+      # $postdeps and mark them as special (i.e., whose duplicates are
+      # not to be eliminated).
+      pre_post_deps=
+      if $opt_duplicate_compiler_generated_deps; then
+	for pre_post_dep in $predeps $postdeps; do
+	  case "$pre_post_deps " in
+	  *" $pre_post_dep "*) specialdeplibs="$specialdeplibs $pre_post_deps" ;;
+	  esac
+	  pre_post_deps="$pre_post_deps $pre_post_dep"
+	done
+      fi
+      pre_post_deps=
+    fi
+
+    deplibs=
+    newdependency_libs=
+    newlib_search_path=
+    need_relink=no # whether we're linking any uninstalled libtool libraries
+    notinst_deplibs= # not-installed libtool libraries
+    notinst_path= # paths that contain not-installed libtool libraries
+
+    case $linkmode in
+    lib)
+	passes="conv dlpreopen link"
+	for file in $dlfiles $dlprefiles; do
+	  case $file in
+	  *.la) ;;
+	  *)
+	    func_fatal_help "libraries can \`-dlopen' only libtool libraries: $file"
+	    ;;
+	  esac
+	done
+	;;
+    prog)
+	compile_deplibs=
+	finalize_deplibs=
+	alldeplibs=no
+	newdlfiles=
+	newdlprefiles=
+	passes="conv scan dlopen dlpreopen link"
+	;;
+    *)  passes="conv"
+	;;
+    esac
+
+    for pass in $passes; do
+      # The preopen pass in lib mode reverses $deplibs; put it back here
+      # so that -L comes before libs that need it for instance...
+      if test "$linkmode,$pass" = "lib,link"; then
+	## FIXME: Find the place where the list is rebuilt in the wrong
+	##        order, and fix it there properly
+        tmp_deplibs=
+	for deplib in $deplibs; do
+	  tmp_deplibs="$deplib $tmp_deplibs"
+	done
+	deplibs="$tmp_deplibs"
+      fi
+
+      if test "$linkmode,$pass" = "lib,link" ||
+	 test "$linkmode,$pass" = "prog,scan"; then
+	libs="$deplibs"
+	deplibs=
+      fi
+      if test "$linkmode" = prog; then
+	case $pass in
+	dlopen) libs="$dlfiles" ;;
+	dlpreopen) libs="$dlprefiles" ;;
+	link) libs="$deplibs %DEPLIBS% $dependency_libs" ;;
+	esac
+      fi
+      if test "$linkmode,$pass" = "lib,dlpreopen"; then
+	# Collect and forward deplibs of preopened libtool libs
+	for lib in $dlprefiles; do
+	  # Ignore non-libtool-libs
+	  dependency_libs=
+	  case $lib in
+	  *.la)	func_source "$lib" ;;
+	  esac
+
+	  # Collect preopened libtool deplibs, except any this library
+	  # has declared as weak libs
+	  for deplib in $dependency_libs; do
+            deplib_base=`$ECHO "X$deplib" | $Xsed -e "$basename"`
+	    case " $weak_libs " in
+	    *" $deplib_base "*) ;;
+	    *) deplibs="$deplibs $deplib" ;;
+	    esac
+	  done
+	done
+	libs="$dlprefiles"
+      fi
+      if test "$pass" = dlopen; then
+	# Collect dlpreopened libraries
+	save_deplibs="$deplibs"
+	deplibs=
+      fi
+
+      for deplib in $libs; do
+	lib=
+	found=no
+	case $deplib in
+	-mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
+	  if test "$linkmode,$pass" = "prog,link"; then
+	    compile_deplibs="$deplib $compile_deplibs"
+	    finalize_deplibs="$deplib $finalize_deplibs"
+	  else
+	    compiler_flags="$compiler_flags $deplib"
+	    if test "$linkmode" = lib ; then
+		case "$new_inherited_linker_flags " in
+		    *" $deplib "*) ;;
+		    * ) new_inherited_linker_flags="$new_inherited_linker_flags $deplib" ;;
+		esac
+	    fi
+	  fi
+	  continue
+	  ;;
+	-l*)
+	  if test "$linkmode" != lib && test "$linkmode" != prog; then
+	    func_warning "\`-l' is ignored for archives/objects"
+	    continue
+	  fi
+	  func_stripname '-l' '' "$deplib"
+	  name=$func_stripname_result
+	  if test "$linkmode" = lib; then
+	    searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path"
+	  else
+	    searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path"
+	  fi
+	  for searchdir in $searchdirs; do
+	    for search_ext in .la $std_shrext .so .a; do
+	      # Search the libtool library
+	      lib="$searchdir/lib${name}${search_ext}"
+	      if test -f "$lib"; then
+		if test "$search_ext" = ".la"; then
+		  found=yes
+		else
+		  found=no
+		fi
+		break 2
+	      fi
+	    done
+	  done
+	  if test "$found" != yes; then
+	    # deplib doesn't seem to be a libtool library
+	    if test "$linkmode,$pass" = "prog,link"; then
+	      compile_deplibs="$deplib $compile_deplibs"
+	      finalize_deplibs="$deplib $finalize_deplibs"
+	    else
+	      deplibs="$deplib $deplibs"
+	      test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
+	    fi
+	    continue
+	  else # deplib is a libtool library
+	    # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib,
+	    # We need to do some special things here, and not later.
+	    if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+	      case " $predeps $postdeps " in
+	      *" $deplib "*)
+		if func_lalib_p "$lib"; then
+		  library_names=
+		  old_library=
+		  func_source "$lib"
+		  for l in $old_library $library_names; do
+		    ll="$l"
+		  done
+		  if test "X$ll" = "X$old_library" ; then # only static version available
+		    found=no
+		    func_dirname "$lib" "" "."
+		    ladir="$func_dirname_result"
+		    lib=$ladir/$old_library
+		    if test "$linkmode,$pass" = "prog,link"; then
+		      compile_deplibs="$deplib $compile_deplibs"
+		      finalize_deplibs="$deplib $finalize_deplibs"
+		    else
+		      deplibs="$deplib $deplibs"
+		      test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
+		    fi
+		    continue
+		  fi
+		fi
+		;;
+	      *) ;;
+	      esac
+	    fi
+	  fi
+	  ;; # -l
+	*.ltframework)
+	  if test "$linkmode,$pass" = "prog,link"; then
+	    compile_deplibs="$deplib $compile_deplibs"
+	    finalize_deplibs="$deplib $finalize_deplibs"
+	  else
+	    deplibs="$deplib $deplibs"
+	    if test "$linkmode" = lib ; then
+		case "$new_inherited_linker_flags " in
+		    *" $deplib "*) ;;
+		    * ) new_inherited_linker_flags="$new_inherited_linker_flags $deplib" ;;
+		esac
+	    fi
+	  fi
+	  continue
+	  ;;
+	-L*)
+	  case $linkmode in
+	  lib)
+	    deplibs="$deplib $deplibs"
+	    test "$pass" = conv && continue
+	    newdependency_libs="$deplib $newdependency_libs"
+	    func_stripname '-L' '' "$deplib"
+	    newlib_search_path="$newlib_search_path $func_stripname_result"
+	    ;;
+	  prog)
+	    if test "$pass" = conv; then
+	      deplibs="$deplib $deplibs"
+	      continue
+	    fi
+	    if test "$pass" = scan; then
+	      deplibs="$deplib $deplibs"
+	    else
+	      compile_deplibs="$deplib $compile_deplibs"
+	      finalize_deplibs="$deplib $finalize_deplibs"
+	    fi
+	    func_stripname '-L' '' "$deplib"
+	    newlib_search_path="$newlib_search_path $func_stripname_result"
+	    ;;
+	  *)
+	    func_warning "\`-L' is ignored for archives/objects"
+	    ;;
+	  esac # linkmode
+	  continue
+	  ;; # -L
+	-R*)
+	  if test "$pass" = link; then
+	    func_stripname '-R' '' "$deplib"
+	    dir=$func_stripname_result
+	    # Make sure the xrpath contains only unique directories.
+	    case "$xrpath " in
+	    *" $dir "*) ;;
+	    *) xrpath="$xrpath $dir" ;;
+	    esac
+	  fi
+	  deplibs="$deplib $deplibs"
+	  continue
+	  ;;
+	*.la) lib="$deplib" ;;
+	*.$libext)
+	  if test "$pass" = conv; then
+	    deplibs="$deplib $deplibs"
+	    continue
+	  fi
+	  case $linkmode in
+	  lib)
+	    # Linking convenience modules into shared libraries is allowed,
+	    # but linking other static libraries is non-portable.
+	    case " $dlpreconveniencelibs " in
+	    *" $deplib "*) ;;
+	    *)
+	      valid_a_lib=no
+	      case $deplibs_check_method in
+		match_pattern*)
+		  set dummy $deplibs_check_method; shift
+		  match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
+		  if eval "\$ECHO \"X$deplib\"" 2>/dev/null | $Xsed -e 10q \
+		    | $EGREP "$match_pattern_regex" > /dev/null; then
+		    valid_a_lib=yes
+		  fi
+		;;
+		pass_all)
+		  valid_a_lib=yes
+		;;
+	      esac
+	      if test "$valid_a_lib" != yes; then
+		$ECHO
+		$ECHO "*** Warning: Trying to link with static lib archive $deplib."
+		$ECHO "*** I have the capability to make that library automatically link in when"
+		$ECHO "*** you link to this library.  But I can only do this if you have a"
+		$ECHO "*** shared version of the library, which you do not appear to have"
+		$ECHO "*** because the file extensions .$libext of this argument makes me believe"
+		$ECHO "*** that it is just a static archive that I should not use here."
+	      else
+		$ECHO
+		$ECHO "*** Warning: Linking the shared library $output against the"
+		$ECHO "*** static library $deplib is not portable!"
+		deplibs="$deplib $deplibs"
+	      fi
+	      ;;
+	    esac
+	    continue
+	    ;;
+	  prog)
+	    if test "$pass" != link; then
+	      deplibs="$deplib $deplibs"
+	    else
+	      compile_deplibs="$deplib $compile_deplibs"
+	      finalize_deplibs="$deplib $finalize_deplibs"
+	    fi
+	    continue
+	    ;;
+	  esac # linkmode
+	  ;; # *.$libext
+	*.lo | *.$objext)
+	  if test "$pass" = conv; then
+	    deplibs="$deplib $deplibs"
+	  elif test "$linkmode" = prog; then
+	    if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then
+	      # If there is no dlopen support or we're linking statically,
+	      # we need to preload.
+	      newdlprefiles="$newdlprefiles $deplib"
+	      compile_deplibs="$deplib $compile_deplibs"
+	      finalize_deplibs="$deplib $finalize_deplibs"
+	    else
+	      newdlfiles="$newdlfiles $deplib"
+	    fi
+	  fi
+	  continue
+	  ;;
+	%DEPLIBS%)
+	  alldeplibs=yes
+	  continue
+	  ;;
+	esac # case $deplib
+
+	if test "$found" = yes || test -f "$lib"; then :
+	else
+	  func_fatal_error "cannot find the library \`$lib' or unhandled argument \`$deplib'"
+	fi
+
+	# Check to see that this really is a libtool archive.
+	func_lalib_unsafe_p "$lib" \
+	  || func_fatal_error "\`$lib' is not a valid libtool archive"
+
+	func_dirname "$lib" "" "."
+	ladir="$func_dirname_result"
+
+	dlname=
+	dlopen=
+	dlpreopen=
+	libdir=
+	library_names=
+	old_library=
+	inherited_linker_flags=
+	# If the library was installed with an old release of libtool,
+	# it will not redefine variables installed, or shouldnotlink
+	installed=yes
+	shouldnotlink=no
+	avoidtemprpath=
+
+
+	# Read the .la file
+	func_source "$lib"
+
+	# Convert "-framework foo" to "foo.ltframework"
+	if test -n "$inherited_linker_flags"; then
+	  tmp_inherited_linker_flags=`$ECHO "X$inherited_linker_flags" | $Xsed -e 's/-framework \([^ $]*\)/\1.ltframework/g'`
+	  for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do
+	    case " $new_inherited_linker_flags " in
+	      *" $tmp_inherited_linker_flag "*) ;;
+	      *) new_inherited_linker_flags="$new_inherited_linker_flags $tmp_inherited_linker_flag";;
+	    esac
+	  done
+	fi
+	dependency_libs=`$ECHO "X $dependency_libs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+	if test "$linkmode,$pass" = "lib,link" ||
+	   test "$linkmode,$pass" = "prog,scan" ||
+	   { test "$linkmode" != prog && test "$linkmode" != lib; }; then
+	  test -n "$dlopen" && dlfiles="$dlfiles $dlopen"
+	  test -n "$dlpreopen" && dlprefiles="$dlprefiles $dlpreopen"
+	fi
+
+	if test "$pass" = conv; then
+	  # Only check for convenience libraries
+	  deplibs="$lib $deplibs"
+	  if test -z "$libdir"; then
+	    if test -z "$old_library"; then
+	      func_fatal_error "cannot find name of link library for \`$lib'"
+	    fi
+	    # It is a libtool convenience library, so add in its objects.
+	    convenience="$convenience $ladir/$objdir/$old_library"
+	    old_convenience="$old_convenience $ladir/$objdir/$old_library"
+	  elif test "$linkmode" != prog && test "$linkmode" != lib; then
+	    func_fatal_error "\`$lib' is not a convenience library"
+	  fi
+	  tmp_libs=
+	  for deplib in $dependency_libs; do
+	    deplibs="$deplib $deplibs"
+	    if $opt_duplicate_deps ; then
+	      case "$tmp_libs " in
+	      *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+	      esac
+	    fi
+	    tmp_libs="$tmp_libs $deplib"
+	  done
+	  continue
+	fi # $pass = conv
+
+
+	# Get the name of the library we link against.
+	linklib=
+	for l in $old_library $library_names; do
+	  linklib="$l"
+	done
+	if test -z "$linklib"; then
+	  func_fatal_error "cannot find name of link library for \`$lib'"
+	fi
+
+	# This library was specified with -dlopen.
+	if test "$pass" = dlopen; then
+	  if test -z "$libdir"; then
+	    func_fatal_error "cannot -dlopen a convenience library: \`$lib'"
+	  fi
+	  if test -z "$dlname" ||
+	     test "$dlopen_support" != yes ||
+	     test "$build_libtool_libs" = no; then
+	    # If there is no dlname, no dlopen support or we're linking
+	    # statically, we need to preload.  We also need to preload any
+	    # dependent libraries so libltdl's deplib preloader doesn't
+	    # bomb out in the load deplibs phase.
+	    dlprefiles="$dlprefiles $lib $dependency_libs"
+	  else
+	    newdlfiles="$newdlfiles $lib"
+	  fi
+	  continue
+	fi # $pass = dlopen
+
+	# We need an absolute path.
+	case $ladir in
+	[\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;;
+	*)
+	  abs_ladir=`cd "$ladir" && pwd`
+	  if test -z "$abs_ladir"; then
+	    func_warning "cannot determine absolute directory name of \`$ladir'"
+	    func_warning "passing it literally to the linker, although it might fail"
+	    abs_ladir="$ladir"
+	  fi
+	  ;;
+	esac
+	func_basename "$lib"
+	laname="$func_basename_result"
+
+	# Find the relevant object directory and library name.
+	if test "X$installed" = Xyes; then
+	  if test ! -f "$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+	    func_warning "library \`$lib' was moved."
+	    dir="$ladir"
+	    absdir="$abs_ladir"
+	    libdir="$abs_ladir"
+	  else
+	    dir="$libdir"
+	    absdir="$libdir"
+	  fi
+	  test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes
+	else
+	  if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+	    dir="$ladir"
+	    absdir="$abs_ladir"
+	    # Remove this search path later
+	    notinst_path="$notinst_path $abs_ladir"
+	  else
+	    dir="$ladir/$objdir"
+	    absdir="$abs_ladir/$objdir"
+	    # Remove this search path later
+	    notinst_path="$notinst_path $abs_ladir"
+	  fi
+	fi # $installed = yes
+	func_stripname 'lib' '.la' "$laname"
+	name=$func_stripname_result
+
+	# This library was specified with -dlpreopen.
+	if test "$pass" = dlpreopen; then
+	  if test -z "$libdir" && test "$linkmode" = prog; then
+	    func_fatal_error "only libraries may -dlpreopen a convenience library: \`$lib'"
+	  fi
+	  # Prefer using a static library (so that no silly _DYNAMIC symbols
+	  # are required to link).
+	  if test -n "$old_library"; then
+	    newdlprefiles="$newdlprefiles $dir/$old_library"
+	    # Keep a list of preopened convenience libraries to check
+	    # that they are being used correctly in the link pass.
+	    test -z "$libdir" && \
+		dlpreconveniencelibs="$dlpreconveniencelibs $dir/$old_library"
+	  # Otherwise, use the dlname, so that lt_dlopen finds it.
+	  elif test -n "$dlname"; then
+	    newdlprefiles="$newdlprefiles $dir/$dlname"
+	  else
+	    newdlprefiles="$newdlprefiles $dir/$linklib"
+	  fi
+	fi # $pass = dlpreopen
+
+	if test -z "$libdir"; then
+	  # Link the convenience library
+	  if test "$linkmode" = lib; then
+	    deplibs="$dir/$old_library $deplibs"
+	  elif test "$linkmode,$pass" = "prog,link"; then
+	    compile_deplibs="$dir/$old_library $compile_deplibs"
+	    finalize_deplibs="$dir/$old_library $finalize_deplibs"
+	  else
+	    deplibs="$lib $deplibs" # used for prog,scan pass
+	  fi
+	  continue
+	fi
+
+
+	if test "$linkmode" = prog && test "$pass" != link; then
+	  newlib_search_path="$newlib_search_path $ladir"
+	  deplibs="$lib $deplibs"
+
+	  linkalldeplibs=no
+	  if test "$link_all_deplibs" != no || test -z "$library_names" ||
+	     test "$build_libtool_libs" = no; then
+	    linkalldeplibs=yes
+	  fi
+
+	  tmp_libs=
+	  for deplib in $dependency_libs; do
+	    case $deplib in
+	    -L*) func_stripname '-L' '' "$deplib"
+	         newlib_search_path="$newlib_search_path $func_stripname_result"
+		 ;;
+	    esac
+	    # Need to link against all dependency_libs?
+	    if test "$linkalldeplibs" = yes; then
+	      deplibs="$deplib $deplibs"
+	    else
+	      # Need to hardcode shared library paths
+	      # or/and link against static libraries
+	      newdependency_libs="$deplib $newdependency_libs"
+	    fi
+	    if $opt_duplicate_deps ; then
+	      case "$tmp_libs " in
+	      *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+	      esac
+	    fi
+	    tmp_libs="$tmp_libs $deplib"
+	  done # for deplib
+	  continue
+	fi # $linkmode = prog...
+
+	if test "$linkmode,$pass" = "prog,link"; then
+	  if test -n "$library_names" &&
+	     { { test "$prefer_static_libs" = no ||
+	         test "$prefer_static_libs,$installed" = "built,yes"; } ||
+	       test -z "$old_library"; }; then
+	    # We need to hardcode the library path
+	    if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then
+	      # Make sure the rpath contains only unique directories.
+	      case "$temp_rpath:" in
+	      *"$absdir:"*) ;;
+	      *) temp_rpath="$temp_rpath$absdir:" ;;
+	      esac
+	    fi
+
+	    # Hardcode the library path.
+	    # Skip directories that are in the system default run-time
+	    # search path.
+	    case " $sys_lib_dlsearch_path " in
+	    *" $absdir "*) ;;
+	    *)
+	      case "$compile_rpath " in
+	      *" $absdir "*) ;;
+	      *) compile_rpath="$compile_rpath $absdir"
+	      esac
+	      ;;
+	    esac
+	    case " $sys_lib_dlsearch_path " in
+	    *" $libdir "*) ;;
+	    *)
+	      case "$finalize_rpath " in
+	      *" $libdir "*) ;;
+	      *) finalize_rpath="$finalize_rpath $libdir"
+	      esac
+	      ;;
+	    esac
+	  fi # $linkmode,$pass = prog,link...
+
+	  if test "$alldeplibs" = yes &&
+	     { test "$deplibs_check_method" = pass_all ||
+	       { test "$build_libtool_libs" = yes &&
+		 test -n "$library_names"; }; }; then
+	    # We only need to search for static libraries
+	    continue
+	  fi
+	fi
+
+	link_static=no # Whether the deplib will be linked statically
+	use_static_libs=$prefer_static_libs
+	if test "$use_static_libs" = built && test "$installed" = yes; then
+	  use_static_libs=no
+	fi
+	if test -n "$library_names" &&
+	   { test "$use_static_libs" = no || test -z "$old_library"; }; then
+	  case $host in
+	  *cygwin* | *mingw* | *cegcc*)
+	      # No point in relinking DLLs because paths are not encoded
+	      notinst_deplibs="$notinst_deplibs $lib"
+	      need_relink=no
+	    ;;
+	  *)
+	    if test "$installed" = no; then
+	      notinst_deplibs="$notinst_deplibs $lib"
+	      need_relink=yes
+	    fi
+	    ;;
+	  esac
+	  # This is a shared library
+
+	  # Warn about portability, can't link against -module's on some
+	  # systems (darwin).  Don't bleat about dlopened modules though!
+	  dlopenmodule=""
+	  for dlpremoduletest in $dlprefiles; do
+	    if test "X$dlpremoduletest" = "X$lib"; then
+	      dlopenmodule="$dlpremoduletest"
+	      break
+	    fi
+	  done
+	  if test -z "$dlopenmodule" && test "$shouldnotlink" = yes && test "$pass" = link; then
+	    $ECHO
+	    if test "$linkmode" = prog; then
+	      $ECHO "*** Warning: Linking the executable $output against the loadable module"
+	    else
+	      $ECHO "*** Warning: Linking the shared library $output against the loadable module"
+	    fi
+	    $ECHO "*** $linklib is not portable!"
+	  fi
+	  if test "$linkmode" = lib &&
+	     test "$hardcode_into_libs" = yes; then
+	    # Hardcode the library path.
+	    # Skip directories that are in the system default run-time
+	    # search path.
+	    case " $sys_lib_dlsearch_path " in
+	    *" $absdir "*) ;;
+	    *)
+	      case "$compile_rpath " in
+	      *" $absdir "*) ;;
+	      *) compile_rpath="$compile_rpath $absdir"
+	      esac
+	      ;;
+	    esac
+	    case " $sys_lib_dlsearch_path " in
+	    *" $libdir "*) ;;
+	    *)
+	      case "$finalize_rpath " in
+	      *" $libdir "*) ;;
+	      *) finalize_rpath="$finalize_rpath $libdir"
+	      esac
+	      ;;
+	    esac
+	  fi
+
+	  if test -n "$old_archive_from_expsyms_cmds"; then
+	    # figure out the soname
+	    set dummy $library_names
+	    shift
+	    realname="$1"
+	    shift
+	    libname=`eval "\\$ECHO \"$libname_spec\""`
+	    # use dlname if we got it. it's perfectly good, no?
+	    if test -n "$dlname"; then
+	      soname="$dlname"
+	    elif test -n "$soname_spec"; then
+	      # bleh windows
+	      case $host in
+	      *cygwin* | mingw* | *cegcc*)
+	        func_arith $current - $age
+		major=$func_arith_result
+		versuffix="-$major"
+		;;
+	      esac
+	      eval soname=\"$soname_spec\"
+	    else
+	      soname="$realname"
+	    fi
+
+	    # Make a new name for the extract_expsyms_cmds to use
+	    soroot="$soname"
+	    func_basename "$soroot"
+	    soname="$func_basename_result"
+	    func_stripname 'lib' '.dll' "$soname"
+	    newlib=libimp-$func_stripname_result.a
+
+	    # If the library has no export list, then create one now
+	    if test -f "$output_objdir/$soname-def"; then :
+	    else
+	      func_verbose "extracting exported symbol list from \`$soname'"
+	      func_execute_cmds "$extract_expsyms_cmds" 'exit $?'
+	    fi
+
+	    # Create $newlib
+	    if test -f "$output_objdir/$newlib"; then :; else
+	      func_verbose "generating import library for \`$soname'"
+	      func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?'
+	    fi
+	    # make sure the library variables are pointing to the new library
+	    dir=$output_objdir
+	    linklib=$newlib
+	  fi # test -n "$old_archive_from_expsyms_cmds"
+
+	  if test "$linkmode" = prog || test "$mode" != relink; then
+	    add_shlibpath=
+	    add_dir=
+	    add=
+	    lib_linked=yes
+	    case $hardcode_action in
+	    immediate | unsupported)
+	      if test "$hardcode_direct" = no; then
+		add="$dir/$linklib"
+		case $host in
+		  *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;;
+		  *-*-sysv4*uw2*) add_dir="-L$dir" ;;
+		  *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \
+		    *-*-unixware7*) add_dir="-L$dir" ;;
+		  *-*-darwin* )
+		    # if the lib is a (non-dlopened) module then we can not
+		    # link against it, someone is ignoring the earlier warnings
+		    if /usr/bin/file -L $add 2> /dev/null |
+			 $GREP ": [^:]* bundle" >/dev/null ; then
+		      if test "X$dlopenmodule" != "X$lib"; then
+			$ECHO "*** Warning: lib $linklib is a module, not a shared library"
+			if test -z "$old_library" ; then
+			  $ECHO
+			  $ECHO "*** And there doesn't seem to be a static archive available"
+			  $ECHO "*** The link will probably fail, sorry"
+			else
+			  add="$dir/$old_library"
+			fi
+		      elif test -n "$old_library"; then
+			add="$dir/$old_library"
+		      fi
+		    fi
+		esac
+	      elif test "$hardcode_minus_L" = no; then
+		case $host in
+		*-*-sunos*) add_shlibpath="$dir" ;;
+		esac
+		add_dir="-L$dir"
+		add="-l$name"
+	      elif test "$hardcode_shlibpath_var" = no; then
+		add_shlibpath="$dir"
+		add="-l$name"
+	      else
+		lib_linked=no
+	      fi
+	      ;;
+	    relink)
+	      if test "$hardcode_direct" = yes &&
+	         test "$hardcode_direct_absolute" = no; then
+		add="$dir/$linklib"
+	      elif test "$hardcode_minus_L" = yes; then
+		add_dir="-L$dir"
+		# Try looking first in the location we're being installed to.
+		if test -n "$inst_prefix_dir"; then
+		  case $libdir in
+		    [\\/]*)
+		      add_dir="$add_dir -L$inst_prefix_dir$libdir"
+		      ;;
+		  esac
+		fi
+		add="-l$name"
+	      elif test "$hardcode_shlibpath_var" = yes; then
+		add_shlibpath="$dir"
+		add="-l$name"
+	      else
+		lib_linked=no
+	      fi
+	      ;;
+	    *) lib_linked=no ;;
+	    esac
+
+	    if test "$lib_linked" != yes; then
+	      func_fatal_configuration "unsupported hardcode properties"
+	    fi
+
+	    if test -n "$add_shlibpath"; then
+	      case :$compile_shlibpath: in
+	      *":$add_shlibpath:"*) ;;
+	      *) compile_shlibpath="$compile_shlibpath$add_shlibpath:" ;;
+	      esac
+	    fi
+	    if test "$linkmode" = prog; then
+	      test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs"
+	      test -n "$add" && compile_deplibs="$add $compile_deplibs"
+	    else
+	      test -n "$add_dir" && deplibs="$add_dir $deplibs"
+	      test -n "$add" && deplibs="$add $deplibs"
+	      if test "$hardcode_direct" != yes &&
+		 test "$hardcode_minus_L" != yes &&
+		 test "$hardcode_shlibpath_var" = yes; then
+		case :$finalize_shlibpath: in
+		*":$libdir:"*) ;;
+		*) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
+		esac
+	      fi
+	    fi
+	  fi
+
+	  if test "$linkmode" = prog || test "$mode" = relink; then
+	    add_shlibpath=
+	    add_dir=
+	    add=
+	    # Finalize command for both is simple: just hardcode it.
+	    if test "$hardcode_direct" = yes &&
+	       test "$hardcode_direct_absolute" = no; then
+	      add="$libdir/$linklib"
+	    elif test "$hardcode_minus_L" = yes; then
+	      add_dir="-L$libdir"
+	      add="-l$name"
+	    elif test "$hardcode_shlibpath_var" = yes; then
+	      case :$finalize_shlibpath: in
+	      *":$libdir:"*) ;;
+	      *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
+	      esac
+	      add="-l$name"
+	    elif test "$hardcode_automatic" = yes; then
+	      if test -n "$inst_prefix_dir" &&
+		 test -f "$inst_prefix_dir$libdir/$linklib" ; then
+		add="$inst_prefix_dir$libdir/$linklib"
+	      else
+		add="$libdir/$linklib"
+	      fi
+	    else
+	      # We cannot seem to hardcode it, guess we'll fake it.
+	      add_dir="-L$libdir"
+	      # Try looking first in the location we're being installed to.
+	      if test -n "$inst_prefix_dir"; then
+		case $libdir in
+		  [\\/]*)
+		    add_dir="$add_dir -L$inst_prefix_dir$libdir"
+		    ;;
+		esac
+	      fi
+	      add="-l$name"
+	    fi
+
+	    if test "$linkmode" = prog; then
+	      test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs"
+	      test -n "$add" && finalize_deplibs="$add $finalize_deplibs"
+	    else
+	      test -n "$add_dir" && deplibs="$add_dir $deplibs"
+	      test -n "$add" && deplibs="$add $deplibs"
+	    fi
+	  fi
+	elif test "$linkmode" = prog; then
+	  # Here we assume that one of hardcode_direct or hardcode_minus_L
+	  # is not unsupported.  This is valid on all known static and
+	  # shared platforms.
+	  if test "$hardcode_direct" != unsupported; then
+	    test -n "$old_library" && linklib="$old_library"
+	    compile_deplibs="$dir/$linklib $compile_deplibs"
+	    finalize_deplibs="$dir/$linklib $finalize_deplibs"
+	  else
+	    compile_deplibs="-l$name -L$dir $compile_deplibs"
+	    finalize_deplibs="-l$name -L$dir $finalize_deplibs"
+	  fi
+	elif test "$build_libtool_libs" = yes; then
+	  # Not a shared library
+	  if test "$deplibs_check_method" != pass_all; then
+	    # We're trying link a shared library against a static one
+	    # but the system doesn't support it.
+
+	    # Just print a warning and add the library to dependency_libs so
+	    # that the program can be linked against the static library.
+	    $ECHO
+	    $ECHO "*** Warning: This system can not link to static lib archive $lib."
+	    $ECHO "*** I have the capability to make that library automatically link in when"
+	    $ECHO "*** you link to this library.  But I can only do this if you have a"
+	    $ECHO "*** shared version of the library, which you do not appear to have."
+	    if test "$module" = yes; then
+	      $ECHO "*** But as you try to build a module library, libtool will still create "
+	      $ECHO "*** a static module, that should work as long as the dlopening application"
+	      $ECHO "*** is linked with the -dlopen flag to resolve symbols at runtime."
+	      if test -z "$global_symbol_pipe"; then
+		$ECHO
+		$ECHO "*** However, this would only work if libtool was able to extract symbol"
+		$ECHO "*** lists from a program, using \`nm' or equivalent, but libtool could"
+		$ECHO "*** not find such a program.  So, this module is probably useless."
+		$ECHO "*** \`nm' from GNU binutils and a full rebuild may help."
+	      fi
+	      if test "$build_old_libs" = no; then
+		build_libtool_libs=module
+		build_old_libs=yes
+	      else
+		build_libtool_libs=no
+	      fi
+	    fi
+	  else
+	    deplibs="$dir/$old_library $deplibs"
+	    link_static=yes
+	  fi
+	fi # link shared/static library?
+
+	if test "$linkmode" = lib; then
+	  if test -n "$dependency_libs" &&
+	     { test "$hardcode_into_libs" != yes ||
+	       test "$build_old_libs" = yes ||
+	       test "$link_static" = yes; }; then
+	    # Extract -R from dependency_libs
+	    temp_deplibs=
+	    for libdir in $dependency_libs; do
+	      case $libdir in
+	      -R*) func_stripname '-R' '' "$libdir"
+	           temp_xrpath=$func_stripname_result
+		   case " $xrpath " in
+		   *" $temp_xrpath "*) ;;
+		   *) xrpath="$xrpath $temp_xrpath";;
+		   esac;;
+	      *) temp_deplibs="$temp_deplibs $libdir";;
+	      esac
+	    done
+	    dependency_libs="$temp_deplibs"
+	  fi
+
+	  newlib_search_path="$newlib_search_path $absdir"
+	  # Link against this library
+	  test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs"
+	  # ... and its dependency_libs
+	  tmp_libs=
+	  for deplib in $dependency_libs; do
+	    newdependency_libs="$deplib $newdependency_libs"
+	    if $opt_duplicate_deps ; then
+	      case "$tmp_libs " in
+	      *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+	      esac
+	    fi
+	    tmp_libs="$tmp_libs $deplib"
+	  done
+
+	  if test "$link_all_deplibs" != no; then
+	    # Add the search paths of all dependency libraries
+	    for deplib in $dependency_libs; do
+	      case $deplib in
+	      -L*) path="$deplib" ;;
+	      *.la)
+	        func_dirname "$deplib" "" "."
+		dir="$func_dirname_result"
+		# We need an absolute path.
+		case $dir in
+		[\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;;
+		*)
+		  absdir=`cd "$dir" && pwd`
+		  if test -z "$absdir"; then
+		    func_warning "cannot determine absolute directory name of \`$dir'"
+		    absdir="$dir"
+		  fi
+		  ;;
+		esac
+		if $GREP "^installed=no" $deplib > /dev/null; then
+		case $host in
+		*-*-darwin*)
+		  depdepl=
+		  eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib`
+		  if test -n "$deplibrary_names" ; then
+		    for tmp in $deplibrary_names ; do
+		      depdepl=$tmp
+		    done
+		    if test -f "$absdir/$objdir/$depdepl" ; then
+		      depdepl="$absdir/$objdir/$depdepl"
+		      darwin_install_name=`${OTOOL} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'`
+                      if test -z "$darwin_install_name"; then
+                          darwin_install_name=`${OTOOL64} -L $depdepl  | awk '{if (NR == 2) {print $1;exit}}'`
+                      fi
+		      compiler_flags="$compiler_flags ${wl}-dylib_file ${wl}${darwin_install_name}:${depdepl}"
+		      linker_flags="$linker_flags -dylib_file ${darwin_install_name}:${depdepl}"
+		      path=
+		    fi
+		  fi
+		  ;;
+		*)
+		  path="-L$absdir/$objdir"
+		  ;;
+		esac
+		else
+		  eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+		  test -z "$libdir" && \
+		    func_fatal_error "\`$deplib' is not a valid libtool archive"
+		  test "$absdir" != "$libdir" && \
+		    func_warning "\`$deplib' seems to be moved"
+
+		  path="-L$absdir"
+		fi
+		;;
+	      esac
+	      case " $deplibs " in
+	      *" $path "*) ;;
+	      *) deplibs="$path $deplibs" ;;
+	      esac
+	    done
+	  fi # link_all_deplibs != no
+	fi # linkmode = lib
+      done # for deplib in $libs
+      if test "$pass" = link; then
+	if test "$linkmode" = "prog"; then
+	  compile_deplibs="$new_inherited_linker_flags $compile_deplibs"
+	  finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs"
+	else
+	  compiler_flags="$compiler_flags "`$ECHO "X $new_inherited_linker_flags" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+	fi
+      fi
+      dependency_libs="$newdependency_libs"
+      if test "$pass" = dlpreopen; then
+	# Link the dlpreopened libraries before other libraries
+	for deplib in $save_deplibs; do
+	  deplibs="$deplib $deplibs"
+	done
+      fi
+      if test "$pass" != dlopen; then
+	if test "$pass" != conv; then
+	  # Make sure lib_search_path contains only unique directories.
+	  lib_search_path=
+	  for dir in $newlib_search_path; do
+	    case "$lib_search_path " in
+	    *" $dir "*) ;;
+	    *) lib_search_path="$lib_search_path $dir" ;;
+	    esac
+	  done
+	  newlib_search_path=
+	fi
+
+	if test "$linkmode,$pass" != "prog,link"; then
+	  vars="deplibs"
+	else
+	  vars="compile_deplibs finalize_deplibs"
+	fi
+	for var in $vars dependency_libs; do
+	  # Add libraries to $var in reverse order
+	  eval tmp_libs=\"\$$var\"
+	  new_libs=
+	  for deplib in $tmp_libs; do
+	    # FIXME: Pedantically, this is the right thing to do, so
+	    #        that some nasty dependency loop isn't accidentally
+	    #        broken:
+	    #new_libs="$deplib $new_libs"
+	    # Pragmatically, this seems to cause very few problems in
+	    # practice:
+	    case $deplib in
+	    -L*) new_libs="$deplib $new_libs" ;;
+	    -R*) ;;
+	    *)
+	      # And here is the reason: when a library appears more
+	      # than once as an explicit dependence of a library, or
+	      # is implicitly linked in more than once by the
+	      # compiler, it is considered special, and multiple
+	      # occurrences thereof are not removed.  Compare this
+	      # with having the same library being listed as a
+	      # dependency of multiple other libraries: in this case,
+	      # we know (pedantically, we assume) the library does not
+	      # need to be listed more than once, so we keep only the
+	      # last copy.  This is not always right, but it is rare
+	      # enough that we require users that really mean to play
+	      # such unportable linking tricks to link the library
+	      # using -Wl,-lname, so that libtool does not consider it
+	      # for duplicate removal.
+	      case " $specialdeplibs " in
+	      *" $deplib "*) new_libs="$deplib $new_libs" ;;
+	      *)
+		case " $new_libs " in
+		*" $deplib "*) ;;
+		*) new_libs="$deplib $new_libs" ;;
+		esac
+		;;
+	      esac
+	      ;;
+	    esac
+	  done
+	  tmp_libs=
+	  for deplib in $new_libs; do
+	    case $deplib in
+	    -L*)
+	      case " $tmp_libs " in
+	      *" $deplib "*) ;;
+	      *) tmp_libs="$tmp_libs $deplib" ;;
+	      esac
+	      ;;
+	    *) tmp_libs="$tmp_libs $deplib" ;;
+	    esac
+	  done
+	  eval $var=\"$tmp_libs\"
+	done # for var
+      fi
+      # Last step: remove runtime libs from dependency_libs
+      # (they stay in deplibs)
+      tmp_libs=
+      for i in $dependency_libs ; do
+	case " $predeps $postdeps $compiler_lib_search_path " in
+	*" $i "*)
+	  i=""
+	  ;;
+	esac
+	if test -n "$i" ; then
+	  tmp_libs="$tmp_libs $i"
+	fi
+      done
+      dependency_libs=$tmp_libs
+    done # for pass
+    if test "$linkmode" = prog; then
+      dlfiles="$newdlfiles"
+    fi
+    if test "$linkmode" = prog || test "$linkmode" = lib; then
+      dlprefiles="$newdlprefiles"
+    fi
+
+    case $linkmode in
+    oldlib)
+      if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+	func_warning "\`-dlopen' is ignored for archives"
+      fi
+
+      case " $deplibs" in
+      *\ -l* | *\ -L*)
+	func_warning "\`-l' and \`-L' are ignored for archives" ;;
+      esac
+
+      test -n "$rpath" && \
+	func_warning "\`-rpath' is ignored for archives"
+
+      test -n "$xrpath" && \
+	func_warning "\`-R' is ignored for archives"
+
+      test -n "$vinfo" && \
+	func_warning "\`-version-info/-version-number' is ignored for archives"
+
+      test -n "$release" && \
+	func_warning "\`-release' is ignored for archives"
+
+      test -n "$export_symbols$export_symbols_regex" && \
+	func_warning "\`-export-symbols' is ignored for archives"
+
+      # Now set the variables for building old libraries.
+      build_libtool_libs=no
+      oldlibs="$output"
+      objs="$objs$old_deplibs"
+      ;;
+
+    lib)
+      # Make sure we only generate libraries of the form `libNAME.la'.
+      case $outputname in
+      lib*)
+	func_stripname 'lib' '.la' "$outputname"
+	name=$func_stripname_result
+	eval shared_ext=\"$shrext_cmds\"
+	eval libname=\"$libname_spec\"
+	;;
+      *)
+	test "$module" = no && \
+	  func_fatal_help "libtool library \`$output' must begin with \`lib'"
+
+	if test "$need_lib_prefix" != no; then
+	  # Add the "lib" prefix for modules if required
+	  func_stripname '' '.la' "$outputname"
+	  name=$func_stripname_result
+	  eval shared_ext=\"$shrext_cmds\"
+	  eval libname=\"$libname_spec\"
+	else
+	  func_stripname '' '.la' "$outputname"
+	  libname=$func_stripname_result
+	fi
+	;;
+      esac
+
+      if test -n "$objs"; then
+	if test "$deplibs_check_method" != pass_all; then
+	  func_fatal_error "cannot build libtool library \`$output' from non-libtool objects on this host:$objs"
+	else
+	  $ECHO
+	  $ECHO "*** Warning: Linking the shared library $output against the non-libtool"
+	  $ECHO "*** objects $objs is not portable!"
+	  libobjs="$libobjs $objs"
+	fi
+      fi
+
+      test "$dlself" != no && \
+	func_warning "\`-dlopen self' is ignored for libtool libraries"
+
+      set dummy $rpath
+      shift
+      test "$#" -gt 1 && \
+	func_warning "ignoring multiple \`-rpath's for a libtool library"
+
+      install_libdir="$1"
+
+      oldlibs=
+      if test -z "$rpath"; then
+	if test "$build_libtool_libs" = yes; then
+	  # Building a libtool convenience library.
+	  # Some compilers have problems with a `.al' extension so
+	  # convenience libraries should have the same extension an
+	  # archive normally would.
+	  oldlibs="$output_objdir/$libname.$libext $oldlibs"
+	  build_libtool_libs=convenience
+	  build_old_libs=yes
+	fi
+
+	test -n "$vinfo" && \
+	  func_warning "\`-version-info/-version-number' is ignored for convenience libraries"
+
+	test -n "$release" && \
+	  func_warning "\`-release' is ignored for convenience libraries"
+      else
+
+	# Parse the version information argument.
+	save_ifs="$IFS"; IFS=':'
+	set dummy $vinfo 0 0 0
+	shift
+	IFS="$save_ifs"
+
+	test -n "$7" && \
+	  func_fatal_help "too many parameters to \`-version-info'"
+
+	# convert absolute version numbers to libtool ages
+	# this retains compatibility with .la files and attempts
+	# to make the code below a bit more comprehensible
+
+	case $vinfo_number in
+	yes)
+	  number_major="$1"
+	  number_minor="$2"
+	  number_revision="$3"
+	  #
+	  # There are really only two kinds -- those that
+	  # use the current revision as the major version
+	  # and those that subtract age and use age as
+	  # a minor version.  But, then there is irix
+	  # which has an extra 1 added just for fun
+	  #
+	  case $version_type in
+	  darwin|linux|osf|windows|none)
+	    func_arith $number_major + $number_minor
+	    current=$func_arith_result
+	    age="$number_minor"
+	    revision="$number_revision"
+	    ;;
+	  freebsd-aout|freebsd-elf|sunos)
+	    current="$number_major"
+	    revision="$number_minor"
+	    age="0"
+	    ;;
+	  irix|nonstopux)
+	    func_arith $number_major + $number_minor
+	    current=$func_arith_result
+	    age="$number_minor"
+	    revision="$number_minor"
+	    lt_irix_increment=no
+	    ;;
+	  esac
+	  ;;
+	no)
+	  current="$1"
+	  revision="$2"
+	  age="$3"
+	  ;;
+	esac
+
+	# Check that each of the things are valid numbers.
+	case $current in
+	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+	*)
+	  func_error "CURRENT \`$current' must be a nonnegative integer"
+	  func_fatal_error "\`$vinfo' is not valid version information"
+	  ;;
+	esac
+
+	case $revision in
+	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+	*)
+	  func_error "REVISION \`$revision' must be a nonnegative integer"
+	  func_fatal_error "\`$vinfo' is not valid version information"
+	  ;;
+	esac
+
+	case $age in
+	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+	*)
+	  func_error "AGE \`$age' must be a nonnegative integer"
+	  func_fatal_error "\`$vinfo' is not valid version information"
+	  ;;
+	esac
+
+	if test "$age" -gt "$current"; then
+	  func_error "AGE \`$age' is greater than the current interface number \`$current'"
+	  func_fatal_error "\`$vinfo' is not valid version information"
+	fi
+
+	# Calculate the version variables.
+	major=
+	versuffix=
+	verstring=
+	case $version_type in
+	none) ;;
+
+	darwin)
+	  # Like Linux, but with the current version available in
+	  # verstring for coding it into the library header
+	  func_arith $current - $age
+	  major=.$func_arith_result
+	  versuffix="$major.$age.$revision"
+	  # Darwin ld doesn't like 0 for these options...
+	  func_arith $current + 1
+	  minor_current=$func_arith_result
+	  xlcverstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision"
+	  verstring="-compatibility_version $minor_current -current_version $minor_current.$revision"
+	  ;;
+
+	freebsd-aout)
+	  major=".$current"
+	  versuffix=".$current.$revision";
+	  ;;
+
+	freebsd-elf)
+	  major=".$current"
+	  versuffix=".$current"
+	  ;;
+
+	irix | nonstopux)
+	  if test "X$lt_irix_increment" = "Xno"; then
+	    func_arith $current - $age
+	  else
+	    func_arith $current - $age + 1
+	  fi
+	  major=$func_arith_result
+
+	  case $version_type in
+	    nonstopux) verstring_prefix=nonstopux ;;
+	    *)         verstring_prefix=sgi ;;
+	  esac
+	  verstring="$verstring_prefix$major.$revision"
+
+	  # Add in all the interfaces that we are compatible with.
+	  loop=$revision
+	  while test "$loop" -ne 0; do
+	    func_arith $revision - $loop
+	    iface=$func_arith_result
+	    func_arith $loop - 1
+	    loop=$func_arith_result
+	    verstring="$verstring_prefix$major.$iface:$verstring"
+	  done
+
+	  # Before this point, $major must not contain `.'.
+	  major=.$major
+	  versuffix="$major.$revision"
+	  ;;
+
+	linux)
+	  func_arith $current - $age
+	  major=.$func_arith_result
+	  versuffix="$major.$age.$revision"
+	  ;;
+
+	osf)
+	  func_arith $current - $age
+	  major=.$func_arith_result
+	  versuffix=".$current.$age.$revision"
+	  verstring="$current.$age.$revision"
+
+	  # Add in all the interfaces that we are compatible with.
+	  loop=$age
+	  while test "$loop" -ne 0; do
+	    func_arith $current - $loop
+	    iface=$func_arith_result
+	    func_arith $loop - 1
+	    loop=$func_arith_result
+	    verstring="$verstring:${iface}.0"
+	  done
+
+	  # Make executables depend on our current version.
+	  verstring="$verstring:${current}.0"
+	  ;;
+
+	qnx)
+	  major=".$current"
+	  versuffix=".$current"
+	  ;;
+
+	sunos)
+	  major=".$current"
+	  versuffix=".$current.$revision"
+	  ;;
+
+	windows)
+	  # Use '-' rather than '.', since we only want one
+	  # extension on DOS 8.3 filesystems.
+	  func_arith $current - $age
+	  major=$func_arith_result
+	  versuffix="-$major"
+	  ;;
+
+	*)
+	  func_fatal_configuration "unknown library version type \`$version_type'"
+	  ;;
+	esac
+
+	# Clear the version info if we defaulted, and they specified a release.
+	if test -z "$vinfo" && test -n "$release"; then
+	  major=
+	  case $version_type in
+	  darwin)
+	    # we can't check for "0.0" in archive_cmds due to quoting
+	    # problems, so we reset it completely
+	    verstring=
+	    ;;
+	  *)
+	    verstring="0.0"
+	    ;;
+	  esac
+	  if test "$need_version" = no; then
+	    versuffix=
+	  else
+	    versuffix=".0.0"
+	  fi
+	fi
+
+	# Remove version info from name if versioning should be avoided
+	if test "$avoid_version" = yes && test "$need_version" = no; then
+	  major=
+	  versuffix=
+	  verstring=""
+	fi
+
+	# Check to see if the archive will have undefined symbols.
+	if test "$allow_undefined" = yes; then
+	  if test "$allow_undefined_flag" = unsupported; then
+	    func_warning "undefined symbols not allowed in $host shared libraries"
+	    build_libtool_libs=no
+	    build_old_libs=yes
+	  fi
+	else
+	  # Don't allow undefined symbols.
+	  allow_undefined_flag="$no_undefined_flag"
+	fi
+
+      fi
+
+      func_generate_dlsyms "$libname" "$libname" "yes"
+      libobjs="$libobjs $symfileobj"
+      test "X$libobjs" = "X " && libobjs=
+
+      if test "$mode" != relink; then
+	# Remove our outputs, but don't remove object files since they
+	# may have been created when compiling PIC objects.
+	removelist=
+	tempremovelist=`$ECHO "$output_objdir/*"`
+	for p in $tempremovelist; do
+	  case $p in
+	    *.$objext | *.gcno)
+	       ;;
+	    $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*)
+	       if test "X$precious_files_regex" != "X"; then
+		 if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1
+		 then
+		   continue
+		 fi
+	       fi
+	       removelist="$removelist $p"
+	       ;;
+	    *) ;;
+	  esac
+	done
+	test -n "$removelist" && \
+	  func_show_eval "${RM}r \$removelist"
+      fi
+
+      # Now set the variables for building old libraries.
+      if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then
+	oldlibs="$oldlibs $output_objdir/$libname.$libext"
+
+	# Transform .lo files to .o files.
+	oldobjs="$objs "`$ECHO "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e "$lo2o" | $NL2SP`
+      fi
+
+      # Eliminate all temporary directories.
+      #for path in $notinst_path; do
+      #	lib_search_path=`$ECHO "X$lib_search_path " | $Xsed -e "s% $path % %g"`
+      #	deplibs=`$ECHO "X$deplibs " | $Xsed -e "s% -L$path % %g"`
+      #	dependency_libs=`$ECHO "X$dependency_libs " | $Xsed -e "s% -L$path % %g"`
+      #done
+
+      if test -n "$xrpath"; then
+	# If the user specified any rpath flags, then add them.
+	temp_xrpath=
+	for libdir in $xrpath; do
+	  temp_xrpath="$temp_xrpath -R$libdir"
+	  case "$finalize_rpath " in
+	  *" $libdir "*) ;;
+	  *) finalize_rpath="$finalize_rpath $libdir" ;;
+	  esac
+	done
+	if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then
+	  dependency_libs="$temp_xrpath $dependency_libs"
+	fi
+      fi
+
+      # Make sure dlfiles contains only unique files that won't be dlpreopened
+      old_dlfiles="$dlfiles"
+      dlfiles=
+      for lib in $old_dlfiles; do
+	case " $dlprefiles $dlfiles " in
+	*" $lib "*) ;;
+	*) dlfiles="$dlfiles $lib" ;;
+	esac
+      done
+
+      # Make sure dlprefiles contains only unique files
+      old_dlprefiles="$dlprefiles"
+      dlprefiles=
+      for lib in $old_dlprefiles; do
+	case "$dlprefiles " in
+	*" $lib "*) ;;
+	*) dlprefiles="$dlprefiles $lib" ;;
+	esac
+      done
+
+      if test "$build_libtool_libs" = yes; then
+	if test -n "$rpath"; then
+	  case $host in
+	  *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc*)
+	    # these systems don't actually have a c library (as such)!
+	    ;;
+	  *-*-rhapsody* | *-*-darwin1.[012])
+	    # Rhapsody C library is in the System framework
+	    deplibs="$deplibs System.ltframework"
+	    ;;
+	  *-*-netbsd*)
+	    # Don't link with libc until the a.out ld.so is fixed.
+	    ;;
+	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+	    # Do not include libc due to us having libc/libc_r.
+	    ;;
+	  *-*-sco3.2v5* | *-*-sco5v6*)
+	    # Causes problems with __ctype
+	    ;;
+	  *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
+	    # Compiler inserts libc in the correct place for threads to work
+	    ;;
+	  *)
+	    # Add libc to deplibs on all other systems if necessary.
+	    if test "$build_libtool_need_lc" = "yes"; then
+	      deplibs="$deplibs -lc"
+	    fi
+	    ;;
+	  esac
+	fi
+
+	# Transform deplibs into only deplibs that can be linked in shared.
+	name_save=$name
+	libname_save=$libname
+	release_save=$release
+	versuffix_save=$versuffix
+	major_save=$major
+	# I'm not sure if I'm treating the release correctly.  I think
+	# release should show up in the -l (ie -lgmp5) so we don't want to
+	# add it in twice.  Is that correct?
+	release=""
+	versuffix=""
+	major=""
+	newdeplibs=
+	droppeddeps=no
+	case $deplibs_check_method in
+	pass_all)
+	  # Don't check for shared/static.  Everything works.
+	  # This might be a little naive.  We might want to check
+	  # whether the library exists or not.  But this is on
+	  # osf3 & osf4 and I'm not really sure... Just
+	  # implementing what was already the behavior.
+	  newdeplibs=$deplibs
+	  ;;
+	test_compile)
+	  # This code stresses the "libraries are programs" paradigm to its
+	  # limits. Maybe even breaks it.  We compile a program, linking it
+	  # against the deplibs as a proxy for the library.  Then we can check
+	  # whether they linked in statically or dynamically with ldd.
+	  $opt_dry_run || $RM conftest.c
+	  cat > conftest.c <<EOF
+	  int main() { return 0; }
+EOF
+	  $opt_dry_run || $RM conftest
+	  if $LTCC $LTCFLAGS -o conftest conftest.c $deplibs; then
+	    ldd_output=`ldd conftest`
+	    for i in $deplibs; do
+	      case $i in
+	      -l*)
+		func_stripname -l '' "$i"
+		name=$func_stripname_result
+		if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+		  case " $predeps $postdeps " in
+		  *" $i "*)
+		    newdeplibs="$newdeplibs $i"
+		    i=""
+		    ;;
+		  esac
+		fi
+		if test -n "$i" ; then
+		  libname=`eval "\\$ECHO \"$libname_spec\""`
+		  deplib_matches=`eval "\\$ECHO \"$library_names_spec\""`
+		  set dummy $deplib_matches; shift
+		  deplib_match=$1
+		  if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+		    newdeplibs="$newdeplibs $i"
+		  else
+		    droppeddeps=yes
+		    $ECHO
+		    $ECHO "*** Warning: dynamic linker does not accept needed library $i."
+		    $ECHO "*** I have the capability to make that library automatically link in when"
+		    $ECHO "*** you link to this library.  But I can only do this if you have a"
+		    $ECHO "*** shared version of the library, which I believe you do not have"
+		    $ECHO "*** because a test_compile did reveal that the linker did not use it for"
+		    $ECHO "*** its dynamic dependency list that programs get resolved with at runtime."
+		  fi
+		fi
+		;;
+	      *)
+		newdeplibs="$newdeplibs $i"
+		;;
+	      esac
+	    done
+	  else
+	    # Error occurred in the first compile.  Let's try to salvage
+	    # the situation: Compile a separate program for each library.
+	    for i in $deplibs; do
+	      case $i in
+	      -l*)
+		func_stripname -l '' "$i"
+		name=$func_stripname_result
+		$opt_dry_run || $RM conftest
+		if $LTCC $LTCFLAGS -o conftest conftest.c $i; then
+		  ldd_output=`ldd conftest`
+		  if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+		    case " $predeps $postdeps " in
+		    *" $i "*)
+		      newdeplibs="$newdeplibs $i"
+		      i=""
+		      ;;
+		    esac
+		  fi
+		  if test -n "$i" ; then
+		    libname=`eval "\\$ECHO \"$libname_spec\""`
+		    deplib_matches=`eval "\\$ECHO \"$library_names_spec\""`
+		    set dummy $deplib_matches; shift
+		    deplib_match=$1
+		    if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+		      newdeplibs="$newdeplibs $i"
+		    else
+		      droppeddeps=yes
+		      $ECHO
+		      $ECHO "*** Warning: dynamic linker does not accept needed library $i."
+		      $ECHO "*** I have the capability to make that library automatically link in when"
+		      $ECHO "*** you link to this library.  But I can only do this if you have a"
+		      $ECHO "*** shared version of the library, which you do not appear to have"
+		      $ECHO "*** because a test_compile did reveal that the linker did not use this one"
+		      $ECHO "*** as a dynamic dependency that programs can get resolved with at runtime."
+		    fi
+		  fi
+		else
+		  droppeddeps=yes
+		  $ECHO
+		  $ECHO "*** Warning!  Library $i is needed by this library but I was not able to"
+		  $ECHO "*** make it link in!  You will probably need to install it or some"
+		  $ECHO "*** library that it depends on before this library will be fully"
+		  $ECHO "*** functional.  Installing it before continuing would be even better."
+		fi
+		;;
+	      *)
+		newdeplibs="$newdeplibs $i"
+		;;
+	      esac
+	    done
+	  fi
+	  ;;
+	file_magic*)
+	  set dummy $deplibs_check_method; shift
+	  file_magic_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
+	  for a_deplib in $deplibs; do
+	    case $a_deplib in
+	    -l*)
+	      func_stripname -l '' "$a_deplib"
+	      name=$func_stripname_result
+	      if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+		case " $predeps $postdeps " in
+		*" $a_deplib "*)
+		  newdeplibs="$newdeplibs $a_deplib"
+		  a_deplib=""
+		  ;;
+		esac
+	      fi
+	      if test -n "$a_deplib" ; then
+		libname=`eval "\\$ECHO \"$libname_spec\""`
+		for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+		  potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+		  for potent_lib in $potential_libs; do
+		      # Follow soft links.
+		      if ls -lLd "$potent_lib" 2>/dev/null |
+			 $GREP " -> " >/dev/null; then
+			continue
+		      fi
+		      # The statement above tries to avoid entering an
+		      # endless loop below, in case of cyclic links.
+		      # We might still enter an endless loop, since a link
+		      # loop can be closed while we follow links,
+		      # but so what?
+		      potlib="$potent_lib"
+		      while test -h "$potlib" 2>/dev/null; do
+			potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'`
+			case $potliblink in
+			[\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";;
+			*) potlib=`$ECHO "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";;
+			esac
+		      done
+		      if eval $file_magic_cmd \"\$potlib\" 2>/dev/null |
+			 $SED -e 10q |
+			 $EGREP "$file_magic_regex" > /dev/null; then
+			newdeplibs="$newdeplibs $a_deplib"
+			a_deplib=""
+			break 2
+		      fi
+		  done
+		done
+	      fi
+	      if test -n "$a_deplib" ; then
+		droppeddeps=yes
+		$ECHO
+		$ECHO "*** Warning: linker path does not have real file for library $a_deplib."
+		$ECHO "*** I have the capability to make that library automatically link in when"
+		$ECHO "*** you link to this library.  But I can only do this if you have a"
+		$ECHO "*** shared version of the library, which you do not appear to have"
+		$ECHO "*** because I did check the linker path looking for a file starting"
+		if test -z "$potlib" ; then
+		  $ECHO "*** with $libname but no candidates were found. (...for file magic test)"
+		else
+		  $ECHO "*** with $libname and none of the candidates passed a file format test"
+		  $ECHO "*** using a file magic. Last file checked: $potlib"
+		fi
+	      fi
+	      ;;
+	    *)
+	      # Add a -L argument.
+	      newdeplibs="$newdeplibs $a_deplib"
+	      ;;
+	    esac
+	  done # Gone through all deplibs.
+	  ;;
+	match_pattern*)
+	  set dummy $deplibs_check_method; shift
+	  match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
+	  for a_deplib in $deplibs; do
+	    case $a_deplib in
+	    -l*)
+	      func_stripname -l '' "$a_deplib"
+	      name=$func_stripname_result
+	      if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+		case " $predeps $postdeps " in
+		*" $a_deplib "*)
+		  newdeplibs="$newdeplibs $a_deplib"
+		  a_deplib=""
+		  ;;
+		esac
+	      fi
+	      if test -n "$a_deplib" ; then
+		libname=`eval "\\$ECHO \"$libname_spec\""`
+		for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+		  potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+		  for potent_lib in $potential_libs; do
+		    potlib="$potent_lib" # see symlink-check above in file_magic test
+		    if eval "\$ECHO \"X$potent_lib\"" 2>/dev/null | $Xsed -e 10q | \
+		       $EGREP "$match_pattern_regex" > /dev/null; then
+		      newdeplibs="$newdeplibs $a_deplib"
+		      a_deplib=""
+		      break 2
+		    fi
+		  done
+		done
+	      fi
+	      if test -n "$a_deplib" ; then
+		droppeddeps=yes
+		$ECHO
+		$ECHO "*** Warning: linker path does not have real file for library $a_deplib."
+		$ECHO "*** I have the capability to make that library automatically link in when"
+		$ECHO "*** you link to this library.  But I can only do this if you have a"
+		$ECHO "*** shared version of the library, which you do not appear to have"
+		$ECHO "*** because I did check the linker path looking for a file starting"
+		if test -z "$potlib" ; then
+		  $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)"
+		else
+		  $ECHO "*** with $libname and none of the candidates passed a file format test"
+		  $ECHO "*** using a regex pattern. Last file checked: $potlib"
+		fi
+	      fi
+	      ;;
+	    *)
+	      # Add a -L argument.
+	      newdeplibs="$newdeplibs $a_deplib"
+	      ;;
+	    esac
+	  done # Gone through all deplibs.
+	  ;;
+	none | unknown | *)
+	  newdeplibs=""
+	  tmp_deplibs=`$ECHO "X $deplibs" | $Xsed \
+	      -e 's/ -lc$//' -e 's/ -[LR][^ ]*//g'`
+	  if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+	    for i in $predeps $postdeps ; do
+	      # can't use Xsed below, because $i might contain '/'
+	      tmp_deplibs=`$ECHO "X $tmp_deplibs" | $Xsed -e "s,$i,,"`
+	    done
+	  fi
+	  if $ECHO "X $tmp_deplibs" | $Xsed -e 's/[	 ]//g' |
+	     $GREP . >/dev/null; then
+	    $ECHO
+	    if test "X$deplibs_check_method" = "Xnone"; then
+	      $ECHO "*** Warning: inter-library dependencies are not supported in this platform."
+	    else
+	      $ECHO "*** Warning: inter-library dependencies are not known to be supported."
+	    fi
+	    $ECHO "*** All declared inter-library dependencies are being dropped."
+	    droppeddeps=yes
+	  fi
+	  ;;
+	esac
+	versuffix=$versuffix_save
+	major=$major_save
+	release=$release_save
+	libname=$libname_save
+	name=$name_save
+
+	case $host in
+	*-*-rhapsody* | *-*-darwin1.[012])
+	  # On Rhapsody replace the C library with the System framework
+	  newdeplibs=`$ECHO "X $newdeplibs" | $Xsed -e 's/ -lc / System.ltframework /'`
+	  ;;
+	esac
+
+	if test "$droppeddeps" = yes; then
+	  if test "$module" = yes; then
+	    $ECHO
+	    $ECHO "*** Warning: libtool could not satisfy all declared inter-library"
+	    $ECHO "*** dependencies of module $libname.  Therefore, libtool will create"
+	    $ECHO "*** a static module, that should work as long as the dlopening"
+	    $ECHO "*** application is linked with the -dlopen flag."
+	    if test -z "$global_symbol_pipe"; then
+	      $ECHO
+	      $ECHO "*** However, this would only work if libtool was able to extract symbol"
+	      $ECHO "*** lists from a program, using \`nm' or equivalent, but libtool could"
+	      $ECHO "*** not find such a program.  So, this module is probably useless."
+	      $ECHO "*** \`nm' from GNU binutils and a full rebuild may help."
+	    fi
+	    if test "$build_old_libs" = no; then
+	      oldlibs="$output_objdir/$libname.$libext"
+	      build_libtool_libs=module
+	      build_old_libs=yes
+	    else
+	      build_libtool_libs=no
+	    fi
+	  else
+	    $ECHO "*** The inter-library dependencies that have been dropped here will be"
+	    $ECHO "*** automatically added whenever a program is linked with this library"
+	    $ECHO "*** or is declared to -dlopen it."
+
+	    if test "$allow_undefined" = no; then
+	      $ECHO
+	      $ECHO "*** Since this library must not contain undefined symbols,"
+	      $ECHO "*** because either the platform does not support them or"
+	      $ECHO "*** it was explicitly requested with -no-undefined,"
+	      $ECHO "*** libtool will only create a static version of it."
+	      if test "$build_old_libs" = no; then
+		oldlibs="$output_objdir/$libname.$libext"
+		build_libtool_libs=module
+		build_old_libs=yes
+	      else
+		build_libtool_libs=no
+	      fi
+	    fi
+	  fi
+	fi
+	# Done checking deplibs!
+	deplibs=$newdeplibs
+      fi
+      # Time to change all our "foo.ltframework" stuff back to "-framework foo"
+      case $host in
+	*-*-darwin*)
+	  newdeplibs=`$ECHO "X $newdeplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+	  new_inherited_linker_flags=`$ECHO "X $new_inherited_linker_flags" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+	  deplibs=`$ECHO "X $deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+	  ;;
+      esac
+
+      # move library search paths that coincide with paths to not yet
+      # installed libraries to the beginning of the library search list
+      new_libs=
+      for path in $notinst_path; do
+	case " $new_libs " in
+	*" -L$path/$objdir "*) ;;
+	*)
+	  case " $deplibs " in
+	  *" -L$path/$objdir "*)
+	    new_libs="$new_libs -L$path/$objdir" ;;
+	  esac
+	  ;;
+	esac
+      done
+      for deplib in $deplibs; do
+	case $deplib in
+	-L*)
+	  case " $new_libs " in
+	  *" $deplib "*) ;;
+	  *) new_libs="$new_libs $deplib" ;;
+	  esac
+	  ;;
+	*) new_libs="$new_libs $deplib" ;;
+	esac
+      done
+      deplibs="$new_libs"
+
+      # All the library-specific variables (install_libdir is set above).
+      library_names=
+      old_library=
+      dlname=
+
+      # Test again, we may have decided not to build it any more
+      if test "$build_libtool_libs" = yes; then
+	if test "$hardcode_into_libs" = yes; then
+	  # Hardcode the library paths
+	  hardcode_libdirs=
+	  dep_rpath=
+	  rpath="$finalize_rpath"
+	  test "$mode" != relink && rpath="$compile_rpath$rpath"
+	  for libdir in $rpath; do
+	    if test -n "$hardcode_libdir_flag_spec"; then
+	      if test -n "$hardcode_libdir_separator"; then
+		if test -z "$hardcode_libdirs"; then
+		  hardcode_libdirs="$libdir"
+		else
+		  # Just accumulate the unique libdirs.
+		  case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+		  *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+		    ;;
+		  *)
+		    hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+		    ;;
+		  esac
+		fi
+	      else
+		eval flag=\"$hardcode_libdir_flag_spec\"
+		dep_rpath="$dep_rpath $flag"
+	      fi
+	    elif test -n "$runpath_var"; then
+	      case "$perm_rpath " in
+	      *" $libdir "*) ;;
+	      *) perm_rpath="$perm_rpath $libdir" ;;
+	      esac
+	    fi
+	  done
+	  # Substitute the hardcoded libdirs into the rpath.
+	  if test -n "$hardcode_libdir_separator" &&
+	     test -n "$hardcode_libdirs"; then
+	    libdir="$hardcode_libdirs"
+	    if test -n "$hardcode_libdir_flag_spec_ld"; then
+	      eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\"
+	    else
+	      eval dep_rpath=\"$hardcode_libdir_flag_spec\"
+	    fi
+	  fi
+	  if test -n "$runpath_var" && test -n "$perm_rpath"; then
+	    # We should set the runpath_var.
+	    rpath=
+	    for dir in $perm_rpath; do
+	      rpath="$rpath$dir:"
+	    done
+	    eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var"
+	  fi
+	  test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs"
+	fi
+
+	shlibpath="$finalize_shlibpath"
+	test "$mode" != relink && shlibpath="$compile_shlibpath$shlibpath"
+	if test -n "$shlibpath"; then
+	  eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var"
+	fi
+
+	# Get the real and link names of the library.
+	eval shared_ext=\"$shrext_cmds\"
+	eval library_names=\"$library_names_spec\"
+	set dummy $library_names
+	shift
+	realname="$1"
+	shift
+
+	if test -n "$soname_spec"; then
+	  eval soname=\"$soname_spec\"
+	else
+	  soname="$realname"
+	fi
+	if test -z "$dlname"; then
+	  dlname=$soname
+	fi
+
+	lib="$output_objdir/$realname"
+	linknames=
+	for link
+	do
+	  linknames="$linknames $link"
+	done
+
+	# Use standard objects if they are pic
+	test -z "$pic_flag" && libobjs=`$ECHO "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+	test "X$libobjs" = "X " && libobjs=
+
+	delfiles=
+	if test -n "$export_symbols" && test -n "$include_expsyms"; then
+	  $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp"
+	  export_symbols="$output_objdir/$libname.uexp"
+	  delfiles="$delfiles $export_symbols"
+	fi
+
+	orig_export_symbols=
+	case $host_os in
+	cygwin* | mingw* | cegcc*)
+	  if test -n "$export_symbols" && test -z "$export_symbols_regex"; then
+	    # exporting using user supplied symfile
+	    if test "x`$SED 1q $export_symbols`" != xEXPORTS; then
+	      # and it's NOT already a .def file. Must figure out
+	      # which of the given symbols are data symbols and tag
+	      # them as such. So, trigger use of export_symbols_cmds.
+	      # export_symbols gets reassigned inside the "prepare
+	      # the list of exported symbols" if statement, so the
+	      # include_expsyms logic still works.
+	      orig_export_symbols="$export_symbols"
+	      export_symbols=
+	      always_export_symbols=yes
+	    fi
+	  fi
+	  ;;
+	esac
+
+	# Prepare the list of exported symbols
+	if test -z "$export_symbols"; then
+	  if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then
+	    func_verbose "generating symbol list for \`$libname.la'"
+	    export_symbols="$output_objdir/$libname.exp"
+	    $opt_dry_run || $RM $export_symbols
+	    cmds=$export_symbols_cmds
+	    save_ifs="$IFS"; IFS='~'
+	    for cmd in $cmds; do
+	      IFS="$save_ifs"
+	      eval cmd=\"$cmd\"
+	      func_len " $cmd"
+	      len=$func_len_result
+	      if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+		func_show_eval "$cmd" 'exit $?'
+		skipped_export=false
+	      else
+		# The command line is too long to execute in one step.
+		func_verbose "using reloadable object file for export list..."
+		skipped_export=:
+		# Break out early, otherwise skipped_export may be
+		# set to false by a later but shorter cmd.
+		break
+	      fi
+	    done
+	    IFS="$save_ifs"
+	    if test -n "$export_symbols_regex" && test "X$skipped_export" != "X:"; then
+	      func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
+	      func_show_eval '$MV "${export_symbols}T" "$export_symbols"'
+	    fi
+	  fi
+	fi
+
+	if test -n "$export_symbols" && test -n "$include_expsyms"; then
+	  tmp_export_symbols="$export_symbols"
+	  test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols"
+	  $opt_dry_run || eval '$ECHO "X$include_expsyms" | $Xsed | $SP2NL >> "$tmp_export_symbols"'
+	fi
+
+	if test "X$skipped_export" != "X:" && test -n "$orig_export_symbols"; then
+	  # The given exports_symbols file has to be filtered, so filter it.
+	  func_verbose "filter symbol list for \`$libname.la' to tag DATA exports"
+	  # FIXME: $output_objdir/$libname.filter potentially contains lots of
+	  # 's' commands which not all seds can handle. GNU sed should be fine
+	  # though. Also, the filter scales superlinearly with the number of
+	  # global variables. join(1) would be nice here, but unfortunately
+	  # isn't a blessed tool.
+	  $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter
+	  delfiles="$delfiles $export_symbols $output_objdir/$libname.filter"
+	  export_symbols=$output_objdir/$libname.def
+	  $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols
+	fi
+
+	tmp_deplibs=
+	for test_deplib in $deplibs; do
+	  case " $convenience " in
+	  *" $test_deplib "*) ;;
+	  *)
+	    tmp_deplibs="$tmp_deplibs $test_deplib"
+	    ;;
+	  esac
+	done
+	deplibs="$tmp_deplibs"
+
+	if test -n "$convenience"; then
+	  if test -n "$whole_archive_flag_spec" &&
+	    test "$compiler_needs_object" = yes &&
+	    test -z "$libobjs"; then
+	    # extract the archives, so we have objects to list.
+	    # TODO: could optimize this to just extract one archive.
+	    whole_archive_flag_spec=
+	  fi
+	  if test -n "$whole_archive_flag_spec"; then
+	    save_libobjs=$libobjs
+	    eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
+	    test "X$libobjs" = "X " && libobjs=
+	  else
+	    gentop="$output_objdir/${outputname}x"
+	    generated="$generated $gentop"
+
+	    func_extract_archives $gentop $convenience
+	    libobjs="$libobjs $func_extract_archives_result"
+	    test "X$libobjs" = "X " && libobjs=
+	  fi
+	fi
+
+	if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then
+	  eval flag=\"$thread_safe_flag_spec\"
+	  linker_flags="$linker_flags $flag"
+	fi
+
+	# Make a backup of the uninstalled library when relinking
+	if test "$mode" = relink; then
+	  $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $?
+	fi
+
+	# Do each of the archive commands.
+	if test "$module" = yes && test -n "$module_cmds" ; then
+	  if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+	    eval test_cmds=\"$module_expsym_cmds\"
+	    cmds=$module_expsym_cmds
+	  else
+	    eval test_cmds=\"$module_cmds\"
+	    cmds=$module_cmds
+	  fi
+	else
+	  if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
+	    eval test_cmds=\"$archive_expsym_cmds\"
+	    cmds=$archive_expsym_cmds
+	  else
+	    eval test_cmds=\"$archive_cmds\"
+	    cmds=$archive_cmds
+	  fi
+	fi
+
+	if test "X$skipped_export" != "X:" &&
+	   func_len " $test_cmds" &&
+	   len=$func_len_result &&
+	   test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+	  :
+	else
+	  # The command line is too long to link in one step, link piecewise
+	  # or, if using GNU ld and skipped_export is not :, use a linker
+	  # script.
+
+	  # Save the value of $output and $libobjs because we want to
+	  # use them later.  If we have whole_archive_flag_spec, we
+	  # want to use save_libobjs as it was before
+	  # whole_archive_flag_spec was expanded, because we can't
+	  # assume the linker understands whole_archive_flag_spec.
+	  # This may have to be revisited, in case too many
+	  # convenience libraries get linked in and end up exceeding
+	  # the spec.
+	  if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then
+	    save_libobjs=$libobjs
+	  fi
+	  save_output=$output
+	  output_la=`$ECHO "X$output" | $Xsed -e "$basename"`
+
+	  # Clear the reloadable object creation command queue and
+	  # initialize k to one.
+	  test_cmds=
+	  concat_cmds=
+	  objlist=
+	  last_robj=
+	  k=1
+
+	  if test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "$with_gnu_ld" = yes; then
+	    output=${output_objdir}/${output_la}.lnkscript
+	    func_verbose "creating GNU ld script: $output"
+	    $ECHO 'INPUT (' > $output
+	    for obj in $save_libobjs
+	    do
+	      $ECHO "$obj" >> $output
+	    done
+	    $ECHO ')' >> $output
+	    delfiles="$delfiles $output"
+	  elif test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "X$file_list_spec" != X; then
+	    output=${output_objdir}/${output_la}.lnk
+	    func_verbose "creating linker input file list: $output"
+	    : > $output
+	    set x $save_libobjs
+	    shift
+	    firstobj=
+	    if test "$compiler_needs_object" = yes; then
+	      firstobj="$1 "
+	      shift
+	    fi
+	    for obj
+	    do
+	      $ECHO "$obj" >> $output
+	    done
+	    delfiles="$delfiles $output"
+	    output=$firstobj\"$file_list_spec$output\"
+	  else
+	    if test -n "$save_libobjs"; then
+	      func_verbose "creating reloadable object files..."
+	      output=$output_objdir/$output_la-${k}.$objext
+	      eval test_cmds=\"$reload_cmds\"
+	      func_len " $test_cmds"
+	      len0=$func_len_result
+	      len=$len0
+
+	      # Loop over the list of objects to be linked.
+	      for obj in $save_libobjs
+	      do
+		func_len " $obj"
+		func_arith $len + $func_len_result
+		len=$func_arith_result
+		if test "X$objlist" = X ||
+		   test "$len" -lt "$max_cmd_len"; then
+		  func_append objlist " $obj"
+		else
+		  # The command $test_cmds is almost too long, add a
+		  # command to the queue.
+		  if test "$k" -eq 1 ; then
+		    # The first file doesn't have a previous command to add.
+		    eval concat_cmds=\"$reload_cmds $objlist $last_robj\"
+		  else
+		    # All subsequent reloadable object files will link in
+		    # the last one created.
+		    eval concat_cmds=\"\$concat_cmds~$reload_cmds $objlist $last_robj~\$RM $last_robj\"
+		  fi
+		  last_robj=$output_objdir/$output_la-${k}.$objext
+		  func_arith $k + 1
+		  k=$func_arith_result
+		  output=$output_objdir/$output_la-${k}.$objext
+		  objlist=$obj
+		  func_len " $last_robj"
+		  func_arith $len0 + $func_len_result
+		  len=$func_arith_result
+		fi
+	      done
+	      # Handle the remaining objects by creating one last
+	      # reloadable object file.  All subsequent reloadable object
+	      # files will link in the last one created.
+	      test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+	      eval concat_cmds=\"\${concat_cmds}$reload_cmds $objlist $last_robj\"
+	      if test -n "$last_robj"; then
+	        eval concat_cmds=\"\${concat_cmds}~\$RM $last_robj\"
+	      fi
+	      delfiles="$delfiles $output"
+
+	    else
+	      output=
+	    fi
+
+	    if ${skipped_export-false}; then
+	      func_verbose "generating symbol list for \`$libname.la'"
+	      export_symbols="$output_objdir/$libname.exp"
+	      $opt_dry_run || $RM $export_symbols
+	      libobjs=$output
+	      # Append the command to create the export file.
+	      test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+	      eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\"
+	      if test -n "$last_robj"; then
+		eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\"
+	      fi
+	    fi
+
+	    test -n "$save_libobjs" &&
+	      func_verbose "creating a temporary reloadable object file: $output"
+
+	    # Loop through the commands generated above and execute them.
+	    save_ifs="$IFS"; IFS='~'
+	    for cmd in $concat_cmds; do
+	      IFS="$save_ifs"
+	      $opt_silent || {
+		  func_quote_for_expand "$cmd"
+		  eval "func_echo $func_quote_for_expand_result"
+	      }
+	      $opt_dry_run || eval "$cmd" || {
+		lt_exit=$?
+
+		# Restore the uninstalled library and exit
+		if test "$mode" = relink; then
+		  ( cd "$output_objdir" && \
+		    $RM "${realname}T" && \
+		    $MV "${realname}U" "$realname" )
+		fi
+
+		exit $lt_exit
+	      }
+	    done
+	    IFS="$save_ifs"
+
+	    if test -n "$export_symbols_regex" && ${skipped_export-false}; then
+	      func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
+	      func_show_eval '$MV "${export_symbols}T" "$export_symbols"'
+	    fi
+	  fi
+
+          if ${skipped_export-false}; then
+	    if test -n "$export_symbols" && test -n "$include_expsyms"; then
+	      tmp_export_symbols="$export_symbols"
+	      test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols"
+	      $opt_dry_run || eval '$ECHO "X$include_expsyms" | $Xsed | $SP2NL >> "$tmp_export_symbols"'
+	    fi
+
+	    if test -n "$orig_export_symbols"; then
+	      # The given exports_symbols file has to be filtered, so filter it.
+	      func_verbose "filter symbol list for \`$libname.la' to tag DATA exports"
+	      # FIXME: $output_objdir/$libname.filter potentially contains lots of
+	      # 's' commands which not all seds can handle. GNU sed should be fine
+	      # though. Also, the filter scales superlinearly with the number of
+	      # global variables. join(1) would be nice here, but unfortunately
+	      # isn't a blessed tool.
+	      $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter
+	      delfiles="$delfiles $export_symbols $output_objdir/$libname.filter"
+	      export_symbols=$output_objdir/$libname.def
+	      $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols
+	    fi
+	  fi
+
+	  libobjs=$output
+	  # Restore the value of output.
+	  output=$save_output
+
+	  if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then
+	    eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
+	    test "X$libobjs" = "X " && libobjs=
+	  fi
+	  # Expand the library linking commands again to reset the
+	  # value of $libobjs for piecewise linking.
+
+	  # Do each of the archive commands.
+	  if test "$module" = yes && test -n "$module_cmds" ; then
+	    if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+	      cmds=$module_expsym_cmds
+	    else
+	      cmds=$module_cmds
+	    fi
+	  else
+	    if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
+	      cmds=$archive_expsym_cmds
+	    else
+	      cmds=$archive_cmds
+	    fi
+	  fi
+	fi
+
+	if test -n "$delfiles"; then
+	  # Append the command to remove temporary files to $cmds.
+	  eval cmds=\"\$cmds~\$RM $delfiles\"
+	fi
+
+	# Add any objects from preloaded convenience libraries
+	if test -n "$dlprefiles"; then
+	  gentop="$output_objdir/${outputname}x"
+	  generated="$generated $gentop"
+
+	  func_extract_archives $gentop $dlprefiles
+	  libobjs="$libobjs $func_extract_archives_result"
+	  test "X$libobjs" = "X " && libobjs=
+	fi
+
+	save_ifs="$IFS"; IFS='~'
+	for cmd in $cmds; do
+	  IFS="$save_ifs"
+	  eval cmd=\"$cmd\"
+	  $opt_silent || {
+	    func_quote_for_expand "$cmd"
+	    eval "func_echo $func_quote_for_expand_result"
+	  }
+	  $opt_dry_run || eval "$cmd" || {
+	    lt_exit=$?
+
+	    # Restore the uninstalled library and exit
+	    if test "$mode" = relink; then
+	      ( cd "$output_objdir" && \
+	        $RM "${realname}T" && \
+		$MV "${realname}U" "$realname" )
+	    fi
+
+	    exit $lt_exit
+	  }
+	done
+	IFS="$save_ifs"
+
+	# Restore the uninstalled library and exit
+	if test "$mode" = relink; then
+	  $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $?
+
+	  if test -n "$convenience"; then
+	    if test -z "$whole_archive_flag_spec"; then
+	      func_show_eval '${RM}r "$gentop"'
+	    fi
+	  fi
+
+	  exit $EXIT_SUCCESS
+	fi
+
+	# Create links to the real library.
+	for linkname in $linknames; do
+	  if test "$realname" != "$linkname"; then
+	    func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?'
+	  fi
+	done
+
+	# If -module or -export-dynamic was specified, set the dlname.
+	if test "$module" = yes || test "$export_dynamic" = yes; then
+	  # On all known operating systems, these are identical.
+	  dlname="$soname"
+	fi
+      fi
+      ;;
+
+    obj)
+      if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+	func_warning "\`-dlopen' is ignored for objects"
+      fi
+
+      case " $deplibs" in
+      *\ -l* | *\ -L*)
+	func_warning "\`-l' and \`-L' are ignored for objects" ;;
+      esac
+
+      test -n "$rpath" && \
+	func_warning "\`-rpath' is ignored for objects"
+
+      test -n "$xrpath" && \
+	func_warning "\`-R' is ignored for objects"
+
+      test -n "$vinfo" && \
+	func_warning "\`-version-info' is ignored for objects"
+
+      test -n "$release" && \
+	func_warning "\`-release' is ignored for objects"
+
+      case $output in
+      *.lo)
+	test -n "$objs$old_deplibs" && \
+	  func_fatal_error "cannot build library object \`$output' from non-libtool objects"
+
+	libobj=$output
+	func_lo2o "$libobj"
+	obj=$func_lo2o_result
+	;;
+      *)
+	libobj=
+	obj="$output"
+	;;
+      esac
+
+      # Delete the old objects.
+      $opt_dry_run || $RM $obj $libobj
+
+      # Objects from convenience libraries.  This assumes
+      # single-version convenience libraries.  Whenever we create
+      # different ones for PIC/non-PIC, this we'll have to duplicate
+      # the extraction.
+      reload_conv_objs=
+      gentop=
+      # reload_cmds runs $LD directly, so let us get rid of
+      # -Wl from whole_archive_flag_spec and hope we can get by with
+      # turning comma into space..
+      wl=
+
+      if test -n "$convenience"; then
+	if test -n "$whole_archive_flag_spec"; then
+	  eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\"
+	  reload_conv_objs=$reload_objs\ `$ECHO "X$tmp_whole_archive_flags" | $Xsed -e 's|,| |g'`
+	else
+	  gentop="$output_objdir/${obj}x"
+	  generated="$generated $gentop"
+
+	  func_extract_archives $gentop $convenience
+	  reload_conv_objs="$reload_objs $func_extract_archives_result"
+	fi
+      fi
+
+      # Create the old-style object.
+      reload_objs="$objs$old_deplibs "`$ECHO "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test
+
+      output="$obj"
+      func_execute_cmds "$reload_cmds" 'exit $?'
+
+      # Exit if we aren't doing a library object file.
+      if test -z "$libobj"; then
+	if test -n "$gentop"; then
+	  func_show_eval '${RM}r "$gentop"'
+	fi
+
+	exit $EXIT_SUCCESS
+      fi
+
+      if test "$build_libtool_libs" != yes; then
+	if test -n "$gentop"; then
+	  func_show_eval '${RM}r "$gentop"'
+	fi
+
+	# Create an invalid libtool object if no PIC, so that we don't
+	# accidentally link it into a program.
+	# $show "echo timestamp > $libobj"
+	# $opt_dry_run || eval "echo timestamp > $libobj" || exit $?
+	exit $EXIT_SUCCESS
+      fi
+
+      if test -n "$pic_flag" || test "$pic_mode" != default; then
+	# Only do commands if we really have different PIC objects.
+	reload_objs="$libobjs $reload_conv_objs"
+	output="$libobj"
+	func_execute_cmds "$reload_cmds" 'exit $?'
+      fi
+
+      if test -n "$gentop"; then
+	func_show_eval '${RM}r "$gentop"'
+      fi
+
+      exit $EXIT_SUCCESS
+      ;;
+
+    prog)
+      case $host in
+	*cygwin*) func_stripname '' '.exe' "$output"
+	          output=$func_stripname_result.exe;;
+      esac
+      test -n "$vinfo" && \
+	func_warning "\`-version-info' is ignored for programs"
+
+      test -n "$release" && \
+	func_warning "\`-release' is ignored for programs"
+
+      test "$preload" = yes \
+        && test "$dlopen_support" = unknown \
+	&& test "$dlopen_self" = unknown \
+	&& test "$dlopen_self_static" = unknown && \
+	  func_warning "\`LT_INIT([dlopen])' not used. Assuming no dlopen support."
+
+      case $host in
+      *-*-rhapsody* | *-*-darwin1.[012])
+	# On Rhapsody replace the C library is the System framework
+	compile_deplibs=`$ECHO "X $compile_deplibs" | $Xsed -e 's/ -lc / System.ltframework /'`
+	finalize_deplibs=`$ECHO "X $finalize_deplibs" | $Xsed -e 's/ -lc / System.ltframework /'`
+	;;
+      esac
+
+      case $host in
+      *-*-darwin*)
+	# Don't allow lazy linking, it breaks C++ global constructors
+	# But is supposedly fixed on 10.4 or later (yay!).
+	if test "$tagname" = CXX ; then
+	  case ${MACOSX_DEPLOYMENT_TARGET-10.0} in
+	    10.[0123])
+	      compile_command="$compile_command ${wl}-bind_at_load"
+	      finalize_command="$finalize_command ${wl}-bind_at_load"
+	    ;;
+	  esac
+	fi
+	# Time to change all our "foo.ltframework" stuff back to "-framework foo"
+	compile_deplibs=`$ECHO "X $compile_deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+	finalize_deplibs=`$ECHO "X $finalize_deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+	;;
+      esac
+
+
+      # move library search paths that coincide with paths to not yet
+      # installed libraries to the beginning of the library search list
+      new_libs=
+      for path in $notinst_path; do
+	case " $new_libs " in
+	*" -L$path/$objdir "*) ;;
+	*)
+	  case " $compile_deplibs " in
+	  *" -L$path/$objdir "*)
+	    new_libs="$new_libs -L$path/$objdir" ;;
+	  esac
+	  ;;
+	esac
+      done
+      for deplib in $compile_deplibs; do
+	case $deplib in
+	-L*)
+	  case " $new_libs " in
+	  *" $deplib "*) ;;
+	  *) new_libs="$new_libs $deplib" ;;
+	  esac
+	  ;;
+	*) new_libs="$new_libs $deplib" ;;
+	esac
+      done
+      compile_deplibs="$new_libs"
+
+
+      compile_command="$compile_command $compile_deplibs"
+      finalize_command="$finalize_command $finalize_deplibs"
+
+      if test -n "$rpath$xrpath"; then
+	# If the user specified any rpath flags, then add them.
+	for libdir in $rpath $xrpath; do
+	  # This is the magic to use -rpath.
+	  case "$finalize_rpath " in
+	  *" $libdir "*) ;;
+	  *) finalize_rpath="$finalize_rpath $libdir" ;;
+	  esac
+	done
+      fi
+
+      # Now hardcode the library paths
+      rpath=
+      hardcode_libdirs=
+      for libdir in $compile_rpath $finalize_rpath; do
+	if test -n "$hardcode_libdir_flag_spec"; then
+	  if test -n "$hardcode_libdir_separator"; then
+	    if test -z "$hardcode_libdirs"; then
+	      hardcode_libdirs="$libdir"
+	    else
+	      # Just accumulate the unique libdirs.
+	      case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+	      *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+		;;
+	      *)
+		hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+		;;
+	      esac
+	    fi
+	  else
+	    eval flag=\"$hardcode_libdir_flag_spec\"
+	    rpath="$rpath $flag"
+	  fi
+	elif test -n "$runpath_var"; then
+	  case "$perm_rpath " in
+	  *" $libdir "*) ;;
+	  *) perm_rpath="$perm_rpath $libdir" ;;
+	  esac
+	fi
+	case $host in
+	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+	  testbindir=`${ECHO} "$libdir" | ${SED} -e 's*/lib$*/bin*'`
+	  case :$dllsearchpath: in
+	  *":$libdir:"*) ;;
+	  ::) dllsearchpath=$libdir;;
+	  *) dllsearchpath="$dllsearchpath:$libdir";;
+	  esac
+	  case :$dllsearchpath: in
+	  *":$testbindir:"*) ;;
+	  ::) dllsearchpath=$testbindir;;
+	  *) dllsearchpath="$dllsearchpath:$testbindir";;
+	  esac
+	  ;;
+	esac
+      done
+      # Substitute the hardcoded libdirs into the rpath.
+      if test -n "$hardcode_libdir_separator" &&
+	 test -n "$hardcode_libdirs"; then
+	libdir="$hardcode_libdirs"
+	eval rpath=\" $hardcode_libdir_flag_spec\"
+      fi
+      compile_rpath="$rpath"
+
+      rpath=
+      hardcode_libdirs=
+      for libdir in $finalize_rpath; do
+	if test -n "$hardcode_libdir_flag_spec"; then
+	  if test -n "$hardcode_libdir_separator"; then
+	    if test -z "$hardcode_libdirs"; then
+	      hardcode_libdirs="$libdir"
+	    else
+	      # Just accumulate the unique libdirs.
+	      case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+	      *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+		;;
+	      *)
+		hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+		;;
+	      esac
+	    fi
+	  else
+	    eval flag=\"$hardcode_libdir_flag_spec\"
+	    rpath="$rpath $flag"
+	  fi
+	elif test -n "$runpath_var"; then
+	  case "$finalize_perm_rpath " in
+	  *" $libdir "*) ;;
+	  *) finalize_perm_rpath="$finalize_perm_rpath $libdir" ;;
+	  esac
+	fi
+      done
+      # Substitute the hardcoded libdirs into the rpath.
+      if test -n "$hardcode_libdir_separator" &&
+	 test -n "$hardcode_libdirs"; then
+	libdir="$hardcode_libdirs"
+	eval rpath=\" $hardcode_libdir_flag_spec\"
+      fi
+      finalize_rpath="$rpath"
+
+      if test -n "$libobjs" && test "$build_old_libs" = yes; then
+	# Transform all the library objects into standard objects.
+	compile_command=`$ECHO "X$compile_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+	finalize_command=`$ECHO "X$finalize_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+      fi
+
+      func_generate_dlsyms "$outputname" "@PROGRAM@" "no"
+
+      # template prelinking step
+      if test -n "$prelink_cmds"; then
+	func_execute_cmds "$prelink_cmds" 'exit $?'
+      fi
+
+      wrappers_required=yes
+      case $host in
+      *cygwin* | *mingw* )
+        if test "$build_libtool_libs" != yes; then
+          wrappers_required=no
+        fi
+        ;;
+      *cegcc)
+        # Disable wrappers for cegcc, we are cross compiling anyway.
+        wrappers_required=no
+        ;;
+      *)
+        if test "$need_relink" = no || test "$build_libtool_libs" != yes; then
+          wrappers_required=no
+        fi
+        ;;
+      esac
+      if test "$wrappers_required" = no; then
+	# Replace the output file specification.
+	compile_command=`$ECHO "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
+	link_command="$compile_command$compile_rpath"
+
+	# We have no uninstalled library dependencies, so finalize right now.
+	exit_status=0
+	func_show_eval "$link_command" 'exit_status=$?'
+
+	# Delete the generated files.
+	if test -f "$output_objdir/${outputname}S.${objext}"; then
+	  func_show_eval '$RM "$output_objdir/${outputname}S.${objext}"'
+	fi
+
+	exit $exit_status
+      fi
+
+      if test -n "$compile_shlibpath$finalize_shlibpath"; then
+	compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command"
+      fi
+      if test -n "$finalize_shlibpath"; then
+	finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command"
+      fi
+
+      compile_var=
+      finalize_var=
+      if test -n "$runpath_var"; then
+	if test -n "$perm_rpath"; then
+	  # We should set the runpath_var.
+	  rpath=
+	  for dir in $perm_rpath; do
+	    rpath="$rpath$dir:"
+	  done
+	  compile_var="$runpath_var=\"$rpath\$$runpath_var\" "
+	fi
+	if test -n "$finalize_perm_rpath"; then
+	  # We should set the runpath_var.
+	  rpath=
+	  for dir in $finalize_perm_rpath; do
+	    rpath="$rpath$dir:"
+	  done
+	  finalize_var="$runpath_var=\"$rpath\$$runpath_var\" "
+	fi
+      fi
+
+      if test "$no_install" = yes; then
+	# We don't need to create a wrapper script.
+	link_command="$compile_var$compile_command$compile_rpath"
+	# Replace the output file specification.
+	link_command=`$ECHO "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
+	# Delete the old output file.
+	$opt_dry_run || $RM $output
+	# Link the executable and exit
+	func_show_eval "$link_command" 'exit $?'
+	exit $EXIT_SUCCESS
+      fi
+
+      if test "$hardcode_action" = relink; then
+	# Fast installation is not supported
+	link_command="$compile_var$compile_command$compile_rpath"
+	relink_command="$finalize_var$finalize_command$finalize_rpath"
+
+	func_warning "this platform does not like uninstalled shared libraries"
+	func_warning "\`$output' will be relinked during installation"
+      else
+	if test "$fast_install" != no; then
+	  link_command="$finalize_var$compile_command$finalize_rpath"
+	  if test "$fast_install" = yes; then
+	    relink_command=`$ECHO "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'`
+	  else
+	    # fast_install is set to needless
+	    relink_command=
+	  fi
+	else
+	  link_command="$compile_var$compile_command$compile_rpath"
+	  relink_command="$finalize_var$finalize_command$finalize_rpath"
+	fi
+      fi
+
+      # Replace the output file specification.
+      link_command=`$ECHO "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'`
+
+      # Delete the old output files.
+      $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname
+
+      func_show_eval "$link_command" 'exit $?'
+
+      # Now create the wrapper script.
+      func_verbose "creating $output"
+
+      # Quote the relink command for shipping.
+      if test -n "$relink_command"; then
+	# Preserve any variables that may affect compiler behavior
+	for var in $variables_saved_for_relink; do
+	  if eval test -z \"\${$var+set}\"; then
+	    relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command"
+	  elif eval var_value=\$$var; test -z "$var_value"; then
+	    relink_command="$var=; export $var; $relink_command"
+	  else
+	    func_quote_for_eval "$var_value"
+	    relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
+	  fi
+	done
+	relink_command="(cd `pwd`; $relink_command)"
+	relink_command=`$ECHO "X$relink_command" | $Xsed -e "$sed_quote_subst"`
+      fi
+
+      # Quote $ECHO for shipping.
+      if test "X$ECHO" = "X$SHELL $progpath --fallback-echo"; then
+	case $progpath in
+	[\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $progpath --fallback-echo";;
+	*) qecho="$SHELL `pwd`/$progpath --fallback-echo";;
+	esac
+	qecho=`$ECHO "X$qecho" | $Xsed -e "$sed_quote_subst"`
+      else
+	qecho=`$ECHO "X$ECHO" | $Xsed -e "$sed_quote_subst"`
+      fi
+
+      # Only actually do things if not in dry run mode.
+      $opt_dry_run || {
+	# win32 will think the script is a binary if it has
+	# a .exe suffix, so we strip it off here.
+	case $output in
+	  *.exe) func_stripname '' '.exe' "$output"
+	         output=$func_stripname_result ;;
+	esac
+	# test for cygwin because mv fails w/o .exe extensions
+	case $host in
+	  *cygwin*)
+	    exeext=.exe
+	    func_stripname '' '.exe' "$outputname"
+	    outputname=$func_stripname_result ;;
+	  *) exeext= ;;
+	esac
+	case $host in
+	  *cygwin* | *mingw* )
+	    func_dirname_and_basename "$output" "" "."
+	    output_name=$func_basename_result
+	    output_path=$func_dirname_result
+	    cwrappersource="$output_path/$objdir/lt-$output_name.c"
+	    cwrapper="$output_path/$output_name.exe"
+	    $RM $cwrappersource $cwrapper
+	    trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15
+
+	    func_emit_cwrapperexe_src > $cwrappersource
+
+	    # The wrapper executable is built using the $host compiler,
+	    # because it contains $host paths and files. If cross-
+	    # compiling, it, like the target executable, must be
+	    # executed on the $host or under an emulation environment.
+	    $opt_dry_run || {
+	      $LTCC $LTCFLAGS -o $cwrapper $cwrappersource
+	      $STRIP $cwrapper
+	    }
+
+	    # Now, create the wrapper script for func_source use:
+	    func_ltwrapper_scriptname $cwrapper
+	    $RM $func_ltwrapper_scriptname_result
+	    trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15
+	    $opt_dry_run || {
+	      # note: this script will not be executed, so do not chmod.
+	      if test "x$build" = "x$host" ; then
+		$cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result
+	      else
+		func_emit_wrapper no > $func_ltwrapper_scriptname_result
+	      fi
+	    }
+	  ;;
+	  * )
+	    $RM $output
+	    trap "$RM $output; exit $EXIT_FAILURE" 1 2 15
+
+	    func_emit_wrapper no > $output
+	    chmod +x $output
+	  ;;
+	esac
+      }
+      exit $EXIT_SUCCESS
+      ;;
+    esac
+
+    # See if we need to build an old-fashioned archive.
+    for oldlib in $oldlibs; do
+
+      if test "$build_libtool_libs" = convenience; then
+	oldobjs="$libobjs_save $symfileobj"
+	addlibs="$convenience"
+	build_libtool_libs=no
+      else
+	if test "$build_libtool_libs" = module; then
+	  oldobjs="$libobjs_save"
+	  build_libtool_libs=no
+	else
+	  oldobjs="$old_deplibs $non_pic_objects"
+	  if test "$preload" = yes && test -f "$symfileobj"; then
+	    oldobjs="$oldobjs $symfileobj"
+	  fi
+	fi
+	addlibs="$old_convenience"
+      fi
+
+      if test -n "$addlibs"; then
+	gentop="$output_objdir/${outputname}x"
+	generated="$generated $gentop"
+
+	func_extract_archives $gentop $addlibs
+	oldobjs="$oldobjs $func_extract_archives_result"
+      fi
+
+      # Do each command in the archive commands.
+      if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then
+	cmds=$old_archive_from_new_cmds
+      else
+
+	# Add any objects from preloaded convenience libraries
+	if test -n "$dlprefiles"; then
+	  gentop="$output_objdir/${outputname}x"
+	  generated="$generated $gentop"
+
+	  func_extract_archives $gentop $dlprefiles
+	  oldobjs="$oldobjs $func_extract_archives_result"
+	fi
+
+	# POSIX demands no paths to be encoded in archives.  We have
+	# to avoid creating archives with duplicate basenames if we
+	# might have to extract them afterwards, e.g., when creating a
+	# static archive out of a convenience library, or when linking
+	# the entirety of a libtool archive into another (currently
+	# not supported by libtool).
+	if (for obj in $oldobjs
+	    do
+	      func_basename "$obj"
+	      $ECHO "$func_basename_result"
+	    done | sort | sort -uc >/dev/null 2>&1); then
+	  :
+	else
+	  $ECHO "copying selected object files to avoid basename conflicts..."
+	  gentop="$output_objdir/${outputname}x"
+	  generated="$generated $gentop"
+	  func_mkdir_p "$gentop"
+	  save_oldobjs=$oldobjs
+	  oldobjs=
+	  counter=1
+	  for obj in $save_oldobjs
+	  do
+	    func_basename "$obj"
+	    objbase="$func_basename_result"
+	    case " $oldobjs " in
+	    " ") oldobjs=$obj ;;
+	    *[\ /]"$objbase "*)
+	      while :; do
+		# Make sure we don't pick an alternate name that also
+		# overlaps.
+		newobj=lt$counter-$objbase
+		func_arith $counter + 1
+		counter=$func_arith_result
+		case " $oldobjs " in
+		*[\ /]"$newobj "*) ;;
+		*) if test ! -f "$gentop/$newobj"; then break; fi ;;
+		esac
+	      done
+	      func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj"
+	      oldobjs="$oldobjs $gentop/$newobj"
+	      ;;
+	    *) oldobjs="$oldobjs $obj" ;;
+	    esac
+	  done
+	fi
+	eval cmds=\"$old_archive_cmds\"
+
+	func_len " $cmds"
+	len=$func_len_result
+	if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+	  cmds=$old_archive_cmds
+	else
+	  # the command line is too long to link in one step, link in parts
+	  func_verbose "using piecewise archive linking..."
+	  save_RANLIB=$RANLIB
+	  RANLIB=:
+	  objlist=
+	  concat_cmds=
+	  save_oldobjs=$oldobjs
+	  oldobjs=
+	  # Is there a better way of finding the last object in the list?
+	  for obj in $save_oldobjs
+	  do
+	    last_oldobj=$obj
+	  done
+	  eval test_cmds=\"$old_archive_cmds\"
+	  func_len " $test_cmds"
+	  len0=$func_len_result
+	  len=$len0
+	  for obj in $save_oldobjs
+	  do
+	    func_len " $obj"
+	    func_arith $len + $func_len_result
+	    len=$func_arith_result
+	    func_append objlist " $obj"
+	    if test "$len" -lt "$max_cmd_len"; then
+	      :
+	    else
+	      # the above command should be used before it gets too long
+	      oldobjs=$objlist
+	      if test "$obj" = "$last_oldobj" ; then
+		RANLIB=$save_RANLIB
+	      fi
+	      test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+	      eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\"
+	      objlist=
+	      len=$len0
+	    fi
+	  done
+	  RANLIB=$save_RANLIB
+	  oldobjs=$objlist
+	  if test "X$oldobjs" = "X" ; then
+	    eval cmds=\"\$concat_cmds\"
+	  else
+	    eval cmds=\"\$concat_cmds~\$old_archive_cmds\"
+	  fi
+	fi
+      fi
+      func_execute_cmds "$cmds" 'exit $?'
+    done
+
+    test -n "$generated" && \
+      func_show_eval "${RM}r$generated"
+
+    # Now create the libtool archive.
+    case $output in
+    *.la)
+      old_library=
+      test "$build_old_libs" = yes && old_library="$libname.$libext"
+      func_verbose "creating $output"
+
+      # Preserve any variables that may affect compiler behavior
+      for var in $variables_saved_for_relink; do
+	if eval test -z \"\${$var+set}\"; then
+	  relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command"
+	elif eval var_value=\$$var; test -z "$var_value"; then
+	  relink_command="$var=; export $var; $relink_command"
+	else
+	  func_quote_for_eval "$var_value"
+	  relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
+	fi
+      done
+      # Quote the link command for shipping.
+      relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
+      relink_command=`$ECHO "X$relink_command" | $Xsed -e "$sed_quote_subst"`
+      if test "$hardcode_automatic" = yes ; then
+	relink_command=
+      fi
+
+      # Only create the output if not a dry run.
+      $opt_dry_run || {
+	for installed in no yes; do
+	  if test "$installed" = yes; then
+	    if test -z "$install_libdir"; then
+	      break
+	    fi
+	    output="$output_objdir/$outputname"i
+	    # Replace all uninstalled libtool libraries with the installed ones
+	    newdependency_libs=
+	    for deplib in $dependency_libs; do
+	      case $deplib in
+	      *.la)
+		func_basename "$deplib"
+		name="$func_basename_result"
+		eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+		test -z "$libdir" && \
+		  func_fatal_error "\`$deplib' is not a valid libtool archive"
+		newdependency_libs="$newdependency_libs $libdir/$name"
+		;;
+	      *) newdependency_libs="$newdependency_libs $deplib" ;;
+	      esac
+	    done
+	    dependency_libs="$newdependency_libs"
+	    newdlfiles=
+
+	    for lib in $dlfiles; do
+	      case $lib in
+	      *.la)
+	        func_basename "$lib"
+		name="$func_basename_result"
+		eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+		test -z "$libdir" && \
+		  func_fatal_error "\`$lib' is not a valid libtool archive"
+		newdlfiles="$newdlfiles $libdir/$name"
+		;;
+	      *) newdlfiles="$newdlfiles $lib" ;;
+	      esac
+	    done
+	    dlfiles="$newdlfiles"
+	    newdlprefiles=
+	    for lib in $dlprefiles; do
+	      case $lib in
+	      *.la)
+		# Only pass preopened files to the pseudo-archive (for
+		# eventual linking with the app. that links it) if we
+		# didn't already link the preopened objects directly into
+		# the library:
+		func_basename "$lib"
+		name="$func_basename_result"
+		eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+		test -z "$libdir" && \
+		  func_fatal_error "\`$lib' is not a valid libtool archive"
+		newdlprefiles="$newdlprefiles $libdir/$name"
+		;;
+	      esac
+	    done
+	    dlprefiles="$newdlprefiles"
+	  else
+	    newdlfiles=
+	    for lib in $dlfiles; do
+	      case $lib in
+		[\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+		*) abs=`pwd`"/$lib" ;;
+	      esac
+	      newdlfiles="$newdlfiles $abs"
+	    done
+	    dlfiles="$newdlfiles"
+	    newdlprefiles=
+	    for lib in $dlprefiles; do
+	      case $lib in
+		[\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+		*) abs=`pwd`"/$lib" ;;
+	      esac
+	      newdlprefiles="$newdlprefiles $abs"
+	    done
+	    dlprefiles="$newdlprefiles"
+	  fi
+	  $RM $output
+	  # place dlname in correct position for cygwin
+	  tdlname=$dlname
+	  case $host,$output,$installed,$module,$dlname in
+	    *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;;
+	  esac
+	  $ECHO > $output "\
+# $outputname - a libtool library file
+# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname='$tdlname'
+
+# Names of this library.
+library_names='$library_names'
+
+# The name of the static archive.
+old_library='$old_library'
+
+# Linker flags that can not go in dependency_libs.
+inherited_linker_flags='$new_inherited_linker_flags'
+
+# Libraries that this one depends upon.
+dependency_libs='$dependency_libs'
+
+# Names of additional weak libraries provided by this library
+weak_library_names='$weak_libs'
+
+# Version information for $libname.
+current=$current
+age=$age
+revision=$revision
+
+# Is this an already installed library?
+installed=$installed
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=$module
+
+# Files to dlopen/dlpreopen
+dlopen='$dlfiles'
+dlpreopen='$dlprefiles'
+
+# Directory that this library needs to be installed in:
+libdir='$install_libdir'"
+	  if test "$installed" = no && test "$need_relink" = yes; then
+	    $ECHO >> $output "\
+relink_command=\"$relink_command\""
+	  fi
+	done
+      }
+
+      # Do a symbolic link so that the libtool archive can be found in
+      # LD_LIBRARY_PATH before the program is installed.
+      func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?'
+      ;;
+    esac
+    exit $EXIT_SUCCESS
+}
+
+{ test "$mode" = link || test "$mode" = relink; } &&
+    func_mode_link ${1+"$@"}
+
+
+# func_mode_uninstall arg...
+func_mode_uninstall ()
+{
+    $opt_debug
+    RM="$nonopt"
+    files=
+    rmforce=
+    exit_status=0
+
+    # This variable tells wrapper scripts just to set variables rather
+    # than running their programs.
+    libtool_install_magic="$magic"
+
+    for arg
+    do
+      case $arg in
+      -f) RM="$RM $arg"; rmforce=yes ;;
+      -*) RM="$RM $arg" ;;
+      *) files="$files $arg" ;;
+      esac
+    done
+
+    test -z "$RM" && \
+      func_fatal_help "you must specify an RM program"
+
+    rmdirs=
+
+    origobjdir="$objdir"
+    for file in $files; do
+      func_dirname "$file" "" "."
+      dir="$func_dirname_result"
+      if test "X$dir" = X.; then
+	objdir="$origobjdir"
+      else
+	objdir="$dir/$origobjdir"
+      fi
+      func_basename "$file"
+      name="$func_basename_result"
+      test "$mode" = uninstall && objdir="$dir"
+
+      # Remember objdir for removal later, being careful to avoid duplicates
+      if test "$mode" = clean; then
+	case " $rmdirs " in
+	  *" $objdir "*) ;;
+	  *) rmdirs="$rmdirs $objdir" ;;
+	esac
+      fi
+
+      # Don't error if the file doesn't exist and rm -f was used.
+      if { test -L "$file"; } >/dev/null 2>&1 ||
+	 { test -h "$file"; } >/dev/null 2>&1 ||
+	 test -f "$file"; then
+	:
+      elif test -d "$file"; then
+	exit_status=1
+	continue
+      elif test "$rmforce" = yes; then
+	continue
+      fi
+
+      rmfiles="$file"
+
+      case $name in
+      *.la)
+	# Possibly a libtool archive, so verify it.
+	if func_lalib_p "$file"; then
+	  func_source $dir/$name
+
+	  # Delete the libtool libraries and symlinks.
+	  for n in $library_names; do
+	    rmfiles="$rmfiles $objdir/$n"
+	  done
+	  test -n "$old_library" && rmfiles="$rmfiles $objdir/$old_library"
+
+	  case "$mode" in
+	  clean)
+	    case "  $library_names " in
+	    # "  " in the beginning catches empty $dlname
+	    *" $dlname "*) ;;
+	    *) rmfiles="$rmfiles $objdir/$dlname" ;;
+	    esac
+	    test -n "$libdir" && rmfiles="$rmfiles $objdir/$name $objdir/${name}i"
+	    ;;
+	  uninstall)
+	    if test -n "$library_names"; then
+	      # Do each command in the postuninstall commands.
+	      func_execute_cmds "$postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1'
+	    fi
+
+	    if test -n "$old_library"; then
+	      # Do each command in the old_postuninstall commands.
+	      func_execute_cmds "$old_postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1'
+	    fi
+	    # FIXME: should reinstall the best remaining shared library.
+	    ;;
+	  esac
+	fi
+	;;
+
+      *.lo)
+	# Possibly a libtool object, so verify it.
+	if func_lalib_p "$file"; then
+
+	  # Read the .lo file
+	  func_source $dir/$name
+
+	  # Add PIC object to the list of files to remove.
+	  if test -n "$pic_object" &&
+	     test "$pic_object" != none; then
+	    rmfiles="$rmfiles $dir/$pic_object"
+	  fi
+
+	  # Add non-PIC object to the list of files to remove.
+	  if test -n "$non_pic_object" &&
+	     test "$non_pic_object" != none; then
+	    rmfiles="$rmfiles $dir/$non_pic_object"
+	  fi
+	fi
+	;;
+
+      *)
+	if test "$mode" = clean ; then
+	  noexename=$name
+	  case $file in
+	  *.exe)
+	    func_stripname '' '.exe' "$file"
+	    file=$func_stripname_result
+	    func_stripname '' '.exe' "$name"
+	    noexename=$func_stripname_result
+	    # $file with .exe has already been added to rmfiles,
+	    # add $file without .exe
+	    rmfiles="$rmfiles $file"
+	    ;;
+	  esac
+	  # Do a test to see if this is a libtool program.
+	  if func_ltwrapper_p "$file"; then
+	    if func_ltwrapper_executable_p "$file"; then
+	      func_ltwrapper_scriptname "$file"
+	      relink_command=
+	      func_source $func_ltwrapper_scriptname_result
+	      rmfiles="$rmfiles $func_ltwrapper_scriptname_result"
+	    else
+	      relink_command=
+	      func_source $dir/$noexename
+	    fi
+
+	    # note $name still contains .exe if it was in $file originally
+	    # as does the version of $file that was added into $rmfiles
+	    rmfiles="$rmfiles $objdir/$name $objdir/${name}S.${objext}"
+	    if test "$fast_install" = yes && test -n "$relink_command"; then
+	      rmfiles="$rmfiles $objdir/lt-$name"
+	    fi
+	    if test "X$noexename" != "X$name" ; then
+	      rmfiles="$rmfiles $objdir/lt-${noexename}.c"
+	    fi
+	  fi
+	fi
+	;;
+      esac
+      func_show_eval "$RM $rmfiles" 'exit_status=1'
+    done
+    objdir="$origobjdir"
+
+    # Try to remove the ${objdir}s in the directories where we deleted files
+    for dir in $rmdirs; do
+      if test -d "$dir"; then
+	func_show_eval "rmdir $dir >/dev/null 2>&1"
+      fi
+    done
+
+    exit $exit_status
+}
+
+{ test "$mode" = uninstall || test "$mode" = clean; } &&
+    func_mode_uninstall ${1+"$@"}
+
+test -z "$mode" && {
+  help="$generic_help"
+  func_fatal_help "you must specify a MODE"
+}
+
+test -z "$exec_cmd" && \
+  func_fatal_help "invalid operation mode \`$mode'"
+
+if test -n "$exec_cmd"; then
+  eval exec "$exec_cmd"
+  exit $EXIT_FAILURE
+fi
+
+exit $exit_status
+
+
+# The TAGs below are defined such that we never get into a situation
+# in which we disable both kinds of libraries.  Given conflicting
+# choices, we go for a static library, that is the most portable,
+# since we can't tell whether shared libraries were disabled because
+# the user asked for that or because the platform doesn't support
+# them.  This is particularly important on AIX, because we don't
+# support having both static and shared libraries enabled at the same
+# time on that platform, so we default to a shared-only configuration.
+# If a disable-shared tag is given, we'll fallback to a static-only
+# configuration.  But we'll never go from static-only to shared-only.
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-shared
+build_libtool_libs=no
+build_old_libs=yes
+# ### END LIBTOOL TAG CONFIG: disable-shared
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-static
+build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac`
+# ### END LIBTOOL TAG CONFIG: disable-static
+
+# Local Variables:
+# mode:shell-script
+# sh-indentation:2
+# End:
+# vi:sw=2
+
diff --git a/sudo-1.7.4p4/m4/libtool.m4 b/sudo-1.7.4p4/m4/libtool.m4
new file mode 100644
index 0000000..39ba996
--- /dev/null
+++ b/sudo-1.7.4p4/m4/libtool.m4
@@ -0,0 +1,7357 @@
+# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
+#
+#   Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
+#                 2006, 2007, 2008 Free Software Foundation, Inc.
+#   Written by Gordon Matzigkeit, 1996
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+m4_define([_LT_COPYING], [dnl
+#   Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
+#                 2006, 2007, 2008 Free Software Foundation, Inc.
+#   Written by Gordon Matzigkeit, 1996
+#
+#   This file is part of GNU Libtool.
+#
+# GNU Libtool is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# As a special exception to the GNU General Public License,
+# if you distribute this file as part of a program or library that
+# is built using GNU Libtool, you may include this file under the
+# same distribution terms that you use for the rest of that program.
+#
+# GNU Libtool is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GNU Libtool; see the file COPYING.  If not, a copy
+# can be downloaded from http://www.gnu.org/licenses/gpl.html, or
+# obtained by writing to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+])
+
+# serial 56 LT_INIT
+
+
+# LT_PREREQ(VERSION)
+# ------------------
+# Complain and exit if this libtool version is less that VERSION.
+m4_defun([LT_PREREQ],
+[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1,
+       [m4_default([$3],
+		   [m4_fatal([Libtool version $1 or higher is required],
+		             63)])],
+       [$2])])
+
+
+# _LT_CHECK_BUILDDIR
+# ------------------
+# Complain if the absolute build directory name contains unusual characters
+m4_defun([_LT_CHECK_BUILDDIR],
+[case `pwd` in
+  *\ * | *\	*)
+    AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;;
+esac
+])
+
+
+# LT_INIT([OPTIONS])
+# ------------------
+AC_DEFUN([LT_INIT],
+[AC_PREREQ([2.58])dnl We use AC_INCLUDES_DEFAULT
+AC_BEFORE([$0], [LT_LANG])dnl
+AC_BEFORE([$0], [LT_OUTPUT])dnl
+AC_BEFORE([$0], [LTDL_INIT])dnl
+m4_require([_LT_CHECK_BUILDDIR])dnl
+
+dnl Autoconf doesn't catch unexpanded LT_ macros by default:
+m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl
+m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl
+dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4
+dnl unless we require an AC_DEFUNed macro:
+AC_REQUIRE([LTOPTIONS_VERSION])dnl
+AC_REQUIRE([LTSUGAR_VERSION])dnl
+AC_REQUIRE([LTVERSION_VERSION])dnl
+AC_REQUIRE([LTOBSOLETE_VERSION])dnl
+m4_require([_LT_PROG_LTMAIN])dnl
+
+dnl Parse OPTIONS
+_LT_SET_OPTIONS([$0], [$1])
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS="$ltmain"
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+AC_SUBST(LIBTOOL)dnl
+
+_LT_SETUP
+
+# Only expand once:
+m4_define([LT_INIT])
+])# LT_INIT
+
+# Old names:
+AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT])
+AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_PROG_LIBTOOL], [])
+dnl AC_DEFUN([AM_PROG_LIBTOOL], [])
+
+
+# _LT_CC_BASENAME(CC)
+# -------------------
+# Calculate cc_basename.  Skip known compiler wrappers and cross-prefix.
+m4_defun([_LT_CC_BASENAME],
+[for cc_temp in $1""; do
+  case $cc_temp in
+    compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;;
+    distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;;
+    \-*) ;;
+    *) break;;
+  esac
+done
+cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+])
+
+
+# _LT_FILEUTILS_DEFAULTS
+# ----------------------
+# It is okay to use these file commands and assume they have been set
+# sensibly after `m4_require([_LT_FILEUTILS_DEFAULTS])'.
+m4_defun([_LT_FILEUTILS_DEFAULTS],
+[: ${CP="cp -f"}
+: ${MV="mv -f"}
+: ${RM="rm -f"}
+])# _LT_FILEUTILS_DEFAULTS
+
+
+# _LT_SETUP
+# ---------
+m4_defun([_LT_SETUP],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+_LT_DECL([], [host_alias], [0], [The host system])dnl
+_LT_DECL([], [host], [0])dnl
+_LT_DECL([], [host_os], [0])dnl
+dnl
+_LT_DECL([], [build_alias], [0], [The build system])dnl
+_LT_DECL([], [build], [0])dnl
+_LT_DECL([], [build_os], [0])dnl
+dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([LT_PATH_LD])dnl
+AC_REQUIRE([LT_PATH_NM])dnl
+dnl
+AC_REQUIRE([AC_PROG_LN_S])dnl
+test -z "$LN_S" && LN_S="ln -s"
+_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl
+dnl
+AC_REQUIRE([LT_CMD_MAX_LEN])dnl
+_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl
+_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl
+dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_CHECK_SHELL_FEATURES])dnl
+m4_require([_LT_CMD_RELOAD])dnl
+m4_require([_LT_CHECK_MAGIC_METHOD])dnl
+m4_require([_LT_CMD_OLD_ARCHIVE])dnl
+m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
+
+_LT_CONFIG_LIBTOOL_INIT([
+# See if we are running on zsh, and set the options which allow our
+# commands through without removal of \ escapes INIT.
+if test -n "\${ZSH_VERSION+set}" ; then
+   setopt NO_GLOB_SUBST
+fi
+])
+if test -n "${ZSH_VERSION+set}" ; then
+   setopt NO_GLOB_SUBST
+fi
+
+_LT_CHECK_OBJDIR
+
+m4_require([_LT_TAG_COMPILER])dnl
+_LT_PROG_ECHO_BACKSLASH
+
+case $host_os in
+aix3*)
+  # AIX sometimes has problems with the GCC collect2 program.  For some
+  # reason, if we set the COLLECT_NAMES environment variable, the problems
+  # vanish in a puff of smoke.
+  if test "X${COLLECT_NAMES+set}" != Xset; then
+    COLLECT_NAMES=
+    export COLLECT_NAMES
+  fi
+  ;;
+esac
+
+# Sed substitution that helps us do robust quoting.  It backslashifies
+# metacharacters that are still active within double-quoted strings.
+sed_quote_subst='s/\([["`$\\]]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\([["`\\]]\)/\\\1/g'
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to delay expansion of an escaped single quote.
+delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+
+# Global variables:
+ofile=libtool
+can_build_shared=yes
+
+# All known linkers require a `.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+
+with_gnu_ld="$lt_cv_prog_gnu_ld"
+
+old_CC="$CC"
+old_CFLAGS="$CFLAGS"
+
+# Set sane defaults for various variables
+test -z "$CC" && CC=cc
+test -z "$LTCC" && LTCC=$CC
+test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
+test -z "$LD" && LD=ld
+test -z "$ac_objext" && ac_objext=o
+
+_LT_CC_BASENAME([$compiler])
+
+# Only perform the check for file, if the check method requires it
+test -z "$MAGIC_CMD" && MAGIC_CMD=file
+case $deplibs_check_method in
+file_magic*)
+  if test "$file_magic_cmd" = '$MAGIC_CMD'; then
+    _LT_PATH_MAGIC
+  fi
+  ;;
+esac
+
+# Use C for the default configuration in the libtool script
+LT_SUPPORTED_TAG([CC])
+_LT_LANG_C_CONFIG
+_LT_LANG_DEFAULT_CONFIG
+_LT_CONFIG_COMMANDS
+])# _LT_SETUP
+
+
+# _LT_PROG_LTMAIN
+# ---------------
+# Note that this code is called both from `configure', and `config.status'
+# now that we use AC_CONFIG_COMMANDS to generate libtool.  Notably,
+# `config.status' has no value for ac_aux_dir unless we are using Automake,
+# so we pass a copy along to make sure it has a sensible value anyway.
+m4_defun([_LT_PROG_LTMAIN],
+[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl
+_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir'])
+ltmain="$ac_aux_dir/ltmain.sh"
+])# _LT_PROG_LTMAIN
+
+
+## ------------------------------------- ##
+## Accumulate code for creating libtool. ##
+## ------------------------------------- ##
+
+# So that we can recreate a full libtool script including additional
+# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS
+# in macros and then make a single call at the end using the `libtool'
+# label.
+
+
+# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS])
+# ----------------------------------------
+# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later.
+m4_define([_LT_CONFIG_LIBTOOL_INIT],
+[m4_ifval([$1],
+          [m4_append([_LT_OUTPUT_LIBTOOL_INIT],
+                     [$1
+])])])
+
+# Initialize.
+m4_define([_LT_OUTPUT_LIBTOOL_INIT])
+
+
+# _LT_CONFIG_LIBTOOL([COMMANDS])
+# ------------------------------
+# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later.
+m4_define([_LT_CONFIG_LIBTOOL],
+[m4_ifval([$1],
+          [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS],
+                     [$1
+])])])
+
+# Initialize.
+m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS])
+
+
+# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS])
+# -----------------------------------------------------
+m4_defun([_LT_CONFIG_SAVE_COMMANDS],
+[_LT_CONFIG_LIBTOOL([$1])
+_LT_CONFIG_LIBTOOL_INIT([$2])
+])
+
+
+# _LT_FORMAT_COMMENT([COMMENT])
+# -----------------------------
+# Add leading comment marks to the start of each line, and a trailing
+# full-stop to the whole comment if one is not present already.
+m4_define([_LT_FORMAT_COMMENT],
+[m4_ifval([$1], [
+m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])],
+              [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.])
+)])
+
+
+
+## ------------------------ ##
+## FIXME: Eliminate VARNAME ##
+## ------------------------ ##
+
+
+# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?])
+# -------------------------------------------------------------------
+# CONFIGNAME is the name given to the value in the libtool script.
+# VARNAME is the (base) name used in the configure script.
+# VALUE may be 0, 1 or 2 for a computed quote escaped value based on
+# VARNAME.  Any other value will be used directly.
+m4_define([_LT_DECL],
+[lt_if_append_uniq([lt_decl_varnames], [$2], [, ],
+    [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name],
+	[m4_ifval([$1], [$1], [$2])])
+    lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3])
+    m4_ifval([$4],
+	[lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])])
+    lt_dict_add_subkey([lt_decl_dict], [$2],
+	[tagged?], [m4_ifval([$5], [yes], [no])])])
+])
+
+
+# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION])
+# --------------------------------------------------------
+m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])])
+
+
+# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...])
+# ------------------------------------------------
+m4_define([lt_decl_tag_varnames],
+[_lt_decl_filter([tagged?], [yes], $@)])
+
+
+# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..])
+# ---------------------------------------------------------
+m4_define([_lt_decl_filter],
+[m4_case([$#],
+  [0], [m4_fatal([$0: too few arguments: $#])],
+  [1], [m4_fatal([$0: too few arguments: $#: $1])],
+  [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)],
+  [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)],
+  [lt_dict_filter([lt_decl_dict], $@)])[]dnl
+])
+
+
+# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...])
+# --------------------------------------------------
+m4_define([lt_decl_quote_varnames],
+[_lt_decl_filter([value], [1], $@)])
+
+
+# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...])
+# ---------------------------------------------------
+m4_define([lt_decl_dquote_varnames],
+[_lt_decl_filter([value], [2], $@)])
+
+
+# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...])
+# ---------------------------------------------------
+m4_define([lt_decl_varnames_tagged],
+[m4_assert([$# <= 2])dnl
+_$0(m4_quote(m4_default([$1], [[, ]])),
+    m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]),
+    m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))])
+m4_define([_lt_decl_varnames_tagged],
+[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])])
+
+
+# lt_decl_all_varnames([SEPARATOR], [VARNAME1...])
+# ------------------------------------------------
+m4_define([lt_decl_all_varnames],
+[_$0(m4_quote(m4_default([$1], [[, ]])),
+     m4_if([$2], [],
+	   m4_quote(lt_decl_varnames),
+	m4_quote(m4_shift($@))))[]dnl
+])
+m4_define([_lt_decl_all_varnames],
+[lt_join($@, lt_decl_varnames_tagged([$1],
+			lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl
+])
+
+
+# _LT_CONFIG_STATUS_DECLARE([VARNAME])
+# ------------------------------------
+# Quote a variable value, and forward it to `config.status' so that its
+# declaration there will have the same value as in `configure'.  VARNAME
+# must have a single quote delimited value for this to work.
+m4_define([_LT_CONFIG_STATUS_DECLARE],
+[$1='`$ECHO "X$][$1" | $Xsed -e "$delay_single_quote_subst"`'])
+
+
+# _LT_CONFIG_STATUS_DECLARATIONS
+# ------------------------------
+# We delimit libtool config variables with single quotes, so when
+# we write them to config.status, we have to be sure to quote all
+# embedded single quotes properly.  In configure, this macro expands
+# each variable declared with _LT_DECL (and _LT_TAGDECL) into:
+#
+#    <var>='`$ECHO "X$<var>" | $Xsed -e "$delay_single_quote_subst"`'
+m4_defun([_LT_CONFIG_STATUS_DECLARATIONS],
+[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames),
+    [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])])
+
+
+# _LT_LIBTOOL_TAGS
+# ----------------
+# Output comment and list of tags supported by the script
+m4_defun([_LT_LIBTOOL_TAGS],
+[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl
+available_tags="_LT_TAGS"dnl
+])
+
+
+# _LT_LIBTOOL_DECLARE(VARNAME, [TAG])
+# -----------------------------------
+# Extract the dictionary values for VARNAME (optionally with TAG) and
+# expand to a commented shell variable setting:
+#
+#    # Some comment about what VAR is for.
+#    visible_name=$lt_internal_name
+m4_define([_LT_LIBTOOL_DECLARE],
+[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1],
+					   [description])))[]dnl
+m4_pushdef([_libtool_name],
+    m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl
+m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])),
+    [0], [_libtool_name=[$]$1],
+    [1], [_libtool_name=$lt_[]$1],
+    [2], [_libtool_name=$lt_[]$1],
+    [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl
+m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl
+])
+
+
+# _LT_LIBTOOL_CONFIG_VARS
+# -----------------------
+# Produce commented declarations of non-tagged libtool config variables
+# suitable for insertion in the LIBTOOL CONFIG section of the `libtool'
+# script.  Tagged libtool config variables (even for the LIBTOOL CONFIG
+# section) are produced by _LT_LIBTOOL_TAG_VARS.
+m4_defun([_LT_LIBTOOL_CONFIG_VARS],
+[m4_foreach([_lt_var],
+    m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)),
+    [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])])
+
+
+# _LT_LIBTOOL_TAG_VARS(TAG)
+# -------------------------
+m4_define([_LT_LIBTOOL_TAG_VARS],
+[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames),
+    [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])])
+
+
+# _LT_TAGVAR(VARNAME, [TAGNAME])
+# ------------------------------
+m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])])
+
+
+# _LT_CONFIG_COMMANDS
+# -------------------
+# Send accumulated output to $CONFIG_STATUS.  Thanks to the lists of
+# variables for single and double quote escaping we saved from calls
+# to _LT_DECL, we can put quote escaped variables declarations
+# into `config.status', and then the shell code to quote escape them in
+# for loops in `config.status'.  Finally, any additional code accumulated
+# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded.
+m4_defun([_LT_CONFIG_COMMANDS],
+[AC_PROVIDE_IFELSE([LT_OUTPUT],
+	dnl If the libtool generation code has been placed in $CONFIG_LT,
+	dnl instead of duplicating it all over again into config.status,
+	dnl then we will have config.status run $CONFIG_LT later, so it
+	dnl needs to know what name is stored there:
+        [AC_CONFIG_COMMANDS([libtool],
+            [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])],
+    dnl If the libtool generation code is destined for config.status,
+    dnl expand the accumulated commands and init code now:
+    [AC_CONFIG_COMMANDS([libtool],
+        [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])])
+])#_LT_CONFIG_COMMANDS
+
+
+# Initialize.
+m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT],
+[
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+sed_quote_subst='$sed_quote_subst'
+double_quote_subst='$double_quote_subst'
+delay_variable_subst='$delay_variable_subst'
+_LT_CONFIG_STATUS_DECLARATIONS
+LTCC='$LTCC'
+LTCFLAGS='$LTCFLAGS'
+compiler='$compiler_DEFAULT'
+
+# Quote evaled strings.
+for var in lt_decl_all_varnames([[ \
+]], lt_decl_quote_varnames); do
+    case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+    *[[\\\\\\\`\\"\\\$]]*)
+      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$sed_quote_subst\\"\\\`\\\\\\""
+      ;;
+    *)
+      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+      ;;
+    esac
+done
+
+# Double-quote double-evaled strings.
+for var in lt_decl_all_varnames([[ \
+]], lt_decl_dquote_varnames); do
+    case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+    *[[\\\\\\\`\\"\\\$]]*)
+      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\""
+      ;;
+    *)
+      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+      ;;
+    esac
+done
+
+# Fix-up fallback echo if it was mangled by the above quoting rules.
+case \$lt_ECHO in
+*'\\\[$]0 --fallback-echo"')dnl "
+  lt_ECHO=\`\$ECHO "X\$lt_ECHO" | \$Xsed -e 's/\\\\\\\\\\\\\\\[$]0 --fallback-echo"\[$]/\[$]0 --fallback-echo"/'\`
+  ;;
+esac
+
+_LT_OUTPUT_LIBTOOL_INIT
+])
+
+
+# LT_OUTPUT
+# ---------
+# This macro allows early generation of the libtool script (before
+# AC_OUTPUT is called), incase it is used in configure for compilation
+# tests.
+AC_DEFUN([LT_OUTPUT],
+[: ${CONFIG_LT=./config.lt}
+AC_MSG_NOTICE([creating $CONFIG_LT])
+cat >"$CONFIG_LT" <<_LTEOF
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate a libtool stub with the current configuration.
+
+lt_cl_silent=false
+SHELL=\${CONFIG_SHELL-$SHELL}
+_LTEOF
+
+cat >>"$CONFIG_LT" <<\_LTEOF
+AS_SHELL_SANITIZE
+_AS_PREPARE
+
+exec AS_MESSAGE_FD>&1
+exec AS_MESSAGE_LOG_FD>>config.log
+{
+  echo
+  AS_BOX([Running $as_me.])
+} >&AS_MESSAGE_LOG_FD
+
+lt_cl_help="\
+\`$as_me' creates a local libtool stub from the current configuration,
+for use in further configure time tests before the real libtool is
+generated.
+
+Usage: $[0] [[OPTIONS]]
+
+  -h, --help      print this help, then exit
+  -V, --version   print version number, then exit
+  -q, --quiet     do not print progress messages
+  -d, --debug     don't remove temporary files
+
+Report bugs to <bug-libtool@gnu.org>."
+
+lt_cl_version="\
+m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl
+m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION])
+configured by $[0], generated by m4_PACKAGE_STRING.
+
+Copyright (C) 2008 Free Software Foundation, Inc.
+This config.lt script is free software; the Free Software Foundation
+gives unlimited permision to copy, distribute and modify it."
+
+while test $[#] != 0
+do
+  case $[1] in
+    --version | --v* | -V )
+      echo "$lt_cl_version"; exit 0 ;;
+    --help | --h* | -h )
+      echo "$lt_cl_help"; exit 0 ;;
+    --debug | --d* | -d )
+      debug=: ;;
+    --quiet | --q* | --silent | --s* | -q )
+      lt_cl_silent=: ;;
+
+    -*) AC_MSG_ERROR([unrecognized option: $[1]
+Try \`$[0] --help' for more information.]) ;;
+
+    *) AC_MSG_ERROR([unrecognized argument: $[1]
+Try \`$[0] --help' for more information.]) ;;
+  esac
+  shift
+done
+
+if $lt_cl_silent; then
+  exec AS_MESSAGE_FD>/dev/null
+fi
+_LTEOF
+
+cat >>"$CONFIG_LT" <<_LTEOF
+_LT_OUTPUT_LIBTOOL_COMMANDS_INIT
+_LTEOF
+
+cat >>"$CONFIG_LT" <<\_LTEOF
+AC_MSG_NOTICE([creating $ofile])
+_LT_OUTPUT_LIBTOOL_COMMANDS
+AS_EXIT(0)
+_LTEOF
+chmod +x "$CONFIG_LT"
+
+# configure is writing to config.log, but config.lt does its own redirection,
+# appending to config.log, which fails on DOS, as config.log is still kept
+# open by configure.  Here we exec the FD to /dev/null, effectively closing
+# config.log, so it can be properly (re)opened and appended to by config.lt.
+if test "$no_create" != yes; then
+  lt_cl_success=:
+  test "$silent" = yes &&
+    lt_config_lt_args="$lt_config_lt_args --quiet"
+  exec AS_MESSAGE_LOG_FD>/dev/null
+  $SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false
+  exec AS_MESSAGE_LOG_FD>>config.log
+  $lt_cl_success || AS_EXIT(1)
+fi
+])# LT_OUTPUT
+
+
+# _LT_CONFIG(TAG)
+# ---------------
+# If TAG is the built-in tag, create an initial libtool script with a
+# default configuration from the untagged config vars.  Otherwise add code
+# to config.status for appending the configuration named by TAG from the
+# matching tagged config vars.
+m4_defun([_LT_CONFIG],
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+_LT_CONFIG_SAVE_COMMANDS([
+  m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl
+  m4_if(_LT_TAG, [C], [
+    # See if we are running on zsh, and set the options which allow our
+    # commands through without removal of \ escapes.
+    if test -n "${ZSH_VERSION+set}" ; then
+      setopt NO_GLOB_SUBST
+    fi
+
+    cfgfile="${ofile}T"
+    trap "$RM \"$cfgfile\"; exit 1" 1 2 15
+    $RM "$cfgfile"
+
+    cat <<_LT_EOF >> "$cfgfile"
+#! $SHELL
+
+# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
+# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+#
+_LT_COPYING
+_LT_LIBTOOL_TAGS
+
+# ### BEGIN LIBTOOL CONFIG
+_LT_LIBTOOL_CONFIG_VARS
+_LT_LIBTOOL_TAG_VARS
+# ### END LIBTOOL CONFIG
+
+_LT_EOF
+
+  case $host_os in
+  aix3*)
+    cat <<\_LT_EOF >> "$cfgfile"
+# AIX sometimes has problems with the GCC collect2 program.  For some
+# reason, if we set the COLLECT_NAMES environment variable, the problems
+# vanish in a puff of smoke.
+if test "X${COLLECT_NAMES+set}" != Xset; then
+  COLLECT_NAMES=
+  export COLLECT_NAMES
+fi
+_LT_EOF
+    ;;
+  esac
+
+  _LT_PROG_LTMAIN
+
+  # We use sed instead of cat because bash on DJGPP gets confused if
+  # if finds mixed CR/LF and LF-only lines.  Since sed operates in
+  # text mode, it properly converts lines to CR/LF.  This bash problem
+  # is reportedly fixed, but why not run on old versions too?
+  sed '/^# Generated shell functions inserted here/q' "$ltmain" >> "$cfgfile" \
+    || (rm -f "$cfgfile"; exit 1)
+
+  _LT_PROG_XSI_SHELLFNS
+
+  sed -n '/^# Generated shell functions inserted here/,$p' "$ltmain" >> "$cfgfile" \
+    || (rm -f "$cfgfile"; exit 1)
+
+  mv -f "$cfgfile" "$ofile" ||
+    (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
+  chmod +x "$ofile"
+],
+[cat <<_LT_EOF >> "$ofile"
+
+dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded
+dnl in a comment (ie after a #).
+# ### BEGIN LIBTOOL TAG CONFIG: $1
+_LT_LIBTOOL_TAG_VARS(_LT_TAG)
+# ### END LIBTOOL TAG CONFIG: $1
+_LT_EOF
+])dnl /m4_if
+],
+[m4_if([$1], [], [
+    PACKAGE='$PACKAGE'
+    VERSION='$VERSION'
+    TIMESTAMP='$TIMESTAMP'
+    RM='$RM'
+    ofile='$ofile'], [])
+])dnl /_LT_CONFIG_SAVE_COMMANDS
+])# _LT_CONFIG
+
+
+# LT_SUPPORTED_TAG(TAG)
+# ---------------------
+# Trace this macro to discover what tags are supported by the libtool
+# --tag option, using:
+#    autoconf --trace 'LT_SUPPORTED_TAG:$1'
+AC_DEFUN([LT_SUPPORTED_TAG], [])
+
+
+# C support is built-in for now
+m4_define([_LT_LANG_C_enabled], [])
+m4_define([_LT_TAGS], [])
+
+
+# LT_LANG(LANG)
+# -------------
+# Enable libtool support for the given language if not already enabled.
+AC_DEFUN([LT_LANG],
+[AC_BEFORE([$0], [LT_OUTPUT])dnl
+m4_case([$1],
+  [C],			[_LT_LANG(C)],
+  [C++],		[_LT_LANG(CXX)],
+  [Java],		[_LT_LANG(GCJ)],
+  [Fortran 77],		[_LT_LANG(F77)],
+  [Fortran],		[_LT_LANG(FC)],
+  [Windows Resource],	[_LT_LANG(RC)],
+  [m4_ifdef([_LT_LANG_]$1[_CONFIG],
+    [_LT_LANG($1)],
+    [m4_fatal([$0: unsupported language: "$1"])])])dnl
+])# LT_LANG
+
+
+# _LT_LANG(LANGNAME)
+# ------------------
+m4_defun([_LT_LANG],
+[m4_ifdef([_LT_LANG_]$1[_enabled], [],
+  [LT_SUPPORTED_TAG([$1])dnl
+  m4_append([_LT_TAGS], [$1 ])dnl
+  m4_define([_LT_LANG_]$1[_enabled], [])dnl
+  _LT_LANG_$1_CONFIG($1)])dnl
+])# _LT_LANG
+
+
+# _LT_LANG_DEFAULT_CONFIG
+# -----------------------
+m4_defun([_LT_LANG_DEFAULT_CONFIG],
+[AC_PROVIDE_IFELSE([AC_PROG_CXX],
+  [LT_LANG(CXX)],
+  [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])])
+
+AC_PROVIDE_IFELSE([AC_PROG_F77],
+  [LT_LANG(F77)],
+  [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])])
+
+AC_PROVIDE_IFELSE([AC_PROG_FC],
+  [LT_LANG(FC)],
+  [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])])
+
+dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal
+dnl pulling things in needlessly.
+AC_PROVIDE_IFELSE([AC_PROG_GCJ],
+  [LT_LANG(GCJ)],
+  [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],
+    [LT_LANG(GCJ)],
+    [AC_PROVIDE_IFELSE([LT_PROG_GCJ],
+      [LT_LANG(GCJ)],
+      [m4_ifdef([AC_PROG_GCJ],
+	[m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])])
+       m4_ifdef([A][M_PROG_GCJ],
+	[m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])])
+       m4_ifdef([LT_PROG_GCJ],
+	[m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])])
+
+AC_PROVIDE_IFELSE([LT_PROG_RC],
+  [LT_LANG(RC)],
+  [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])])
+])# _LT_LANG_DEFAULT_CONFIG
+
+# Obsolete macros:
+AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)])
+AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)])
+AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)])
+AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_CXX], [])
+dnl AC_DEFUN([AC_LIBTOOL_F77], [])
+dnl AC_DEFUN([AC_LIBTOOL_FC], [])
+dnl AC_DEFUN([AC_LIBTOOL_GCJ], [])
+
+
+# _LT_TAG_COMPILER
+# ----------------
+m4_defun([_LT_TAG_COMPILER],
+[AC_REQUIRE([AC_PROG_CC])dnl
+
+_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl
+_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl
+_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl
+_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+])# _LT_TAG_COMPILER
+
+
+# _LT_COMPILER_BOILERPLATE
+# ------------------------
+# Check for compiler boilerplate output or warnings with
+# the simple compiler test code.
+m4_defun([_LT_COMPILER_BOILERPLATE],
+[m4_require([_LT_DECL_SED])dnl
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$RM conftest*
+])# _LT_COMPILER_BOILERPLATE
+
+
+# _LT_LINKER_BOILERPLATE
+# ----------------------
+# Check for linker boilerplate output or warnings with
+# the simple link test code.
+m4_defun([_LT_LINKER_BOILERPLATE],
+[m4_require([_LT_DECL_SED])dnl
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$RM -r conftest*
+])# _LT_LINKER_BOILERPLATE
+
+# _LT_REQUIRED_DARWIN_CHECKS
+# -------------------------
+m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
+  case $host_os in
+    rhapsody* | darwin*)
+    AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:])
+    AC_CHECK_TOOL([NMEDIT], [nmedit], [:])
+    AC_CHECK_TOOL([LIPO], [lipo], [:])
+    AC_CHECK_TOOL([OTOOL], [otool], [:])
+    AC_CHECK_TOOL([OTOOL64], [otool64], [:])
+    _LT_DECL([], [DSYMUTIL], [1],
+      [Tool to manipulate archived DWARF debug symbol files on Mac OS X])
+    _LT_DECL([], [NMEDIT], [1],
+      [Tool to change global to local symbols on Mac OS X])
+    _LT_DECL([], [LIPO], [1],
+      [Tool to manipulate fat objects and archives on Mac OS X])
+    _LT_DECL([], [OTOOL], [1],
+      [ldd/readelf like tool for Mach-O binaries on Mac OS X])
+    _LT_DECL([], [OTOOL64], [1],
+      [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4])
+
+    AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod],
+      [lt_cv_apple_cc_single_mod=no
+      if test -z "${LT_MULTI_MODULE}"; then
+	# By default we will add the -single_module flag. You can override
+	# by either setting the environment variable LT_MULTI_MODULE
+	# non-empty at configure time, or by adding -multi_module to the
+	# link flags.
+	rm -rf libconftest.dylib*
+	echo "int foo(void){return 1;}" > conftest.c
+	echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+-dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD
+	$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+	  -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
+        _lt_result=$?
+	if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then
+	  lt_cv_apple_cc_single_mod=yes
+	else
+	  cat conftest.err >&AS_MESSAGE_LOG_FD
+	fi
+	rm -rf libconftest.dylib*
+	rm -f conftest.*
+      fi])
+    AC_CACHE_CHECK([for -exported_symbols_list linker flag],
+      [lt_cv_ld_exported_symbols_list],
+      [lt_cv_ld_exported_symbols_list=no
+      save_LDFLAGS=$LDFLAGS
+      echo "_main" > conftest.sym
+      LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
+      AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
+	[lt_cv_ld_exported_symbols_list=yes],
+	[lt_cv_ld_exported_symbols_list=no])
+	LDFLAGS="$save_LDFLAGS"
+    ])
+    case $host_os in
+    rhapsody* | darwin1.[[012]])
+      _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;;
+    darwin1.*)
+      _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+    darwin*) # darwin 5.x on
+      # if running on 10.5 or later, the deployment target defaults
+      # to the OS version, if on x86, and 10.4, the deployment
+      # target defaults to 10.4. Don't you love it?
+      case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
+	10.0,*86*-darwin8*|10.0,*-darwin[[91]]*)
+	  _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+	10.[[012]]*)
+	  _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+	10.*)
+	  _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+      esac
+    ;;
+  esac
+    if test "$lt_cv_apple_cc_single_mod" = "yes"; then
+      _lt_dar_single_mod='$single_module'
+    fi
+    if test "$lt_cv_ld_exported_symbols_list" = "yes"; then
+      _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym'
+    else
+      _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}'
+    fi
+    if test "$DSYMUTIL" != ":"; then
+      _lt_dsymutil='~$DSYMUTIL $lib || :'
+    else
+      _lt_dsymutil=
+    fi
+    ;;
+  esac
+])
+
+
+# _LT_DARWIN_LINKER_FEATURES
+# --------------------------
+# Checks for linker and compiler features on darwin
+m4_defun([_LT_DARWIN_LINKER_FEATURES],
+[
+  m4_require([_LT_REQUIRED_DARWIN_CHECKS])
+  _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+  _LT_TAGVAR(hardcode_direct, $1)=no
+  _LT_TAGVAR(hardcode_automatic, $1)=yes
+  _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+  _LT_TAGVAR(whole_archive_flag_spec, $1)=''
+  _LT_TAGVAR(link_all_deplibs, $1)=yes
+  _LT_TAGVAR(allow_undefined_flag, $1)="$_lt_dar_allow_undefined"
+  case $cc_basename in
+     ifort*) _lt_dar_can_shared=yes ;;
+     *) _lt_dar_can_shared=$GCC ;;
+  esac
+  if test "$_lt_dar_can_shared" = "yes"; then
+    output_verbose_link_cmd=echo
+    _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}"
+    _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}"
+    _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}"
+    _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}"
+    m4_if([$1], [CXX],
+[   if test "$lt_cv_apple_cc_single_mod" != "yes"; then
+      _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}"
+      _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}"
+    fi
+],[])
+  else
+  _LT_TAGVAR(ld_shlibs, $1)=no
+  fi
+])
+
+# _LT_SYS_MODULE_PATH_AIX
+# -----------------------
+# Links a minimal program and checks the executable
+# for the system default hardcoded library path. In most cases,
+# this is /usr/lib:/lib, but when the MPI compilers are used
+# the location of the communication and MPI libs are included too.
+# If we don't find anything, use the default library path according
+# to the aix ld manual.
+m4_defun([_LT_SYS_MODULE_PATH_AIX],
+[m4_require([_LT_DECL_SED])dnl
+AC_LINK_IFELSE(AC_LANG_PROGRAM,[
+lt_aix_libpath_sed='
+    /Import File Strings/,/^$/ {
+	/^0/ {
+	    s/^0  *\(.*\)$/\1/
+	    p
+	}
+    }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+  aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi],[])
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+])# _LT_SYS_MODULE_PATH_AIX
+
+
+# _LT_SHELL_INIT(ARG)
+# -------------------
+m4_define([_LT_SHELL_INIT],
+[ifdef([AC_DIVERSION_NOTICE],
+	     [AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)],
+	 [AC_DIVERT_PUSH(NOTICE)])
+$1
+AC_DIVERT_POP
+])# _LT_SHELL_INIT
+
+
+# _LT_PROG_ECHO_BACKSLASH
+# -----------------------
+# Add some code to the start of the generated configure script which
+# will find an echo command which doesn't interpret backslashes.
+m4_defun([_LT_PROG_ECHO_BACKSLASH],
+[_LT_SHELL_INIT([
+# Check that we are running under the correct shell.
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+case X$lt_ECHO in
+X*--fallback-echo)
+  # Remove one level of quotation (which was required for Make).
+  ECHO=`echo "$lt_ECHO" | sed 's,\\\\\[$]\\[$]0,'[$]0','`
+  ;;
+esac
+
+ECHO=${lt_ECHO-echo}
+if test "X[$]1" = X--no-reexec; then
+  # Discard the --no-reexec flag, and continue.
+  shift
+elif test "X[$]1" = X--fallback-echo; then
+  # Avoid inline document here, it may be left over
+  :
+elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' ; then
+  # Yippee, $ECHO works!
+  :
+else
+  # Restart under the correct shell.
+  exec $SHELL "[$]0" --no-reexec ${1+"[$]@"}
+fi
+
+if test "X[$]1" = X--fallback-echo; then
+  # used as fallback echo
+  shift
+  cat <<_LT_EOF
+[$]*
+_LT_EOF
+  exit 0
+fi
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test -z "$lt_ECHO"; then
+  if test "X${echo_test_string+set}" != Xset; then
+    # find a string as large as possible, as long as the shell can cope with it
+    for cmd in 'sed 50q "[$]0"' 'sed 20q "[$]0"' 'sed 10q "[$]0"' 'sed 2q "[$]0"' 'echo test'; do
+      # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
+      if { echo_test_string=`eval $cmd`; } 2>/dev/null &&
+	 { test "X$echo_test_string" = "X$echo_test_string"; } 2>/dev/null
+      then
+        break
+      fi
+    done
+  fi
+
+  if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
+     echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
+     test "X$echo_testing_string" = "X$echo_test_string"; then
+    :
+  else
+    # The Solaris, AIX, and Digital Unix default echo programs unquote
+    # backslashes.  This makes it impossible to quote backslashes using
+    #   echo "$something" | sed 's/\\/\\\\/g'
+    #
+    # So, first we look for a working echo in the user's PATH.
+
+    lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+    for dir in $PATH /usr/ucb; do
+      IFS="$lt_save_ifs"
+      if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
+         test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
+         echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
+         test "X$echo_testing_string" = "X$echo_test_string"; then
+        ECHO="$dir/echo"
+        break
+      fi
+    done
+    IFS="$lt_save_ifs"
+
+    if test "X$ECHO" = Xecho; then
+      # We didn't find a better echo, so look for alternatives.
+      if test "X`{ print -r '\t'; } 2>/dev/null`" = 'X\t' &&
+         echo_testing_string=`{ print -r "$echo_test_string"; } 2>/dev/null` &&
+         test "X$echo_testing_string" = "X$echo_test_string"; then
+        # This shell has a builtin print -r that does the trick.
+        ECHO='print -r'
+      elif { test -f /bin/ksh || test -f /bin/ksh$ac_exeext; } &&
+	   test "X$CONFIG_SHELL" != X/bin/ksh; then
+        # If we have ksh, try running configure again with it.
+        ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
+        export ORIGINAL_CONFIG_SHELL
+        CONFIG_SHELL=/bin/ksh
+        export CONFIG_SHELL
+        exec $CONFIG_SHELL "[$]0" --no-reexec ${1+"[$]@"}
+      else
+        # Try using printf.
+        ECHO='printf %s\n'
+        if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
+	   echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
+	   test "X$echo_testing_string" = "X$echo_test_string"; then
+	  # Cool, printf works
+	  :
+        elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
+	     test "X$echo_testing_string" = 'X\t' &&
+	     echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+	     test "X$echo_testing_string" = "X$echo_test_string"; then
+	  CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
+	  export CONFIG_SHELL
+	  SHELL="$CONFIG_SHELL"
+	  export SHELL
+	  ECHO="$CONFIG_SHELL [$]0 --fallback-echo"
+        elif echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
+	     test "X$echo_testing_string" = 'X\t' &&
+	     echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+	     test "X$echo_testing_string" = "X$echo_test_string"; then
+	  ECHO="$CONFIG_SHELL [$]0 --fallback-echo"
+        else
+	  # maybe with a smaller string...
+	  prev=:
+
+	  for cmd in 'echo test' 'sed 2q "[$]0"' 'sed 10q "[$]0"' 'sed 20q "[$]0"' 'sed 50q "[$]0"'; do
+	    if { test "X$echo_test_string" = "X`eval $cmd`"; } 2>/dev/null
+	    then
+	      break
+	    fi
+	    prev="$cmd"
+	  done
+
+	  if test "$prev" != 'sed 50q "[$]0"'; then
+	    echo_test_string=`eval $prev`
+	    export echo_test_string
+	    exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "[$]0" ${1+"[$]@"}
+	  else
+	    # Oops.  We lost completely, so just stick with echo.
+	    ECHO=echo
+	  fi
+        fi
+      fi
+    fi
+  fi
+fi
+
+# Copy echo and quote the copy suitably for passing to libtool from
+# the Makefile, instead of quoting the original, which is used later.
+lt_ECHO=$ECHO
+if test "X$lt_ECHO" = "X$CONFIG_SHELL [$]0 --fallback-echo"; then
+   lt_ECHO="$CONFIG_SHELL \\\$\[$]0 --fallback-echo"
+fi
+
+AC_SUBST(lt_ECHO)
+])
+_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts])
+_LT_DECL([], [ECHO], [1],
+    [An echo program that does not interpret backslashes])
+])# _LT_PROG_ECHO_BACKSLASH
+
+
+# _LT_ENABLE_LOCK
+# ---------------
+m4_defun([_LT_ENABLE_LOCK],
+[AC_ARG_ENABLE([libtool-lock],
+  [AS_HELP_STRING([--disable-libtool-lock],
+    [avoid locking (might break parallel builds)])])
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case $host in
+ia64-*-hpux*)
+  # Find out which ABI we are using.
+  echo 'int i;' > conftest.$ac_ext
+  if AC_TRY_EVAL(ac_compile); then
+    case `/usr/bin/file conftest.$ac_objext` in
+      *ELF-32*)
+	HPUX_IA64_MODE="32"
+	;;
+      *ELF-64*)
+	HPUX_IA64_MODE="64"
+	;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+*-*-irix6*)
+  # Find out which ABI we are using.
+  echo '[#]line __oline__ "configure"' > conftest.$ac_ext
+  if AC_TRY_EVAL(ac_compile); then
+    if test "$lt_cv_prog_gnu_ld" = yes; then
+      case `/usr/bin/file conftest.$ac_objext` in
+	*32-bit*)
+	  LD="${LD-ld} -melf32bsmip"
+	  ;;
+	*N32*)
+	  LD="${LD-ld} -melf32bmipn32"
+	  ;;
+	*64-bit*)
+	  LD="${LD-ld} -melf64bmip"
+	;;
+      esac
+    else
+      case `/usr/bin/file conftest.$ac_objext` in
+	*32-bit*)
+	  LD="${LD-ld} -32"
+	  ;;
+	*N32*)
+	  LD="${LD-ld} -n32"
+	  ;;
+	*64-bit*)
+	  LD="${LD-ld} -64"
+	  ;;
+      esac
+    fi
+  fi
+  rm -rf conftest*
+  ;;
+
+x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \
+s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
+  # Find out which ABI we are using.
+  echo 'int i;' > conftest.$ac_ext
+  if AC_TRY_EVAL(ac_compile); then
+    case `/usr/bin/file conftest.o` in
+      *32-bit*)
+	case $host in
+	  x86_64-*kfreebsd*-gnu)
+	    LD="${LD-ld} -m elf_i386_fbsd"
+	    ;;
+	  x86_64-*linux*)
+	    LD="${LD-ld} -m elf_i386"
+	    ;;
+	  ppc64-*linux*|powerpc64-*linux*)
+	    LD="${LD-ld} -m elf32ppclinux"
+	    ;;
+	  s390x-*linux*)
+	    LD="${LD-ld} -m elf_s390"
+	    ;;
+	  sparc64-*linux*)
+	    LD="${LD-ld} -m elf32_sparc"
+	    ;;
+	esac
+	;;
+      *64-bit*)
+	case $host in
+	  x86_64-*kfreebsd*-gnu)
+	    LD="${LD-ld} -m elf_x86_64_fbsd"
+	    ;;
+	  x86_64-*linux*)
+	    LD="${LD-ld} -m elf_x86_64"
+	    ;;
+	  ppc*-*linux*|powerpc*-*linux*)
+	    LD="${LD-ld} -m elf64ppc"
+	    ;;
+	  s390*-*linux*|s390*-*tpf*)
+	    LD="${LD-ld} -m elf64_s390"
+	    ;;
+	  sparc*-*linux*)
+	    LD="${LD-ld} -m elf64_sparc"
+	    ;;
+	esac
+	;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+
+*-*-sco3.2v5*)
+  # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+  SAVE_CFLAGS="$CFLAGS"
+  CFLAGS="$CFLAGS -belf"
+  AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
+    [AC_LANG_PUSH(C)
+     AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])
+     AC_LANG_POP])
+  if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+    # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+    CFLAGS="$SAVE_CFLAGS"
+  fi
+  ;;
+sparc*-*solaris*)
+  # Find out which ABI we are using.
+  echo 'int i;' > conftest.$ac_ext
+  if AC_TRY_EVAL(ac_compile); then
+    case `/usr/bin/file conftest.o` in
+    *64-bit*)
+      case $lt_cv_prog_gnu_ld in
+      yes*) LD="${LD-ld} -m elf64_sparc" ;;
+      *)
+	if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
+	  LD="${LD-ld} -64"
+	fi
+	;;
+      esac
+      ;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+esac
+
+need_locks="$enable_libtool_lock"
+])# _LT_ENABLE_LOCK
+
+
+# _LT_CMD_OLD_ARCHIVE
+# -------------------
+m4_defun([_LT_CMD_OLD_ARCHIVE],
+[AC_CHECK_TOOL(AR, ar, false)
+test -z "$AR" && AR=ar
+test -z "$AR_FLAGS" && AR_FLAGS=cru
+_LT_DECL([], [AR], [1], [The archiver])
+_LT_DECL([], [AR_FLAGS], [1])
+
+AC_CHECK_TOOL(STRIP, strip, :)
+test -z "$STRIP" && STRIP=:
+_LT_DECL([], [STRIP], [1], [A symbol stripping program])
+
+AC_CHECK_TOOL(RANLIB, ranlib, :)
+test -z "$RANLIB" && RANLIB=:
+_LT_DECL([], [RANLIB], [1],
+    [Commands used to install an old-style archive])
+
+# Determine commands to create old-style static archives.
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
+old_postinstall_cmds='chmod 644 $oldlib'
+old_postuninstall_cmds=
+
+if test -n "$RANLIB"; then
+  case $host_os in
+  openbsd*)
+    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
+    ;;
+  *)
+    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
+    ;;
+  esac
+  old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+fi
+_LT_DECL([], [old_postinstall_cmds], [2])
+_LT_DECL([], [old_postuninstall_cmds], [2])
+_LT_TAGDECL([], [old_archive_cmds], [2],
+    [Commands used to build an old-style archive])
+])# _LT_CMD_OLD_ARCHIVE
+
+
+# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
+#		[OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE])
+# ----------------------------------------------------------------
+# Check whether the given compiler option works
+AC_DEFUN([_LT_COMPILER_OPTION],
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_SED])dnl
+AC_CACHE_CHECK([$1], [$2],
+  [$2=no
+   m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+   lt_compiler_flag="$3"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   # The option is referenced via a variable to avoid confusing sed.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
+   (eval "$lt_compile" 2>conftest.err)
+   ac_status=$?
+   cat conftest.err >&AS_MESSAGE_LOG_FD
+   echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+   if (exit $ac_status) && test -s "$ac_outfile"; then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings other than the usual output.
+     $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+       $2=yes
+     fi
+   fi
+   $RM conftest*
+])
+
+if test x"[$]$2" = xyes; then
+    m4_if([$5], , :, [$5])
+else
+    m4_if([$6], , :, [$6])
+fi
+])# _LT_COMPILER_OPTION
+
+# Old name:
+AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], [])
+
+
+# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
+#                  [ACTION-SUCCESS], [ACTION-FAILURE])
+# ----------------------------------------------------
+# Check whether the given linker option works
+AC_DEFUN([_LT_LINKER_OPTION],
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_SED])dnl
+AC_CACHE_CHECK([$1], [$2],
+  [$2=no
+   save_LDFLAGS="$LDFLAGS"
+   LDFLAGS="$LDFLAGS $3"
+   echo "$lt_simple_link_test_code" > conftest.$ac_ext
+   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+     # The linker can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     if test -s conftest.err; then
+       # Append any errors to the config.log.
+       cat conftest.err 1>&AS_MESSAGE_LOG_FD
+       $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+       if diff conftest.exp conftest.er2 >/dev/null; then
+         $2=yes
+       fi
+     else
+       $2=yes
+     fi
+   fi
+   $RM -r conftest*
+   LDFLAGS="$save_LDFLAGS"
+])
+
+if test x"[$]$2" = xyes; then
+    m4_if([$4], , :, [$4])
+else
+    m4_if([$5], , :, [$5])
+fi
+])# _LT_LINKER_OPTION
+
+# Old name:
+AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], [])
+
+
+# LT_CMD_MAX_LEN
+#---------------
+AC_DEFUN([LT_CMD_MAX_LEN],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+# find the maximum length of command line arguments
+AC_MSG_CHECKING([the maximum length of command line arguments])
+AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
+  i=0
+  teststring="ABCD"
+
+  case $build_os in
+  msdosdjgpp*)
+    # On DJGPP, this test can blow up pretty badly due to problems in libc
+    # (any single argument exceeding 2000 bytes causes a buffer overrun
+    # during glob expansion).  Even if it were fixed, the result of this
+    # check would be larger than it should be.
+    lt_cv_sys_max_cmd_len=12288;    # 12K is about right
+    ;;
+
+  gnu*)
+    # Under GNU Hurd, this test is not required because there is
+    # no limit to the length of command line arguments.
+    # Libtool will interpret -1 as no limit whatsoever
+    lt_cv_sys_max_cmd_len=-1;
+    ;;
+
+  cygwin* | mingw* | cegcc*)
+    # On Win9x/ME, this test blows up -- it succeeds, but takes
+    # about 5 minutes as the teststring grows exponentially.
+    # Worse, since 9x/ME are not pre-emptively multitasking,
+    # you end up with a "frozen" computer, even though with patience
+    # the test eventually succeeds (with a max line length of 256k).
+    # Instead, let's just punt: use the minimum linelength reported by
+    # all of the supported platforms: 8192 (on NT/2K/XP).
+    lt_cv_sys_max_cmd_len=8192;
+    ;;
+
+  amigaos*)
+    # On AmigaOS with pdksh, this test takes hours, literally.
+    # So we just punt and use a minimum line length of 8192.
+    lt_cv_sys_max_cmd_len=8192;
+    ;;
+
+  netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
+    # This has been around since 386BSD, at least.  Likely further.
+    if test -x /sbin/sysctl; then
+      lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
+    elif test -x /usr/sbin/sysctl; then
+      lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
+    else
+      lt_cv_sys_max_cmd_len=65536	# usable default for all BSDs
+    fi
+    # And add a safety zone
+    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+    ;;
+
+  interix*)
+    # We know the value 262144 and hardcode it with a safety zone (like BSD)
+    lt_cv_sys_max_cmd_len=196608
+    ;;
+
+  osf*)
+    # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
+    # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
+    # nice to cause kernel panics so lets avoid the loop below.
+    # First set a reasonable default.
+    lt_cv_sys_max_cmd_len=16384
+    #
+    if test -x /sbin/sysconfig; then
+      case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
+        *1*) lt_cv_sys_max_cmd_len=-1 ;;
+      esac
+    fi
+    ;;
+  sco3.2v5*)
+    lt_cv_sys_max_cmd_len=102400
+    ;;
+  sysv5* | sco5v6* | sysv4.2uw2*)
+    kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
+    if test -n "$kargmax"; then
+      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[	 ]]//'`
+    else
+      lt_cv_sys_max_cmd_len=32768
+    fi
+    ;;
+  *)
+    lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
+    if test -n "$lt_cv_sys_max_cmd_len"; then
+      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+    else
+      # Make teststring a little bigger before we do anything with it.
+      # a 1K string should be a reasonable start.
+      for i in 1 2 3 4 5 6 7 8 ; do
+        teststring=$teststring$teststring
+      done
+      SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+      # If test is not a shell built-in, we'll probably end up computing a
+      # maximum length that is only half of the actual maximum length, but
+      # we can't tell.
+      while { test "X"`$SHELL [$]0 --fallback-echo "X$teststring$teststring" 2>/dev/null` \
+	         = "XX$teststring$teststring"; } >/dev/null 2>&1 &&
+	      test $i != 17 # 1/2 MB should be enough
+      do
+        i=`expr $i + 1`
+        teststring=$teststring$teststring
+      done
+      # Only check the string length outside the loop.
+      lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
+      teststring=
+      # Add a significant safety factor because C++ compilers can tack on
+      # massive amounts of additional arguments before passing them to the
+      # linker.  It appears as though 1/2 is a usable value.
+      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+    fi
+    ;;
+  esac
+])
+if test -n $lt_cv_sys_max_cmd_len ; then
+  AC_MSG_RESULT($lt_cv_sys_max_cmd_len)
+else
+  AC_MSG_RESULT(none)
+fi
+max_cmd_len=$lt_cv_sys_max_cmd_len
+_LT_DECL([], [max_cmd_len], [0],
+    [What is the maximum length of a command?])
+])# LT_CMD_MAX_LEN
+
+# Old name:
+AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], [])
+
+
+# _LT_HEADER_DLFCN
+# ----------------
+m4_defun([_LT_HEADER_DLFCN],
+[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl
+])# _LT_HEADER_DLFCN
+
+
+# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE,
+#                      ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING)
+# ----------------------------------------------------------------
+m4_defun([_LT_TRY_DLOPEN_SELF],
+[m4_require([_LT_HEADER_DLFCN])dnl
+if test "$cross_compiling" = yes; then :
+  [$4]
+else
+  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+  lt_status=$lt_dlunknown
+  cat > conftest.$ac_ext <<_LT_EOF
+[#line __oline__ "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+#  define LT_DLGLOBAL		RTLD_GLOBAL
+#else
+#  ifdef DL_GLOBAL
+#    define LT_DLGLOBAL		DL_GLOBAL
+#  else
+#    define LT_DLGLOBAL		0
+#  endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+   find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+#  ifdef RTLD_LAZY
+#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
+#  else
+#    ifdef DL_LAZY
+#      define LT_DLLAZY_OR_NOW		DL_LAZY
+#    else
+#      ifdef RTLD_NOW
+#        define LT_DLLAZY_OR_NOW	RTLD_NOW
+#      else
+#        ifdef DL_NOW
+#          define LT_DLLAZY_OR_NOW	DL_NOW
+#        else
+#          define LT_DLLAZY_OR_NOW	0
+#        endif
+#      endif
+#    endif
+#  endif
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+  int status = $lt_dlunknown;
+
+  if (self)
+    {
+      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
+      else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+      /* dlclose (self); */
+    }
+  else
+    puts (dlerror ());
+
+  return status;
+}]
+_LT_EOF
+  if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then
+    (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
+    lt_status=$?
+    case x$lt_status in
+      x$lt_dlno_uscore) $1 ;;
+      x$lt_dlneed_uscore) $2 ;;
+      x$lt_dlunknown|x*) $3 ;;
+    esac
+  else :
+    # compilation failed
+    $3
+  fi
+fi
+rm -fr conftest*
+])# _LT_TRY_DLOPEN_SELF
+
+
+# LT_SYS_DLOPEN_SELF
+# ------------------
+AC_DEFUN([LT_SYS_DLOPEN_SELF],
+[m4_require([_LT_HEADER_DLFCN])dnl
+if test "x$enable_dlopen" != xyes; then
+  enable_dlopen=unknown
+  enable_dlopen_self=unknown
+  enable_dlopen_self_static=unknown
+else
+  lt_cv_dlopen=no
+  lt_cv_dlopen_libs=
+
+  case $host_os in
+  beos*)
+    lt_cv_dlopen="load_add_on"
+    lt_cv_dlopen_libs=
+    lt_cv_dlopen_self=yes
+    ;;
+
+  mingw* | pw32* | cegcc*)
+    lt_cv_dlopen="LoadLibrary"
+    lt_cv_dlopen_libs=
+    ;;
+
+  cygwin*)
+    lt_cv_dlopen="dlopen"
+    lt_cv_dlopen_libs=
+    ;;
+
+  darwin*)
+  # if libdl is installed we need to link against it
+    AC_CHECK_LIB([dl], [dlopen],
+		[lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[
+    lt_cv_dlopen="dyld"
+    lt_cv_dlopen_libs=
+    lt_cv_dlopen_self=yes
+    ])
+    ;;
+
+  *)
+    AC_CHECK_FUNC([shl_load],
+	  [lt_cv_dlopen="shl_load"],
+      [AC_CHECK_LIB([dld], [shl_load],
+	    [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"],
+	[AC_CHECK_FUNC([dlopen],
+	      [lt_cv_dlopen="dlopen"],
+	  [AC_CHECK_LIB([dl], [dlopen],
+		[lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],
+	    [AC_CHECK_LIB([svld], [dlopen],
+		  [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"],
+	      [AC_CHECK_LIB([dld], [dld_link],
+		    [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"])
+	      ])
+	    ])
+	  ])
+	])
+      ])
+    ;;
+  esac
+
+  if test "x$lt_cv_dlopen" != xno; then
+    enable_dlopen=yes
+  else
+    enable_dlopen=no
+  fi
+
+  case $lt_cv_dlopen in
+  dlopen)
+    save_CPPFLAGS="$CPPFLAGS"
+    test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+    save_LDFLAGS="$LDFLAGS"
+    wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+    save_LIBS="$LIBS"
+    LIBS="$lt_cv_dlopen_libs $LIBS"
+
+    AC_CACHE_CHECK([whether a program can dlopen itself],
+	  lt_cv_dlopen_self, [dnl
+	  _LT_TRY_DLOPEN_SELF(
+	    lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes,
+	    lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
+    ])
+
+    if test "x$lt_cv_dlopen_self" = xyes; then
+      wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
+      AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
+	  lt_cv_dlopen_self_static, [dnl
+	  _LT_TRY_DLOPEN_SELF(
+	    lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes,
+	    lt_cv_dlopen_self_static=no,  lt_cv_dlopen_self_static=cross)
+      ])
+    fi
+
+    CPPFLAGS="$save_CPPFLAGS"
+    LDFLAGS="$save_LDFLAGS"
+    LIBS="$save_LIBS"
+    ;;
+  esac
+
+  case $lt_cv_dlopen_self in
+  yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+  *) enable_dlopen_self=unknown ;;
+  esac
+
+  case $lt_cv_dlopen_self_static in
+  yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+  *) enable_dlopen_self_static=unknown ;;
+  esac
+fi
+_LT_DECL([dlopen_support], [enable_dlopen], [0],
+	 [Whether dlopen is supported])
+_LT_DECL([dlopen_self], [enable_dlopen_self], [0],
+	 [Whether dlopen of programs is supported])
+_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0],
+	 [Whether dlopen of statically linked programs is supported])
+])# LT_SYS_DLOPEN_SELF
+
+# Old name:
+AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], [])
+
+
+# _LT_COMPILER_C_O([TAGNAME])
+# ---------------------------
+# Check to see if options -c and -o are simultaneously supported by compiler.
+# This macro does not hard code the compiler like AC_PROG_CC_C_O.
+m4_defun([_LT_COMPILER_C_O],
+[m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_TAG_COMPILER])dnl
+AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
+  [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)],
+  [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no
+   $RM -r conftest 2>/dev/null
+   mkdir conftest
+   cd conftest
+   mkdir out
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+   lt_compiler_flag="-o out/conftest2.$ac_objext"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
+   (eval "$lt_compile" 2>out/conftest.err)
+   ac_status=$?
+   cat out/conftest.err >&AS_MESSAGE_LOG_FD
+   echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+   if (exit $ac_status) && test -s out/conftest2.$ac_objext
+   then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+       _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
+     fi
+   fi
+   chmod u+w . 2>&AS_MESSAGE_LOG_FD
+   $RM conftest*
+   # SGI C++ compiler will create directory out/ii_files/ for
+   # template instantiation
+   test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+   $RM out/* && rmdir out
+   cd ..
+   $RM -r conftest
+   $RM conftest*
+])
+_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1],
+	[Does compiler simultaneously support -c and -o options?])
+])# _LT_COMPILER_C_O
+
+
+# _LT_COMPILER_FILE_LOCKS([TAGNAME])
+# ----------------------------------
+# Check to see if we can do hard links to lock some files if needed
+m4_defun([_LT_COMPILER_FILE_LOCKS],
+[m4_require([_LT_ENABLE_LOCK])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+_LT_COMPILER_C_O([$1])
+
+hard_links="nottested"
+if test "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then
+  # do not overwrite the value of need_locks provided by the user
+  AC_MSG_CHECKING([if we can lock with hard links])
+  hard_links=yes
+  $RM conftest*
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  touch conftest.a
+  ln conftest.a conftest.b 2>&5 || hard_links=no
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  AC_MSG_RESULT([$hard_links])
+  if test "$hard_links" = no; then
+    AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe])
+    need_locks=warn
+  fi
+else
+  need_locks=no
+fi
+_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?])
+])# _LT_COMPILER_FILE_LOCKS
+
+
+# _LT_CHECK_OBJDIR
+# ----------------
+m4_defun([_LT_CHECK_OBJDIR],
+[AC_CACHE_CHECK([for objdir], [lt_cv_objdir],
+[rm -f .libs 2>/dev/null
+mkdir .libs 2>/dev/null
+if test -d .libs; then
+  lt_cv_objdir=.libs
+else
+  # MS-DOS does not allow filenames that begin with a dot.
+  lt_cv_objdir=_libs
+fi
+rmdir .libs 2>/dev/null])
+objdir=$lt_cv_objdir
+_LT_DECL([], [objdir], [0],
+         [The name of the directory that contains temporary libtool files])dnl
+m4_pattern_allow([LT_OBJDIR])dnl
+AC_DEFINE_UNQUOTED(LT_OBJDIR, "$lt_cv_objdir/",
+  [Define to the sub-directory in which libtool stores uninstalled libraries.])
+])# _LT_CHECK_OBJDIR
+
+
+# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME])
+# --------------------------------------
+# Check hardcoding attributes.
+m4_defun([_LT_LINKER_HARDCODE_LIBPATH],
+[AC_MSG_CHECKING([how to hardcode library paths into programs])
+_LT_TAGVAR(hardcode_action, $1)=
+if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" ||
+   test -n "$_LT_TAGVAR(runpath_var, $1)" ||
+   test "X$_LT_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then
+
+  # We can hardcode non-existent directories.
+  if test "$_LT_TAGVAR(hardcode_direct, $1)" != no &&
+     # If the only mechanism to avoid hardcoding is shlibpath_var, we
+     # have to relink, otherwise we might link with an installed library
+     # when we should be linking with a yet-to-be-installed one
+     ## test "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" != no &&
+     test "$_LT_TAGVAR(hardcode_minus_L, $1)" != no; then
+    # Linking always hardcodes the temporary library directory.
+    _LT_TAGVAR(hardcode_action, $1)=relink
+  else
+    # We can link without hardcoding, and we can hardcode nonexisting dirs.
+    _LT_TAGVAR(hardcode_action, $1)=immediate
+  fi
+else
+  # We cannot hardcode anything, or else we can only hardcode existing
+  # directories.
+  _LT_TAGVAR(hardcode_action, $1)=unsupported
+fi
+AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)])
+
+if test "$_LT_TAGVAR(hardcode_action, $1)" = relink ||
+   test "$_LT_TAGVAR(inherit_rpath, $1)" = yes; then
+  # Fast installation is not supported
+  enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+     test "$enable_shared" = no; then
+  # Fast installation is not necessary
+  enable_fast_install=needless
+fi
+_LT_TAGDECL([], [hardcode_action], [0],
+    [How to hardcode a shared library path into an executable])
+])# _LT_LINKER_HARDCODE_LIBPATH
+
+
+# _LT_CMD_STRIPLIB
+# ----------------
+m4_defun([_LT_CMD_STRIPLIB],
+[m4_require([_LT_DECL_EGREP])
+striplib=
+old_striplib=
+AC_MSG_CHECKING([whether stripping libraries is possible])
+if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
+  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+  AC_MSG_RESULT([yes])
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+  case $host_os in
+  darwin*)
+    if test -n "$STRIP" ; then
+      striplib="$STRIP -x"
+      old_striplib="$STRIP -S"
+      AC_MSG_RESULT([yes])
+    else
+      AC_MSG_RESULT([no])
+    fi
+    ;;
+  *)
+    AC_MSG_RESULT([no])
+    ;;
+  esac
+fi
+_LT_DECL([], [old_striplib], [1], [Commands to strip libraries])
+_LT_DECL([], [striplib], [1])
+])# _LT_CMD_STRIPLIB
+
+
+# _LT_SYS_DYNAMIC_LINKER([TAG])
+# -----------------------------
+# PORTME Fill in your ld.so characteristics
+m4_defun([_LT_SYS_DYNAMIC_LINKER],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+m4_require([_LT_DECL_EGREP])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_OBJDUMP])dnl
+m4_require([_LT_DECL_SED])dnl
+AC_MSG_CHECKING([dynamic linker characteristics])
+m4_if([$1],
+	[], [
+if test "$GCC" = yes; then
+  case $host_os in
+    darwin*) lt_awk_arg="/^libraries:/,/LR/" ;;
+    *) lt_awk_arg="/^libraries:/" ;;
+  esac
+  lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+  if $ECHO "$lt_search_path_spec" | $GREP ';' >/dev/null ; then
+    # if the path contains ";" then we assume it to be the separator
+    # otherwise default to the standard path separator (i.e. ":") - it is
+    # assumed that no part of a normal pathname contains ";" but that should
+    # okay in the real world where ";" in dirpaths is itself problematic.
+    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e 's/;/ /g'`
+  else
+    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
+  fi
+  # Ok, now we have the path, separated by spaces, we can step through it
+  # and add multilib dir if necessary.
+  lt_tmp_lt_search_path_spec=
+  lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
+  for lt_sys_path in $lt_search_path_spec; do
+    if test -d "$lt_sys_path/$lt_multi_os_dir"; then
+      lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir"
+    else
+      test -d "$lt_sys_path" && \
+	lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
+    fi
+  done
+  lt_search_path_spec=`$ECHO $lt_tmp_lt_search_path_spec | awk '
+BEGIN {RS=" "; FS="/|\n";} {
+  lt_foo="";
+  lt_count=0;
+  for (lt_i = NF; lt_i > 0; lt_i--) {
+    if ($lt_i != "" && $lt_i != ".") {
+      if ($lt_i == "..") {
+        lt_count++;
+      } else {
+        if (lt_count == 0) {
+          lt_foo="/" $lt_i lt_foo;
+        } else {
+          lt_count--;
+        }
+      }
+    }
+  }
+  if (lt_foo != "") { lt_freq[[lt_foo]]++; }
+  if (lt_freq[[lt_foo]] == 1) { print lt_foo; }
+}'`
+  sys_lib_search_path_spec=`$ECHO $lt_search_path_spec`
+else
+  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi])
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+  shlibpath_var=LIBPATH
+
+  # AIX 3 has no versioning support, so we append a major version to the name.
+  soname_spec='${libname}${release}${shared_ext}$major'
+  ;;
+
+aix[[4-9]]*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  hardcode_into_libs=yes
+  if test "$host_cpu" = ia64; then
+    # AIX 5 supports IA64
+    library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+    shlibpath_var=LD_LIBRARY_PATH
+  else
+    # With GCC up to 2.95.x, collect2 would create an import file
+    # for dependence libraries.  The import file would start with
+    # the line `#! .'.  This would cause the generated library to
+    # depend on `.', always an invalid library.  This was fixed in
+    # development snapshots of GCC prior to 3.0.
+    case $host_os in
+      aix4 | aix4.[[01]] | aix4.[[01]].*)
+      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+	   echo ' yes '
+	   echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then
+	:
+      else
+	can_build_shared=no
+      fi
+      ;;
+    esac
+    # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+    # soname into executable. Probably we can add versioning support to
+    # collect2, so additional links can be useful in future.
+    if test "$aix_use_runtimelinking" = yes; then
+      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+      # instead of lib<name>.a to let people know that these are not
+      # typical AIX shared libraries.
+      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    else
+      # We preserve .a as extension for shared libraries through AIX4.2
+      # and later when we are not doing run time linking.
+      library_names_spec='${libname}${release}.a $libname.a'
+      soname_spec='${libname}${release}${shared_ext}$major'
+    fi
+    shlibpath_var=LIBPATH
+  fi
+  ;;
+
+amigaos*)
+  case $host_cpu in
+  powerpc)
+    # Since July 2007 AmigaOS4 officially supports .so libraries.
+    # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    ;;
+  m68k)
+    library_names_spec='$libname.ixlibrary $libname.a'
+    # Create ${libname}_ixlibrary.a entries in /sys/libs.
+    finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+    ;;
+  esac
+  ;;
+
+beos*)
+  library_names_spec='${libname}${shared_ext}'
+  dynamic_linker="$host_os ld.so"
+  shlibpath_var=LIBRARY_PATH
+  ;;
+
+bsdi[[45]]*)
+  version_type=linux
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+  # the default ld.so.conf also contains /usr/contrib/lib and
+  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+  # libtool to hard-code these into programs
+  ;;
+
+cygwin* | mingw* | pw32* | cegcc*)
+  version_type=windows
+  shrext_cmds=".dll"
+  need_version=no
+  need_lib_prefix=no
+
+  case $GCC,$host_os in
+  yes,cygwin* | yes,mingw* | yes,pw32* | yes,cegcc*)
+    library_names_spec='$libname.dll.a'
+    # DLL is installed to $(libdir)/../bin by postinstall_cmds
+    postinstall_cmds='base_file=`basename \${file}`~
+      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~
+      dldir=$destdir/`dirname \$dlpath`~
+      test -d \$dldir || mkdir -p \$dldir~
+      $install_prog $dir/$dlname \$dldir/$dlname~
+      chmod a+x \$dldir/$dlname~
+      if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+        eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+      fi'
+    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+      dlpath=$dir/\$dldll~
+       $RM \$dlpath'
+    shlibpath_overrides_runpath=yes
+
+    case $host_os in
+    cygwin*)
+      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+      soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+      sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+      ;;
+    mingw* | cegcc*)
+      # MinGW DLLs use traditional 'lib' prefix
+      soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+      sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+      if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then
+        # It is most probably a Windows format PATH printed by
+        # mingw gcc, but we are running on Cygwin. Gcc prints its search
+        # path with ; separators, and with drive letters. We can handle the
+        # drive letters (cygwin fileutils understands them), so leave them,
+        # especially as we might pass files found there to a mingw objdump,
+        # which wouldn't understand a cygwinified path. Ahh.
+        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+      else
+        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
+      fi
+      ;;
+    pw32*)
+      # pw32 DLLs use 'pw' prefix rather than 'lib'
+      library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+      ;;
+    esac
+    ;;
+
+  *)
+    library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib'
+    ;;
+  esac
+  dynamic_linker='Win32 ld.exe'
+  # FIXME: first we should search . and the directory the executable is in
+  shlibpath_var=PATH
+  ;;
+
+darwin* | rhapsody*)
+  dynamic_linker="$host_os dyld"
+  version_type=darwin
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+  soname_spec='${libname}${release}${major}$shared_ext'
+  shlibpath_overrides_runpath=yes
+  shlibpath_var=DYLD_LIBRARY_PATH
+  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+m4_if([$1], [],[
+  sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"])
+  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+  ;;
+
+dgux*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+freebsd1*)
+  dynamic_linker=no
+  ;;
+
+freebsd* | dragonfly*)
+  # DragonFly does not have aout.  When/if they implement a new
+  # versioning mechanism, adjust this.
+  if test -x /usr/bin/objformat; then
+    objformat=`/usr/bin/objformat`
+  else
+    case $host_os in
+    freebsd[[123]]*) objformat=aout ;;
+    *) objformat=elf ;;
+    esac
+  fi
+  version_type=freebsd-$objformat
+  case $version_type in
+    freebsd-elf*)
+      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+      need_version=no
+      need_lib_prefix=no
+      ;;
+    freebsd-*)
+      library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+      need_version=yes
+      ;;
+  esac
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_os in
+  freebsd2*)
+    shlibpath_overrides_runpath=yes
+    ;;
+  freebsd3.[[01]]* | freebsdelf3.[[01]]*)
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \
+  freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1)
+    shlibpath_overrides_runpath=no
+    hardcode_into_libs=yes
+    ;;
+  *) # from 4.6 on, and DragonFly
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  esac
+  ;;
+
+gnu*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  hardcode_into_libs=yes
+  ;;
+
+hpux9* | hpux10* | hpux11*)
+  # Give a soname corresponding to the major version so that dld.sl refuses to
+  # link against other versions.
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  case $host_cpu in
+  ia64*)
+    shrext_cmds='.so'
+    hardcode_into_libs=yes
+    dynamic_linker="$host_os dld.so"
+    shlibpath_var=LD_LIBRARY_PATH
+    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    if test "X$HPUX_IA64_MODE" = X32; then
+      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+    else
+      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+    fi
+    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+    ;;
+  hppa*64*)
+    shrext_cmds='.sl'
+    hardcode_into_libs=yes
+    dynamic_linker="$host_os dld.sl"
+    shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+    ;;
+  *)
+    shrext_cmds='.sl'
+    dynamic_linker="$host_os dld.sl"
+    shlibpath_var=SHLIB_PATH
+    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    ;;
+  esac
+  # HP-UX runs *really* slowly unless shared libraries are mode 555.
+  postinstall_cmds='chmod 555 $lib'
+  ;;
+
+interix[[3-9]]*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  ;;
+
+irix5* | irix6* | nonstopux*)
+  case $host_os in
+    nonstopux*) version_type=nonstopux ;;
+    *)
+	if test "$lt_cv_prog_gnu_ld" = yes; then
+		version_type=linux
+	else
+		version_type=irix
+	fi ;;
+  esac
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='${libname}${release}${shared_ext}$major'
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+  case $host_os in
+  irix5* | nonstopux*)
+    libsuff= shlibsuff=
+    ;;
+  *)
+    case $LD in # libtool.m4 will add one of these switches to LD
+    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+      libsuff= shlibsuff= libmagic=32-bit;;
+    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+      libsuff=32 shlibsuff=N32 libmagic=N32;;
+    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+      libsuff=64 shlibsuff=64 libmagic=64-bit;;
+    *) libsuff= shlibsuff= libmagic=never-match;;
+    esac
+    ;;
+  esac
+  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+  shlibpath_overrides_runpath=no
+  sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+  sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+  hardcode_into_libs=yes
+  ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+  dynamic_linker=no
+  ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  # Some binutils ld are patched to set DT_RUNPATH
+  save_LDFLAGS=$LDFLAGS
+  save_libdir=$libdir
+  eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \
+       LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\""
+  AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
+    [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null],
+       [shlibpath_overrides_runpath=yes])])
+  LDFLAGS=$save_LDFLAGS
+  libdir=$save_libdir
+
+  # This implies no fast_install, which is unacceptable.
+  # Some rework will be needed to allow for fast_install
+  # before this can be enabled.
+  hardcode_into_libs=yes
+
+  # Append ld.so.conf contents to the search path
+  if test -f /etc/ld.so.conf; then
+    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+  fi
+
+  # We used to test for /lib/ld.so.1 and disable shared libraries on
+  # powerpc, because MkLinux only supported shared libraries with the
+  # GNU dynamic linker.  Since this was broken with cross compilers,
+  # most powerpc-linux boxes support dynamic linking these days and
+  # people can always --disable-shared, the test was removed, and we
+  # assume the GNU/Linux dynamic linker is in use.
+  dynamic_linker='GNU/Linux ld.so'
+  ;;
+
+netbsd*)
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+    dynamic_linker='NetBSD (a.out) ld.so'
+  else
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    dynamic_linker='NetBSD ld.elf_so'
+  fi
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  ;;
+
+newsos6)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  ;;
+
+*nto* | *qnx*)
+  version_type=qnx
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='ldqnx.so'
+  ;;
+
+openbsd*)
+  version_type=sunos
+  sys_lib_dlsearch_path_spec="/usr/lib"
+  need_lib_prefix=no
+  # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+  case $host_os in
+    openbsd3.3 | openbsd3.3.*)	need_version=yes ;;
+    *)				need_version=no  ;;
+  esac
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+    case $host_os in
+      openbsd2.[[89]] | openbsd2.[[89]].*)
+	shlibpath_overrides_runpath=no
+	;;
+      *)
+	shlibpath_overrides_runpath=yes
+	;;
+      esac
+  else
+    shlibpath_overrides_runpath=yes
+  fi
+  ;;
+
+os2*)
+  libname_spec='$name'
+  shrext_cmds=".dll"
+  need_lib_prefix=no
+  library_names_spec='$libname${shared_ext} $libname.a'
+  dynamic_linker='OS/2 ld.exe'
+  shlibpath_var=LIBPATH
+  ;;
+
+osf3* | osf4* | osf5*)
+  version_type=osf
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='${libname}${release}${shared_ext}$major'
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+  sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+  ;;
+
+rdos*)
+  dynamic_linker=no
+  ;;
+
+solaris*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  # ldd complains unless libraries are executable
+  postinstall_cmds='chmod +x $lib'
+  ;;
+
+sunos4*)
+  version_type=sunos
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  if test "$with_gnu_ld" = yes; then
+    need_lib_prefix=no
+  fi
+  need_version=yes
+  ;;
+
+sysv4 | sysv4.3*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_vendor in
+    sni)
+      shlibpath_overrides_runpath=no
+      need_lib_prefix=no
+      runpath_var=LD_RUN_PATH
+      ;;
+    siemens)
+      need_lib_prefix=no
+      ;;
+    motorola)
+      need_lib_prefix=no
+      need_version=no
+      shlibpath_overrides_runpath=no
+      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+      ;;
+  esac
+  ;;
+
+sysv4*MP*)
+  if test -d /usr/nec ;then
+    version_type=linux
+    library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+    soname_spec='$libname${shared_ext}.$major'
+    shlibpath_var=LD_LIBRARY_PATH
+  fi
+  ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+  version_type=freebsd-elf
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  if test "$with_gnu_ld" = yes; then
+    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+  else
+    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+    case $host_os in
+      sco3.2v5*)
+        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+	;;
+    esac
+  fi
+  sys_lib_dlsearch_path_spec='/usr/lib'
+  ;;
+
+tpf*)
+  # TPF is a cross-target only.  Preferred cross-host = GNU/Linux.
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  ;;
+
+uts4*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+*)
+  dynamic_linker=no
+  ;;
+esac
+AC_MSG_RESULT([$dynamic_linker])
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then
+  sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec"
+fi
+if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then
+  sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec"
+fi
+
+_LT_DECL([], [variables_saved_for_relink], [1],
+    [Variables whose values should be saved in libtool wrapper scripts and
+    restored at link time])
+_LT_DECL([], [need_lib_prefix], [0],
+    [Do we need the "lib" prefix for modules?])
+_LT_DECL([], [need_version], [0], [Do we need a version for libraries?])
+_LT_DECL([], [version_type], [0], [Library versioning type])
+_LT_DECL([], [runpath_var], [0],  [Shared library runtime path variable])
+_LT_DECL([], [shlibpath_var], [0],[Shared library path variable])
+_LT_DECL([], [shlibpath_overrides_runpath], [0],
+    [Is shlibpath searched before the hard-coded library search path?])
+_LT_DECL([], [libname_spec], [1], [Format of library name prefix])
+_LT_DECL([], [library_names_spec], [1],
+    [[List of archive names.  First name is the real one, the rest are links.
+    The last name is the one that the linker finds with -lNAME]])
+_LT_DECL([], [soname_spec], [1],
+    [[The coded name of the library, if different from the real name]])
+_LT_DECL([], [postinstall_cmds], [2],
+    [Command to use after installation of a shared archive])
+_LT_DECL([], [postuninstall_cmds], [2],
+    [Command to use after uninstallation of a shared archive])
+_LT_DECL([], [finish_cmds], [2],
+    [Commands used to finish a libtool library installation in a directory])
+_LT_DECL([], [finish_eval], [1],
+    [[As "finish_cmds", except a single script fragment to be evaled but
+    not shown]])
+_LT_DECL([], [hardcode_into_libs], [0],
+    [Whether we should hardcode library paths into libraries])
+_LT_DECL([], [sys_lib_search_path_spec], [2],
+    [Compile-time system search path for libraries])
+_LT_DECL([], [sys_lib_dlsearch_path_spec], [2],
+    [Run-time system search path for libraries])
+])# _LT_SYS_DYNAMIC_LINKER
+
+
+# _LT_PATH_TOOL_PREFIX(TOOL)
+# --------------------------
+# find a file program which can recognize shared library
+AC_DEFUN([_LT_PATH_TOOL_PREFIX],
+[m4_require([_LT_DECL_EGREP])dnl
+AC_MSG_CHECKING([for $1])
+AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
+[case $MAGIC_CMD in
+[[\\/*] |  ?:[\\/]*])
+  lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+  ;;
+*)
+  lt_save_MAGIC_CMD="$MAGIC_CMD"
+  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+dnl $ac_dummy forces splitting on constant user-supplied paths.
+dnl POSIX.2 word splitting is done only on the output of word expansions,
+dnl not every word.  This closes a longstanding sh security hole.
+  ac_dummy="m4_if([$2], , $PATH, [$2])"
+  for ac_dir in $ac_dummy; do
+    IFS="$lt_save_ifs"
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$1; then
+      lt_cv_path_MAGIC_CMD="$ac_dir/$1"
+      if test -n "$file_magic_test_file"; then
+	case $deplibs_check_method in
+	"file_magic "*)
+	  file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+	  MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+	    $EGREP "$file_magic_regex" > /dev/null; then
+	    :
+	  else
+	    cat <<_LT_EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such.  This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem.  Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+_LT_EOF
+	  fi ;;
+	esac
+      fi
+      break
+    fi
+  done
+  IFS="$lt_save_ifs"
+  MAGIC_CMD="$lt_save_MAGIC_CMD"
+  ;;
+esac])
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+  AC_MSG_RESULT($MAGIC_CMD)
+else
+  AC_MSG_RESULT(no)
+fi
+_LT_DECL([], [MAGIC_CMD], [0],
+	 [Used to examine libraries when file_magic_cmd begins with "file"])dnl
+])# _LT_PATH_TOOL_PREFIX
+
+# Old name:
+AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], [])
+
+
+# _LT_PATH_MAGIC
+# --------------
+# find a file program which can recognize a shared library
+m4_defun([_LT_PATH_MAGIC],
+[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH)
+if test -z "$lt_cv_path_MAGIC_CMD"; then
+  if test -n "$ac_tool_prefix"; then
+    _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH)
+  else
+    MAGIC_CMD=:
+  fi
+fi
+])# _LT_PATH_MAGIC
+
+
+# LT_PATH_LD
+# ----------
+# find the pathname to the GNU or non-GNU linker
+AC_DEFUN([LT_PATH_LD],
+[AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_DECL_EGREP])dnl
+
+AC_ARG_WITH([gnu-ld],
+    [AS_HELP_STRING([--with-gnu-ld],
+	[assume the C compiler uses GNU ld @<:@default=no@:>@])],
+    [test "$withval" = no || with_gnu_ld=yes],
+    [with_gnu_ld=no])dnl
+
+ac_prog=ld
+if test "$GCC" = yes; then
+  # Check if gcc -print-prog-name=ld gives a path.
+  AC_MSG_CHECKING([for ld used by $CC])
+  case $host in
+  *-*-mingw*)
+    # gcc leaves a trailing carriage return which upsets mingw
+    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+  *)
+    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+  esac
+  case $ac_prog in
+    # Accept absolute paths.
+    [[\\/]]* | ?:[[\\/]]*)
+      re_direlt='/[[^/]][[^/]]*/\.\./'
+      # Canonicalize the pathname of ld
+      ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
+      while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
+	ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
+      done
+      test -z "$LD" && LD="$ac_prog"
+      ;;
+  "")
+    # If it fails, then pretend we aren't using GCC.
+    ac_prog=ld
+    ;;
+  *)
+    # If it is relative, then search for the first ld in PATH.
+    with_gnu_ld=unknown
+    ;;
+  esac
+elif test "$with_gnu_ld" = yes; then
+  AC_MSG_CHECKING([for GNU ld])
+else
+  AC_MSG_CHECKING([for non-GNU ld])
+fi
+AC_CACHE_VAL(lt_cv_path_LD,
+[if test -z "$LD"; then
+  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+  for ac_dir in $PATH; do
+    IFS="$lt_save_ifs"
+    test -z "$ac_dir" && ac_dir=.
+    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+      lt_cv_path_LD="$ac_dir/$ac_prog"
+      # Check to see if the program is GNU ld.  I'd rather use --version,
+      # but apparently some variants of GNU ld only accept -v.
+      # Break only if it was the GNU/non-GNU ld that we prefer.
+      case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+      *GNU* | *'with BFD'*)
+	test "$with_gnu_ld" != no && break
+	;;
+      *)
+	test "$with_gnu_ld" != yes && break
+	;;
+      esac
+    fi
+  done
+  IFS="$lt_save_ifs"
+else
+  lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi])
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+  AC_MSG_RESULT($LD)
+else
+  AC_MSG_RESULT(no)
+fi
+test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
+_LT_PATH_LD_GNU
+AC_SUBST([LD])
+
+_LT_TAGDECL([], [LD], [1], [The linker used to build libraries])
+])# LT_PATH_LD
+
+# Old names:
+AU_ALIAS([AM_PROG_LD], [LT_PATH_LD])
+AU_ALIAS([AC_PROG_LD], [LT_PATH_LD])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AM_PROG_LD], [])
+dnl AC_DEFUN([AC_PROG_LD], [])
+
+
+# _LT_PATH_LD_GNU
+#- --------------
+m4_defun([_LT_PATH_LD_GNU],
+[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], lt_cv_prog_gnu_ld,
+[# I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+  lt_cv_prog_gnu_ld=yes
+  ;;
+*)
+  lt_cv_prog_gnu_ld=no
+  ;;
+esac])
+with_gnu_ld=$lt_cv_prog_gnu_ld
+])# _LT_PATH_LD_GNU
+
+
+# _LT_CMD_RELOAD
+# --------------
+# find reload flag for linker
+#   -- PORTME Some linkers may need a different reload flag.
+m4_defun([_LT_CMD_RELOAD],
+[AC_CACHE_CHECK([for $LD option to reload object files],
+  lt_cv_ld_reload_flag,
+  [lt_cv_ld_reload_flag='-r'])
+reload_flag=$lt_cv_ld_reload_flag
+case $reload_flag in
+"" | " "*) ;;
+*) reload_flag=" $reload_flag" ;;
+esac
+reload_cmds='$LD$reload_flag -o $output$reload_objs'
+case $host_os in
+  darwin*)
+    if test "$GCC" = yes; then
+      reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs'
+    else
+      reload_cmds='$LD$reload_flag -o $output$reload_objs'
+    fi
+    ;;
+esac
+_LT_DECL([], [reload_flag], [1], [How to create reloadable object files])dnl
+_LT_DECL([], [reload_cmds], [2])dnl
+])# _LT_CMD_RELOAD
+
+
+# _LT_CHECK_MAGIC_METHOD
+# ----------------------
+# how to check for library dependencies
+#  -- PORTME fill in with the dynamic library characteristics
+m4_defun([_LT_CHECK_MAGIC_METHOD],
+[m4_require([_LT_DECL_EGREP])
+m4_require([_LT_DECL_OBJDUMP])
+AC_CACHE_CHECK([how to recognize dependent libraries],
+lt_cv_deplibs_check_method,
+[lt_cv_file_magic_cmd='$MAGIC_CMD'
+lt_cv_file_magic_test_file=
+lt_cv_deplibs_check_method='unknown'
+# Need to set the preceding variable on all platforms that support
+# interlibrary dependencies.
+# 'none' -- dependencies not supported.
+# `unknown' -- same as none, but documents that we really don't know.
+# 'pass_all' -- all dependencies passed with no checks.
+# 'test_compile' -- check by making test program.
+# 'file_magic [[regex]]' -- check by looking for files in library path
+# which responds to the $file_magic_cmd with a given extended regex.
+# If you have `file' or equivalent on your system and you're not sure
+# whether `pass_all' will *always* work, you probably want this one.
+
+case $host_os in
+aix[[4-9]]*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+beos*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+bsdi[[45]]*)
+  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
+  lt_cv_file_magic_cmd='/usr/bin/file -L'
+  lt_cv_file_magic_test_file=/shlib/libc.so
+  ;;
+
+cygwin*)
+  # func_win32_libid is a shell function defined in ltmain.sh
+  lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+  lt_cv_file_magic_cmd='func_win32_libid'
+  ;;
+
+mingw* | pw32*)
+  # Base MSYS/MinGW do not provide the 'file' command needed by
+  # func_win32_libid shell function, so use a weaker test based on 'objdump',
+  # unless we find 'file', for example because we are cross-compiling.
+  if ( file / ) >/dev/null 2>&1; then
+    lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+    lt_cv_file_magic_cmd='func_win32_libid'
+  else
+    lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+    lt_cv_file_magic_cmd='$OBJDUMP -f'
+  fi
+  ;;
+
+cegcc)
+  # use the weaker test based on 'objdump'. See mingw*.
+  lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
+  lt_cv_file_magic_cmd='$OBJDUMP -f'
+  ;;
+
+darwin* | rhapsody*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+freebsd* | dragonfly*)
+  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+    case $host_cpu in
+    i*86 )
+      # Not sure whether the presence of OpenBSD here was a mistake.
+      # Let's accept both of them until this is cleared up.
+      lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
+      lt_cv_file_magic_cmd=/usr/bin/file
+      lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
+      ;;
+    esac
+  else
+    lt_cv_deplibs_check_method=pass_all
+  fi
+  ;;
+
+gnu*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+hpux10.20* | hpux11*)
+  lt_cv_file_magic_cmd=/usr/bin/file
+  case $host_cpu in
+  ia64*)
+    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
+    lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
+    ;;
+  hppa*64*)
+    [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]']
+    lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
+    ;;
+  *)
+    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]].[[0-9]]) shared library'
+    lt_cv_file_magic_test_file=/usr/lib/libc.sl
+    ;;
+  esac
+  ;;
+
+interix[[3-9]]*)
+  # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
+  lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$'
+  ;;
+
+irix5* | irix6* | nonstopux*)
+  case $LD in
+  *-32|*"-32 ") libmagic=32-bit;;
+  *-n32|*"-n32 ") libmagic=N32;;
+  *-64|*"-64 ") libmagic=64-bit;;
+  *) libmagic=never-match;;
+  esac
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+netbsd*)
+  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
+  else
+    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$'
+  fi
+  ;;
+
+newos6*)
+  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
+  lt_cv_file_magic_cmd=/usr/bin/file
+  lt_cv_file_magic_test_file=/usr/lib/libnls.so
+  ;;
+
+*nto* | *qnx*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+openbsd*)
+  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$'
+  else
+    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
+  fi
+  ;;
+
+osf3* | osf4* | osf5*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+rdos*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+solaris*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+sysv4 | sysv4.3*)
+  case $host_vendor in
+  motorola)
+    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]'
+    lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
+    ;;
+  ncr)
+    lt_cv_deplibs_check_method=pass_all
+    ;;
+  sequent)
+    lt_cv_file_magic_cmd='/bin/file'
+    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )'
+    ;;
+  sni)
+    lt_cv_file_magic_cmd='/bin/file'
+    lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib"
+    lt_cv_file_magic_test_file=/lib/libc.so
+    ;;
+  siemens)
+    lt_cv_deplibs_check_method=pass_all
+    ;;
+  pc)
+    lt_cv_deplibs_check_method=pass_all
+    ;;
+  esac
+  ;;
+
+tpf*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+esac
+])
+file_magic_cmd=$lt_cv_file_magic_cmd
+deplibs_check_method=$lt_cv_deplibs_check_method
+test -z "$deplibs_check_method" && deplibs_check_method=unknown
+
+_LT_DECL([], [deplibs_check_method], [1],
+    [Method to check whether dependent libraries are shared objects])
+_LT_DECL([], [file_magic_cmd], [1],
+    [Command to use when deplibs_check_method == "file_magic"])
+])# _LT_CHECK_MAGIC_METHOD
+
+
+# LT_PATH_NM
+# ----------
+# find the pathname to a BSD- or MS-compatible name lister
+AC_DEFUN([LT_PATH_NM],
+[AC_REQUIRE([AC_PROG_CC])dnl
+AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM,
+[if test -n "$NM"; then
+  # Let the user override the test.
+  lt_cv_path_NM="$NM"
+else
+  lt_nm_to_check="${ac_tool_prefix}nm"
+  if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
+    lt_nm_to_check="$lt_nm_to_check nm"
+  fi
+  for lt_tmp_nm in $lt_nm_to_check; do
+    lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+    for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
+      IFS="$lt_save_ifs"
+      test -z "$ac_dir" && ac_dir=.
+      tmp_nm="$ac_dir/$lt_tmp_nm"
+      if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
+	# Check to see if the nm accepts a BSD-compat flag.
+	# Adding the `sed 1q' prevents false positives on HP-UX, which says:
+	#   nm: unknown option "B" ignored
+	# Tru64's nm complains that /dev/null is an invalid object file
+	case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
+	*/dev/null* | *'Invalid file or object type'*)
+	  lt_cv_path_NM="$tmp_nm -B"
+	  break
+	  ;;
+	*)
+	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+	  */dev/null*)
+	    lt_cv_path_NM="$tmp_nm -p"
+	    break
+	    ;;
+	  *)
+	    lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
+	    continue # so that we can try to find one that supports BSD flags
+	    ;;
+	  esac
+	  ;;
+	esac
+      fi
+    done
+    IFS="$lt_save_ifs"
+  done
+  : ${lt_cv_path_NM=no}
+fi])
+if test "$lt_cv_path_NM" != "no"; then
+  NM="$lt_cv_path_NM"
+else
+  # Didn't find any BSD compatible name lister, look for dumpbin.
+  AC_CHECK_TOOLS(DUMPBIN, ["dumpbin -symbols" "link -dump -symbols"], :)
+  AC_SUBST([DUMPBIN])
+  if test "$DUMPBIN" != ":"; then
+    NM="$DUMPBIN"
+  fi
+fi
+test -z "$NM" && NM=nm
+AC_SUBST([NM])
+_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl
+
+AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface],
+  [lt_cv_nm_interface="BSD nm"
+  echo "int some_variable = 0;" > conftest.$ac_ext
+  (eval echo "\"\$as_me:__oline__: $ac_compile\"" >&AS_MESSAGE_LOG_FD)
+  (eval "$ac_compile" 2>conftest.err)
+  cat conftest.err >&AS_MESSAGE_LOG_FD
+  (eval echo "\"\$as_me:__oline__: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD)
+  (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
+  cat conftest.err >&AS_MESSAGE_LOG_FD
+  (eval echo "\"\$as_me:__oline__: output\"" >&AS_MESSAGE_LOG_FD)
+  cat conftest.out >&AS_MESSAGE_LOG_FD
+  if $GREP 'External.*some_variable' conftest.out > /dev/null; then
+    lt_cv_nm_interface="MS dumpbin"
+  fi
+  rm -f conftest*])
+])# LT_PATH_NM
+
+# Old names:
+AU_ALIAS([AM_PROG_NM], [LT_PATH_NM])
+AU_ALIAS([AC_PROG_NM], [LT_PATH_NM])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AM_PROG_NM], [])
+dnl AC_DEFUN([AC_PROG_NM], [])
+
+
+# LT_LIB_M
+# --------
+# check for math library
+AC_DEFUN([LT_LIB_M],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+LIBM=
+case $host in
+*-*-beos* | *-*-cygwin* | *-*-pw32* | *-*-darwin*)
+  # These system don't have libm, or don't need it
+  ;;
+*-ncr-sysv4.3*)
+  AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw")
+  AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm")
+  ;;
+*)
+  AC_CHECK_LIB(m, cos, LIBM="-lm")
+  ;;
+esac
+AC_SUBST([LIBM])
+])# LT_LIB_M
+
+# Old name:
+AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_CHECK_LIBM], [])
+
+
+# _LT_COMPILER_NO_RTTI([TAGNAME])
+# -------------------------------
+m4_defun([_LT_COMPILER_NO_RTTI],
+[m4_require([_LT_TAG_COMPILER])dnl
+
+_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
+
+if test "$GCC" = yes; then
+  _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
+
+  _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions],
+    lt_cv_prog_compiler_rtti_exceptions,
+    [-fno-rtti -fno-exceptions], [],
+    [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"])
+fi
+_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1],
+	[Compiler flag to turn off builtin functions])
+])# _LT_COMPILER_NO_RTTI
+
+
+# _LT_CMD_GLOBAL_SYMBOLS
+# ----------------------
+m4_defun([_LT_CMD_GLOBAL_SYMBOLS],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([LT_PATH_NM])dnl
+AC_REQUIRE([LT_PATH_LD])dnl
+m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_DECL_EGREP])dnl
+m4_require([_LT_TAG_COMPILER])dnl
+
+# Check for command to grab the raw symbol name followed by C symbol from nm.
+AC_MSG_CHECKING([command to parse $NM output from $compiler object])
+AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe],
+[
+# These are sane defaults that work on at least a few old systems.
+# [They come from Ultrix.  What could be older than Ultrix?!! ;)]
+
+# Character class describing NM global symbol codes.
+symcode='[[BCDEGRST]]'
+
+# Regexp to match symbols that can be accessed directly from C.
+sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)'
+
+# Define system-specific variables.
+case $host_os in
+aix*)
+  symcode='[[BCDT]]'
+  ;;
+cygwin* | mingw* | pw32* | cegcc*)
+  symcode='[[ABCDGISTW]]'
+  ;;
+hpux*)
+  if test "$host_cpu" = ia64; then
+    symcode='[[ABCDEGRST]]'
+  fi
+  ;;
+irix* | nonstopux*)
+  symcode='[[BCDEGRST]]'
+  ;;
+osf*)
+  symcode='[[BCDEGQRST]]'
+  ;;
+solaris*)
+  symcode='[[BDRT]]'
+  ;;
+sco3.2v5*)
+  symcode='[[DT]]'
+  ;;
+sysv4.2uw2*)
+  symcode='[[DT]]'
+  ;;
+sysv5* | sco5v6* | unixware* | OpenUNIX*)
+  symcode='[[ABDT]]'
+  ;;
+sysv4)
+  symcode='[[DFNSTU]]'
+  ;;
+esac
+
+# If we're using GNU nm, then use its standard symbol codes.
+case `$NM -V 2>&1` in
+*GNU* | *'with BFD'*)
+  symcode='[[ABCDGIRSTW]]' ;;
+esac
+
+# Transform an extracted symbol line into a proper C declaration.
+# Some systems (esp. on ia64) link data and code symbols differently,
+# so use this general approach.
+lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+
+# Transform an extracted symbol line into symbol name and symbol address
+lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/  {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/  {\"\2\", (void *) \&\2},/p'"
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([[^ ]]*\) $/  {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \(lib[[^ ]]*\)$/  {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/  {\"lib\2\", (void *) \&\2},/p'"
+
+# Handle CRLF in mingw tool chain
+opt_cr=
+case $build_os in
+mingw*)
+  opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
+  ;;
+esac
+
+# Try without a prefix underscore, then with it.
+for ac_symprfx in "" "_"; do
+
+  # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
+  symxfrm="\\1 $ac_symprfx\\2 \\2"
+
+  # Write the raw and C identifiers.
+  if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+    # Fake it for dumpbin and say T for any non-static function
+    # and D for any global variable.
+    # Also find C++ and __fastcall symbols from MSVC++,
+    # which start with @ or ?.
+    lt_cv_sys_global_symbol_pipe="$AWK ['"\
+"     {last_section=section; section=\$ 3};"\
+"     /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
+"     \$ 0!~/External *\|/{next};"\
+"     / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
+"     {if(hide[section]) next};"\
+"     {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\
+"     {split(\$ 0, a, /\||\r/); split(a[2], s)};"\
+"     s[1]~/^[@?]/{print s[1], s[1]; next};"\
+"     s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\
+"     ' prfx=^$ac_symprfx]"
+  else
+    lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[	 ]]\($symcode$symcode*\)[[	 ]][[	 ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+  fi
+
+  # Check to see that the pipe works correctly.
+  pipe_works=no
+
+  rm -f conftest*
+  cat > conftest.$ac_ext <<_LT_EOF
+#ifdef __cplusplus
+extern "C" {
+#endif
+char nm_test_var;
+void nm_test_func(void);
+void nm_test_func(void){}
+#ifdef __cplusplus
+}
+#endif
+int main(){nm_test_var='a';nm_test_func();return(0);}
+_LT_EOF
+
+  if AC_TRY_EVAL(ac_compile); then
+    # Now try to grab the symbols.
+    nlist=conftest.nm
+    if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) && test -s "$nlist"; then
+      # Try sorting and uniquifying the output.
+      if sort "$nlist" | uniq > "$nlist"T; then
+	mv -f "$nlist"T "$nlist"
+      else
+	rm -f "$nlist"T
+      fi
+
+      # Make sure that we snagged all the symbols we need.
+      if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
+	if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
+	  cat <<_LT_EOF > conftest.$ac_ext
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+_LT_EOF
+	  # Now generate the symbol file.
+	  eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
+
+	  cat <<_LT_EOF >> conftest.$ac_ext
+
+/* The mapping between symbol names and symbols.  */
+const struct {
+  const char *name;
+  void       *address;
+}
+lt__PROGRAM__LTX_preloaded_symbols[[]] =
+{
+  { "@PROGRAM@", (void *) 0 },
+_LT_EOF
+	  $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/  {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
+	  cat <<\_LT_EOF >> conftest.$ac_ext
+  {0, (void *) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+  return lt__PROGRAM__LTX_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+_LT_EOF
+	  # Now try linking the two files.
+	  mv conftest.$ac_objext conftstm.$ac_objext
+	  lt_save_LIBS="$LIBS"
+	  lt_save_CFLAGS="$CFLAGS"
+	  LIBS="conftstm.$ac_objext"
+	  CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)"
+	  if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then
+	    pipe_works=yes
+	  fi
+	  LIBS="$lt_save_LIBS"
+	  CFLAGS="$lt_save_CFLAGS"
+	else
+	  echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD
+	fi
+      else
+	echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD
+      fi
+    else
+      echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD
+    fi
+  else
+    echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD
+    cat conftest.$ac_ext >&5
+  fi
+  rm -rf conftest* conftst*
+
+  # Do not use the global_symbol_pipe unless it works.
+  if test "$pipe_works" = yes; then
+    break
+  else
+    lt_cv_sys_global_symbol_pipe=
+  fi
+done
+])
+if test -z "$lt_cv_sys_global_symbol_pipe"; then
+  lt_cv_sys_global_symbol_to_cdecl=
+fi
+if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
+  AC_MSG_RESULT(failed)
+else
+  AC_MSG_RESULT(ok)
+fi
+
+_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1],
+    [Take the output of nm and produce a listing of raw symbols and C names])
+_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1],
+    [Transform the output of nm in a proper C declaration])
+_LT_DECL([global_symbol_to_c_name_address],
+    [lt_cv_sys_global_symbol_to_c_name_address], [1],
+    [Transform the output of nm in a C name address pair])
+_LT_DECL([global_symbol_to_c_name_address_lib_prefix],
+    [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1],
+    [Transform the output of nm in a C name address pair when lib prefix is needed])
+]) # _LT_CMD_GLOBAL_SYMBOLS
+
+
+# _LT_COMPILER_PIC([TAGNAME])
+# ---------------------------
+m4_defun([_LT_COMPILER_PIC],
+[m4_require([_LT_TAG_COMPILER])dnl
+_LT_TAGVAR(lt_prog_compiler_wl, $1)=
+_LT_TAGVAR(lt_prog_compiler_pic, $1)=
+_LT_TAGVAR(lt_prog_compiler_static, $1)=
+
+AC_MSG_CHECKING([for $compiler option to produce PIC])
+m4_if([$1], [CXX], [
+  # C++ specific cases for pic, static, wl, etc.
+  if test "$GXX" = yes; then
+    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+
+    case $host_os in
+    aix*)
+      # All AIX code is PIC.
+      if test "$host_cpu" = ia64; then
+	# AIX 5 now supports IA64 processor
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      fi
+      ;;
+
+    amigaos*)
+      case $host_cpu in
+      powerpc)
+            # see comment about AmigaOS4 .so support
+            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+        ;;
+      m68k)
+            # FIXME: we need at least 68020 code to build shared libraries, but
+            # adding the `-m68020' flag to GCC prevents building anything better,
+            # like `-m68040'.
+            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
+        ;;
+      esac
+      ;;
+
+    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+      # PIC is the default for these OSes.
+      ;;
+    mingw* | cygwin* | os2* | pw32* | cegcc*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      # Although the cygwin gcc ignores -fPIC, still need this for old-style
+      # (--disable-auto-import) libraries
+      m4_if([$1], [GCJ], [],
+	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
+      ;;
+    darwin* | rhapsody*)
+      # PIC is the default on this platform
+      # Common symbols not allowed in MH_DYLIB files
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
+      ;;
+    *djgpp*)
+      # DJGPP does not support shared libraries at all
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)=
+      ;;
+    interix[[3-9]]*)
+      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+      # Instead, we relocate shared libraries at runtime.
+      ;;
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
+      fi
+      ;;
+    hpux*)
+      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
+      # sets the default TLS model and affects inlining.
+      case $host_cpu in
+      hppa*64*)
+	;;
+      *)
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+	;;
+      esac
+      ;;
+    *qnx* | *nto*)
+      # QNX uses GNU C++, but need to define -shared option too, otherwise
+      # it will coredump.
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
+      ;;
+    *)
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+      ;;
+    esac
+  else
+    case $host_os in
+      aix[[4-9]]*)
+	# All AIX code is PIC.
+	if test "$host_cpu" = ia64; then
+	  # AIX 5 now supports IA64 processor
+	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	else
+	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
+	fi
+	;;
+      chorus*)
+	case $cc_basename in
+	cxch68*)
+	  # Green Hills C++ Compiler
+	  # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
+	  ;;
+	esac
+	;;
+      dgux*)
+	case $cc_basename in
+	  ec++*)
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	    ;;
+	  ghcx*)
+	    # Green Hills C++ Compiler
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      freebsd* | dragonfly*)
+	# FreeBSD uses GNU C++
+	;;
+      hpux9* | hpux10* | hpux11*)
+	case $cc_basename in
+	  CC*)
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+	    if test "$host_cpu" != ia64; then
+	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+	    fi
+	    ;;
+	  aCC*)
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+	    case $host_cpu in
+	    hppa*64*|ia64*)
+	      # +Z the default
+	      ;;
+	    *)
+	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+	      ;;
+	    esac
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      interix*)
+	# This is c89, which is MS Visual C++ (no shared libs)
+	# Anyone wants to do a port?
+	;;
+      irix5* | irix6* | nonstopux*)
+	case $cc_basename in
+	  CC*)
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+	    # CC pic flag -KPIC is the default.
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      linux* | k*bsd*-gnu)
+	case $cc_basename in
+	  KCC*)
+	    # KAI C++ Compiler
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+	    ;;
+	  ecpc* )
+	    # old Intel C++ for x86_64 which still supported -KPIC.
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+	    ;;
+	  icpc* )
+	    # Intel C++, used to be incompatible with GCC.
+	    # ICC 10 doesn't accept -KPIC any more.
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+	    ;;
+	  pgCC* | pgcpp*)
+	    # Portland Group C++ compiler
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	    ;;
+	  cxx*)
+	    # Compaq C++
+	    # Make sure the PIC flag is empty.  It appears that all Alpha
+	    # Linux and Compaq Tru64 Unix objects are PIC.
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+	    ;;
+	  xlc* | xlC*)
+	    # IBM XL 8.0 on PPC
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
+	    ;;
+	  *)
+	    case `$CC -V 2>&1 | sed 5q` in
+	    *Sun\ C*)
+	      # Sun C++ 5.9
+	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+	      ;;
+	    esac
+	    ;;
+	esac
+	;;
+      lynxos*)
+	;;
+      m88k*)
+	;;
+      mvs*)
+	case $cc_basename in
+	  cxx*)
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      netbsd*)
+	;;
+      *qnx* | *nto*)
+        # QNX uses GNU C++, but need to define -shared option too, otherwise
+        # it will coredump.
+        _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
+        ;;
+      osf3* | osf4* | osf5*)
+	case $cc_basename in
+	  KCC*)
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
+	    ;;
+	  RCC*)
+	    # Rational C++ 2.4.1
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+	    ;;
+	  cxx*)
+	    # Digital/Compaq C++
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    # Make sure the PIC flag is empty.  It appears that all Alpha
+	    # Linux and Compaq Tru64 Unix objects are PIC.
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      psos*)
+	;;
+      solaris*)
+	case $cc_basename in
+	  CC*)
+	    # Sun C++ 4.2, 5.x and Centerline C++
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+	    ;;
+	  gcx*)
+	    # Green Hills C++ Compiler
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      sunos4*)
+	case $cc_basename in
+	  CC*)
+	    # Sun C++ 4.x
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	    ;;
+	  lcc*)
+	    # Lucid
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+	case $cc_basename in
+	  CC*)
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	    ;;
+	esac
+	;;
+      tandem*)
+	case $cc_basename in
+	  NCC*)
+	    # NonStop-UX NCC 3.20
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      vxworks*)
+	;;
+      *)
+	_LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+	;;
+    esac
+  fi
+],
+[
+  if test "$GCC" = yes; then
+    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+
+    case $host_os in
+      aix*)
+      # All AIX code is PIC.
+      if test "$host_cpu" = ia64; then
+	# AIX 5 now supports IA64 processor
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      fi
+      ;;
+
+    amigaos*)
+      case $host_cpu in
+      powerpc)
+            # see comment about AmigaOS4 .so support
+            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+        ;;
+      m68k)
+            # FIXME: we need at least 68020 code to build shared libraries, but
+            # adding the `-m68020' flag to GCC prevents building anything better,
+            # like `-m68040'.
+            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
+        ;;
+      esac
+      ;;
+
+    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+      # PIC is the default for these OSes.
+      ;;
+
+    mingw* | cygwin* | pw32* | os2* | cegcc*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      # Although the cygwin gcc ignores -fPIC, still need this for old-style
+      # (--disable-auto-import) libraries
+      m4_if([$1], [GCJ], [],
+	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
+      ;;
+
+    darwin* | rhapsody*)
+      # PIC is the default on this platform
+      # Common symbols not allowed in MH_DYLIB files
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
+      ;;
+
+    hpux*)
+      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
+      # sets the default TLS model and affects inlining.
+      case $host_cpu in
+      hppa*64*)
+	# +Z the default
+	;;
+      *)
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+	;;
+      esac
+      ;;
+
+    interix[[3-9]]*)
+      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+      # Instead, we relocate shared libraries at runtime.
+      ;;
+
+    msdosdjgpp*)
+      # Just because we use GCC doesn't mean we suddenly get shared libraries
+      # on systems that don't support them.
+      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+      enable_shared=no
+      ;;
+
+    *nto* | *qnx*)
+      # QNX uses GNU C++, but need to define -shared option too, otherwise
+      # it will coredump.
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
+      fi
+      ;;
+
+    *)
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+      ;;
+    esac
+  else
+    # PORTME Check for flag to pass linker flags through the system compiler.
+    case $host_os in
+    aix*)
+      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      if test "$host_cpu" = ia64; then
+	# AIX 5 now supports IA64 processor
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      else
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
+      fi
+      ;;
+
+    mingw* | cygwin* | pw32* | os2* | cegcc*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      m4_if([$1], [GCJ], [],
+	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
+      ;;
+
+    hpux9* | hpux10* | hpux11*)
+      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+      # not for PA HP-UX.
+      case $host_cpu in
+      hppa*64*|ia64*)
+	# +Z the default
+	;;
+      *)
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+	;;
+      esac
+      # Is there a better lt_prog_compiler_static that works with the bundled CC?
+      _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+      ;;
+
+    irix5* | irix6* | nonstopux*)
+      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      # PIC (with -KPIC) is the default.
+      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+      ;;
+
+    linux* | k*bsd*-gnu)
+      case $cc_basename in
+      # old Intel for x86_64 which still supported -KPIC.
+      ecc*)
+	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+        ;;
+      # icc used to be incompatible with GCC.
+      # ICC 10 doesn't accept -KPIC any more.
+      icc* | ifort*)
+	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+        ;;
+      # Lahey Fortran 8.1.
+      lf95*)
+	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared'
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='--static'
+	;;
+      pgcc* | pgf77* | pgf90* | pgf95*)
+        # Portland Group compilers (*not* the Pentium gcc compiler,
+	# which looks to be a dead project)
+	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+        ;;
+      ccc*)
+        _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+        # All Alpha code is PIC.
+        _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+        ;;
+      xl*)
+	# IBM XL C 8.0/Fortran 10.1 on PPC
+	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
+	;;
+      *)
+	case `$CC -V 2>&1 | sed 5q` in
+	*Sun\ C*)
+	  # Sun C 5.9
+	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	  ;;
+	*Sun\ F*)
+	  # Sun Fortran 8.3 passes all unrecognized flags to the linker
+	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	  _LT_TAGVAR(lt_prog_compiler_wl, $1)=''
+	  ;;
+	esac
+	;;
+      esac
+      ;;
+
+    newsos6)
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      ;;
+
+    *nto* | *qnx*)
+      # QNX uses GNU C++, but need to define -shared option too, otherwise
+      # it will coredump.
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
+      ;;
+
+    osf3* | osf4* | osf5*)
+      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      # All OSF/1 code is PIC.
+      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+      ;;
+
+    rdos*)
+      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+      ;;
+
+    solaris*)
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      case $cc_basename in
+      f77* | f90* | f95*)
+	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';;
+      *)
+	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';;
+      esac
+      ;;
+
+    sunos4*)
+      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      ;;
+
+    sysv4 | sysv4.2uw2* | sysv4.3*)
+      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec ;then
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic'
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      fi
+      ;;
+
+    sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      ;;
+
+    unicos*)
+      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+      ;;
+
+    uts4*)
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      ;;
+
+    *)
+      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+      ;;
+    esac
+  fi
+])
+case $host_os in
+  # For platforms which do not support PIC, -DPIC is meaningless:
+  *djgpp*)
+    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
+    ;;
+  *)
+    _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])"
+    ;;
+esac
+AC_MSG_RESULT([$_LT_TAGVAR(lt_prog_compiler_pic, $1)])
+_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1],
+	[How to pass a linker flag through the compiler])
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
+  _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works],
+    [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)],
+    [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [],
+    [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in
+     "" | " "*) ;;
+     *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;;
+     esac],
+    [_LT_TAGVAR(lt_prog_compiler_pic, $1)=
+     _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no])
+fi
+_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1],
+	[Additional compiler flags for building library objects])
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\"
+_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works],
+  _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1),
+  $lt_tmp_static_flag,
+  [],
+  [_LT_TAGVAR(lt_prog_compiler_static, $1)=])
+_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1],
+	[Compiler flag to prevent dynamic linking])
+])# _LT_COMPILER_PIC
+
+
+# _LT_LINKER_SHLIBS([TAGNAME])
+# ----------------------------
+# See if the linker supports building shared libraries.
+m4_defun([_LT_LINKER_SHLIBS],
+[AC_REQUIRE([LT_PATH_LD])dnl
+AC_REQUIRE([LT_PATH_NM])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_EGREP])dnl
+m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
+m4_require([_LT_TAG_COMPILER])dnl
+AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
+m4_if([$1], [CXX], [
+  _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+  case $host_os in
+  aix[[4-9]]*)
+    # If we're using GNU nm, then we don't want the "-C" option.
+    # -C means demangle to AIX nm, but means don't demangle with GNU nm
+    if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+      _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+    else
+      _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+    fi
+    ;;
+  pw32*)
+    _LT_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds"
+  ;;
+  cygwin* | mingw* | cegcc*)
+    _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;/^.*[[ ]]__nm__/s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
+  ;;
+  *)
+    _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+  ;;
+  esac
+  _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
+], [
+  runpath_var=
+  _LT_TAGVAR(allow_undefined_flag, $1)=
+  _LT_TAGVAR(always_export_symbols, $1)=no
+  _LT_TAGVAR(archive_cmds, $1)=
+  _LT_TAGVAR(archive_expsym_cmds, $1)=
+  _LT_TAGVAR(compiler_needs_object, $1)=no
+  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+  _LT_TAGVAR(export_dynamic_flag_spec, $1)=
+  _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+  _LT_TAGVAR(hardcode_automatic, $1)=no
+  _LT_TAGVAR(hardcode_direct, $1)=no
+  _LT_TAGVAR(hardcode_direct_absolute, $1)=no
+  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+  _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+  _LT_TAGVAR(hardcode_libdir_separator, $1)=
+  _LT_TAGVAR(hardcode_minus_L, $1)=no
+  _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+  _LT_TAGVAR(inherit_rpath, $1)=no
+  _LT_TAGVAR(link_all_deplibs, $1)=unknown
+  _LT_TAGVAR(module_cmds, $1)=
+  _LT_TAGVAR(module_expsym_cmds, $1)=
+  _LT_TAGVAR(old_archive_from_new_cmds, $1)=
+  _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)=
+  _LT_TAGVAR(thread_safe_flag_spec, $1)=
+  _LT_TAGVAR(whole_archive_flag_spec, $1)=
+  # include_expsyms should be a list of space-separated symbols to be *always*
+  # included in the symbol list
+  _LT_TAGVAR(include_expsyms, $1)=
+  # exclude_expsyms can be an extended regexp of symbols to exclude
+  # it will be wrapped by ` (' and `)$', so one must not match beginning or
+  # end of line.  Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+  # as well as any symbol that contains `d'.
+  _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
+  # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+  # platforms (ab)use it in PIC code, but their linkers get confused if
+  # the symbol is explicitly referenced.  Since portable code cannot
+  # rely on this symbol name, it's probably fine to never include it in
+  # preloaded symbol tables.
+  # Exclude shared library initialization/finalization symbols.
+dnl Note also adjust exclude_expsyms for C++ above.
+  extract_expsyms_cmds=
+
+  case $host_os in
+  cygwin* | mingw* | pw32* | cegcc*)
+    # FIXME: the MSVC++ port hasn't been tested in a loooong time
+    # When not using gcc, we currently assume that we are using
+    # Microsoft Visual C++.
+    if test "$GCC" != yes; then
+      with_gnu_ld=no
+    fi
+    ;;
+  interix*)
+    # we just hope/assume this is gcc and not c89 (= MSVC++)
+    with_gnu_ld=yes
+    ;;
+  openbsd*)
+    with_gnu_ld=no
+    ;;
+  esac
+
+  _LT_TAGVAR(ld_shlibs, $1)=yes
+  if test "$with_gnu_ld" = yes; then
+    # If archive_cmds runs LD, not CC, wlarc should be empty
+    wlarc='${wl}'
+
+    # Set some defaults for GNU ld with shared library support. These
+    # are reset later if shared libraries are not supported. Putting them
+    # here allows them to be overridden if necessary.
+    runpath_var=LD_RUN_PATH
+    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+    _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+    # ancient GNU ld didn't support --whole-archive et. al.
+    if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
+      _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+    else
+      _LT_TAGVAR(whole_archive_flag_spec, $1)=
+    fi
+    supports_anon_versioning=no
+    case `$LD -v 2>&1` in
+      *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
+      *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+      *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+      *\ 2.11.*) ;; # other 2.11 versions
+      *) supports_anon_versioning=yes ;;
+    esac
+
+    # See if GNU ld supports shared libraries.
+    case $host_os in
+    aix[[3-9]]*)
+      # On AIX/PPC, the GNU linker is very broken
+      if test "$host_cpu" != ia64; then
+	_LT_TAGVAR(ld_shlibs, $1)=no
+	cat <<_LT_EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support.  If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+_LT_EOF
+      fi
+      ;;
+
+    amigaos*)
+      case $host_cpu in
+      powerpc)
+            # see comment about AmigaOS4 .so support
+            _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+            _LT_TAGVAR(archive_expsym_cmds, $1)=''
+        ;;
+      m68k)
+            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+            _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+            _LT_TAGVAR(hardcode_minus_L, $1)=yes
+        ;;
+      esac
+      ;;
+
+    beos*)
+      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+	# Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+	# support --undefined.  This deserves some investigation.  FIXME
+	_LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+      else
+	_LT_TAGVAR(ld_shlibs, $1)=no
+      fi
+      ;;
+
+    cygwin* | mingw* | pw32* | cegcc*)
+      # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
+      # as there is no search path for DLLs.
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+      _LT_TAGVAR(always_export_symbols, $1)=no
+      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+      _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
+
+      if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+	# If the export-symbols file already is a .def file (1st line
+	# is EXPORTS), use it as is; otherwise, prepend...
+	_LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+	  cp $export_symbols $output_objdir/$soname.def;
+	else
+	  echo EXPORTS > $output_objdir/$soname.def;
+	  cat $export_symbols >> $output_objdir/$soname.def;
+	fi~
+	$CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+      else
+	_LT_TAGVAR(ld_shlibs, $1)=no
+      fi
+      ;;
+
+    interix[[3-9]]*)
+      _LT_TAGVAR(hardcode_direct, $1)=no
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+      _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+      # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+      # Instead, shared libraries are loaded at an image base (0x10000000 by
+      # default) and relocated if they conflict, which is a slow very memory
+      # consuming and fragmenting process.  To avoid this, we pick a random,
+      # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+      # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
+      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      ;;
+
+    gnu* | linux* | tpf* | k*bsd*-gnu)
+      tmp_diet=no
+      if test "$host_os" = linux-dietlibc; then
+	case $cc_basename in
+	  diet\ *) tmp_diet=yes;;	# linux-dietlibc with static linking (!diet-dyn)
+	esac
+      fi
+      if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
+	 && test "$tmp_diet" = no
+      then
+	tmp_addflag=
+	tmp_sharedflag='-shared'
+	case $cc_basename,$host_cpu in
+        pgcc*)				# Portland Group C compiler
+	  _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+	  tmp_addflag=' $pic_flag'
+	  ;;
+	pgf77* | pgf90* | pgf95*)	# Portland Group f77 and f90 compilers
+	  _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+	  tmp_addflag=' $pic_flag -Mnomain' ;;
+	ecc*,ia64* | icc*,ia64*)	# Intel C compiler on ia64
+	  tmp_addflag=' -i_dynamic' ;;
+	efc*,ia64* | ifort*,ia64*)	# Intel Fortran compiler on ia64
+	  tmp_addflag=' -i_dynamic -nofor_main' ;;
+	ifc* | ifort*)			# Intel Fortran compiler
+	  tmp_addflag=' -nofor_main' ;;
+	lf95*)				# Lahey Fortran 8.1
+	  _LT_TAGVAR(whole_archive_flag_spec, $1)=
+	  tmp_sharedflag='--shared' ;;
+	xl[[cC]]*)			# IBM XL C 8.0 on PPC (deal with xlf below)
+	  tmp_sharedflag='-qmkshrobj'
+	  tmp_addflag= ;;
+	esac
+	case `$CC -V 2>&1 | sed 5q` in
+	*Sun\ C*)			# Sun C 5.9
+	  _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+	  _LT_TAGVAR(compiler_needs_object, $1)=yes
+	  tmp_sharedflag='-G' ;;
+	*Sun\ F*)			# Sun Fortran 8.3
+	  tmp_sharedflag='-G' ;;
+	esac
+	_LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+        if test "x$supports_anon_versioning" = xyes; then
+          _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
+	    cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+	    echo "local: *; };" >> $output_objdir/$libname.ver~
+	    $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+        fi
+
+	case $cc_basename in
+	xlf*)
+	  # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
+	  _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive'
+	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+	  _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir'
+	  _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $compiler_flags -soname $soname -o $lib'
+	  if test "x$supports_anon_versioning" = xyes; then
+	    _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
+	      cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+	      echo "local: *; };" >> $output_objdir/$libname.ver~
+	      $LD -shared $libobjs $deplibs $compiler_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
+	  fi
+	  ;;
+	esac
+      else
+        _LT_TAGVAR(ld_shlibs, $1)=no
+      fi
+      ;;
+
+    netbsd*)
+      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+	_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+	wlarc=
+      else
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+      fi
+      ;;
+
+    solaris*)
+      if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
+	_LT_TAGVAR(ld_shlibs, $1)=no
+	cat <<_LT_EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems.  Therefore, libtool
+*** is disabling shared libraries support.  We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer.  Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+      elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+      else
+	_LT_TAGVAR(ld_shlibs, $1)=no
+      fi
+      ;;
+
+    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+      case `$LD -v 2>&1` in
+        *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
+	_LT_TAGVAR(ld_shlibs, $1)=no
+	cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+*** reliably create shared libraries on SCO systems.  Therefore, libtool
+*** is disabling shared libraries support.  We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer.  Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+	;;
+	*)
+	  # For security reasons, it is highly recommended that you always
+	  # use absolute paths for naming shared libraries, and exclude the
+	  # DT_RUNPATH tag from executables and libraries.  But doing so
+	  # requires that you compile everything twice, which is a pain.
+	  if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+	  else
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	  fi
+	;;
+      esac
+      ;;
+
+    sunos4*)
+      _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+      wlarc=
+      _LT_TAGVAR(hardcode_direct, $1)=yes
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    *)
+      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+      else
+	_LT_TAGVAR(ld_shlibs, $1)=no
+      fi
+      ;;
+    esac
+
+    if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then
+      runpath_var=
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+      _LT_TAGVAR(export_dynamic_flag_spec, $1)=
+      _LT_TAGVAR(whole_archive_flag_spec, $1)=
+    fi
+  else
+    # PORTME fill in a description of your system's linker (not GNU ld)
+    case $host_os in
+    aix3*)
+      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+      _LT_TAGVAR(always_export_symbols, $1)=yes
+      _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+      # Note: this linker hardcodes the directories in LIBPATH if there
+      # are no directories specified by -L.
+      _LT_TAGVAR(hardcode_minus_L, $1)=yes
+      if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
+	# Neither direct hardcoding nor static linking is supported with a
+	# broken collect2.
+	_LT_TAGVAR(hardcode_direct, $1)=unsupported
+      fi
+      ;;
+
+    aix[[4-9]]*)
+      if test "$host_cpu" = ia64; then
+	# On IA64, the linker does run time linking by default, so we don't
+	# have to do anything special.
+	aix_use_runtimelinking=no
+	exp_sym_flag='-Bexport'
+	no_entry_flag=""
+      else
+	# If we're using GNU nm, then we don't want the "-C" option.
+	# -C means demangle to AIX nm, but means don't demangle with GNU nm
+	if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+	  _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+	else
+	  _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+	fi
+	aix_use_runtimelinking=no
+
+	# Test if we are trying to use run time linking or normal
+	# AIX style linking. If -brtl is somewhere in LDFLAGS, we
+	# need to do runtime linking.
+	case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
+	  for ld_flag in $LDFLAGS; do
+	  if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+	    aix_use_runtimelinking=yes
+	    break
+	  fi
+	  done
+	  ;;
+	esac
+
+	exp_sym_flag='-bexport'
+	no_entry_flag='-bnoentry'
+      fi
+
+      # When large executables or shared objects are built, AIX ld can
+      # have problems creating the table of contents.  If linking a library
+      # or program results in "error TOC overflow" add -mminimal-toc to
+      # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
+      # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+      _LT_TAGVAR(archive_cmds, $1)=''
+      _LT_TAGVAR(hardcode_direct, $1)=yes
+      _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+      _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
+      _LT_TAGVAR(link_all_deplibs, $1)=yes
+      _LT_TAGVAR(file_list_spec, $1)='${wl}-f,'
+
+      if test "$GCC" = yes; then
+	case $host_os in aix4.[[012]]|aix4.[[012]].*)
+	# We only want to do this on AIX 4.2 and lower, the check
+	# below for broken collect2 doesn't work under 4.3+
+	  collect2name=`${CC} -print-prog-name=collect2`
+	  if test -f "$collect2name" &&
+	   strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+	  then
+	  # We have reworked collect2
+	  :
+	  else
+	  # We have old collect2
+	  _LT_TAGVAR(hardcode_direct, $1)=unsupported
+	  # It fails to find uninstalled libraries when the uninstalled
+	  # path is not listed in the libpath.  Setting hardcode_minus_L
+	  # to unsupported forces relinking
+	  _LT_TAGVAR(hardcode_minus_L, $1)=yes
+	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+	  _LT_TAGVAR(hardcode_libdir_separator, $1)=
+	  fi
+	  ;;
+	esac
+	shared_flag='-shared'
+	if test "$aix_use_runtimelinking" = yes; then
+	  shared_flag="$shared_flag "'${wl}-G'
+	fi
+      else
+	# not using gcc
+	if test "$host_cpu" = ia64; then
+	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+	# chokes on -Wl,-G. The following line is correct:
+	  shared_flag='-G'
+	else
+	  if test "$aix_use_runtimelinking" = yes; then
+	    shared_flag='${wl}-G'
+	  else
+	    shared_flag='${wl}-bM:SRE'
+	  fi
+	fi
+      fi
+
+      _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall'
+      # It seems that -bexpall does not export symbols beginning with
+      # underscore (_), so it is better to generate a list of symbols to export.
+      _LT_TAGVAR(always_export_symbols, $1)=yes
+      if test "$aix_use_runtimelinking" = yes; then
+	# Warning - without using the other runtime loading flags (-brtl),
+	# -berok will link without error, but may produce a broken library.
+	_LT_TAGVAR(allow_undefined_flag, $1)='-berok'
+        # Determine the default libpath from the value encoded in an
+        # empty executable.
+        _LT_SYS_MODULE_PATH_AIX
+        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+        _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+      else
+	if test "$host_cpu" = ia64; then
+	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
+	  _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
+	  _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+	else
+	 # Determine the default libpath from the value encoded in an
+	 # empty executable.
+	 _LT_SYS_MODULE_PATH_AIX
+	 _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+	  # Warning - without using the other run time loading flags,
+	  # -berok will link without error, but may produce a broken library.
+	  _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
+	  _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
+	  # Exported symbols can be pulled into shared objects from archives
+	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
+	  _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
+	  # This is similar to how AIX traditionally builds its shared libraries.
+	  _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+	fi
+      fi
+      ;;
+
+    amigaos*)
+      case $host_cpu in
+      powerpc)
+            # see comment about AmigaOS4 .so support
+            _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+            _LT_TAGVAR(archive_expsym_cmds, $1)=''
+        ;;
+      m68k)
+            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+            _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+            _LT_TAGVAR(hardcode_minus_L, $1)=yes
+        ;;
+      esac
+      ;;
+
+    bsdi[[45]]*)
+      _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic
+      ;;
+
+    cygwin* | mingw* | pw32* | cegcc*)
+      # When not using gcc, we currently assume that we are using
+      # Microsoft Visual C++.
+      # hardcode_libdir_flag_spec is actually meaningless, as there is
+      # no search path for DLLs.
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
+      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+      # Tell ltmain to make .lib files, not .a files.
+      libext=lib
+      # Tell ltmain to make .dll files, not .so files.
+      shrext_cmds=".dll"
+      # FIXME: Setting linknames here is a bad hack.
+      _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `$ECHO "X$deplibs" | $Xsed -e '\''s/ -lc$//'\''` -link -dll~linknames='
+      # The linker will automatically build a .lib file if we build a DLL.
+      _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
+      # FIXME: Should let the user specify the lib program.
+      _LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs'
+      _LT_TAGVAR(fix_srcfile_path, $1)='`cygpath -w "$srcfile"`'
+      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+      ;;
+
+    darwin* | rhapsody*)
+      _LT_DARWIN_LINKER_FEATURES($1)
+      ;;
+
+    dgux*)
+      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    freebsd1*)
+      _LT_TAGVAR(ld_shlibs, $1)=no
+      ;;
+
+    # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+    # support.  Future versions do this automatically, but an explicit c++rt0.o
+    # does not break anything, and helps significantly (at the cost of a little
+    # extra space).
+    freebsd2.2*)
+      _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+      _LT_TAGVAR(hardcode_direct, $1)=yes
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+    freebsd2*)
+      _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+      _LT_TAGVAR(hardcode_direct, $1)=yes
+      _LT_TAGVAR(hardcode_minus_L, $1)=yes
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+    freebsd* | dragonfly*)
+      _LT_TAGVAR(archive_cmds, $1)='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+      _LT_TAGVAR(hardcode_direct, $1)=yes
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    hpux9*)
+      if test "$GCC" = yes; then
+	_LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+      else
+	_LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+      fi
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+      _LT_TAGVAR(hardcode_direct, $1)=yes
+
+      # hardcode_minus_L: Not really in the search PATH,
+      # but as the default location of the library.
+      _LT_TAGVAR(hardcode_minus_L, $1)=yes
+      _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+      ;;
+
+    hpux10*)
+      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+      fi
+      if test "$with_gnu_ld" = no; then
+	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+	_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'
+	_LT_TAGVAR(hardcode_libdir_separator, $1)=:
+	_LT_TAGVAR(hardcode_direct, $1)=yes
+	_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+	_LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+	# hardcode_minus_L: Not really in the search PATH,
+	# but as the default location of the library.
+	_LT_TAGVAR(hardcode_minus_L, $1)=yes
+      fi
+      ;;
+
+    hpux11*)
+      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+	case $host_cpu in
+	hppa*64*)
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	ia64*)
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	esac
+      else
+	case $host_cpu in
+	hppa*64*)
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	ia64*)
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	esac
+      fi
+      if test "$with_gnu_ld" = no; then
+	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+	_LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+	case $host_cpu in
+	hppa*64*|ia64*)
+	  _LT_TAGVAR(hardcode_direct, $1)=no
+	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+	  ;;
+	*)
+	  _LT_TAGVAR(hardcode_direct, $1)=yes
+	  _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+
+	  # hardcode_minus_L: Not really in the search PATH,
+	  # but as the default location of the library.
+	  _LT_TAGVAR(hardcode_minus_L, $1)=yes
+	  ;;
+	esac
+      fi
+      ;;
+
+    irix5* | irix6* | nonstopux*)
+      if test "$GCC" = yes; then
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+	# Try to use the -exported_symbol ld option, if it does not
+	# work, assume that -exports_file does not work either and
+	# implicitly export all symbols.
+        save_LDFLAGS="$LDFLAGS"
+        LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null"
+        AC_LINK_IFELSE(int foo(void) {},
+          _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib'
+        )
+        LDFLAGS="$save_LDFLAGS"
+      else
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib'
+      fi
+      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+      _LT_TAGVAR(inherit_rpath, $1)=yes
+      _LT_TAGVAR(link_all_deplibs, $1)=yes
+      ;;
+
+    netbsd*)
+      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+	_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
+      else
+	_LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
+      fi
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+      _LT_TAGVAR(hardcode_direct, $1)=yes
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    newsos6)
+      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      _LT_TAGVAR(hardcode_direct, $1)=yes
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    *nto* | *qnx*)
+      ;;
+
+    openbsd*)
+      if test -f /usr/libexec/ld.so; then
+	_LT_TAGVAR(hardcode_direct, $1)=yes
+	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+	_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+	if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+	else
+	  case $host_os in
+	   openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*)
+	     _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+	     _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+	     ;;
+	   *)
+	     _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	     _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+	     ;;
+	  esac
+	fi
+      else
+	_LT_TAGVAR(ld_shlibs, $1)=no
+      fi
+      ;;
+
+    os2*)
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+      _LT_TAGVAR(hardcode_minus_L, $1)=yes
+      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+      _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$ECHO DATA >> $output_objdir/$libname.def~$ECHO " SINGLE NONSHARED" >> $output_objdir/$libname.def~$ECHO EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+      _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+      ;;
+
+    osf3*)
+      if test "$GCC" = yes; then
+	_LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+      else
+	_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+      fi
+      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+      ;;
+
+    osf4* | osf5*)	# as osf3* with the addition of -msym flag
+      if test "$GCC" = yes; then
+	_LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+      else
+	_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
+	$CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp'
+
+	# Both c and cxx compiler support -rpath directly
+	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+      fi
+      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
+      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+      ;;
+
+    solaris*)
+      _LT_TAGVAR(no_undefined_flag, $1)=' -z defs'
+      if test "$GCC" = yes; then
+	wlarc='${wl}'
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+	  $CC -shared ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+      else
+	case `$CC -V 2>&1` in
+	*"Compilers 5.0"*)
+	  wlarc=''
+	  _LT_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+	  $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
+	  ;;
+	*)
+	  wlarc='${wl}'
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags'
+	  _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+	  $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+	  ;;
+	esac
+      fi
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      case $host_os in
+      solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+      *)
+	# The compiler driver will combine and reorder linker options,
+	# but understands `-z linker_flag'.  GCC discards it without `$wl',
+	# but is careful enough not to reorder.
+	# Supported since Solaris 2.6 (maybe 2.5.1?)
+	if test "$GCC" = yes; then
+	  _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+	else
+	  _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
+	fi
+	;;
+      esac
+      _LT_TAGVAR(link_all_deplibs, $1)=yes
+      ;;
+
+    sunos4*)
+      if test "x$host_vendor" = xsequent; then
+	# Use $CC to link under sequent, because it throws in some extra .o
+	# files that make .init and .fini sections work.
+	_LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	_LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+      fi
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+      _LT_TAGVAR(hardcode_direct, $1)=yes
+      _LT_TAGVAR(hardcode_minus_L, $1)=yes
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    sysv4)
+      case $host_vendor in
+	sni)
+	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true???
+	;;
+	siemens)
+	  ## LD is ld it makes a PLAMLIB
+	  ## CC just makes a GrossModule.
+	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+	  _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs'
+	  _LT_TAGVAR(hardcode_direct, $1)=no
+        ;;
+	motorola)
+	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie
+	;;
+      esac
+      runpath_var='LD_RUN_PATH'
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    sysv4.3*)
+      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	_LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+	runpath_var=LD_RUN_PATH
+	hardcode_runpath_var=yes
+	_LT_TAGVAR(ld_shlibs, $1)=yes
+      fi
+      ;;
+
+    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
+      _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      runpath_var='LD_RUN_PATH'
+
+      if test "$GCC" = yes; then
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	_LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      fi
+      ;;
+
+    sysv5* | sco3.2v5* | sco5v6*)
+      # Note: We can NOT use -z defs as we might desire, because we do not
+      # link with -lc, and that would cause any symbols used from libc to
+      # always be unresolved, which means just about no library would
+      # ever link correctly.  If we're not using GNU ld we use -z text
+      # though, which does catch some bad symbols but isn't as heavy-handed
+      # as -z defs.
+      _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+      _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs'
+      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir'
+      _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
+      _LT_TAGVAR(link_all_deplibs, $1)=yes
+      _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport'
+      runpath_var='LD_RUN_PATH'
+
+      if test "$GCC" = yes; then
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	_LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      fi
+      ;;
+
+    uts4*)
+      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    *)
+      _LT_TAGVAR(ld_shlibs, $1)=no
+      ;;
+    esac
+
+    if test x$host_vendor = xsni; then
+      case $host in
+      sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+	_LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Blargedynsym'
+	;;
+      esac
+    fi
+  fi
+])
+AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
+test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
+
+_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld
+
+_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl
+_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl
+_LT_DECL([], [extract_expsyms_cmds], [2],
+    [The commands to extract the exported symbol list from a shared archive])
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in
+x|xyes)
+  # Assume -lc should be added
+  _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
+
+  if test "$enable_shared" = yes && test "$GCC" = yes; then
+    case $_LT_TAGVAR(archive_cmds, $1) in
+    *'~'*)
+      # FIXME: we may have to deal with multi-command sequences.
+      ;;
+    '$CC '*)
+      # Test whether the compiler implicitly links with -lc since on some
+      # systems, -lgcc has to come before -lc. If gcc already passes -lc
+      # to ld, don't add -lc before -lgcc.
+      AC_MSG_CHECKING([whether -lc should be explicitly linked in])
+      $RM conftest*
+      echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+      if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
+        soname=conftest
+        lib=conftest
+        libobjs=conftest.$ac_objext
+        deplibs=
+        wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1)
+	pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1)
+        compiler_flags=-v
+        linker_flags=-v
+        verstring=
+        output_objdir=.
+        libname=conftest
+        lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1)
+        _LT_TAGVAR(allow_undefined_flag, $1)=
+        if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1)
+        then
+	  _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+        else
+	  _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
+        fi
+        _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag
+      else
+        cat conftest.err 1>&5
+      fi
+      $RM conftest*
+      AC_MSG_RESULT([$_LT_TAGVAR(archive_cmds_need_lc, $1)])
+      ;;
+    esac
+  fi
+  ;;
+esac
+
+_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0],
+    [Whether or not to add -lc for building shared libraries])
+_LT_TAGDECL([allow_libtool_libs_with_static_runtimes],
+    [enable_shared_with_static_runtimes], [0],
+    [Whether or not to disallow shared libs when runtime libs are static])
+_LT_TAGDECL([], [export_dynamic_flag_spec], [1],
+    [Compiler flag to allow reflexive dlopens])
+_LT_TAGDECL([], [whole_archive_flag_spec], [1],
+    [Compiler flag to generate shared objects directly from archives])
+_LT_TAGDECL([], [compiler_needs_object], [1],
+    [Whether the compiler copes with passing no objects directly])
+_LT_TAGDECL([], [old_archive_from_new_cmds], [2],
+    [Create an old-style archive from a shared archive])
+_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2],
+    [Create a temporary old-style archive to link instead of a shared archive])
+_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive])
+_LT_TAGDECL([], [archive_expsym_cmds], [2])
+_LT_TAGDECL([], [module_cmds], [2],
+    [Commands used to build a loadable module if different from building
+    a shared archive.])
+_LT_TAGDECL([], [module_expsym_cmds], [2])
+_LT_TAGDECL([], [with_gnu_ld], [1],
+    [Whether we are building with GNU ld or not])
+_LT_TAGDECL([], [allow_undefined_flag], [1],
+    [Flag that allows shared libraries with undefined symbols to be built])
+_LT_TAGDECL([], [no_undefined_flag], [1],
+    [Flag that enforces no undefined symbols])
+_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1],
+    [Flag to hardcode $libdir into a binary during linking.
+    This must work even if $libdir does not exist])
+_LT_TAGDECL([], [hardcode_libdir_flag_spec_ld], [1],
+    [[If ld is used when linking, flag to hardcode $libdir into a binary
+    during linking.  This must work even if $libdir does not exist]])
+_LT_TAGDECL([], [hardcode_libdir_separator], [1],
+    [Whether we need a single "-rpath" flag with a separated argument])
+_LT_TAGDECL([], [hardcode_direct], [0],
+    [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes
+    DIR into the resulting binary])
+_LT_TAGDECL([], [hardcode_direct_absolute], [0],
+    [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes
+    DIR into the resulting binary and the resulting library dependency is
+    "absolute", i.e impossible to change by setting ${shlibpath_var} if the
+    library is relocated])
+_LT_TAGDECL([], [hardcode_minus_L], [0],
+    [Set to "yes" if using the -LDIR flag during linking hardcodes DIR
+    into the resulting binary])
+_LT_TAGDECL([], [hardcode_shlibpath_var], [0],
+    [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
+    into the resulting binary])
+_LT_TAGDECL([], [hardcode_automatic], [0],
+    [Set to "yes" if building a shared library automatically hardcodes DIR
+    into the library and all subsequent libraries and executables linked
+    against it])
+_LT_TAGDECL([], [inherit_rpath], [0],
+    [Set to yes if linker adds runtime paths of dependent libraries
+    to runtime path list])
+_LT_TAGDECL([], [link_all_deplibs], [0],
+    [Whether libtool must link a program against all its dependency libraries])
+_LT_TAGDECL([], [fix_srcfile_path], [1],
+    [Fix the shell variable $srcfile for the compiler])
+_LT_TAGDECL([], [always_export_symbols], [0],
+    [Set to "yes" if exported symbols are required])
+_LT_TAGDECL([], [export_symbols_cmds], [2],
+    [The commands to list exported symbols])
+_LT_TAGDECL([], [exclude_expsyms], [1],
+    [Symbols that should not be listed in the preloaded symbols])
+_LT_TAGDECL([], [include_expsyms], [1],
+    [Symbols that must always be exported])
+_LT_TAGDECL([], [prelink_cmds], [2],
+    [Commands necessary for linking programs (against libraries) with templates])
+_LT_TAGDECL([], [file_list_spec], [1],
+    [Specify filename containing input files])
+dnl FIXME: Not yet implemented
+dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1],
+dnl    [Compiler flag to generate thread safe objects])
+])# _LT_LINKER_SHLIBS
+
+
+# _LT_LANG_C_CONFIG([TAG])
+# ------------------------
+# Ensure that the configuration variables for a C compiler are suitably
+# defined.  These variables are subsequently used by _LT_CONFIG to write
+# the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_C_CONFIG],
+[m4_require([_LT_DECL_EGREP])dnl
+lt_save_CC="$CC"
+AC_LANG_PUSH(C)
+
+# Source file extension for C test sources.
+ac_ext=c
+
+# Object file extension for compiled C test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(){return(0);}'
+
+_LT_TAG_COMPILER
+# Save the default compiler, since it gets overwritten when the other
+# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
+compiler_DEFAULT=$CC
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+## CAVEAT EMPTOR:
+## There is no encapsulation within the following macros, do not change
+## the running order or otherwise move them around unless you know exactly
+## what you are doing...
+if test -n "$compiler"; then
+  _LT_COMPILER_NO_RTTI($1)
+  _LT_COMPILER_PIC($1)
+  _LT_COMPILER_C_O($1)
+  _LT_COMPILER_FILE_LOCKS($1)
+  _LT_LINKER_SHLIBS($1)
+  _LT_SYS_DYNAMIC_LINKER($1)
+  _LT_LINKER_HARDCODE_LIBPATH($1)
+  LT_SYS_DLOPEN_SELF
+  _LT_CMD_STRIPLIB
+
+  # Report which library types will actually be built
+  AC_MSG_CHECKING([if libtool supports shared libraries])
+  AC_MSG_RESULT([$can_build_shared])
+
+  AC_MSG_CHECKING([whether to build shared libraries])
+  test "$can_build_shared" = "no" && enable_shared=no
+
+  # On AIX, shared libraries and static libraries use the same namespace, and
+  # are all built from PIC.
+  case $host_os in
+  aix3*)
+    test "$enable_shared" = yes && enable_static=no
+    if test -n "$RANLIB"; then
+      archive_cmds="$archive_cmds~\$RANLIB \$lib"
+      postinstall_cmds='$RANLIB $lib'
+    fi
+    ;;
+
+  aix[[4-9]]*)
+    if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+      test "$enable_shared" = yes && enable_static=no
+    fi
+    ;;
+  esac
+  AC_MSG_RESULT([$enable_shared])
+
+  AC_MSG_CHECKING([whether to build static libraries])
+  # Make sure either enable_shared or enable_static is yes.
+  test "$enable_shared" = yes || enable_static=yes
+  AC_MSG_RESULT([$enable_static])
+
+  _LT_CONFIG($1)
+fi
+AC_LANG_POP
+CC="$lt_save_CC"
+])# _LT_LANG_C_CONFIG
+
+
+# _LT_PROG_CXX
+# ------------
+# Since AC_PROG_CXX is broken, in that it returns g++ if there is no c++
+# compiler, we have our own version here.
+m4_defun([_LT_PROG_CXX],
+[
+pushdef([AC_MSG_ERROR], [_lt_caught_CXX_error=yes])
+AC_PROG_CXX
+if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+    ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+    (test "X$CXX" != "Xg++"))) ; then
+  AC_PROG_CXXCPP
+else
+  _lt_caught_CXX_error=yes
+fi
+popdef([AC_MSG_ERROR])
+])# _LT_PROG_CXX
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([_LT_PROG_CXX], [])
+
+
+# _LT_LANG_CXX_CONFIG([TAG])
+# --------------------------
+# Ensure that the configuration variables for a C++ compiler are suitably
+# defined.  These variables are subsequently used by _LT_CONFIG to write
+# the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_CXX_CONFIG],
+[AC_REQUIRE([_LT_PROG_CXX])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_EGREP])dnl
+
+AC_LANG_PUSH(C++)
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_TAGVAR(allow_undefined_flag, $1)=
+_LT_TAGVAR(always_export_symbols, $1)=no
+_LT_TAGVAR(archive_expsym_cmds, $1)=
+_LT_TAGVAR(compiler_needs_object, $1)=no
+_LT_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_TAGVAR(hardcode_direct, $1)=no
+_LT_TAGVAR(hardcode_direct_absolute, $1)=no
+_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+_LT_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_TAGVAR(hardcode_minus_L, $1)=no
+_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+_LT_TAGVAR(hardcode_automatic, $1)=no
+_LT_TAGVAR(inherit_rpath, $1)=no
+_LT_TAGVAR(module_cmds, $1)=
+_LT_TAGVAR(module_expsym_cmds, $1)=
+_LT_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(no_undefined_flag, $1)=
+_LT_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Source file extension for C++ test sources.
+ac_ext=cpp
+
+# Object file extension for compiled C++ test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# No sense in running all these tests if we already determined that
+# the CXX compiler isn't working.  Some variables (like enable_shared)
+# are currently assumed to apply to all compilers on this platform,
+# and will be corrupted by setting them based on a non-working compiler.
+if test "$_lt_caught_CXX_error" != yes; then
+  # Code to be used in simple compile tests
+  lt_simple_compile_test_code="int some_variable = 0;"
+
+  # Code to be used in simple link tests
+  lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }'
+
+  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
+  _LT_TAG_COMPILER
+
+  # save warnings/boilerplate of simple test code
+  _LT_COMPILER_BOILERPLATE
+  _LT_LINKER_BOILERPLATE
+
+  # Allow CC to be a program name with arguments.
+  lt_save_CC=$CC
+  lt_save_LD=$LD
+  lt_save_GCC=$GCC
+  GCC=$GXX
+  lt_save_with_gnu_ld=$with_gnu_ld
+  lt_save_path_LD=$lt_cv_path_LD
+  if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
+    lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
+  else
+    $as_unset lt_cv_prog_gnu_ld
+  fi
+  if test -n "${lt_cv_path_LDCXX+set}"; then
+    lt_cv_path_LD=$lt_cv_path_LDCXX
+  else
+    $as_unset lt_cv_path_LD
+  fi
+  test -z "${LDCXX+set}" || LD=$LDCXX
+  CC=${CXX-"c++"}
+  compiler=$CC
+  _LT_TAGVAR(compiler, $1)=$CC
+  _LT_CC_BASENAME([$compiler])
+
+  if test -n "$compiler"; then
+    # We don't want -fno-exception when compiling C++ code, so set the
+    # no_builtin_flag separately
+    if test "$GXX" = yes; then
+      _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
+    else
+      _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
+    fi
+
+    if test "$GXX" = yes; then
+      # Set up default GNU C++ configuration
+
+      LT_PATH_LD
+
+      # Check if GNU C++ uses GNU ld as the underlying linker, since the
+      # archiving commands below assume that GNU ld is being used.
+      if test "$with_gnu_ld" = yes; then
+        _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+        _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+
+        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+        _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+
+        # If archive_cmds runs LD, not CC, wlarc should be empty
+        # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
+        #     investigate it a little bit more. (MM)
+        wlarc='${wl}'
+
+        # ancient GNU ld didn't support --whole-archive et. al.
+        if eval "`$CC -print-prog-name=ld` --help 2>&1" |
+	  $GREP 'no-whole-archive' > /dev/null; then
+          _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+        else
+          _LT_TAGVAR(whole_archive_flag_spec, $1)=
+        fi
+      else
+        with_gnu_ld=no
+        wlarc=
+
+        # A generic and very simple default shared library creation
+        # command for GNU C++ for the case where it uses the native
+        # linker, instead of GNU ld.  If possible, this setting should
+        # overridden to take advantage of the native linker features on
+        # the platform it is being used on.
+        _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+      fi
+
+      # Commands to make compiler produce verbose output that lists
+      # what "hidden" libraries, object files and flags are used when
+      # linking a shared library.
+      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+
+    else
+      GXX=no
+      with_gnu_ld=no
+      wlarc=
+    fi
+
+    # PORTME: fill in a description of your system's C++ link characteristics
+    AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
+    _LT_TAGVAR(ld_shlibs, $1)=yes
+    case $host_os in
+      aix3*)
+        # FIXME: insert proper C++ library support
+        _LT_TAGVAR(ld_shlibs, $1)=no
+        ;;
+      aix[[4-9]]*)
+        if test "$host_cpu" = ia64; then
+          # On IA64, the linker does run time linking by default, so we don't
+          # have to do anything special.
+          aix_use_runtimelinking=no
+          exp_sym_flag='-Bexport'
+          no_entry_flag=""
+        else
+          aix_use_runtimelinking=no
+
+          # Test if we are trying to use run time linking or normal
+          # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+          # need to do runtime linking.
+          case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
+	    for ld_flag in $LDFLAGS; do
+	      case $ld_flag in
+	      *-brtl*)
+	        aix_use_runtimelinking=yes
+	        break
+	        ;;
+	      esac
+	    done
+	    ;;
+          esac
+
+          exp_sym_flag='-bexport'
+          no_entry_flag='-bnoentry'
+        fi
+
+        # When large executables or shared objects are built, AIX ld can
+        # have problems creating the table of contents.  If linking a library
+        # or program results in "error TOC overflow" add -mminimal-toc to
+        # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
+        # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+        _LT_TAGVAR(archive_cmds, $1)=''
+        _LT_TAGVAR(hardcode_direct, $1)=yes
+        _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+        _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
+        _LT_TAGVAR(link_all_deplibs, $1)=yes
+        _LT_TAGVAR(file_list_spec, $1)='${wl}-f,'
+
+        if test "$GXX" = yes; then
+          case $host_os in aix4.[[012]]|aix4.[[012]].*)
+          # We only want to do this on AIX 4.2 and lower, the check
+          # below for broken collect2 doesn't work under 4.3+
+	  collect2name=`${CC} -print-prog-name=collect2`
+	  if test -f "$collect2name" &&
+	     strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+	  then
+	    # We have reworked collect2
+	    :
+	  else
+	    # We have old collect2
+	    _LT_TAGVAR(hardcode_direct, $1)=unsupported
+	    # It fails to find uninstalled libraries when the uninstalled
+	    # path is not listed in the libpath.  Setting hardcode_minus_L
+	    # to unsupported forces relinking
+	    _LT_TAGVAR(hardcode_minus_L, $1)=yes
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+	    _LT_TAGVAR(hardcode_libdir_separator, $1)=
+	  fi
+          esac
+          shared_flag='-shared'
+	  if test "$aix_use_runtimelinking" = yes; then
+	    shared_flag="$shared_flag "'${wl}-G'
+	  fi
+        else
+          # not using gcc
+          if test "$host_cpu" = ia64; then
+	  # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+	  # chokes on -Wl,-G. The following line is correct:
+	  shared_flag='-G'
+          else
+	    if test "$aix_use_runtimelinking" = yes; then
+	      shared_flag='${wl}-G'
+	    else
+	      shared_flag='${wl}-bM:SRE'
+	    fi
+          fi
+        fi
+
+        _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall'
+        # It seems that -bexpall does not export symbols beginning with
+        # underscore (_), so it is better to generate a list of symbols to
+	# export.
+        _LT_TAGVAR(always_export_symbols, $1)=yes
+        if test "$aix_use_runtimelinking" = yes; then
+          # Warning - without using the other runtime loading flags (-brtl),
+          # -berok will link without error, but may produce a broken library.
+          _LT_TAGVAR(allow_undefined_flag, $1)='-berok'
+          # Determine the default libpath from the value encoded in an empty
+          # executable.
+          _LT_SYS_MODULE_PATH_AIX
+          _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+
+          _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+        else
+          if test "$host_cpu" = ia64; then
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
+	    _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
+	    _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+          else
+	    # Determine the default libpath from the value encoded in an
+	    # empty executable.
+	    _LT_SYS_MODULE_PATH_AIX
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+	    # Warning - without using the other run time loading flags,
+	    # -berok will link without error, but may produce a broken library.
+	    _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
+	    _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
+	    # Exported symbols can be pulled into shared objects from archives
+	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
+	    _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
+	    # This is similar to how AIX traditionally builds its shared
+	    # libraries.
+	    _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+          fi
+        fi
+        ;;
+
+      beos*)
+	if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+	  # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+	  # support --undefined.  This deserves some investigation.  FIXME
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	else
+	  _LT_TAGVAR(ld_shlibs, $1)=no
+	fi
+	;;
+
+      chorus*)
+        case $cc_basename in
+          *)
+	  # FIXME: insert proper C++ library support
+	  _LT_TAGVAR(ld_shlibs, $1)=no
+	  ;;
+        esac
+        ;;
+
+      cygwin* | mingw* | pw32* | cegcc*)
+        # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
+        # as there is no search path for DLLs.
+        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+        _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+        _LT_TAGVAR(always_export_symbols, $1)=no
+        _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+
+        if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+          _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+          # If the export-symbols file already is a .def file (1st line
+          # is EXPORTS), use it as is; otherwise, prepend...
+          _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+	    cp $export_symbols $output_objdir/$soname.def;
+          else
+	    echo EXPORTS > $output_objdir/$soname.def;
+	    cat $export_symbols >> $output_objdir/$soname.def;
+          fi~
+          $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+        else
+          _LT_TAGVAR(ld_shlibs, $1)=no
+        fi
+        ;;
+      darwin* | rhapsody*)
+        _LT_DARWIN_LINKER_FEATURES($1)
+	;;
+
+      dgux*)
+        case $cc_basename in
+          ec++*)
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+          ghcx*)
+	    # Green Hills C++ Compiler
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+          *)
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+        esac
+        ;;
+
+      freebsd[[12]]*)
+        # C++ shared libraries reported to be fairly broken before
+	# switch to ELF
+        _LT_TAGVAR(ld_shlibs, $1)=no
+        ;;
+
+      freebsd-elf*)
+        _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+        ;;
+
+      freebsd* | dragonfly*)
+        # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
+        # conventions
+        _LT_TAGVAR(ld_shlibs, $1)=yes
+        ;;
+
+      gnu*)
+        ;;
+
+      hpux9*)
+        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+        _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+        _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+        _LT_TAGVAR(hardcode_direct, $1)=yes
+        _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
+				             # but as the default
+				             # location of the library.
+
+        case $cc_basename in
+          CC*)
+            # FIXME: insert proper C++ library support
+            _LT_TAGVAR(ld_shlibs, $1)=no
+            ;;
+          aCC*)
+            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+            # Commands to make compiler produce verbose output that lists
+            # what "hidden" libraries, object files and flags are used when
+            # linking a shared library.
+            #
+            # There doesn't appear to be a way to prevent this compiler from
+            # explicitly linking system object files so we need to strip them
+            # from the output so that they don't get included in the library
+            # dependencies.
+            output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+            ;;
+          *)
+            if test "$GXX" = yes; then
+              _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+            else
+              # FIXME: insert proper C++ library support
+              _LT_TAGVAR(ld_shlibs, $1)=no
+            fi
+            ;;
+        esac
+        ;;
+
+      hpux10*|hpux11*)
+        if test $with_gnu_ld = no; then
+	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+	  _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+          case $host_cpu in
+            hppa*64*|ia64*)
+              ;;
+            *)
+	      _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+              ;;
+          esac
+        fi
+        case $host_cpu in
+          hppa*64*|ia64*)
+            _LT_TAGVAR(hardcode_direct, $1)=no
+            _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+            ;;
+          *)
+            _LT_TAGVAR(hardcode_direct, $1)=yes
+            _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+            _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
+					         # but as the default
+					         # location of the library.
+            ;;
+        esac
+
+        case $cc_basename in
+          CC*)
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+          aCC*)
+	    case $host_cpu in
+	      hppa*64*)
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	        ;;
+	      ia64*)
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	        ;;
+	      *)
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	        ;;
+	    esac
+	    # Commands to make compiler produce verbose output that lists
+	    # what "hidden" libraries, object files and flags are used when
+	    # linking a shared library.
+	    #
+	    # There doesn't appear to be a way to prevent this compiler from
+	    # explicitly linking system object files so we need to strip them
+	    # from the output so that they don't get included in the library
+	    # dependencies.
+	    output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+	    ;;
+          *)
+	    if test "$GXX" = yes; then
+	      if test $with_gnu_ld = no; then
+	        case $host_cpu in
+	          hppa*64*)
+	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	            ;;
+	          ia64*)
+	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	            ;;
+	          *)
+	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	            ;;
+	        esac
+	      fi
+	    else
+	      # FIXME: insert proper C++ library support
+	      _LT_TAGVAR(ld_shlibs, $1)=no
+	    fi
+	    ;;
+        esac
+        ;;
+
+      interix[[3-9]]*)
+	_LT_TAGVAR(hardcode_direct, $1)=no
+	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+	_LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+	# Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+	# Instead, shared libraries are loaded at an image base (0x10000000 by
+	# default) and relocated if they conflict, which is a slow very memory
+	# consuming and fragmenting process.  To avoid this, we pick a random,
+	# 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+	# time.  Moving up from 0x10000000 also allows more sbrk(2) space.
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+	;;
+      irix5* | irix6*)
+        case $cc_basename in
+          CC*)
+	    # SGI C++
+	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+
+	    # Archives containing C++ object files must be created using
+	    # "CC -ar", where "CC" is the IRIX C++ compiler.  This is
+	    # necessary to make sure instantiated templates are included
+	    # in the archive.
+	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs'
+	    ;;
+          *)
+	    if test "$GXX" = yes; then
+	      if test "$with_gnu_ld" = no; then
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+	      else
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` -o $lib'
+	      fi
+	    fi
+	    _LT_TAGVAR(link_all_deplibs, $1)=yes
+	    ;;
+        esac
+        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+        _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+        _LT_TAGVAR(inherit_rpath, $1)=yes
+        ;;
+
+      linux* | k*bsd*-gnu)
+        case $cc_basename in
+          KCC*)
+	    # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+	    # KCC will only create a shared library if the output file
+	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
+	    # to its proper name (with version) after linking.
+	    _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+	    _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib'
+	    # Commands to make compiler produce verbose output that lists
+	    # what "hidden" libraries, object files and flags are used when
+	    # linking a shared library.
+	    #
+	    # There doesn't appear to be a way to prevent this compiler from
+	    # explicitly linking system object files so we need to strip them
+	    # from the output so that they don't get included in the library
+	    # dependencies.
+	    output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+
+	    # Archives containing C++ object files must be created using
+	    # "CC -Bstatic", where "CC" is the KAI C++ compiler.
+	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
+	    ;;
+	  icpc* | ecpc* )
+	    # Intel C++
+	    with_gnu_ld=yes
+	    # version 8.0 and above of icpc choke on multiply defined symbols
+	    # if we add $predep_objects and $postdep_objects, however 7.1 and
+	    # earlier do not add the objects themselves.
+	    case `$CC -V 2>&1` in
+	      *"Version 7."*)
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+		_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+		;;
+	      *)  # Version 8.0 or newer
+	        tmp_idyn=
+	        case $host_cpu in
+		  ia64*) tmp_idyn=' -i_dynamic';;
+		esac
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+		_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+		;;
+	    esac
+	    _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+	    _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
+	    ;;
+          pgCC* | pgcpp*)
+            # Portland Group C++ compiler
+	    case `$CC -V` in
+	    *pgCC\ [[1-5]]* | *pgcpp\ [[1-5]]*)
+	      _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~
+		rm -rf $tpldir~
+		$CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
+		compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"'
+	      _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~
+		rm -rf $tpldir~
+		$CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
+		$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~
+		$RANLIB $oldlib'
+	      _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~
+		rm -rf $tpldir~
+		$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
+		$CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+	      _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~
+		rm -rf $tpldir~
+		$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
+		$CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+	      ;;
+	    *) # Version 6 will use weak symbols
+	      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+	      _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+	      ;;
+	    esac
+
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
+	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+	    _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+            ;;
+	  cxx*)
+	    # Compaq C++
+	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname  -o $lib ${wl}-retain-symbols-file $wl$export_symbols'
+
+	    runpath_var=LD_RUN_PATH
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+	    # Commands to make compiler produce verbose output that lists
+	    # what "hidden" libraries, object files and flags are used when
+	    # linking a shared library.
+	    #
+	    # There doesn't appear to be a way to prevent this compiler from
+	    # explicitly linking system object files so we need to strip them
+	    # from the output so that they don't get included in the library
+	    # dependencies.
+	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+	    ;;
+	  xl*)
+	    # IBM XL 8.0 on PPC, with GNU ld
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+	    _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	    if test "x$supports_anon_versioning" = xyes; then
+	      _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
+		cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+		echo "local: *; };" >> $output_objdir/$libname.ver~
+		$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+	    fi
+	    ;;
+	  *)
+	    case `$CC -V 2>&1 | sed 5q` in
+	    *Sun\ C*)
+	      # Sun C++ 5.9
+	      _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
+	      _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	      _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols'
+	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+	      _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+	      _LT_TAGVAR(compiler_needs_object, $1)=yes
+
+	      # Not sure whether something based on
+	      # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1
+	      # would be better.
+	      output_verbose_link_cmd='echo'
+
+	      # Archives containing C++ object files must be created using
+	      # "CC -xar", where "CC" is the Sun C++ compiler.  This is
+	      # necessary to make sure instantiated templates are included
+	      # in the archive.
+	      _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
+	      ;;
+	    esac
+	    ;;
+	esac
+	;;
+
+      lynxos*)
+        # FIXME: insert proper C++ library support
+	_LT_TAGVAR(ld_shlibs, $1)=no
+	;;
+
+      m88k*)
+        # FIXME: insert proper C++ library support
+        _LT_TAGVAR(ld_shlibs, $1)=no
+	;;
+
+      mvs*)
+        case $cc_basename in
+          cxx*)
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+	  *)
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+	esac
+	;;
+
+      netbsd*)
+        if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+	  _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable  -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
+	  wlarc=
+	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+	  _LT_TAGVAR(hardcode_direct, $1)=yes
+	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+	fi
+	# Workaround some broken pre-1.5 toolchains
+	output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
+	;;
+
+      *nto* | *qnx*)
+        _LT_TAGVAR(ld_shlibs, $1)=yes
+	;;
+
+      openbsd2*)
+        # C++ shared libraries are fairly broken
+	_LT_TAGVAR(ld_shlibs, $1)=no
+	;;
+
+      openbsd*)
+	if test -f /usr/libexec/ld.so; then
+	  _LT_TAGVAR(hardcode_direct, $1)=yes
+	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+	  _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+	  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib'
+	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+	    _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+	  fi
+	  output_verbose_link_cmd=echo
+	else
+	  _LT_TAGVAR(ld_shlibs, $1)=no
+	fi
+	;;
+
+      osf3* | osf4* | osf5*)
+        case $cc_basename in
+          KCC*)
+	    # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+	    # KCC will only create a shared library if the output file
+	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
+	    # to its proper name (with version) after linking.
+	    _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+	    # Archives containing C++ object files must be created using
+	    # the KAI C++ compiler.
+	    case $host in
+	      osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;;
+	      *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;;
+	    esac
+	    ;;
+          RCC*)
+	    # Rational C++ 2.4.1
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+          cxx*)
+	    case $host in
+	      osf3*)
+	        _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && $ECHO "X${wl}-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+	        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+		;;
+	      *)
+	        _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+	        _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
+	          echo "-hidden">> $lib.exp~
+	          $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp  `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~
+	          $RM $lib.exp'
+	        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+		;;
+	    esac
+
+	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+	    # Commands to make compiler produce verbose output that lists
+	    # what "hidden" libraries, object files and flags are used when
+	    # linking a shared library.
+	    #
+	    # There doesn't appear to be a way to prevent this compiler from
+	    # explicitly linking system object files so we need to strip them
+	    # from the output so that they don't get included in the library
+	    # dependencies.
+	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+	    ;;
+	  *)
+	    if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+	      _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+	      case $host in
+	        osf3*)
+	          _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+		  ;;
+	        *)
+	          _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+		  ;;
+	      esac
+
+	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+	      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+	      # Commands to make compiler produce verbose output that lists
+	      # what "hidden" libraries, object files and flags are used when
+	      # linking a shared library.
+	      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+
+	    else
+	      # FIXME: insert proper C++ library support
+	      _LT_TAGVAR(ld_shlibs, $1)=no
+	    fi
+	    ;;
+        esac
+        ;;
+
+      psos*)
+        # FIXME: insert proper C++ library support
+        _LT_TAGVAR(ld_shlibs, $1)=no
+        ;;
+
+      sunos4*)
+        case $cc_basename in
+          CC*)
+	    # Sun C++ 4.x
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+          lcc*)
+	    # Lucid
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+          *)
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+        esac
+        ;;
+
+      solaris*)
+        case $cc_basename in
+          CC*)
+	    # Sun C++ 4.2, 5.x and Centerline C++
+            _LT_TAGVAR(archive_cmds_need_lc,$1)=yes
+	    _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
+	    _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag}  -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	    _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+	      $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+	    _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+	    case $host_os in
+	      solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+	      *)
+		# The compiler driver will combine and reorder linker options,
+		# but understands `-z linker_flag'.
+	        # Supported since Solaris 2.6 (maybe 2.5.1?)
+		_LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
+	        ;;
+	    esac
+	    _LT_TAGVAR(link_all_deplibs, $1)=yes
+
+	    output_verbose_link_cmd='echo'
+
+	    # Archives containing C++ object files must be created using
+	    # "CC -xar", where "CC" is the Sun C++ compiler.  This is
+	    # necessary to make sure instantiated templates are included
+	    # in the archive.
+	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
+	    ;;
+          gcx*)
+	    # Green Hills C++ Compiler
+	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+
+	    # The C++ compiler must be used to create the archive.
+	    _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
+	    ;;
+          *)
+	    # GNU C++ compiler with Solaris linker
+	    if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+	      _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs'
+	      if $CC --version | $GREP -v '^2\.7' > /dev/null; then
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+	        _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+		  $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+	        # Commands to make compiler produce verbose output that lists
+	        # what "hidden" libraries, object files and flags are used when
+	        # linking a shared library.
+	        output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+	      else
+	        # g++ 2.7 appears to require `-G' NOT `-shared' on this
+	        # platform.
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+	        _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+		  $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+	        # Commands to make compiler produce verbose output that lists
+	        # what "hidden" libraries, object files and flags are used when
+	        # linking a shared library.
+	        output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+	      fi
+
+	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir'
+	      case $host_os in
+		solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+		*)
+		  _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+		  ;;
+	      esac
+	    fi
+	    ;;
+        esac
+        ;;
+
+    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
+      _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      runpath_var='LD_RUN_PATH'
+
+      case $cc_basename in
+        CC*)
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+      esac
+      ;;
+
+      sysv5* | sco3.2v5* | sco5v6*)
+	# Note: We can NOT use -z defs as we might desire, because we do not
+	# link with -lc, and that would cause any symbols used from libc to
+	# always be unresolved, which means just about no library would
+	# ever link correctly.  If we're not using GNU ld we use -z text
+	# though, which does catch some bad symbols but isn't as heavy-handed
+	# as -z defs.
+	_LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+	_LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs'
+	_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir'
+	_LT_TAGVAR(hardcode_libdir_separator, $1)=':'
+	_LT_TAGVAR(link_all_deplibs, $1)=yes
+	_LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport'
+	runpath_var='LD_RUN_PATH'
+
+	case $cc_basename in
+          CC*)
+	    _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	    ;;
+	  *)
+	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	    ;;
+	esac
+      ;;
+
+      tandem*)
+        case $cc_basename in
+          NCC*)
+	    # NonStop-UX NCC 3.20
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+          *)
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+        esac
+        ;;
+
+      vxworks*)
+        # FIXME: insert proper C++ library support
+        _LT_TAGVAR(ld_shlibs, $1)=no
+        ;;
+
+      *)
+        # FIXME: insert proper C++ library support
+        _LT_TAGVAR(ld_shlibs, $1)=no
+        ;;
+    esac
+
+    AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
+    test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
+
+    _LT_TAGVAR(GCC, $1)="$GXX"
+    _LT_TAGVAR(LD, $1)="$LD"
+
+    ## CAVEAT EMPTOR:
+    ## There is no encapsulation within the following macros, do not change
+    ## the running order or otherwise move them around unless you know exactly
+    ## what you are doing...
+    _LT_SYS_HIDDEN_LIBDEPS($1)
+    _LT_COMPILER_PIC($1)
+    _LT_COMPILER_C_O($1)
+    _LT_COMPILER_FILE_LOCKS($1)
+    _LT_LINKER_SHLIBS($1)
+    _LT_SYS_DYNAMIC_LINKER($1)
+    _LT_LINKER_HARDCODE_LIBPATH($1)
+
+    _LT_CONFIG($1)
+  fi # test -n "$compiler"
+
+  CC=$lt_save_CC
+  LDCXX=$LD
+  LD=$lt_save_LD
+  GCC=$lt_save_GCC
+  with_gnu_ld=$lt_save_with_gnu_ld
+  lt_cv_path_LDCXX=$lt_cv_path_LD
+  lt_cv_path_LD=$lt_save_path_LD
+  lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
+  lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
+fi # test "$_lt_caught_CXX_error" != yes
+
+AC_LANG_POP
+])# _LT_LANG_CXX_CONFIG
+
+
+# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME])
+# ---------------------------------
+# Figure out "hidden" library dependencies from verbose
+# compiler output when linking a shared library.
+# Parse the compiler output and extract the necessary
+# objects, libraries and library flags.
+m4_defun([_LT_SYS_HIDDEN_LIBDEPS],
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+# Dependencies to place before and after the object being linked:
+_LT_TAGVAR(predep_objects, $1)=
+_LT_TAGVAR(postdep_objects, $1)=
+_LT_TAGVAR(predeps, $1)=
+_LT_TAGVAR(postdeps, $1)=
+_LT_TAGVAR(compiler_lib_search_path, $1)=
+
+dnl we can't use the lt_simple_compile_test_code here,
+dnl because it contains code intended for an executable,
+dnl not a library.  It's possible we should let each
+dnl tag define a new lt_????_link_test_code variable,
+dnl but it's only used here...
+m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF
+int a;
+void foo (void) { a = 0; }
+_LT_EOF
+], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF
+class Foo
+{
+public:
+  Foo (void) { a = 0; }
+private:
+  int a;
+};
+_LT_EOF
+], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF
+      subroutine foo
+      implicit none
+      integer*4 a
+      a=0
+      return
+      end
+_LT_EOF
+], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF
+      subroutine foo
+      implicit none
+      integer a
+      a=0
+      return
+      end
+_LT_EOF
+], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF
+public class foo {
+  private int a;
+  public void bar (void) {
+    a = 0;
+  }
+};
+_LT_EOF
+])
+dnl Parse the compiler output and extract the necessary
+dnl objects, libraries and library flags.
+if AC_TRY_EVAL(ac_compile); then
+  # Parse the compiler output and extract the necessary
+  # objects, libraries and library flags.
+
+  # Sentinel used to keep track of whether or not we are before
+  # the conftest object file.
+  pre_test_object_deps_done=no
+
+  for p in `eval "$output_verbose_link_cmd"`; do
+    case $p in
+
+    -L* | -R* | -l*)
+       # Some compilers place space between "-{L,R}" and the path.
+       # Remove the space.
+       if test $p = "-L" ||
+          test $p = "-R"; then
+	 prev=$p
+	 continue
+       else
+	 prev=
+       fi
+
+       if test "$pre_test_object_deps_done" = no; then
+	 case $p in
+	 -L* | -R*)
+	   # Internal compiler library paths should come after those
+	   # provided the user.  The postdeps already come after the
+	   # user supplied libs so there is no need to process them.
+	   if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then
+	     _LT_TAGVAR(compiler_lib_search_path, $1)="${prev}${p}"
+	   else
+	     _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} ${prev}${p}"
+	   fi
+	   ;;
+	 # The "-l" case would never come before the object being
+	 # linked, so don't bother handling this case.
+	 esac
+       else
+	 if test -z "$_LT_TAGVAR(postdeps, $1)"; then
+	   _LT_TAGVAR(postdeps, $1)="${prev}${p}"
+	 else
+	   _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} ${prev}${p}"
+	 fi
+       fi
+       ;;
+
+    *.$objext)
+       # This assumes that the test object file only shows up
+       # once in the compiler output.
+       if test "$p" = "conftest.$objext"; then
+	 pre_test_object_deps_done=yes
+	 continue
+       fi
+
+       if test "$pre_test_object_deps_done" = no; then
+	 if test -z "$_LT_TAGVAR(predep_objects, $1)"; then
+	   _LT_TAGVAR(predep_objects, $1)="$p"
+	 else
+	   _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p"
+	 fi
+       else
+	 if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then
+	   _LT_TAGVAR(postdep_objects, $1)="$p"
+	 else
+	   _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p"
+	 fi
+       fi
+       ;;
+
+    *) ;; # Ignore the rest.
+
+    esac
+  done
+
+  # Clean up.
+  rm -f a.out a.exe
+else
+  echo "libtool.m4: error: problem compiling $1 test program"
+fi
+
+$RM -f confest.$objext
+
+# PORTME: override above test on systems where it is broken
+m4_if([$1], [CXX],
+[case $host_os in
+interix[[3-9]]*)
+  # Interix 3.5 installs completely hosed .la files for C++, so rather than
+  # hack all around it, let's just trust "g++" to DTRT.
+  _LT_TAGVAR(predep_objects,$1)=
+  _LT_TAGVAR(postdep_objects,$1)=
+  _LT_TAGVAR(postdeps,$1)=
+  ;;
+
+linux*)
+  case `$CC -V 2>&1 | sed 5q` in
+  *Sun\ C*)
+    # Sun C++ 5.9
+
+    # The more standards-conforming stlport4 library is
+    # incompatible with the Cstd library. Avoid specifying
+    # it if it's in CXXFLAGS. Ignore libCrun as
+    # -library=stlport4 depends on it.
+    case " $CXX $CXXFLAGS " in
+    *" -library=stlport4 "*)
+      solaris_use_stlport4=yes
+      ;;
+    esac
+
+    if test "$solaris_use_stlport4" != yes; then
+      _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun'
+    fi
+    ;;
+  esac
+  ;;
+
+solaris*)
+  case $cc_basename in
+  CC*)
+    # The more standards-conforming stlport4 library is
+    # incompatible with the Cstd library. Avoid specifying
+    # it if it's in CXXFLAGS. Ignore libCrun as
+    # -library=stlport4 depends on it.
+    case " $CXX $CXXFLAGS " in
+    *" -library=stlport4 "*)
+      solaris_use_stlport4=yes
+      ;;
+    esac
+
+    # Adding this requires a known-good setup of shared libraries for
+    # Sun compiler versions before 5.6, else PIC objects from an old
+    # archive will be linked into the output, leading to subtle bugs.
+    if test "$solaris_use_stlport4" != yes; then
+      _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun'
+    fi
+    ;;
+  esac
+  ;;
+esac
+])
+
+case " $_LT_TAGVAR(postdeps, $1) " in
+*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;;
+esac
+ _LT_TAGVAR(compiler_lib_search_dirs, $1)=
+if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then
+ _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | ${SED} -e 's! -L! !g' -e 's!^ !!'`
+fi
+_LT_TAGDECL([], [compiler_lib_search_dirs], [1],
+    [The directories searched by this compiler when creating a shared library])
+_LT_TAGDECL([], [predep_objects], [1],
+    [Dependencies to place before and after the objects being linked to
+    create a shared library])
+_LT_TAGDECL([], [postdep_objects], [1])
+_LT_TAGDECL([], [predeps], [1])
+_LT_TAGDECL([], [postdeps], [1])
+_LT_TAGDECL([], [compiler_lib_search_path], [1],
+    [The library search path used internally by the compiler when linking
+    a shared library])
+])# _LT_SYS_HIDDEN_LIBDEPS
+
+
+# _LT_PROG_F77
+# ------------
+# Since AC_PROG_F77 is broken, in that it returns the empty string
+# if there is no fortran compiler, we have our own version here.
+m4_defun([_LT_PROG_F77],
+[
+pushdef([AC_MSG_ERROR], [_lt_disable_F77=yes])
+AC_PROG_F77
+if test -z "$F77" || test "X$F77" = "Xno"; then
+  _lt_disable_F77=yes
+fi
+popdef([AC_MSG_ERROR])
+])# _LT_PROG_F77
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([_LT_PROG_F77], [])
+
+
+# _LT_LANG_F77_CONFIG([TAG])
+# --------------------------
+# Ensure that the configuration variables for a Fortran 77 compiler are
+# suitably defined.  These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_F77_CONFIG],
+[AC_REQUIRE([_LT_PROG_F77])dnl
+AC_LANG_PUSH(Fortran 77)
+
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_TAGVAR(allow_undefined_flag, $1)=
+_LT_TAGVAR(always_export_symbols, $1)=no
+_LT_TAGVAR(archive_expsym_cmds, $1)=
+_LT_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_TAGVAR(hardcode_direct, $1)=no
+_LT_TAGVAR(hardcode_direct_absolute, $1)=no
+_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+_LT_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_TAGVAR(hardcode_minus_L, $1)=no
+_LT_TAGVAR(hardcode_automatic, $1)=no
+_LT_TAGVAR(inherit_rpath, $1)=no
+_LT_TAGVAR(module_cmds, $1)=
+_LT_TAGVAR(module_expsym_cmds, $1)=
+_LT_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(no_undefined_flag, $1)=
+_LT_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Source file extension for f77 test sources.
+ac_ext=f
+
+# Object file extension for compiled f77 test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# No sense in running all these tests if we already determined that
+# the F77 compiler isn't working.  Some variables (like enable_shared)
+# are currently assumed to apply to all compilers on this platform,
+# and will be corrupted by setting them based on a non-working compiler.
+if test "$_lt_disable_F77" != yes; then
+  # Code to be used in simple compile tests
+  lt_simple_compile_test_code="\
+      subroutine t
+      return
+      end
+"
+
+  # Code to be used in simple link tests
+  lt_simple_link_test_code="\
+      program t
+      end
+"
+
+  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
+  _LT_TAG_COMPILER
+
+  # save warnings/boilerplate of simple test code
+  _LT_COMPILER_BOILERPLATE
+  _LT_LINKER_BOILERPLATE
+
+  # Allow CC to be a program name with arguments.
+  lt_save_CC="$CC"
+  lt_save_GCC=$GCC
+  CC=${F77-"f77"}
+  compiler=$CC
+  _LT_TAGVAR(compiler, $1)=$CC
+  _LT_CC_BASENAME([$compiler])
+  GCC=$G77
+  if test -n "$compiler"; then
+    AC_MSG_CHECKING([if libtool supports shared libraries])
+    AC_MSG_RESULT([$can_build_shared])
+
+    AC_MSG_CHECKING([whether to build shared libraries])
+    test "$can_build_shared" = "no" && enable_shared=no
+
+    # On AIX, shared libraries and static libraries use the same namespace, and
+    # are all built from PIC.
+    case $host_os in
+      aix3*)
+        test "$enable_shared" = yes && enable_static=no
+        if test -n "$RANLIB"; then
+          archive_cmds="$archive_cmds~\$RANLIB \$lib"
+          postinstall_cmds='$RANLIB $lib'
+        fi
+        ;;
+      aix[[4-9]]*)
+	if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+	  test "$enable_shared" = yes && enable_static=no
+	fi
+        ;;
+    esac
+    AC_MSG_RESULT([$enable_shared])
+
+    AC_MSG_CHECKING([whether to build static libraries])
+    # Make sure either enable_shared or enable_static is yes.
+    test "$enable_shared" = yes || enable_static=yes
+    AC_MSG_RESULT([$enable_static])
+
+    _LT_TAGVAR(GCC, $1)="$G77"
+    _LT_TAGVAR(LD, $1)="$LD"
+
+    ## CAVEAT EMPTOR:
+    ## There is no encapsulation within the following macros, do not change
+    ## the running order or otherwise move them around unless you know exactly
+    ## what you are doing...
+    _LT_COMPILER_PIC($1)
+    _LT_COMPILER_C_O($1)
+    _LT_COMPILER_FILE_LOCKS($1)
+    _LT_LINKER_SHLIBS($1)
+    _LT_SYS_DYNAMIC_LINKER($1)
+    _LT_LINKER_HARDCODE_LIBPATH($1)
+
+    _LT_CONFIG($1)
+  fi # test -n "$compiler"
+
+  GCC=$lt_save_GCC
+  CC="$lt_save_CC"
+fi # test "$_lt_disable_F77" != yes
+
+AC_LANG_POP
+])# _LT_LANG_F77_CONFIG
+
+
+# _LT_PROG_FC
+# -----------
+# Since AC_PROG_FC is broken, in that it returns the empty string
+# if there is no fortran compiler, we have our own version here.
+m4_defun([_LT_PROG_FC],
+[
+pushdef([AC_MSG_ERROR], [_lt_disable_FC=yes])
+AC_PROG_FC
+if test -z "$FC" || test "X$FC" = "Xno"; then
+  _lt_disable_FC=yes
+fi
+popdef([AC_MSG_ERROR])
+])# _LT_PROG_FC
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([_LT_PROG_FC], [])
+
+
+# _LT_LANG_FC_CONFIG([TAG])
+# -------------------------
+# Ensure that the configuration variables for a Fortran compiler are
+# suitably defined.  These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_FC_CONFIG],
+[AC_REQUIRE([_LT_PROG_FC])dnl
+AC_LANG_PUSH(Fortran)
+
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_TAGVAR(allow_undefined_flag, $1)=
+_LT_TAGVAR(always_export_symbols, $1)=no
+_LT_TAGVAR(archive_expsym_cmds, $1)=
+_LT_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_TAGVAR(hardcode_direct, $1)=no
+_LT_TAGVAR(hardcode_direct_absolute, $1)=no
+_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+_LT_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_TAGVAR(hardcode_minus_L, $1)=no
+_LT_TAGVAR(hardcode_automatic, $1)=no
+_LT_TAGVAR(inherit_rpath, $1)=no
+_LT_TAGVAR(module_cmds, $1)=
+_LT_TAGVAR(module_expsym_cmds, $1)=
+_LT_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(no_undefined_flag, $1)=
+_LT_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Source file extension for fc test sources.
+ac_ext=${ac_fc_srcext-f}
+
+# Object file extension for compiled fc test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# No sense in running all these tests if we already determined that
+# the FC compiler isn't working.  Some variables (like enable_shared)
+# are currently assumed to apply to all compilers on this platform,
+# and will be corrupted by setting them based on a non-working compiler.
+if test "$_lt_disable_FC" != yes; then
+  # Code to be used in simple compile tests
+  lt_simple_compile_test_code="\
+      subroutine t
+      return
+      end
+"
+
+  # Code to be used in simple link tests
+  lt_simple_link_test_code="\
+      program t
+      end
+"
+
+  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
+  _LT_TAG_COMPILER
+
+  # save warnings/boilerplate of simple test code
+  _LT_COMPILER_BOILERPLATE
+  _LT_LINKER_BOILERPLATE
+
+  # Allow CC to be a program name with arguments.
+  lt_save_CC="$CC"
+  lt_save_GCC=$GCC
+  CC=${FC-"f95"}
+  compiler=$CC
+  GCC=$ac_cv_fc_compiler_gnu
+
+  _LT_TAGVAR(compiler, $1)=$CC
+  _LT_CC_BASENAME([$compiler])
+
+  if test -n "$compiler"; then
+    AC_MSG_CHECKING([if libtool supports shared libraries])
+    AC_MSG_RESULT([$can_build_shared])
+
+    AC_MSG_CHECKING([whether to build shared libraries])
+    test "$can_build_shared" = "no" && enable_shared=no
+
+    # On AIX, shared libraries and static libraries use the same namespace, and
+    # are all built from PIC.
+    case $host_os in
+      aix3*)
+        test "$enable_shared" = yes && enable_static=no
+        if test -n "$RANLIB"; then
+          archive_cmds="$archive_cmds~\$RANLIB \$lib"
+          postinstall_cmds='$RANLIB $lib'
+        fi
+        ;;
+      aix[[4-9]]*)
+	if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+	  test "$enable_shared" = yes && enable_static=no
+	fi
+        ;;
+    esac
+    AC_MSG_RESULT([$enable_shared])
+
+    AC_MSG_CHECKING([whether to build static libraries])
+    # Make sure either enable_shared or enable_static is yes.
+    test "$enable_shared" = yes || enable_static=yes
+    AC_MSG_RESULT([$enable_static])
+
+    _LT_TAGVAR(GCC, $1)="$ac_cv_fc_compiler_gnu"
+    _LT_TAGVAR(LD, $1)="$LD"
+
+    ## CAVEAT EMPTOR:
+    ## There is no encapsulation within the following macros, do not change
+    ## the running order or otherwise move them around unless you know exactly
+    ## what you are doing...
+    _LT_SYS_HIDDEN_LIBDEPS($1)
+    _LT_COMPILER_PIC($1)
+    _LT_COMPILER_C_O($1)
+    _LT_COMPILER_FILE_LOCKS($1)
+    _LT_LINKER_SHLIBS($1)
+    _LT_SYS_DYNAMIC_LINKER($1)
+    _LT_LINKER_HARDCODE_LIBPATH($1)
+
+    _LT_CONFIG($1)
+  fi # test -n "$compiler"
+
+  GCC=$lt_save_GCC
+  CC="$lt_save_CC"
+fi # test "$_lt_disable_FC" != yes
+
+AC_LANG_POP
+])# _LT_LANG_FC_CONFIG
+
+
+# _LT_LANG_GCJ_CONFIG([TAG])
+# --------------------------
+# Ensure that the configuration variables for the GNU Java Compiler compiler
+# are suitably defined.  These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_GCJ_CONFIG],
+[AC_REQUIRE([LT_PROG_GCJ])dnl
+AC_LANG_SAVE
+
+# Source file extension for Java test sources.
+ac_ext=java
+
+# Object file extension for compiled Java test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="class foo {}"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_TAG_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+lt_save_GCC=$GCC
+GCC=yes
+CC=${GCJ-"gcj"}
+compiler=$CC
+_LT_TAGVAR(compiler, $1)=$CC
+_LT_TAGVAR(LD, $1)="$LD"
+_LT_CC_BASENAME([$compiler])
+
+# GCJ did not exist at the time GCC didn't implicitly link libc in.
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+
+## CAVEAT EMPTOR:
+## There is no encapsulation within the following macros, do not change
+## the running order or otherwise move them around unless you know exactly
+## what you are doing...
+if test -n "$compiler"; then
+  _LT_COMPILER_NO_RTTI($1)
+  _LT_COMPILER_PIC($1)
+  _LT_COMPILER_C_O($1)
+  _LT_COMPILER_FILE_LOCKS($1)
+  _LT_LINKER_SHLIBS($1)
+  _LT_LINKER_HARDCODE_LIBPATH($1)
+
+  _LT_CONFIG($1)
+fi
+
+AC_LANG_RESTORE
+
+GCC=$lt_save_GCC
+CC="$lt_save_CC"
+])# _LT_LANG_GCJ_CONFIG
+
+
+# _LT_LANG_RC_CONFIG([TAG])
+# -------------------------
+# Ensure that the configuration variables for the Windows resource compiler
+# are suitably defined.  These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_RC_CONFIG],
+[AC_REQUIRE([LT_PROG_RC])dnl
+AC_LANG_SAVE
+
+# Source file extension for RC test sources.
+ac_ext=rc
+
+# Object file extension for compiled RC test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }'
+
+# Code to be used in simple link tests
+lt_simple_link_test_code="$lt_simple_compile_test_code"
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_TAG_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+lt_save_GCC=$GCC
+GCC=
+CC=${RC-"windres"}
+compiler=$CC
+_LT_TAGVAR(compiler, $1)=$CC
+_LT_CC_BASENAME([$compiler])
+_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
+
+if test -n "$compiler"; then
+  :
+  _LT_CONFIG($1)
+fi
+
+GCC=$lt_save_GCC
+AC_LANG_RESTORE
+CC="$lt_save_CC"
+])# _LT_LANG_RC_CONFIG
+
+
+# LT_PROG_GCJ
+# -----------
+AC_DEFUN([LT_PROG_GCJ],
+[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ],
+  [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ],
+    [AC_CHECK_TOOL(GCJ, gcj,)
+      test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2"
+      AC_SUBST(GCJFLAGS)])])[]dnl
+])
+
+# Old name:
+AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([LT_AC_PROG_GCJ], [])
+
+
+# LT_PROG_RC
+# ----------
+AC_DEFUN([LT_PROG_RC],
+[AC_CHECK_TOOL(RC, windres,)
+])
+
+# Old name:
+AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([LT_AC_PROG_RC], [])
+
+
+# _LT_DECL_EGREP
+# --------------
+# If we don't have a new enough Autoconf to choose the best grep
+# available, choose the one first in the user's PATH.
+m4_defun([_LT_DECL_EGREP],
+[AC_REQUIRE([AC_PROG_EGREP])dnl
+AC_REQUIRE([AC_PROG_FGREP])dnl
+test -z "$GREP" && GREP=grep
+_LT_DECL([], [GREP], [1], [A grep program that handles long lines])
+_LT_DECL([], [EGREP], [1], [An ERE matcher])
+_LT_DECL([], [FGREP], [1], [A literal string matcher])
+dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too
+AC_SUBST([GREP])
+])
+
+
+# _LT_DECL_OBJDUMP
+# --------------
+# If we don't have a new enough Autoconf to choose the best objdump
+# available, choose the one first in the user's PATH.
+m4_defun([_LT_DECL_OBJDUMP],
+[AC_CHECK_TOOL(OBJDUMP, objdump, false)
+test -z "$OBJDUMP" && OBJDUMP=objdump
+_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper])
+AC_SUBST([OBJDUMP])
+])
+
+
+# _LT_DECL_SED
+# ------------
+# Check for a fully-functional sed program, that truncates
+# as few characters as possible.  Prefer GNU sed if found.
+m4_defun([_LT_DECL_SED],
+[AC_PROG_SED
+test -z "$SED" && SED=sed
+Xsed="$SED -e 1s/^X//"
+_LT_DECL([], [SED], [1], [A sed program that does not truncate output])
+_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"],
+    [Sed that helps us avoid accidentally triggering echo(1) options like -n])
+])# _LT_DECL_SED
+
+m4_ifndef([AC_PROG_SED], [
+############################################################
+# NOTE: This macro has been submitted for inclusion into   #
+#  GNU Autoconf as AC_PROG_SED.  When it is available in   #
+#  a released version of Autoconf we should remove this    #
+#  macro and use it instead.                               #
+############################################################
+
+m4_defun([AC_PROG_SED],
+[AC_MSG_CHECKING([for a sed that does not truncate output])
+AC_CACHE_VAL(lt_cv_path_SED,
+[# Loop through the user's path and test for sed and gsed.
+# Then use that list of sed's as ones to test for truncation.
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for lt_ac_prog in sed gsed; do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
+        lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
+      fi
+    done
+  done
+done
+IFS=$as_save_IFS
+lt_ac_max=0
+lt_ac_count=0
+# Add /usr/xpg4/bin/sed as it is typically found on Solaris
+# along with /bin/sed that truncates output.
+for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
+  test ! -f $lt_ac_sed && continue
+  cat /dev/null > conftest.in
+  lt_ac_count=0
+  echo $ECHO_N "0123456789$ECHO_C" >conftest.in
+  # Check for GNU sed and select it if it is found.
+  if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
+    lt_cv_path_SED=$lt_ac_sed
+    break
+  fi
+  while true; do
+    cat conftest.in conftest.in >conftest.tmp
+    mv conftest.tmp conftest.in
+    cp conftest.in conftest.nl
+    echo >>conftest.nl
+    $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
+    cmp -s conftest.out conftest.nl || break
+    # 10000 chars as input seems more than enough
+    test $lt_ac_count -gt 10 && break
+    lt_ac_count=`expr $lt_ac_count + 1`
+    if test $lt_ac_count -gt $lt_ac_max; then
+      lt_ac_max=$lt_ac_count
+      lt_cv_path_SED=$lt_ac_sed
+    fi
+  done
+done
+])
+SED=$lt_cv_path_SED
+AC_SUBST([SED])
+AC_MSG_RESULT([$SED])
+])#AC_PROG_SED
+])#m4_ifndef
+
+# Old name:
+AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([LT_AC_PROG_SED], [])
+
+
+# _LT_CHECK_SHELL_FEATURES
+# ------------------------
+# Find out whether the shell is Bourne or XSI compatible,
+# or has some other useful features.
+m4_defun([_LT_CHECK_SHELL_FEATURES],
+[AC_MSG_CHECKING([whether the shell understands some XSI constructs])
+# Try some XSI features
+xsi_shell=no
+( _lt_dummy="a/b/c"
+  test "${_lt_dummy##*/},${_lt_dummy%/*},"${_lt_dummy%"$_lt_dummy"}, \
+      = c,a/b,, \
+    && eval 'test $(( 1 + 1 )) -eq 2 \
+    && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \
+  && xsi_shell=yes
+AC_MSG_RESULT([$xsi_shell])
+_LT_CONFIG_LIBTOOL_INIT([xsi_shell='$xsi_shell'])
+
+AC_MSG_CHECKING([whether the shell understands "+="])
+lt_shell_append=no
+( foo=bar; set foo baz; eval "$[1]+=\$[2]" && test "$foo" = barbaz ) \
+    >/dev/null 2>&1 \
+  && lt_shell_append=yes
+AC_MSG_RESULT([$lt_shell_append])
+_LT_CONFIG_LIBTOOL_INIT([lt_shell_append='$lt_shell_append'])
+
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  lt_unset=unset
+else
+  lt_unset=false
+fi
+_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl
+
+# test EBCDIC or ASCII
+case `echo X|tr X '\101'` in
+ A) # ASCII based system
+    # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
+  lt_SP2NL='tr \040 \012'
+  lt_NL2SP='tr \015\012 \040\040'
+  ;;
+ *) # EBCDIC based system
+  lt_SP2NL='tr \100 \n'
+  lt_NL2SP='tr \r\n \100\100'
+  ;;
+esac
+_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl
+_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl
+])# _LT_CHECK_SHELL_FEATURES
+
+
+# _LT_PROG_XSI_SHELLFNS
+# ---------------------
+# Bourne and XSI compatible variants of some useful shell functions.
+m4_defun([_LT_PROG_XSI_SHELLFNS],
+[case $xsi_shell in
+  yes)
+    cat << \_LT_EOF >> "$cfgfile"
+
+# func_dirname file append nondir_replacement
+# Compute the dirname of FILE.  If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+func_dirname ()
+{
+  case ${1} in
+    */*) func_dirname_result="${1%/*}${2}" ;;
+    *  ) func_dirname_result="${3}" ;;
+  esac
+}
+
+# func_basename file
+func_basename ()
+{
+  func_basename_result="${1##*/}"
+}
+
+# func_dirname_and_basename file append nondir_replacement
+# perform func_basename and func_dirname in a single function
+# call:
+#   dirname:  Compute the dirname of FILE.  If nonempty,
+#             add APPEND to the result, otherwise set result
+#             to NONDIR_REPLACEMENT.
+#             value returned in "$func_dirname_result"
+#   basename: Compute filename of FILE.
+#             value retuned in "$func_basename_result"
+# Implementation must be kept synchronized with func_dirname
+# and func_basename. For efficiency, we do not delegate to
+# those functions but instead duplicate the functionality here.
+func_dirname_and_basename ()
+{
+  case ${1} in
+    */*) func_dirname_result="${1%/*}${2}" ;;
+    *  ) func_dirname_result="${3}" ;;
+  esac
+  func_basename_result="${1##*/}"
+}
+
+# func_stripname prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+func_stripname ()
+{
+  # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are
+  # positional parameters, so assign one to ordinary parameter first.
+  func_stripname_result=${3}
+  func_stripname_result=${func_stripname_result#"${1}"}
+  func_stripname_result=${func_stripname_result%"${2}"}
+}
+
+# func_opt_split
+func_opt_split ()
+{
+  func_opt_split_opt=${1%%=*}
+  func_opt_split_arg=${1#*=}
+}
+
+# func_lo2o object
+func_lo2o ()
+{
+  case ${1} in
+    *.lo) func_lo2o_result=${1%.lo}.${objext} ;;
+    *)    func_lo2o_result=${1} ;;
+  esac
+}
+
+# func_xform libobj-or-source
+func_xform ()
+{
+  func_xform_result=${1%.*}.lo
+}
+
+# func_arith arithmetic-term...
+func_arith ()
+{
+  func_arith_result=$(( $[*] ))
+}
+
+# func_len string
+# STRING may not start with a hyphen.
+func_len ()
+{
+  func_len_result=${#1}
+}
+
+_LT_EOF
+    ;;
+  *) # Bourne compatible functions.
+    cat << \_LT_EOF >> "$cfgfile"
+
+# func_dirname file append nondir_replacement
+# Compute the dirname of FILE.  If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+func_dirname ()
+{
+  # Extract subdirectory from the argument.
+  func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"`
+  if test "X$func_dirname_result" = "X${1}"; then
+    func_dirname_result="${3}"
+  else
+    func_dirname_result="$func_dirname_result${2}"
+  fi
+}
+
+# func_basename file
+func_basename ()
+{
+  func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"`
+}
+
+dnl func_dirname_and_basename
+dnl A portable version of this function is already defined in general.m4sh
+dnl so there is no need for it here.
+
+# func_stripname prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+# func_strip_suffix prefix name
+func_stripname ()
+{
+  case ${2} in
+    .*) func_stripname_result=`$ECHO "X${3}" \
+           | $Xsed -e "s%^${1}%%" -e "s%\\\\${2}\$%%"`;;
+    *)  func_stripname_result=`$ECHO "X${3}" \
+           | $Xsed -e "s%^${1}%%" -e "s%${2}\$%%"`;;
+  esac
+}
+
+# sed scripts:
+my_sed_long_opt='1s/^\(-[[^=]]*\)=.*/\1/;q'
+my_sed_long_arg='1s/^-[[^=]]*=//'
+
+# func_opt_split
+func_opt_split ()
+{
+  func_opt_split_opt=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_opt"`
+  func_opt_split_arg=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_arg"`
+}
+
+# func_lo2o object
+func_lo2o ()
+{
+  func_lo2o_result=`$ECHO "X${1}" | $Xsed -e "$lo2o"`
+}
+
+# func_xform libobj-or-source
+func_xform ()
+{
+  func_xform_result=`$ECHO "X${1}" | $Xsed -e 's/\.[[^.]]*$/.lo/'`
+}
+
+# func_arith arithmetic-term...
+func_arith ()
+{
+  func_arith_result=`expr "$[@]"`
+}
+
+# func_len string
+# STRING may not start with a hyphen.
+func_len ()
+{
+  func_len_result=`expr "$[1]" : ".*" 2>/dev/null || echo $max_cmd_len`
+}
+
+_LT_EOF
+esac
+
+case $lt_shell_append in
+  yes)
+    cat << \_LT_EOF >> "$cfgfile"
+
+# func_append var value
+# Append VALUE to the end of shell variable VAR.
+func_append ()
+{
+  eval "$[1]+=\$[2]"
+}
+_LT_EOF
+    ;;
+  *)
+    cat << \_LT_EOF >> "$cfgfile"
+
+# func_append var value
+# Append VALUE to the end of shell variable VAR.
+func_append ()
+{
+  eval "$[1]=\$$[1]\$[2]"
+}
+
+_LT_EOF
+    ;;
+  esac
+])
diff --git a/sudo-1.7.4p4/m4/ltoptions.m4 b/sudo-1.7.4p4/m4/ltoptions.m4
new file mode 100644
index 0000000..34151a3
--- /dev/null
+++ b/sudo-1.7.4p4/m4/ltoptions.m4
@@ -0,0 +1,368 @@
+# Helper functions for option handling.                    -*- Autoconf -*-
+#
+#   Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
+#   Written by Gary V. Vaughan, 2004
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+# serial 6 ltoptions.m4
+
+# This is to help aclocal find these macros, as it can't see m4_define.
+AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
+
+
+# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME)
+# ------------------------------------------
+m4_define([_LT_MANGLE_OPTION],
+[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])])
+
+
+# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME)
+# ---------------------------------------
+# Set option OPTION-NAME for macro MACRO-NAME, and if there is a
+# matching handler defined, dispatch to it.  Other OPTION-NAMEs are
+# saved as a flag.
+m4_define([_LT_SET_OPTION],
+[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl
+m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]),
+        _LT_MANGLE_DEFUN([$1], [$2]),
+    [m4_warning([Unknown $1 option `$2'])])[]dnl
+])
+
+
+# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET])
+# ------------------------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+m4_define([_LT_IF_OPTION],
+[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])])
+
+
+# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET)
+# -------------------------------------------------------
+# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME
+# are set.
+m4_define([_LT_UNLESS_OPTIONS],
+[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
+	    [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option),
+		      [m4_define([$0_found])])])[]dnl
+m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3
+])[]dnl
+])
+
+
+# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST)
+# ----------------------------------------
+# OPTION-LIST is a space-separated list of Libtool options associated
+# with MACRO-NAME.  If any OPTION has a matching handler declared with
+# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about
+# the unknown option and exit.
+m4_defun([_LT_SET_OPTIONS],
+[# Set options
+m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
+    [_LT_SET_OPTION([$1], _LT_Option)])
+
+m4_if([$1],[LT_INIT],[
+  dnl
+  dnl Simply set some default values (i.e off) if boolean options were not
+  dnl specified:
+  _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no
+  ])
+  _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no
+  ])
+  dnl
+  dnl If no reference was made to various pairs of opposing options, then
+  dnl we run the default mode handler for the pair.  For example, if neither
+  dnl `shared' nor `disable-shared' was passed, we enable building of shared
+  dnl archives by default:
+  _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED])
+  _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC])
+  _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC])
+  _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install],
+  		   [_LT_ENABLE_FAST_INSTALL])
+  ])
+])# _LT_SET_OPTIONS
+
+
+## --------------------------------- ##
+## Macros to handle LT_INIT options. ##
+## --------------------------------- ##
+
+# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME)
+# -----------------------------------------
+m4_define([_LT_MANGLE_DEFUN],
+[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])])
+
+
+# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE)
+# -----------------------------------------------
+m4_define([LT_OPTION_DEFINE],
+[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl
+])# LT_OPTION_DEFINE
+
+
+# dlopen
+# ------
+LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes
+])
+
+AU_DEFUN([AC_LIBTOOL_DLOPEN],
+[_LT_SET_OPTION([LT_INIT], [dlopen])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you
+put the `dlopen' option into LT_INIT's first parameter.])
+])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], [])
+
+
+# win32-dll
+# ---------
+# Declare package support for building win32 dll's.
+LT_OPTION_DEFINE([LT_INIT], [win32-dll],
+[enable_win32_dll=yes
+
+case $host in
+*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-cegcc*)
+  AC_CHECK_TOOL(AS, as, false)
+  AC_CHECK_TOOL(DLLTOOL, dlltool, false)
+  AC_CHECK_TOOL(OBJDUMP, objdump, false)
+  ;;
+esac
+
+test -z "$AS" && AS=as
+_LT_DECL([], [AS],      [0], [Assembler program])dnl
+
+test -z "$DLLTOOL" && DLLTOOL=dlltool
+_LT_DECL([], [DLLTOOL], [0], [DLL creation program])dnl
+
+test -z "$OBJDUMP" && OBJDUMP=objdump
+_LT_DECL([], [OBJDUMP], [0], [Object dumper program])dnl
+])# win32-dll
+
+AU_DEFUN([AC_LIBTOOL_WIN32_DLL],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+_LT_SET_OPTION([LT_INIT], [win32-dll])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you
+put the `win32-dll' option into LT_INIT's first parameter.])
+])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [])
+
+
+# _LT_ENABLE_SHARED([DEFAULT])
+# ----------------------------
+# implement the --enable-shared flag, and supports the `shared' and
+# `disable-shared' LT_INIT options.
+# DEFAULT is either `yes' or `no'.  If omitted, it defaults to `yes'.
+m4_define([_LT_ENABLE_SHARED],
+[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl
+AC_ARG_ENABLE([shared],
+    [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@],
+	[build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])],
+    [p=${PACKAGE-default}
+    case $enableval in
+    yes) enable_shared=yes ;;
+    no) enable_shared=no ;;
+    *)
+      enable_shared=no
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+      for pkg in $enableval; do
+	IFS="$lt_save_ifs"
+	if test "X$pkg" = "X$p"; then
+	  enable_shared=yes
+	fi
+      done
+      IFS="$lt_save_ifs"
+      ;;
+    esac],
+    [enable_shared=]_LT_ENABLE_SHARED_DEFAULT)
+
+    _LT_DECL([build_libtool_libs], [enable_shared], [0],
+	[Whether or not to build shared libraries])
+])# _LT_ENABLE_SHARED
+
+LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])])
+LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])])
+
+# Old names:
+AC_DEFUN([AC_ENABLE_SHARED],
+[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared])
+])
+
+AC_DEFUN([AC_DISABLE_SHARED],
+[_LT_SET_OPTION([LT_INIT], [disable-shared])
+])
+
+AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)])
+AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AM_ENABLE_SHARED], [])
+dnl AC_DEFUN([AM_DISABLE_SHARED], [])
+
+
+
+# _LT_ENABLE_STATIC([DEFAULT])
+# ----------------------------
+# implement the --enable-static flag, and support the `static' and
+# `disable-static' LT_INIT options.
+# DEFAULT is either `yes' or `no'.  If omitted, it defaults to `yes'.
+m4_define([_LT_ENABLE_STATIC],
+[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl
+AC_ARG_ENABLE([static],
+    [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@],
+	[build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])],
+    [p=${PACKAGE-default}
+    case $enableval in
+    yes) enable_static=yes ;;
+    no) enable_static=no ;;
+    *)
+     enable_static=no
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+      for pkg in $enableval; do
+	IFS="$lt_save_ifs"
+	if test "X$pkg" = "X$p"; then
+	  enable_static=yes
+	fi
+      done
+      IFS="$lt_save_ifs"
+      ;;
+    esac],
+    [enable_static=]_LT_ENABLE_STATIC_DEFAULT)
+
+    _LT_DECL([build_old_libs], [enable_static], [0],
+	[Whether or not to build static libraries])
+])# _LT_ENABLE_STATIC
+
+LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])])
+LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])])
+
+# Old names:
+AC_DEFUN([AC_ENABLE_STATIC],
+[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static])
+])
+
+AC_DEFUN([AC_DISABLE_STATIC],
+[_LT_SET_OPTION([LT_INIT], [disable-static])
+])
+
+AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)])
+AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AM_ENABLE_STATIC], [])
+dnl AC_DEFUN([AM_DISABLE_STATIC], [])
+
+
+
+# _LT_ENABLE_FAST_INSTALL([DEFAULT])
+# ----------------------------------
+# implement the --enable-fast-install flag, and support the `fast-install'
+# and `disable-fast-install' LT_INIT options.
+# DEFAULT is either `yes' or `no'.  If omitted, it defaults to `yes'.
+m4_define([_LT_ENABLE_FAST_INSTALL],
+[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl
+AC_ARG_ENABLE([fast-install],
+    [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@],
+    [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])],
+    [p=${PACKAGE-default}
+    case $enableval in
+    yes) enable_fast_install=yes ;;
+    no) enable_fast_install=no ;;
+    *)
+      enable_fast_install=no
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+      for pkg in $enableval; do
+	IFS="$lt_save_ifs"
+	if test "X$pkg" = "X$p"; then
+	  enable_fast_install=yes
+	fi
+      done
+      IFS="$lt_save_ifs"
+      ;;
+    esac],
+    [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT)
+
+_LT_DECL([fast_install], [enable_fast_install], [0],
+	 [Whether or not to optimize for fast installation])dnl
+])# _LT_ENABLE_FAST_INSTALL
+
+LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])])
+LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])])
+
+# Old names:
+AU_DEFUN([AC_ENABLE_FAST_INSTALL],
+[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you put
+the `fast-install' option into LT_INIT's first parameter.])
+])
+
+AU_DEFUN([AC_DISABLE_FAST_INSTALL],
+[_LT_SET_OPTION([LT_INIT], [disable-fast-install])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you put
+the `disable-fast-install' option into LT_INIT's first parameter.])
+])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], [])
+dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
+
+
+# _LT_WITH_PIC([MODE])
+# --------------------
+# implement the --with-pic flag, and support the `pic-only' and `no-pic'
+# LT_INIT options.
+# MODE is either `yes' or `no'.  If omitted, it defaults to `both'.
+m4_define([_LT_WITH_PIC],
+[AC_ARG_WITH([pic],
+    [AS_HELP_STRING([--with-pic],
+	[try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
+    [pic_mode="$withval"],
+    [pic_mode=default])
+
+test -z "$pic_mode" && pic_mode=m4_default([$1], [default])
+
+_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl
+])# _LT_WITH_PIC
+
+LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])])
+LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])])
+
+# Old name:
+AU_DEFUN([AC_LIBTOOL_PICMODE],
+[_LT_SET_OPTION([LT_INIT], [pic-only])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you
+put the `pic-only' option into LT_INIT's first parameter.])
+])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_PICMODE], [])
+
+## ----------------- ##
+## LTDL_INIT Options ##
+## ----------------- ##
+
+m4_define([_LTDL_MODE], [])
+LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive],
+		 [m4_define([_LTDL_MODE], [nonrecursive])])
+LT_OPTION_DEFINE([LTDL_INIT], [recursive],
+		 [m4_define([_LTDL_MODE], [recursive])])
+LT_OPTION_DEFINE([LTDL_INIT], [subproject],
+		 [m4_define([_LTDL_MODE], [subproject])])
+
+m4_define([_LTDL_TYPE], [])
+LT_OPTION_DEFINE([LTDL_INIT], [installable],
+		 [m4_define([_LTDL_TYPE], [installable])])
+LT_OPTION_DEFINE([LTDL_INIT], [convenience],
+		 [m4_define([_LTDL_TYPE], [convenience])])
diff --git a/sudo-1.7.4p4/m4/ltsugar.m4 b/sudo-1.7.4p4/m4/ltsugar.m4
new file mode 100644
index 0000000..9000a05
--- /dev/null
+++ b/sudo-1.7.4p4/m4/ltsugar.m4
@@ -0,0 +1,123 @@
+# ltsugar.m4 -- libtool m4 base layer.                         -*-Autoconf-*-
+#
+# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
+# Written by Gary V. Vaughan, 2004
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+# serial 6 ltsugar.m4
+
+# This is to help aclocal find these macros, as it can't see m4_define.
+AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])])
+
+
+# lt_join(SEP, ARG1, [ARG2...])
+# -----------------------------
+# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their
+# associated separator.
+# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier
+# versions in m4sugar had bugs.
+m4_define([lt_join],
+[m4_if([$#], [1], [],
+       [$#], [2], [[$2]],
+       [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])])
+m4_define([_lt_join],
+[m4_if([$#$2], [2], [],
+       [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])])
+
+
+# lt_car(LIST)
+# lt_cdr(LIST)
+# ------------
+# Manipulate m4 lists.
+# These macros are necessary as long as will still need to support
+# Autoconf-2.59 which quotes differently.
+m4_define([lt_car], [[$1]])
+m4_define([lt_cdr],
+[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
+       [$#], 1, [],
+       [m4_dquote(m4_shift($@))])])
+m4_define([lt_unquote], $1)
+
+
+# lt_append(MACRO-NAME, STRING, [SEPARATOR])
+# ------------------------------------------
+# Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'.
+# Note that neither SEPARATOR nor STRING are expanded; they are appended
+# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
+# No SEPARATOR is output if MACRO-NAME was previously undefined (different
+# than defined and empty).
+#
+# This macro is needed until we can rely on Autoconf 2.62, since earlier
+# versions of m4sugar mistakenly expanded SEPARATOR but not STRING.
+m4_define([lt_append],
+[m4_define([$1],
+	   m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])])
+
+
+
+# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...])
+# ----------------------------------------------------------
+# Produce a SEP delimited list of all paired combinations of elements of
+# PREFIX-LIST with SUFFIX1 through SUFFIXn.  Each element of the list
+# has the form PREFIXmINFIXSUFFIXn.
+# Needed until we can rely on m4_combine added in Autoconf 2.62.
+m4_define([lt_combine],
+[m4_if(m4_eval([$# > 3]), [1],
+       [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl
+[[m4_foreach([_Lt_prefix], [$2],
+	     [m4_foreach([_Lt_suffix],
+		]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[,
+	[_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])])
+
+
+# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ])
+# -----------------------------------------------------------------------
+# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited
+# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ.
+m4_define([lt_if_append_uniq],
+[m4_ifdef([$1],
+	  [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1],
+		 [lt_append([$1], [$2], [$3])$4],
+		 [$5])],
+	  [lt_append([$1], [$2], [$3])$4])])
+
+
+# lt_dict_add(DICT, KEY, VALUE)
+# -----------------------------
+m4_define([lt_dict_add],
+[m4_define([$1($2)], [$3])])
+
+
+# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE)
+# --------------------------------------------
+m4_define([lt_dict_add_subkey],
+[m4_define([$1($2:$3)], [$4])])
+
+
+# lt_dict_fetch(DICT, KEY, [SUBKEY])
+# ----------------------------------
+m4_define([lt_dict_fetch],
+[m4_ifval([$3],
+	m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]),
+    m4_ifdef([$1($2)], [m4_defn([$1($2)])]))])
+
+
+# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE])
+# -----------------------------------------------------------------
+m4_define([lt_if_dict_fetch],
+[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4],
+	[$5],
+    [$6])])
+
+
+# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...])
+# --------------------------------------------------------------
+m4_define([lt_dict_filter],
+[m4_if([$5], [], [],
+  [lt_join(m4_quote(m4_default([$4], [[, ]])),
+           lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]),
+		      [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl
+])
diff --git a/sudo-1.7.4p4/m4/ltversion.m4 b/sudo-1.7.4p4/m4/ltversion.m4
new file mode 100644
index 0000000..f3c5309
--- /dev/null
+++ b/sudo-1.7.4p4/m4/ltversion.m4
@@ -0,0 +1,23 @@
+# ltversion.m4 -- version numbers			-*- Autoconf -*-
+#
+#   Copyright (C) 2004 Free Software Foundation, Inc.
+#   Written by Scott James Remnant, 2004
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+# Generated from ltversion.in.
+
+# serial 3017 ltversion.m4
+# This file is part of GNU Libtool
+
+m4_define([LT_PACKAGE_VERSION], [2.2.6b])
+m4_define([LT_PACKAGE_REVISION], [1.3017])
+
+AC_DEFUN([LTVERSION_VERSION],
+[macro_version='2.2.6b'
+macro_revision='1.3017'
+_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
+_LT_DECL(, macro_revision, 0)
+])
diff --git a/sudo-1.7.4p4/m4/lt~obsolete.m4 b/sudo-1.7.4p4/m4/lt~obsolete.m4
new file mode 100644
index 0000000..637bb20
--- /dev/null
+++ b/sudo-1.7.4p4/m4/lt~obsolete.m4
@@ -0,0 +1,92 @@
+# lt~obsolete.m4 -- aclocal satisfying obsolete definitions.    -*-Autoconf-*-
+#
+#   Copyright (C) 2004, 2005, 2007 Free Software Foundation, Inc.
+#   Written by Scott James Remnant, 2004.
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+# serial 4 lt~obsolete.m4
+
+# These exist entirely to fool aclocal when bootstrapping libtool.
+#
+# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN)
+# which have later been changed to m4_define as they aren't part of the
+# exported API, or moved to Autoconf or Automake where they belong.
+#
+# The trouble is, aclocal is a bit thick.  It'll see the old AC_DEFUN
+# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us
+# using a macro with the same name in our local m4/libtool.m4 it'll
+# pull the old libtool.m4 in (it doesn't see our shiny new m4_define
+# and doesn't know about Autoconf macros at all.)
+#
+# So we provide this file, which has a silly filename so it's always
+# included after everything else.  This provides aclocal with the
+# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
+# because those macros already exist, or will be overwritten later.
+# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6. 
+#
+# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
+# Yes, that means every name once taken will need to remain here until
+# we give up compatibility with versions before 1.7, at which point
+# we need to keep only those names which we still refer to.
+
+# This is to help aclocal find these macros, as it can't see m4_define.
+AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])])
+
+m4_ifndef([AC_LIBTOOL_LINKER_OPTION],	[AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])])
+m4_ifndef([AC_PROG_EGREP],		[AC_DEFUN([AC_PROG_EGREP])])
+m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH],	[AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])])
+m4_ifndef([_LT_AC_SHELL_INIT],		[AC_DEFUN([_LT_AC_SHELL_INIT])])
+m4_ifndef([_LT_AC_SYS_LIBPATH_AIX],	[AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])])
+m4_ifndef([_LT_PROG_LTMAIN],		[AC_DEFUN([_LT_PROG_LTMAIN])])
+m4_ifndef([_LT_AC_TAGVAR],		[AC_DEFUN([_LT_AC_TAGVAR])])
+m4_ifndef([AC_LTDL_ENABLE_INSTALL],	[AC_DEFUN([AC_LTDL_ENABLE_INSTALL])])
+m4_ifndef([AC_LTDL_PREOPEN],		[AC_DEFUN([AC_LTDL_PREOPEN])])
+m4_ifndef([_LT_AC_SYS_COMPILER],	[AC_DEFUN([_LT_AC_SYS_COMPILER])])
+m4_ifndef([_LT_AC_LOCK],		[AC_DEFUN([_LT_AC_LOCK])])
+m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE],	[AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])])
+m4_ifndef([_LT_AC_TRY_DLOPEN_SELF],	[AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])])
+m4_ifndef([AC_LIBTOOL_PROG_CC_C_O],	[AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])])
+m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])])
+m4_ifndef([AC_LIBTOOL_OBJDIR],		[AC_DEFUN([AC_LIBTOOL_OBJDIR])])
+m4_ifndef([AC_LTDL_OBJDIR],		[AC_DEFUN([AC_LTDL_OBJDIR])])
+m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])])
+m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP],	[AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])])
+m4_ifndef([AC_PATH_MAGIC],		[AC_DEFUN([AC_PATH_MAGIC])])
+m4_ifndef([AC_PROG_LD_GNU],		[AC_DEFUN([AC_PROG_LD_GNU])])
+m4_ifndef([AC_PROG_LD_RELOAD_FLAG],	[AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])])
+m4_ifndef([AC_DEPLIBS_CHECK_METHOD],	[AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])])
+m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])])
+m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])])
+m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])])
+m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS],	[AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])])
+m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP],	[AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])])
+m4_ifndef([LT_AC_PROG_EGREP],		[AC_DEFUN([LT_AC_PROG_EGREP])])
+m4_ifndef([LT_AC_PROG_SED],		[AC_DEFUN([LT_AC_PROG_SED])])
+m4_ifndef([_LT_CC_BASENAME],		[AC_DEFUN([_LT_CC_BASENAME])])
+m4_ifndef([_LT_COMPILER_BOILERPLATE],	[AC_DEFUN([_LT_COMPILER_BOILERPLATE])])
+m4_ifndef([_LT_LINKER_BOILERPLATE],	[AC_DEFUN([_LT_LINKER_BOILERPLATE])])
+m4_ifndef([_AC_PROG_LIBTOOL],		[AC_DEFUN([_AC_PROG_LIBTOOL])])
+m4_ifndef([AC_LIBTOOL_SETUP],		[AC_DEFUN([AC_LIBTOOL_SETUP])])
+m4_ifndef([_LT_AC_CHECK_DLFCN],		[AC_DEFUN([_LT_AC_CHECK_DLFCN])])
+m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER],	[AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])])
+m4_ifndef([_LT_AC_TAGCONFIG],		[AC_DEFUN([_LT_AC_TAGCONFIG])])
+m4_ifndef([AC_DISABLE_FAST_INSTALL],	[AC_DEFUN([AC_DISABLE_FAST_INSTALL])])
+m4_ifndef([_LT_AC_LANG_CXX],		[AC_DEFUN([_LT_AC_LANG_CXX])])
+m4_ifndef([_LT_AC_LANG_F77],		[AC_DEFUN([_LT_AC_LANG_F77])])
+m4_ifndef([_LT_AC_LANG_GCJ],		[AC_DEFUN([_LT_AC_LANG_GCJ])])
+m4_ifndef([AC_LIBTOOL_RC],		[AC_DEFUN([AC_LIBTOOL_RC])])
+m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])])
+m4_ifndef([_LT_AC_LANG_C_CONFIG],	[AC_DEFUN([_LT_AC_LANG_C_CONFIG])])
+m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])])
+m4_ifndef([_LT_AC_LANG_CXX_CONFIG],	[AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])])
+m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])])
+m4_ifndef([_LT_AC_LANG_F77_CONFIG],	[AC_DEFUN([_LT_AC_LANG_F77_CONFIG])])
+m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])])
+m4_ifndef([_LT_AC_LANG_GCJ_CONFIG],	[AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])])
+m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])])
+m4_ifndef([_LT_AC_LANG_RC_CONFIG],	[AC_DEFUN([_LT_AC_LANG_RC_CONFIG])])
+m4_ifndef([AC_LIBTOOL_CONFIG],		[AC_DEFUN([AC_LIBTOOL_CONFIG])])
+m4_ifndef([_LT_AC_FILE_LTDLL_C],	[AC_DEFUN([_LT_AC_FILE_LTDLL_C])])
diff --git a/sudo-1.7.4p4/match.c b/sudo-1.7.4p4/match.c
new file mode 100644
index 0000000..91ec315
--- /dev/null
+++ b/sudo-1.7.4p4/match.c
@@ -0,0 +1,886 @@
+/*
+ * Copyright (c) 1996, 1998-2005, 2007-2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#ifdef HAVE_FNMATCH
+# include <fnmatch.h>
+#endif /* HAVE_FNMATCH */
+#ifdef HAVE_EXTENDED_GLOB
+# include <glob.h>
+#endif /* HAVE_EXTENDED_GLOB */
+#ifdef HAVE_NETGROUP_H
+# include <netgroup.h>
+#endif /* HAVE_NETGROUP_H */
+#include <ctype.h>
+#include <pwd.h>
+#include <grp.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#ifdef HAVE_DIRENT_H
+# include <dirent.h>
+# define NAMLEN(dirent) strlen((dirent)->d_name)
+#else
+# define dirent direct
+# define NAMLEN(dirent) (dirent)->d_namlen
+# ifdef HAVE_SYS_NDIR_H
+#  include <sys/ndir.h>
+# endif
+# ifdef HAVE_SYS_DIR_H
+#  include <sys/dir.h>
+# endif
+# ifdef HAVE_NDIR_H
+#  include <ndir.h>
+# endif
+#endif
+
+#include "sudo.h"
+#include "interfaces.h"
+#include "parse.h"
+#include <gram.h>
+
+#ifndef HAVE_FNMATCH
+# include "emul/fnmatch.h"
+#endif /* HAVE_FNMATCH */
+#ifndef HAVE_EXTENDED_GLOB
+# include "emul/glob.h"
+#endif /* HAVE_EXTENDED_GLOB */
+#ifdef USING_NONUNIX_GROUPS
+# include "nonunix.h"
+#endif /* USING_NONUNIX_GROUPS */
+
+static struct member_list empty;
+
+static int command_matches_dir __P((char *, size_t));
+static int command_matches_glob __P((char *, char *));
+static int command_matches_fnmatch __P((char *, char *));
+static int command_matches_normal __P((char *, char *));
+
+/*
+ * Returns TRUE if string 's' contains meta characters.
+ */
+#define has_meta(s)	(strpbrk(s, "\\?*[]") != NULL)
+
+/*
+ * Check for user described by pw in a list of members.
+ * Returns ALLOW, DENY or UNSPEC.
+ */
+static int
+_userlist_matches(pw, list)
+    struct passwd *pw;
+    struct member_list *list;
+{
+    struct member *m;
+    struct alias *a;
+    int rval, matched = UNSPEC;
+
+    tq_foreach_rev(list, m) {
+	switch (m->type) {
+	    case ALL:
+		matched = !m->negated;
+		break;
+	    case NETGROUP:
+		if (netgr_matches(m->name, NULL, NULL, pw->pw_name))
+		    matched = !m->negated;
+		break;
+	    case USERGROUP:
+		if (usergr_matches(m->name, pw->pw_name, pw))
+		    matched = !m->negated;
+		break;
+	    case ALIAS:
+		if ((a = alias_find(m->name, USERALIAS)) != NULL) {
+		    rval = _userlist_matches(pw, &a->members);
+		    if (rval != UNSPEC)
+			matched = m->negated ? !rval : rval;
+		    break;
+		}
+		/* FALLTHROUGH */
+	    case WORD:
+		if (userpw_matches(m->name, pw->pw_name, pw))
+		    matched = !m->negated;
+		break;
+	}
+	if (matched != UNSPEC)
+	    break;
+    }
+    return(matched);
+}
+
+int
+userlist_matches(pw, list)
+    struct passwd *pw;
+    struct member_list *list;
+{
+    alias_seqno++;
+    return(_userlist_matches(pw, list));
+}
+
+/*
+ * Check for user described by pw in a list of members.
+ * If both lists are empty compare against def_runas_default.
+ * Returns ALLOW, DENY or UNSPEC.
+ */
+static int
+_runaslist_matches(user_list, group_list)
+    struct member_list *user_list;
+    struct member_list *group_list;
+{
+    struct member *m;
+    struct alias *a;
+    int rval;
+    int user_matched = UNSPEC;
+    int group_matched = UNSPEC;
+
+    if (tq_empty(user_list) && tq_empty(group_list))
+	return(userpw_matches(def_runas_default, runas_pw->pw_name, runas_pw));
+
+    if (runas_pw != NULL) {
+	tq_foreach_rev(user_list, m) {
+	    switch (m->type) {
+		case ALL:
+		    user_matched = !m->negated;
+		    break;
+		case NETGROUP:
+		    if (netgr_matches(m->name, NULL, NULL, runas_pw->pw_name))
+			user_matched = !m->negated;
+		    break;
+		case USERGROUP:
+		    if (usergr_matches(m->name, runas_pw->pw_name, runas_pw))
+			user_matched = !m->negated;
+		    break;
+		case ALIAS:
+		    if ((a = alias_find(m->name, RUNASALIAS)) != NULL) {
+			rval = _runaslist_matches(&a->members, &empty);
+			if (rval != UNSPEC)
+			    user_matched = m->negated ? !rval : rval;
+			break;
+		    }
+		    /* FALLTHROUGH */
+		case WORD:
+		    if (userpw_matches(m->name, runas_pw->pw_name, runas_pw))
+			user_matched = !m->negated;
+		    break;
+	    }
+	    if (user_matched != UNSPEC)
+		break;
+	}
+    }
+
+    if (runas_gr != NULL) {
+	if (user_matched == UNSPEC) {
+	    if (runas_pw == NULL || strcmp(runas_pw->pw_name, user_name) == 0)
+		user_matched = ALLOW;	/* only changing group */
+	}
+	tq_foreach_rev(group_list, m) {
+	    switch (m->type) {
+		case ALL:
+		    group_matched = !m->negated;
+		    break;
+		case ALIAS:
+		    if ((a = alias_find(m->name, RUNASALIAS)) != NULL) {
+			rval = _runaslist_matches(&a->members, &empty);
+			if (rval != UNSPEC)
+			    group_matched = m->negated ? !rval : rval;
+			break;
+		    }
+		    /* FALLTHROUGH */
+		case WORD:
+		    if (group_matches(m->name, runas_gr))
+			group_matched = !m->negated;
+		    break;
+	    }
+	    if (group_matched != UNSPEC)
+		break;
+	}
+    }
+
+    if (user_matched == DENY || group_matched == DENY)
+	return(DENY);
+    if (user_matched == group_matched || runas_gr == NULL)
+	return(user_matched);
+    return(UNSPEC);
+}
+
+int
+runaslist_matches(user_list, group_list)
+    struct member_list *user_list;
+    struct member_list *group_list;
+{
+    alias_seqno++;
+    return(_runaslist_matches(user_list ? user_list : &empty,
+	group_list ? group_list : &empty));
+}
+
+/*
+ * Check for host and shost in a list of members.
+ * Returns ALLOW, DENY or UNSPEC.
+ */
+static int
+_hostlist_matches(list)
+    struct member_list *list;
+{
+    struct member *m;
+    struct alias *a;
+    int rval, matched = UNSPEC;
+
+    tq_foreach_rev(list, m) {
+	switch (m->type) {
+	    case ALL:
+		matched = !m->negated;
+		break;
+	    case NETGROUP:
+		if (netgr_matches(m->name, user_host, user_shost, NULL))
+		    matched = !m->negated;
+		break;
+	    case NTWKADDR:
+		if (addr_matches(m->name))
+		    matched = !m->negated;
+		break;
+	    case ALIAS:
+		if ((a = alias_find(m->name, HOSTALIAS)) != NULL) {
+		    rval = _hostlist_matches(&a->members);
+		    if (rval != UNSPEC)
+			matched = m->negated ? !rval : rval;
+		    break;
+		}
+		/* FALLTHROUGH */
+	    case WORD:
+		if (hostname_matches(user_shost, user_host, m->name))
+		    matched = !m->negated;
+		break;
+	}
+	if (matched != UNSPEC)
+	    break;
+    }
+    return(matched);
+}
+
+int
+hostlist_matches(list)
+    struct member_list *list;
+{
+    alias_seqno++;
+    return(_hostlist_matches(list));
+}
+
+/*
+ * Check for cmnd and args in a list of members.
+ * Returns ALLOW, DENY or UNSPEC.
+ */
+static int
+_cmndlist_matches(list)
+    struct member_list *list;
+{
+    struct member *m;
+    int matched = UNSPEC;
+
+    tq_foreach_rev(list, m) {
+	matched = cmnd_matches(m);
+	if (matched != UNSPEC)
+	    break;
+    }
+    return(matched);
+}
+
+int
+cmndlist_matches(list)
+    struct member_list *list;
+{
+    alias_seqno++;
+    return(_cmndlist_matches(list));
+}
+
+/*
+ * Check cmnd and args.
+ * Returns ALLOW, DENY or UNSPEC.
+ */
+int
+cmnd_matches(m)
+    struct member *m;
+{
+    struct alias *a;
+    struct sudo_command *c;
+    int rval, matched = UNSPEC;
+
+    switch (m->type) {
+	case ALL:
+	    matched = !m->negated;
+	    break;
+	case ALIAS:
+	    alias_seqno++;
+	    if ((a = alias_find(m->name, CMNDALIAS)) != NULL) {
+		rval = _cmndlist_matches(&a->members);
+		if (rval != UNSPEC)
+		    matched = m->negated ? !rval : rval;
+	    }
+	    break;
+	case COMMAND:
+	    c = (struct sudo_command *)m->name;
+	    if (command_matches(c->cmnd, c->args))
+		matched = !m->negated;
+	    break;
+    }
+    return(matched);
+}
+
+/*
+ * If path doesn't end in /, return TRUE iff cmnd & path name the same inode;
+ * otherwise, return TRUE if user_cmnd names one of the inodes in path.
+ */
+int
+command_matches(sudoers_cmnd, sudoers_args)
+    char *sudoers_cmnd;
+    char *sudoers_args;
+{
+    /* Check for pseudo-commands */
+    if (sudoers_cmnd[0] != '/') {
+	/*
+	 * Return true if both sudoers_cmnd and user_cmnd are "sudoedit" AND
+	 *  a) there are no args in sudoers OR
+	 *  b) there are no args on command line and none req by sudoers OR
+	 *  c) there are args in sudoers and on command line and they match
+	 */
+	if (strcmp(sudoers_cmnd, "sudoedit") != 0 ||
+	    strcmp(user_cmnd, "sudoedit") != 0)
+	    return(FALSE);
+	if (!sudoers_args ||
+	    (!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||
+	    (sudoers_args &&
+	     fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0)) {
+	    efree(safe_cmnd);
+	    safe_cmnd = estrdup(sudoers_cmnd);
+	    return(TRUE);
+	} else
+	    return(FALSE);
+    }
+
+    if (has_meta(sudoers_cmnd)) {
+	/*
+	 * If sudoers_cmnd has meta characters in it, we need to
+	 * use glob(3) and/or fnmatch(3) to do the matching.
+	 */
+	if (def_fast_glob)
+	    return(command_matches_fnmatch(sudoers_cmnd, sudoers_args));
+	return(command_matches_glob(sudoers_cmnd, sudoers_args));
+    }
+    return(command_matches_normal(sudoers_cmnd, sudoers_args));
+}
+
+static int
+command_matches_fnmatch(sudoers_cmnd, sudoers_args)
+    char *sudoers_cmnd;
+    char *sudoers_args;
+{
+    /*
+     * Return true if fnmatch(3) succeeds AND
+     *  a) there are no args in sudoers OR
+     *  b) there are no args on command line and none required by sudoers OR
+     *  c) there are args in sudoers and on command line and they match
+     * else return false.
+     */
+    if (fnmatch(sudoers_cmnd, user_cmnd, FNM_PATHNAME) != 0)
+	return(FALSE);
+    if (!sudoers_args ||
+	(!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||
+	(sudoers_args &&
+	 fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0)) {
+	if (safe_cmnd)
+	    free(safe_cmnd);
+	safe_cmnd = estrdup(user_cmnd);
+	return(TRUE);
+    } else
+	return(FALSE);
+}
+
+static int
+command_matches_glob(sudoers_cmnd, sudoers_args)
+    char *sudoers_cmnd;
+    char *sudoers_args;
+{
+    struct stat sudoers_stat;
+    size_t dlen;
+    char **ap, *base, *cp;
+    glob_t gl;
+
+    /*
+     * First check to see if we can avoid the call to glob(3).
+     * Short circuit if there are no meta chars in the command itself
+     * and user_base and basename(sudoers_cmnd) don't match.
+     */
+    dlen = strlen(sudoers_cmnd);
+    if (sudoers_cmnd[dlen - 1] != '/') {
+	if ((base = strrchr(sudoers_cmnd, '/')) != NULL) {
+	    base++;
+	    if (!has_meta(base) && strcmp(user_base, base) != 0)
+		return(FALSE);
+	}
+    }
+    /*
+     * Return true if we find a match in the glob(3) results AND
+     *  a) there are no args in sudoers OR
+     *  b) there are no args on command line and none required by sudoers OR
+     *  c) there are args in sudoers and on command line and they match
+     * else return false.
+     */
+#define GLOB_FLAGS	(GLOB_NOSORT | GLOB_MARK | GLOB_BRACE | GLOB_TILDE)
+    if (glob(sudoers_cmnd, GLOB_FLAGS, NULL, &gl) != 0 || gl.gl_pathc == 0) {
+	globfree(&gl);
+	return(FALSE);
+    }
+    /* For each glob match, compare basename, st_dev and st_ino. */
+    for (ap = gl.gl_pathv; (cp = *ap) != NULL; ap++) {
+	/* If it ends in '/' it is a directory spec. */
+	dlen = strlen(cp);
+	if (cp[dlen - 1] == '/') {
+	    if (command_matches_dir(cp, dlen))
+		return(TRUE);
+	    continue;
+	}
+
+	/* Only proceed if user_base and basename(cp) match */
+	if ((base = strrchr(cp, '/')) != NULL)
+	    base++;
+	else
+	    base = cp;
+	if (strcmp(user_base, base) != 0 ||
+	    stat(cp, &sudoers_stat) == -1)
+	    continue;
+	if (user_stat == NULL ||
+	    (user_stat->st_dev == sudoers_stat.st_dev &&
+	    user_stat->st_ino == sudoers_stat.st_ino)) {
+	    efree(safe_cmnd);
+	    safe_cmnd = estrdup(cp);
+	    break;
+	}
+    }
+    globfree(&gl);
+    if (cp == NULL)
+	return(FALSE);
+
+    if (!sudoers_args ||
+	(!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||
+	(sudoers_args &&
+	 fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0)) {
+	efree(safe_cmnd);
+	safe_cmnd = estrdup(user_cmnd);
+	return(TRUE);
+    }
+    return(FALSE);
+}
+
+static int
+command_matches_normal(sudoers_cmnd, sudoers_args)
+    char *sudoers_cmnd;
+    char *sudoers_args;
+{
+    struct stat sudoers_stat;
+    char *base;
+    size_t dlen;
+
+    /* If it ends in '/' it is a directory spec. */
+    dlen = strlen(sudoers_cmnd);
+    if (sudoers_cmnd[dlen - 1] == '/')
+	return(command_matches_dir(sudoers_cmnd, dlen));
+
+    /* Only proceed if user_base and basename(sudoers_cmnd) match */
+    if ((base = strrchr(sudoers_cmnd, '/')) == NULL)
+	base = sudoers_cmnd;
+    else
+	base++;
+    if (strcmp(user_base, base) != 0 ||
+	stat(sudoers_cmnd, &sudoers_stat) == -1)
+	return(FALSE);
+
+    /*
+     * Return true if inode/device matches AND
+     *  a) there are no args in sudoers OR
+     *  b) there are no args on command line and none req by sudoers OR
+     *  c) there are args in sudoers and on command line and they match
+     */
+    if (user_stat != NULL &&
+	(user_stat->st_dev != sudoers_stat.st_dev ||
+	user_stat->st_ino != sudoers_stat.st_ino))
+	return(FALSE);
+    if (!sudoers_args ||
+	(!user_args && sudoers_args && !strcmp("\"\"", sudoers_args)) ||
+	(sudoers_args &&
+	 fnmatch(sudoers_args, user_args ? user_args : "", 0) == 0)) {
+	efree(safe_cmnd);
+	safe_cmnd = estrdup(sudoers_cmnd);
+	return(TRUE);
+    }
+    return(FALSE);
+}
+
+/*
+ * Return TRUE if user_cmnd names one of the inodes in dir, else FALSE.
+ */
+static int
+command_matches_dir(sudoers_dir, dlen)
+    char *sudoers_dir;
+    size_t dlen;
+{
+    struct stat sudoers_stat;
+    struct dirent *dent;
+    char buf[PATH_MAX];
+    DIR *dirp;
+
+    /*
+     * Grot through directory entries, looking for user_base.
+     */
+    dirp = opendir(sudoers_dir);
+    if (dirp == NULL)
+	return(FALSE);
+
+    if (strlcpy(buf, sudoers_dir, sizeof(buf)) >= sizeof(buf)) {
+	closedir(dirp);
+	return(FALSE);
+    }
+    while ((dent = readdir(dirp)) != NULL) {
+	/* ignore paths > PATH_MAX (XXX - log) */
+	buf[dlen] = '\0';
+	if (strlcat(buf, dent->d_name, sizeof(buf)) >= sizeof(buf))
+	    continue;
+
+	/* only stat if basenames are the same */
+	if (strcmp(user_base, dent->d_name) != 0 ||
+	    stat(buf, &sudoers_stat) == -1)
+	    continue;
+	if (user_stat->st_dev == sudoers_stat.st_dev &&
+	    user_stat->st_ino == sudoers_stat.st_ino) {
+	    efree(safe_cmnd);
+	    safe_cmnd = estrdup(buf);
+	    break;
+	}
+    }
+
+    closedir(dirp);
+    return(dent != NULL);
+}
+
+static int
+addr_matches_if(n)
+    char *n;
+{
+    int i;
+    union sudo_in_addr_un addr;
+    struct interface *ifp;
+#ifdef HAVE_IN6_ADDR
+    int j;
+#endif
+    int family;
+
+#ifdef HAVE_IN6_ADDR
+    if (inet_pton(AF_INET6, n, &addr.ip6) > 0) {
+	family = AF_INET6;
+    } else
+#endif
+    {
+	family = AF_INET;
+	addr.ip4.s_addr = inet_addr(n);
+    }
+
+    for (i = 0; i < num_interfaces; i++) {
+	ifp = &interfaces[i];
+	if (ifp->family != family)
+	    continue;
+	switch(family) {
+	    case AF_INET:
+		if (ifp->addr.ip4.s_addr == addr.ip4.s_addr ||
+		    (ifp->addr.ip4.s_addr & ifp->netmask.ip4.s_addr)
+		    == addr.ip4.s_addr)
+		    return(TRUE);
+		break;
+#ifdef HAVE_IN6_ADDR
+	    case AF_INET6:
+		if (memcmp(ifp->addr.ip6.s6_addr, addr.ip6.s6_addr,
+		    sizeof(addr.ip6.s6_addr)) == 0)
+		    return(TRUE);
+		for (j = 0; j < sizeof(addr.ip6.s6_addr); j++) {
+		    if ((ifp->addr.ip6.s6_addr[j] & ifp->netmask.ip6.s6_addr[j]) != addr.ip6.s6_addr[j])
+			break;
+		}
+		if (j == sizeof(addr.ip6.s6_addr))
+		    return(TRUE);
+#endif
+	}
+    }
+
+    return(FALSE);
+}
+
+static int
+addr_matches_if_netmask(n, m)
+    char *n;
+    char *m;
+{
+    int i;
+    union sudo_in_addr_un addr, mask;
+    struct interface *ifp;
+#ifdef HAVE_IN6_ADDR
+    int j;
+#endif
+    int family;
+
+#ifdef HAVE_IN6_ADDR
+    if (inet_pton(AF_INET6, n, &addr.ip6) > 0)
+	family = AF_INET6;
+    else
+#endif
+    {
+	family = AF_INET;
+	addr.ip4.s_addr = inet_addr(n);
+    }
+
+    if (family == AF_INET) {
+	if (strchr(m, '.'))
+	    mask.ip4.s_addr = inet_addr(m);
+	else {
+	    i = 32 - atoi(m);
+	    mask.ip4.s_addr = 0xffffffff;
+	    mask.ip4.s_addr >>= i;
+	    mask.ip4.s_addr <<= i;
+	    mask.ip4.s_addr = htonl(mask.ip4.s_addr);
+	}
+    }
+#ifdef HAVE_IN6_ADDR
+    else {
+	if (inet_pton(AF_INET6, m, &mask.ip6) <= 0) {
+	    j = atoi(m);
+	    for (i = 0; i < 16; i++) {
+		if (j < i * 8)
+		    mask.ip6.s6_addr[i] = 0;
+		else if (i * 8 + 8 <= j)
+		    mask.ip6.s6_addr[i] = 0xff;
+		else
+		    mask.ip6.s6_addr[i] = 0xff00 >> (j - i * 8);
+	    }
+	}
+    }
+#endif /* HAVE_IN6_ADDR */
+
+    for (i = 0; i < num_interfaces; i++) {
+	ifp = &interfaces[i];
+	if (ifp->family != family)
+	    continue;
+	switch(family) {
+	    case AF_INET:
+		if ((ifp->addr.ip4.s_addr & mask.ip4.s_addr) == addr.ip4.s_addr)
+		    return(TRUE);
+#ifdef HAVE_IN6_ADDR
+	    case AF_INET6:
+		for (j = 0; j < sizeof(addr.ip6.s6_addr); j++) {
+		    if ((ifp->addr.ip6.s6_addr[j] & mask.ip6.s6_addr[j]) != addr.ip6.s6_addr[j])
+			break;
+		}
+		if (j == sizeof(addr.ip6.s6_addr))
+		    return(TRUE);
+#endif /* HAVE_IN6_ADDR */
+	}
+    }
+
+    return(FALSE);
+}
+
+/*
+ * Returns TRUE if "n" is one of our ip addresses or if
+ * "n" is a network that we are on, else returns FALSE.
+ */
+int
+addr_matches(n)
+    char *n;
+{
+    char *m;
+    int retval;
+
+    /* If there's an explicit netmask, use it. */
+    if ((m = strchr(n, '/'))) {
+	*m++ = '\0';
+	retval = addr_matches_if_netmask(n, m);
+	*(m - 1) = '/';
+    } else
+	retval = addr_matches_if(n);
+
+    return(retval);
+}
+
+/*
+ * Returns TRUE if the hostname matches the pattern, else FALSE
+ */
+int
+hostname_matches(shost, lhost, pattern)
+    char *shost;
+    char *lhost;
+    char *pattern;
+{
+    if (has_meta(pattern)) {
+	if (strchr(pattern, '.'))
+	    return(!fnmatch(pattern, lhost, FNM_CASEFOLD));
+	else
+	    return(!fnmatch(pattern, shost, FNM_CASEFOLD));
+    } else {
+	if (strchr(pattern, '.'))
+	    return(!strcasecmp(lhost, pattern));
+	else
+	    return(!strcasecmp(shost, pattern));
+    }
+}
+
+/*
+ *  Returns TRUE if the user/uid from sudoers matches the specified user/uid,
+ *  else returns FALSE.
+ */
+int
+userpw_matches(sudoers_user, user, pw)
+    char *sudoers_user;
+    char *user;
+    struct passwd *pw;
+{
+    if (pw != NULL && *sudoers_user == '#') {
+	uid_t uid = (uid_t) atoi(sudoers_user + 1);
+	if (uid == pw->pw_uid)
+	    return(TRUE);
+    }
+    return(strcmp(sudoers_user, user) == 0);
+}
+
+/*
+ *  Returns TRUE if the group/gid from sudoers matches the specified group/gid,
+ *  else returns FALSE.
+ */
+int
+group_matches(sudoers_group, gr)
+    char *sudoers_group;
+    struct group *gr;
+{
+    if (*sudoers_group == '#') {
+	gid_t gid = (gid_t) atoi(sudoers_group + 1);
+	if (gid == gr->gr_gid)
+	    return(TRUE);
+    }
+    return(strcmp(gr->gr_name, sudoers_group) == 0);
+}
+
+/*
+ *  Returns TRUE if the given user belongs to the named group,
+ *  else returns FALSE.
+ */
+int
+usergr_matches(group, user, pw)
+    char *group;
+    char *user;
+    struct passwd *pw;
+{
+    /* make sure we have a valid usergroup, sudo style */
+    if (*group++ != '%')
+	return(FALSE);
+
+#ifdef USING_NONUNIX_GROUPS
+    if (*group == ':')
+	return(sudo_nonunix_groupcheck(++group, user, pw));   
+#endif /* USING_NONUNIX_GROUPS */
+
+    /* look up user's primary gid in the passwd file */
+    if (pw == NULL && (pw = sudo_getpwnam(user)) == NULL)
+	return(FALSE);
+
+    if (user_in_group(pw, group))
+	return(TRUE);
+
+#ifdef USING_NONUNIX_GROUPS
+    /* not a Unix group, could be an AD group */
+    if (sudo_nonunix_groupcheck_available() &&
+	sudo_nonunix_groupcheck(group, user, pw))
+    	return(TRUE);
+#endif /* USING_NONUNIX_GROUPS */
+
+    return(FALSE);
+}
+
+/*
+ * Returns TRUE if "host" and "user" belong to the netgroup "netgr",
+ * else return FALSE.  Either of "host", "shost" or "user" may be NULL
+ * in which case that argument is not checked...
+ *
+ * XXX - swap order of host & shost
+ */
+int
+netgr_matches(netgr, lhost, shost, user)
+    char *netgr;
+    char *lhost;
+    char *shost;
+    char *user;
+{
+    static char *domain;
+#ifdef HAVE_GETDOMAINNAME
+    static int initialized;
+#endif
+
+    /* make sure we have a valid netgroup, sudo style */
+    if (*netgr++ != '+')
+	return(FALSE);
+
+#ifdef HAVE_GETDOMAINNAME
+    /* get the domain name (if any) */
+    if (!initialized) {
+	domain = (char *) emalloc(MAXHOSTNAMELEN + 1);
+	if (getdomainname(domain, MAXHOSTNAMELEN + 1) == -1 || *domain == '\0') {
+	    efree(domain);
+	    domain = NULL;
+	}
+	initialized = 1;
+    }
+#endif /* HAVE_GETDOMAINNAME */
+
+#ifdef HAVE_INNETGR
+    if (innetgr(netgr, lhost, user, domain))
+	return(TRUE);
+    else if (lhost != shost && innetgr(netgr, shost, user, domain))
+	return(TRUE);
+#endif /* HAVE_INNETGR */
+
+    return(FALSE);
+}
diff --git a/sudo-1.7.4p4/memrchr.c b/sudo-1.7.4p4/memrchr.c
new file mode 100644
index 0000000..35e07de
--- /dev/null
+++ b/sudo-1.7.4p4/memrchr.c
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2007 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+#include <config.h>
+#include <compat.h>
+
+/*
+ * Reverse memchr()
+ * Find the last occurrence of 'c' in the buffer 's' of size 'n'.
+ */
+void *
+memrchr(s, c, n)
+    const void *s;
+    int c;
+    size_t n;
+{
+    const unsigned char *cp;
+
+    if (n != 0) {
+	cp = (unsigned char *)s + n;
+	do {
+	    if (*(--cp) == (unsigned char)c)
+		return((void *)cp);
+	} while (--n != 0);
+    }
+    return((void *)0);
+}
diff --git a/sudo-1.7.4p4/missing.h b/sudo-1.7.4p4/missing.h
new file mode 100644
index 0000000..749323a
--- /dev/null
+++ b/sudo-1.7.4p4/missing.h
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_MISSING_H
+#define _SUDO_MISSING_H
+
+#ifdef __STDC__
+# include <stdarg.h>
+#else
+# include <varargs.h>
+#endif
+
+/* Functions "missing" from libc. */
+
+struct timeval;
+struct timespec;
+
+#ifndef HAVE_CLOSEFROM
+void closefrom		__P((int));
+#endif
+#ifndef HAVE_GETCWD
+char *getcwd		__P((char *, size_t size));
+#endif
+#ifndef HAVE_GETLINE
+ssize_t getline		__P((char **, size_t *, FILE *));
+#endif
+#ifndef HAVE_UTIMES
+int utimes		__P((const char *, const struct timeval *));
+#endif
+#ifdef HAVE_FUTIME
+int futimes		__P((int, const struct timeval *));
+#endif
+#ifndef HAVE_SNPRINTF
+int snprintf		__P((char *, size_t, const char *, ...))
+			    __printflike(3, 4);
+#endif
+#ifndef HAVE_VSNPRINTF
+int vsnprintf		__P((char *, size_t, const char *, va_list))
+			    __printflike(3, 0);
+#endif
+#ifndef HAVE_ASPRINTF
+int asprintf		__P((char **, const char *, ...))
+			    __printflike(2, 3);
+#endif
+#ifndef HAVE_VASPRINTF
+int vasprintf		__P((char **, const char *, va_list))
+			    __printflike(2, 0);
+#endif
+#ifndef HAVE_STRCASECMP
+int strcasecmp		__P((const char *, const char *));
+#endif
+#ifndef HAVE_STRLCAT
+size_t strlcat		__P((char *, const char *, size_t));
+#endif
+#ifndef HAVE_STRLCPY
+size_t strlcpy		__P((char *, const char *, size_t));
+#endif
+#ifndef HAVE_MEMRCHR
+void *memrchr		__P((const void *, int, size_t));
+#endif
+#ifndef HAVE_MKSTEMPS
+int mkstemps		__P((char *, int));
+#endif
+#ifndef HAVE_NANOSLEEP
+int nanosleep		__P((const struct timespec *, struct timespec *));
+#endif
+#ifndef HAVE_SETENV
+int setenv		__P((const char *, const char *, int));
+#endif
+#ifndef HAVE_UNSETENV
+int unsetenv		__P((const char *));
+#endif
+#ifndef HAVE_STRSIGNAL
+char *strsignal		__P((int));
+#endif
+#ifndef HAVE_SETSID
+pid_t setsid		__P((void));
+#endif
+
+#endif /* _SUDO_MISSING_H */
diff --git a/sudo-1.7.4p4/mkdefaults b/sudo-1.7.4p4/mkdefaults
new file mode 100755
index 0000000..90f3b0c
--- /dev/null
+++ b/sudo-1.7.4p4/mkdefaults
@@ -0,0 +1,155 @@
+#!/usr/bin/perl -w
+#
+# Generate sudo_defs_table and associated defines
+#
+# Input should be formatted thusly:
+#
+# var_name
+#	TYPE
+#	description (or NULL)
+#	array of struct def_values if TYPE == T_TUPLE
+
+# Deal with optional -o (output) argument
+if ($#ARGV > 0 && $ARGV[0] eq "-o") {
+    shift;
+    $header = $cfile = shift;
+    $header .= '.h';
+    $cfile .= '.c';
+}
+die "usage: $0 [input_file]\n" unless $#ARGV == -1 || $#ARGV == 0;
+
+$infile = $ARGV[0] || "def_data.in";
+if (!defined($header)) {
+    $header = $infile;
+    $header =~ s/(\.in)?$/.h/;
+}
+if (!defined($cfile)) {
+    $cfile = $infile;
+    $cfile =~ s/(\.in)?$/.c/;
+}
+
+open(IN, "<$infile") || die "$0: can't open $infile: $!\n";
+open(HEADER, ">$header") || die "$0: can't open $header: $!\n";
+open(CFILE, ">$cfile") || die "$0: can't open $cfile: $!\n";
+
+$count = 0;
+@tuple_values = ( "never" );
+@records = ();
+while(<IN>) {
+    chomp;
+    s/\s*#.*$//;
+    next if /^\s*$/;
+
+    if (/^\S/) {
+	# Store previous record and begin new one
+	$records[$count++] = [$var, $type, $desc, $values, $callback] if defined($var);
+
+	$var = $_;
+	$type = '';
+	$desc = undef;
+	$values = undef;
+	$callback = undef;
+	$field = 0;
+    } else {
+	$field++;
+	s/^\s+//;
+	s/\s+$//;
+	if ($field == 1) {
+	    # type
+	    $type = $_;
+	} elsif ($field == 2) {
+	    # description
+	    if ($_ eq "NULL") {
+		$desc = "NULL";
+	    } else {
+		# Strip leading and trailing double quote and escape the rest
+		s/^"//;
+		s/"$//;
+		s/"/\\"/g;
+		$desc = "\"$_\"";
+	    }
+	} elsif ($field == 3 || $field == 4) {
+	    if (s/^\*//) {
+		$callback = $_;
+	    } else {
+		die "$0: syntax error near line $.\n" if $type !~ /^T_TUPLE/;
+		$values = [ split ];
+		foreach $v (@$values) {
+		    push(@tuple_values, $v) unless grep(/^$v$/, @tuple_values);
+		}
+	    }
+	} else {
+	    die "$0: syntax error near line $.\n";
+	}
+    }
+}
+$records[$count++] = [$var, $type, $desc, $values, $callback] if defined($var);
+
+# Print out value arrays
+for ($i = 0; $i < $count; $i++) {
+    if (defined($records[$i]->[3])) {
+	die "Values list specified for non-tupple\n" unless
+	    $records[$i]->[1] =~ /^T_TUPLE/;
+	printf CFILE "static struct def_values def_data_%s[] = {\n", $records[$i]->[0];
+	foreach (@{$records[$i]->[3]}) {
+	    print CFILE "    { \"$_\", $_ },\n";
+	}
+	print CFILE "    { NULL, 0 },\n";
+	print CFILE "};\n\n";
+    }
+}
+
+# Print each record
+print CFILE "struct sudo_defs_types sudo_defs_table[] = {\n    {\n";
+for ($i = 0; $i < $count; $i++) {
+    &print_record($records[$i], $i);
+}
+print CFILE "\tNULL, 0, NULL\n    }\n};\n";
+
+# Print out def_tuple
+if (@tuple_values) {
+    print HEADER "\nenum def_tupple {\n";
+    for ($i = 0; $i <= $#tuple_values; $i++) {
+	printf HEADER "\t%s%s\n", $tuple_values[$i],
+	    $i != $#tuple_values ? "," : "";
+    }
+    print HEADER "};\n";
+}
+
+close(IN);
+close(HEADER);
+close(CFILE);
+
+sub print_record {
+    my ($rec, $recnum) = @_;
+    my ($i, $v, $defname);
+    # each variable gets a macro to access its value
+    for ($rec->[1]) {
+	if    (/^T_U?INT/)  { $v = "ival"; }
+	elsif (/^T_STR/)    { $v = "str"; }
+	elsif (/^T_FLAG/)   { $v = "flag"; }
+	elsif (/^T_MODE/)   { $v = "mode"; }
+	elsif (/^T_LIST/)   { $v = "list"; }
+	elsif (/^T_LOGFAC/) { $v = "ival"; }
+	elsif (/^T_LOGPRI/) { $v = "ival"; }
+	elsif (/^T_TUPLE/)  { $v = "tuple"; }
+	elsif (/^T_FLOAT/)  { $v = "fval"; }
+	else { die "$0: unknown defaults type: $_\n"; }
+    }
+    printf HEADER "#define %-23s (sudo_defs_table[$recnum].sd_un.${v})\n",
+	"def_$rec->[0]";
+
+    $defname = "I_" . uc($rec->[0]);
+    printf HEADER "#define %-24s%d", $defname, $recnum;
+    #print HEADER "\t/* $rec->[2] */" if defined($rec->[2]);
+    print HEADER "\n";
+
+    print CFILE "\t\"$rec->[0]\", $rec->[1],\n\t$rec->[2],\n";
+    if (defined($rec->[3])) {
+	printf CFILE "\tdef_data_$rec->[0],\n";
+    } else {
+	printf CFILE "\tNULL,\n";
+    }
+    printf CFILE "\t$rec->[4],\n" if defined($rec->[4]);
+    print CFILE "    }, {\n";
+}
diff --git a/sudo-1.7.4p4/mkinstalldirs b/sudo-1.7.4p4/mkinstalldirs
new file mode 100755
index 0000000..0330343
--- /dev/null
+++ b/sudo-1.7.4p4/mkinstalldirs
@@ -0,0 +1,84 @@
+#! /bin/sh
+# mkinstalldirs --- make directory hierarchy
+# Author: Noah Friedman <friedman@prep.ai.mit.edu>
+# Created: 1993-05-16
+# Public domain
+
+umask 022
+errstatus=0
+dirmode=""
+
+usage="\
+Usage: mkinstalldirs [-h] [--help] [-m mode] dir ..."
+
+# process command line arguments
+while test $# -gt 0 ; do
+  case $1 in
+    -h | --help | --h*)         # -h for help
+      echo "$usage" 1>&2
+      exit 0
+      ;;
+    -m)                         # -m PERM arg
+      shift
+      test $# -eq 0 && { echo "$usage" 1>&2; exit 1; }
+      dirmode=$1
+      shift
+      ;;
+    --)                         # stop option processing
+      shift
+      break
+      ;;
+    -*)                         # unknown option
+      echo "$usage" 1>&2
+      exit 1
+      ;;
+    *)                          # first non-opt arg
+      break
+      ;;
+  esac
+done
+
+for file
+do
+  set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
+  shift
+
+  pathcomp=
+  for d
+  do
+    pathcomp="$pathcomp$d"
+    case $pathcomp in
+      -*) pathcomp=./$pathcomp ;;
+    esac
+
+    if test ! -d "$pathcomp"; then
+      echo "mkdir $pathcomp"
+
+      mkdir "$pathcomp" || lasterr=$?
+
+      if test ! -d "$pathcomp"; then
+  	errstatus=$lasterr
+      else
+  	if test ! -z "$dirmode"; then
+	  echo "chmod $dirmode $pathcomp"
+    	  lasterr=""
+  	  chmod "$dirmode" "$pathcomp" || lasterr=$?
+
+  	  if test ! -z "$lasterr"; then
+  	    errstatus=$lasterr
+  	  fi
+  	fi
+      fi
+    fi
+
+    pathcomp="$pathcomp/"
+  done
+done
+
+exit $errstatus
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# End:
+# mkinstalldirs ends here
diff --git a/sudo-1.7.4p4/mkpkg b/sudo-1.7.4p4/mkpkg
new file mode 100755
index 0000000..ae41356
--- /dev/null
+++ b/sudo-1.7.4p4/mkpkg
@@ -0,0 +1,213 @@
+#!/bin/sh
+#
+# Build a binary package using polypkg
+# Usage: mkpkg [--debug] [--flavor flavor] [--platform platform]
+#
+
+# Make sure IFS is set to space, tab, newline in that order.
+space=' '
+tab='	'
+nl='
+'
+IFS=" 	$nl"
+
+# Parse arguments
+usage="usage: mkpkg [--debug] [--flavor flavor] [--platform platform]"
+debug=0
+flavor=vanilla
+while test $# -gt 0; do
+    case "$1" in
+	--debug)
+	    set -x
+	    debug=1
+	    PPFLAGS="--debug${PPFLAGS+$space}${PPFLAGS}"
+	    ;;
+	--flavor=?*)
+	    flavor=`echo "$1" | sed -n 's/^--flavor=\(.*\)/\1/p'`
+	    PPVARS="${PPVARS}${PPVARS+$space}flavor=$flavor"
+	    ;;
+	--flavor)
+	    if [ $# -lt 2 ]; then
+		echo "$usage" 1>&2
+		exit 1
+	    fi
+	    flavor="$2"
+	    PPVARS="${PPVARS}${PPVARS+$space}flavor=$flavor"
+	    shift
+	    ;;
+	--platform=?*)
+	    arg=`echo "$1" | sed -n 's/^--platform=\(.*\)/\1/p'`
+	    PPFLAGS="${PPFLAGS}${PPFLAGS+$space}--platform $arg"
+	    ;;
+	--platform)
+	    if [ $# -lt 2 ]; then
+		echo "$usage" 1>&2
+		exit 1
+	    fi
+	    PPFLAGS="${PPFLAGS}${PPFLAGS+$space}--platform $2"
+	    shift
+	    ;;
+	*)
+	    # Pass unknown options to configure
+	    configure_opts="${configure_opts}${configure_opts+$tab}$1"
+	    ;;
+    esac
+    shift
+done
+
+top_srcdir=`dirname $0`
+
+platform=`$top_srcdir/pp --probe` || exit 1
+osrelease=`echo "$platform" | sed -e 's/^[^0-9]*//' -e 's/-.*$//'`
+
+# Default paths
+prefix=/usr/local
+
+# Linux distros may build binaries as pie files.
+# This is really something libtool should figure out, but it does not.
+case "$platform" in
+    *-s390*|*-sparc*|*-alpha*)
+	F_PIE=-fPIE
+	;;
+    *)
+	F_PIE=-fpie
+	;;
+esac
+
+# Choose compiler options by platform.
+case "$platform" in
+    hpux*)
+	# Use the HP ANSI C compiler on HP-UX if possible
+	if [ -z "$CC" -a -x /opt/ansic/bin/cc ]; then
+	    CC=/opt/ansic/bin/cc; export CC
+	    if [ -z "$CFLAGS" ]; then
+		CFLAGS=-O; export CFLAGS
+	    fi
+	else
+	    configure_opts="${configure_opts}${configure_opts+$tab}--disable-zlib"
+	fi
+	;;
+esac
+
+# Choose configure options by platform.
+# We use the same configure options as vendor packages when possible.
+case "$platform" in
+    centos*|rhel*)
+	prefix=/usr
+	if [ $osrelease -ge 50 ]; then
+	    # RHEL 5 and up build pies and have audit support
+	    export CFLAGS="$F_PIE" LDFLAGS="-pie"
+	    configure_opts="${configure_opts}${configure_opts+$tab}--with-linux-audit"
+	fi
+	# Note, must indent with tabs, not spaces due to IFS trickery
+	configure_opts="$configure_opts
+		--prefix=$prefix
+		--with-logging=syslog
+		--with-logfac=authpriv
+		--with-pam
+		--with-pam-login
+		--enable-zlib
+		--with-editor=/bin/vi
+		--with-env-editor
+		--with-ignore-dot
+		--with-tty-tickets
+		--with-ldap
+		--with-selinux
+		--with-passprompt=[sudo] password for %p: "
+	;;
+    sles*)
+	prefix=/usr
+	if [ $osrelease -ge 10 ]; then
+	    # SLES 10 and higher build pies
+	    export CFLAGS="$F_PIE" LDFLAGS="-pie"
+	    if [ $osrelease -ge 11 ]; then
+		# SLES 11 and higher has SELinux
+		configure_opts="${configure_opts}${configure_opts+$tab}--with-selinux"
+	    fi
+	fi
+	# SuSE doesn't have /usr/libexec
+	case "$platform" in
+	    *64*)	libexec=lib64;;
+	    *)		libexec=lib;;
+	esac
+	# Note, must indent with tabs, not spaces due to IFS trickery
+	# XXX - SuSE uses secure path but only for env_reset
+	configure_opts="$configure_opts
+		--prefix=$prefix
+		--libexecdir=$prefix/$libexec/sudo
+		--with-logging=syslog
+		--with-logfac=auth
+		--with-all-insults
+		--with-ignore-dot
+		--with-tty-tickets
+		--enable-shell-sets-home
+		--with-sudoers-mode=0440
+		--with-pam
+		--enable-zlib
+		--with-ldap
+		--with-env-editor
+		--with-passprompt=%p\'s password: "
+
+	make_opts='docdir=$(datarootdir)/doc/packages/$(PACKAGE_TARNAME)'
+	;;
+    deb*|ubu*)
+	prefix=/usr
+	# If Ubuntu, add --enable-admin-flag
+	case "$platform" in
+	    ubu*)
+		configure_opts="${configure_opts}${configure_opts+$tab}--enable-admin-flag${tab}--without-lecture"
+		;;
+	esac
+	# Note, must indent with tabs, not spaces due to IFS trickery
+	if test "$flavor" = "ldap"; then
+	    configure_opts="${configure_opts}${configure_opts+$tab}--with-ldap
+		--with-ldap-conf-file=/etc/sudo-ldap.conf"
+	fi
+	configure_opts="$configure_opts
+		--prefix=/usr
+		--with-all-insults
+		--with-exempt=sudo
+		--with-pam
+		--enable-zlib
+		--with-fqdn
+		--with-logging=syslog
+		--with-logfac=authpriv
+		--with-env-editor
+		--with-editor=/usr/bin/editor
+		--with-timeout=15
+		--with-password-timeout=0
+		--with-passprompt=[sudo] password for %p: 
+		--with-timedir=/var/lib/sudo
+		--disable-root-mailer
+		--disable-setresuid
+		--with-sendmail=/usr/sbin/sendmail
+		--mandir=/usr/share/man
+		--libexecdir=/usr/lib/sudo
+		--with-secure-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
+	;;
+    *)
+	if test "$flavor" = "ldap"; then
+	    configure_opts="${configure_opts}${configure_opts+$tab}--with-ldap"
+	fi
+	# Note, must indent with tabs, not spaces due to IFS trickery
+	configure_opts="$configure_opts
+		--prefix=$prefix
+		--with-insults=disabled
+		--with-logging=syslog
+		--with-logfac=auth
+		--with-editor=/usr/bin/vim:/usr/bin/vi:/bin/vi
+		--with-env-editor"
+	;;
+esac
+
+# Remove spaces from IFS when setting $@ so that passprompt may include them
+OIFS="$IFS"
+IFS="	$nl"
+set -- $configure_opts $extra_opts
+IFS="$OIFS"
+if [ -r Makefile ]; then
+    make $make_opts distclean
+fi
+$top_srcdir/configure "$@" || exit 1
+make $make_opts && make $make_opts PPFLAGS="$PPFLAGS" PPVARS="$PPVARS" package
+test $debug -eq 0 && rm -rf destdir
diff --git a/sudo-1.7.4p4/mksiglist.c b/sudo-1.7.4p4/mksiglist.c
new file mode 100644
index 0000000..09b1414
--- /dev/null
+++ b/sudo-1.7.4p4/mksiglist.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+
+#include <config.h>
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#include <signal.h>
+
+#include <compat.h>
+
+int
+main(argc, argv)
+    int argc;
+    char *argv[];
+{
+    static char *my_sys_siglist[NSIG];
+    int i;
+
+#include "mksiglist.h"
+
+    printf("#include <config.h>\n");
+    printf("#include <signal.h>\n");
+    printf("#include <compat.h>\n\n");
+    printf("const char *const my_sys_siglist[NSIG] = {\n");
+    for (i = 0; i < NSIG; i++) {
+	if (my_sys_siglist[i] != NULL) {
+	    printf("    \"%s\",\n", my_sys_siglist[i]);
+	} else {
+	    printf("    \"Signal %d\",\n", i);
+	}
+    }
+    printf("};\n");
+
+    exit(0);
+}
diff --git a/sudo-1.7.4p4/mksiglist.h b/sudo-1.7.4p4/mksiglist.h
new file mode 100644
index 0000000..f9f3294
--- /dev/null
+++ b/sudo-1.7.4p4/mksiglist.h
@@ -0,0 +1,174 @@
+/* public domain */
+
+#ifdef SIGHUP
+    if (my_sys_siglist[SIGHUP] == NULL)
+	my_sys_siglist[SIGHUP] = "Hangup";
+#endif
+#ifdef SIGINT
+    if (my_sys_siglist[SIGINT] == NULL)
+	my_sys_siglist[SIGINT] = "Interrupt";
+#endif
+#ifdef SIGQUIT
+    if (my_sys_siglist[SIGQUIT] == NULL)
+	my_sys_siglist[SIGQUIT] = "Quit";
+#endif
+#ifdef SIGILL
+    if (my_sys_siglist[SIGILL] == NULL)
+	my_sys_siglist[SIGILL] = "Illegal instruction";
+#endif
+#ifdef SIGTRAP
+    if (my_sys_siglist[SIGTRAP] == NULL)
+	my_sys_siglist[SIGTRAP] = "Trace trap";
+#endif
+#ifdef SIGABRT
+    if (my_sys_siglist[SIGABRT] == NULL)
+	my_sys_siglist[SIGABRT] = "Abort";
+#endif
+#ifdef SIGIOT
+    if (my_sys_siglist[SIGIOT] == NULL)
+	my_sys_siglist[SIGIOT] = "IOT instruction";
+#endif
+#ifdef SIGEMT
+    if (my_sys_siglist[SIGEMT] == NULL)
+	my_sys_siglist[SIGEMT] = "EMT trap";
+#endif
+#ifdef SIGFPE
+    if (my_sys_siglist[SIGFPE] == NULL)
+	my_sys_siglist[SIGFPE] = "Floating point exception";
+#endif
+#ifdef SIGKILL
+    if (my_sys_siglist[SIGKILL] == NULL)
+	my_sys_siglist[SIGKILL] = "Killed";
+#endif
+#ifdef SIGUNUSED
+    if (my_sys_siglist[SIGUNUSED] == NULL)
+	my_sys_siglist[SIGUNUSED] = "Unused";
+#endif
+#ifdef SIGBUS
+    if (my_sys_siglist[SIGBUS] == NULL)
+	my_sys_siglist[SIGBUS] = "Bus error";
+#endif
+#ifdef SIGSEGV
+    if (my_sys_siglist[SIGSEGV] == NULL)
+	my_sys_siglist[SIGSEGV] = "Memory fault";
+#endif
+#ifdef SIGSYS
+    if (my_sys_siglist[SIGSYS] == NULL)
+	my_sys_siglist[SIGSYS] = "Bad system call";
+#endif
+#ifdef SIGPIPE
+    if (my_sys_siglist[SIGPIPE] == NULL)
+	my_sys_siglist[SIGPIPE] = "Broken pipe";
+#endif
+#ifdef SIGALRM
+    if (my_sys_siglist[SIGALRM] == NULL)
+	my_sys_siglist[SIGALRM] = "Alarm clock";
+#endif
+#ifdef SIGTERM
+    if (my_sys_siglist[SIGTERM] == NULL)
+	my_sys_siglist[SIGTERM] = "Terminated";
+#endif
+#ifdef SIGSTKFLT
+    if (my_sys_siglist[SIGSTKFLT] == NULL)
+	my_sys_siglist[SIGSTKFLT] = "Stack fault";
+#endif
+#ifdef SIGIO
+    if (my_sys_siglist[SIGIO] == NULL)
+	my_sys_siglist[SIGIO] = "I/O possible";
+#endif
+#ifdef SIGXCPU
+    if (my_sys_siglist[SIGXCPU] == NULL)
+	my_sys_siglist[SIGXCPU] = "CPU time limit exceeded";
+#endif
+#ifdef SIGXFSZ
+    if (my_sys_siglist[SIGXFSZ] == NULL)
+	my_sys_siglist[SIGXFSZ] = "File size limit exceeded";
+#endif
+#ifdef SIGVTALRM
+    if (my_sys_siglist[SIGVTALRM] == NULL)
+	my_sys_siglist[SIGVTALRM] = "Virtual timer expired";
+#endif
+#ifdef SIGPROF
+    if (my_sys_siglist[SIGPROF] == NULL)
+	my_sys_siglist[SIGPROF] = "Profiling timer expired";
+#endif
+#ifdef SIGWINCH
+    if (my_sys_siglist[SIGWINCH] == NULL)
+	my_sys_siglist[SIGWINCH] = "Window size change";
+#endif
+#ifdef SIGLOST
+    if (my_sys_siglist[SIGLOST] == NULL)
+	my_sys_siglist[SIGLOST] = "File lock lost";
+#endif
+#ifdef SIGUSR1
+    if (my_sys_siglist[SIGUSR1] == NULL)
+	my_sys_siglist[SIGUSR1] = "User defined signal 1";
+#endif
+#ifdef SIGUSR2
+    if (my_sys_siglist[SIGUSR2] == NULL)
+	my_sys_siglist[SIGUSR2] = "User defined signal 2";
+#endif
+#ifdef SIGPWR
+    if (my_sys_siglist[SIGPWR] == NULL)
+	my_sys_siglist[SIGPWR] = "Power-fail/Restart";
+#endif
+#ifdef SIGPOLL
+    if (my_sys_siglist[SIGPOLL] == NULL)
+	my_sys_siglist[SIGPOLL] = "Pollable event occurred";
+#endif
+#ifdef SIGSTOP
+    if (my_sys_siglist[SIGSTOP] == NULL)
+	my_sys_siglist[SIGSTOP] = "Stopped (signal)";
+#endif
+#ifdef SIGTSTP
+    if (my_sys_siglist[SIGTSTP] == NULL)
+	my_sys_siglist[SIGTSTP] = "Stopped";
+#endif
+#ifdef SIGCONT
+    if (my_sys_siglist[SIGCONT] == NULL)
+	my_sys_siglist[SIGCONT] = "Continued";
+#endif
+#ifdef SIGCHLD
+    if (my_sys_siglist[SIGCHLD] == NULL)
+	my_sys_siglist[SIGCHLD] = "Child exited";
+#endif
+#ifdef SIGCLD
+    if (my_sys_siglist[SIGCLD] == NULL)
+	my_sys_siglist[SIGCLD] = "Child exited";
+#endif
+#ifdef SIGTTIN
+    if (my_sys_siglist[SIGTTIN] == NULL)
+	my_sys_siglist[SIGTTIN] = "Stopped (tty input)";
+#endif
+#ifdef SIGTTOU
+    if (my_sys_siglist[SIGTTOU] == NULL)
+	my_sys_siglist[SIGTTOU] = "Stopped (tty output)";
+#endif
+#ifdef SIGINFO
+    if (my_sys_siglist[SIGINFO] == NULL)
+	my_sys_siglist[SIGINFO] = "Information request";
+#endif
+#ifdef SIGURG
+    if (my_sys_siglist[SIGURG] == NULL)
+	my_sys_siglist[SIGURG] = "Urgent I/O condition";
+#endif
+#ifdef SIGWAITING
+    if (my_sys_siglist[SIGWAITING] == NULL)
+	my_sys_siglist[SIGWAITING] = "No runnable LWPs";
+#endif
+#ifdef SIGLWP
+    if (my_sys_siglist[SIGLWP] == NULL)
+	my_sys_siglist[SIGLWP] = "Inter-LWP signal";
+#endif
+#ifdef SIGFREEZE
+    if (my_sys_siglist[SIGFREEZE] == NULL)
+	my_sys_siglist[SIGFREEZE] = "Checkpoint freeze";
+#endif
+#ifdef SIGTHAW
+    if (my_sys_siglist[SIGTHAW] == NULL)
+	my_sys_siglist[SIGTHAW] = "Checkpoint thaw";
+#endif
+#ifdef SIGCANCEL
+    if (my_sys_siglist[SIGCANCEL] == NULL)
+	my_sys_siglist[SIGCANCEL] = "Thread cancellation";
+#endif
diff --git a/sudo-1.7.4p4/mkstemps.c b/sudo-1.7.4p4/mkstemps.c
new file mode 100644
index 0000000..7245f19
--- /dev/null
+++ b/sudo-1.7.4p4/mkstemps.c
@@ -0,0 +1,133 @@
+/*
+ * Copyright (c) 2001, 2003, 2004, 2008-2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "config.h"
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/stat.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <stdio.h>
+#ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+#endif /* HAVE_STDLIB_H */
+#include <ctype.h>
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+
+#include "sudo.h"
+
+static unsigned int get_random __P((void));
+static void seed_random __P((void));
+
+#define TEMPCHARS	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
+#define NUM_CHARS	(sizeof(TEMPCHARS) - 1)
+
+#ifndef INT_MAX
+#define INT_MAX	0x7fffffff
+#endif
+
+int
+mkstemps(path, slen)
+	char *path;
+	int slen;
+{
+	char *start, *cp, *ep;
+	const char *tempchars = TEMPCHARS;
+	unsigned int r, tries;
+	int fd;
+
+	for (ep = path; *ep; ep++)
+		;
+	if (path + slen >= ep) {
+		errno = EINVAL;
+		return(-1);
+	}
+	ep -= slen;
+
+	tries = 1;
+	for (start = ep; start > path && start[-1] == 'X'; start--) {
+		if (tries < INT_MAX / NUM_CHARS)
+			tries *= NUM_CHARS;
+	}
+	tries *= 2;
+
+	do {
+		for (cp = start; *cp; cp++) {
+			r = get_random() % NUM_CHARS;
+			*cp = tempchars[r];
+		}
+
+		fd = open(path, O_CREAT|O_EXCL|O_RDWR, S_IRUSR|S_IWUSR);
+		if (fd != -1 || errno != EEXIST)
+			return(fd);
+	} while (--tries);
+
+	errno = EEXIST;
+	return(-1);
+}
+
+#ifdef HAVE_RANDOM
+# define RAND		random
+# define SRAND		srandom
+# define SEED_T		unsigned int
+#else
+# ifdef HAVE_LRAND48
+#  define RAND		lrand48
+#  define SRAND		srand48
+#  define SEED_T	long
+# else
+#  define RAND		rand
+#  define SRAND		srand
+#  define SEED_T	unsigned int
+# endif
+#endif
+
+static void
+seed_random()
+{
+	SEED_T seed;
+	struct timeval tv;
+
+	/*
+	 * Seed from time of day and process id multiplied by small primes.
+	 */
+	(void) gettime(&tv);
+	seed = (tv.tv_sec % 10000) * 523 + tv.tv_usec * 13 +
+	    (getpid() % 1000) * 983;
+	SRAND(seed);
+}
+
+static unsigned int
+get_random()
+{
+	static int initialized;
+
+	if (!initialized) {
+		seed_random();
+		initialized = 1;
+	}
+
+	return(RAND() & 0xffffffff);
+}
diff --git a/sudo-1.7.4p4/nanosleep.c b/sudo-1.7.4p4/nanosleep.c
new file mode 100644
index 0000000..ae2208b
--- /dev/null
+++ b/sudo-1.7.4p4/nanosleep.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/time.h>
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif /* HAVE_SYS_SELECT_H */
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+#ifndef HAVE_TIMESPEC
+# include <emul/timespec.h>
+#endif
+#include <errno.h>
+
+#include "compat.h"
+
+int
+nanosleep(ts, rts)
+    const struct timespec *ts;
+    struct timespec *rts;
+{
+    struct timeval timeout, endtime, now;
+    int rval;
+
+    timeout.tv_sec = ts->tv_sec;
+    timeout.tv_usec = ts->tv_nsec / 1000;
+    if (rts != NULL) {
+	gettimeofday(&endtime, NULL);
+	timevaladd(&endtime, &timeout);
+    }
+    rval = select(0, NULL, NULL, NULL, &timeout);
+    if (rts != NULL && rval == -1 && errno == EINTR) {
+	gettimeofday(&now, NULL);
+	timevalsub(&endtime, &now);
+	rts->tv_sec = endtime.tv_sec;
+	rts->tv_nsec = endtime.tv_usec * 1000;
+    }
+    return(rval);
+}
diff --git a/sudo-1.7.4p4/nonunix.h b/sudo-1.7.4p4/nonunix.h
new file mode 100644
index 0000000..09de9d2
--- /dev/null
+++ b/sudo-1.7.4p4/nonunix.h
@@ -0,0 +1,46 @@
+/*
+ * (c) 2006 Quest Software, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   1. Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ *
+ *   2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ *   3. Neither the name of Quest Software, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived from this
+ *   software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#ifndef _NONUNIX_H
+#define _NONUNIX_H
+
+void
+sudo_nonunix_groupcheck_init(void);
+
+void
+sudo_nonunix_groupcheck_cleanup(void);
+
+int
+sudo_nonunix_groupcheck( const char* group, const char* user, const struct passwd* pwd );
+
+int
+sudo_nonunix_groupcheck_available(void);
+
+#endif /* _NONUNIX_H */
diff --git a/sudo-1.7.4p4/parse.c b/sudo-1.7.4p4/parse.c
new file mode 100644
index 0000000..97aba79
--- /dev/null
+++ b/sudo-1.7.4p4/parse.c
@@ -0,0 +1,685 @@
+/*
+ * Copyright (c) 2004-2005, 2007-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <ctype.h>
+#include <pwd.h>
+#include <grp.h>
+
+#include "sudo.h"
+#include "parse.h"
+#include "lbuf.h"
+#include <gram.h>
+
+/* Characters that must be quoted in sudoers */
+#define SUDOERS_QUOTED	":\\,=#\""
+
+/* sudoers nsswitch routines */
+struct sudo_nss sudo_nss_file = {
+    &sudo_nss_file,
+    NULL,
+    sudo_file_open,
+    sudo_file_close,
+    sudo_file_parse,
+    sudo_file_setdefs,
+    sudo_file_lookup,
+    sudo_file_display_cmnd,
+    sudo_file_display_defaults,
+    sudo_file_display_bound_defaults,
+    sudo_file_display_privs
+};
+
+/*
+ * Parser externs.
+ */
+extern FILE *yyin;
+extern char *errorfile;
+extern int errorlineno, parse_error;
+
+/*
+ * Local prototypes.
+ */
+static void print_member	__P((struct lbuf *, char *, int, int, int));
+static int display_bound_defaults __P((int, struct lbuf *));
+
+int
+sudo_file_open(nss)
+    struct sudo_nss *nss;
+{
+    if (def_ignore_local_sudoers)
+	return(-1);
+    nss->handle = open_sudoers(_PATH_SUDOERS, FALSE, NULL);
+    return(nss->handle ? 0 : -1);
+}
+
+int
+sudo_file_close(nss)
+    struct sudo_nss *nss;
+{
+    /* Free parser data structures and close sudoers file. */
+    init_parser(NULL, 0);
+    if (nss->handle != NULL) {
+	fclose(nss->handle);
+	nss->handle = NULL;
+	yyin = NULL;
+    }
+    return(0);
+}
+
+/*
+ * Parse the specified sudoers file.
+ */
+int
+sudo_file_parse(nss)
+    struct sudo_nss *nss;
+{
+    if (nss->handle == NULL)
+	return(-1);
+
+    init_parser(_PATH_SUDOERS, 0);
+    yyin = nss->handle;
+    if (yyparse() != 0 || parse_error) {
+	log_error(NO_EXIT, "parse error in %s near line %d",
+	    errorfile, errorlineno);
+	return(-1);
+    }
+    return(0);
+}
+
+/*
+ * Wrapper around update_defaults() for nsswitch code.
+ */
+int
+sudo_file_setdefs(nss)
+    struct sudo_nss *nss;
+{
+    if (nss->handle == NULL)
+	return(-1);
+
+    if (!update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER))
+	return(-1);
+    return(0);
+}
+
+/*
+ * Look up the user in the parsed sudoers file and check to see if they are
+ * allowed to run the specified command on this host as the target user.
+ */
+int
+sudo_file_lookup(nss, validated, pwflag)
+    struct sudo_nss *nss;
+    int validated;
+    int pwflag;
+{
+    int match, host_match, runas_match, cmnd_match;
+    struct cmndspec *cs;
+    struct cmndtag *tags = NULL;
+    struct privilege *priv;
+    struct userspec *us;
+
+    if (nss->handle == NULL)
+	return(validated);
+
+    /*
+     * Only check the actual command if pwflag is not set.
+     * It is set for the "validate", "list" and "kill" pseudo-commands.
+     * Always check the host and user.
+     */
+    if (pwflag) {
+	int nopass;
+	enum def_tupple pwcheck;
+
+	pwcheck = (pwflag == -1) ? never : sudo_defs_table[pwflag].sd_un.tuple;
+	nopass = (pwcheck == all) ? TRUE : FALSE;
+
+	if (list_pw == NULL)
+	    SET(validated, FLAG_NO_CHECK);
+	CLR(validated, FLAG_NO_USER);
+	CLR(validated, FLAG_NO_HOST);
+	match = DENY;
+	tq_foreach_fwd(&userspecs, us) {
+	    if (userlist_matches(sudo_user.pw, &us->users) != ALLOW)
+		continue;
+	    tq_foreach_fwd(&us->privileges, priv) {
+		if (hostlist_matches(&priv->hostlist) != ALLOW)
+		    continue;
+		tq_foreach_fwd(&priv->cmndlist, cs) {
+		    /* Only check the command when listing another user. */
+		    if (user_uid == 0 || list_pw == NULL ||
+			user_uid == list_pw->pw_uid ||
+			cmnd_matches(cs->cmnd) == ALLOW)
+			    match = ALLOW;
+		    if ((pwcheck == any && cs->tags.nopasswd == TRUE) ||
+			(pwcheck == all && cs->tags.nopasswd != TRUE))
+			nopass = cs->tags.nopasswd;
+		}
+	    }
+	}
+	if (match == ALLOW || user_uid == 0) {
+	    /* User has an entry for this host. */
+	    SET(validated, VALIDATE_OK);
+	} else if (match == DENY)
+	    SET(validated, VALIDATE_NOT_OK);
+	if (pwcheck == always && def_authenticate)
+	    SET(validated, FLAG_CHECK_USER);
+	else if (pwcheck == never || nopass == TRUE)
+	    def_authenticate = FALSE;
+	return(validated);
+    }
+
+    /* Need to be runas user while stat'ing things. */
+    set_perms(PERM_RUNAS);
+
+    match = UNSPEC;
+    tq_foreach_rev(&userspecs, us) {
+	if (userlist_matches(sudo_user.pw, &us->users) != ALLOW)
+	    continue;
+	CLR(validated, FLAG_NO_USER);
+	tq_foreach_rev(&us->privileges, priv) {
+	    host_match = hostlist_matches(&priv->hostlist);
+	    if (host_match == ALLOW)
+		CLR(validated, FLAG_NO_HOST);
+	    else
+		continue;
+	    tq_foreach_rev(&priv->cmndlist, cs) {
+		runas_match = runaslist_matches(&cs->runasuserlist,
+		    &cs->runasgrouplist);
+		if (runas_match == ALLOW) {
+		    cmnd_match = cmnd_matches(cs->cmnd);
+		    if (cmnd_match != UNSPEC) {
+			match = cmnd_match;
+			tags = &cs->tags;
+#ifdef HAVE_SELINUX
+			/* Set role and type if not specified on command line. */
+			if (user_role == NULL)
+			    user_role = cs->role ? estrdup(cs->role) : def_role;
+			if (user_type == NULL)
+			    user_type = cs->type ? estrdup(cs->type) : def_type;
+#endif /* HAVE_SELINUX */
+			goto matched2;
+		    }
+		}
+	    }
+	}
+    }
+    matched2:
+    if (match == ALLOW) {
+	SET(validated, VALIDATE_OK);
+	CLR(validated, VALIDATE_NOT_OK);
+	if (tags != NULL) {
+	    if (tags->nopasswd != UNSPEC)
+		def_authenticate = !tags->nopasswd;
+	    if (tags->noexec != UNSPEC)
+		def_noexec = tags->noexec;
+	    if (tags->setenv != UNSPEC)
+		def_setenv = tags->setenv;
+	    if (tags->log_input != UNSPEC)
+		def_log_input = tags->log_input;
+	    if (tags->log_output != UNSPEC)
+		def_log_output = tags->log_output;
+	}
+    } else if (match == DENY) {
+	SET(validated, VALIDATE_NOT_OK);
+	CLR(validated, VALIDATE_OK);
+    }
+    set_perms(PERM_ROOT);
+    return(validated);
+}
+
+#define	TAG_CHANGED(t) \
+	(cs->tags.t != UNSPEC && cs->tags.t != IMPLIED && cs->tags.t != tags->t)
+
+static void
+sudo_file_append_cmnd(cs, tags, lbuf)
+    struct cmndspec *cs;
+    struct cmndtag *tags;
+    struct lbuf *lbuf;
+{
+    struct member *m;
+
+#ifdef HAVE_SELINUX
+    if (cs->role)
+	lbuf_append(lbuf, "ROLE=", cs->role, " ", NULL);
+    if (cs->type)
+	lbuf_append(lbuf, "TYPE=", cs->type, " ", NULL);
+#endif /* HAVE_SELINUX */
+    if (TAG_CHANGED(setenv)) {
+	lbuf_append(lbuf, cs->tags.setenv ? "SETENV: " :
+	    "NOSETENV: ", NULL);
+	tags->setenv = cs->tags.setenv;
+    }
+    if (TAG_CHANGED(noexec)) {
+	lbuf_append(lbuf, cs->tags.noexec ? "NOEXEC: " :
+	    "EXEC: ", NULL);
+	tags->noexec = cs->tags.noexec;
+    }
+    if (TAG_CHANGED(nopasswd)) {
+	lbuf_append(lbuf, cs->tags.nopasswd ? "NOPASSWD: " :
+	    "PASSWD: ", NULL);
+	tags->nopasswd = cs->tags.nopasswd;
+    }
+    if (TAG_CHANGED(log_input)) {
+	lbuf_append(lbuf, cs->tags.log_input ? "LOG_INPUT: " :
+	    "NOLOG_INPUT: ", NULL);
+	tags->log_input = cs->tags.log_input;
+    }
+    if (TAG_CHANGED(log_output)) {
+	lbuf_append(lbuf, cs->tags.log_output ? "LOG_OUTPUT: " :
+	    "NOLOG_OUTPUT: ", NULL);
+	tags->log_output = cs->tags.log_output;
+    }
+    m = cs->cmnd;
+    print_member(lbuf, m->name, m->type, m->negated,
+	CMNDALIAS);
+}
+
+static int
+sudo_file_display_priv_short(pw, us, lbuf)
+    struct passwd *pw;
+    struct userspec *us;
+    struct lbuf *lbuf;
+{
+    struct cmndspec *cs;
+    struct member *m;
+    struct privilege *priv;
+    struct cmndtag tags;
+    int nfound = 0;
+
+    tq_foreach_fwd(&us->privileges, priv) {
+	if (hostlist_matches(&priv->hostlist) != ALLOW)
+	    continue;
+	tags.noexec = UNSPEC;
+	tags.setenv = UNSPEC;
+	tags.nopasswd = UNSPEC;
+	tags.log_input = UNSPEC;
+	tags.log_output = UNSPEC;
+	lbuf_append(lbuf, "    ", NULL);
+	tq_foreach_fwd(&priv->cmndlist, cs) {
+	    if (cs != tq_first(&priv->cmndlist))
+		lbuf_append(lbuf, ", ", NULL);
+	    lbuf_append(lbuf, "(", NULL);
+	    if (!tq_empty(&cs->runasuserlist)) {
+		tq_foreach_fwd(&cs->runasuserlist, m) {
+		    if (m != tq_first(&cs->runasuserlist))
+			lbuf_append(lbuf, ", ", NULL);
+		    print_member(lbuf, m->name, m->type, m->negated,
+			RUNASALIAS);
+		}
+	    } else if (tq_empty(&cs->runasgrouplist)) {
+		lbuf_append(lbuf, def_runas_default, NULL);
+	    } else {
+		lbuf_append(lbuf, pw->pw_name, NULL);
+	    }
+	    if (!tq_empty(&cs->runasgrouplist)) {
+		lbuf_append(lbuf, " : ", NULL);
+		tq_foreach_fwd(&cs->runasgrouplist, m) {
+		    if (m != tq_first(&cs->runasgrouplist))
+			lbuf_append(lbuf, ", ", NULL);
+		    print_member(lbuf, m->name, m->type, m->negated,
+			RUNASALIAS);
+		}
+	    }
+	    lbuf_append(lbuf, ") ", NULL);
+	    sudo_file_append_cmnd(cs, &tags, lbuf);
+	    nfound++;
+	}
+	lbuf_append(lbuf, "\n", NULL);
+    }
+    return(nfound);
+}
+
+static int
+sudo_file_display_priv_long(pw, us, lbuf)
+    struct passwd *pw;
+    struct userspec *us;
+    struct lbuf *lbuf;
+{
+    struct cmndspec *cs;
+    struct member *m;
+    struct privilege *priv;
+    struct cmndtag tags;
+    int nfound = 0;
+
+    tq_foreach_fwd(&us->privileges, priv) {
+	if (hostlist_matches(&priv->hostlist) != ALLOW)
+	    continue;
+	tags.noexec = UNSPEC;
+	tags.setenv = UNSPEC;
+	tags.nopasswd = UNSPEC;
+	tags.log_input = UNSPEC;
+	tags.log_output = UNSPEC;
+	lbuf_append(lbuf, "\nSudoers entry:\n", NULL);
+	tq_foreach_fwd(&priv->cmndlist, cs) {
+	    lbuf_append(lbuf, "    RunAsUsers: ", NULL);
+	    if (!tq_empty(&cs->runasuserlist)) {
+		tq_foreach_fwd(&cs->runasuserlist, m) {
+		    if (m != tq_first(&cs->runasuserlist))
+			lbuf_append(lbuf, ", ", NULL);
+		    print_member(lbuf, m->name, m->type, m->negated,
+			RUNASALIAS);
+		}
+	    } else if (tq_empty(&cs->runasgrouplist)) {
+		lbuf_append(lbuf, def_runas_default, NULL);
+	    } else {
+		lbuf_append(lbuf, pw->pw_name, NULL);
+	    }
+	    lbuf_append(lbuf, "\n", NULL);
+	    if (!tq_empty(&cs->runasgrouplist)) {
+		lbuf_append(lbuf, "    RunAsGroups: ", NULL);
+		tq_foreach_fwd(&cs->runasgrouplist, m) {
+		    if (m != tq_first(&cs->runasgrouplist))
+			lbuf_append(lbuf, ", ", NULL);
+		    print_member(lbuf, m->name, m->type, m->negated,
+			RUNASALIAS);
+		}
+		lbuf_append(lbuf, "\n", NULL);
+	    }
+	    lbuf_append(lbuf, "    Commands:\n\t", NULL);
+	    sudo_file_append_cmnd(cs, &tags, lbuf);
+	    lbuf_append(lbuf, "\n", NULL);
+	    nfound++;
+	}
+    }
+    return(nfound);
+}
+
+int
+sudo_file_display_privs(nss, pw, lbuf)
+    struct sudo_nss *nss;
+    struct passwd *pw;
+    struct lbuf *lbuf;
+{
+    struct userspec *us;
+    int nfound = 0;
+
+    if (nss->handle == NULL)
+	goto done;
+
+    tq_foreach_fwd(&userspecs, us) {
+	if (userlist_matches(pw, &us->users) != ALLOW)
+	    continue;
+
+	if (long_list)
+	    nfound += sudo_file_display_priv_long(pw, us, lbuf);
+	else
+	    nfound += sudo_file_display_priv_short(pw, us, lbuf);
+    }
+done:
+    return(nfound);
+}
+
+/*
+ * Display matching Defaults entries for the given user on this host.
+ */
+int
+sudo_file_display_defaults(nss, pw, lbuf)
+    struct sudo_nss *nss;
+    struct passwd *pw;
+    struct lbuf *lbuf;
+{
+    struct defaults *d;
+    char *prefix;
+    int nfound = 0;
+
+    if (nss->handle == NULL)
+	goto done;
+
+    if (lbuf->len == 0 || isspace((unsigned char)lbuf->buf[lbuf->len - 1]))
+	prefix = "    ";
+    else
+	prefix = ", ";
+
+    tq_foreach_fwd(&defaults, d) {
+	switch (d->type) {
+	    case DEFAULTS_HOST:
+		if (hostlist_matches(&d->binding) != ALLOW)
+		    continue;
+		break;
+	    case DEFAULTS_USER:
+		if (userlist_matches(pw, &d->binding) != ALLOW)
+		    continue;
+		break;
+	    case DEFAULTS_RUNAS:
+	    case DEFAULTS_CMND:
+		continue;
+	}
+	lbuf_append(lbuf, prefix, NULL);
+	if (d->val != NULL) {
+	    lbuf_append(lbuf, d->var, d->op == '+' ? "+=" :
+		d->op == '-' ? "-=" : "=", NULL);
+	    if (strpbrk(d->val, " \t") != NULL) {
+		lbuf_append(lbuf, "\"", NULL);
+		lbuf_append_quoted(lbuf, "\"", d->val, NULL);
+		lbuf_append(lbuf, "\"", NULL);
+	    } else
+		lbuf_append_quoted(lbuf, SUDOERS_QUOTED, d->val, NULL);
+	} else
+	    lbuf_append(lbuf, d->op == FALSE ? "!" : "", d->var, NULL);
+	prefix = ", ";
+	nfound++;
+    }
+done:
+    return(nfound);
+}
+
+/*
+ * Display Defaults entries that are per-runas or per-command
+ */
+int
+sudo_file_display_bound_defaults(nss, pw, lbuf)
+    struct sudo_nss *nss;
+    struct passwd *pw;
+    struct lbuf *lbuf;
+{
+    int nfound = 0;
+
+    /* XXX - should only print ones that match what the user can do. */
+    nfound += display_bound_defaults(DEFAULTS_RUNAS, lbuf);
+    nfound += display_bound_defaults(DEFAULTS_CMND, lbuf);
+
+    return(nfound);
+}
+
+/*
+ * Display Defaults entries of the given type.
+ */
+static int
+display_bound_defaults(dtype, lbuf)
+    int dtype;
+    struct lbuf *lbuf;
+{
+    struct defaults *d;
+    struct member *m, *binding = NULL;
+    char *dname, *dsep;
+    int atype, nfound = 0;
+
+    switch (dtype) {
+	case DEFAULTS_HOST:
+	    atype = HOSTALIAS;
+	    dname = "host";
+	    dsep = "@";
+	    break;
+	case DEFAULTS_USER:
+	    atype = USERALIAS;
+	    dname = "user";
+	    dsep = ":";
+	    break;
+	case DEFAULTS_RUNAS:
+	    atype = RUNASALIAS;
+	    dname = "runas";
+	    dsep = ">";
+	    break;
+	case DEFAULTS_CMND:
+	    atype = CMNDALIAS;
+	    dname = "cmnd";
+	    dsep = "!";
+	    break;
+	default:
+	    return(-1);
+    }
+    /* printf("Per-%s Defaults entries:\n", dname); */
+    tq_foreach_fwd(&defaults, d) {
+	if (d->type != dtype)
+	    continue;
+
+	nfound++;
+	if (binding != tq_first(&d->binding)) {
+	    binding = tq_first(&d->binding);
+	    if (nfound != 1)
+		lbuf_append(lbuf, "\n", NULL);
+	    lbuf_append(lbuf, "    Defaults", dsep, NULL);
+	    for (m = binding; m != NULL; m = m->next) {
+		if (m != binding)
+		    lbuf_append(lbuf, ",", NULL);
+		print_member(lbuf, m->name, m->type, m->negated, atype);
+		lbuf_append(lbuf, " ", NULL);
+	    }
+	} else
+	    lbuf_append(lbuf, ", ", NULL);
+	if (d->val != NULL) {
+	    lbuf_append(lbuf, d->var, d->op == '+' ? "+=" :
+		d->op == '-' ? "-=" : "=", d->val, NULL);
+	} else
+	    lbuf_append(lbuf, d->op == FALSE ? "!" : "", d->var, NULL);
+    }
+
+    return(nfound);
+}
+
+int
+sudo_file_display_cmnd(nss, pw)
+    struct sudo_nss *nss;
+    struct passwd *pw;
+{
+    struct cmndspec *cs;
+    struct member *match;
+    struct privilege *priv;
+    struct userspec *us;
+    int rval = 1;
+    int host_match, runas_match, cmnd_match;
+
+    if (nss->handle == NULL)
+	goto done;
+
+    match = NULL;
+    tq_foreach_rev(&userspecs, us) {
+	if (userlist_matches(pw, &us->users) != ALLOW)
+	    continue;
+
+	tq_foreach_rev(&us->privileges, priv) {
+	    host_match = hostlist_matches(&priv->hostlist);
+	    if (host_match != ALLOW)
+		continue;
+	    tq_foreach_rev(&priv->cmndlist, cs) {
+		runas_match = runaslist_matches(&cs->runasuserlist,
+		    &cs->runasgrouplist);
+		if (runas_match == ALLOW) {
+		    cmnd_match = cmnd_matches(cs->cmnd);
+		    if (cmnd_match != UNSPEC) {
+			match = host_match && runas_match ?
+			    cs->cmnd : NULL;
+			goto matched;
+		    }
+		}
+	    }
+	}
+    }
+    matched:
+    if (match != NULL && !match->negated) {
+	printf("%s%s%s\n", safe_cmnd, user_args ? " " : "",
+	    user_args ? user_args : "");
+	rval = 0;
+    }
+done:
+    return(rval);
+}
+
+/*
+ * Print the contents of a struct member to stdout
+ */
+static void
+_print_member(lbuf, name, type, negated, alias_type)
+    struct lbuf *lbuf;
+    char *name;
+    int type, negated, alias_type;
+{
+    struct alias *a;
+    struct member *m;
+    struct sudo_command *c;
+
+    switch (type) {
+	case ALL:
+	    lbuf_append(lbuf, negated ? "!ALL" : "ALL", NULL);
+	    break;
+	case COMMAND:
+	    c = (struct sudo_command *) name;
+	    if (negated)
+		lbuf_append(lbuf, "!", NULL);
+	    lbuf_append_quoted(lbuf, SUDOERS_QUOTED, c->cmnd, NULL);
+	    if (c->args) {
+		lbuf_append(lbuf, " ", NULL);
+		lbuf_append_quoted(lbuf, SUDOERS_QUOTED, c->args, NULL);
+	    }
+	    break;
+	case ALIAS:
+	    if ((a = alias_find(name, alias_type)) != NULL) {
+		tq_foreach_fwd(&a->members, m) {
+		    if (m != tq_first(&a->members))
+			lbuf_append(lbuf, ", ", NULL);
+		    _print_member(lbuf, m->name, m->type,
+			negated ? !m->negated : m->negated, alias_type);
+		}
+		break;
+	    }
+	    /* FALLTHROUGH */
+	default:
+	    lbuf_append(lbuf, negated ? "!" : "", name, NULL);
+	    break;
+    }
+}
+
+static void
+print_member(lbuf, name, type, negated, alias_type)
+    struct lbuf *lbuf;
+    char *name;
+    int type, negated, alias_type;
+{
+    alias_seqno++;
+    _print_member(lbuf, name, type, negated, alias_type);
+}
diff --git a/sudo-1.7.4p4/parse.h b/sudo-1.7.4p4/parse.h
new file mode 100644
index 0000000..90595bf
--- /dev/null
+++ b/sudo-1.7.4p4/parse.h
@@ -0,0 +1,191 @@
+/*
+ * Copyright (c) 1996, 1998-2000, 2004, 2007-2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_PARSE_H
+#define _SUDO_PARSE_H
+
+#undef UNSPEC
+#define UNSPEC	-1
+#undef DENY
+#define DENY	 0
+#undef ALLOW
+#define ALLOW	 1
+#undef IMPLIED
+#define IMPLIED	 2
+
+/*
+ * A command with args. XXX - merge into struct member.
+ */
+struct sudo_command {
+    char *cmnd;
+    char *args;
+};
+
+/*
+ * Tags associated with a command.
+ * Possible valus: TRUE, FALSE, UNSPEC.
+ */
+struct cmndtag {
+    __signed int nopasswd: 3;
+    __signed int noexec: 3;
+    __signed int setenv: 3;
+    __signed int log_input: 3;
+    __signed int log_output: 3;
+};
+
+/*
+ * SELinux-specific container struct.
+ * Currently just contains a role and type.
+ */
+struct selinux_info {
+    char *role;
+    char *type;
+};
+
+/*
+ * The parses sudoers file is stored as a collection of linked lists,
+ * modelled after the yacc grammar.
+ *
+ * Other than the alias struct, which is stored in a red-black tree,
+ * the data structure used is basically a doubly-linked tail queue without
+ * a separate head struct--the first entry acts as the head where the prev
+ * pointer does double duty as the tail pointer.  This makes it possible
+ * to trivally append sub-lists.  In addition, the prev pointer is always
+ * valid (even if it points to itself).  Unlike a circle queue, the next
+ * pointer of the last entry is NULL and does not point back to the head.
+ *
+ * Note that each list struct must contain a "prev" and "next" pointer as
+ * the first two members of the struct (in that order).
+ */
+
+/*
+ * Tail queue list head structure.
+ */
+TQ_DECLARE(defaults)
+TQ_DECLARE(userspec)
+TQ_DECLARE(member)
+TQ_DECLARE(privilege)
+TQ_DECLARE(cmndspec)
+
+/*
+ * Structure describing a user specification and list thereof.
+ */
+struct userspec {
+    struct userspec *prev, *next;
+    struct member_list users;		/* list of users */
+    struct privilege_list privileges;	/* list of privileges */
+};
+
+/*
+ * Structure describing a privilege specification.
+ */
+struct privilege {
+    struct privilege *prev, *next;
+    struct member_list hostlist;	/* list of hosts */
+    struct cmndspec_list cmndlist;	/* list of Cmnd_Specs */
+};
+
+/*
+ * Structure describing a linked list of Cmnd_Specs.
+ */
+struct cmndspec {
+    struct cmndspec *prev, *next;
+    struct member_list runasuserlist;	/* list of runas users */
+    struct member_list runasgrouplist;	/* list of runas groups */
+    struct member *cmnd;		/* command to allow/deny */
+    struct cmndtag tags;		/* tag specificaion */
+#ifdef HAVE_SELINUX
+    char *role, *type;			/* SELinux role and type */
+#endif
+};
+
+/*
+ * Generic structure to hold users, hosts, commands.
+ */
+struct member {
+    struct member *prev, *next;
+    char *name;				/* member name */
+    short type;				/* type (see gram.h) */
+    short negated;			/* negated via '!'? */
+};
+
+struct runascontainer {
+    struct member *runasusers;
+    struct member *runasgroups;
+};
+
+/*
+ * Generic structure to hold {User,Host,Runas,Cmnd}_Alias
+ * Aliases are stored in a red-black tree, sorted by name and type.
+ */
+struct alias {
+    char *name;				/* alias name */
+    unsigned short type;		/* {USER,HOST,RUNAS,CMND}ALIAS */
+    unsigned short seqno;		/* sequence number */
+    struct member_list members;		/* list of alias members */
+};
+
+/*
+ * Structure describing a Defaults entry and a list thereof.
+ */
+struct defaults {
+    struct defaults *prev, *next;
+    char *var;				/* variable name */
+    char *val;				/* variable value */
+    struct member_list binding;		/* user/host/runas binding */
+    int type;				/* DEFAULTS{,_USER,_RUNAS,_HOST} */
+    int op;				/* TRUE, FALSE, '+', '-' */
+};
+
+/*
+ * Parsed sudoers info.
+ */
+extern struct userspec_list userspecs;
+extern struct defaults_list defaults;
+
+/*
+ * Alias sequence number to avoid loops.
+ */
+extern unsigned int alias_seqno;
+
+/*
+ * Prototypes
+ */
+char *alias_add		__P((char *, int, struct member *));
+int addr_matches	__P((char *));
+int cmnd_matches	__P((struct member *));
+int cmndlist_matches	__P((struct member_list *));
+int command_matches	__P((char *, char *));
+int hostlist_matches	__P((struct member_list *));
+int hostname_matches	__P((char *, char *, char *));
+int netgr_matches	__P((char *, char *, char *, char *));
+int no_aliases		__P((void));
+int runaslist_matches	__P((struct member_list *, struct member_list *));
+int userlist_matches	__P((struct passwd *, struct member_list *));
+int usergr_matches	__P((char *, char *, struct passwd *));
+int userpw_matches	__P((char *, char *, struct passwd *));
+int group_matches	__P((char *, struct group *));
+struct alias *alias_find __P((char *, int));
+struct alias *alias_remove __P((char *, int));
+void alias_free		__P((void *));
+void alias_apply	__P((int (*)(void *, void *), void *));
+void init_aliases	__P((void));
+void init_lexer		__P((void));
+void init_parser	__P((char *, int));
+int alias_compare	__P((const void *, const void *));
+
+#endif /* _SUDO_PARSE_H */
diff --git a/sudo-1.7.4p4/parse_args.c b/sudo-1.7.4p4/parse_args.c
new file mode 100644
index 0000000..3611b44
--- /dev/null
+++ b/sudo-1.7.4p4/parse_args.c
@@ -0,0 +1,366 @@
+/*
+ * Copyright (c) 1993-1996, 1998-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <grp.h>
+
+#include "sudo.h"
+#include "lbuf.h"
+#include <sudo_usage.h>
+
+/*
+ * Local functions
+ */
+static void usage_excl			__P((int))
+					    __attribute__((__noreturn__));
+
+/*
+ * For sudo.c
+ */
+extern int NewArgc;
+extern char **NewArgv;
+extern int user_closefrom;
+extern char *runas_user;
+extern char *runas_group;
+
+/* For getopt(3) */
+extern char *optarg;
+extern int optind;
+
+#ifdef HAVE_BSD_AUTH_H
+char *login_style;
+#endif /* HAVE_BSD_AUTH_H */
+
+/*
+ * Command line argument parsing.
+ * Sets NewArgc and NewArgv which corresponds to the argc/argv we'll use
+ * for the command to be run (if we are running one).
+ */
+int
+parse_args(argc, argv)
+    int argc;
+    char **argv;
+{
+    int mode = 0;		/* what mode is sudo to be run in? */
+    int flags = 0;		/* mode flags */
+    int valid_flags, ch;
+
+    /* First, check to see if we were invoked as "sudoedit". */
+    if (strcmp(getprogname(), "sudoedit") == 0)
+	mode = MODE_EDIT;
+
+    /* Returns true if the last option string was "--" */
+#define got_end_of_args	(optind > 1 && argv[optind - 1][0] == '-' && \
+	    argv[optind - 1][1] == '-' && argv[optind - 1][2] == '\0')
+
+    /* Returns true if next option is an environment variable */
+#define is_envar (optind < argc && argv[optind][0] != '/' && \
+	    strchr(argv[optind], '=') != NULL)
+
+    /* Flags allowed when running a command */
+    valid_flags = MODE_BACKGROUND|MODE_PRESERVE_ENV|MODE_RESET_HOME|
+		  MODE_LOGIN_SHELL|MODE_INVALIDATE|MODE_NONINTERACTIVE|
+		  MODE_PRESERVE_GROUPS|MODE_SHELL;
+    for (;;) {
+	/*
+	 * We disable arg permutation for GNU getopt().
+	 * Some trickiness is required to allow environment variables
+	 * to be interspersed with command line options.
+	 */
+	if ((ch = getopt(argc, argv, "+Aa:bC:c:Eeg:HhiKkLlnPp:r:Sst:U:u:Vv")) != -1) {
+	    switch (ch) {
+		case 'A':
+		    SET(tgetpass_flags, TGP_ASKPASS);
+		    break;
+#ifdef HAVE_BSD_AUTH_H
+		case 'a':
+		    login_style = optarg;
+		    break;
+#endif
+		case 'b':
+		    SET(flags, MODE_BACKGROUND);
+		    break;
+		case 'C':
+		    if ((user_closefrom = atoi(optarg)) < 3) {
+			warningx("the argument to -C must be at least 3");
+			usage(1);
+		    }
+		    break;
+#ifdef HAVE_LOGIN_CAP_H
+		case 'c':
+		    login_class = optarg;
+		    def_use_loginclass = TRUE;
+		    break;
+#endif
+		case 'E':
+		    SET(flags, MODE_PRESERVE_ENV);
+		    break;
+		case 'e':
+		    if (mode && mode != MODE_EDIT)
+			usage_excl(1);
+		    mode = MODE_EDIT;
+		    valid_flags = MODE_INVALIDATE|MODE_NONINTERACTIVE;
+		    break;
+		case 'g':
+		    runas_group = optarg;
+		    break;
+		case 'H':
+		    SET(flags, MODE_RESET_HOME);
+		    break;
+		case 'h':
+		    if (mode && mode != MODE_HELP) {
+			if (strcmp(getprogname(), "sudoedit") != 0)
+			    usage_excl(1);
+		    }
+		    mode = MODE_HELP;
+		    valid_flags = 0;
+		    break;
+		case 'i':
+		    SET(flags, MODE_LOGIN_SHELL);
+		    def_env_reset = TRUE;
+		    break;
+		case 'k':
+		    SET(flags, MODE_INVALIDATE);
+		    break;
+		case 'K':
+		    if (mode && mode != MODE_KILL)
+			usage_excl(1);
+		    mode = MODE_KILL;
+		    valid_flags = 0;
+		    break;
+		case 'L':
+		    if (mode && mode != MODE_LISTDEFS)
+			usage_excl(1);
+		    mode = MODE_LISTDEFS;
+		    valid_flags = MODE_INVALIDATE|MODE_NONINTERACTIVE;
+		    break;
+		case 'l':
+		    if (mode) {
+			if (mode == MODE_LIST)
+			    long_list = 1;
+			else
+			    usage_excl(1);
+		    }
+		    mode = MODE_LIST;
+		    valid_flags = MODE_INVALIDATE|MODE_NONINTERACTIVE;
+		    break;
+		case 'n':
+		    SET(flags, MODE_NONINTERACTIVE);
+		    break;
+		case 'P':
+		    SET(flags, MODE_PRESERVE_GROUPS);
+		    break;
+		case 'p':
+		    user_prompt = optarg;
+		    def_passprompt_override = TRUE;
+		    break;
+#ifdef HAVE_SELINUX
+		case 'r':
+		    user_role = optarg;
+		    break;
+		case 't':
+		    user_type = optarg;
+		    break;
+#endif
+		case 'S':
+		    SET(tgetpass_flags, TGP_STDIN);
+		    break;
+		case 's':
+		    SET(flags, MODE_SHELL);
+		    break;
+		case 'U':
+		    if ((list_pw = sudo_getpwnam(optarg)) == NULL)
+			errorx(1, "unknown user: %s", optarg);
+		    break;
+		case 'u':
+		    runas_user = optarg;
+		    break;
+		case 'v':
+		    if (mode && mode != MODE_VALIDATE)
+			usage_excl(1);
+		    mode = MODE_VALIDATE;
+		    valid_flags = MODE_INVALIDATE|MODE_NONINTERACTIVE;
+		    break;
+		case 'V':
+		    if (mode && mode != MODE_VERSION)
+			usage_excl(1);
+		    mode = MODE_VERSION;
+		    valid_flags = 0;
+		    break;
+		default:
+		    usage(1);
+	    }
+	} else if (!got_end_of_args && is_envar) {
+	    struct list_member *ev;
+
+	    /* Store environment variable. */
+	    ev = emalloc(sizeof(*ev));
+	    ev->value = argv[optind];
+	    ev->next = sudo_user.env_vars;
+	    sudo_user.env_vars = ev;
+
+	    /* Crank optind and resume getopt. */
+	    optind++;
+	} else {
+	    /* Not an option or an environment variable -- we're done. */
+	    break;
+	}
+    }
+
+    NewArgc = argc - optind;
+    NewArgv = argv + optind;
+
+    if (!mode) {
+	/* Defer -k mode setting until we know whether it is a flag or not */
+	if (ISSET(flags, MODE_INVALIDATE) && NewArgc == 0) {
+	    mode = MODE_INVALIDATE;	/* -k by itself */
+	    CLR(flags, MODE_INVALIDATE);
+	    valid_flags = 0;
+	} else {
+	    mode = MODE_RUN;		/* running a command */
+	}
+    }
+
+    if (NewArgc > 0 && mode == MODE_LIST)
+	mode = MODE_CHECK;
+
+    if (ISSET(flags, MODE_LOGIN_SHELL)) {
+	if (ISSET(flags, MODE_SHELL)) {
+	    warningx("you may not specify both the `-i' and `-s' options");
+	    usage(1);
+	}
+	if (ISSET(flags, MODE_PRESERVE_ENV)) {
+	    warningx("you may not specify both the `-i' and `-E' options");
+	    usage(1);
+	}
+	SET(flags, MODE_SHELL);
+    }
+    if ((flags & valid_flags) != flags)
+	usage(1);
+    if (mode == MODE_EDIT &&
+       (ISSET(flags, MODE_PRESERVE_ENV) || sudo_user.env_vars != NULL)) {
+	if (ISSET(mode, MODE_PRESERVE_ENV))
+	    warningx("the `-E' option is not valid in edit mode");
+	if (sudo_user.env_vars != NULL)
+	    warningx("you may not specify environment variables in edit mode");
+	usage(1);
+    }
+    if ((runas_user != NULL || runas_group != NULL) &&
+	!ISSET(mode, MODE_EDIT | MODE_RUN | MODE_CHECK | MODE_VALIDATE)) {
+	usage(1);
+    }
+    if (list_pw != NULL && mode != MODE_LIST && mode != MODE_CHECK) {
+	warningx("the `-U' option may only be used with the `-l' option");
+	usage(1);
+    }
+    if (ISSET(tgetpass_flags, TGP_STDIN) && ISSET(tgetpass_flags, TGP_ASKPASS)) {
+	warningx("the `-A' and `-S' options may not be used together");
+	usage(1);
+    }
+    if ((NewArgc == 0 && mode == MODE_EDIT) ||
+	(NewArgc > 0 && !ISSET(mode, MODE_RUN | MODE_EDIT | MODE_CHECK)))
+	usage(1);
+    if (NewArgc == 0 && mode == MODE_RUN && !ISSET(flags, MODE_SHELL))
+	SET(flags, (MODE_IMPLIED_SHELL | MODE_SHELL));
+
+    return(mode | flags);
+}
+
+static int
+usage_out(buf)
+    const char *buf;
+{
+    return fputs(buf, stderr);
+}
+
+/*
+ * Give usage message and exit.
+ * The actual usage strings are in sudo_usage.h for configure substitution.
+ */
+void
+usage(exit_val)
+    int exit_val;
+{
+    struct lbuf lbuf;
+    char *uvec[6];
+    int i, ulen;
+
+    /*
+     * Use usage vectors appropriate to the progname.
+     */
+    if (strcmp(getprogname(), "sudoedit") == 0) {
+	uvec[0] = SUDO_USAGE5 + 3;
+	uvec[1] = NULL;
+    } else {
+	uvec[0] = SUDO_USAGE1;
+	uvec[1] = SUDO_USAGE2;
+	uvec[2] = SUDO_USAGE3;
+	uvec[3] = SUDO_USAGE4;
+	uvec[4] = SUDO_USAGE5;
+	uvec[5] = NULL;
+    }
+
+    /*
+     * Print usage and wrap lines as needed, depending on the
+     * tty width.
+     */
+    ulen = (int)strlen(getprogname()) + 8;
+    lbuf_init(&lbuf, usage_out, ulen, NULL);
+    for (i = 0; uvec[i] != NULL; i++) {
+	lbuf_append(&lbuf, "usage: ", getprogname(), uvec[i], NULL);
+	lbuf_print(&lbuf);
+    }
+    lbuf_destroy(&lbuf);
+    exit(exit_val);
+}
+
+/*
+ * Tell which options are mutually exclusive and exit.
+ */
+static void
+usage_excl(exit_val)
+    int exit_val;
+{
+    warningx("Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified");
+    usage(exit_val);
+}
diff --git a/sudo-1.7.4p4/pathnames.h.in b/sudo-1.7.4p4/pathnames.h.in
new file mode 100644
index 0000000..96c4523
--- /dev/null
+++ b/sudo-1.7.4p4/pathnames.h.in
@@ -0,0 +1,151 @@
+/*
+ * Copyright (c) 1996, 1998, 1999, 2001, 2004, 2005, 2007-2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+/*
+ *  Pathnames to programs and files used by sudo.
+ */
+
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif /* HAVE_PATHS_H */
+
+#ifdef HAVE_MAILLOCK_H
+#include <maillock.h>
+#endif /* HAVE_MAILLOCK_H */
+
+#ifndef _PATH_DEV
+#define _PATH_DEV		"/dev/"
+#endif /* _PATH_DEV */
+
+#ifndef _PATH_TTY
+#define _PATH_TTY		"/dev/tty"
+#endif /* _PATH_TTY */
+
+#ifndef _PATH_DEVNULL
+#define _PATH_DEVNULL		"/dev/null"
+#endif /* _PATH_DEVNULL */
+
+#ifndef _PATH_DEFPATH
+#define _PATH_DEFPATH		"/usr/bin:/bin"
+#endif /* _PATH_DEFPATH */
+
+#ifndef _PATH_STDPATH
+#define _PATH_STDPATH		"/usr/bin:/bin:/usr/sbin:/sbin"
+#endif /* _PATH_STDPATH */
+
+#ifndef _PATH_ENVIRONMENT
+#define _PATH_ENVIRONMENT	"/etc/environment"
+#endif /* _PATH_ENVIRONMENT */
+
+/*
+ * NOTE: _PATH_SUDOERS is usually overridden by the Makefile.
+ */
+#ifndef _PATH_SUDOERS
+#define _PATH_SUDOERS		"/etc/sudoers"
+#endif /* _PATH_SUDOERS */
+
+/*
+ * The following paths are controlled via the configure script.
+ */
+
+/*
+ * Where to put the timestamp files.  Defaults to /var/run/sudo,
+ * /var/adm/sudo or /usr/adm/sudo depending on what exists.
+ */
+#ifndef _PATH_SUDO_TIMEDIR
+#undef _PATH_SUDO_TIMEDIR
+#endif /* _PATH_SUDO_TIMEDIR */
+
+/*
+ * Where to put the I/O log files.  Defaults to /var/log/sudo-io,
+ * /var/adm/sudo-io or /usr/adm/sudo-io depending on what exists.
+ */
+#ifndef _PATH_SUDO_IO_LOGDIR
+#undef _PATH_SUDO_IO_LOGDIR
+#endif /* _PATH_SUDO_IO_LOGDIR */
+
+/*
+ * Where to put the sudo log file when logging to a file.  Defaults to
+ * /var/log/sudo.log if /var/log exists, else /var/adm/sudo.log.
+ */
+#ifndef _PATH_SUDO_LOGFILE
+#undef _PATH_SUDO_LOGFILE
+#endif /* _PATH_SUDO_LOGFILE */
+
+#ifndef _PATH_SUDO_SENDMAIL
+#undef _PATH_SUDO_SENDMAIL
+#endif /* _PATH_SUDO_SENDMAIL */
+
+#ifndef _PATH_SUDO_NOEXEC
+#undef _PATH_SUDO_NOEXEC
+#endif /* _PATH_SUDO_NOEXEC */
+
+#ifndef _PATH_SUDO_ASKPASS
+#undef _PATH_SUDO_ASKPASS
+#endif /* _PATH_SUDO_ASKPASS */
+
+#ifndef _PATH_VI
+#undef _PATH_VI
+#endif /* _PATH_VI */
+
+#ifndef _PATH_MV
+#undef _PATH_MV
+#endif /* _PATH_MV */
+
+#ifndef _PATH_BSHELL
+#undef _PATH_BSHELL
+#endif /* _PATH_BSHELL */
+
+#ifndef _PATH_TMP
+#define	_PATH_TMP	"/tmp/"
+#endif /* _PATH_TMP */
+
+#ifndef _PATH_VARTMP
+#define	_PATH_VARTMP	"/var/tmp/"
+#endif /* _PATH_VARTMP */
+
+#ifndef _PATH_USRTMP
+#define	_PATH_USRTMP	"/usr/tmp/"
+#endif /* _PATH_USRTMP */
+
+#ifndef _PATH_MAILDIR
+#undef _PATH_MAILDIR
+#endif /* _PATH_MAILDIR */
+
+#ifndef _PATH_SUDO_SESH
+#undef _PATH_SUDO_SESH
+#endif /* _PATH_SUDO_SESH */
+
+#ifndef _PATH_LDAP_CONF
+#undef	_PATH_LDAP_CONF
+#endif /* _PATH_LDAP_CONF */
+
+#ifndef _PATH_LDAP_SECRET
+#undef	_PATH_LDAP_SECRET
+#endif /* _PATH_LDAP_SECRET */
+
+#ifndef _PATH_NSSWITCH_CONF
+#undef	_PATH_NSSWITCH_CONF
+#endif /* _PATH_NSSWITCH_CONF */
+
+#ifndef _PATH_NETSVC_CONF
+#undef	_PATH_NETSVC_CONF
+#endif /* _PATH_NETSVC_CONF */
diff --git a/sudo-1.7.4p4/pp b/sudo-1.7.4p4/pp
new file mode 100755
index 0000000..a997c0f
--- /dev/null
+++ b/sudo-1.7.4p4/pp
@@ -0,0 +1,6964 @@
+#!/bin/sh
+# (c) 2010 Quest Software, Inc. All rights reserved
+pp_revision="283"
+ # Copyright 2010 Quest Software, Inc.  All rights reserved.
+ #
+ # Redistribution and use in source and binary forms, with or without
+ # modification, are permitted provided that the following conditions
+ # are met:
+ #
+ # 1. Redistributions of source code must retain the above copyright
+ #    notice, this list of conditions and the following disclaimer.
+ # 2. Redistributions in binary form must reproduce the above copyright
+ #    notice, this list of conditions and the following disclaimer in the
+ #    documentation and/or other materials provided with the distribution.
+ # 3. Neither the name of Quest Software, Inc. nor the names of its
+ #    contributors may be used to endorse or promote products derived from
+ #    this software without specific prior written permission.
+ #
+ # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ # TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ # PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ # Please see <http://rc.quest.com/topics/polypkg/> for more information
+
+pp_version="1.0.0.$pp_revision"
+pp_copyright="Copyright 2010, Quest Software, Inc. All rights reserved."
+
+pp_opt_debug=false
+pp_opt_destdir="$DESTDIR"
+pp_opt_install_script=
+pp_opt_list=false
+pp_opt_no_clean=false
+pp_opt_no_package=false
+pp_opt_only_front=false
+pp_opt_platform=
+pp_opt_probe=false
+pp_opt_strip=false
+pp_opt_save_unstripped=false
+pp_opt_vas_platforms=false
+pp_opt_wrkdir="`pwd`/pp.work.$$"
+pp_opt_verbose=false
+pp_opt_version=false
+pp_opt_input="-"
+pp_opt_init_vars=""
+pp_opt_eval=
+
+test -n "$PP_NO_CLEAN" && pp_opt_no_clean=true
+test -n "$PP_DEBUG" && pp_opt_debug=true
+test -n "$PP_VERBOSE" && pp_opt_verbose=true
+
+pp_main_cleanup () {
+	pp_debug "main_cleanup"
+        pp_remove_later_now
+	if $pp_opt_no_clean || test x"$pp_platform" = x"unknown"; then
+	    : no cleanup
+	else
+	    pp_backend_${pp_platform}_cleanup
+	    $pp_errors && pp_die "Errors during cleanup"
+	    if test -d "$pp_wrkdir"; then
+		if $pp_opt_debug; then
+		    pp_debug "not removing $pp_wrkdir"
+		else
+		    pp_verbose rm -rf "$pp_wrkdir"
+		fi
+	    fi
+	fi
+}
+
+pp_parseopts () {
+        typeset a n _var _val
+	while test $# -gt 0; do
+
+	  # convert -[dilpv] to --long-options
+	  case "$1" in
+	    --?*=?*) n=`echo "$1" | sed -ne 's/^--\([^=]*\)=.*/\1/p'`
+	           a=`echo "$1" | sed -ne 's/^--[^=]*=\(.*\)/\1/p'`
+		   shift
+		   set -- "--$n" "$a" "$@";;
+	    --?*) : ;;
+
+	    -d)  shift; set -- "--debug" "$@";;
+	    -d*) a=`echo "$1" | sed -ne 's/^-.//'`
+		 shift; set -- "--debug" "$@";;
+
+	    -i) shift; set -- "--install-script" "$@";;
+	    -i*) a=`echo "$1" | sed -ne 's/^-.//'`
+		 shift; set -- "--install-script" "$a" "$@";;
+
+	    -l)  shift; set -- "--list" "$@";;
+	    -l*) a=`echo "$1" | sed -ne 's/^-.//'`
+		 shift; set -- "--list" "$@";;
+
+	    -p) shift; set -- "--platform" "$@";;
+	    -p*) a=`echo "$1" | sed -ne 's/^-.//'`
+		 shift; set -- "--platform" "$a" "$@";;
+
+	    -v)  shift; set -- "--verbose" "$@";;
+	    -v*) a=`echo "$1" | sed -ne 's/^-.//'`
+		 shift; set -- "--verbose" "$@";;
+
+	    -\?)  shift; set -- "--help" "$@";;
+	    -\?*) a=`echo "$1" | sed -ne 's/^-.//'`
+		 shift; set -- "--help" "$@";;
+	  esac
+
+	  case "$1" in
+	    --destdir|--eval|--install-script|--platform|--wrkdir)
+		test $# -ge 2 || pp_error "missing argument to $1";;
+	  esac
+
+	  case "$1" in
+	    --) 				       shift;break;;
+	    --debug)           pp_opt_debug=true;      shift;;
+	    --destdir)         pp_opt_destdir="$2";    shift;shift;;
+	    --eval)            pp_opt_eval="$2";       shift;shift;; # undoc
+	    --install-script)  pp_opt_install_script="$2"; shift;shift;;
+	    --list)            pp_opt_list=true;       shift;;
+	    --no-clean)        pp_opt_no_clean=true;   shift;;
+	    --no-package)      pp_opt_no_package=true; shift;;
+	    --only-front)      pp_opt_only_front=true; shift;;
+	    --platform)        pp_opt_platform="$2";   shift;shift;;
+	    --probe)           pp_opt_probe=true;      shift;;
+	    --strip)           pp_opt_strip=true;      shift;;
+	    --save-unstripped) pp_opt_save_unstripped=true; shift;;
+	    --wrkdir)          pp_opt_wrkdir="$2";     shift;shift;;
+	    --vas-platforms)   pp_opt_vas_platforms=true; shift;;
+	    --verbose)         pp_opt_verbose=true;    shift;;
+	    --version)         pp_opt_version=true;    shift;;
+	    --help)            pp_errors=true;         shift;;
+	    -) break;;
+	    -*) pp_error "unknown option $1"; shift;;
+	    *) break;;
+	  esac
+
+	done
+
+	pp_opt_input=-
+	if test $# -gt 0; then
+	    pp_opt_input="$1"
+	    shift
+	fi
+
+        #-- extra arguments of the form Foo=bar alter *global* vars
+        while test $# -gt 0; do
+            case "$1" in
+		-*)	pp_error "unexpected option '$1'"
+			shift;;
+                *=*)    _val="${1#*=}"
+                        _var=${1%="$_val"}
+                        _val=`echo "$_val"|sed -e 's/[$"\\]/\\&/g'`
+                        pp_debug "setting $_var = \"$_val\""
+                        pp_opt_init_vars="$pp_opt_init_vars$_var=\"$_val\";"
+                        shift;;
+                *)      pp_error "unexpected argument $1'"
+			shift;;
+            esac
+        done
+
+	test $# -gt 0 &&
+            pp_error "unknown argument $1"
+
+	if $pp_errors; then
+	    cat <<. >&2
+polypkg $pp_version $pp_copyright
+usage: $0 [options] [input.pp] [var=value ...]
+    -d --debug                  -- write copious info to stderr
+       --destdir=path           -- file root, defaults to \$DESTDIR
+    -? --help                   -- display this information
+    -i --install-script=path    -- create an install helper script
+    -l --list                   -- write package filenames to stdout
+       --no-clean               -- don't remove temporary files
+       --no-package             -- do everything but create packages
+       --only-front             -- only perform front-end actions
+    -p --platform=platform      -- defaults to local platform
+       --probe                  -- print local system identifier, then exit
+       --strip                  -- strip debug symbols from binaries before
+                                   packaging (modifies files in destdir)
+       --save-unstripped        -- save unstripped binaries to
+                                   \$name-\$version-unstripped.tar.gz
+       --wrkdir=path            -- defaults to subdirectory of \$TMPDIR or /tmp
+    -v --verbose                -- write info to stderr
+       --version                -- display version and quit
+.
+	    exit 1
+	fi
+}
+
+pp_drive () {
+	# initialise the front and back ends
+        pp_model_init
+	pp_frontend_init
+	$pp_opt_only_front || pp_backend_init
+
+	# run the front-end to generate the intermediate files
+        # set $pp_input_dir to be the 'include dir' if needed
+	pp_debug "calling frontend on $pp_opt_input"
+	case "$pp_opt_input" in
+	    -)   pp_input_dir=.
+		 test -t 1<&0 &&
+		    pp_warn "reading directives from standard input"
+                 pp_frontend
+                 ;;
+            */*) pp_input_dir=${pp_opt_input%/*}
+	         pp_frontend <"$pp_opt_input"
+                 ;;
+            *)   pp_input_dir=.
+	         pp_frontend <"$pp_opt_input"
+                 ;;
+	esac
+
+        pp_files_ignore_others
+        pp_service_scan_groups
+
+	# some sanity checks after front-end processing
+        if test x"$pp_platform" != x"null"; then
+	    pp_debug "sanity checks"
+	    test -n "$pp_components" || pp_error "No components?"
+	    pp_check_var_is_defined  "name"
+	    pp_check_var_is_defined  "version"
+            pp_files_check_duplicates
+            pp_files_check_coverage
+	    pp_die_if_errors "Errors during sanity checks"
+        fi
+
+	# stop now if we're only running the front
+	$pp_opt_only_front && return
+
+	if test x"$pp_opt_strip" = x"true"; then
+	    pp_strip_binaries
+	fi
+
+	# run the back-end to generate the package
+	pp_debug "calling backend"
+	pp_backend
+	pp_die_if_errors "Errors during backend processing"
+
+	# copy the resulting package files to PP_PKGDESTDIR or .
+	for f in `pp_backend_names` -; do
+           test x"$f" = x"-" && continue
+	   pp_debug "copying: $f to `pwd`"
+	   if pp_verbose cp -r $pp_wrkdir/$f ${PP_PKGDESTDIR:-.}; then
+               echo "${PP_PKGDESTDIR:+$PP_PKGDESTDIR/}$f"
+           else
+               pp_error "$f: missing package"
+           fi
+	done
+	pp_die_if_errors "Errors during package copying"
+}
+
+pp_install_script () {
+        pp_debug "writing install script to $pp_opt_install_script"
+        rm -f $pp_opt_install_script
+        pp_backend_install_script > $pp_opt_install_script
+	pp_die_if_errors "Errors during package install script"
+        chmod +x $pp_opt_install_script
+}
+
+pp_main () {
+	# If PP_DEV_PATH is set, then jump to that script.
+	# (Useful when working on polypkg source that isn't installed)
+	if test -n "$PP_DEV_PATH" -a x"$PP_DEV_PATH" != x"$0"; then
+	    pp_warn "switching from $0 to $PP_DEV_PATH ..."
+	    exec "$PP_DEV_PATH" "$@" || exit 1
+	fi
+
+	pp_set_expand_converter_or_reexec "$@"
+	pp_parseopts "$@"
+
+        if $pp_opt_version; then
+            #-- print version and exit
+            echo "polypkg $pp_version"
+            exit 0
+        fi
+
+	pp_set_platform
+
+	trap 'pp_main_cleanup' 0
+
+	pp_wrkdir="$pp_opt_wrkdir"
+	pp_debug "pp_wrkdir = $pp_wrkdir"
+	rm -rf "$pp_wrkdir"
+	mkdir -p "$pp_wrkdir"
+
+	pp_destdir="$pp_opt_destdir"
+	pp_debug "pp_destdir = $pp_destdir"
+
+        if $pp_opt_probe; then
+	    pp_backend_init
+            pp_backend_probe
+        elif $pp_opt_vas_platforms; then
+	    pp_backend_init
+            pp_backend_vas_platforms
+	elif test -n "$pp_opt_eval"; then
+	    #-- execute a shell command
+	    eval "$pp_opt_eval" || exit
+	else
+	    pp_drive
+	    if test -n "$pp_opt_install_script"; then
+		pp_install_script
+	    fi
+        fi
+
+	exit 0
+}
+
+
+pp_errors=false
+
+if test -n "$TERM" -a -t 1 && (tput op) >/dev/null 2>/dev/null; then
+   pp_col_redfg=`tput setf 4` 2>/dev/null
+   pp_col_bluefg=`tput setf 1` 2>/dev/null
+   pp_col_reset=`tput op` 2>/dev/null
+else
+   pp_col_redfg='['
+   pp_col_bluefg='['
+   pp_col_reset=']'
+fi
+
+pp__warn () {
+	if test x"" = x"$pp_lineno"; then
+	    echo "$1 $2" >&2
+	else
+	    echo "$1 line $pp_lineno: $2" >&2
+	fi
+}
+
+pp_warn () {
+	pp__warn "pp: ${pp_col_redfg}warning${pp_col_reset}" "$*"
+}
+
+pp_error () {
+	pp__warn "pp: ${pp_col_redfg}error${pp_col_reset}" "$*"
+	pp_errors=true
+}
+
+pp_die () {
+	pp_error "$@"
+	exit 1
+}
+
+pp_die_if_errors () {
+	$pp_errors && pp_die "$@"
+}
+
+pp_debug () {
+	$pp_opt_debug && echo "${pp_col_bluefg}debug${pp_col_reset} $*" >&2
+}
+
+pp_verbose () {
+	$pp_opt_verbose && echo "pp: ${pp_col_bluefg}info${pp_col_reset} $*" >&2
+	"$@";
+}
+
+pp_substitute () {
+  sed -e 's,%(\([^)]*\)),`\1`,g' \
+      -e 's,%{\([^}]*\)},${\1},g' \
+      -e 's,$,,' |
+  tr '' '\012' |
+  sed -e '/^[^]/s/["$`\\]/\\&/g' \
+      -e 's/^//' \
+      -e '1s/^/echo "/' \
+      -e '$s,$,",' \
+      -e 's,,"echo ",g' |
+  tr -d '\012' |
+  tr '' '\012'
+  echo
+}
+
+pp_incr () {
+    eval "$1=\`expr \$$1 + 1\`"
+}
+
+pp_decr () {
+    eval "$1=\`expr \$$1 - 1\`"
+}
+
+pp_check_var_is_defined () {
+    if eval test -z "\"\$$1\""; then
+	pp_error "\$$1: not set"
+	eval "$1=undefined"
+    fi
+}
+
+pp_contains () {
+    case " $1 " in
+       *" $2 "*) return 0;;
+       *) return 1;;
+    esac
+}
+
+pp_contains_all () {
+    typeset _s _c
+    _l="$1"; shift
+    for _w
+    do
+	pp_contains "$_l" "$_w" || return 1
+    done
+    return 0
+}
+
+pp_contains_any () {
+    typeset _s _c
+    _l="$1"; shift
+    for _w
+    do
+	pp_contains "$_l" "$_w" && return 0
+    done
+    return 1
+}
+
+pp_add_to_list () {
+    if eval test -z \"\$$1\"; then
+	eval $1='"$2"'
+    elif eval pp_contains '"$'$1'"' '"$2"'; then
+	: already there
+    else
+	eval $1='"$'$1' $2"'
+    fi
+}
+
+pp_unique () {
+    typeset result element
+    result=
+    for element
+    do
+	pp_add_to_list result $element
+    done
+    echo $result
+}
+
+pp_mode_strip_altaccess () {
+    case "$1" in
+	??????????+)
+	    echo `echo "$1" | cut -b -10`;;
+	*)
+	    echo "$1";;
+    esac
+}
+
+pp_mode_from_ls () {
+   typeset umode gmode omode smode
+
+   set -- `pp_mode_strip_altaccess "$1"`
+
+   case "$1" in
+	?--[-X]??????) umode=0;;
+	?--[xs]??????) umode=1;;
+	?-w[-X]??????) umode=2;;
+	?-w[xs]??????) umode=3;;
+	?r-[-X]??????) umode=4;;
+	?r-[xs]??????) umode=5;;
+	?rw[-X]??????) umode=6;;
+	?rw[xs]??????) umode=7;;
+	*) pp_error "bad user mode $1";;
+   esac
+
+   case "$1" in
+	????--[-S]???) gmode=0;;
+	????--[xs]???) gmode=1;;
+	????-w[-S]???) gmode=2;;
+	????-w[xs]???) gmode=3;;
+	????r-[-X]???) gmode=4;;
+	????r-[xs]???) gmode=5;;
+	????rw[-X]???) gmode=6;;
+	????rw[xs]???) gmode=7;;
+	*) pp_error "bad group mode $1";;
+   esac
+
+   case "$1" in
+	???????--[-T]) omode=0;;
+	???????--[xt]) omode=1;;
+	???????-w[-T]) omode=2;;
+	???????-w[xt]) omode=3;;
+	???????r-[-T]) omode=4;;
+	???????r-[xt]) omode=5;;
+	???????rw[-T]) omode=6;;
+	???????rw[xt]) omode=7;;
+	*) pp_error "bad other mode $1";;
+   esac
+
+   case "$1" in
+	???[-x]??[-x]??[-x]) smode=;;
+	???[-x]??[-x]??[tT]) smode=1;;
+	???[-x]??[Ss]??[-x]) smode=2;;
+	???[-x]??[Ss]??[tT]) smode=3;;
+	???[Ss]??[-x]??[-x]) smode=4;;
+	???[Ss]??[-x]??[tT]) smode=5;;
+	???[Ss]??[Ss]??[-x]) smode=6;;
+	???[Ss]??[Ss]??[tT]) smode=7;;
+	*) pp_error "bad set-id mode $1";;
+   esac
+
+   echo "$smode$umode$gmode$omode"
+}
+
+pp_find_recurse () {
+  pp_debug "find: ${1#$pp_destdir}/"
+  for f in "$1"/.* "$1"/*; do
+    case "$f" in */.|*/..) continue;; esac  # should never happen!
+    if test -d "$f" -o -f "$f" -o -h "$f"; then
+        if test -d "$f" -a ! -h "$f"; then
+            echo "${f#$pp_destdir}/"
+            pp_find_recurse "$f"
+        else
+            echo "${f#$pp_destdir}"
+        fi
+    fi
+  done
+}
+
+pp_prepend () {
+    #test -t && pp_warn "pp_prepend: stdin is a tty?"
+    if test -f $1; then
+        pp_debug "prepending to $1"
+        mv $1 $1._prepend
+        cat - $1._prepend >$1
+        rm -f $1._prepend
+    else
+        pp_debug "prepend: creating $1"
+        cat >$1
+    fi
+}
+
+pp_note_file_used() {
+    echo "$1" >> $pp_wrkdir/all.files
+}
+
+pp_create_dir_if_missing () {
+    case "$1" in
+        */) pp_error "pp_create_dir_if_missing: trailing / forbidden";;
+	"") return 0;;
+	*)  if test ! -d "$pp_destdir$1"; then
+                pp_debug "fabricating directory $1/"
+		pp_create_dir_if_missing "${1%/*}"
+		mkdir "$pp_destdir$1" &&
+                    pp_note_file_used "$1/"
+		pp_remove_later "$1" &&
+		chmod ${2:-755} "$pp_destdir$1"
+	    fi;;
+    esac
+}
+
+pp_add_file_if_missing () {
+    typeset dir
+    #-- check that the file isn't already declared in the component
+    if test -s $pp_wrkdir/%files.${2:-run}; then
+      awk "\$6 == \"$1\" {exit 1}" < $pp_wrkdir/%files.${2:-run} || return 1
+    fi
+
+    pp_create_dir_if_missing "${1%/*}"
+    pp_debug "fabricating file $1"
+    echo "f ${3:-755} - - ${4:--} $1" >> $pp_wrkdir/%files.${2:-run}
+    pp_note_file_used "$1"
+    pp_remove_later "$1"
+    return 0
+}
+
+pp_add_transient_file () {
+    test -f "$pp_destdir$1" && pp_die "$pp_destdir$1: exists"
+    pp_create_dir_if_missing "${1%/*}"
+    pp_debug "transient file $1"
+    pp_note_file_used "$1"
+    pp_remove_later "$1"
+}
+
+pp_remove_later () {
+   {
+	echo "$1"
+	test -s $pp_wrkdir/pp_cleanup && cat $pp_wrkdir/pp_cleanup
+   } > $pp_wrkdir/pp_cleanup.new
+   mv $pp_wrkdir/pp_cleanup.new $pp_wrkdir/pp_cleanup
+}
+
+pp_ls_readlink () {
+    if test -h "$1"; then
+        ls -1ld "$1" | sed -ne 's,.* -> ,,p'
+    else
+        echo "$1: not a symbolic link" >&2
+        return 1
+    fi
+}
+
+pp_remove_later_now () {
+    typeset f
+    if test -s $pp_wrkdir/pp_cleanup; then
+        pp_debug "pp_remove_later_now"
+        while read f; do
+            pp_debug "removing $pp_destdir$f"
+	    if test -d $pp_destdir$f; then
+		rmdir $pp_destdir$f
+	    else
+		rm $pp_destdir$f
+	    fi
+        done < $pp_wrkdir/pp_cleanup
+        rm $pp_wrkdir/pp_cleanup
+    fi
+}
+
+pp_readlink() {
+
+pp_debug "&& pp_readlink_fn=$pp_readlink_fn"
+
+    if test -n "$pp_readlink_fn"; then
+pp_debug "&& calling $pp_readlink_fn $*"
+        "$pp_readlink_fn" "$@"
+    else
+        readlink "$@"
+    fi
+}
+
+
+pp_install_script_common () {
+        cat <<-.
+
+            # Automatically generated for
+            #    $name $version ($pp_platform)
+            # by PolyPackage $pp_version
+
+            usage () {
+              case "$1" in
+              "list-services")
+                echo "usage: \$0 list-services" ;;
+              "list-components")
+                echo "usage: \$0 list-components" ;;
+              "list-files")
+                echo "usage: \$0 list-files {cpt...|all}" ;;
+              "install")
+                echo "usage: \$0 install {cpt...|all}" ;;
+              "uninstall")
+                echo "usage: \$0 uninstall {cpt...|all}" ;;
+              "start")
+                echo "usage: \$0 start {svc...}" ;;
+              "stop")
+                echo "usage: \$0 stop {svc...}" ;;
+              "print-platform")
+                echo "usage: \$0 print-platform" ;;
+              *)
+                echo "usage: \$0 [-q] command [args]"
+                echo "   list-services"
+                echo "   list-components"
+                echo "   list-files {cpt...|all}"
+                echo "   install {cpt...|all}"
+                echo "   uninstall {cpt...|all}"
+                echo "   start {svc...}"
+                echo "   stop {svc...}"
+                echo "   print-platform"
+                ;;
+              esac >&2
+              exit 1
+            }
+
+            if test x"\$1" = x"-q"; then
+                shift
+                verbose () { "\$@"; }
+                verbosemsg () { : ; }
+            else
+                verbose () { echo "+ \$*"; "\$@"; }
+                verbosemsg () { echo "\$*"; }
+            fi
+.
+}
+
+
+pp_functions () {
+    typeset func deps allfuncs
+    allfuncs=
+    while test $# -gt 0; do
+	pp_add_to_list allfuncs "$1"
+	deps=`pp_backend_function "$1:depends"`
+	shift
+	set -- `pp_unique "$@" $deps`
+    done
+
+    for func in $allfuncs
+    do
+        pp_debug "generating function code for '$1'"
+        echo ""
+        echo "$func () {"
+	case "$func" in
+	    pp_mkgroup|pp_mkuser|pp_havelib) echo <<.;;
+		if test \$# -lt 1; then
+		    echo "$func: not enough arguments" >&2
+		    return 1
+		fi
+.
+	esac
+        pp_backend_function "$func" || cat <<.
+		echo "$func: not implemented" >&2
+		return 1
+.
+        echo "}"
+    done
+}
+
+pp_function () {
+    pp_functions "$1"
+}
+
+pp_makevar () {
+    #-- convert all non alpha/digits to underscores
+    echo "$*" | tr -c '[a-z][A-Z][0-9]\012' '[_*]'
+}
+
+pp_getpwuid () {
+    awk -F: '$3 == uid { if (!found) print $1; found=1; } END { if (!found) exit 1; }' uid="$1" \
+	< /etc/passwd || pp_error "no local username for uid $1"
+}
+
+pp_getgrgid () {
+    awk -F: '$3 == gid { if (!found) print $1; found=1; } END { if (!found) exit 1; }' gid="$1" \
+	< /etc/group || pp_error "no local group for gid $1"
+}
+
+pp_backend_function_getopt () {
+    cat <<'..'
+pp_getopt () {
+     _pp_optstring="$1"; shift; eval `_pp_getopt "$_pp_optstring"`
+}
+_pp_getopt_meta=s,[\\\\\"\'\`\$\&\;\(\)\{\}\#\%\ \	],\\\\\&,g
+_pp_protect () {
+    sed "$_pp_getopt_meta" <<. | tr '\012' ' '
+$*
+.
+}
+_pp_protect2 () {
+    sed "s,^..,,$pp_getopt_meta" <<. | tr '\012' ' '
+$*
+.
+}
+_pp_nonl () {
+    tr '\012' ' ' <<.
+$*
+.
+}
+_pp_getopt () {
+    _pp_nonl '_pp_nonl set --; while test $# -gt 0; do case "$1" in "--") shift; break;;'
+    sed 's/\([^: 	]:*\)/<@<\1>@>/g;
+	 s/<@<\(.\):>@>/"-\1")  _pp_nonl -"\1"; _pp_protect "$2"; shift; shift;; "-\1"*) _pp_nonl -"\1"; _pp_protect2 "$1"; shift;;/g;s/<@<\(.\)>@>/ "-\1")  _pp_nonl -"\1"; shift;; "-\1"*) _pp_nonl -"\1"; _pp_tmp="$1"; shift; set -- -`_pp_protect2 "$_pp_tmp"` "$@";;/g' <<.
+$1
+.
+    _pp_nonl '-*) echo "$1: unknown option">&2; return 1;; *) break;; esac; done; _pp_nonl --; while test $# -gt 0; do _pp_nonl "$1"; shift; done; echo'
+    echo
+}
+..
+}
+
+pp_copy_unstripped () {
+    typeset filedir realdir
+    filedir="`dirname ${1#$pp_destdir}`"
+    realdir="$pp_wrkdir/unstripped/$filedir"
+
+    mkdir -p "$realdir"
+    # Can't use hardlinks because `strip` modifies the original file in-place
+    cp "$1" "$realdir"
+}
+
+pp_package_stripped_binaries () {
+    (cd "$pp_wrkdir/unstripped" && tar -c .) \
+     | gzip > "$name-dbg-$version.tar.gz"
+    rm -rf "$pp_wrkdir/unstripped"
+}
+
+pp_strip_binaries () {
+    if test x"$pp_opt_save_unstripped" = x"true"; then
+	rm  -rf "$pp_wrkdir/unstripped"
+	mkdir "$pp_wrkdir/unstripped"
+    fi
+
+    for f in `find "$pp_destdir" -type f`; do
+	if file "$f" | awk '{print $2}' | grep ^ELF >/dev/null 2>&1; then
+	    if test x"$pp_opt_save_unstripped" = x"true"; then
+		if file "$f" | LC_MESSAGES=C grep 'not stripped' >/dev/null 2>&1; then
+		    pp_debug "Saving unstripped binary $f"
+		    pp_copy_unstripped "$f"
+		else
+		    pp_debug "$f is already stripped; not saving a copy"
+		fi
+	    fi
+	    pp_debug "Stripping unnecessary symbols from $f"
+	    strip "$f"
+	fi
+    done
+
+    if test x"$pp_opt_save_unstripped" = x"true"; then
+	pp_package_stripped_binaries
+    fi
+}
+
+pp_if_true=0
+pp_if_false=0
+
+pp_frontend_init () {
+    name=
+    version=
+    summary="no summary"
+    description="No description"
+    copyright="Copyright 2010 Quest Software, Inc. All rights reserved."
+
+    #-- if the user supplied extra arguments on the command line
+    #   then load them now.
+    pp_debug "pp_opt_init_vars=$pp_opt_init_vars"
+    test -n "$pp_opt_init_vars" && eval "$pp_opt_init_vars"
+}
+
+pp_is_qualifier () {
+    typeset ret
+
+    case "$1" in
+        "["*"]") ret=true;;
+        *)       ret=false;;
+    esac
+    pp_debug "is_qualifier: $* -> $ret"
+    test $ret = true
+}
+
+pp_eval_qualifier () {
+    typeset ret
+
+    case "$1" in
+        "[!$pp_platform]"| \
+         "[!"*",$pp_platform]"| \
+         "[!$pp_platform,"*"]"| \
+         "[!"*",$pp_platform,"*"]") ret=false;;
+        "[!"*"]") ret=true;;
+        "[$pp_platform]"| \
+         "["*",$pp_platform]"| \
+         "[$pp_platform,"*"]"| \
+         "["*",$pp_platform,"*"]") ret=true;;
+        "["*"]") ret=false;;
+        *) pp_die "pp_eval_qualifier: bad qualifier '$1'"
+    esac
+    pp_debug "eval: $* -> $ret"
+    test true = $ret
+}
+
+pp_frontend_if () {
+    typeset ifcmd ifret
+    ifcmd="$1";
+    shift
+    case "$ifcmd" in
+	%if) if test 0 = $pp_if_false; then
+		case "$*" in
+		    true |1) pp_incr pp_if_true;;
+		    false|0) pp_incr pp_if_false;;
+                    *)
+			ifret=true
+                        if pp_is_qualifier "$*"; then
+                            pp_eval_qualifier "$*" || ifret=false
+                        else
+			    eval test "$@" || ifret=false
+			    pp_debug "evaluating test $* -> $ifret"
+			fi
+			pp_incr pp_if_$ifret
+                        ;;
+		esac
+	     else
+		pp_incr pp_if_false
+	     fi;;
+	%else)  test $# = 0 || pp_warn "ignoring argument to %else"
+		if test $pp_if_false -gt 1; then
+		  : no change
+		elif test $pp_if_false = 1; then
+		  pp_incr pp_if_true
+		  pp_decr pp_if_false
+		elif test $pp_if_true = 0; then
+		  pp_die "unmatched %else"
+		else
+		  pp_incr pp_if_false
+		  pp_decr pp_if_true
+		fi;;
+	%endif) test $# = 0 || pp_warn "ignoring argument to %endif"
+		if test $pp_if_false -gt 0; then
+		  pp_decr pp_if_false
+		elif test $pp_if_true -gt 0; then
+		  pp_decr pp_if_true
+		else
+		  pp_die "unmatched %endif"
+		fi;;
+	*) pp_die "frontend_if: unknown cmd $ifcmd";;
+    esac
+}
+
+
+pp_frontend () {
+  typeset section newsection sed_word sed_ws line cpt svc
+  typeset section_enabled newsection_enabled s sed sed_candidate
+
+  section='%_initial'
+  newsection='%_initial'
+  section_enabled=:
+  newsection_enabled=:
+  sed_word="[a-zA-Z_][a-zA-Z_0-9]*"
+  sed_ws="[ 	]"
+
+  #-- not all seds are created equal
+  sed=
+  for sed_candidate in ${PP_SED:-sed} /usr/xpg4/bin/sed; do
+      if echo 'foo' | $sed_candidate -ne '/^\(x\)*foo/p' | grep foo > /dev/null
+      then
+        sed="$sed_candidate"
+        break
+      fi
+  done
+  test -z "$sed" &&
+        pp_die "sed is broken on this system"
+
+  pp_lineno=0
+
+  #-- Note: this sed script should perform similar to pp_eval_qualifier()
+  $sed -e "/^#/s/.*//" \
+       -e "/^\\[!\\($sed_word,\\)*$pp_platform\\(,$sed_word\\)*\\]/s/.*//" \
+       -e "s/^\\[\\($sed_word,\\)*$pp_platform\\(,$sed_word\\)*\\]$sed_ws*//" \
+       -e "s/^\\[!\\($sed_word,\\)*$sed_word\\]$sed_ws*//" \
+       -e "/^\\[\\($sed_word,\\)*$sed_word\\]/s/.*//" \
+       -e "s/^%$sed_ws*/%/" \
+       -e "s/^$sed_ws/%\\\\&/" \
+     > $pp_wrkdir/frontend.tmp
+
+  #-- add an ignore section at the end to force section completion
+  echo '%ignore' >> $pp_wrkdir/frontend.tmp
+  echo  >> $pp_wrkdir/frontend.tmp
+
+  exec 0<$pp_wrkdir/frontend.tmp
+  : > $pp_wrkdir/tmp
+  : > $pp_wrkdir/%fixup
+  while read -r line; do
+     #-- Convert leading double-% to single-%, or switch sections
+     pp_incr pp_lineno
+
+     pp_debug "line $pp_lineno: $line"
+     set -f
+     set -- $line
+     set +f
+     #pp_debug "line $pp_lineno: $*"
+
+     case "$line" in %*)
+        case "$1" in
+	   %if|%else|%endif)
+                pp_debug "processing if directive $1"
+	   	pp_frontend_if "$@"
+		continue;;
+	esac
+	test 0 -ne $pp_if_false && continue	# ignore lines %if'd out
+
+        case "$1" in
+	  %set|%fixup|%ignore)
+             pp_debug "processing new section $1"
+	     newsection="$1"; shift
+             newsection_enabled=:
+             if pp_is_qualifier "$1"; then
+                pp_eval_qualifier "$1" || newsection_enabled=false
+                shift
+             fi
+	     test $# -eq 0 || pp_warn "ignoring extra arguments: $line"
+	     continue;;
+	  %pre|%post|%preun|%postup|%postun|%files|%depend|%check)
+             pp_debug "processing new component section $*"
+             s="$1"; shift
+             if test $# -eq 0 || pp_is_qualifier "$1"; then
+                cpt=run
+             else
+                cpt="$1"
+                shift
+             fi
+             newsection="$s.$cpt"
+             newsection_enabled=:
+             if test $# -gt 0 && pp_is_qualifier "$1"; then
+                pp_eval_qualifier "$1" || newsection_enabled=false
+                shift
+             fi
+             test $# -eq 0 ||
+                pp_warn "ignoring extra arguments: $line"
+             case "$cpt" in
+                run|dbg|doc|dev)
+                    $newsection_enabled && pp_add_component "$cpt";;
+                x-*) :;;    # useful for discarding stuff
+                *) pp_error "unknown component: $1 $cpt";;
+             esac
+	     continue;;
+          %pp)
+            newsection="%ignore"; shift
+            if test $# -gt 0; then
+                pp_set_api_version "$1"
+                shift
+            else
+                pp_error "%pp: missing version"
+            fi
+            test $# -gt 0 &&
+                pp_error "%pp: too many arguments"
+            continue;;
+	  %service)
+             pp_debug "processing new service section $1 $2"
+             s="$1"; shift
+             if test $# -eq 0 || pp_is_qualifier "$1"; then
+                pp_error "$s: service name required"
+                svc=unknown
+             else
+                svc="$1"; shift
+             fi
+
+	     newsection="$s.$svc"
+             newsection_enabled=:
+	     if test $# -gt 0 && pp_is_qualifier "$1"; then
+                pp_eval_qualifier "$1" || newsection_enabled=false
+                shift
+             fi
+             test $# -eq 0 ||
+                pp_warn "ignoring extra arguments: $line"
+	     $newsection_enabled && pp_add_service "$svc"
+	     continue;;
+	  %\\*)
+             pp_debug "removing leading %\\"
+	     line="${line#??}"
+             pp_debug "  result is <$line>"
+             set -f
+             set -- $line
+             set +f
+             ;;
+	  %%*)
+             pp_debug "removing leading %"
+	     line="${line#%}"
+             set -f
+             set -- $line
+             set +f
+	     ;;
+	  %*)
+	     pp_error "unknown section $1"
+	     newsection='%ignore'
+             newsection_enabled=:
+	     continue;;
+	esac;;
+     esac
+
+     test 0 != $pp_if_false && continue	# ignore lines %if'd out
+
+     pp_debug "section=$section (enabled=$section_enabled) newsection=$newsection (enabled=$newsection_enabled)"
+
+     #-- finish processing a previous section
+     if test x"$newsection" != x""; then
+      $section_enabled && case "$section" in
+     	%ignore|%_initial)
+                pp_debug "leaving ignored section $section"
+		: ignore  # guaranteed to be the last section
+		;;
+	%set)
+                pp_debug "leaving $section: sourcing $pp_wrkdir/tmp"
+                $pp_opt_debug && cat $pp_wrkdir/tmp >&2
+		. $pp_wrkdir/tmp
+		: > $pp_wrkdir/tmp
+		;;
+	%pre.*|%preun.*|%post.*|%postup.*|%postun.*|%depend.*|%check.*|%service.*|%fixup)
+                pp_debug "leaving $section: substituting $pp_wrkdir/tmp"
+                # cat $pp_wrkdir/tmp >&2    # debugging
+                $pp_opt_debug && pp_substitute < $pp_wrkdir/tmp >&2
+		pp_substitute < $pp_wrkdir/tmp > $pp_wrkdir/tmp.sh
+                . $pp_wrkdir/tmp.sh >> $pp_wrkdir/$section ||
+                    pp_error "shell error in $section"
+		rm -f $pp_wrkdir/tmp.sh
+		: > $pp_wrkdir/tmp
+		;;
+      esac
+      section="$newsection"
+      section_enabled="$newsection_enabled"
+      newsection=
+     fi
+
+     #-- ignore section content that is disabled
+     $section_enabled || continue
+
+     #-- process some lines in-place
+     case "$section" in
+	%_initial)
+		case "$line" in "") continue;; esac # ignore non-section blanks
+		pp_die "Ignoring text before % section introducer";;
+	%set|%pre.*|%preun.*|%post.*|%postup.*|%postun.*|%check.*|%service.*|%fixup)
+                pp_debug "appending line to \$pp_wrkdir/tmp"
+		echo "$line" >> $pp_wrkdir/tmp
+		;;
+	%files.*)
+		test $# -eq 0 && continue;
+		pp_files_expand "$@" >> $pp_wrkdir/$section
+		;;
+	%depend.*)
+		pp_debug "Adding explicit dependency $@ to $cpt"
+		echo "$@" >> $pp_wrkdir/%depend.$cpt
+		;;
+     esac
+  done
+  exec <&-
+
+  if test $pp_if_true != 0 -o $pp_if_false != 0; then
+	pp_die "missing %endif at end of file"
+  fi
+
+  pp_lineno=
+
+  pp_debug " name        = $name"
+  pp_debug " version     = $version"
+  pp_debug " summary     = $summary"
+  pp_debug " description = $description"
+  pp_debug " copyright   = $copyright"
+  pp_debug ""
+  pp_debug "\$pp_components: $pp_components"
+  pp_debug "\$pp_services:   $pp_services"
+}
+
+pp_set_api_version() {
+    case "$1" in
+        1.0)    : ;;
+        *)      pp_error "This version of polypackage is too old";;
+    esac
+}
+
+pp_platform=
+
+pp_set_platform () {
+    if test -n "$pp_opt_platform"; then
+	pp_contains "$pp_platforms" "$pp_opt_platform" ||
+		pp_die "$pp_opt_platform: unknown platform"
+	pp_platform="$pp_opt_platform"
+    else
+	uname_s=`uname -s 2>/dev/null`
+	pp_platform=
+	for p in $pp_platforms; do
+	    pp_debug "probing for platform $p"
+	    if eval pp_backend_${p}_detect "$uname_s"; then
+		pp_platform="$p"
+		break;
+	    fi
+	done
+	test -z "$pp_platform" &&
+		pp_die "cannot detect platform (supported: $pp_platforms)"
+    fi
+    pp_debug "pp_platform = $pp_platform"
+}
+
+pp_expand_path=
+
+pp_expand_test_usr_bin () {
+	awk '$1 == "/usr" || $2 == "/usr" {usr++}
+	     $1 == "/bin" || $2 == "/bin" {bin++}
+	     END { if (usr == 1 && bin == 1) exit(0); else exit(1); }'
+}
+
+pp_set_expand_converter_or_reexec () {
+    test -d /usr -a -d /bin ||
+	pp_die "missing /usr or /bin"
+    echo /usr /bin | pp_expand_test_usr_bin || pp_die "pp_expand_test_usr_bin?"
+    if (eval "echo /{usr,bin}" | pp_expand_test_usr_bin) 2>/dev/null; then
+	pp_expand_path=pp_expand_path_brace
+    elif (eval "echo /@(usr|bin)" | pp_expand_test_usr_bin) 2>/dev/null; then
+	pp_expand_path=pp_expand_path_at
+    else
+	test x"$pp_expand_rexec" != x"true" ||
+	    pp_die "problem finding shell that can do brace expansion"
+	for shell in ksh ksh93 bash; do
+	    if ($shell -c 'echo /{usr,bin}' |
+			pp_expand_test_usr_bin) 2>/dev/null ||
+	       ($shell -c 'echo /@(usr|bin)' |
+			pp_expand_test_usr_bin) 2>/dev/null
+	    then
+                pp_debug "switching to shell $shell"
+		pp_expand_rexec=true exec $shell "$0" "$@"
+	    fi
+	done
+	pp_die "cannot find a shell that does brace expansion"
+    fi
+}
+
+pp_expand_path_brace () {
+	typeset f
+	eval "for f in $1; do echo \"\$f\"; done|sort -u"
+}
+
+pp_expand_path_at () {
+	typeset f
+	eval "for f in `
+	    echo "$1" | sed -e 's/{/@(/g' -e 's/}/)/g' -e 's/,/|/g'
+		`; do echo \"\$f\"; done|sort -u"
+}
+
+pp_shlib_suffix='.so*'
+
+pp_model_init () {
+    #@ $pp_components: whitespace-delimited list of components seen in %files
+    pp_components=
+    #@ $pp_services: whitespace-delimited list of %service seen
+    pp_services=
+
+    rm -f $pp_wrkdir/%files.* \
+          $pp_wrkdir/%post.* \
+          $pp_wrkdir/%pre.* \
+          $pp_wrkdir/%preun.* \
+          $pp_wrkdir/%postup.* \
+          $pp_wrkdir/%postun.* \
+          $pp_wrkdir/%service.* \
+          $pp_wrkdir/%set \
+          $pp_wrkdir/%fixup
+}
+
+
+pp_have_component () {
+	pp_contains "$pp_components" "$1"
+}
+
+pp_have_all_components () {
+	pp_contains_all "$pp_components" "$@"
+}
+
+pp_add_component () {
+	pp_add_to_list 'pp_components' "$1"
+}
+
+pp_add_service () {
+	pp_add_to_list 'pp_services' "$1"
+}
+
+pp_service_init_vars () {
+	cmd=
+	pidfile=
+	stop_signal=15		# SIGTERM
+	user=root
+	group=
+	enable=yes		# make it so the service starts on boot
+	optional=no		# Whether installing this service is optional
+	pp_backend_init_svc_vars
+}
+
+pp_service_check_vars () {
+	test -n "$cmd" ||
+		pp_error "%service $1: cmd not defined"
+	case "$enable" in
+	    yes|no) : ;;
+	    *) pp_error "%service $1: \$enable must be set to yes or no";;
+	esac
+}
+
+pp_load_service_vars () {
+	pp_service_init_vars
+	. "$pp_wrkdir/%service.$1"
+	pp_service_check_vars "$1"
+}
+
+pp_files_expand () {
+    typeset _p _mode _group _owner _flags _path _optional _has_target _tree
+    typeset _path _file _tgt _m _o _g _f _type _lm _ll _lo _lg _ls _lx
+    typeset _ignore _a
+
+    test $# -eq 0 && return
+
+    pp_debug "pp_files_expand: path is: $1"
+
+    case "$1" in "#"*) return;; esac
+    _p="$1"; shift
+
+    pp_debug "pp_files_expand: other arguments: $*"
+
+    #-- the mode must be an octal number of at least three digits
+    _mode="="
+    _a=`eval echo \"$1\"`
+    case "$_a" in
+	*:*) :;;
+	-|=|[01234567][01234567][01234567]*) _mode="$_a"; shift;;
+    esac
+
+    #-- the owner:group field may have optional parts
+    _a=`eval echo \"$1\"`
+    case "$_a" in
+	*:*) _group=${_a#*:}; _owner=${_a%:*}; shift;;
+	=|-) _group=$_a;      _owner=$_a; shift;;
+	*)   _group=;         _owner=;;
+    esac
+
+    #-- process the flags argument
+    _flags=
+    _optional=false
+    _has_target=false
+    _ignore=false
+    if test $# -gt 0; then
+        _a=`eval echo \"$1\"`
+	case ",$_a," in *,volatile,*) _flags="${_flags}v";; esac
+	case ",$_a," in *,optional,*) _optional=true;; esac
+	case ",$_a," in *,symlink,*) _has_target=true;; esac
+	case ",$_a," in *,ignore-others,*) _flags="${_flags}i";; esac
+	case ",$_a," in *,ignore,*) _ignore=true;; esac
+	shift
+    fi
+
+    #-- process the target argument
+    if $_has_target; then
+	test $# -ne 0 || pp_error "$_p: missing target"
+	_a=`eval echo \"$1\"`
+	_target="$_a"
+	shift
+    fi
+
+    pp_debug "pp_files_expand: $_mode|$_owner:$_group|$_flags|$_target|$*"
+
+    test $# -eq 0 || pp_error "$_p: too many arguments"
+
+    #-- process speciall suffixes
+    tree=
+    case "$_p" in
+        *"/**")  _p="${_p%"/**"}"; tree="**";;
+        *".%so") _p="${_p%".%so"}$pp_shlib_suffix";;
+    esac
+
+    #-- expand the path using the shell glob
+    pp_debug "expanding .$_p ... with $pp_expand_path"
+    (cd ${pp_destdir} && $pp_expand_path ".$_p") > $pp_wrkdir/tmp.files.exp
+
+    #-- expand path/** by rewriting the glob output file
+    case "$tree" in
+        "") : ;;
+        "**")
+            pp_debug "expanding /** tree ..."
+            while read _path; do
+                _path="${_path#.}"
+                pp_find_recurse "$pp_destdir${_path%/}"
+            done < $pp_wrkdir/tmp.files.exp |
+                 sort -u > $pp_wrkdir/tmp.files.exp2
+            mv $pp_wrkdir/tmp.files.exp2 $pp_wrkdir/tmp.files.exp
+            ;;
+    esac
+
+    while read _path; do
+	_path="${_path#.}"
+	_file="${pp_destdir}${_path}"
+	_tgt=
+	_m="$_mode"
+	_o="${_owner:--}"
+	_g="${_group:--}"
+	_f="$_flags"
+
+        case "$_path" in
+            /*) :;;
+            *)  pp_warn "$_path: inserting leading /"
+                _path="/$_path";;  # ensure leading /
+        esac
+
+        #-- sanity checks
+        case "$_path" in
+            */../*|*/..) pp_error "$_path: invalid .. in path";;
+            */./*|*/.)   pp_warn  "$_path: invalid component . in path";;
+            *//*)        pp_warn  "$_path: redundant / in path";;
+        esac
+
+	#-- set the type based on the real file's type
+        if $_ignore; then
+           _type=f _m=_ _o=_ _g=_
+	elif test -h "$_file"; then
+	   case "$_path" in
+		*/) pp_warn "$_path (symlink $_file): removing trailing /"
+		    _path="${_path%/}"
+		    ;;
+	   esac
+	   _type=s
+	   if test x"$_target" != x"=" -a -n "$_target"; then
+	       _tgt="$_target"
+pp_debug "symlink target is $_tgt"
+	   else
+	       _tgt=`pp_readlink "$_file"`;
+               test -z "$_tgt" && pp_error "can't readlink $_file"
+               case "$_tgt" in
+                    ${pp_destdir}/*)
+                       pp_warn "stripped \$destdir from symlink ($_path)"
+                       _tgt="${_tgt#$pp_destdir}";;
+               esac
+	   fi
+	   _m=777
+	elif test -d "$_file"; then
+	   #-- display a warning if the user forgot the trailing /
+	   case "$_path" in
+		*/) :;;
+		*) pp_warn "$_path (matching $_file): adding trailing /"
+		   _path="$_path/";;
+	   esac
+	   _type=d
+	   $_has_target && pp_error "$_file: not a symlink"
+	elif test -f "$_file"; then
+	   case "$_path" in
+		*/) pp_warn "$_path (matching $_file): removing trailing /"
+		    _path="${_path%/}"
+		    ;;
+	   esac
+	   _type=f
+	   $_has_target && pp_error "$_file: not a symlink"
+	else
+	   $_optional && continue
+	   pp_error "$_file: missing"
+	   _type=f
+	fi
+
+	#-- convert '=' shortcuts into mode/owner/group from ls
+	case ":$_m:$_o:$_g:" in *:=:*)
+	    if LS_OPTIONS=--color=never /bin/ls -ld "$_file" \
+		    > $pp_wrkdir/ls.tmp
+	    then
+                read _lm _ll _lo _lg _ls _lx < $pp_wrkdir/ls.tmp
+                test x"$_m" = x"=" && _m=`pp_mode_from_ls "$_lm"`
+                test x"$_o" = x"=" && _o="$_lo"
+                test x"$_g" = x"=" && _g="$_lg"
+            else
+                pp_error "cannot read $_file"
+                test x"$_m" = x"=" && _m=-
+                test x"$_o" = x"=" && _o=-
+                test x"$_g" = x"=" && _g=-
+            fi
+	    ;;
+	esac
+
+	test -n "$_f" || _f=-
+
+	#-- sanity checks
+	test -n "$_type" || pp_die "_type empty"
+	test -n "$_path" || pp_die "_path empty"
+	test -n "$_m" || pp_die "_m empty"
+	test -n "$_o" || pp_die "_o empty"
+	test -n "$_g" || pp_die "_g empty"
+
+	#-- setuid/gid files must be given an explicit owner/group (or =)
+	case "$_o:$_g:$_m" in
+	    -:*:[4657][1357]??|-:*:[4657]?[1357]?|-:*:[4657]??[1357])
+		pp_error "$_path: setuid file ($_m) missing explicit owner";;
+	    *:-:[2367][1357]??|*:-:[2367]?[1357]?|*:-:[2367]??[1357])
+		pp_error "$_path: setgid file ($_m) missing explicit group";;
+	esac
+
+	# convert numeric uids into usernames; only works for /etc/passwd
+	case "$_o" in [0-9]*) _o=`pp_getpwuid $_o`;; esac
+	case "$_g" in [0-9]*) _g=`pp_getgrgid $_g`;; esac
+
+	pp_debug "$_type $_m $_o $_g $_f $_path" $_tgt
+	$_ignore || echo "$_type $_m $_o $_g $_f $_path" $_tgt
+        pp_note_file_used "$_path"
+        case "$_f" in *i*) echo "$_path" >> $pp_wrkdir/ign.files;; esac
+    done < $pp_wrkdir/tmp.files.exp
+}
+
+pp_files_check_duplicates () {
+    typeset _path
+    if test -s $pp_wrkdir/all.files; then
+        sort < $pp_wrkdir/all.files | uniq -d > $pp_wrkdir/duplicate.files
+	if test -f $pp_wrkdir/ign.awk; then
+	    # Remove ignored files
+	    mv $pp_wrkdir/duplicate.files $pp_wrkdir/duplicate.files.ign
+	    sed -e 's/^/_ _ _ _ _ /' < $pp_wrkdir/duplicate.files.ign |
+		awk -f $pp_wrkdir/ign.awk |
+		sed -e 's/^_ _ _ _ _ //' > $pp_wrkdir/duplicate.files
+	fi
+        while read _path; do
+            pp_warn "$_path: file declared more than once"
+        done <$pp_wrkdir/duplicate.files
+    fi
+}
+
+pp_files_check_coverage () {
+    pp_find_recurse "$pp_destdir" | sort > $pp_wrkdir/coverage.avail
+    if test -s $pp_wrkdir/all.files; then
+        sort -u < $pp_wrkdir/all.files
+    else
+        :
+    fi > $pp_wrkdir/coverage.used
+    join -v1 $pp_wrkdir/coverage.avail $pp_wrkdir/coverage.used \
+        > $pp_wrkdir/coverage.not-packaged
+    if test -s $pp_wrkdir/coverage.not-packaged; then
+        pp_warn "The following files/directories were found but not packaged:"
+        sed -e 's,^,    ,' <  $pp_wrkdir/coverage.not-packaged >&2
+    fi
+    join -v2 $pp_wrkdir/coverage.avail $pp_wrkdir/coverage.used \
+        > $pp_wrkdir/coverage.not-avail
+    if test -s $pp_wrkdir/coverage.not-avail; then
+        pp_warn "The following files/directories were named but not found:"
+        sed -e 's,^,    ,' <  $pp_wrkdir/coverage.not-avail >&2
+    fi
+}
+
+pp_files_ignore_others () {
+    typeset p f
+
+    test -s $pp_wrkdir/ign.files || return
+
+    #-- for each file in ign.files, we remove it from all the
+    #   other %files.* lists, except where it has an i flag.
+    #   rather than scan each list multiple times, we build
+    #   an awk script
+
+    pp_debug "stripping ignore files"
+
+    while read p; do
+        echo '$6 == "'"$p"'" && $5 !~ /i/ { next }'
+    done < $pp_wrkdir/ign.files > $pp_wrkdir/ign.awk
+    echo '{ print }' >> $pp_wrkdir/ign.awk
+
+    $pp_opt_debug && cat $pp_wrkdir/ign.awk
+
+    for f in $pp_wrkdir/%files.*; do
+	mv $f $f.ign
+        awk -f $pp_wrkdir/ign.awk < $f.ign > $f || pp_error "awk"
+    done
+}
+
+pp_service_scan_groups () {
+    typeset svc
+
+    #-- scan for "group" commands, and build a list of groups
+    pp_service_groups=
+    if test -n "$pp_services"; then
+        for svc in $pp_services; do
+	    group=
+	    . $pp_wrkdir/%service.$svc
+	    if test -n "$group"; then
+		pp_contains "$pp_services" "$group" && pp_error \
+		    "%service $svc: group name $group in use by a service"
+		pp_add_to_list 'pp_service_groups' "$group"
+		echo "$svc" >> $pp_wrkdir/%svcgrp.$group
+	    fi
+        done
+    fi
+}
+
+pp_service_get_svc_group () {
+    (tr '\012' ' ' < $pp_wrkdir/%svcgrp.$1 ; echo) | sed -e 's/ $//'
+}
+
+for _sufx in _init '' _names _cleanup _install_script \
+    _init_svc_vars _function _probe _vas_platforms
+do
+ eval "pp_backend$_sufx () { pp_debug pp_backend$_sufx; pp_backend_\${pp_platform}$_sufx \"\$@\"; }"
+done
+
+
+pp_platforms="$pp_platforms aix"
+
+pp_backend_aix_detect () {
+	test x"$1" = x"AIX"
+}
+
+pp_backend_aix_init () {
+        pp_aix_detect_arch
+        pp_aix_detect_os
+
+	pp_aix_bosboot=		# components that need bosboot
+	pp_aix_lang=en_US
+	pp_aix_copyright=
+        pp_aix_start_services_after_install=false
+        pp_aix_init_services_after_install=true
+
+        case "$pp_aix_os" in
+            *) pp_readlink_fn=pp_ls_readlink;;  # XXX
+        esac
+
+	pp_aix_abis_seen=
+}
+
+pp_aix_detect_arch () {
+	pp_aix_arch_p=`uname -p 2>/dev/null`
+	case "$pp_aix_arch_p"  in
+	   "")      pp_debug "can't get processor type from uname -p"
+                    pp_aix_arch_p=powerpc
+                    pp_aix_arch=R;;  # guess (lsattr -l proc0 ??)
+	   powerpc) pp_aix_arch=R;;
+	   *)       pp_aix_arch_p=intel
+                    pp_aix_arch=I;;  # XXX? verify
+	esac
+
+	case "`/usr/sbin/lsattr -El proc0 -a type -F value`" in
+	    PowerPC_POWER*) pp_aix_arch_std=ppc64;;
+	    PowerPC*) pp_aix_arch_std=ppc;;
+	    *) pp_aix_arch_std=unknown;;
+	esac
+}
+
+pp_aix_detect_os () {
+        typeset r v
+
+        r=`uname -r`
+        v=`uname -v`
+        pp_aix_os=aix$v$r
+}
+
+pp_aix_version_fix () {
+    typeset v
+    v=`echo $1 | tr -c -d '[0-9].\012'`
+    if test x"$v" != x"$1"; then
+        pp_warn "stripped version '$1' to '$v'"
+    fi
+    case $v in
+        ""|*..*|.*|*.) pp_error "malformed '$1'"
+                 echo "0.0.0.0";;
+        *.*.*.*.*)
+                 # 5 components are only valid for fileset updates, not base
+                 # filesets (full packages). We trim 5+ components down to 4.
+                 pp_warn "version '$1' has too many dots for AIX, truncating"
+                 echo "$v" | cut -d. -f1-4;;
+        *.*.*.*) echo "$v";;
+        *.*.*) echo "$v.0";;
+        *.*) echo "$v.0.0";;
+        *) echo "$v.0.0.0";;
+    esac
+}
+
+pp_aix_select () {
+	case "$1" in
+	    -user) op="";;
+	    -root) op="!";;
+	    *) pp_die "pp_aix_select: bad argument";;
+	esac
+	#pp_debug awk '$5 '$op' /^\/(usr|opt)(\/|$)/ { print; }'
+	#awk '$5 '$op' /^\/(usr|opt)(\/|$)/ { print; }'
+	awk $op'($6 ~ /^\/usr\// || $6 ~ /^\/opt\//) { print; }'
+}
+
+pp_aix_copy_root () {
+    typeset t m o g f p st target
+    while read t m o g f p st; do
+        case "$t" in
+           d) pp_create_dir_if_missing "$1${p%/}";;
+           f) pp_add_transient_file "$1$p"
+	      pp_verbose ln "$pp_destdir$p" "$pp_destdir$1$p" ||
+		pp_error "can't link $p into $1";;
+           *) pp_warn "pp_aix_copy_root: filetype $t not handled";;
+        esac
+    done
+}
+
+
+pp_aix_size () {
+    typeset prefix t m o g f p st
+
+    prefix="$1"
+    while read t m o g f p st; do
+      case "$t" in f) du -a "$pp_destdir$p";; esac
+    done | sed -e 's!/[^/]*$!!' | sort +1 |
+    awk '{ if ($2 != d)
+           { if (sz) print d,sz;
+             d=$2; sz=0 }
+           sz += $1; }
+         END { if (sz) print d,sz }' |
+    sed -n -e "s!^$pp_destdir!$prefix!p"
+}
+
+pp_aix_list () {
+    awk '{ print "." pfx $6; }' pfx="$1"
+}
+
+pp_aix_make_liblpp () {
+    typeset out dn fl f
+
+    out="$1"; shift
+    dn=`dirname "$2"`
+    fl=
+    for f
+    do
+	case "$f" in "$dn/"*) fl="$fl `basename $f`" ;;
+		     *) pp_die "liblpp name $f not in $dn/";; esac
+    done
+    (cd "$dn" && pp_verbose  ar -c -g -r "$out" $fl) || pp_error "ar error"
+}
+
+pp_aix_make_script () {
+    rm -f "$1"
+    echo "#!/bin/sh" > "$1"
+    cat >> "$1"
+    echo "exit 0" >> "$1"
+    chmod +x "$1"
+}
+
+pp_aix_inventory () {
+    typeset fileset t m o g f p st type
+
+    fileset="$1"
+    while read t m o g f p st; do
+      case "$p" in *:*) pp_error "path $p contains colon";; esac
+      echo "$p:"
+      case "$t" in
+	f)   type=FILE;      defm=644 ;;
+	s)   type=SYMLINK;   defm=777 ;;
+	d)   type=DIRECTORY; defm=755 ;;
+      esac
+      echo " type = $type"
+      echo " class = inventory,apply,$fileset"
+      set -- `/bin/ls -ld "$pp_destdir$p" 2>/dev/null`
+      owner=$3 group=$4 size=$5
+      if test x"$m" = x"-"; then m="$defm"; fi
+      if test x"$o" = x"-"; then o="root"; fi
+      if test x"$g" = x"-"; then g="system"; fi
+      echo " owner = $o"
+      echo " group = $g"
+
+      case "$m" in ????)
+	m=`echo $m|sed -e 's/^1/TCB,/' \
+		       -e 's/^[23]/TCB,SGID,/' \
+		       -e 's/^[45]/TCB,SUID,/' \
+		       -e 's/^[67]/TCB,SUID,SGID,/'`;;  # vtx bit ignored
+      esac
+      echo " mode = $m"
+      case "$t" in
+	f) if test ! -f "$pp_destdir$p"; then
+		pp_error "$p: missing file"
+	   fi
+	   case "$flags" in
+	    *v*)
+	      echo " size = VOLATILE"
+	      echo " checksum = VOLATILE"
+	      ;;
+	    *)
+	      if test -r "$pp_destdir$p"; then
+	        echo " size = $size"
+                pp_verbose  sum -r < "$pp_destdir$p" |
+	      	  sed -e 's/.*/ checksum = "&"/'
+	      fi
+	      ;;
+	   esac;;
+	s)
+	   echo " target = $st"
+	   ;;
+      esac
+
+      #-- Record ABI types seen
+      case "$t" in
+        f) if test -r "$pp_destdir$p"; then
+	    case "`file "$pp_destdir$p"`" in
+		*"executable (RISC System/6000)"*) abi=ppc;;
+		*"64-bit XCOFF executable"*)       abi=ppc64;;
+		*) abi=;;
+	    esac
+	    if test -n "$abi"; then
+		pp_add_to_list pp_aix_abis_seen $abi
+	    fi
+	   fi;;
+      esac
+
+    done
+}
+
+pp_aix_depend ()
+{
+    if test -s "$1"; then
+       pp_warn "aix dependencies not implemented"
+    fi
+}
+
+pp_aix_add_service () {
+	typeset svc cmd_cmd cmd_arg f
+	svc="$1"
+
+	pp_load_service_vars $svc
+
+	set -- $cmd
+	cmd_cmd="$1"; shift
+	cmd_arg="$pp_aix_mkssys_cmd_args";
+
+	case "$stop_signal" in
+		HUP) stop_signal=1;;
+		INT) stop_signal=2;;
+		QUIT) stop_signal=3;;
+		KILL) stop_signal=9;;
+		TERM) stop_signal=15;;
+		USR1) stop_signal=30;;
+		USR2) stop_signal=31;;
+		"")
+		  pp_error "%service $svc: stop_signal not set";;
+		[a-zA-Z]*)
+		  pp_error "%service $svc: bad stop_signal ($stop_signal)";;
+	esac
+
+	test -z "$pidfile" || pp_error "aix requires empty pidfile (non daemon)"
+
+	pp_add_component run
+	if test "$user" = "root"; then
+	    uid=0
+	else
+            uid="\"\`/usr/bin/id -u $user\`\""
+	fi
+
+
+        #-- add command text to create/remove the service
+	cat <<-. >> $pp_wrkdir/%post.$svc
+svc=$svc
+uid=0
+cmd_cmd=$daemon
+cmd_arg="$cmd_arg"
+stop_signal=$stop_signal
+force_signal=9
+srcgroup="$pp_aix_mkssys_group"
+
+lssrc -s \$svc > /dev/null 2>&1
+if [ \$? -eq 0 ]; then
+  lssrc -s \$svc | grep "active" > /dev/null 2>&1
+  if [ \$? -eq 0 ]; then
+    stopsrc -s \$svc > /dev/null 2>&1
+  fi
+  rmsys -s \$svc > /dev/null 2>&1
+fi
+
+mkssys -s \$svc -u \$uid -p "\$cmd_cmd" \${cmd_arg:+-a "\$cmd_arg"} -S -n \$stop_signal -f 9 ${pp_aix_mkssys_args} \${srcgroup:+-G \$srcgroup}
+.
+
+        #-- add code to start the service on reboot
+        ${pp_aix_init_services_after_install} &&
+          cat <<-. >> $pp_wrkdir/%post.$svc
+mkitab "\$svc:2:once:/usr/bin/startsrc -s \$svc" > /dev/null 2>&1
+.
+
+	${pp_aix_start_services_after_install} &&
+          cat <<-. >> $pp_wrkdir/%post.$svc
+startsrc -s \$svc
+.
+
+if [ -f "$pp_wrkdir/%post.run" ];then
+    cat $pp_wrkdir/%post.run >> $pp_wrkdir/%post.$svc
+fi
+mv $pp_wrkdir/%post.$svc $pp_wrkdir/%post.run
+
+
+        ${pp_aix_init_services_after_install} &&
+           pp_prepend $pp_wrkdir/%preun.$svc <<-.
+rmitab $svc
+.
+	pp_prepend $pp_wrkdir/%preun.$svc <<-.
+stopsrc -s $svc >/dev/null 2>&1
+rmssys -s $svc
+.
+
+if [ -f "$pp_wrkdir/%preun.run" ];then
+    cat $pp_wrkdir/%preun.run >> $pp_wrkdir/%preun.$svc
+fi
+mv $pp_wrkdir/%preun.$svc $pp_wrkdir/%preun.run
+}
+
+pp_backend_aix () {
+        typeset briefex instuser instroot svc cmp outbff
+        typeset user_wrkdir root_wrkdir
+        typeset user_files root_files
+
+	test -n "$pp_destdir" ||
+	   pp_error "AIX backend requires the '--destdir' option"
+
+	instuser="/usr/lpp/$name"
+	instroot="$instuser/inst_root"
+	pp_aix_bff_name=${pp_aix_bff_name:-$name}
+
+	# Here is the component mapping:
+	#  run -> $pp_aix_bff_name.rte ('Run time environment')
+	#  doc -> $pp_aix_bff_name.doc (non-standard)
+	#  dev -> $pp_aix_bff_name.adt ('Application developer toolkit')
+	#  dbg -> $pp_aix_bff_name.diag ('Diagnostics')
+
+	test `echo "$summary" | wc -c ` -gt 40 && pp_error "\$summary too long"
+
+	user_wrkdir=$pp_wrkdir/u
+	root_wrkdir=$pp_wrkdir/r
+	pp_verbose  rm -rf $user_wrkdir $root_wrkdir
+	pp_verbose  mkdir -p $user_wrkdir $root_wrkdir
+
+	for svc in $pp_services .; do
+	    test . = "$svc" && continue
+            pp_aix_add_service $svc
+	done
+
+        {
+	  echo "4 $pp_aix_arch I $name {"
+
+	  for cmp in $pp_components; do
+	    case "$cmp" in
+		run) ex=rte  briefex="runtime";;
+		doc) ex=doc  briefex="documentation";;
+		dev) ex=adt  briefex="developer toolkit";;
+		dbg) ex=diag briefex="diagnostics";;
+	    esac
+
+	    user_files=$pp_wrkdir/%files.$cmp.u
+	    root_files=$pp_wrkdir/%files.$cmp.r
+
+	    pp_aix_select -user < $pp_wrkdir/%files.$cmp > $user_files
+	    pp_aix_select -root < $pp_wrkdir/%files.$cmp > $root_files
+
+            # Default to USR only unless there are root files,
+            # or a post/pre/check script associated
+	    content=U
+            if test -s $root_files \
+                    -o -s $pp_wrkdir/%pre.$cmp \
+                    -o -s $pp_wrkdir/%post.$cmp \
+                    -o -s $pp_wrkdir/%preun.$cmp \
+                    -o -s $pp_wrkdir/%check.$cmp
+            then
+                content=B
+            fi
+
+            if $pp_opt_debug; then
+                echo "$cmp USER %files:"
+                cat $user_files
+                echo "$cmp ROOT %files:"
+                cat $root_files
+            fi >&2
+
+	    bosboot=N; pp_contains_any "$pp_aix_bosboot" $cmp && bosboot=b
+
+            echo $pp_aix_bff_name.$ex \
+                 ${pp_aix_version:-`pp_aix_version_fix "$version"`} \
+	         1 $bosboot $content \
+	         $pp_aix_lang "$summary $briefex"
+	    echo "["
+
+	    pp_aix_depend $pp_wrkdir/%depend.$cmp
+
+	    echo "%"
+
+	    # generate per-directory size information
+	    pp_aix_size < $user_files
+	    pp_aix_size $instroot < $root_files
+
+	    pp_aix_list            < $user_files  > $user_wrkdir/$pp_aix_bff_name.$ex.al
+	    pp_aix_list $instroot  < $root_files >> $user_wrkdir/$pp_aix_bff_name.$ex.al
+	    pp_aix_list            < $root_files  > $root_wrkdir/$pp_aix_bff_name.$ex.al
+
+            if $pp_opt_debug; then
+                echo "$cmp USER $pp_aix_bff_name.$ex.al:"
+                cat $user_wrkdir/$pp_aix_bff_name.$ex.al
+                echo "$cmp ROOT $pp_aix_bff_name.$ex.al:"
+                cat $root_wrkdir/$pp_aix_bff_name.$ex.al
+            fi >&2
+
+	    pp_aix_inventory $pp_aix_bff_name.$ex < $user_files \
+                                       > $user_wrkdir/$pp_aix_bff_name.$ex.inventory
+	    pp_aix_inventory $pp_aix_bff_name.$ex < $root_files \
+                                       > $root_wrkdir/$pp_aix_bff_name.$ex.inventory
+
+            if $pp_opt_debug; then
+                pp_debug "$cmp USER $pp_aix_bff_name.$ex.inventory:"
+                cat $user_wrkdir/$pp_aix_bff_name.$ex.inventory
+                pp_debug "$cmp ROOT $pp_aix_bff_name.$ex.inventory:"
+                cat $root_wrkdir/$pp_aix_bff_name.$ex.inventory
+            fi >&2
+
+	    if test x"" != x"${pp_aix_copyright:-$copyright}"; then
+	        echo "${pp_aix_copyright:-$copyright}" > $user_wrkdir/$pp_aix_bff_name.$ex.copyright
+	        echo "${pp_aix_copyright:-$copyright}" > $root_wrkdir/$pp_aix_bff_name.$ex.copyright
+	    fi
+
+	    #-- assume that post/pre uninstall scripts only make
+	    #   sense when installed in a root context
+
+	    if test -r $pp_wrkdir/%pre.$cmp; then
+			pp_aix_make_script $user_wrkdir/$pp_aix_bff_name.$ex.pre_i \
+                < $pp_wrkdir/%pre.$cmp
+	    fi
+
+	    if test -r $pp_wrkdir/%post.$cmp; then
+		pp_aix_make_script $root_wrkdir/$pp_aix_bff_name.$ex.post_i \
+			< $pp_wrkdir/%post.$cmp
+	    fi
+
+	    if test -r $pp_wrkdir/%preun.$cmp; then
+		pp_aix_make_script $root_wrkdir/$pp_aix_bff_name.$ex.unpost_i \
+			< $pp_wrkdir/%preun.$cmp
+	    fi
+
+	    # remove empty files
+	    for f in $user_wrkdir/$pp_aix_bff_name.$ex.* $root_wrkdir/$pp_aix_bff_name.$ex.*; do
+	      if test ! -s "$f"; then
+                pp_debug "removing empty $f"
+                rm -f "$f"
+              fi
+	    done
+
+	    # copy/link the root files so we can do an easy backup later
+	    pp_aix_copy_root $instroot < $root_files
+
+	    echo "%"
+	    echo "]"
+	  done
+	  echo "}"
+	} > $pp_wrkdir/lpp_name
+
+        if $pp_opt_debug; then
+            echo "/lpp_name :"
+            cat $pp_wrkdir/lpp_name
+        fi >&2
+
+        #-- copy the /lpp_name file to the destdir
+        pp_add_transient_file /lpp_name
+        cp $pp_wrkdir/lpp_name $pp_destdir/lpp_name
+
+        #-- copy the liblpp.a files under destdir for packaging
+	(cd $user_wrkdir && pp_verbose  ar -c -g -r liblpp.a $name.*) ||
+		pp_error "ar error"
+	if test -s $user_wrkdir/liblpp.a; then
+           pp_add_transient_file $instuser/liblpp.a
+	   pp_verbose cp $user_wrkdir/liblpp.a $pp_destdir$instuser/liblpp.a ||
+		pp_error "cannot create user liblpp.a"
+	fi
+	(cd $root_wrkdir && pp_verbose  ar -c -g -r liblpp.a $name.*) ||
+		pp_error "ar error"
+	if test -s $root_wrkdir/liblpp.a; then
+           pp_add_transient_file $instroot/liblpp.a
+	   pp_verbose cp $root_wrkdir/liblpp.a $pp_destdir$instroot/liblpp.a ||
+		pp_error "cannot create root liblpp.a"
+	fi
+
+        { echo ./lpp_name
+	  test -s $user_wrkdir/liblpp.a && echo .$instuser/liblpp.a
+	  test -s $root_wrkdir/liblpp.a && echo .$instroot/liblpp.a
+	  cat $user_wrkdir/$name.*.al   # includes the relocated root files!
+	} > $pp_wrkdir/bff.list
+
+	if test -n "$pp_aix_abis_seen" -a x"$pp_aix_arch_std" = x"auto"; then
+	    case "$pp_aix_abis_seen" in
+		"ppc ppc64"|"ppc64 ppc")
+		    pp_aix_arch_std=ppc64
+		    ;;
+		ppc|ppc64)
+		    pp_aix_arch_std=$pp_aix_abis_seen
+		    ;;
+		*" "*)
+		    pp_warn "multiple architectures detected: $pp_aix_abis_seen"
+		    pp_aix_arch_std=unknown
+		    ;;
+		"")
+		    pp_warn "no binary executables detected; using noarch"
+		    pp_aix_arch_std=noarch
+		    ;;
+		*)
+		    pp_warn "unknown architecture detected $pp_aix_abis_seen"
+		    pp_aix_arch_std=$pp_aix_abis_seen
+		    ;;
+	    esac
+	fi
+
+	. $pp_wrkdir/%fixup
+
+        outbff=`pp_backend_aix_names`
+        pp_debug "creating: $pp_wrkdir/$outbff"
+	(cd $pp_destdir && pp_verbose  /usr/sbin/backup -i -q -p -f -) \
+          < $pp_wrkdir/bff.list \
+	  > $pp_wrkdir/$outbff || pp_error "backup failed"
+        ${SUDO:-sudo} /usr/sbin/installp -l -d $pp_wrkdir/$outbff
+}
+
+pp_backend_aix_cleanup () {
+    :
+}
+
+pp_backend_aix_names () {
+	echo "$name.${pp_aix_version:-`pp_aix_version_fix "$version"`}.bff"
+}
+
+pp_backend_aix_install_script () {
+	typeset pkgname platform
+        #
+        # The script should take a first argument being the
+        # operation; further arguments refer to components or services
+        #
+        # list-components           -- lists components in the pkg
+        # install component...      -- installs the components
+        # uninstall component...    -- uninstalles the components
+        # list-services             -- lists the services in the pkg
+        # start service...          -- starts the name service
+        # stop service...           -- stops the named services
+        # print-platform            -- prints the platform group
+        #
+        pkgname="`pp_backend_aix_names`"
+	platform="`pp_backend_aix_probe`"   # XXX should be derived from files
+
+        fsets=
+        for cmp in $pp_components; do
+	    case "$cmp" in
+		run) ex=rte;;
+		doc) ex=doc;;
+		dev) ex=adt;;
+		dbg) ex=diag;;
+	    esac
+            fsets="$fsets $name.$ex"
+        done
+
+        echo '#!/bin/sh'
+        pp_install_script_common
+
+        cat <<-.
+
+            cpt_to_fileset () {
+                test x"\$*" = x"all" &&
+                    set -- $pp_components
+                for cpt
+                do
+                    case "\$cpt" in
+                        run) echo "$name.rte";;
+                        doc) echo "$name.doc";;
+                        dev) echo "$name.adt";;
+                        dbg) echo "$name.diag";;
+                        *) usage;;
+                    esac
+                done
+            }
+
+	    test \$# -eq 0 && usage
+            op="\$1"; shift
+
+            case "\$op" in
+                list-components)
+                    test \$# -eq 0 || usage \$op
+                    echo "$pp_components"
+                    ;;
+                list-services)
+                    test \$# -eq 0 || usage \$op
+                    echo "$pp_services"
+                    ;;
+                list-files)
+                    test \$# -ge 1 || usage \$op
+                    echo \${PP_PKGDESTDIR:-.}/$pkgname
+                    ;;
+                install)
+                    test \$# -ge 1 || usage \$op
+                    verbose /usr/sbin/installp -acX -V0 -F \
+                        -d \${PP_PKGDESTDIR:-.}/$pkgname \
+                        \`cpt_to_fileset "\$@"\`
+                    ;;
+                uninstall)
+                    test \$# -ge 1 || usage \$op
+                    verbose /usr/sbin/installp -u -e/dev/null \
+			-V0 \`cpt_to_fileset "\$@"\`
+                    ;;
+                start|stop)
+                    test \$# -ge 1 || usage \$op
+                    ec=0
+                    for svc
+                    do
+                        verbose \${op}src -s \$svc || ec=1
+                    done
+                    exit \$ec
+                    ;;
+                print-platform)
+                    echo "$platform"
+		    ;;
+                *)
+                    usage;;
+            esac
+.
+}
+
+pp_backend_aix_init_svc_vars () {
+    :
+}
+
+pp_backend_aix_probe () {
+	echo "${pp_aix_os}-${pp_aix_arch_std}"
+}
+
+pp_backend_aix_vas_platforms () {
+    case "${pp_aix_arch_std}" in
+	ppc*)	:;;
+	*)	pp_die "unknown architecture ${pp_aix_arch_std}";;
+    esac
+    case "${pp_aix_os}" in
+	aix43)	echo "aix-43";;
+	aix51)	echo "aix-51 aix-43";;
+	aix52)	echo "aix-51 aix-43";;
+	aix53)	echo "aix-53 aix-51 aix-43";;
+	aix61)	echo "aix-53 aix-51 aix-43";;
+	*)	pp_die "unknown system ${pp_aix_os}";;
+    esac
+}
+pp_backend_aix_function () {
+    case $1 in
+    pp_mkgroup) cat <<'.';;
+            /usr/sbin/lsgroup "$1" >/dev/null &&
+		return 0
+	    echo "Creating group $1"
+            /usr/bin/mkgroup -A "$1"
+.
+    pp_mkuser:depends) echo pp_mkgroup;;
+    pp_mkuser) cat <<'.';;
+            /usr/sbin/lsuser "$1" >/dev/null &&
+	        return 0
+	    pp_mkgroup "${2:-$1}" || return 1
+	    echo "Creating user $1"
+	    /usr/bin/mkuser \
+	        login=false \
+	        rlogin=false \
+		account_locked=true \
+		home="${3:-/nohome.$1}" \
+		pgrp="${2:-$1}" \
+		"$1"
+.
+    pp_havelib) cat <<'.';;
+            case "$2" in
+                "")    pp_tmp_name="lib$1.so";;
+                *.*.*) pp_tmp_name="lib$1.so.$2";;
+                *.*)   pp_tmp_name="lib$1.so.$2.0";;
+                *)     pp_tmp_name="lib$1.so.$2";;
+            esac
+            for pp_tmp_dir in `echo "/usr/lib:/lib${3:+:$3}" | tr : ' '`; do
+                test -r "$pp_tmp_dir/$pp_tmp_name" -a \
+		    -r "$pp_tmp_dir/lib$1.so" && return 0
+            done
+            return 1
+.
+    *) false;;
+    esac
+}
+
+pp_platforms="$pp_platforms sd"
+
+pp_backend_sd_detect () {
+    test x"$1" = x"HP-UX"
+}
+
+pp_backend_sd_init () {
+    pp_sd_sudo=
+    pp_sd_startlevels=2
+    pp_sd_stoplevels=auto
+    pp_sd_config_file=
+    pp_sd_vendor=
+    pp_sd_vendor_tag=Quest
+    pp_sd_default_start=1           # config_file default start value
+
+    pp_readlink_fn=pp_ls_readlink   # HPUX has no readlink
+
+    pp_sd_detect_os
+}
+
+pp_sd_detect_os () {
+    typeset revision
+
+    revision=`uname -r`
+    pp_sd_os="${revision#?.}"
+    test -z "$pp_sd_os" &&
+        pp_warn "cannot detect OS version"
+    pp_sd_os_std="hpux`echo $pp_sd_os | tr -d .`"
+
+    case "`uname -m`" in
+	9000/[678]??) pp_sd_arch_std=hppa;;
+	ia64) pp_sd_arch_std=ia64;;
+	*) pp_sd_arch_std=unknown;;
+    esac
+}
+
+pp_sd_write_files () {
+    typeset t m o g f p st line dm
+    while read t m o g f p st; do
+        line="                file"
+        case "$f" in *v*) line="$line -v";; esac    # FIXME for uninstall
+        case $t in
+            f) dm=644;;
+            d) line="$line -t d"; p=${p%/}; dm=755;;
+            s) line="$line -t s";;
+        esac
+
+        test x"$o" = x"-" && o=root
+        test x"$g" = x"-" && g=sys
+        test x"$m" = x"-" && m=$dm
+
+        case $t in
+            s) echo "$line $st $p";;
+            *) echo "$line -o $o -g $g -m $m $pp_destdir$p $p";;
+        esac
+
+    done
+}
+
+pp_sd_service_group_script () {
+    typeset grp svcs scriptpath out
+    grp="$1"
+    svcs="$2"
+    scriptpath="/sbin/init.d/$grp"
+    out="$pp_destdir$scriptpath"
+
+    pp_add_file_if_missing $scriptpath run 755 || return 0
+
+    cat <<-. > $out
+	#!/sbin/sh
+	# generated by pp $pp_version
+	svcs="$svcs"
+.
+
+    cat <<-'.' >> $out
+        #-- starts services in order.. stops them all if any break
+        pp_start () {
+            undo=
+            for svc in $svcs; do
+                /sbin/init.d/$svc start
+		case $? in
+		  0|4)
+		    undo="$svc $undo"
+		    ;;
+		  *)
+                    if test -n "$undo"; then
+                        for svc in $undo; do
+                           /sbin/init.d/$svc stop
+                        done
+                        return 1
+                    fi
+		    ;;
+                esac
+            done
+            return 0
+        }
+
+        #-- stops services in reverse
+        pp_stop () {
+            reverse=
+            for svc in $svcs; do
+                reverse="$svc $reverse"
+            done
+            rc=0
+            for svc in $reverse; do
+                /sbin/init.d/$svc stop || rc=$?
+            done
+            return $rc
+        }
+
+        case $1 in
+            start_msg) echo "Starting $svcs";;
+            stop_msg)  echo "Stopping $svcs";;
+	    start)     pp_start;;
+	    stop)      pp_stop;;
+            *)	       echo "usage: $0 {start|stop|start_msg|stop_msg}"
+                       exit 1;;
+        esac
+.
+}
+
+pp_sd_service_script () {
+    typeset svc config_file config_value scriptpath out
+
+    svc="$1"
+    scriptpath="/sbin/init.d/$svc"
+
+    config_file=${pp_sd_config_file:-/etc/rc.config.d/$svc}
+    sd_config_var=`echo run-$svc | tr '[a-z]-' '[A-Z]_'`
+    sd_config_value=${pp_sd_default_start:-0}
+    pp_load_service_vars "$svc"
+
+    test -n "$user" -a x"$user" != x"root" &&
+        cmd="SHELL=/usr/bin/sh /usr/bin/su $user -c \"exec `echo $cmd | sed -e 's,[$\\\`],\\&,g'`\""
+    if test -z "$pidfile"; then
+        pidfile="/var/run/$svc.pid"
+        cmd="$cmd & echo \$! > \$pidfile"
+    fi
+
+    pp_debug "config file is $config_file"
+
+    pp_add_file_if_missing $scriptpath run 755
+    pp_add_file_if_missing $config_file run 644 v
+
+    cat <<-. >> $pp_destdir$config_file
+
+	# Controls whether the $svc service is started
+	$sd_config_var=$sd_config_value
+.
+
+    if test ! -f $pp_destdir$scriptpath; then
+    cat <<-. > $pp_destdir$scriptpath
+	#!/sbin/sh
+	# generated by pp $pp_version
+
+	svc="$svc"
+	pidfile="$pidfile"
+	config_file="$config_file"
+
+	pp_start () {
+	    $cmd
+	}
+
+	pp_disabled () {
+	    test \${$sd_config_var:-0} -eq 0
+	}
+
+	pp_stop () {
+	    if test ! -s "$pidfile"; then
+		echo "Unable to stop $svc (no pid file)"
+		return 1
+	    else
+		read pid < "$pidfile"
+		if kill -0 "$pid" 2>/dev/null; then
+		    if kill -${stop_signal:-TERM} "$pid"; then
+			rm -f "$pidfile"
+			return 0
+		    else
+			echo "Unable to stop $svc"
+			return 1
+		    fi
+		else
+		    rm -f "$pidfile"
+		    return 0
+		fi
+	    fi
+	}
+
+	pp_running () {
+	    if test ! -s "$pidfile"; then
+		return 1
+	    else
+		read pid < "$pidfile"
+		kill -0 "$pid" 2>/dev/null
+	    fi
+	}
+
+	case $1 in
+	    start_msg) echo "Starting the $svc service";;
+	    stop_msg)  echo "Stopping the $svc service";;
+	    start)
+		    if test -f "$config_file"; then
+			. $config_file
+		    fi
+		    if pp_disabled; then
+			exit 2
+		    elif pp_running; then
+			echo "$svc already running";
+			exit 0
+		    elif pp_start; then
+			echo "$svc started";
+			# rc(1M) says we should exit 4, but nobody expects it!
+			exit 0
+		    else
+			exit 1
+		    fi;;
+	    stop)   if pp_stop; then
+			echo "$svc stopped";
+			exit 0
+		    else
+			exit 1
+		    fi;;
+	    *) echo "usage: $0 {start|stop|start_msg|stop_msg}"
+	       exit 1;;
+	esac
+.
+    fi
+}
+
+pp_sd_make_service () {
+        typeset level startpriority stoppriority startlevels stoplevels
+        typeset svc svcvar
+
+        svc="$1"
+	svcvar=`pp_makevar $svc`
+
+        # TODO: Figure out why this check is here
+        #-- don't do anything if the script exists
+        #if test -s "$pp_destdir/sbin/init.d/$svc"; then
+        #    pp_error "$pp_destdir/sbin/init.d/$svc exists"
+        #    return
+        #fi
+
+        # symlink the script, depending on the priorities chosen
+        eval startpriority='${pp_sd_startpriority_'$svcvar'}'
+        eval stoppriority='${pp_sd_stoppriority_'$svcvar'}'
+        test -z "$startpriority" && startpriority="${pp_sd_startpriority:-50}"
+        test -z "$stoppriority" && stoppriority="${pp_sd_stoppriority:-50}"
+
+        eval startlevels='${pp_sd_startlevels_'$svcvar'}'
+        test -z "$startlevels" && startlevels="$pp_sd_startlevels"
+
+        eval stoplevels='${pp_sd_stoplevels_'$svcvar'}'
+        test -z "$stoplevels" && stoplevels="$pp_sd_stoplevels"
+
+        # create the script and config file
+        pp_sd_service_script $svc
+
+        # fix the priority up
+        case "$startpriority" in
+            ???) :;;
+            ??) startpriority=0$startpriority;;
+            ?) startpriority=00$startpriority;;
+        esac
+        case "$stoppriority" in
+            ???) :;;
+            ??) stoppriority=0$stoppriority;;
+            ?) stoppriority=00$stoppriority;;
+        esac
+
+        if test x"$stoplevels" = x"auto"; then
+            stoplevels=
+            test -z "$startlevels" || for level in $startlevels; do
+                stoplevels="$stoplevels `expr $level - 1`"
+            done
+        fi
+
+        # create the symlinks
+        test -z "$startlevels" || for level in $startlevels; do
+            echo "                file -t s" \
+                    "/sbin/init.d/$svc" \
+                    "/sbin/rc$level.d/S$startpriority$svc"
+        done
+        test -z "$stoplevels" || for level in $stoplevels; do
+            echo "                file -t s" \
+                    "/sbin/init.d/$svc" \
+                    "/sbin/rc$level.d/K$stoppriority$svc"
+        done
+}
+
+pp_sd_control () {
+    typeset ctrl script
+    typeset cpt
+
+    ctrl="$1"; shift
+    cpt="$1"; shift
+    script="$pp_wrkdir/control.$ctrl.$cpt"
+    cat <<. >$script
+.
+    cat "$@" >> $script
+    echo "exit 0" >> $script
+    /usr/bin/chmod +x $script
+    echo "                $ctrl $script"
+}
+
+pp_backend_sd () {
+    typeset psf cpt svc outfile
+
+    psf=$pp_wrkdir/psf
+
+    echo "depot" > $psf
+    echo "layout_version 1.0" >>$psf
+
+    #-- vendor
+    cat <<. >>$psf
+        vendor
+            tag             $pp_sd_vendor_tag
+            title           "${pp_sd_vendor:-$vendor}"
+        end
+
+        product
+            tag             $name
+            revision        $version
+            vendor_tag      $pp_sd_vendor_tag
+            is_patch        false
+            title           "$summary"
+            copyright       "$copyright"
+            machine_type    *
+            os_name         HP-UX
+            os_release      ?.11.*
+            os_version      ?
+            directory       /
+            is_locatable    false
+.
+    test -n "$description" \
+        && echo $description > $pp_wrkdir/description \
+        && cat <<. >> $psf
+            description     < $pp_wrkdir/description
+.
+
+    # make convenience service groups
+    if test -n "$pp_service_groups"; then
+	for grp in $pp_service_groups; do
+	    pp_sd_service_group_script \
+		$grp "`pp_service_get_svc_group $grp`"
+	done
+    fi
+
+    for cpt in $pp_components; do
+        cat <<. >>$psf
+            fileset
+                tag             ${pp_sd_fileset_tag:-$cpt}
+                title           "${summary:-cpt}"
+                revision        $version
+.
+
+	#-- make sure services are shut down during uninstall
+        if test $cpt = run -a -n "$pp_services"; then
+            for svc in $pp_services; do
+                pp_prepend $pp_wrkdir/%preun.$cpt <<-.
+			/sbin/init.d/$svc stop
+.
+            done
+        fi
+
+        #-- we put the post/preun code into configure/unconfigure
+        # and not postinstall/preremove, because configure/unconfigure
+        # scripts are run on the hosts where the package is installed,
+        # not loaded (a subtle difference).
+        test -s $pp_wrkdir/%pre.$cpt &&
+            pp_sd_control checkinstall $cpt $pp_wrkdir/%pre.$cpt >> $psf
+        test -s $pp_wrkdir/%post.$cpt &&
+            pp_sd_control configure $cpt $pp_wrkdir/%post.$cpt >> $psf
+        test -s $pp_wrkdir/%preun.$cpt &&
+            pp_sd_control unconfigure $cpt $pp_wrkdir/%preun.$cpt >> $psf
+        test -s $pp_wrkdir/%postun.$cpt &&
+            pp_sd_control postremove $cpt $pp_wrkdir/%postun.$cpt >> $psf
+        test -s $pp_wrkdir/%check.$cpt &&
+            pp_sd_control checkinstall $cpt $pp_wrkdir/%check.$cpt >> $psf
+
+        if test $cpt = run -a -n "$pp_services"; then
+            for svc in $pp_services; do
+                #-- service names are 10 chars max on hpux
+                case "$svc" in ???????????*)
+                    pp_warn "service name '$svc' is too long for hpux";;
+                esac
+                pp_sd_make_service $svc >> $psf
+            done
+            #pp_sd_make_service_config
+        fi
+
+        pp_sd_write_files < $pp_wrkdir/%files.$cpt >> $psf
+
+        #-- end fileset clause
+        cat <<. >>$psf
+            end
+.
+
+    done
+
+    #-- end product clause
+    cat <<. >>$psf
+        end
+.
+
+    $pp_opt_debug && cat $psf >&2
+
+    test -s $pp_wrkdir/%fixup && . $pp_wrkdir/%fixup
+
+    outfile=`pp_backend_sd_names`
+    if pp_verbose ${pp_sd_sudo} /usr/sbin/swpackage \
+        -s $psf \
+        -x run_as_superuser=false \
+        -x media_type=tape \
+        @ $pp_wrkdir/$outfile
+    then
+        pp_verbose ${pp_sd_sudo} /usr/sbin/swlist -l file -s $pp_wrkdir/$outfile
+    else
+        pp_error "swpackage failed"
+    fi
+}
+
+pp_backend_sd_cleanup () {
+    :
+}
+
+pp_backend_sd_names () {
+    echo "$name-$version.$pp_sd_arch_std.depot"
+}
+
+pp_backend_sd_install_script () {
+    typeset pkgname platform
+
+    pkgname=`pp_backend_sd_names`
+    platform="`pp_backend_sd_probe`"
+
+    echo "#!/bin/sh"
+    pp_install_script_common
+    cat <<.
+
+        cpt_to_tags () {
+            test x"\$*" = x"all" && set -- $pp_components
+            for cpt
+            do
+                echo "$name.\$cpt"
+            done
+        }
+
+        test \$# -eq 0 && usage
+        op="\$1"; shift
+
+        case "\$op" in
+            list-components)
+                test \$# -eq 0 || usage \$op
+                echo "$pp_components"
+                ;;
+            list-services)
+                test \$# -eq 0 || usage \$op
+                echo "$pp_services"
+                ;;
+            list-files)
+                test \$# -ge 1 || usage \$op
+                echo \${PP_PKGDESTDIR:-.}/$pkgname
+                ;;
+            install)
+                test \$# -ge 1 || usage \$op
+                verbose /usr/sbin/swinstall -x verbose=0 \
+                    -s \${PP_PKGDESTDIR:-\`pwd\`}/$pkgname \
+                    \`cpt_to_tags "\$@"\`
+                ;;
+            uninstall)
+                test \$# -ge 1 || usage \$op
+                verbose /usr/sbin/swremove -x verbose=0 \
+                    \`cpt_to_tags "\$@"\`
+                ;;
+            start|stop)
+                test \$# -ge 1 || usage \$op
+                ec=0
+                for svc
+                do
+                    verbose /sbin/init.d/\$svc \$op
+                    [ \$? -eq 4 -o \$? -eq 0 ] || ec=1
+                done
+                exit \$ec
+                ;;
+            print-platform)
+		echo "$platform"
+		;;
+            *)
+                usage
+                ;;
+        esac
+.
+}
+
+pp_backend_sd_probe () {
+    echo "${pp_sd_os_std}-${pp_sd_arch_std}"
+}
+
+pp_backend_sd_vas_platforms () {
+    case "`pp_backend_sd_probe`" in
+	hpux*-hppa) echo hpux-pa;;
+	hpux*-ia64) echo hpux-ia64 hpux-pa;;
+	*)	    pp_die "unknown system `pp_backend_sd_probe`";;
+    esac
+}
+
+pp_backend_sd_init_svc_vars () {
+    :
+}
+pp_backend_sd_function () {
+    case $1 in
+        pp_mkgroup) cat <<'.';;
+	    /usr/sbin/groupmod "$1" 2>/dev/null ||
+		/usr/sbin/groupadd "$1"
+.
+        pp_mkuser:depends) echo pp_mkgroup;;
+        pp_mkuser) cat <<'.';;
+	    pp_mkgroup "${2:-$1}" || return 1
+	    /usr/sbin/useradd \
+		-g "${2:-$1}" \
+		-d "${3:-/nonexistent}" \
+		-s "${4:-/bin/false}" \
+		"$1"
+.
+        pp_havelib) cat <<'.';;
+            for pp_tmp_dir in `echo /usr/lib${3:+:$3} | tr : ' '`; do
+                test -r "$pp_tmp_dir/lib$1${2:+.$2}.sl" && return 0
+            done
+            return 1
+.
+        *) false;;
+    esac
+}
+
+pp_platforms="$pp_platforms solaris"
+
+pp_backend_solaris_detect () {
+	test x"$1" = x"SunOS"
+}
+
+pp_backend_solaris_init () {
+	pp_solaris_category=
+	pp_solaris_istates="s S 1 2 3"	# run-states when install is ok
+	pp_solaris_rstates="s S 1 2 3"	# run-states when remove is ok
+	pp_solaris_vendor=
+	pp_solaris_copyright=
+	pp_solaris_name=
+	pp_solaris_desc=
+	pp_solaris_package_arch=auto
+
+        pp_solaris_detect_os
+        pp_solaris_detect_arch
+
+        pp_solaris_init_svc
+
+        #-- readlink not reliably available on Solaris
+	pp_readlink_fn=pp_ls_readlink
+}
+
+pp_solaris_detect_os () {
+        typeset osrel
+
+        osrel=`/usr/bin/uname -r`
+        case "$osrel" in
+	    5.[0-6])	pp_solaris_os="sol2${osrel#5.}";;
+	    5.*)        pp_solaris_os="sol${osrel#5.}";;
+        esac
+        test -z "$pp_solaris_os" &&
+             pp_warn "can't determine OS suffix from uname -r"
+
+}
+
+pp_solaris_detect_arch () {
+	pp_solaris_arch=`/usr/bin/optisa amd64 sparcv9 i386 sparc`
+	[ -z "$pp_solaris_arch" ] &&
+	    pp_error "can't determine processor architecture"
+	case "$pp_solaris_arch" in
+	    amd64)   pp_solaris_arch_std=x86_64;;
+	    i386)    pp_solaris_arch_std=i386;;
+	    sparcv9) pp_solaris_arch_std=sparc64;;
+	    sparc)   pp_solaris_arch_std=sparc;;
+	    *)       pp_solaris_arch_std=unknown;;
+	esac
+}
+
+pp_solaris_is_request_script_necessary () {
+    typeset has_optional_services
+
+    has_optional_services=no
+    for _svc in $pp_services; do
+    	pp_load_service_vars $_svc
+	if test "$optional" = "yes"; then
+	    has_optional_services=yes
+	fi
+    done
+
+    # If the package has no optional services and only one component, don't
+    # create a request script at all.
+    if test "$has_optional_services" = "no" &&
+       test `echo $pp_components | wc -w` -eq 1; then
+	return 1 # no
+    fi
+
+    return 0 # yes
+}
+
+pp_solaris_request () {
+    typeset _cmp _svc
+
+    #-- The common part of the request script contains the ask() function
+    #   and resets the CLASSES list to empty
+    cat <<'.'
+	trap 'exit 3' 15
+	ask () {
+	   ans=`ckyorn -d "$1" \
+                -p "Do you want to $2"` \
+            || exit $?
+	   case "$ans" in y*|Y*) return 0;; *) return 1;; esac
+	}
+	CLASSES=
+.
+    #-- each of our components adds itself to the CLASSES list
+    for _cmp in $pp_components; do
+      case "$_cmp" in
+            run) :;;
+            doc) echo 'ask y "install the documentation files" &&';;
+            dev) echo 'ask y "install the development files" &&';;
+            dbg) echo 'ask n "install the diagnostic files" &&';;
+      esac
+      echo '    CLASSES="$CLASSES '$_cmp'"'
+    done
+
+    #-- the request script writes the CLASSES var to its output
+    cat <<'.'
+	echo "CLASSES=$CLASSES" > $1
+.
+
+    if test -n "$pp_services"; then
+        echo 'SERVICES='
+        for _svc in $pp_services; do
+	    pp_load_service_vars $_svc
+	    if test "$enable" = "yes"; then
+		_default_prompt=y
+	    else
+		_default_prompt=n
+	    fi
+	    if test "$optional" = "yes"; then
+		echo 'ask '$_default_prompt' "install '$_svc' service" &&'
+	    fi
+            echo '    SERVICES="$SERVICES '$_svc'"'
+        done
+        echo 'echo "SERVICES=$SERVICES" >> $1'
+    fi
+
+}
+
+pp_solaris_procedure () {
+    cat <<.
+
+        #-- $2 for $1 component of $name
+        case " \$CLASSES " in *" $1 "*)
+.
+    cat
+    cat <<.
+        ;; esac
+.
+}
+
+pp_solaris_depend () {
+    typeset _name _vers
+    while read _name _vers; do
+	if test -n "$_name"; then
+	    echo "P $_name $_name"
+	    test -n "$_vers" && echo " $_vers"
+	fi
+    done
+}
+
+pp_solaris_space() {
+    echo "$2:$3:$1" >> $pp_wrkdir/space.cumulative
+}
+
+pp_solaris_sum_space () {
+    if test -s $pp_wrkdir/space.cumulative; then
+        sort -t: +2 < $pp_wrkdir/space.cumulative |
+        awk -F: 'NR==1{n=$3}{if($3==n){b+=$1;i+=$2}else{print n" "b" "i;b=$1;i=$2;n=$3}}END{print n" "b" "i}' > $pp_wrkdir/space
+    fi
+}
+
+pp_solaris_proto () {
+	typeset t m o g f p st
+	typeset abi
+
+	while read t m o g f p st; do
+	  if test x"$o" = x"-"; then
+            o="root"
+          fi
+	  if test x"$g" = x"-"; then
+            g="bin"
+          fi
+	  case "$t" in
+	    f) test x"$m" = x"-" && m=444
+	       case "$f" in
+		*v*) echo "v $1 $p=$pp_destdir$p $m $o $g";;
+		*)   echo "f $1 $p=$pp_destdir$p $m $o $g";;
+	       esac
+	       if test -r "$pp_destdir$p"; then
+		  #-- Use file to record ABI types seen
+		  case "`file "$pp_destdir$p"`" in
+		    *"ELF 32"*80386*) abi=i386;;
+		    *"ELF 64"*AMD*) abi=x86_64;;
+		    *"ELF 32"*SPARC*) abi=sparc;;
+		    *"ELF 64"*SPARC*) abi=sparc64;;
+		    *) abi=;;
+		  esac
+		  if test -n "$abi"; then
+		    pp_add_to_list pp_solaris_abis_seen $abi
+		  fi
+	       fi
+               ;;
+	    d) test x"$m" = x"-" && m=555
+	       echo "d $1 $p $m $o $g"
+               ;;
+	    s) test x"$m" = x"-" && m=777
+               test x"$m" = x"777" ||
+                  pp_warn "$p: invalid mode $m for symlink, should be 777 or -"
+	       echo "s $1 $p=$st $m $o $g"
+               ;;
+	  esac
+	done
+}
+
+pp_backend_solaris () {
+        typeset _cmp _svc _grp
+
+	prototype=$pp_wrkdir/prototype
+	: > $prototype
+
+	pkginfo=$pp_wrkdir/pkginfo
+	: > $pkginfo
+	echo "i pkginfo=$pkginfo" >> $prototype
+
+        case "${pp_solaris_name:-$name}" in
+            [0-9]*)
+                pp_error "Package name '${pp_solaris_name:-$name}'" \
+                        "cannot start with a number"
+                ;;
+            ???????????????*)
+                pp_warn "Package name '${pp_solaris_name:-$name}'" \
+                        "too long for Solaris 2.6 or 2.7 (max 9 characters)"
+                ;;
+            ??????????*)
+                pp_warn "Package name '${pp_solaris_name:-$name}'" \
+                        "too long for 2.7 Solaris (max 9 characters)"
+                ;;
+        esac
+
+        #-- generate the package info file
+	echo "VERSION=$version" >> $pkginfo
+	echo "PKG=${pp_solaris_name:-$name}" >> $pkginfo
+	echo "CLASSES=$pp_components" >> $pkginfo
+	echo "BASEDIR=/" >> $pkginfo
+	echo "NAME=$name $version" >> $pkginfo
+	echo "CATEGORY=${pp_solaris_category:-application}" >> $pkginfo
+
+	desc="${pp_solaris_desc:-$description}"
+	test -n "$desc" &&
+	  echo "DESC=$desc" >> $pkginfo
+
+	test -n "$pp_solaris_rstates" &&
+	  echo "RSTATES=$pp_solaris_rstates" >> $pkginfo
+	test -n "$pp_solaris_istates" &&
+	  echo "ISTATES=$pp_solaris_istates" >> $pkginfo
+	test -n "${pp_solaris_vendor:-$vendor}" &&
+	  echo "VENDOR=${pp_solaris_vendor:-$vendor}" >> $pkginfo
+
+	if test -n "${pp_solaris_copyright:-$copyright}"; then
+	    echo "${pp_solaris_copyright:-$copyright}" > $pp_wrkdir/copyright
+	    echo "i copyright=$pp_wrkdir/copyright" >> $prototype
+	fi
+
+        #-- scripts to run before and after install
+        : > $pp_wrkdir/postinstall
+        : > $pp_wrkdir/preremove
+	for _cmp in $pp_components; do
+        #-- add the preinstall scripts in definition order
+        if test -s $pp_wrkdir/%pre.$_cmp; then
+            pp_solaris_procedure $_cmp preinst < $pp_wrkdir/%pre.$_cmp \
+                >> $pp_wrkdir/preinstall
+        fi
+        #-- add the postinstall scripts in definition order
+        if test -s $pp_wrkdir/%post.$_cmp; then
+            pp_solaris_procedure $_cmp postinst < $pp_wrkdir/%post.$_cmp \
+                >> $pp_wrkdir/postinstall
+        fi
+        #-- add the preremove rules in reverse definition order
+        if test -s $pp_wrkdir/%preun.$_cmp; then
+            pp_solaris_procedure $_cmp preremove < $pp_wrkdir/%preun.$_cmp |
+                    pp_prepend $pp_wrkdir/preremove
+        fi
+        #-- Add the check script in definition order
+        if test -s $pp_wrkdir/%check.$_cmp; then
+            pp_solaris_procedure $_cmp checkinstall \
+                        < $pp_wrkdir/%check.$_cmp \
+			>> $pp_wrkdir/checkinstall
+        fi
+        #-- All dependencies are merged together for Solaris pkgs
+        test -s $pp_wrkdir/%depend.$_cmp &&
+              pp_solaris_depend < $pp_wrkdir/%depend.$_cmp > $pp_wrkdir/depend
+	done
+
+
+	if pp_solaris_is_request_script_necessary; then
+	    pp_solaris_request > $pp_wrkdir/request
+	fi
+
+        test -n "$pp_services" &&
+            for _svc in $pp_services; do
+                pp_load_service_vars $_svc
+                pp_solaris_make_service $_svc
+                pp_solaris_install_service $_svc | pp_prepend $pp_wrkdir/postinstall
+                pp_prepend $pp_wrkdir/preremove <<-.
+                    /etc/init.d/$_svc stop >/dev/null 2>/dev/null
+.
+            done
+
+        test -n "$pp_service_groups" &&
+	    for _grp in $pp_service_groups; do
+		pp_solaris_make_service_group \
+		    $_grp "`pp_service_get_svc_group $_grp`"
+	    done
+
+        #-- if installf was used; we need to indicate a termination
+        grep installf $pp_wrkdir/postinstall >/dev/null &&
+            echo 'installf -f $PKGINST' >> $pp_wrkdir/postinstall
+
+        pp_solaris_sum_space
+
+        # NB: pkginfo and copyright are added earlier
+        for f in compver depend space checkinstall \
+                 preinstall request postinstall \
+                 preremove postremove; do
+            if test -s $pp_wrkdir/$f; then
+		case $f in
+		    *install|*remove|request)
+			# turn scripts into a proper shell scripts
+			mv $pp_wrkdir/$f $pp_wrkdir/$f.tmp
+			{ echo "#!/bin/sh";
+			  echo "# $f script for ${pp_solaris_name:-$name}-$version"
+			  cat $pp_wrkdir/$f.tmp
+			  echo "exit 0"; } > $pp_wrkdir/$f
+			chmod +x $pp_wrkdir/$f
+			rm -f $pp_wrkdir/$f.tmp
+			;;
+		esac
+                if $pp_opt_debug; then
+                    pp_debug "contents of $f:"
+                    cat $pp_wrkdir/$f >&2
+                fi
+                echo "i $f=$pp_wrkdir/$f" >> $prototype
+            fi
+        done
+
+        #-- create the prototype file which lists the files to install
+        # do this as late as possible because files could be added
+	pp_solaris_abis_seen=
+	for _cmp in $pp_components; do
+	  pp_solaris_proto $_cmp < $pp_wrkdir/%files.$_cmp
+	done >> $prototype
+
+	if test x"$pp_solaris_package_arch" = x"auto"; then
+	    if pp_contains "$pp_solaris_abis_seen" sparc64; then
+		pp_solaris_package_arch_std="sparc64"
+		echo "ARCH=sparcv9" >> $pkginfo
+	    elif pp_contains "$pp_solaris_abis_seen" sparc; then
+		pp_solaris_package_arch_std="sparc"
+		echo "ARCH=sparc" >> $pkginfo
+	    elif pp_contains "$pp_solaris_abis_seen" x86_64; then
+		pp_solaris_package_arch_std="x86_64"
+		echo "ARCH=amd64" >> $pkginfo
+	    elif pp_contains "$pp_solaris_abis_seen" i386; then
+		pp_solaris_package_arch_std="i386"
+		echo "ARCH=i386" >> $pkginfo
+	    else
+		pp_warn "No ELF files found: not supplying an ARCH type"
+		pp_solaris_package_arch_std="noarch"
+	    fi
+	else
+	    pp_solaris_package_arch_std="$pp_solaris_package_arch"
+	    echo "ARCH=$pp_solaris_package_arch" >> $pkginfo
+	fi
+
+	mkdir $pp_wrkdir/pkg
+
+	. $pp_wrkdir/%fixup
+
+if $pp_opt_debug; then
+  echo "$pkginfo::"; cat $pkginfo
+  echo "$prototype::"; cat $prototype
+fi >&2
+
+	pkgmk -a $pp_solaris_arch -d $pp_wrkdir/pkg \
+	      -f $prototype || { error "pkgmk failed"; return; }
+        pkgtrans -s $pp_wrkdir/pkg \
+		$pp_wrkdir/`pp_backend_solaris_names` \
+                ${pp_solaris_name:-$name} \
+		|| { error "pkgtrans failed"; return; }
+}
+
+pp_backend_solaris_cleanup () {
+	:
+}
+
+pp_backend_solaris_names () {
+	echo ${pp_solaris_name:-$name}-$version-${pp_solaris_package_arch_std:-$pp_solaris_arch}.pkg
+}
+
+pp_backend_solaris_install_script () {
+        typeset pkgname platform
+
+	platform="${pp_solaris_os:-solaris}-${pp_solaris_package_arch_std:-$pp_solaris_arch}"
+
+        echo "#! /sbin/sh"
+        pp_install_script_common
+        pkgname=`pp_backend_solaris_names`
+
+        cat <<.
+            tmpnocheck=/tmp/nocheck\$\$
+            tmpresponse=/tmp/response\$\$
+            trap 'rm -f \$tmpnocheck \$tmpresponse' 0
+
+            make_tmpfiles () {
+                cat <<-.. > \$tmpresponse
+                        CLASSES=\$*
+                        SERVICES=$pp_services
+..
+                cat <<-.. > \$tmpnocheck
+			mail=
+			instance=overwrite
+			partial=nocheck
+			runlevel=nocheck
+			idepend=nocheck
+			rdepend=nocheck
+			space=nocheck
+			setuid=nocheck
+			conflict=nocheck
+			action=nocheck
+			basedir=default
+..
+            }
+
+            test \$# -eq 0 && usage
+            op="\$1"; shift
+
+            case "\$op" in
+                list-components)
+                    test \$# -eq 0 || usage \$op
+                    echo "$pp_components"
+                    ;;
+                list-services)
+                    test \$# -eq 0 || usage \$op
+                    echo "$pp_services"
+                    ;;
+                list-files)
+                    test \$# -ge 1 || usage \$op
+                    echo \${PP_PKGDESTDIR:-.}/$pkgname
+                    ;;
+                install)
+                    test \$# -ge 1 || usage \$op
+                    make_tmpfiles "\$@"
+                    verbose /usr/sbin/pkgadd -n -d \${PP_PKGDESTDIR:-.}/$pkgname \
+                        -r \$tmpresponse \
+                        -a \$tmpnocheck \
+                        ${pp_solaris_name:-$name}
+                    ;;
+                uninstall)
+                    test \$# -ge 1 || usage \$op
+                    make_tmpfiles "\$@"
+                    verbose /usr/sbin/pkgrm -n \
+                        -a \$tmpnocheck \
+                        ${pp_solaris_name:-$name}
+                    ;;
+                start|stop)
+                    test \$# -ge 1 || usage \$op
+                    ec=0
+                    for svc
+                    do
+                        verbose /etc/init.d/\$svc \$op || ec=1
+                    done
+                    exit \$ec
+                    ;;
+                print-platform)
+		    echo "$platform"
+		    ;;
+                *)
+                    usage
+                    ;;
+            esac
+.
+}
+
+pp_solaris_dynlib_depend () {
+	xargs ldd 2>/dev/null |
+	sed -e '/^[^ 	]*:$/d' -e 's,.*=>[	 ]*,,' -e 's,^[ 	]*,,' |
+	sort -u |
+	grep -v '^/usr/platform/' | (
+	  set -- ""; shift
+	  while read p; do
+	    set -- "$@" -p "$p"
+	    if [ $# -gt 32 ]; then
+		echo "$# is $#" >&2
+		pkgchk -l "$@"
+		set -- ""; shift
+	    fi
+	  done
+	  [ $# -gt 0 ] && pkgchk -l "$@"
+	)|
+	awk '/^Current status:/{p=0} p==1 {print $1} /^Referenced by/ {p=1}' |
+	sort -u |
+	xargs -l32 pkginfo -x |
+	awk 'NR % 2 == 1 { name=$1; } NR%2 == 0 { print name, $2 }'
+}
+
+pp_solaris_add_dynlib_depends () {
+    typeset tmp
+    tmp=$pp_wrkdir/tmp.dynlib
+
+    for _cmp in $pp_components; do
+	awk '{print destdir $6}' destdir="$pp_destdir" \
+		< $pp_wrkdir/%files.$_cmp |
+	pp_solaris_dynlib_depend > $tmp
+	if test -s $tmp; then
+	    cat $tmp >> $pp_wrkdir/%depend.$_cmp
+	fi
+	rm -f $tmp
+    done
+}
+
+pp_backend_solaris_probe () {
+    echo "${pp_solaris_os}-${pp_solaris_arch_std}"
+}
+
+pp_backend_solaris_vas_platforms () {
+    case `pp_backend_solaris_probe` in
+	sol10-sparc* | sol9-sparc* | sol8-sparc*)
+			echo solaris8-sparc solaris7-sparc solaris26-sparc;;
+	sol7-sparc*)	echo                solaris7-sparc solaris26-sparc;;
+	sol26-sparc*)	echo                               solaris26-sparc;;
+	sol8-*86)	echo solaris8-x86;;
+	sol10-*86 | sol10-x86_64)
+			echo solaris10-x64 solaris8-x86;;
+	*)		pp_die "unknown system `pp_backend_solaris_probe`";;
+    esac
+}
+pp_backend_solaris_function() {
+    case $1 in
+        pp_mkgroup) cat<<'.';;
+	    /usr/sbin/groupmod "$1" 2>/dev/null && return 0
+            /usr/sbin/groupadd "$1"
+.
+        pp_mkuser:depends) echo pp_mkgroup;;
+        pp_mkuser) cat<<'.';;
+	    id "$1" >/dev/null 2>/dev/null && return 0
+	    pp_mkgroup "${2:-$1}" || return 1
+	    /usr/sbin/useradd \
+		-g "${2:-$1}" \
+		-d "${3:-/nonexistent}" \
+		-s "${4:-/bin/false}" \
+		"$1"
+.
+    *) false;;
+    esac
+}
+
+pp_backend_solaris_init_svc_vars () {
+    pp_solaris_smf_category=
+    pp_solaris_service_shell=/sbin/sh
+}
+
+pp_solaris_init_svc () {
+    smf_category=${pp_solaris_smf_category:-application}
+    smf_version=1
+    smf_type=service
+    solaris_user=
+    solaris_stop_signal=
+    solaris_sysv_init_start=S70     # invocation order for start scripts
+    solaris_sysv_init_kill=K30      # invocation order for kill scripts
+    solaris_sysv_init_start_states="2" # states to install start link
+    solaris_sysv_init_kill_states="S 0 1"  # states to install kill link
+
+    #
+    # To have the service be installed to start automatically,
+    #   %service foo
+    #   solaris_sysv_init_start_states="S 0 1 2"
+    #
+}
+
+pp_solaris_smf () {
+    typeset f
+    f=/var/svc/manifest/$smf_category/$1
+    pp_add_file_if_missing $f ||
+        return 0
+
+    cat <<-. >$pp_destdir$f
+	<?xml version="1.0"?>
+        <!--
+            $copyright
+            Generated by PolyPackage $pp_version
+	-->
+
+        <service name='$smf_category/$1'
+                 type='$smf_type'
+                 version='$smf_version'>
+
+            <single_instance />
+
+            <exec_method type='method' name='start'
+                exec=''
+                timeout_seconds='60'>
+                <method_context>
+                  <method_credential user='${solaris_user:-$user}' />
+                </method_context>
+            </exec>
+
+            <exec_method type='method' name='stop'
+                exec=':kill -${solaris_stop_signal:-$stop_signal}'>
+                <method_context>
+                  <method_credential user='${solaris_user:-$user}' />
+                </method_context>
+            </exec>
+
+        </service>
+.
+}
+
+pp_solaris_make_service_group () {
+    typeset group out file svcs svc
+
+    group="$1"
+    svcs="$2"
+    file="/etc/init.d/$group"
+    out="$pp_destdir$file"
+
+    #-- return if the script is supplued already
+    pp_add_file_if_missing "$file" run 755 || return 0
+
+    echo "#! /sbin/sh" > $out
+    echo "# polypkg service group script for these services:" >> $out
+    echo "svcs=\"$svcs\"" >> $out
+
+    cat <<'.' >>$out
+
+	#-- starts services in order.. stops them all if any break
+	pp_start () {
+	    undo=
+	    for svc in $svcs; do
+		if /etc/init.d/$svc start; then
+		    undo="$svc $undo"
+		else
+		    if test -n "$undo"; then
+		        for svc in $undo; do
+			   /etc/init.d/$svc stop
+			done
+			return 1
+		    fi
+		fi
+	    done
+	    return 0
+	}
+
+	#-- stops services in reverse
+	pp_stop () {
+	    reverse=
+	    for svc in $svcs; do
+		reverse="$svc $reverse"
+	    done
+	    rc=0
+	    for svc in $reverse; do
+		/etc/init.d/$svc stop || rc=$?
+	    done
+	    return $rc
+	}
+
+	#-- returns true only if all services return true status
+	pp_status () {
+	    rc=0
+	    for svc in $svcs; do
+		/etc/init.d/$svc status || rc=$?
+	    done
+	    return $rc
+	}
+
+        case "$1" in
+            start)   pp_start;;
+            stop)    pp_stop;;
+            status)  pp_status;;
+            restart) pp_stop && pp_start;;
+            *)       echo "usage: $0 {start|stop|restart|status}" >&2; exit 1;;
+        esac
+.
+}
+
+
+pp_solaris_make_service () {
+    typeset file out _cmd svc
+
+    svc="$1"
+    file="/etc/init.d/$svc"
+    out="$pp_destdir$file"
+
+
+    #-- return if we don't need to create the init script
+    pp_add_file_if_missing "$file" run 755 ||
+        return 0
+
+    echo "#! /sbin/sh" >$out
+    echo "#-- This service init file generated by polypkg" >>$out
+
+    #-- construct a start command that builds a pid file as needed
+    #   and forks the daemon
+    _cmd="$cmd";
+    if test -z "$pidfile"; then
+	# The service does not define a pidfile, so we have to make
+	# our own up. On Solaris systems where there is no /var/run
+	# we must use /tmp to guarantee the pid files are removed after
+	# a system crash.
+	cat <<. >>$out
+	    pp_piddir="/var/run"
+	    test -d "\$pp_piddir/." || pp_piddir="/tmp"
+	    pidfile="\$pp_piddir/$svc.pid"
+.
+        _cmd="$cmd & echo \$! > \$pidfile"
+    else
+	# The service is able to write its own PID file
+	cat <<. >>$out
+	    pidfile="$pidfile"
+.
+    fi
+
+    if test "${user:-root}" != "root"; then
+        _cmd="su $user -c exec $_cmd";
+    fi
+
+    cat <<. >>$out
+	stop_signal="${stop_signal:-TERM}"
+	svc="${svc}"
+
+        # generated command to run $svc as a daemon process
+        pp_exec () { $_cmd; }
+.
+
+    #-- write the invariant section of the init script
+    cat <<'.' >>$out
+
+        # returns true if $svc is running
+        pp_running () {
+            test -r "$pidfile" &&
+            read pid junk < "$pidfile" &&
+            test ${pid:-0} -gt 1 &&
+            kill -0 "$pid" 2>/dev/null
+        }
+
+        # prints a message describing $svc's running state
+        pp_status () {
+            if pp_running; then
+                echo "service $svc is running (pid $pid)"
+                return 0
+            elif test -f "$pidfile"; then
+                echo "service $svc is not running, but pid file exists"
+                return 2
+            else
+                echo "service $svc is not running"
+                return 1
+            fi
+        }
+
+        # starts $svc
+        pp_start () {
+            if pp_running; then
+                echo "service $svc already running" >&2
+                return 0
+            fi
+            echo "starting $svc... \c"
+            if pp_exec; then
+                echo "done."
+            else
+                echo "ERROR."
+                exit 1
+            fi
+        }
+
+        # stops $svc
+        pp_stop () {
+            if pp_running; then
+                echo "stopping $svc... \c"
+                if kill -$stop_signal $pid; then
+                    rm -f "$pidfile"
+                    echo "done."
+                else
+                    echo "ERROR."
+                    return 1
+                fi
+            else
+                echo "service $svc already stopped" >&2
+                return 0
+            fi
+        }
+
+        umask 022
+        case "$1" in
+            start)   pp_start;;
+            stop)    pp_stop;;
+            status)  pp_status;;
+            restart) pp_stop && pp_start;;
+            *)       echo "usage: $0 {start|stop|restart|status}" >&2; exit 1;;
+        esac
+.
+}
+
+
+pp_solaris_install_service () {
+    typeset s k l
+    s="${solaris_sysv_init_start}$1"
+    k="${solaris_sysv_init_kill}$1"
+
+    echo 'case " $SERVICES " in *" '$1' "*)'
+    echo '
+if [ "x${PKG_INSTALL_ROOT}" != "x" ]; then
+  if [ -x ${PKG_INSTALL_ROOT}/usr/sbin/svcadm ]; then
+    echo "/usr/sbin/svccfg import '$pp_svc_xml_file' 2>/dev/null" >> ${PKG_INSTALL_ROOT}/var/svc/profile/upgrade
+  else'
+    test -n "${solaris_sysv_init_start_states}" &&
+        for state in ${solaris_sysv_init_start_states}; do
+            l="/etc/rc$state.d/$s"
+            echo "echo '$l'"
+            echo "installf -c run \$PKGINST \$PKG_INSTALL_ROOT$l=../init.d/$1 s"
+            pp_solaris_space /etc/rc$state.d 0 1
+        done
+    test -n "${solaris_sysv_init_kill_states}" &&
+        for state in ${solaris_sysv_init_kill_states}; do
+            l="/etc/rc$state.d/$k"
+            echo "echo '$l'"
+            echo "installf -c run \$PKGINST \$PKG_INSTALL_ROOT$l=../init.d/$1 s"
+            pp_solaris_space /etc/rc$state.d 0 1
+        done
+    echo '
+  fi
+else
+    if [ -x /usr/sbin/svcadm ]; then
+        echo "Registering '$1' with SMF"
+        /usr/sbin/svcadm disable -s '$1' 2>/dev/null
+        /usr/sbin/svccfg delete '$1' 2>/dev/null
+        /usr/sbin/svccfg import '$pp_svc_xml_file' 2>/dev/null
+    else'
+    test -n "${solaris_sysv_init_start_states}" &&
+        for state in ${solaris_sysv_init_start_states}; do
+            l="/etc/rc$state.d/$s"
+            echo "echo '$l'"
+            echo "installf -c run \$PKGINST \$PKG_INSTALL_ROOT$l=../init.d/$1 s"
+            pp_solaris_space /etc/rc$state.d 0 1
+        done
+    test -n "${solaris_sysv_init_kill_states}" &&
+        for state in ${solaris_sysv_init_kill_states}; do
+            l="/etc/rc$state.d/$k"
+            echo "echo '$l'"
+            echo "installf -c run \$PKGINST \$PKG_INSTALL_ROOT$l=../init.d/$1 s"
+            pp_solaris_space /etc/rc$state.d 0 1
+        done
+    echo " :;; esac"
+
+}
+
+pp_platforms="$pp_platforms deb"
+
+pp_backend_deb_detect () {
+    test -f /etc/debian_version
+}
+
+pp_deb_cmp_full_name () {
+    local prefix
+    prefix="${pp_deb_name:-$name}"
+    case "$1" in
+        run) echo "${prefix}" ;;
+        dbg) echo "${prefix}-${pp_deb_dbg_pkgname}";;
+        dev) echo "${prefix}-${pp_deb_dev_pkgname}";;
+        doc) echo "${prefix}-${pp_deb_doc_pkgname}";;
+        *)   pp_error "unknown component '$1'";
+    esac
+}
+
+pp_backend_deb_init () {
+    pp_deb_dpkg_version="2.0"
+    pp_deb_name=
+    pp_deb_version=
+    pp_deb_release=
+    pp_deb_arch=
+    pp_deb_arch_std=
+    pp_deb_maintainer=support@quest.com
+    pp_deb_copyright=
+    pp_deb_distro=
+    pp_deb_control_description=
+    pp_deb_summary=
+    pp_deb_description=
+    pp_deb_dbg_pkgname="dbg"
+    pp_deb_dev_pkgname="dev"
+    pp_deb_doc_pkgname="doc"
+    pp_deb_section=contrib # Free software that depends on non-free software
+
+    # Detect the host architecture
+    pp_deb_detect_arch
+
+    # Make sure any programs we require are installed
+    pp_deb_check_required_programs
+
+    # Set generated/interrogated platforms variables
+    pp_deb_munge_description
+}
+
+pp_deb_check_required_programs () {
+    local p needed notfound ok
+    needed= notfound=
+    for prog in dpkg dpkg-deb install md5sum fakeroot
+    do
+        if which $prog 2>/dev/null >/dev/null; then
+	    pp_debug "$prog: found"
+	else
+	    pp_debug "$prog: not found"
+	    case "$prog" in
+		dpkg|dpkg-deb)	p=dpkg;;
+		install|md5sum) p=coreutils;;
+		fakeroot)	p=fakeroot;;
+		*)		pp_die "unexpected dpkg tool $prog";;
+	    esac
+	    notfound="$notfound $prog"
+	    pp_contains "$needed" "$p" || needed="$needed $p"
+	fi
+    done
+    if [ -n "$notfound" ]; then
+	pp_error "cannot find these programs: $notfound"
+	pp_error "please install these packages: $needed"
+    fi
+}
+
+pp_deb_munge_description () {
+    # Insert a leading space on each line, replace blank lines with a
+    #space followed by a full-stop.
+    pp_deb_control_description=`echo ${pp_deb_description:-$description} | \
+        sed "s,^\(.*\)$, \1, " \
+        | sed "s,^[ \t]*$, .,g"`
+
+}
+
+pp_deb_detect_arch () {
+   pp_deb_arch=`dpkg --print-architecture`
+   pp_deb_arch_std=`uname -m`
+}
+
+pp_deb_make_control() {
+    package_name=`pp_deb_cmp_full_name "$1"`
+    cat <<-.
+	Package: ${package_name}
+	Version: ${pp_deb_version:-$version}-${pp_deb_release:-1}
+	Section: ${pp_deb_section:-contrib}
+	Priority: optional
+	Architecture: ${pp_deb_arch}
+	Maintainer: ${pp_deb_maintainer:-$maintainer}
+	Description: ${pp_deb_summary:-$summary}
+	${pp_deb_control_description}
+.
+    if test -s $pp_wrkdir/%depend."$1"; then
+	sed -ne '/^[ 	]*$/!s/^[ 	]*/Depends: /p' \
+	    < $pp_wrkdir/%depend."$1"
+    fi
+}
+
+pp_deb_make_md5sums() {
+    local cmp="$1"; shift
+    local pkg_dir
+
+    pkg_dir=$pp_wrkdir/`pp_deb_cmp_full_name $cmp`
+    (cd $pkg_dir && md5sum "$@") > $pkg_dir/DEBIAN/md5sums ||
+	pp_error "cannot make md5sums"
+}
+
+pp_deb_make_package_maintainer_script() {
+    local output="$1"
+    local source="$2"
+    local desc="$3"
+
+    # See if we need to create this script at all
+    if [ -s "$source" ]
+    then
+
+        # Create header
+        cat <<-. >$output || pp_error "Cannot create $output"
+	#!/bin/sh
+	# $desc
+	# Generated by PolyPackage $pp_version
+
+.
+
+        cat $source >> "$output" || pp_error "Cannot append to $output"
+
+        # Set perms
+        chmod 755 "$output" || pp_error "Cannot chmod $output"
+    fi
+}
+
+pp_deb_handle_services() {
+    local svc
+
+    #-- add service start/stop code
+    if test -n "$pp_services"; then
+        #-- record the uninstall commands in reverse order
+        for svc in $pp_services; do
+            pp_load_service_vars $svc
+
+            # Create init script (unless one exists)
+            pp_deb_service_make_init_script $svc
+
+            #-- append %post code to install the svc
+	    test x"yes" = x"$enable" &&
+            cat<<-. >> $pp_wrkdir/%post.run
+		# Install the service links
+		/usr/sbin/update-rc.d $svc defaults
+.
+
+            #-- prepend %preun code to stop svc
+            cat<<-. | pp_prepend $pp_wrkdir/%preun.run
+		# Stop the $svc service
+		if test -x /usr/sbin/invoke-rc.d; then
+		    /usr/sbin/invoke-rc.d $svc stop
+		else
+		    /etc/init.d/$svc stop
+		fi
+		# Remove the service links
+		/usr/sbin/update-rc.d -f $svc remove
+.
+        done
+        #pp_deb_service_remove_common | pp_prepend $pp_wrkdir/%preun.run
+    fi
+
+}
+pp_deb_fakeroot () {
+    if test -s $pp_wrkdir/fakeroot.save; then
+	fakeroot -i $pp_wrkdir/fakeroot.save -s $pp_wrkdir/fakeroot.save "$@"
+    else
+	fakeroot -s $pp_wrkdir/fakeroot.save "$@"
+    fi
+}
+
+pp_deb_make_DEBIAN() {
+    local cmp="${1:-run}"
+    local data cmp_full_name
+    local old_umask
+
+    old_umask=`umask`
+    umask 0022
+    cmp_full_name=`pp_deb_cmp_full_name $cmp`
+    data=$pp_wrkdir/$cmp_full_name
+
+    # Create DEBIAN dir $data/DEBIAN
+    mkdir -p $data/DEBIAN
+
+    # Create control file
+    pp_deb_make_control $cmp > $data/DEBIAN/control
+
+    # Copy in conffiles
+    if test -f $pp_wrkdir/%conffiles.$cmp; then
+	cp $pp_wrkdir/%conffiles.$cmp $data/DEBIAN/conffiles
+    fi
+
+    # Create postinst
+    pp_deb_make_package_maintainer_script "$data/DEBIAN/postinst" \
+        "$pp_wrkdir/%post.$cmp" "Post install script for $cmp_full_name"\
+        || exit $?
+
+    # Create prerm
+    pp_deb_make_package_maintainer_script "$data/DEBIAN/prerm" \
+        "$pp_wrkdir/%preun.$cmp" "Pre-uninstall script for $cmp_full_name"\
+        || exit $?
+
+    umask $old_umask
+}
+
+pp_deb_make_data() {
+    local _l t m o g f p st data
+    local data share_doc owner group
+    cmp=$1
+    data=$pp_wrkdir/`pp_deb_cmp_full_name $cmp`
+    cat $pp_wrkdir/%files.${cmp} | while read t m o g f p st; do
+	test x"$o" = x"-" && o=root
+	test x"$g" = x"-" && g=root
+        case "$t" in
+        f) # Files
+           pp_deb_fakeroot install -D -o $o -g $g -m ${m} $pp_destdir/$p $data/$p;
+           if [ x"$f" = x"v" ]
+           then
+               # File marked as "volatile". Assume this means it's a conffile
+	       # TODO: check this as admins like modified conffiles to be left
+	       #       behind
+               echo "$p" >> $pp_wrkdir/%conffiles.$cmp
+           fi;;
+
+        d) # Directories
+           pp_deb_fakeroot install -m ${m} -o $o -g $g -d $data/$p;;
+
+        s) # Symlinks
+           # Remove leading / from vars
+           rel_p=`echo $p | sed s,^/,,`
+           rel_st=`echo $st | sed s,^/,,`
+           # TODO: we are always doing absolute links here. We should follow
+	   # the debian policy of relative links when in the same top-level
+	   # directory
+           (cd $data; ln -sf $st $rel_p);;
+	    *) pp_error "Unsupported data file type: $t";;
+	esac
+    done
+
+    # If no copyright file is present add one. This is a debian requirement.
+    share_doc="/usr/share/doc/`pp_deb_cmp_full_name $cmp`"
+    if [ ! -f "$data/$share_doc/copyright" ]
+    then
+        echo "${pp_deb_copyright:-$copyright}" > "$pp_wrkdir/copyright"
+        install -D -m 644 "$pp_wrkdir/copyright" "$data/$share_doc/copyright"
+    fi
+
+}
+
+pp_deb_makedeb () {
+    local cmp
+    local package_build_dir
+
+    cmp="$1"
+
+    package_build_dir=$pp_wrkdir/`pp_deb_cmp_full_name $cmp`
+
+    # Create package dir
+    mkdir -p $package_build_dir
+
+    # Copy in data
+    pp_deb_make_data $cmp ||
+	pp_die "Could not make DEBIAN data files for $cmp"
+
+    # Make control files
+    # must be done after copying data so conffiles are found
+    pp_deb_make_DEBIAN $cmp ||
+	pp_die "Could not make DEBIAN control files for $cmp"
+
+    # Create md5sums
+    pp_deb_make_md5sums $cmp `(cd $package_build_dir;
+	find . -type f -a -not -name DEBIAN | sed "s,^\./,,")` ||
+	    pp_die "Could not make DEBIAN md5sums for $cmp"
+}
+
+pp_backend_deb () {
+    local debname
+
+    # Handle services
+    pp_deb_handle_services $cmp
+
+    for cmp in $pp_components
+    do
+        debname=`pp_deb_name $cmp`
+        pp_deb_makedeb $cmp
+    done
+
+    . $pp_wrkdir/%fixup
+
+    for cmp in $pp_components
+    do
+        debname=`pp_deb_name $cmp`
+	# Create debian package
+	pp_debug "Building `pp_deb_cmp_full_name $cmp` -> $output"
+	pp_deb_fakeroot dpkg-deb \
+	    --build $pp_wrkdir/`pp_deb_cmp_full_name $cmp` \
+	    $pp_wrkdir/$debname ||
+		pp_error "failed to create $cmp package"
+    done
+}
+
+pp_backend_deb_cleanup () {
+    # rm -rf $pp_wrkdir
+    :
+}
+
+pp_deb_name () {
+    local cmp="${1:-run}"
+    echo `pp_deb_cmp_full_name $cmp`"_${pp_deb_version:-$version}-${pp_deb_release:-1}_${pp_deb_arch}.deb"
+}
+pp_backend_deb_names () {
+    for cmp in $pp_components
+    do
+        pp_deb_name $cmp
+    done
+}
+
+pp_backend_deb_install_script () {
+    local cmp _cmp_full_name
+
+    echo "#!/bin/sh"
+    pp_install_script_common
+
+    cat <<.
+
+        cmp_to_pkgname () {
+            test x"\$*" = x"all" &&
+                set -- $pp_components
+            for cmp
+            do
+                case \$cmp in
+.
+    for cmp in $pp_components; do
+         echo "$cmp) echo '`pp_deb_cmp_full_name $cmp`';;"
+    done
+    cat <<.
+                *) usage;;
+                esac
+            done
+        }
+
+
+        cmp_to_pathname () {
+            test x"\$*" = x"all" &&
+                set -- $pp_components
+            for cmp
+            do
+                case \$cmp in
+.
+    for cmp in $pp_components; do
+         echo "$cmp) echo \${PP_PKGDESTDIR:-.}/'`pp_deb_name $cmp`';;"
+    done
+    cat <<.
+                *) usage;;
+		esac
+            done
+        }
+
+        test \$# -eq 0 && usage
+        op="\$1"; shift
+        case "\$op" in
+            list-components)
+                test \$# -eq 0 || usage \$op
+                echo $pp_components
+                ;;
+            list-services)
+                test \$# -eq 0 || usage \$op
+                echo $pp_services
+                ;;
+            list-files)
+                test \$# -ge 1 || usage \$op
+                cmp_to_pathname "\$@"
+                ;;
+            install)
+                test \$# -ge 1 || usage \$op
+                dpkg --install \`cmp_to_pathname "\$@"\`
+                ;;
+            uninstall)
+                test \$# -ge 1 || usage \$op
+                dpkg --remove \`cmp_to_pkgname "\$@"\`; :
+                ;;
+            start|stop)
+                test \$# -ge 1 || usage \$op
+                ec=0
+                for svc
+                do
+                    /etc/init.d/\$svc \$op || ec=1
+                done
+                exit \$ec
+                ;;
+            print-platform)
+                test \$# -eq 0 || usage \$op
+		echo "linux-${pp_deb_arch}"
+		;;
+            *)
+                usage
+                ;;
+        esac
+.
+}
+
+pp_backend_deb_probe() {
+    local arch distro release
+
+    pp_deb_detect_arch
+
+    # /etc/debian_version exists on Debian & Ubuntu, so it's no use
+    # to us. Use lsb_release instead.
+
+    case `(lsb_release -is || echo no-lsb) 2>/dev/null` in
+        Debian)
+            distro=deb
+	    ;;
+        Ubuntu)
+            distro=ubu
+	    ;;
+	no-lsb)
+	    echo unknown-$pp_deb_arch_std
+	    return 0
+	    ;;
+        *)
+            distro=unknown
+	    ;;
+    esac
+
+    release=`lsb_release -rs`
+
+    # If release is not numeric, use the codename
+    case $release in
+        *[!.0-9r]*)
+	    release=`lsb_release -cs`
+	    case $release in
+		buzz)
+		    release="11"
+		    ;;
+		rex)
+		    release="12"
+		    ;;
+		bo)
+		    release="13"
+		    ;;
+		hamm)
+		    release="20"
+		    ;;
+		slink)
+		    release="21"
+		    ;;
+		potato)
+		    release="22"
+		    ;;
+		woody)
+		    release="30"
+		    ;;
+		sarge)
+		    release="31"
+		    ;;
+		etch)
+		    release="40"
+		    ;;
+		lenny)
+		    release="50"
+		    ;;
+		squeeze)
+		    release="60"
+		    ;;
+	    esac
+	    ;;
+	*)
+	    # Remove trailing revision number and any dots
+            release=`echo $release | cut -dr -f1 | tr -d .`
+	    ;;
+    esac
+
+    echo $distro$release-$pp_deb_arch_std
+}
+
+pp_backend_deb_vas_platforms () {
+    case "$pp_deb_arch_std" in
+	x86_64)	echo "linux-x86_64.deb";; # DO NOT add linux-x86.deb here!!
+	*86)	echo "linux-x86.deb";;
+	*)	pp_die "unknown architecture ${pp_deb_arch_std}";;
+    esac
+}
+pp_backend_deb_init_svc_vars () {
+    # Default multi-user runlevel on Debian is 2; 3-5 are also multi-user
+    pp_deb_default_start_runlevels="2 3 4 5"
+    pp_deb_default_svc_description="No description"
+}
+
+pp_backend_deb_init_svc_vars () {
+
+    reload_signal=
+    start_runlevels=${pp_deb_default_start_runlevels}   # == lsb default-start
+    stop_runlevels="0 1 6"                              # == lsb default-stop
+    svc_description="${pp_deb_default_svc_description}" # == lsb short descr
+    svc_process=
+
+    lsb_required_start='$local_fs $network'
+    lsb_should_start=
+    lsb_required_stop=
+    lsb_description=
+
+    start_priority=50
+    stop_priority=50            #-- stop_priority = 100 - start_priority
+}
+
+pp_deb_service_make_init_script () {
+    local svc=$1
+    local script=/etc/init.d/$svc
+    local out=$pp_destdir$script
+    local _process _cmd
+
+    pp_add_file_if_missing $script run 755 || return 0
+
+    #-- start out as an empty shell script
+    cat <<-'.' >$out
+	#!/bin/sh
+.
+
+    #-- determine the process name from $cmd unless $svc_process is given
+    set -- $cmd
+    #_process=${svc_process:-"$1"} --? WTF
+
+    #-- construct a start command that builds a pid file if needed
+    _cmd="$cmd";
+    _cmd_path=`echo $cmd | cut -d" " -f1`
+    _cmd_name=`basename $_cmd_path`
+    _cmd_args=`echo $cmd | cut -d" " -f2-`
+    test x"$_cmd_path" != x"$_cmd_args" || _cmd_args=
+
+    #-- generate the LSB init info
+    cat <<-. >>$out
+	### BEGIN INIT INFO
+	# Provides: ${svc}
+	# Required-Start: ${lsb_required_start}
+	# Should-Start: ${lsb_should_start}
+	# Required-Stop: ${lsb_required_stop}
+	# Default-Start: ${start_runlevels}
+	# Default-Stop: ${stop_runlevels}
+	# Short-Description: ${svc_description}
+	### END INIT INFO
+	# Generated by PolyPackage ${pp_version}
+	# ${copyright}
+
+.
+
+    if test x"${svc_description}" = x"${pp_deb_default_svc_description}"; then
+        svc_description=
+    fi
+
+    #-- write service-specific definitions
+    cat <<. >>$out
+NAME="${_cmd_name}"
+DESC="${svc_description:-$svc service}"
+USER="${user}"
+GROUP="${group}"
+PIDFILE="${pidfile}"
+STOP_SIGNAL="${stop_signal}"
+RELOAD_SIGNAL="${reload_signal}"
+CMD="${_cmd}"
+DAEMON="${_cmd_path}"
+DAEMON_ARGS="${_cmd_args}"
+SCRIPTNAME=${script}
+.
+
+    #-- write the generic part of the init script
+    cat <<'.' >>$out
+
+[ -x "$DAEMON" ] || exit 0
+
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+[ -f /etc/default/rcS ] && . /etc/default/rcS
+
+. /lib/lsb/init-functions
+
+do_start()
+{
+	# Return
+	#   0 if daemon has been started
+	#   1 if daemon was already running
+	#   2 if daemon could not be started
+    if [ -n "$PIDFILE" ]
+    then
+        pidfile_opt="--pidfile $PIDFILE"
+    else
+        pidfile_opt="--make-pidfile --background --pidfile /var/run/$NAME.pid"
+    fi
+    if [ -n "$USER" ]
+    then
+        user_opt="--user $USER"
+    fi
+    if [ -n "$GROUP" ]
+    then
+        group_opt="--group $GROUP"
+    fi
+    if [ "$VERBOSE" = no ]
+    then
+        quiet_opt="--quiet"
+    else
+        quiet_opt="--verbose"
+    fi
+
+	start-stop-daemon --start $quiet_opt $pidfile_opt $user_opt --exec $DAEMON --test > /dev/null \
+	    || return 1
+
+    # Note: there seems to be no way to tell whether the daemon will fork itself or not, so pass
+    # --background for now
+    start-stop-daemon --start $quiet_opt $pidfile_opt $user_opt --exec $DAEMON -- \
+    	$DAEMON_ARGS \
+    	|| return 2
+}
+
+do_stop()
+{
+	# Return
+	#   0 if daemon has been stopped
+	#   1 if daemon was already stopped
+	#   2 if daemon could not be stopped
+	#   other if a failure occurred
+    if [ -n "$PIDFILE" ]
+    then
+        pidfile_opt="--pidfile $PIDFILE"
+    else
+        pidfile_opt="--pidfile /var/run/$NAME.pid"
+    fi
+    if [ -n "$USER" ]
+    then
+        user_opt="--user $USER"
+    fi
+    if [ -n $STOP_SIGNAL ]
+    then
+        signal_opt="--signal $STOP_SIGNAL"
+    fi
+    if [ "$VERBOSE" = "no" ]
+    then
+        quiet_opt="--quiet"
+    else
+        quiet_opt="--verbose"
+    fi
+	start-stop-daemon --stop $quiet_opt $signal_opt --retry=TERM/30/KILL/5 $pidfile_opt --name $NAME
+	RETVAL="$?"
+	[ "$RETVAL" = 2 ] && return 2
+	# Wait for children to finish too if this is a daemon that forks
+	# and if the daemon is only ever run from this initscript.
+	# If the above conditions are not satisfied then add some other code
+	# that waits for the process to drop all resources that could be
+	# needed by services started subsequently.  A last resort is to
+	# sleep for some time.
+	start-stop-daemon --stop $quiet_opt --oknodo --retry=0/30/KILL/5 --exec $DAEMON
+	[ "$?" = 2 ] && return 2
+	# Many daemons don't delete their pidfiles when they exit.
+	test -z $PIDFILE || rm -f $PIDFILE
+	return "$RETVAL"
+}
+
+do_reload() {
+	#
+	# If the daemon can reload its configuration without
+	# restarting (for example, when it is sent a SIGHUP),
+	# then implement that here.
+	#
+    if [ -n "$PIDFILE" ]
+    then
+        pidfile_opt="--pidfile $PIDFILE"
+    else
+        pidfile_opt="--pidfile /var/run/$NAME.pid"
+    fi
+    if [ -n "$RELOAD_SIGNAL" ]
+    then
+	    start-stop-daemon --stop --signal $RELOAD_SIGNAL $quiet_opt $pidfile_opt --name $NAME
+    fi
+	return 0
+}
+
+case "$1" in
+  start)
+	[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+	do_start
+	case "$?" in
+		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+	esac
+	;;
+  stop)
+	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+	do_stop
+	case "$?" in
+		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+	esac
+	;;
+  reload|force-reload)
+    if [ -n "$RELOAD_SIGNAL" ]
+    then
+	    log_daemon_msg "Reloading $DESC" "$NAME"
+	    do_reload
+	    log_end_msg $?
+    else
+        # Do a restart instead
+        "$0" restart
+    fi
+	;;
+  restart)
+	#
+	# If the "reload" option is implemented then remove the
+	# 'force-reload' alias
+	#
+	log_daemon_msg "Restarting $DESC" "$NAME"
+	do_stop
+	case "$?" in
+	  0|1)
+		do_start
+		case "$?" in
+			0) log_end_msg 0 ;;
+			1) log_end_msg 1 ;; # Old process is still running
+			*) log_end_msg 1 ;; # Failed to start
+		esac
+		;;
+	  *)
+	  	# Failed to stop
+		log_end_msg 1
+		;;
+	esac
+	;;
+  *)
+	#echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
+	echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
+	exit 3
+	;;
+esac
+
+:
+.
+    chmod 755 $out
+}
+pp_backend_deb_function() {
+    case $1 in
+        pp_mkgroup) cat<<'.';;
+	    /usr/sbin/groupmod "$1" 2>/dev/null && return 0
+            /usr/sbin/groupadd "$1"
+.
+        pp_mkuser:depends) echo pp_mkgroup;;
+        pp_mkuser) cat<<'.';;
+	    pp_tmp_system=
+	    id -u "$1" >/dev/null 2>/dev/null && return 0
+	    # deb 3.1's useradd changed API in 4.0. Gah!
+	    /usr/sbin/useradd --help 2>&1 | /bin/grep -q .--system &&
+		pp_tmp_system=--system
+	    pp_mkgroup "${2:-$1}" || return 1
+	    /usr/sbin/useradd \
+		-g "${2:-$1}" \
+		-d "${3:-/nonexistent}" \
+		-s "${4:-/bin/false}" \
+		$pp_tmp_system \
+		"$1"
+.
+        pp_havelib) cat<<'.';;
+            for pp_tmp_dir in `echo "/usr/lib:/lib${3:+:$3}" | tr : ' '`; do
+                test -r "$pp_tmp_dir/lib$1.so{$2:+.$2}" && return 0
+            done
+            return 1
+.
+    *) false;;
+    esac
+}
+
+pp_platforms="$pp_platforms kit"
+
+pp_backend_kit_detect () {
+    test x"$1" = x"OSF1"
+}
+
+pp_backend_kit_init () {
+        pp_kit_name=
+        pp_kit_package=
+        pp_kit_desc=
+        pp_kit_version=
+        pp_kit_subset=
+        pp_readlink_fn=pp_ls_readlink
+        pp_kit_startlevels="2 3"
+        pp_kit_stoplevels="0 2 3"
+}
+
+pp_backend_kit () {
+    typeset mi_file k_file svc outfile
+    typeset desc
+
+    pp_backend_kit_names > /dev/null
+
+    if test -z "$pp_kit_desc"; then
+        pp_kit_desc="$description"
+    fi
+
+    mi_file="$pp_wrkdir/$pp_kit_subset.mi"
+    k_file="$pp_wrkdir/$pp_kit_subset.k"
+    scp_file="$pp_wrkdir/$pp_kit_subset.scp"
+
+    desc="${pp_kit_desc:-$description}"
+
+    cat <<-. >> $k_file
+	NAME='$name'
+	CODE=$pp_kit_name
+	VERS=$pp_kit_version
+	MI=$mi_file
+	COMPRESS=0
+	%%
+	$pp_kit_subset	.	0	'$desc'
+.
+
+    if test -n "$pp_services"; then
+        for svc in $pp_services; do
+            pp_kit_make_service $svc
+            pp_prepend $pp_wrkdir/%preun.run <<-.
+		/sbin/init.d/$svc stop
+.
+         done
+    fi
+
+    pp_backend_kit_make_mi "$mi_file"
+    pp_backend_kit_make_scp
+    #rm -rf  $pp_wrkdir/kit_dest
+    mkdir -p $pp_wrkdir/kit_dest
+    pp_backend_kit_kits $k_file $pp_opt_destdir $pp_wrkdir/kit_dest
+    tar cvf $pp_wrkdir/$pp_kit_subset.tar -C $pp_wrkdir/kit_dest .
+    gzip -c $pp_wrkdir/$pp_kit_subset.tar > $pp_wrkdir/$pp_kit_subset.tar.gz
+    #rm -rf $pp_wrkdir/$pp_kit_subset.tar $pp_wrkdir/scps
+}
+
+pp_backend_kit_make_mi () {
+    # XXX this information should go into the .inv files
+    typeset t m o g f p st line dm
+    while read t m o g f p st; do
+        case $t in
+            f|d)
+                echo "0	.$p	$pp_kit_subset"
+                echo "        chmod $m $p" >> $pp_wrkdir/%post.run
+                if [ x"$o" = x"-" ] ; then
+                    echo "        chown root $p" >> $pp_wrkdir/%post.run
+                else
+                    echo "        chown $o $p" >> $pp_wrkdir/%post.run
+                fi
+                if [ x"$g" = x"-" ] ; then
+                    echo "        chgrp 0 $p" >> $pp_wrkdir/%post.run
+                else
+                    echo "        chgrp $g $p" >> $pp_wrkdir/%post.run
+                fi
+                ;;
+            s)
+                echo "        ln -s $st $p" >> $pp_wrkdir/%post.run
+                echo "        rm -f $p" >> $pp_wrkdir/%preun.run
+                ;;
+         esac
+    done < $pp_wrkdir/%files.run | sort -k3  |uniq > $1
+}
+
+
+pp_backend_kit_make_scp () {
+    scpdir="$pp_wrkdir/scps"
+    mkdir "$scpdir" && touch "$scpdir"/$pp_kit_subset.scp
+    cat <<EOF >"$scpdir"/$pp_kit_subset.scp
+
+    . /usr/share/lib/shell/libscp
+
+    case "\$ACT" in
+    PRE_L)
+    STL_ScpInit
+
+
+
+    ;;
+    POST_L)
+        STL_ScpInit
+        STL_LinkCreate
+EOF
+
+    cat $pp_wrkdir/%post.run >>"$scpdir"/$pp_kit_subset.scp
+    cat >>"$scpdir"/$pp_kit_subset.scp <<EOF
+    ;;
+    PRE_D)
+        STL_ScpInit
+        STL_LinkRemove
+EOF
+    cat $pp_wrkdir/%preun.run >>"$scpdir"/$pp_kit_subset.scp
+    cat >>"$scpdir"/$pp_kit_subset.scp <<EOF
+        ;;
+    POST_D)
+
+        ;;
+    C)
+        STL_ScpInit
+
+        case "\$1" in
+        INSTALL)
+        echo "Installation of the \$_DESC (\$_SUB) subset is complete."
+        ;;
+    DELETE)
+        ;;
+    esac
+
+        ;;
+    V)
+
+        ;;
+    esac
+
+    exit 0
+EOF
+    chmod 744 "$scpdir"/$pp_kit_subset.scp
+}
+
+
+pp_backend_kit_cleanup () {
+    :
+}
+
+pp_backend_kit_names () {
+    if test -z "$pp_kit_name"; then
+        pp_warn "pp_kit_name not specified, using XXX"
+        pp_kit_name=XXX
+    fi
+    case "$pp_kit_name" in
+        ???) : ok;;
+        *) pp_error "\$pp_kit_name $pp_kit_name must be three characters";;
+    esac
+    if test -z "$pp_kit_package"; then
+        pp_warn "pp_kit_package not specified, using YYYY"
+        pp_kit_package=YYYY
+    fi
+    if test -z "$pp_kit_version"; then
+        pp_kit_version=`echo $version|tr -d '.a-zA-Z'`
+    fi
+    case "$pp_kit_version" in
+        [0-9]) pp_kit_version="${pp_kit_version}00";;
+        [0-9][0-9]) pp_kit_version="${pp_kit_version}0";;
+        [0-9][0-9][0-9]) : ok;;
+        *) pp_error "\$pp_kit_version $pp_kit_version must be three digits, ";;
+    esac
+    if test -z "$pp_kit_subset"; then
+        pp_kit_subset="$pp_kit_name$pp_kit_package$pp_kit_version"
+    fi
+    echo "$pp_kit_subset.tar.gz"
+}
+
+pp_backend_kit_install_script () {
+    typeset pkgname platform
+
+    pkgname=`pp_backend_kit_names`
+    platform="`pp_backend_kit_probe`"
+
+    echo "#!/bin/sh"
+    pp_install_script_common
+    cat <<.
+
+        cpt_to_tags () {
+            test x"\$*" = x"all" && set -- $pp_components
+            for cpt
+            do
+                echo "$name.\$cpt"
+            done
+        }
+
+        test \$# -eq 0 && usage
+        op="\$1"; shift
+
+        case "\$op" in
+            list-components)
+                test \$# -eq 0 || usage \$op
+                echo "$pp_components"
+                ;;
+            list-services)
+                test \$# -eq 0 || usage \$op
+                echo "$pp_services"
+                ;;
+            list-files)
+                test \$# -ge 1 || usage \$op
+                echo \${PP_PKGDESTDIR:-.}/$pkgname
+                ;;
+            install)
+                test \$# -ge 1 || usage \$op
+                verbose echo \${PP_PKGDESTDIR:-\`pwd\`}/$pkgname \`cpt_to_tags "\$@"\`
+                #verbose swinstall -x verbose=0 -s \${PP_PKGDESTDIR:-\`pwd\`}/$pkgname \`cpt_to_tags "\$@"\`
+                ;;
+            uninstall)
+                test \$# -ge 1 || usage \$op
+                verbose echo \`cpt_to_tags "\$@"\`
+                #verbose swremove -x verbose=0 \`cpt_to_tags "\$@"\`
+                ;;
+            start|stop)
+                test \$# -ge 1 || usage \$op
+                ec=0
+                for svc
+                do
+                    verbose /sbin/init.d/\$svc \$op
+                    [ \$? -eq 4 -o \$? -eq 0 ] || ec=1
+                done
+                exit \$ec
+                ;;
+            print-platform)
+		echo "$platform"
+		;;
+            *)
+                usage
+                ;;
+        esac
+.
+}
+
+pp_backend_kit_function () {
+    case "$1" in
+        pp_mkgroup) cat <<'.';;
+            grep "^$1:" /etc/group >/dev/null ||
+                /usr/sbin/groupadd $1
+.
+        pp_mkuser) cat <<'.';;
+            eval user=\$$#
+            grep "^$user:" /etc/passwd >/dev/null ||
+                /usr/sbin/useradd -s /usr/bin/false "$@"
+.
+        pp_havelib) cat <<'.';;
+            for dir in `echo /usr/lib${3+:$3} | tr : ' '`; do
+                test -r "$dir/lib$1.${2-sl}" && return 0
+            done
+            return 1
+.
+        *) pp_error "unknown function request: $1";;
+    esac
+}
+
+pp_backend_kit_init_svc_vars () {
+    :
+}
+
+pp_backend_kit_probe () {
+    echo tru64-`uname -r | sed 's/V\([0-9]*\)\.\([0-9]*\)/\1\2/'`
+}
+
+pp_kit_service_group_script () {
+    typeset grp svcs scriptpath out
+    grp="$1"
+    svcs="$2"
+    scriptpath="/sbin/init.d/$grp"
+    out="$pp_destdir$scriptpath"
+
+    pp_add_file_if_missing $scriptpath run 755 || return 0
+
+    cat <<-. > $out
+	#!/sbin/sh
+	# generated by pp $pp_version
+	svcs="$svcs"
+.
+
+cat <<-'.' >> $out
+	#-- starts services in order.. stops them all if any break
+	pp_start () {
+	    undo=
+	    for svc in $svcs; do
+	        /sbin/init.d/$svc start
+	        case $? in
+	            0|4)
+	                undo="$svc $undo"
+	                ;;
+	            *)
+	                if test -n "$undo"; then
+	                for svc in $undo; do
+	                    /sbin/init.d/$svc stop
+	                done
+	                return 1
+	                fi
+	                ;;
+	        esac
+	    done
+	    return 0
+	}
+
+	#-- stops services in reverse
+	pp_stop () {
+	    reverse=
+	        for svc in $svcs; do
+	            reverse="$svc $reverse"
+	        done
+	        rc=0
+	        for svc in $reverse; do
+	            /sbin/init.d/$svc stop || rc=$?
+	        done
+	        return $rc
+	}
+
+	case $1 in
+	    start_msg) echo "Starting $svcs";;
+	stop_msg)  echo "Stopping $svcs";;
+	start)     pp_start;;
+	stop)      pp_stop;;
+	*)         echo "usage: $0 {start|stop|start_msg|stop_msg}"
+	    exit 1;;
+	esac
+.
+}
+
+pp_kit_service_script () {
+    typeset svc scriptpath out
+
+    svc="$1"
+    scriptpath="/sbin/init.d/$svc"
+
+    pp_load_service_vars "$svc"
+
+    test -n "$user" -a x"$user" != x"root" &&
+    cmd="SHELL=/usr/bin/sh /usr/bin/su $user -c \"exec `echo $cmd | sed -e 's,[$\\\`],\\&,g'`\""
+    if test -z "$pidfile"; then
+        pidfile="/var/run/$svc.pid"
+        cmd="$cmd & echo \$! > \$pidfile"
+    fi
+
+    pp_add_file_if_missing $scriptpath run 755
+
+    cat <<-. > $pp_destdir$scriptpath
+	svc="$svc"
+	pidfile="$pidfile"
+
+	pp_start () {
+	    $cmd
+	}
+.
+    cat <<-'.' >>$pp_destdir$scriptpath
+	    pp_stop () {
+	        if test ! -s "$pidfile"; then
+	            echo "Unable to stop $svc (no pid file)"
+	                return 1
+	        else
+	            read pid < "$pidfile"
+	            if kill -0 "$pid" 2>/dev/null; then
+	                if kill -${stop_signal:-TERM} "$pid"; then
+	                    rm -f "$pidfile"
+	                    return 0
+	                else
+	                    echo "Unable to stop $svc"
+	                    return 1
+	                fi
+	            else
+	                rm -f "$pidfile"
+	                return 0
+	            fi
+	        fi
+	    }
+
+	    pp_running () {
+	        if test ! -s "$pidfile"; then
+	            return 1
+	        else
+	            read pid < "$pidfile"
+	            kill -0 "$pid" 2>/dev/null
+	        fi
+	    }
+	    case $1 in
+	        start_msg) echo "Starting the $svc service";;
+	        stop_msg)  echo "Stopping the $svc service";;
+	        start)
+	            if pp_running; then
+	                echo "$svc already running";
+	                exit 0
+	            elif pp_start; then
+	                echo "$svc started";
+	# rc(1M) says we should exit 4, but nobody expects it!
+	                exit 0
+	            else
+	                exit 1
+	            fi
+	            ;;
+	        stop)
+	            if pp_stop; then
+	                echo "$svc stopped";
+	                exit 0
+	            else
+	                exit 1
+	            fi
+	            ;;
+	        *) echo "usage: $0 {start|stop|start_msg|stop_msg}"
+	           exit 1
+	           ;;
+	    esac
+.
+}
+
+pp_kit_make_service () {
+    typeset level priority startlevels stoplevels
+    typeset svc svcvar
+
+    svc="$1"
+    svcvar=`pp_makevar $svc`
+
+    #-- don't do anything if the script exists
+    if test -s "$pp_destdir/sbin/init.d/$svc"; then
+        pp_error "$pp_destdir/sbin/init.d/$svc exists"
+        return
+    fi
+
+    # symlink the script, depending on the priorities chosen
+    eval priority='${pp_kit_priority_'$svcvar'}'
+    test -z "$priority" && priority="${pp_kit_priority:-50}"
+
+    eval startlevels='${pp_kit_startlevels_'$svcvar'}'
+    test -z "$startlevels" && startlevels="$pp_kit_startlevels"
+
+    eval stoplevels='${pp_kit_stoplevels_'$svcvar'}'
+    test -z "$stoplevels" && stoplevels="$pp_kit_stoplevels"
+
+    # create the script and config file
+    pp_kit_service_script $svc
+
+    # fix the priority up
+    case "$priority" in
+        ???) :;;
+        ??) priority=0$priority;;
+        ?) priority=00$priority;;
+    esac
+
+    if test x"$stoplevels" = x"auto"; then
+        stoplevels=
+        test -z "$startlevels" || for level in $startlevels; do
+            stoplevels="$stoplevels `expr $level - 1`"
+        done
+    fi
+
+    # create the symlinks
+    test -z "$startlevels" || for level in $startlevels; do
+        echo "        ln -s /sbin/init.d/$svc /sbin/rc$level.d/S$priority$svc" >>$pp_wrkdir/%post.run
+        echo "        rm /sbin/rc$level.d/S$priority$svc" >>$pp_wrkdir/%preun.run
+    done
+    test -z "$stoplevels" || for level in $stoplevels; do
+        echo "        ln -s /sbin/init.d/$svc /sbin/rc$level.d/K$priority$svc" >>$pp_wrkdir/%post.run
+        echo "        rm -f /sbin/rc$level.d/K$priority$svc" >>$pp_wrkdir/%preun.run
+    done
+}
+
+
+
+
+pp_backend_kit_sizes () {
+    awk '
+    BEGIN { root = usr = var = 0; }
+    {
+        if (substr($9, 1, 1) != "l")
+            if (substr($10, 1, 6) == "./var/")
+                var += $2;
+            else if (substr($10, 1, 10) == "./usr/var/")
+                var += $2
+            else if (substr($10, 1, 6) == "./usr/")
+                usr += $2
+            else
+                root += $2
+    }
+    END { printf "%d\t%d\t%d", root, usr, var }
+    ' "$@"
+}
+
+pp_kit_kits_global () {
+    line=`sed -n '/^%%/q;/^'$2'=/{s/^'$2'=//p;q;}' <"$1"`
+    test -z "$line" && return 1
+    eval "echo $line"
+    :
+}
+
+pp_backend_kit_kits () {
+    typeset KITFILE FROMDIR TODIR
+    typeset SCPDIR
+
+    SCPDIR="$pp_wrkdir/scps"
+
+    PATH="/usr/lbin:/usr/bin:/etc:/usr/ucb:$PATH"; export PATH # XXX
+    #umask 2 # XXX
+
+    test $# -ge 3 || pp_die "pp_backend_kit_kits: too few arguments"
+    KITFILE="$1"; shift
+    FROMDIR="$1"; shift
+    TODIR="$1"; shift
+
+    test -f "$KITFILE" || pp_die "$KITFILE not found"
+    test -d "$FROMDIR" || pp_die "$FROMDIR not found"
+    test -d "$TODIR"   || pp_die "$TODIR not found"
+
+    INSTCTRL="$TODIR/instctrl"
+    mkdir -p "$INSTCTRL" || pp_die "cannot create instctrl directory"
+    chmod 775 "$INSTCTRL"
+
+    grep "%%" $KITFILE > /dev/null || pp_die "no %% in $KITFILE"
+
+    typeset NAME CODE VERS MI ROOT COMPRESS
+    typeset S_LIST ALLSUBS
+
+    NAME=`pp_kit_kits_global "$KITFILE" NAME` || pp_die "no NAME in $KITFILE"
+    CODE=`pp_kit_kits_global "$KITFILE" CODE` || pp_die "no CODE in $KITFILE"
+    VERS=`pp_kit_kits_global "$KITFILE" VERS` || pp_die "no VERS in $KITFILE"
+    MI=`pp_kit_kits_global "$KITFILE" MI` || pp_die "no MI in $KITFILE"
+    ROOT=`pp_kit_kits_global "$KITFILE" ROOT`
+    COMPRESS=`pp_kit_kits_global "$KITFILE" COMPRESS`
+
+    test -f "$MI" || pp_die "Inventory file $MI not found"
+
+    case "$ROOT" in
+    *ROOT)
+        test -f "$TODIR/$ROOT" ||
+            pp_die "Root image $ROOT not found in $TODIR" ;;
+    esac
+
+    ALLSUBS=`awk 'insub==1 {print $1} /^%%/ {insub=1}' <"$KITFILE"`
+    test $# -eq 0 && set -- $ALLSUBS
+
+    pp_debug "Creating $# $NAME subsets."
+    pp_debug "ALLSUBS=<$ALLSUBS>"
+
+    if test x"$COMPRESS" = x"1"; then
+        COMPRESS=:
+    else
+        COMPRESS=false
+    fi
+
+    #rm -f *.ctrl Volume*
+
+    for SUB
+    do
+        test -z "$SUB" && pp_die "SUB is empty"
+
+        typeset INV CTRL ROOTSIZE USRSIZE VARSIZE TSSUB
+	#rm -f Volume*
+	case $SUB in
+            .*) :;;
+	    *)  pp_verbose rm -f "$TODIR/$SUB"* "$INSTCTRL/$SUB"*;;
+        esac
+
+        TSSUB="$pp_wrkdir/ts.$SUB"
+
+	pp_debug "kits: Subset $SUB"
+
+	INV="$SUB.inv"
+	CTRL="$SUB.ctrl"
+	pp_debug "kits: Generating media creation information..."
+
+        # Invcutter takes as input
+        #   SUB dir/path
+        # and generates stl_inv(4) files, like this
+        #   f 0 00000 0 0 100644 2/11/09 010 f dir/path none SUB
+	grep "	$SUB\$" "$MI" |
+            pp_verbose /usr/lbin/invcutter \
+                -v "$VERS" -f "$FROMDIR" > "$INSTCTRL/$INV" ||
+            pp_die "failed to create $INSTCTRL/$INV"
+        chmod 664 "$INSTCTRL/$INV"
+
+        pp_backend_kit_sizes "$INSTCTRL/$INV" > "$pp_wrkdir/kit.sizes"
+        read ROOTSIZE USRSIZE VARSIZE < "$pp_wrkdir/kit.sizes"
+
+        # Prefix each line with $FROMDIR. This will be stripped
+        awk '$1 != "d" {print from $10}' from="$FROMDIR/" \
+            > "$TSSUB" < "$INSTCTRL/$INV" ||
+            pp_die "failed"
+
+        NVOLS=0
+
+	pp_debug "kits: Creating $SUB control file..."
+
+        sed '1,/^%%/d;/^'"$SUB"'/{p;q;}' < "$KITFILE" > "$pp_wrkdir/kit.line"
+        read _SUB _IGNOR DEPS FLAGS DESC < "$pp_wrkdir/kit.line"
+        if test -z "$_SUB"; then
+            pp_warn "No such subset $SUB in $KITFILE"
+            continue
+	fi
+        DEPS=`echo $DEPS | tr '|' ' '`
+        case $FLAGS in
+            FLGEXP*) pp_verbose FLAGS='"${'"$FLAGS"'}"' ;;
+        esac
+        case $DESC in
+            *%*) DESC=`echo $DESC|awk -F% '{printf "%-36s%%%s\n", $1, $2}'`;;
+        esac
+
+	cat > "$INSTCTRL/$CTRL" <<-.
+		NAME='$NAME $SUB'
+		DESC=$DESC
+		ROOTSIZE=$ROOTSIZE
+		USRSIZE=$USRSIZE
+		VARSIZE=$VARSIZE
+		NVOLS=1:$NVOLS
+		MTLOC=1:$TLOC
+		DEPS="$DEPS"
+		FLAGS=$FLAGS
+.
+        chmod 664 "$INSTCTRL/$CTRL"
+
+	pp_debug "kits: Making tar image"
+
+	pp_verbose tar cfPR "$TODIR/$SUB" "$FROMDIR/" "$TSSUB" ||
+             pp_error "problem creating kit file"
+
+        if $COMPRESS; then
+            pp_debug "kits: Compressing"
+            (cd "$TODIR" && compress -f -v "$SUB") ||
+                pp_die "problem compressing $TODIR/$SUB"
+            SPC=`expr $SUB : '\(...\).*'`    # first three characters
+            SVC=`expr $SUB : '.*\(...\)'`    # last three characters
+            : > "$INSTCTRL/$SPC$SVC.comp"
+            chmod 664 "$INSTCTRL/$SPC$SVC.comp"
+            pp_debug "kits: Padding compressed file to 10kB" # wtf?
+            rm -f "$TODIR/$SUB"
+            pp_verbose \
+            dd if="$TODIR/$SUB.Z" of="$TODIR/$SUB" bs=10k conv=sync ||
+                pp_die "problem moving compressed file"
+            rm -f "$TODIR/$SUB.Z"
+        fi
+        chmod 664 "$TODIR/$SUB"
+
+	if test -f "$SCPDIR/$SUB.scp"; then
+		cp "$SCPDIR/$SUB.scp" "$INSTCTRL/$SUB.scp"
+                chmod 755 "$INSTCTRL/$SUB.scp"
+	else
+		pp_debug "kits: null subset control program for $SUB"
+		: > "$INSTCTRL/$SUB.scp"
+		chmod 744 "$INSTCTRL/$SUB.scp"
+	fi
+
+        pp_debug "kits: Finished creating media image for $SUB"
+    done
+
+    pp_debug "kits: Creating $CODE.image"
+
+    case "$ROOT" in
+    *ROOT)	ALLSUBS="$ROOT $ALLSUBS"
+                ;;
+    esac
+
+    (cd "$TODIR" && sum $ALLSUBS) > "$INSTCTRL/$CODE.image"
+    chmod 664 "$INSTTRL/$CODE.image"
+    pp_debug "kits: Creating INSTCTRL"
+    (cd "$INSTCTRL" && tar cpvf - *) > "$TODIR/INSTCTRL"
+    chmod 664 "$TODIR/INSTCTRL"
+    cp "$INSTCTRL/$CODE.image" "$TODIR/$CODE.image"
+    chmod 664 "$TODIR/$CODE.image"
+
+    pp_debug "kits: Media image production complete"
+}
+
+pp_platforms="$pp_platforms rpm"
+
+pp_backend_rpm_detect () {
+    test x"$1" = x"Linux" -a ! -f /etc/debian_version
+}
+
+pp_backend_rpm_init () {
+
+    pp_rpm_version=
+    pp_rpm_summary=
+    pp_rpm_description=
+    pp_rpm_group="Applications/Internet"
+    pp_rpm_license="Unspecified"
+    pp_rpm_vendor=
+    pp_rpm_url=
+    pp_rpm_packager=
+    pp_rpm_provides=
+    pp_rpm_requires=
+    pp_rpm_release=
+    pp_rpm_epoch=
+    pp_rpm_dev_group="Development/Libraries"
+    pp_rpm_dbg_group="Development/Tools"
+    pp_rpm_doc_group="Documentation"
+    pp_rpm_dev_description=
+    pp_rpm_dbg_description=
+    pp_rpm_doc_description=
+    pp_rpm_dev_requires=
+    pp_rpm_dbg_requires=
+    pp_rpm_doc_requires=
+    pp_rpm_dev_provides=
+    pp_rpm_dbg_provides=
+    pp_rpm_doc_provides=
+
+    pp_rpm_dbg_pkgname=debug
+    pp_rpm_dev_pkgname=devel
+    pp_rpm_doc_pkgname=doc
+
+    pp_rpm_defattr_uid=root
+    pp_rpm_defattr_gid=root
+
+    pp_rpm_detect_arch
+    pp_rpm_detect_distro
+    pp_rpm_rpmbuild=`pp_rpm_detect_rpmbuild`
+
+    # SLES8 doesn't always come with readlink
+    test -x /usr/bin/readlink -o -x /bin/readlink ||
+        pp_readlink_fn=pp_ls_readlink
+}
+
+pp_rpm_detect_arch () {
+    pp_rpm_arch=auto
+
+    #-- Find the default native architecture that RPM is configured to use
+    cat <<-. >$pp_wrkdir/dummy.spec
+	Name: dummy
+	Version: 1
+	Release: 1
+	Summary: dummy
+	Group: ${pp_rpm_group}
+	License: ${pp_rpm_license}
+	%description
+	dummy
+.
+    $pp_opt_debug && cat $pp_wrkdir/dummy.spec
+    pp_rpm_arch_local=`rpm -q --qf '%{arch}\n' --specfile $pp_wrkdir/dummy.spec`
+    rm $pp_wrkdir/dummy.spec
+
+    #-- Ask the kernel what machine architecture is in use
+    local arch=`uname -p`
+    if [ "$arch" = "unknown" ]; then
+	arch=`uname -m`
+    fi
+
+    case "$arch" in
+	i?86)	pp_rpm_arch_std=i386;;
+	x86_64)	pp_rpm_arch_std=x86_64;;
+	ppc)	pp_rpm_arch_std=ppc;;
+	ppc64)	pp_rpm_arch_std=ppc64;;
+	ia64)	pp_rpm_arch_std=ia64;;
+	s390)	pp_rpm_arch_std=s390;;
+	s390x)	pp_rpm_arch_std=s390x;;
+	powerpc)
+		# Probably AIX
+		case "`/usr/sbin/lsattr -El proc0 -a type -F value`" in
+		    PowerPC_POWER*)	pp_rpm_arch_std=ppc64;;
+		    *)			pp_rpm_arch_std=ppc;;
+		esac
+		;;
+	*)	pp_rpm_arch_std=unknown;;
+    esac
+
+    #-- Later on, when files are processed, we use 'file' to determine
+    #   what platform ABIs are used. This is used when pp_rpm_arch == auto
+    pp_rpm_arch_seen=
+}
+
+pp_rpm_detect_distro () {
+    pp_rpm_distro=
+    if test -f /etc/whitebox-release; then
+       pp_rpm_distro=`awk '
+          /^White Box Enterprise Linux release/ { print "wbel" $6; exit; }
+       ' /etc/whitebox-release`
+    elif test -f /etc/fedora-release; then
+       pp_rpm_distro=`awk '
+          /^Fedora Core release/ { print "fc" $4; exit; }
+          /^Fedora release/ { print "f" $3; exit; }
+       ' /etc/fedora-release`
+    elif test -f /etc/redhat-release; then
+       pp_rpm_distro=`awk '
+          /^Red Hat Enterprise Linux/ { print "rhel" $7; exit; }
+          /^CentOS release/           { print "centos" $3; exit; }
+          /^Red Hat Linux release/    { print "rh" $5; exit; }
+       ' /etc/redhat-release`
+    elif test -f /etc/SuSE-release; then
+       pp_rpm_distro=`awk '
+          /^SuSE Linux [0-9]/ { print "suse" $3; exit; }
+          /^SUSE LINUX [0-9]/ { print "suse" $3; exit; }
+          /^openSUSE [0-9]/   { print "suse" $2; exit; }
+          /^S[uU]SE Linux Enterprise Server [0-9]/ { print "sles" $5; exit; }
+          /^S[uU]SE LINUX Enterprise Server [0-9]/ { print "sles" $5; exit; }
+          /^SuSE SLES-[0-9]/  { print "sles" substr($2,6); exit; }
+       ' /etc/SuSE-release`
+    elif test X"`uname -s 2>/dev/null`" = X"AIX"; then
+	local r v
+	r=`uname -r`
+	v=`uname -v`
+	pp_rpm_distro="aix$v$r"
+    fi
+    pp_rpm_distro=`echo $pp_rpm_distro | tr -d .`
+    test -z "$pp_rpm_distro" &&
+       pp_warn "unknown distro"
+}
+
+pp_rpm_detect_rpmbuild () {
+    local cmd
+    for cmd in rpmbuild rpm; do
+        if `which $cmd > /dev/null 2>&1`; then
+            echo $cmd
+            return 0
+        fi
+    done
+
+    pp_error "Could not find rpmbuild"
+    # Default to `rpmbuild` in case it magically appears
+    echo rpmbuild
+    return 1
+}
+
+pp_rpm_label () {
+    local label arg
+    label="$1"; shift
+    for arg
+    do
+        test -z "$arg" || echo "$label: $arg"
+    done
+}
+
+pp_rpm_writefiles () {
+    local _l t m o g f p st fo farch
+    while read t m o g f p st; do
+        _l="$p"
+	test $t = d && _l="%dir ${_l%/}/"
+        if test x"$m" = x"-"; then
+            case "$t" in
+                d) m=755;;
+                f) m=644;;
+            esac
+        fi
+        test x"$o" = x"-" && o="${pp_rpm_defattr_uid:-root}"
+        test x"$g" = x"-" && g="${pp_rpm_defattr_gid:-root}"
+	_l="%attr($m,$o,$g) $_l"
+
+	if test "$t" = "f" -a x"$pp_rpm_arch" = x"auto"; then
+	    fo=`file "${pp_destdir}$p" 2>/dev/null`
+	    #NB: The following should match executables and shared objects,
+	    #relocatable objects. It will not match .a files however.
+	    case "$fo" in
+		*": ELF 32-bit LSB "*", Intel 80386"*)
+		    farch=i386;;
+		*": ELF 64-bit LSB "*", AMD x86-64"*|\
+		*": ELF 64-bit LSB "*", x86-64"*)
+		    farch=x86_64;;
+		*": ELF 32-bit MSB "*", PowerPC"*)
+		    farch=ppc;;
+		*": ELF 64-bit LSB "*", IA-64"*)
+		    farch=ia64;;
+		*": ELF 32-bit MSB "*", IBM S/390"*)
+		    farch=s390;;
+		*": ELF 64-bit MSB "*", IBM S/390"*)
+		    farch=s390x;;
+		*"executable (RISC System/6000)"*)
+		    farch=ppc;;
+		*"64-bit XCOFF executable"*)
+		    fatch=ppc64;;
+		*)
+		    farch=noarch;;
+	    esac
+	    pp_debug "file: $fo -> $farch"
+	    test x"$farch" = x"noarch" || pp_add_to_list pp_rpm_arch_seen $farch
+	fi
+
+	case $f in *v*) _l="%config(noreplace) $_l";; esac
+	echo "$_l"
+    done
+    echo
+}
+
+pp_rpm_subname () {
+    case "$1" in
+        run) : ;;
+        dbg) echo "${2}${pp_rpm_dbg_pkgname}";;
+        dev) echo "${2}${pp_rpm_dev_pkgname}";;
+        doc) echo "${2}${pp_rpm_doc_pkgname}";;
+        *)   pp_error "unknown component '$1'";
+    esac
+}
+
+pp_rpm_depend () {
+    while read _name _vers; do
+        case "$_name" in ""| "#"*) continue ;; esac
+        echo "Requires: $_name ${_vers:+>= $_vers}"
+    done
+}
+
+pp_rpm_override_requires () {
+    local orig_find_requires
+
+    if test -z "$pp_rpm_depend_filter_cmd"; then
+	return 0
+    fi
+
+    orig_find_requires=`rpm --eval '%{__find_requires}'`
+    cat << EOF > "$pp_wrkdir/filtered-find-requires"
+$orig_find_requires \$@ | $pp_rpm_depend_filter_cmd
+EOF
+    chmod +x "$pp_wrkdir/filtered-find-requires"
+    echo "%define __find_requires $pp_wrkdir/filtered-find-requires"
+    # Might be necessary for old versions of RPM? Not for 4.4.2.
+    #echo "%define _use_internal_dependency_generator 0"
+}
+
+pp_backend_rpm () {
+    local cmp specfile _summary _group _desc _pkg _subname svc
+
+	specfile=$pp_wrkdir/$name.spec
+        : > $specfile
+
+        #-- force existence of a 'run' component
+        pp_add_component run
+        : >> $pp_wrkdir/%files.run
+
+	if test -z "$pp_rpm_arch"; then
+            pp_error "Unknown RPM architecture"
+            return 1
+        fi
+
+	#-- Write the header components of the RPM spec file
+	cat <<-. >>$specfile
+		Name: ${pp_rpm_name:-$name}
+		Version: ${pp_rpm_version:-$version}
+		Release: ${pp_rpm_release:-1}
+		Summary: ${pp_rpm_summary:-$summary}
+		Group:   ${pp_rpm_group}
+		License: ${pp_rpm_license}
+.
+	if test -n "$pp_rpm_url"; then
+	    pp_rpm_label "URL"  "$pp_rpm_url"               >>$specfile
+	fi
+	pp_rpm_label "Vendor"   "${pp_rpm_vendor:-$vendor}" >>$specfile
+	pp_rpm_label "Packager" "$pp_rpm_packager"          >>$specfile
+	pp_rpm_label "Provides" "$pp_rpm_provides"          >>$specfile
+	pp_rpm_label "Requires" "$pp_rpm_requires"          >>$specfile
+
+	test -n "$pp_rpm_serial" && pp_warn "pp_rpm_serial deprecated"
+	if test -n "$pp_rpm_epoch"; then
+	    #-- Epoch was introduced in RPM 2.5.6
+	    case `$pp_rpm_rpmbuild --version 2>/dev/null` in
+		1.*|2.[0-5].*|2.5.[0-5])
+		    pp_rpm_label "Serial" $pp_rpm_epoch >>$specfile;;
+		*)
+		    pp_rpm_label "Epoch" $pp_rpm_epoch >>$specfile;;
+	    esac
+	fi
+
+        if test -n "$pp_rpm_requires"; then
+            pp_rpm_label "Requires" "$pp_rpm_requires" >>$specfile
+        elif test -s $pp_wrkdir/%depend.run; then
+            pp_rpm_depend < $pp_wrkdir/%depend.run >> $specfile
+        fi
+
+	pp_rpm_override_requires >> $specfile
+
+	cat <<-. >>$specfile
+
+		%description
+		${pp_rpm_description:-$description}
+.
+
+	for cmp in $pp_components; do
+		case $cmp in
+		   run) continue;;
+		   dev) _summary="development tools for $pp_rpm_summary"
+		   	_group="$pp_rpm_dev_group"
+			_desc="${pp_rpm_dev_description:-Development libraries for $name. $pp_rpm_description.}"
+		   	;;
+		   doc) _summary="documentation for $pp_rpm_summary"
+		   	_group="$pp_rpm_doc_group"
+			_desc="${pp_rpm_doc_description:-Documentation for $name. $pp_rpm_description.}"
+		   	;;
+		   dbg) _summary="diagnostic tools for $pp_rpm_summary"
+		   	_group="$pp_rpm_dbg_group"
+			_desc="${pp_rpm_dbg_description:-Diagnostic tools for $name.}"
+		   	;;
+		esac
+
+                _subname=`pp_rpm_subname $cmp`
+		cat <<-.
+
+			%package $_subname
+			Summary: $name $_summary
+			Group: $_group
+.
+                eval '_pkg="$pp_rpm_'$cmp'_requires"'
+                if test -n "$_pkg"; then
+                    eval pp_rpm_label Requires ${pp_rpm_name:-$name} $_pkg
+                elif test -s $pp_wrkdir/%depend.$cmp; then
+                    pp_rpm_depend < $pp_wrkdir/%depend.$cmp >> $specfile
+                fi
+
+                eval '_pkg="$pp_rpm_'$cmp'_provides"'
+		eval pp_rpm_label Provides $_pkg
+
+		cat <<-.
+
+			%description $_subname
+			$_desc
+.
+	done >>$specfile
+
+        #-- NB: we don't put any %prep, %build or %install RPM sections
+	#   into the spec file.
+
+        #-- add service start/stop code
+        if test -n "$pp_services"; then
+            pp_rpm_service_install_common >> $pp_wrkdir/%post.run
+
+            #-- record the uninstall commands in reverse order
+            for svc in $pp_services; do
+                pp_load_service_vars $svc
+
+                pp_rpm_service_make_init_script $svc
+
+                #-- append %post code to install the svc
+                pp_rpm_service_install $svc >> $pp_wrkdir/%post.run
+
+                #-- prepend %preun code to uninstall svc
+                # (use files in case vars are modified)
+                pp_rpm_service_remove $svc | pp_prepend $pp_wrkdir/%preun.run
+            done
+            pp_rpm_service_remove_common | pp_prepend $pp_wrkdir/%preun.run
+        fi
+
+	# make convenience service groups
+        if test -n "$pp_service_groups"; then
+	    for grp in $pp_service_groups; do
+		pp_rpm_service_group_make_init_script \
+		    $grp "`pp_service_get_svc_group $grp`"
+	    done
+	fi
+
+	#-- Write the RPM %file sections
+        #   (do this after services, since services adds to %files.run)
+	for cmp in $pp_components; do
+            _subname=`pp_rpm_subname $cmp`
+
+            if test -s $pp_wrkdir/%check.$cmp; then
+                echo ""
+                echo "%pre $_subname"
+                cat $pp_wrkdir/%check.$cmp
+                echo :   # causes script to exit true by default
+            fi
+
+            if test -s $pp_wrkdir/%files.$cmp; then
+                echo ""
+                echo "%files $_subname"
+                pp_rpm_writefiles < $pp_wrkdir/%files.$cmp
+            fi
+
+            if test -n "$pp_rpm_ghost"; then
+                for ghost in $pp_rpm_ghost; do
+                    echo "%ghost $ghost"
+                done
+            fi
+
+            if test -s $pp_wrkdir/%pre.$cmp; then
+                echo ""
+                echo "%pre $_subname"
+                cat $pp_wrkdir/%pre.$cmp
+                echo :   # causes script to exit true
+            fi
+
+            if test -s $pp_wrkdir/%post.$cmp; then
+                echo ""
+                echo "%post $_subname"
+                cat $pp_wrkdir/%post.$cmp
+                echo :   # causes script to exit true
+            fi
+
+            if test -s $pp_wrkdir/%preun.$cmp; then
+                echo ""
+                echo "%preun $_subname"
+                cat $pp_wrkdir/%preun.$cmp
+                echo :   # causes script to exit true
+            fi
+	done >>$specfile
+
+        #-- create a suitable work area for rpmbuild
+	cat <<-. >$pp_wrkdir/.rpmmacros
+		%_topdir $pp_wrkdir
+		# XXX Note escaped %% for use in headerSprintf
+		%_rpmfilename   %%{ARCH}/%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm
+	.
+	mkdir $pp_wrkdir/RPMS
+	mkdir $pp_wrkdir/BUILD
+
+	if test x"$pp_rpm_arch" = x"auto"; then
+	    #-- Reduce the arch_seen list to exactly one item
+	    case "$pp_rpm_arch_seen" in
+		"i386 x86_64"|"x86_64 i386")
+		    pp_rpm_arch_seen=x86_64;;
+		*"s390 s390x"* | *"s390x s390"* )
+		    pp_rpm_arch_seen=s390x;;
+		*" "*)
+		    pp_error "detected multiple targets: $pp_rpm_arch_seen"
+		    pp_rpm_arch_seen=unknown;;	    # not detected
+		"")
+		    pp_warn "detected no binaries: using target noarch"
+		    pp_rpm_arch_seen=noarch;;
+		*)
+		    pp_debug "detected architecture $pp_rpm_arch_seen"
+	    esac
+	    pp_rpm_arch="$pp_rpm_arch_seen"
+	fi
+
+        . $pp_wrkdir/%fixup
+
+$pp_opt_debug && cat $specfile
+
+        pp_debug "creating: `pp_backend_rpm_names`"
+
+pp_debug "pp_rpm_arch_seen = <${pp_rpm_arch_seen}>"
+pp_debug "pp_rpm_arch = <${pp_rpm_arch}>"
+
+	HOME=$pp_wrkdir \
+	pp_verbose \
+        $pp_rpm_rpmbuild -bb \
+		--buildroot="$pp_destdir/" \
+                --target="${pp_rpm_arch}" \
+                --define='_unpackaged_files_terminate_build 0' \
+                --define='_use_internal_dependency_generator 0' \
+                `$pp_opt_debug && echo --verbose || echo --quiet` \
+                $pp_rpm_rpmbuild_extra_flags \
+		$specfile ||
+            pp_error "Problem creating RPM packages"
+
+	for f in `pp_backend_rpm_names`; do
+	    # The package might be in an arch-specific subdir
+	    pkgfile=not-found
+	    for dir in $pp_wrkdir/RPMS/${pp_rpm_arch} $pp_wrkdir/RPMS; do
+		if test -f $dir/$f; then
+		    pkgfile=$dir/$f
+		fi
+	    done
+	    if test x"$pkgfile" = x"not-found"; then
+                pp_error "Problem predicting RPM filename: $f"
+	    else
+		ln $pkgfile $pp_wrkdir/$f
+	    fi
+	done
+}
+
+pp_rpm_output_name () {
+    echo "${pp_rpm_name:-$name}`pp_rpm_subname "$1" -`-${pp_rpm_version:-$version}-${pp_rpm_release:-1}.${pp_rpm_arch}.rpm"
+}
+
+pp_backend_rpm_names () {
+    local cmp _subname
+    for cmp in $pp_components; do
+	pp_rpm_output_name $cmp
+    done
+}
+
+pp_backend_rpm_cleanup () {
+    :
+}
+
+pp_rpm_print_requires () {
+    local _subname _name
+
+    echo "CPU:$pp_rpm_arch"
+    ## XXX should be lines of the form (from file/ldd/objdump)
+    #    EXEC:/bin/sh
+    #    RTLD:libc.so.4:open
+    rpm -q --requires -p $pp_wrkdir/`pp_rpm_output_name $1` |sed -e '/^rpmlib(/d;s/ //g;s/^/RPM:/' | sort -u
+}
+
+pp_backend_rpm_install_script () {
+    local cmp _subname
+
+    echo "#!/bin/sh"
+    pp_install_script_common
+
+    cat <<.
+
+        cmp_to_pkgname () {
+	    local oi name
+	    if test x"\$1" = x"--only-installed"; then
+		#-- only print if installation detected
+		oi=false
+		shift
+	    else
+		oi=true
+	    fi
+            test x"\$*" = x"all" &&
+                set -- $pp_components
+            for cmp
+            do
+                case \$cmp in
+.
+    for cmp in $pp_components; do
+        _subname=`pp_rpm_subname $cmp -`
+         echo "$cmp) name=${pp_rpm_name:-$name}${_subname};;"
+    done
+    cat <<.
+                *) usage;;
+                esac
+		if \$oi || rpm -q "\$name" >/dev/null 2>/dev/null; then
+		    echo "\$name"
+		fi
+            done
+        }
+
+
+        cmp_to_pathname () {
+            test x"\$*" = x"all" &&
+                set -- $pp_components
+            for cmp
+            do
+                case \$cmp in
+.
+    for cmp in $pp_components; do
+        echo "$cmp) echo \${PP_PKGDESTDIR:-.}/`pp_rpm_output_name $cmp` ;;"
+    done
+    cat <<.
+                *) usage;;
+                esac
+            done
+        }
+
+	print_requires () {
+            test x"\$*" = x"all" &&
+                set -- $pp_components
+            for cmp
+            do
+                case \$cmp in
+.
+    for cmp in $pp_components; do
+        echo "$cmp) cat <<'._end'"
+	pp_rpm_print_requires $cmp
+        echo "._end"; echo ';;'
+    done
+    cat <<.
+                *) usage;;
+                esac
+            done
+        }
+
+        test \$# -eq 0 && usage
+        op="\$1"; shift
+        case "\$op" in
+            list-components)
+                test \$# -eq 0 || usage \$op
+                echo $pp_components
+                ;;
+            list-services)
+                test \$# -eq 0 || usage \$op
+                echo $pp_services
+                ;;
+            list-files)
+                test \$# -ge 1 || usage \$op
+                cmp_to_pathname "\$@"
+                ;;
+            install)
+                test \$# -ge 1 || usage \$op
+                verbose rpm -U --replacepkgs --oldpackage \
+                    \`cmp_to_pathname "\$@"\`
+                ;;
+            uninstall)
+                test \$# -ge 1 || usage \$op
+                pkgs=\`cmp_to_pkgname --only-installed "\$@"\`
+                if test -z "\$pkgs"; then
+                    verbosemsg "nothing to uninstall"
+                else
+                    verbose rpm -e \$pkgs
+                fi
+                ;;
+            start|stop)
+                test \$# -ge 1 || usage \$op
+                ec=0
+                for svc
+                do
+                    verbose /etc/init.d/\$svc \$op || ec=1
+                done
+                exit \$ec
+                ;;
+            print-platform)
+                test \$# -eq 0 || usage \$op
+		echo "linux-${pp_rpm_arch}"
+		;;
+            print-requires)
+                test \$# -ge 1 || usage \$op
+                print_requires "\$@"
+		;;
+            *)
+                usage
+                ;;
+        esac
+.
+
+}
+
+pp_backend_rpm_probe () {
+        echo "${pp_rpm_distro}-${pp_rpm_arch_std}"
+}
+
+pp_backend_rpm_vas_platforms () {
+    case "$pp_rpm_arch_std" in
+	x86_64)	echo "linux-x86_64.rpm linux-x86.rpm";;
+	*86)	echo "linux-x86.rpm";;
+	s390)	echo "linux-s390";;
+	s390x)	echo "linux-s390x";;
+	ppc*)	echo "linux-glibc23-ppc64 linux-glibc22-ppc64";;
+	ia64)	echo "linux-ia64";;
+	*)	pp_die "unknown architecture $pp_rpm_arch_std";;
+    esac
+}
+
+pp_backend_rpm_init_svc_vars () {
+    pp_rpm_default_start_runlevels="2 3 4 5"
+    pp_rpm_default_svc_description="No description"
+}
+
+pp_rpm_service_install_common () {
+    cat <<-'.'
+
+        _pp_install_service () {
+            local svc level
+            svc="$1"
+            if [ -x /usr/lib/lsb/install_initd -a ! -r /etc/redhat-release ]
+            then
+                # LSB-style install
+                /usr/lib/lsb/install_initd /etc/init.d/$svc &> /dev/null
+            elif [ -x /sbin/chkconfig ]; then
+                # Red Hat/chkconfig-style install
+                /sbin/chkconfig --add $svc &> /dev/null
+                /sbin/chkconfig $svc off &> /dev/null
+            else
+		: # manual links under /etc/init.d
+            fi
+        }
+
+        _pp_enable_service () {
+            local svc level
+            svc="$1"
+            if [ -x /usr/lib/lsb/install_initd -a ! -r /etc/redhat-release ]
+            then
+                # LSB-style install
+		: # not sure how to enable
+            elif [ -x /sbin/chkconfig ]; then
+                # Red Hat/chkconfig-style install
+                /sbin/chkconfig $svc on &> /dev/null
+            else
+                # manual install
+                set -- `sed -n -e 's/^# Default-Start://p' /etc/init.d/$svc`
+                start_priority=`sed -n -e 's/^# X-Quest-Start-Priority:[[:space:]]*//p' /etc/init.d/$svc`
+                stop_priority=`sed -n -e 's/^# X-Quest-Stop-Priority:[[:space:]]*//p' /etc/init.d/$svc`
+
+                # Provide default start & stop priorities of 20 & 80 in
+                # accordance with Debian update-rc.d defaults
+                if [ -z "$start_priority" ]; then
+                    start_priority=20
+                fi
+                if [ -z "$stop_priority" ]; then
+                    stop_priority=80
+                fi
+                    
+                if [ -d "/etc/rc.d" ];then
+                    rcdir=/etc/rc.d
+                else
+                    rcdir=/etc
+                fi
+
+                for level
+                do ln -sf /etc/init.d/$svc $rcdir/rc$level.d/S$start_priority$svc; done
+                set -- `sed -n -e 's/^# Default-Stop://p' /etc/init.d/$svc`
+                for level
+                do ln -sf /etc/init.d/$svc $rcdir/rc$level.d/K$stop_priority$svc; done
+            fi
+        }
+.
+}
+
+pp_rpm_service_remove_common () {
+    cat <<-'.'
+
+        _pp_remove_service () {
+            local svc
+            svc="$1"
+            /etc/init.d/$svc stop >/dev/null 2>&1
+            if [ -x /usr/lib/lsb/remove_initd -a ! -r /etc/redhat-release ]
+            then
+                /usr/lib/lsb/remove_initd /etc/init.d/$svc &> /dev/null
+            elif [ -x /sbin/chkconfig ]; then
+                /sbin/chkconfig --del $svc &> /dev/null
+            else
+                if [ -d "/etc/rc.d" ];then
+                    rcdir=/etc/rc.d
+                else
+                    rcdir=/etc
+                fi
+
+                rm -f $rcdir/rc?.d/[SK]??$svc
+            fi
+        }
+.
+}
+
+
+pp_rpm_service_install () {
+    pp_rpm_service_make_init_script $1 >/dev/null ||
+        pp_error "could not create init script for service $1"
+    echo "_pp_install_service $1"
+    test $enable = yes && echo "_pp_enable_service $1"
+}
+
+pp_rpm_service_remove () {
+    cat <<-.
+        if [ "\$1" = "remove" -o "\$1" = "0" ]; then
+            # only remove the service if not upgrade
+            _pp_remove_service $1
+        fi
+.
+}
+
+
+pp_backend_rpm_init_svc_vars () {
+
+    reload_signal=
+    start_runlevels=${pp_rpm_default_start_runlevels}   # == lsb default-start
+    stop_runlevels="0 1 6"                              # == lsb default-stop
+    svc_description="${pp_rpm_default_svc_description}" # == lsb short descr
+    svc_process=
+
+    lsb_required_start='$local_fs $network'
+    lsb_should_start=
+    lsb_required_stop=
+    lsb_description=
+
+    start_priority=50
+    stop_priority=50            #-- stop_priority = 100 - start_priority
+}
+
+pp_rpm_service_group_make_init_script () {
+    local grp=$1
+    local svcs="$2"
+    local script=/etc/init.d/$grp
+    local out=$pp_destdir$script
+
+    pp_add_file_if_missing $script run 755 || return 0
+
+    cat <<-. >>$out
+	#!/bin/sh
+	svcs="$svcs"
+.
+
+    cat <<-'.' >>$out
+
+        #-- prints usage message
+        pp_usage () {
+            echo "usage: $0 {start|stop|status|restart|reload|condrestart|try-restart|force-reload}" >&2
+            return 2
+        }
+
+        #-- starts services in order.. stops them all if any break
+        pp_start () {
+            undo=
+            for svc in $svcs; do
+                if /etc/init.d/$svc start; then
+                    undo="$svc $undo"
+                else
+                    if test -n "$undo"; then
+                        for svc in $undo; do
+                           /etc/init.d/$svc stop
+                        done
+                        return 1
+                    fi
+                fi
+            done
+            return 0
+        }
+
+        #-- stops services in reverse
+        pp_stop () {
+            reverse=
+            for svc in $svcs; do
+                reverse="$svc $reverse"
+            done
+            rc=0
+            for svc in $reverse; do
+                /etc/init.d/$svc stop || rc=$?
+            done
+            return $rc
+        }
+
+        #-- returns true only if all services return true status
+        pp_status () {
+            rc=0
+            for svc in $svcs; do
+                /etc/init.d/$svc status || rc=$?
+            done
+            return $rc
+        }
+
+        pp_reload () {
+            rc=0
+            for svc in $svcs; do
+                /etc/init.d/$svc reload || rc=$?
+            done
+            return $rc
+        }
+
+        case "$1" in
+            start)          pp_start;;
+            stop)           pp_stop;;
+            restart)        pp_stop; pp_start;;
+            status)         pp_status;;
+            try-restart|condrestart)
+                            if pp_status >/dev/null; then
+                                    pp_restart
+                            fi;;
+            reload)         pp_reload;;
+            force-reload)   if pp_status >/dev/null; then
+                                    pp_reload
+                            else
+                                    pp_restart
+                            fi;;
+            *)              pp_usage;;
+        esac
+.
+    chmod 755 $out
+}
+
+pp_rpm_service_make_init_script () {
+    local svc=$1
+    local script=/etc/init.d/$svc
+    local out=$pp_destdir$script
+    local _process _cmd _rpmlevels
+
+    pp_add_file_if_missing $script run 755 || return 0
+
+    #-- start out as an empty shell script
+    cat <<-'.' >$out
+	#!/bin/sh
+.
+
+    #-- determine the process name from $cmd unless $svc_process is given
+    set -- $cmd
+    _process=${svc_process:-"$1"}
+
+    #-- construct a start command that builds a pid file if needed
+    _cmd="$cmd";
+    if test -z "$pidfile"; then
+        pidfile=/var/run/$svc.pid
+        _cmd="$cmd & echo \$! > \$pidfile"
+    fi
+    if test "$user" != "root"; then
+        _cmd="su $user -c exec $_cmd";
+    fi
+
+    #-- generate the Red Hat chkconfig headers
+    _rpmlevels=`echo $start_runlevels | tr -d ' '`
+    cat <<-. >>$out
+	# chkconfig: ${_rpmlevels:--} ${start_priority:-50} ${stop_priority:-50}
+	# description: ${svc_description:-no description}
+	# processname: ${_process}
+	# pidfile: ${pidfile}
+.
+
+    #-- generate the LSB init info
+    cat <<-. >>$out
+	### BEGIN INIT INFO
+	# Provides: ${svc}
+	# Required-Start: ${lsb_required_start}
+	# Should-Start: ${lsb_should_start}
+	# Required-Stop: ${lsb_required_stop}
+	# Default-Start: ${start_runlevels}
+	# Default-Stop: ${stop_runlevels}
+	# Short-Description: ${svc_description}
+	### END INIT INFO
+	# Generated by PolyPackage ${pp_version}
+	# ${copyright}
+
+.
+
+    if test x"${svc_description}" = x"${pp_rpm_default_svc_description}"; then
+        svc_description=
+    fi
+
+    #-- write service-specific definitions
+    cat <<. >>$out
+	#-- definitions specific to service ${svc}
+	svc_name="${svc_description:-$svc service}"
+	user="${user}"
+	pidfile="${pidfile}"
+	stop_signal="${stop_signal}"
+	reload_signal="${reload_signal}"
+	pp_exec_cmd () { $_cmd; }
+.
+
+    #-- write the generic part of the init script
+    cat <<'.' >>$out
+
+        #-- use system message logging, if available
+        if [ -f /lib/lsb/init-functions -a ! -r /etc/redhat-release ]; then
+            . /lib/lsb/init-functions
+            pp_success_msg () { log_success_msg "$@"; }
+            pp_failure_msg () { log_failure_msg "$@"; }
+            pp_warning_msg () { log_warning_msg "$@"; }
+        elif [ -f /etc/init.d/functions ]; then
+            . /etc/init.d/functions
+            pp_success_msg () { echo -n "$*"; success "$@"; echo; }
+            pp_failure_msg () { echo -n "$*"; failure "$@"; echo; }
+            pp_warning_msg () { echo -n "$*"; warning "$@"; echo; }
+        else
+            pp_success_msg () { echo ${1:+"$*:"} OK; }
+            pp_failure_msg () { echo ${1:+"$*:"} FAIL; }
+            pp_warning_msg () { echo ${1:+"$*:"} WARNING; }
+        fi
+
+        #-- prints a status message
+        pp_msg () { echo -n "$*: "; }
+
+        #-- prints usage message
+        pp_usage () {
+            echo "usage: $0 {start|stop|status|restart|reload|condrestart|try-restart|force-reload}" >&2
+            return 2
+        }
+
+        #-- reloads the service, if possible
+        #   returns 0=success 1=failure 3=unimplemented
+        pp_reload () {
+            test -n "$reload_signal" || return 3 # unimplemented
+            pp_msg "Reloading ${svc_name}"
+            if pp_signal -${reload_signal}; then
+                pp_success_msg
+                return 0
+            else
+                pp_failure_msg "not running"
+                return 1
+            fi
+        }
+
+        #-- delivers signal $1 to the pidfile
+        #   returns 0=success 1=failure
+        pp_signal () {
+            if test -r "$pidfile"; then
+                read pid < $pidfile
+                kill "$@" "$pid" 2>/dev/null
+            else
+                return 1
+            fi
+        }
+
+        #-- prints information about the service status
+        #   returns 0=running 1=crashed 3=stopped
+        pp_status () {
+            pp_msg "Checking for ${svc_name}"
+            if pp_signal -0; then
+                pp_success_msg "running"
+                return 0
+            elif test -r "$pidfile"; then
+                pp_failure_msg "not running (crashed)"
+                return 1
+            else
+                pp_failure_msg "not running"
+                return 3
+            fi
+        }
+
+        #-- starts the service
+        #   returns 0=success 1=failure
+        pp_start () {
+            pp_msg "Starting ${svc_name}"
+            if pp_status >/dev/null; then
+                pp_warning_msg "already started"
+                return 0
+            elif pp_exec_cmd; then
+                pp_success_msg
+                return 0
+            else
+                pp_failure_msg "cannot start"
+                return 1
+            fi
+        }
+
+        #-- stops the service
+        #   returns 0=success (always)
+        pp_stop () {
+            pp_msg "Stopping ${svc_name}"
+            if pp_signal -${stop_signal}; then
+                pp_success_msg
+            else
+                pp_success_msg "already stopped"
+            fi
+            rm -f "$pidfile"
+            return 0
+        }
+
+        #-- stops and starts the service
+        pp_restart () {
+            pp_stop
+            pp_start
+        }
+
+        case "$1" in
+            start)          pp_start;;
+            stop)           pp_stop;;
+            restart)        pp_restart;;
+            status)         pp_status;;
+            try-restart|condrestart)
+                            if pp_status >/dev/null; then
+                                    pp_restart
+                            fi;;
+            reload)         pp_reload;;
+            force-reload)   if pp_status >/dev/null; then
+                                    pp_reload
+                            else
+                                    pp_restart
+                            fi;;
+            *)              pp_usage;;
+        esac
+
+.
+    chmod 755 $out
+}
+pp_backend_rpm_function () {
+    case $1 in
+        pp_mkgroup) cat<<'.';;
+            /usr/sbin/groupadd -f -r "$1"
+.
+        pp_mkuser:depends) echo pp_mkgroup;;
+        pp_mkuser) cat<<'.';;
+            pp_mkgroup "${2:-$1}" || return 1
+            /usr/sbin/useradd \
+		-g "${2:-$1}" \
+		-M -d "${3:-/nonexistent}" \
+		-s "${4:-/bin/false}" \
+		-r "$1"
+.
+        pp_havelib) cat<<'.';;
+            for pp_tmp_dir in `echo "/usr/lib:/lib${3:+:$3}" | tr : ' '`; do
+                test -r "$pp_tmp_dir/lib$1.so{$2:+.$2}" && return 0
+            done
+            return 1
+.
+	*) false;;
+    esac
+}
+
+: NOTES <<.
+
+ # creating a dmg file for publishing on the web
+    hdiutil create -srcfolder /path/foo foo.dmg
+    hdiutil internet-enable -yes /path/foo.dmg
+ # Layout for packages
+    <name>-<cpy>/component/<file>
+    <name>-<cpt>/extras/postinstall
+    <name>-<cpt>/extras/postupgrade
+ # /Developer/usr/bin/packagemaker (man packagemaker)
+
+    Make a bunch of packages, and then build a 'distribution'
+    which is only understood by macos>10.4
+
+ # Message files in the resource path used are
+    Welcome.{rtf,html,rtfd,txt} - limited text shown in Intro
+    ReadMe.{rtf,html,rtfd,txt} - scrollable/printable, after Intro
+    License.{rtf,html,rtfd,txt} - ditto, user must click 'Accept'
+    background.{jpg,tif,gif,pict,eps,pdf} 620x418 background image
+
+ # These scripts looked for in the resource path
+    InstallationCheck $pkgpath $defaultloc $targetvol
+	0:ok 32:warn 32+x:warn[1] 64:stop 96+x:stop[2]
+    VolumeCheck $volpath
+	0:ok 32:failure 32+x:failure[3]
+    preflight   $pkgpath $targetloc $targetvol    [priv]
+    preinstall  $pkgpath $targetloc $targetvol    [priv]
+    preupgrade  $pkgpath $targetloc $targetvol    [priv]
+    postinstall $pkgpath $targetloc $targetvol    [priv]
+    postupgrade $pkgpath $targetloc $targetvol    [priv]
+    postflight  $pkgpath $targetloc $targetvol    [priv]
+	0:ok else fail (for all scripts)
+
+    A detailed reason is deduced by finding an index x (16..31)
+    in the file InstallationCheck.strings or VolumeCheck.strings.
+
+    Scripts marked [priv] are executed with root privileges.
+    None of the [priv] scripts are used by metapackages.
+
+ # Default permissions
+    Permissions of existing directories should match those
+    of a clean install of the OS; typically root:admin 0775
+    New directories or files should be 0775 or 0664 with the
+    appropriate user:group.
+    Exceptions:
+	/etc	root:admin 0755
+	/var    root:admin 0755
+
+    <http://developer.apple.com/documentation/DeveloperTools/Conceptual/SoftwareDistribution4/Concepts/sd_pkg_flags.html>
+    Info.plist = {
+     CFBundleGetInfoString: "1.2.3, Quest Software, Inc.",
+     CFBundleIdentifier: "com.quest.rc.openssh",
+     CFBundleShortVersionString: "1.2.3",
+     IFMajorVersion: 1,
+     IFMinorVersion: 2,
+     IFPkgFlagAllowBackRev: false,
+     IFPkgFlagAuthorizationAction: "AdminAuthorization",
+     IFPkgFlagDefaultLocation: "/",
+     IFPkgFlagFollowLinks: true,
+     IFPkgFlagInstallFat: false,
+     IFPkgFlagInstalledSize: <integer>,	    # this is added by packagemaker
+     IFPkgFlagIsRequired: false,
+     IFPkgFlagOverwritePermissions: false,
+     IFPkgFlagRelocatable: false,
+     IFPkgFlagRestartAction: "NoRestart",
+     IFPkgFlagRootVolumeOnly: false,
+     IFPkgFlagUpdateInstalledLanguages: false,
+     IFPkgFormatVersion= 0.10000000149011612,
+     IFRequirementDicts: [ {
+       Level = "requires",
+       SpecArgument = "/opt/quest/lib/libvas.4.2.0.dylib",
+       SpecType = "file",
+       TestObject = true,
+       TestOperator = "eq", } ]
+    }
+
+    Description.plist = {
+     IFPkgDescriptionDescription = "this is the description text",
+     IFPkgDescriptionTitle = "quest-openssh"
+    }
+
+ # Startup scripts
+    'launchd' is a kind of combined inetd and rc/init.d system.
+    <http://developer.apple.com/documentation/MacOSX/Conceptual/BPSystemStartup/Articles/DesigningDaemons.html>
+    Create a /Library/LaunchDaemons/$daemonname.plist file
+    Examples found in /System/Library/LaunchDaemons/
+    See manual page launchd.plist(5) for details:
+
+    { Label: "com.quest.vintela.foo",                        # required
+      Program: "/sbin/program",
+      ProgramArguments: [ "/sbin/program", "arg1", "arg2" ], # required
+      RunAtLoad: true,
+      WatchPaths: [ "/etc/crontab" ],
+      QueueDirectories: [ "/var/cron/tabs" ],
+      inetdCompatibility: { Wait: false },                   # inetd-only
+      OnDemand: false,                                       # recommended
+      SessionCreate: true,
+      UserName: "nobody",
+      InitGroups: true,
+      Sockets: {                                             # inetd only
+	Listeners: {
+	   SockServiceName: "ssh",
+	   Bonjour: ["ssh", "sftp-ssh"], } },
+      Disabled: false,
+      StandardErrorPath: "/dev/null",
+    }
+
+
+    How to add a new user
+	dscl . -create /Users/$user
+	dscl . -create /Users/$user UserShell /bin/bash
+	dscl . -create /Users/$user RealName "$user"
+	dscl . -create /Users/$user UniqueID $uid
+	dscl . -create /Users/$user PrimaryGroupID $gid
+	dscl . -create /Users/$user NFSHomeDirectory /Users/$user
+	dscl . -passwd /Users/$user "$passwd"
+	mkdir /Users/$user
+	chown $uid.$gid /Users/$user
+
+.
+
+
+pp_platforms="$pp_platforms macos"
+
+pp_backend_macos_detect () {
+    [ x"$1" = x"Darwin" ]
+}
+
+pp_backend_macos_init () {
+    pp_macos_default_bundle_id_prefix="com.quest.rc."
+    pp_macos_bundle_id=
+    pp_macos_bundle_vendor=
+    pp_macos_bundle_version=
+    pp_macos_bundle_info_string=
+    pp_macos_prog_packagemaker=/Developer/usr/bin/packagemaker
+    pp_macos_pkg_domain=anywhere
+    pp_macos_pkg_extra_flags=
+}
+
+pp_macos_plist () {
+    typeset in
+    in=""
+    while test $# -gt 0; do
+     case "$1" in
+
+      start-plist) cat <<-.; in="  "; shift ;;
+	<?xml version="1.0" encoding="UTF-8"?>
+	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+	<plist version="1.0">
+.
+      end-plist) echo "</plist>"; in=; shift;;
+
+      '[')   echo "$in<array>"; in="$in  "; shift;;
+      ']')   echo "$in</array>"; in="${in#  }"; shift;;
+      '{')   echo "<dict>"; in="$in      "; shift;;
+      '}')   echo "</dict>"; in="${in#      }"; shift;;
+      key)         shift; echo "$in<key>$1</key>"; shift;;
+      string)      shift;
+		   echo "$1" | sed -e 's/&/&amp;/g;s/</\&lt;/g;s/>/\&gt;/g;' \
+				   -e 's/^/'"$in"'<string>/;s/$/<\/string>/';
+		   shift;;
+      true)        echo "$in<true/>"; shift;;
+      false)       echo "$in<false/>"; shift;;
+      real)        shift; echo "$in<real>$1</real>"; shift;;
+      integer)     shift; echo "$in<integer>$1</integer>"; shift;;
+      date)        shift; echo "$in<date>$1</date>"; shift;; # ISO 8601 format
+      data)        shift; echo "$in<data>$1</data>"; shift;; # base64 encoded
+      *)	   pp_error "pp_macos_plist: bad argument '$1'"; shift;;
+     esac
+    done
+}
+
+pp_macos_rewrite_cpio () {
+    typeset script
+    script=$pp_wrkdir/cpio-rewrite.pl
+    # rely on the fact that OS X comes with perl. It is a little easier to
+    # re-write a binary stream with perl than it is with posix :)
+    #
+    # A CPIO header block has octal fields at the following offset/lengths:
+    #   0  6 magic
+    #   6  6 dev
+    #  12  6 ino
+    #  18  6 mode
+    #  24  6 uid
+    #  30  6 gid
+    #  36  6 nlink
+    #  42  6 rdev
+    #  48 11 mtime
+    #  59  6 namesize
+    #  65 11 filesize
+    #  76    --
+    cat <<-'.' >$script
+	while (<DATA>) {
+		my ($type,$mode,$uid,$gid,$flags,$name) =
+		    m/^(.) (\d+) (\S+) (\S+) (\S+) (.*)/;
+		$uid = 0 if $uid eq "-";
+		$gid = 0 if $gid eq "-";
+		if ($uid ne "=" and $uid =~ m/\D/) {
+			my @pw = getpwnam($uid) or die "bad username '$uid'";
+			$uid = $pw[2];
+		}
+		if ($gid ne "=" and $gid =~ m/\D/) {
+			my @gr = getgrnam($gid) or die "bad group '$gid'";
+			$gid = $gr[2];
+		}
+		$name = ".".$name."\0";
+		$ok{$name} = 1;
+		$uid{$name} = sprintf("%06o",int($uid)) unless $uid eq "=";
+		$gid{$name} = sprintf("%06o",int($gid)) unless $gid eq "=";
+		$mode{$name} = sprintf("%06o",oct($mode)) unless $mode eq "=";
+	}
+	$ok{"TRAILER!!!\0"} = 1;
+	while (!eof STDIN) {
+		read STDIN, $header, 76;
+		die "bad magic" unless $header =~ m/^070707/;
+		$namesize = oct(substr($header,59,6));
+		$filesize = oct(substr($header,65,11));
+		read STDIN, $name, $namesize;
+		# convert uid and gid to 0
+		substr($header, 24, 6) = $uid{$name} if defined($uid{$name});
+		substr($header, 30, 6) = $gid{$name} if defined($gid{$name});
+		substr($header, 18, 6) = $mode{$name} if defined($mode{$name});
+		print ($header, $name) if $ok{$name};
+		# copy-through the file data
+		while ($filesize > 0) {
+			my $seg = 8192;
+			$seg = $filesize if $filesize < $seg;
+			undef $data;
+			read STDIN, $data, $seg;
+			print $data if $ok{$name};
+			$filesize -= $seg;
+		}
+	}
+	exit(0);
+	__DATA__
+.
+    # Append to the script the %files data
+    cat "$@" </dev/null >> $script
+    /usr/bin/perl $script || pp_error "pp_macos_rewrite_cpio error";
+}
+
+pp_macos_files_bom () {
+    typeset _l t m o g f p st owner
+    while read t m o g f p st; do
+	# make sure that $m is padded up to 4 digits long
+	case "$m" in
+	    ?) m="000$m";;
+	    ??) m="00$m";;
+	    ???) m="0$m";;
+	    ?????*) pp_fatal "pp_macos_writebom: mode '$m' too long";;
+	esac
+
+	# convert owner,group into owner/group in octal
+	case $o in -)	o=0;; esac
+	case $g in -)	g=0;; esac
+	owner=`pp_d2o $o`/`pp_d2o $g`
+
+	case $t in
+	    f)
+		echo ".$p	10$m	$owner	`
+		    /usr/bin/cksum < "${pp_destdir}$p" |
+		    awk '{print $2 "	" $1}'`";;
+	    d)
+		echo ".${p%/}	4$m	$owner";;
+	    s)
+		rl=`/usr/bin/readlink "${pp_destdir}$p"`
+		#test x"$rl" = x"$st" ||
+		#    pp_error "symlink mismatch $rl != $st"
+		echo ".$p	12$m	$owner	`
+		    /usr/bin/readlink -n "${pp_destdir}$p" |
+		    /usr/bin/cksum |
+		    awk '{print $2 "	" $1}'`	$st";;
+	esac
+    done
+}
+
+pp_macos_bom_fix_parents () {
+    perl -pe '
+	sub dirname { my $d=shift; $d=~s,/[^/]*$,,; $d; }
+	sub chk { my $d=shift;
+		  &chk(&dirname($d)) if $d =~ m,/,;
+		  unless ($seen{$d}++) {
+		      print "$d\t40755\t0/0\n";
+		  }
+		}
+	m/^\S+/;
+	&chk(&dirname($&));'
+}
+
+pp_macos_files_size () {
+    typeset _l t m o g f p st owner
+    while read t m o g f p st; do
+	case $t in
+	    f)	wc -c < "${pp_destdir}$p";;
+	    s)	echo 4095;;
+	    d)	;; # always seems to be zero
+	esac
+    done | awk '{n+=1+int($1/4096)} END {print n*4}'
+}
+
+pp_o2d () {
+    awk 'BEGIN { x=0; '`echo "$1" |
+	sed -e 's/./x=x*8+&;/g'`'print x;}' </dev/null
+}
+pp_d2o () {
+    case "$1" in
+	[0-7]) echo $1;;
+	*) awk 'BEGIN { printf("%o\n", 0+('"$1"'));}' < /dev/null;;
+    esac
+}
+
+pp_macos_mkbom () {
+    #/usr/bin/mkbom -i $1 $2
+    typeset path mode ugid size cksum linkpath
+    typeset bomstage
+
+    # Use mkbom if it understands -i (avoids a copy)
+    if /usr/bin/mkbom -i /dev/null "$2" 2>/dev/null; then
+	rm -f "$2"
+	/usr/bin/mkbom -i "$1" "$2"
+	return
+    fi
+
+    # On 10.4 we have this nonsense.
+    pp_warn "mkbom workaround: copying source files to staging area"
+
+    bomstage=$pp_wrkdir/bom_stage
+    while IFS='	' read path mode ugid size cksumi linkpath; do
+	if test -h "$pp_destdir/$path"; then
+	    /bin/ln -s "$linkpath" "$bomstage/$path"
+	else
+	    if test -d "$pp_destdir/$path"; then
+		/bin/mkdir -p "$bomstage/$path"
+	    else
+		/bin/cp "$pp_destdir/$path" "$bomstage/$path"
+	    fi
+	    /bin/chmod $mode "$bomstage/$path"
+	    /usr/sbin/chown `echo $ugid| tr / :` "$bomstage/$path"
+	fi
+    done <"$1"
+    (cd $bomstage && mkbom . $pp_wrkdir/bom_stage.bom) ||
+	pp_error "mkbom failed"
+    mv $pp_wrkdir/bom_stage.bom "$2"
+}
+
+pp_backend_macos () {
+    typeset pkgdir Contents Resources lprojdir
+    typeset Info_plist Description_plist
+    typeset bundle_vendor bundle_version size
+
+    mac_version=`sw_vers -productVersion`
+    bundle_vendor=${pp_macos_bundle_vendor:-$vendor}
+
+    if test -z "$pp_macos_bundle_version"; then
+        bundle_version=`echo "$version.0.0.0" | sed -n -e 's/[^0-9.]//g' \
+            -e 's/^\([0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\).*/\1/p'`
+        #if test x"$bundle_version" != x"$version"; then
+        #    pp_warn "converted version from '$version' to '$bundle_version'"
+        #fi
+    else
+        bundle_version="$pp_macos_bundle_version"
+    fi
+    source_version=`echo $version | sed 's/.*\.//'`
+
+    # build the package layout
+    pkgdir=$pp_wrkdir/$name.pkg
+    Contents=$pkgdir/Contents
+    Resources=$Contents/Resources
+    lprojdir=$Resources/en.lproj
+    mkdir $pkgdir $Contents $Resources $lprojdir ||
+	pp_fatal "Can't make package temporary directories"
+
+    echo "major: 1" > $Resources/package_version
+    echo "minor: 0" >> $Resources/package_version
+    echo "pmkrpkg1" > $Contents/PkgInfo
+    case $mac_version in
+        "10.6"*)
+            xattr -w "com.apple.TextEncoding" "macintosh;0" "$Resources/package_version"
+            xattr -w "com.apple.TextEncoding" "macintosh;0" "$Resources/PkgInfo"
+            ;;
+    esac
+
+    # compute the installed size
+    size=`cat $pp_wrkdir/%files.* | pp_macos_files_size`
+
+    #-- Create Info.plist
+    Info_plist=$Contents/Info.plist
+    pp_macos_plist \
+	start-plist \{ \
+	key CFBundleGetInfoString string \
+	    "${pp_macos_bundle_info_string:-$version $bundle_vendor}" \
+	key CFBundleIdentifier string \
+	    "${pp_macos_bundle_id:-$pp_macos_default_bundle_id_prefix$name}" \
+    key CFBundleName string "$name" \
+	key CFBundleShortVersionString string "$bundle_version" \
+	key IFMajorVersion integer 1 \
+	key IFMinorVersion integer 0 \
+	key IFPkgFlagAllowBackRev false \
+	key IFPkgFlagAuthorizationAction string "RootAuthorization" \
+	key IFPkgFlagDefaultLocation string "/" \
+	key IFPkgFlagFollowLinks true \
+	key IFPkgFlagInstallFat true \
+	key IFPkgFlagInstalledSize integer $size \
+	key IFPkgFlagIsRequired false \
+	key IFPkgFlagOverwritePermissions true \
+	key IFPkgFlagRelocatable false \
+	key IFPkgFlagRestartAction string "NoRestart" \
+	key IFPkgFlagRootVolumeOnly true \
+	key IFPkgFlagUpdateInstalledLanguages false \
+	key IFPkgFlagUseUserMask false \
+	key IFPkgFormatVersion real 0.10000000149011612 \
+	key SourceVersion string $source_version \
+	\} end-plist> $Info_plist
+
+    # write en.lproj/Description.plist
+    Description_plist=$lprojdir/Description.plist
+    pp_macos_plist \
+ 	start-plist \{ \
+        key IFPkgDescriptionDeleteWarning string "" \
+	    key IFPkgDescriptionDescription string "$pp_macos_bundle_info_string" \
+	    key IFPkgDescriptionTitle       string "$name" \
+	    key IFPkgDescriptionVersion string "$version" \
+ 	\} end-plist > $Description_plist
+
+ 	# write Resources/files
+    cat $pp_wrkdir/%files.* | awk '{print $6}' > $Resources/files
+
+    # write package size file
+    printf \
+"NumFiles 0
+InstalledSize $size
+CompressedSize 0
+" > $Resources/$name.sizes
+
+    # write Resources/postinstall
+    for cmp in $pp_components; do
+	if test -s $pp_wrkdir/%pre.$cmp; then
+	    if test ! -s $Resources/preinstall; then
+		echo "#!/bin/sh" > $Resources/preinstall
+		chmod +x $Resources/preinstall
+	    fi
+	    cat $pp_wrkdir/%pre.$cmp >> $Resources/preinstall
+	    echo : >> $Resources/preinstall
+	fi
+    done
+
+    # write Resources/postinstall
+    for cmp in $pp_components; do
+	if test -s $pp_wrkdir/%post.$cmp; then
+	    if test ! -s $Resources/postinstall; then
+		echo "#!/bin/sh" > $Resources/postinstall
+		chmod +x $Resources/postinstall
+	    fi
+	    cat $pp_wrkdir/%post.$cmp >> $Resources/postinstall
+	    echo : >> $Resources/postinstall
+	fi
+    done
+
+    # write Resources/postupgrade)
+    for cmp in $pp_components; do
+	if test -s $pp_wrkdir/%postup.$cmp; then
+	    if test ! -s $Resources/postupgrade; then
+		echo "#!/bin/sh" > $Resources/postupgrade
+		chmod +x $Resources/postupgrade
+	    fi
+	    cat $pp_wrkdir/%postup.$cmp >> $Resources/postupgrade
+	    echo : >> $Resources/postupgrade
+	fi
+    done
+
+    # write Resources/preremove)
+    for cmp in $pp_components; do
+	if test -s $pp_wrkdir/%preun.$cmp; then
+	    if test ! -s $Resources/preremove; then
+		echo "#!/bin/sh" > $Resources/preremove
+		chmod +x $Resources/preremove
+	    fi
+	    cat $pp_wrkdir/%preun.$cmp >> $Resources/preremove
+	    echo : >> $Resources/preremove
+	fi
+    done
+
+    # write Resources/postremove)
+    for cmp in $pp_components; do
+	if test -s $pp_wrkdir/%postun.$cmp; then
+	    if test ! -s $Resources/postremove; then
+		echo "#!/bin/sh" > $Resources/postremove
+		chmod +x $Resources/postremove
+	    fi
+	    cat $pp_wrkdir/%postun.$cmp >> $Resources/postremove
+	    echo : >> $Resources/postremove
+	fi
+    done
+
+    # write uninstall info
+    echo "version=$version" > $Resources/uninstall
+    if [ -n "$pp_macos_requires" ];then
+        echo "requires=$pp_macos_requires" >> $Resources/uninstall
+    fi
+
+    # Create the bill-of-materials (Archive.bom)
+    cat $pp_wrkdir/%files.* | pp_macos_files_bom | sort |
+	pp_macos_bom_fix_parents > $pp_wrkdir/tmp.bomls
+
+    pp_macos_mkbom $pp_wrkdir/tmp.bomls $Contents/Archive.bom
+
+    # Create the cpio archive (Archive.pax.gz)
+    # On 10.5, we used "-f -" to write explicitly to stdout
+    (
+    cd $pp_destdir &&
+    cat $pp_wrkdir/%files.* | awk '{ print "." $6 }' | sed '/\/$/d' | sort | /bin/pax -w -f - | gzip -9 -c > $Contents/Archive.pax.gz
+    )
+
+	rm -rf $pp_wrkdir/bom_stage
+}
+
+pp_backend_macos_cleanup () {
+    :
+}
+
+pp_backend_macos_names () {
+    echo ${name}.pkg
+}
+
+pp_backend_macos_install_script () {
+    echo '#!/bin/sh'
+    typeset pkgname platform
+
+    pkgname="`pp_backend_macos_names`"
+    platform="`pp_backend_macos_probe`"
+    pp_install_script_common
+
+    cat <<.
+	test \$# -eq 0 && usage
+	op="\$1"; shift
+
+	case "\$op" in
+	list-components)
+	    test \$# -eq 0 || usage \$op
+	    echo "$pp_components"
+	    ;;
+	list-services)
+	    test \$# -eq 0 || usage \$op
+	    echo "$pp_services"
+	    ;;
+	list-files)
+	    test \$# -ge 1 || usage \$op
+	    echo \${PP_PKGDESTDIR:-.}/"$pkgname"
+	    ;;
+	install)
+	    test \$# -ge 1 || usage \$op
+	    vol=/Volumes/pp\$\$
+	    pkg=\$vol/${name}-${version}.pkg
+	    hdiutil attach -readonly -mountpoint \$vol \
+		\${PP_PKGDESTDIR:-.}/"$pkgname"
+	    trap "hdiutil detach \$vol" 0
+	    installer -pkginfo -pkg \$pkg
+	    installer -verbose -pkg \$pkg -target /
+	    ;;
+	uninstall)
+	    test \$# -ge 1 || usage \$op
+	    # XXX
+	    echo "Uninstall not implemented" >&2
+	    exit 1;;
+	start|stop)
+	    test \$# -ge 1 || usage \$op
+	    ec=0
+	    for svc
+	    do
+		# XXX
+		echo "\${op} not implemented" >&2
+		ec=1
+	    done
+	    exit \$ec
+	    ;;
+	print-platform)
+	    echo "$platform"
+	    ;;
+	*)
+	    usage;;
+	esac
+.
+}
+
+pp_backend_macos_init_svc_vars () {
+    :
+}
+
+pp_backend_macos_probe () {
+    typeset name vers arch
+    case `sw_vers -productName` in
+         "Mac OS X") name="macos";;
+	 *)          name="unknown";;
+    esac
+    vers=`sw_vers -productVersion | sed -e 's/^\([^.]*\)\.\([^.]*\).*/\1\2/'`
+    arch=`arch`
+    echo "$name$vers-$arch"
+}
+
+pp_backend_macos_vas_platforms () {
+    echo "osx"    # XXX non-really sure what they do.. it should be "macos"
+}
+pp_backend_macos_function () {
+    case $1 in
+	_pp_macos_search_unused) cat<<'.';;
+	    # Find an unused value in the given path
+	    # args: path attribute minid [maxid]
+		pp_tmp_val=$3
+		while :; do
+		    test $pp_tmp_val -ge ${4:-999999} && return 1
+		    /usr/bin/dscl . -search "$1" "$2" $pp_tmp_val |
+			grep . > /dev/null || break
+		    pp_tmp_val=`expr $pp_tmp_val + 1`
+		done
+		echo $pp_tmp_val
+.
+        pp_mkgroup:depends) echo _pp_macos_search_unused;;
+        pp_mkgroup) cat<<'.';;
+	    set -e
+	    /usr/bin/dscl . -read /Groups/"$1" >/dev/null 2>&1 && return
+	    pp_tmp_gid=`_pp_macos_search_unused /Groups PrimaryGroupID 100`
+	    /usr/bin/dscl . -create /Groups/"$1"
+	    /usr/bin/dscl . -create /Groups/"$1" PrimaryGroupID $pp_tmp_gid
+	    /usr/bin/dscl . -create /Groups/"$1" RealName "Group $1"
+	    /usr/bin/dscl . -create /Groups/"$1" GroupMembership ""
+	    /usr/bin/dscl . -create /Groups/"$1" Password '*'
+.
+        pp_mkuser:depends) echo pp_mkgroup _pp_macos_search_unused;;
+        pp_mkuser) cat<<'.';;
+	    set -e
+	    /usr/bin/dscl . -read /Users/"$1" >/dev/null 2>&1 && return
+	    pp_tmp_uid=`_pp_macos_search_unused /Users UniqueID 100`
+	    pp_mkgroup "${2:-$1}"
+	    pp_tmp_gid=`/usr/bin/dscl . -read /Groups/"${2:-$1}" \
+		PrimaryGroupID | awk '{print $2}'`
+	    /usr/bin/dscl . -create /Users/"$1"
+	    /usr/bin/dscl . -create /Users/"$1" PrimaryGroupID $pp_tmp_gid
+	    /usr/bin/dscl . -create /Users/"$1" NFSHomeDirectory \
+				    "${3:-/var/empty}"
+	    /usr/bin/dscl . -create /Users/"$1" UserShell \
+				    "${4:-/usr/bin/false}"
+	    /usr/bin/dscl . -create /Users/"$1" RealName "$1"
+	    /usr/bin/dscl . -create /Users/"$1" UniqueID $pp_tmp_uid
+	    /usr/bin/dscl . -create /Users/"$1" Password '*'
+.
+        pp_havelib) cat<<'.';;
+	    # (use otool -L to find dependent libraries)
+            for pp_tmp_dir in `echo "${3:+$3:}/usr/local/lib:/lib:/usr/lib" |
+		    tr : ' '`; do
+                test -r "$pp_tmp_dir/lib$1{$2:+.$2}.dylib" && return 0
+            done
+            return 1
+.
+	*) false;;
+    esac
+}
+
+pp_platforms="$pp_platforms inst"
+
+pp_backend_inst_detect () {
+    case "$1" in
+	IRIX*)	return 0;;
+	*)	return 1;;
+    esac
+}
+
+pp_backend_inst_init () {
+    pp_readlink_fn=pp_ls_readlink
+}
+
+pp_backend_inst_create_idb()
+{
+    typeset t m o g f p st
+
+    while read t m o g f p st; do
+        if test x"$o" = x"-"; then
+            o="root"
+        fi
+        if test x"$g" = x"-"; then
+            g="sys"
+        fi
+        case "$t" in
+            f)  test x"$m" = x"-" && m=444
+                echo "f 0$m $o $g $p $p $name.sw.base"
+                ;;
+            d)  test x"$m" = x"-" && m=555
+                echo "d 0$m $o $g $p $p $name.sw.base"
+                ;;
+            s)  test x"$m" = x"-" && m=777
+                test x"$m" = x"777" ||
+                    pp_warn "$p: invalid mode $m for symlink, should be 777 or -"
+                echo "l 0$m $o $g $p $p $name.sw.base symval($st)"
+                ;;
+        esac
+    done
+}
+
+pp_backend_inst_create_spec()
+{
+    echo "product $name"
+    echo "    id \"${summary}. Version: ${version}\""
+    echo "    image sw"
+    echo "        id \"Software\""
+    echo "        version $version"
+    echo "        order 9999"
+    echo "        subsys base"
+    echo "            id \"Base Software\""
+    echo "            replaces self"
+    echo "            exp $name.sw.base"
+    echo "        endsubsys"
+    echo "    endimage"
+    echo "endproduct"
+}
+
+pp_backend_inst () {
+    curdir=`pwd`
+
+    cd "$pp_opt_wrkdir"
+
+    # initialize
+    pp_inst_tardist=tardist
+    pp_inst_spec=${name}.spec
+    pp_inst_idb=${name}.idb
+ 
+    rm -rf $pp_inst_tardist $pp_inst_spec $pp_inst_idb
+    mkdir -p $pp_inst_tardist
+
+    # Create idb file
+    (for _cmp in $pp_components; do
+        cat  %files.$_cmp | sort +4u -6 | pp_backend_inst_create_idb
+    done) >> $pp_inst_idb
+
+    pp_backend_inst_create_spec >> $pp_inst_spec
+
+    # Generate tardist
+    gendist -verbose -all -root / -source $pp_opt_destdir -idb $pp_inst_idb -spec $pp_inst_spec -dist $pp_inst_tardist $name
+    tar -cvf `pp_backend_inst_names` $pp_inst_tardist
+
+    cd "$curdir"
+}
+
+pp_backend_inst_cleanup () {
+    :
+}
+
+pp_backend_inst_names () {
+    echo ${name}-${version}.tardist
+}
+
+pp_backend_inst_install_script () {
+    :
+}
+
+pp_backend_inst_function () {
+    echo false
+}
+
+pp_backend_inst_init_svc_vars () {
+    :
+}
+
+pp_backend_inst_probe () {
+    cpu=`hinv|sed -n '/^CPU/{s/000 /k /;s/^CPU: //;s/ Process.*//;s/^MIPS //;p;q;}'|tr A-Z a-z`
+    echo irix`uname -r`-$cpu
+}
+
+pp_backend_inst_vas_platforms () {
+    echo "irix-65"
+}
+
+pp_platforms="$pp_platforms null"
+
+pp_backend_null_detect () {
+    ! :
+}
+
+pp_backend_null_init () {
+    :
+}
+
+
+pp_backend_null () {
+    :
+}
+
+pp_backend_null_cleanup () {
+    :
+}
+
+pp_backend_null_names () {
+    :
+}
+
+pp_backend_null_install_script () {
+    :
+}
+
+pp_backend_null_function () {
+    echo false
+}
+
+pp_backend_null_init_svc_vars () {
+    :
+}
+
+pp_backend_null_probe () {
+    echo unknown-unknown
+}
+
+pp_backend_null_vas_platforms () {
+:
+}
+
+
+quest_require_vas () {
+    typeset v d
+
+    if test $# -ne 1; then
+        return
+    fi
+    set -- `echo "$1" | tr . ' '` 0 0 0
+
+    for d
+    do
+        echo $d | grep '^[0-9][0-9]*$' > /dev/null ||
+            pp_error "quest_require_vas: Bad version component $d"
+    done
+
+    test $# -lt 4 &&
+            pp_error "quest_require_vas: missing version number"
+
+    case "$1.$2.$3.$4" in
+        *.0.0.0) v=$1;;
+        *.*.0.0) v=$1.$2;;
+        *.*.*.0) v=$1.$2.$3;;
+        *)       v=$1.$2.$3.$4;;
+    esac
+
+    cat <<.
+        if test -x /opt/quest/bin/vastool &&
+           /opt/quest/bin/vastool -v |
+            awk 'NR == 1 {print \$4}' |
+            awk -F. '{ if (\$1<$1 || \$1==$1 && ( \
+                           \$2<$2 || \$2==$2 && ( \
+                           \$3<$3 || \$2==$3 && ( \
+                           \$4<$4 )))) exit(1); }'
+        then
+            exit 0
+        else
+            echo "Requires VAS $v or later"
+            exit 1
+        fi
+.
+}
+pp_main ${1+"$@"}
diff --git a/sudo-1.7.4p4/pwutil.c b/sudo-1.7.4p4/pwutil.c
new file mode 100644
index 0000000..35524f3
--- /dev/null
+++ b/sudo-1.7.4p4/pwutil.c
@@ -0,0 +1,632 @@
+/*
+ * Copyright (c) 1996, 1998-2005, 2007-2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+#  include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#ifdef HAVE_SETAUTHDB
+# include <usersec.h>
+#endif /* HAVE_SETAUTHDB */
+#include <pwd.h>
+#include <grp.h>
+
+#include "sudo.h"
+#include "redblack.h"
+
+/*
+ * The passwd and group caches.
+ */
+static struct rbtree *pwcache_byuid, *pwcache_byname;
+static struct rbtree *grcache_bygid, *grcache_byname;
+
+static int  cmp_pwuid	__P((const void *, const void *));
+static int  cmp_pwnam	__P((const void *, const void *));
+static int  cmp_grgid	__P((const void *, const void *));
+static int  cmp_grnam	__P((const void *, const void *));
+
+/*
+ * Compare by uid.
+ */
+static int
+cmp_pwuid(v1, v2)
+    const void *v1;
+    const void *v2;
+{
+    const struct passwd *pw1 = (const struct passwd *) v1;
+    const struct passwd *pw2 = (const struct passwd *) v2;
+    return(pw1->pw_uid - pw2->pw_uid);
+}
+
+/*
+ * Compare by user name.
+ */
+static int
+cmp_pwnam(v1, v2)
+    const void *v1;
+    const void *v2;
+{
+    const struct passwd *pw1 = (const struct passwd *) v1;
+    const struct passwd *pw2 = (const struct passwd *) v2;
+    return(strcasecmp(pw1->pw_name, pw2->pw_name));
+}
+
+#define FIELD_SIZE(src, name, size)			\
+do {							\
+	if (src->name) {				\
+		size = strlen(src->name) + 1;		\
+		total += size;				\
+	}                                               \
+} while (0)
+
+#define FIELD_COPY(src, dst, name, size)		\
+do {							\
+	if (src->name) {				\
+		memcpy(cp, src->name, size);		\
+		dst->name = cp;				\
+		cp += size;				\
+	}						\
+} while (0)
+
+/*
+ * Dynamically allocate space for a struct password and the constituent parts
+ * that we care about.  Fills in pw_passwd from shadow file.
+ */
+static struct passwd *
+sudo_pwdup(pw)
+    const struct passwd *pw;
+{
+    char *cp;
+    const char *pw_shell;
+    size_t nsize, psize, csize, gsize, dsize, ssize, total;
+    struct passwd *newpw;
+
+    /* If shell field is empty, expand to _PATH_BSHELL. */
+    pw_shell = (pw->pw_shell == NULL || pw->pw_shell[0] == '\0')
+	? _PATH_BSHELL : pw->pw_shell;
+
+    /* Allocate in one big chunk for easy freeing. */
+    nsize = psize = csize = gsize = dsize = ssize = 0;
+    total = sizeof(struct passwd);
+    FIELD_SIZE(pw, pw_name, nsize);
+    FIELD_SIZE(pw, pw_passwd, psize);
+#ifdef HAVE_LOGIN_CAP_H
+    FIELD_SIZE(pw, pw_class, csize);
+#endif
+    FIELD_SIZE(pw, pw_gecos, gsize);
+    FIELD_SIZE(pw, pw_dir, dsize);
+    /* Treat shell specially since we expand "" -> _PATH_BSHELL */
+    ssize = strlen(pw_shell) + 1;
+    total += ssize;
+
+    if ((cp = malloc(total)) == NULL)
+	    return(NULL);
+    newpw = (struct passwd *) cp;
+
+    /*
+     * Copy in passwd contents and make strings relative to space
+     * at the end of the buffer.
+     */
+    memcpy(newpw, pw, sizeof(struct passwd));
+    cp += sizeof(struct passwd);
+    FIELD_COPY(pw, newpw, pw_name, nsize);
+    FIELD_COPY(pw, newpw, pw_passwd, psize);
+#ifdef HAVE_LOGIN_CAP_H
+    FIELD_COPY(pw, newpw, pw_class, csize);
+#endif
+    FIELD_COPY(pw, newpw, pw_gecos, gsize);
+    FIELD_COPY(pw, newpw, pw_dir, dsize);
+    /* Treat shell specially since we expand "" -> _PATH_BSHELL */
+    memcpy(cp, pw_shell, ssize);
+    newpw->pw_shell = cp;
+
+    return(newpw);
+}
+
+/*
+ * Get a password entry by uid and allocate space for it.
+ * Fills in pw_passwd from shadow file if necessary.
+ */
+struct passwd *
+sudo_getpwuid(uid)
+    uid_t uid;
+{
+    struct passwd key, *pw;
+    struct rbnode *node;
+    char *cp;
+
+    key.pw_uid = uid;
+    if ((node = rbfind(pwcache_byuid, &key)) != NULL) {
+	pw = (struct passwd *) node->data;
+	goto done;
+    }
+    /*
+     * Cache passwd db entry if it exists or a negative response if not.
+     */
+#ifdef HAVE_SETAUTHDB
+    aix_setauthdb(IDtouser(uid));
+#endif
+    if ((pw = getpwuid(uid)) != NULL) {
+	pw = sudo_pwdup(pw);
+	cp = sudo_getepw(pw);		/* get shadow password */
+	if (pw->pw_passwd != NULL)
+	    zero_bytes(pw->pw_passwd, strlen(pw->pw_passwd));
+	pw->pw_passwd = cp;
+	if (rbinsert(pwcache_byuid, (void *) pw) != NULL)
+	    errorx(1, "unable to cache uid %lu (%s), already exists",
+		uid, pw->pw_name);
+    } else {
+	pw = emalloc(sizeof(*pw));
+	zero_bytes(pw, sizeof(*pw));
+	pw->pw_uid = uid;
+	if (rbinsert(pwcache_byuid, (void *) pw) != NULL)
+	    errorx(1, "unable to cache uid %lu, already exists", uid);
+    }
+#ifdef HAVE_SETAUTHDB
+    aix_restoreauthdb();
+#endif
+done:
+    return(pw->pw_name != NULL ? pw : NULL);
+}
+
+/*
+ * Get a password entry by name and allocate space for it.
+ * Fills in pw_passwd from shadow file if necessary.
+ */
+struct passwd *
+sudo_getpwnam(name)
+    const char *name;
+{
+    struct passwd key, *pw;
+    struct rbnode *node;
+    size_t len;
+    char *cp;
+
+    key.pw_name = (char *) name;
+    if ((node = rbfind(pwcache_byname, &key)) != NULL) {
+	pw = (struct passwd *) node->data;
+	goto done;
+    }
+    /*
+     * Cache passwd db entry if it exists or a negative response if not.
+     */
+#ifdef HAVE_SETAUTHDB
+    aix_setauthdb((char *) name);
+#endif
+    if ((pw = getpwnam(name)) != NULL) {
+	pw = sudo_pwdup(pw);
+	cp = sudo_getepw(pw);		/* get shadow password */
+	if (pw->pw_passwd != NULL)
+	    zero_bytes(pw->pw_passwd, strlen(pw->pw_passwd));
+	pw->pw_passwd = cp;
+	if (rbinsert(pwcache_byname, (void *) pw) != NULL)
+	    errorx(1, "unable to cache user %s, already exists", name);
+    } else {
+	len = strlen(name) + 1;
+	cp = emalloc(sizeof(*pw) + len);
+	zero_bytes(cp, sizeof(*pw));
+	pw = (struct passwd *) cp;
+	cp += sizeof(*pw);
+	memcpy(cp, name, len);
+	pw->pw_name = cp;
+	pw->pw_uid = (uid_t) -1;
+	if (rbinsert(pwcache_byname, (void *) pw) != NULL)
+	    errorx(1, "unable to cache user %s, already exists", name);
+    }
+#ifdef HAVE_SETAUTHDB
+    aix_restoreauthdb();
+#endif
+done:
+    return(pw->pw_uid != (uid_t) -1 ? pw : NULL);
+}
+
+/*
+ * Take a uid in string form "#123" and return a faked up passwd struct.
+ */
+struct passwd *
+sudo_fakepwnam(user, gid)
+    const char *user;
+    gid_t gid;
+{
+    struct passwd *pw;
+    struct rbnode *node;
+    size_t len;
+
+    len = strlen(user);
+    pw = emalloc(sizeof(struct passwd) + len + 1 /* pw_name */ +
+	sizeof("*") /* pw_passwd */ + sizeof("") /* pw_gecos */ +
+	sizeof("/") /* pw_dir */ + sizeof(_PATH_BSHELL));
+    zero_bytes(pw, sizeof(struct passwd));
+    pw->pw_uid = (uid_t) atoi(user + 1);
+    pw->pw_gid = gid;
+    pw->pw_name = (char *)pw + sizeof(struct passwd);
+    memcpy(pw->pw_name, user, len + 1);
+    pw->pw_passwd = pw->pw_name + len + 1;
+    memcpy(pw->pw_passwd, "*", 2);
+    pw->pw_gecos = pw->pw_passwd + 2;
+    pw->pw_gecos[0] = '\0';
+    pw->pw_dir = pw->pw_gecos + 1;
+    memcpy(pw->pw_dir, "/", 2);
+    pw->pw_shell = pw->pw_dir + 2;
+    memcpy(pw->pw_shell, _PATH_BSHELL, sizeof(_PATH_BSHELL));
+
+    /* Store by uid and by name, overwriting cached version. */
+    if ((node = rbinsert(pwcache_byuid, pw)) != NULL) {
+	efree(node->data);
+	node->data = (void *) pw;
+    }
+    if ((node = rbinsert(pwcache_byname, pw)) != NULL) {
+	efree(node->data);
+	node->data = (void *) pw;
+    }
+    return(pw);
+}
+
+/*
+ * Take a gid in string form "#123" and return a faked up group struct.
+ */
+struct group *
+sudo_fakegrnam(group)
+    const char *group;
+{
+    struct group *gr;
+    struct rbnode *node;
+    size_t len;
+
+    len = strlen(group);
+    gr = emalloc(sizeof(struct group) + len + 1);
+    zero_bytes(gr, sizeof(struct group));
+    gr->gr_gid = (gid_t) atoi(group + 1);
+    gr->gr_name = (char *)gr + sizeof(struct group);
+    strlcpy(gr->gr_name, group, len + 1);
+
+    /* Store by gid and by name, overwriting cached version. */
+    if ((node = rbinsert(grcache_bygid, gr)) != NULL) {
+	efree(node->data);
+	node->data = (void *) gr;
+    }
+    if ((node = rbinsert(grcache_byname, gr)) != NULL) {
+	efree(node->data);
+	node->data = (void *) gr;
+    }
+    return(gr);
+}
+
+void
+sudo_setpwent()
+{
+    setpwent();
+    sudo_setspent();
+    if (pwcache_byuid == NULL)
+	pwcache_byuid = rbcreate(cmp_pwuid);
+    if (pwcache_byname == NULL)
+	pwcache_byname = rbcreate(cmp_pwnam);
+}
+
+#ifdef PURIFY
+static void pw_free	__P((void *));
+
+void
+sudo_freepwcache()
+{
+    if (pwcache_byuid != NULL) {
+	rbdestroy(pwcache_byuid, pw_free);
+	pwcache_byuid = NULL;
+    }
+    if (pwcache_byname != NULL) {
+	rbdestroy(pwcache_byname, NULL);
+	pwcache_byname = NULL;
+    }
+}
+
+static void
+pw_free(v)
+    void *v;
+{
+    struct passwd *pw = (struct passwd *) v;
+
+    if (pw->pw_passwd != NULL) {
+	zero_bytes(pw->pw_passwd, strlen(pw->pw_passwd));
+	efree(pw->pw_passwd);
+    }
+    efree(pw);
+}
+#endif /* PURIFY */
+
+void
+sudo_endpwent()
+{
+    endpwent();
+    sudo_endspent();
+#ifdef PURIFY
+    sudo_freepwcache();
+#endif
+}
+
+/*
+ * Compare by gid.
+ */
+static int
+cmp_grgid(v1, v2)
+    const void *v1;
+    const void *v2;
+{
+    const struct group *grp1 = (const struct group *) v1;
+    const struct group *grp2 = (const struct group *) v2;
+    return(grp1->gr_gid - grp2->gr_gid);
+}
+
+/*
+ * Compare by group name.
+ */
+static int
+cmp_grnam(v1, v2)
+    const void *v1;
+    const void *v2;
+{
+    const struct group *grp1 = (const struct group *) v1;
+    const struct group *grp2 = (const struct group *) v2;
+    return(strcasecmp(grp1->gr_name, grp2->gr_name));
+}
+
+struct group *
+sudo_grdup(gr)
+    const struct group *gr;
+{
+    char *cp;
+    size_t nsize, psize, nmem, total, len;
+    struct group *newgr;
+
+    /* Allocate in one big chunk for easy freeing. */
+    nsize = psize = nmem = 0;
+    total = sizeof(struct group);
+    FIELD_SIZE(gr, gr_name, nsize);
+    FIELD_SIZE(gr, gr_passwd, psize);
+    if (gr->gr_mem) {
+	for (nmem = 0; gr->gr_mem[nmem] != NULL; nmem++)
+	    total += strlen(gr->gr_mem[nmem]) + 1;
+	nmem++;
+	total += sizeof(char *) * nmem;
+    }
+    if ((cp = malloc(total)) == NULL)
+	    return(NULL);
+    newgr = (struct group *)cp;
+
+    /*
+     * Copy in group contents and make strings relative to space
+     * at the end of the buffer.  Note that gr_mem must come
+     * immediately after struct group to guarantee proper alignment.
+     */
+    (void)memcpy(newgr, gr, sizeof(struct group));
+    cp += sizeof(struct group);
+    if (gr->gr_mem) {
+	newgr->gr_mem = (char **)cp;
+	cp += sizeof(char *) * nmem;
+	for (nmem = 0; gr->gr_mem[nmem] != NULL; nmem++) {
+	    len = strlen(gr->gr_mem[nmem]) + 1;
+	    memcpy(cp, gr->gr_mem[nmem], len);
+	    newgr->gr_mem[nmem] = cp;
+	    cp += len;
+	}
+	newgr->gr_mem[nmem] = NULL;
+    }
+    FIELD_COPY(gr, newgr, gr_passwd, psize);
+    FIELD_COPY(gr, newgr, gr_name, nsize);
+
+    return(newgr);
+}
+
+/*
+ * Get a group entry by gid and allocate space for it.
+ */
+struct group *
+sudo_getgrgid(gid)
+    gid_t gid;
+{
+    struct group key, *gr;
+    struct rbnode *node;
+
+    key.gr_gid = gid;
+    if ((node = rbfind(grcache_bygid, &key)) != NULL) {
+	gr = (struct group *) node->data;
+	goto done;
+    }
+    /*
+     * Cache group db entry if it exists or a negative response if not.
+     */
+    if ((gr = getgrgid(gid)) != NULL) {
+	gr = sudo_grdup(gr);
+	if (rbinsert(grcache_bygid, (void *) gr) != NULL)
+	    errorx(1, "unable to cache gid %lu (%s), already exists",
+		gid, gr->gr_name);
+    } else {
+	gr = emalloc(sizeof(*gr));
+	zero_bytes(gr, sizeof(*gr));
+	gr->gr_gid = gid;
+	if (rbinsert(grcache_bygid, (void *) gr) != NULL)
+	    errorx(1, "unable to cache gid %lu, already exists, gid");
+    }
+done:
+    return(gr->gr_name != NULL ? gr : NULL);
+}
+
+/*
+ * Get a group entry by name and allocate space for it.
+ */
+struct group *
+sudo_getgrnam(name)
+    const char *name;
+{
+    struct group key, *gr;
+    struct rbnode *node;
+    size_t len;
+    char *cp;
+
+    key.gr_name = (char *) name;
+    if ((node = rbfind(grcache_byname, &key)) != NULL) {
+	gr = (struct group *) node->data;
+	goto done;
+    }
+    /*
+     * Cache group db entry if it exists or a negative response if not.
+     */
+    if ((gr = getgrnam(name)) != NULL) {
+	gr = sudo_grdup(gr);
+	if (rbinsert(grcache_byname, (void *) gr) != NULL)
+	    errorx(1, "unable to cache group %s, already exists", name);
+    } else {
+	len = strlen(name) + 1;
+	cp = emalloc(sizeof(*gr) + len);
+	zero_bytes(cp, sizeof(*gr));
+	gr = (struct group *) cp;
+	cp += sizeof(*gr);
+	memcpy(cp, name, len);
+	gr->gr_name = cp;
+	gr->gr_gid = (gid_t) -1;
+	if (rbinsert(grcache_byname, (void *) gr) != NULL)
+	    errorx(1, "unable to cache group %s, already exists", name);
+    }
+done:
+    return(gr->gr_gid != (gid_t) -1 ? gr : NULL);
+}
+
+void
+sudo_setgrent()
+{
+    setgrent();
+    if (grcache_bygid == NULL)
+	grcache_bygid = rbcreate(cmp_grgid);
+    if (grcache_byname == NULL)
+	grcache_byname = rbcreate(cmp_grnam);
+}
+
+#ifdef PURIFY
+void
+sudo_freegrcache()
+{
+    if (grcache_bygid != NULL) {
+	rbdestroy(grcache_bygid, free);
+	grcache_bygid = NULL;
+    }
+    if (grcache_byname != NULL) {
+	rbdestroy(grcache_byname, NULL);
+	grcache_byname = NULL;
+    }
+}
+#endif /* PURIFY */
+
+void
+sudo_endgrent()
+{
+    endgrent();
+#ifdef PURIFY
+    sudo_freegrcache();
+#endif
+}
+
+int
+user_in_group(pw, group)
+    struct passwd *pw;
+    const char *group;
+{
+#ifdef HAVE_MBR_CHECK_MEMBERSHIP
+    uuid_t gu, uu;
+    int ismember;
+#else
+    char **gr_mem;
+    int i;
+#endif
+    struct group *grp;
+
+#ifdef HAVE_SETAUTHDB
+    aix_setauthdb(pw->pw_name);
+#endif
+    grp = sudo_getgrnam(group);
+#ifdef HAVE_SETAUTHDB
+    aix_restoreauthdb();
+#endif
+    if (grp == NULL)
+	return(FALSE);
+
+    /* check against user's primary (passwd file) gid */
+    if (grp->gr_gid == pw->pw_gid)
+	return(TRUE);
+
+#ifdef HAVE_MBR_CHECK_MEMBERSHIP
+    /* If we are matching the invoking user use the stashed uuid. */
+    if (strcmp(pw->pw_name, user_name) == 0) {
+	if (mbr_gid_to_uuid(grp->gr_gid, gu) == 0 &&
+	    mbr_check_membership(user_uuid, gu, &ismember) == 0 && ismember)
+	    return(TRUE);
+    } else {
+	if (mbr_uid_to_uuid(pw->pw_uid, uu) == 0 &&
+	    mbr_gid_to_uuid(grp->gr_gid, gu) == 0 &&
+	    mbr_check_membership(uu, gu, &ismember) == 0 && ismember)
+	    return(TRUE);
+    }
+#else /* HAVE_MBR_CHECK_MEMBERSHIP */
+# ifdef HAVE_GETGROUPS
+    /*
+     * If we are matching the invoking or list user and that user has a
+     * supplementary group vector, check it.
+     */
+    if (user_ngroups >= 0 &&
+	strcmp(pw->pw_name, list_pw ? list_pw->pw_name : user_name) == 0) {
+	for (i = 0; i < user_ngroups; i++) {
+	    if (grp->gr_gid == user_groups[i])
+		return(TRUE);
+	}
+    } else
+# endif /* HAVE_GETGROUPS */
+    {
+	if (grp != NULL && grp->gr_mem != NULL) {
+	    for (gr_mem = grp->gr_mem; *gr_mem; gr_mem++) {
+		if (strcmp(*gr_mem, pw->pw_name) == 0)
+		    return(TRUE);
+	    }
+	}
+    }
+#endif /* HAVE_MBR_CHECK_MEMBERSHIP */
+
+    return(FALSE);
+}
diff --git a/sudo-1.7.4p4/redblack.c b/sudo-1.7.4p4/redblack.c
new file mode 100644
index 0000000..95ac095
--- /dev/null
+++ b/sudo-1.7.4p4/redblack.c
@@ -0,0 +1,473 @@
+/*
+ * Copyright (c) 2004-2005, 2007,2009 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Adapted from the following code written by Emin Martinian:
+ * http://web.mit.edu/~emin/www/source_code/red_black_tree/index.html
+ *
+ * Copyright (c) 2001 Emin Martinian
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that neither the name of Emin
+ * Martinian nor the names of any contributors are be used to endorse or
+ * promote products derived from this software without specific prior
+ * written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+
+#include "sudo.h"
+#include "redblack.h"
+
+static void rbrepair		__P((struct rbtree *, struct rbnode *));
+static void rotate_left		__P((struct rbtree *, struct rbnode *));
+static void rotate_right	__P((struct rbtree *, struct rbnode *));
+static void _rbdestroy		__P((struct rbtree *, struct rbnode *,
+				    void (*)(void *)));
+
+/*
+ * Red-Black tree, see http://en.wikipedia.org/wiki/Red-black_tree
+ *
+ * A red-black tree is a binary search tree where each node has a color
+ * attribute, the value of which is either red or black.  Essentially, it
+ * is just a convenient way to express a 2-3-4 binary search tree where
+ * the color indicates whether the node is part of a 3-node or a 4-node.
+ * In addition to the ordinary requirements imposed on binary search
+ * trees, we make the following additional requirements of any valid
+ * red-black tree:
+ *  1) Every node is either red or black.
+ *  2) The root is black.
+ *  3) All leaves are black.
+ *  4) Both children of each red node are black.
+ *  5) The paths from each leaf up to the root each contain the same
+ *     number of black nodes.
+ */
+
+/*
+ * Create a red black tree struct using the specified compare routine.
+ * Allocates and returns the initialized (empty) tree.
+ */
+struct rbtree *
+rbcreate(compar)
+    int (*compar)__P((const void *, const void*));
+{
+    struct rbtree *tree;
+
+    tree = (struct rbtree *) emalloc(sizeof(*tree));
+    tree->compar = compar;
+
+    /*
+     * We use a self-referencing sentinel node called nil to simplify the
+     * code by avoiding the need to check for NULL pointers.
+     */
+    tree->nil.left = tree->nil.right = tree->nil.parent = &tree->nil;
+    tree->nil.color = black;
+    tree->nil.data = NULL;
+
+    /*
+     * Similarly, the fake root node keeps us from having to worry
+     * about splitting the root.
+     */
+    tree->root.left = tree->root.right = tree->root.parent = &tree->nil;
+    tree->root.color = black;
+    tree->root.data = NULL;
+
+    return(tree);
+}
+
+/*
+ * Perform a left rotation starting at node.
+ */
+static void
+rotate_left(tree, node)
+    struct rbtree *tree;
+    struct rbnode *node;
+{
+    struct rbnode *child;
+
+    child = node->right;
+    node->right = child->left;
+
+    if (child->left != rbnil(tree))
+        child->left->parent = node;
+    child->parent = node->parent;
+
+    if (node == node->parent->left)
+	node->parent->left = child;
+    else
+	node->parent->right = child;
+    child->left = node;
+    node->parent = child;
+}
+
+/*
+ * Perform a right rotation starting at node.
+ */
+static void
+rotate_right(tree, node)
+    struct rbtree *tree;
+    struct rbnode *node;
+{
+    struct rbnode *child;
+
+    child = node->left;
+    node->left = child->right;
+
+    if (child->right != rbnil(tree))
+        child->right->parent = node;
+    child->parent = node->parent;
+
+    if (node == node->parent->left)
+	node->parent->left = child;
+    else
+	node->parent->right = child;
+    child->right = node;
+    node->parent = child;
+}
+
+/*
+ * Insert data pointer into a redblack tree.
+ * Returns a NULL pointer on success.  If a node matching "data"
+ * already exists, a pointer to the existant node is returned.
+ */
+struct rbnode *
+rbinsert(tree, data)
+    struct rbtree *tree;
+    void *data;
+{
+    struct rbnode *node = rbfirst(tree);
+    struct rbnode *parent = rbroot(tree);
+    int res;
+
+    /* Find correct insertion point. */
+    while (node != rbnil(tree)) {
+	parent = node;
+	if ((res = tree->compar(data, node->data)) == 0)
+	    return(node);
+	node = res < 0 ? node->left : node->right;
+    }
+
+    node = (struct rbnode *) emalloc(sizeof(*node));
+    node->data = data;
+    node->left = node->right = rbnil(tree);
+    node->parent = parent;
+    if (parent == rbroot(tree) || tree->compar(data, parent->data) < 0)
+	parent->left = node;
+    else
+	parent->right = node;
+    node->color = red;
+
+    /*
+     * If the parent node is black we are all set, if it is red we have
+     * the following possible cases to deal with.  We iterate through
+     * the rest of the tree to make sure none of the required properties
+     * is violated.
+     *
+     *	1) The uncle is red.  We repaint both the parent and uncle black
+     *     and repaint the grandparent node red.
+     *
+     *  2) The uncle is black and the new node is the right child of its
+     *     parent, and the parent in turn is the left child of its parent.
+     *     We do a left rotation to switch the roles of the parent and
+     *     child, relying on further iterations to fixup the old parent.
+     *
+     *  3) The uncle is black and the new node is the left child of its
+     *     parent, and the parent in turn is the left child of its parent.
+     *     We switch the colors of the parent and grandparent and perform
+     *     a right rotation around the grandparent.  This makes the former
+     *     parent the parent of the new node and the former grandparent.
+     *
+     * Note that because we use a sentinel for the root node we never
+     * need to worry about replacing the root.
+     */
+    while (node->parent->color == red) {
+	struct rbnode *uncle;
+	if (node->parent == node->parent->parent->left) {
+	    uncle = node->parent->parent->right;
+	    if (uncle->color == red) {
+		node->parent->color = black;
+		uncle->color = black;
+		node->parent->parent->color = red;
+		node = node->parent->parent;
+	    } else /* if (uncle->color == black) */ {
+		if (node == node->parent->right) {
+		    node = node->parent;
+		    rotate_left(tree, node);
+		}
+		node->parent->color = black;
+		node->parent->parent->color = red;
+		rotate_right(tree, node->parent->parent);
+	    }
+	} else { /* if (node->parent == node->parent->parent->right) */
+	    uncle = node->parent->parent->left;
+	    if (uncle->color == red) {
+		node->parent->color = black;
+		uncle->color = black;
+		node->parent->parent->color = red;
+		node = node->parent->parent;
+	    } else /* if (uncle->color == black) */ {
+		if (node == node->parent->left) {
+		    node = node->parent;
+		    rotate_right(tree, node);
+		}
+		node->parent->color = black;
+		node->parent->parent->color = red;
+		rotate_left(tree, node->parent->parent);
+	    }
+	}
+    }
+    rbfirst(tree)->color = black;	/* first node is always black */
+    return(NULL);
+}
+
+/*
+ * Look for a node matching key in tree.
+ * Returns a pointer to the node if found, else NULL.
+ */
+struct rbnode *
+rbfind(tree, key)
+    struct rbtree *tree;
+    void *key;
+{
+    struct rbnode *node = rbfirst(tree);
+    int res;
+
+    while (node != rbnil(tree)) {
+	if ((res = tree->compar(key, node->data)) == 0)
+	    return(node);
+	node = res < 0 ? node->left : node->right;
+    }
+    return(NULL);
+}
+
+/*
+ * Call func() for each node, passing it the node data and a cookie;
+ * If func() returns non-zero for a node, the traversal stops and the
+ * error value is returned.  Returns 0 on successful traversal.
+ */
+int
+rbapply_node(tree, node, func, cookie, order)
+    struct rbtree *tree;
+    struct rbnode *node;
+    int (*func)__P((void *, void *));
+    void *cookie;
+    enum rbtraversal order;
+{
+    int error;
+
+    if (node != rbnil(tree)) {
+	if (order == preorder)
+	    if ((error = func(node->data, cookie)) != 0)
+		return(error);
+	if ((error = rbapply_node(tree, node->left, func, cookie, order)) != 0)
+	    return(error);
+	if (order == inorder)
+	    if ((error = func(node->data, cookie)) != 0)
+		return(error);
+	if ((error = rbapply_node(tree, node->right, func, cookie, order)) != 0)
+	    return(error);
+	if (order == postorder)
+	    if ((error = func(node->data, cookie)) != 0)
+		return(error);
+    }
+    return (0);
+}
+
+/*
+ * Returns the successor of node, or nil if there is none.
+ */
+static struct rbnode *
+rbsuccessor(tree, node)
+    struct rbtree *tree;
+    struct rbnode *node;
+{
+    struct rbnode *succ;
+
+    if ((succ = node->right) != rbnil(tree)) {
+	while (succ->left != rbnil(tree))
+	    succ = succ->left;
+    } else {
+	/* No right child, move up until we find it or hit the root */
+	for (succ = node->parent; node == succ->right; succ = succ->parent)
+	    node = succ;
+	if (succ == rbroot(tree))
+	    succ = rbnil(tree);
+    }
+    return(succ);
+}
+
+/*
+ * Recursive portion of rbdestroy().
+ */
+static void
+_rbdestroy(tree, node, destroy)
+    struct rbtree *tree;
+    struct rbnode *node;
+    void (*destroy)__P((void *));
+{
+    if (node != rbnil(tree)) {
+	_rbdestroy(tree, node->left, destroy);
+	_rbdestroy(tree, node->right, destroy);
+	if (destroy != NULL)
+	    destroy(node->data);
+	efree(node);
+    }
+}
+
+/*
+ * Destroy the specified tree, calling the destructor destroy
+ * for each node and then freeing the tree itself.
+ */
+void
+rbdestroy(tree, destroy)
+    struct rbtree *tree;
+    void (*destroy)__P((void *));
+{
+    _rbdestroy(tree, rbfirst(tree), destroy);
+    efree(tree);
+}
+
+/*
+ * Delete node 'z' from the tree and return its data pointer.
+ */
+void *rbdelete(tree, z)
+    struct rbtree *tree;
+    struct rbnode *z;
+{
+    struct rbnode *x, *y;
+    void *data = z->data;
+
+    if (z->left == rbnil(tree) || z->right == rbnil(tree))
+	y = z;
+    else
+	y = rbsuccessor(tree, z);
+    x = (y->left == rbnil(tree)) ? y->right : y->left;
+
+    if ((x->parent = y->parent) == rbroot(tree)) {
+	rbfirst(tree) = x;
+    } else {
+	if (y == y->parent->left)
+	    y->parent->left = x;
+	else
+	    y->parent->right = x;
+    }
+    if (y->color == black)
+	rbrepair(tree, x);
+    if (y != z) {
+	y->left = z->left;
+	y->right = z->right;
+	y->parent = z->parent;
+	y->color = z->color;
+	z->left->parent = z->right->parent = y;
+	if (z == z->parent->left)
+	    z->parent->left = y; 
+	else
+	    z->parent->right = y;
+    }
+    free(z); 
+    
+    return (data);
+}
+
+/*
+ * Repair the tree after a node has been deleted by rotating and repainting
+ * colors to restore the 4 properties inherent in red-black trees.
+ */
+static void
+rbrepair(tree, node)
+    struct rbtree *tree;
+    struct rbnode *node;
+{
+    struct rbnode *sibling;
+
+    while (node->color == black && node != rbroot(tree)) {
+	if (node == node->parent->left) {
+	    sibling = node->parent->right;
+	    if (sibling->color == red) {
+		sibling->color = black;
+		node->parent->color = red;
+		rotate_left(tree, node->parent);
+		sibling = node->parent->right;
+	    }
+	    if (sibling->right->color == black && sibling->left->color == black) {
+		sibling->color = red;
+		node = node->parent;
+	    } else {
+		if (sibling->right->color == black) {
+		      sibling->left->color = black;
+		      sibling->color = red;
+		      rotate_right(tree, sibling);
+		      sibling = node->parent->right;
+		}
+		sibling->color = node->parent->color;
+		node->parent->color = black;
+		sibling->right->color = black;
+		rotate_left(tree, node->parent);
+		node = rbroot(tree); /* exit loop */
+	    }
+	} else { /* if (node == node->parent->right) */
+	    sibling = node->parent->left;
+	    if (sibling->color == red) {
+		sibling->color = black;
+		node->parent->color = red;
+		rotate_right(tree, node->parent);
+		sibling = node->parent->left;
+	    }
+	    if (sibling->right->color == black && sibling->left->color == black) {
+		sibling->color = red;
+		node = node->parent;
+	    } else {
+		if (sibling->left->color == black) {
+		    sibling->right->color = black;
+		    sibling->color = red;
+		    rotate_left(tree, sibling);
+		    sibling = node->parent->left;
+		}
+		sibling->color = node->parent->color;
+		node->parent->color = black;
+		sibling->left->color = black;
+		rotate_right(tree, node->parent);
+		node = rbroot(tree); /* exit loop */
+	    }
+	}
+    }
+    node->color = black;
+}
diff --git a/sudo-1.7.4p4/redblack.h b/sudo-1.7.4p4/redblack.h
new file mode 100644
index 0000000..b1938ca
--- /dev/null
+++ b/sudo-1.7.4p4/redblack.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2004, 2007 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_REDBLACK_H
+#define _SUDO_REDBLACK_H
+
+enum rbcolor {
+    red,
+    black
+};
+
+enum rbtraversal {
+    preorder,
+    inorder,
+    postorder
+};
+
+struct rbnode {
+    struct rbnode *left, *right, *parent;
+    void *data;
+    enum rbcolor color;
+};
+
+struct rbtree {
+    int (*compar) __P((const void *, const void *));
+    struct rbnode root;
+    struct rbnode nil;
+};
+
+#define rbapply(t, f, c, o)	rbapply_node((t), (t)->root.left, (f), (c), (o))
+#define rbisempty(t)		((t)->root.left == &(t)->nil && (t)->root.right == &(t)->nil)
+#define rbfirst(t)		((t)->root.left)
+#define rbroot(t)		(&(t)->root)
+#define rbnil(t)		(&(t)->nil)
+
+void *rbdelete			__P((struct rbtree *, struct rbnode *));
+int rbapply_node		__P((struct rbtree *, struct rbnode *,
+				    int (*)(void *, void *), void *,
+				    enum rbtraversal));
+struct rbnode *rbfind		__P((struct rbtree *, void *));
+struct rbnode *rbinsert		__P((struct rbtree *, void *));
+struct rbtree *rbcreate		__P((int (*)(const void *, const void *)));
+void rbdestroy			__P((struct rbtree *, void (*)(void *)));
+
+#endif /* _SUDO_REDBLACK_H */
diff --git a/sudo-1.7.4p4/sample.pam b/sudo-1.7.4p4/sample.pam
new file mode 100644
index 0000000..d56e712
--- /dev/null
+++ b/sudo-1.7.4p4/sample.pam
@@ -0,0 +1,30 @@
+#%PAM-1.0
+# Sample /etc/pam.d/sudo file for RedHat 9 / Fedora Core.
+#   For other Linux distributions you may want to
+#   use /etc/pam.d/sshd or /etc/pam.d/su as a guide.
+#
+#   There are two basic ways to configure PAM, either via pam_stack
+#   or by explicitly specifying the various methods to use.
+#
+# Here we use pam_stack
+auth       required	pam_stack.so service=system-auth
+account    required	pam_stack.so service=system-auth
+password   required	pam_stack.so service=system-auth
+session    required	pam_stack.so service=system-auth
+#
+# Alternately, you can specify the authentication method directly.
+# Here we use pam_unix for normal password authentication.
+#auth       required	pam_env.so
+#auth       sufficient	pam_unix.so
+#account    required	pam_unix.so
+#password   required	pam_cracklib.so retry=3 type=
+#password   required	pam_unix.so nullok use_authtok md5 shadow
+#session    required	pam_limits.so
+#session    required	pam_unix.so
+#
+# Another option is to use SMB for authentication.
+#auth       required	pam_env.so
+#auth       sufficient	pam_smb_auth.so
+#account    required	pam_smb_auth.so
+#password   required	pam_smb_auth.so
+#session    required	pam_limits.so
diff --git a/sudo-1.7.4p4/sample.sudoers b/sudo-1.7.4p4/sample.sudoers
new file mode 100644
index 0000000..0ef1579
--- /dev/null
+++ b/sudo-1.7.4p4/sample.sudoers
@@ -0,0 +1,131 @@
+#
+# Sample /etc/sudoers file.
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the sudoers man page for the details on how to write a sudoers file.
+
+##
+# Override built-in defaults
+##
+Defaults		syslog=auth
+Defaults>root		!set_logname
+Defaults:FULLTIMERS	!lecture
+Defaults:millert	!authenticate
+Defaults@SERVERS	log_year, logfile=/var/log/sudo.log
+Defaults!PAGERS		noexec
+
+##
+# User alias specification
+##
+User_Alias	FULLTIMERS = millert, mikef, dowdy
+User_Alias	PARTTIMERS = bostley, jwfox, crawl
+User_Alias	WEBMASTERS = will, wendy, wim
+
+##
+# Runas alias specification
+##
+Runas_Alias	OP = root, operator
+Runas_Alias	DB = oracle, sybase
+
+##
+# Host alias specification
+##
+Host_Alias	SPARC = bigtime, eclipse, moet, anchor:\
+		SGI = grolsch, dandelion, black:\
+		ALPHA = widget, thalamus, foobar:\
+		HPPA = boa, nag, python
+Host_Alias	CUNETS = 128.138.0.0/255.255.0.0
+Host_Alias	CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
+Host_Alias	SERVERS = master, mail, www, ns
+Host_Alias	CDROM = orion, perseus, hercules
+
+##
+# Cmnd alias specification
+##
+Cmnd_Alias	DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
+			/usr/sbin/rrestore, /usr/bin/mt
+Cmnd_Alias	KILL = /usr/bin/kill
+Cmnd_Alias	PRINTING = /usr/sbin/lpc, /usr/bin/lprm
+Cmnd_Alias	SHUTDOWN = /usr/sbin/shutdown
+Cmnd_Alias	HALT = /usr/sbin/halt
+Cmnd_Alias	REBOOT = /usr/sbin/reboot
+Cmnd_Alias	SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
+			 /usr/local/bin/tcsh, /usr/bin/rsh, \
+			 /usr/local/bin/zsh
+Cmnd_Alias	SU = /usr/bin/su
+Cmnd_Alias	VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
+		       /usr/bin/chfn
+Cmnd_Alias	PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
+
+##
+# User specification
+##
+
+# root and users in group wheel can run anything on any machine as any user
+root		ALL = (ALL) ALL
+%wheel		ALL = (ALL) ALL
+
+# full time sysadmins can run anything on any machine without a password
+FULLTIMERS	ALL = NOPASSWD: ALL
+
+# part time sysadmins may run anything but need a password
+PARTTIMERS	ALL = ALL
+
+# jack may run anything on machines in CSNETS
+jack		CSNETS = ALL
+
+# lisa may run any command on any host in CUNETS (a class B network)
+lisa		CUNETS = ALL
+
+# operator may run maintenance commands and anything in /usr/oper/bin/
+operator	ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\
+		sudoedit /etc/printcap, /usr/oper/bin/
+
+# joe may su only to operator
+joe		ALL = /usr/bin/su operator
+
+# pete may change passwords for anyone but root on the hp snakes
+pete		HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root
+
+# bob may run anything on the sparc and sgi machines as any user
+# listed in the Runas_Alias "OP" (ie: root and operator)
+bob		SPARC = (OP) ALL : SGI = (OP) ALL
+
+# jim may run anything on machines in the biglab netgroup
+jim		+biglab = ALL
+
+# users in the secretaries netgroup need to help manage the printers
+# as well as add and remove users
++secretaries	ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
+
+# fred can run commands as oracle or sybase without a password
+fred		ALL = (DB) NOPASSWD: ALL
+
+# on the alphas, john may su to anyone but root and flags are not allowed
+john		ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
+
+# jen can run anything on all machines except the ones
+# in the "SERVERS" Host_Alias
+jen		ALL, !SERVERS = ALL
+
+# jill can run any commands in the directory /usr/bin/, except for
+# those in the SU and SHELLS aliases.
+jill		SERVERS = /usr/bin/, !SU, !SHELLS
+
+# steve can run any command in the directory /usr/local/op_commands/
+# as user operator.
+steve		CSNETS = (operator) /usr/local/op_commands/
+
+# matt needs to be able to kill things on his workstation when
+# they get hung.
+matt		valkyrie = KILL
+
+# users in the WEBMASTERS User_Alias (will, wendy, and wim)
+# may run any command as user www (which owns the web pages)
+# or simply su to www.
+WEBMASTERS	www = (www) ALL, (root) /usr/bin/su www
+
+# anyone can mount/unmount a cd-rom on the machines in the CDROM alias
+ALL		CDROM = NOPASSWD: /sbin/umount /CDROM,\
+		/sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
diff --git a/sudo-1.7.4p4/sample.syslog.conf b/sudo-1.7.4p4/sample.syslog.conf
new file mode 100644
index 0000000..686cd19
--- /dev/null
+++ b/sudo-1.7.4p4/sample.syslog.conf
@@ -0,0 +1,26 @@
+# This is a sample syslog.conf fragment for use with Sudo.
+#
+# By default, sudo logs to "authpriv" if your system supports it, else it
+# uses "auth".  The facility can be set via the --with-logfac configure
+# option or in the sudoers file.
+# To see what syslog facility a sudo binary uses, run `sudo -V' as *root*.
+#
+# NOTES:
+#	The whitespace in the following line is made up of <TAB>
+#       characters, *not* spaces.  You cannot just cut and paste!
+#
+#	If you edit syslog.conf you need to send syslogd a HUP signal.
+#	Ie: kill -HUP process_id
+#
+#	Syslogd will not create new log files for you, you must first
+#	create the file before syslogd will log to it.  Eg.
+#	'touch /var/log/sudo'
+
+# This logs successful and failed sudo attempts to the file /var/log/auth
+# If your system has the authpriv syslog facility, use authpriv.debug
+auth.debug					/var/log/auth
+
+# To log to a remote machine, use something like the following,
+# where "loghost" is the name of the remote machine.
+# If your system has the authpriv syslog facility, use authpriv.debug
+auth.debug					@loghost
diff --git a/sudo-1.7.4p4/schema.ActiveDirectory b/sudo-1.7.4p4/schema.ActiveDirectory
new file mode 100644
index 0000000..4b87e05
--- /dev/null
+++ b/sudo-1.7.4p4/schema.ActiveDirectory
@@ -0,0 +1,195 @@
+#

+# Active Directory Schema for sudo configuration (sudoers)

+#

+# To extend your Active Directory schema, run one of the following command

+# on your Windows DC (default port - Active Directory):

+# 

+#  ldifde -i -f schema.ActiveDirectory -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext

+#

+# or on your Windows DC if using another port (with Active Directory LightWeight Directory Services / ADAM-Active Directory Application Mode)

+# Port 50000 by example (or any other port specified when defining the ADLDS/ADAM instance

+#

+#  ldifde -i -f schema.ActiveDirectory -t 50000 -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext

+#

+# or 

+#

+#  ldifde -i -f schema.ActiveDirectory -s server:port -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext

+#

+# Can add username domain and password

+#

+# -b username domain password

+#

+# Can create Log file in current or any directory

+#

+# -j .

+#

+

+dn: CN=sudoUser,CN=Schema,CN=Configuration,DC=X

+changetype: add

+objectClass: top

+objectClass: attributeSchema

+cn: sudoUser

+distinguishedName: CN=sudoUser,CN=Schema,CN=Configuration,DC=X

+instanceType: 4

+attributeID: 1.3.6.1.4.1.15953.9.1.1

+attributeSyntax: 2.5.5.5

+isSingleValued: FALSE

+showInAdvancedViewOnly: TRUE

+adminDisplayName: sudoUser

+adminDescription: User(s) who may run sudo

+oMSyntax: 22

+searchFlags: 1

+lDAPDisplayName: sudoUser

+name: sudoUser

+schemaIDGUID:: JrGcaKpnoU+0s+HgeFjAbg==

+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X

+

+dn: CN=sudoHost,CN=Schema,CN=Configuration,DC=X

+changetype: add

+objectClass: top

+objectClass: attributeSchema

+cn: sudoHost

+distinguishedName: CN=sudoHost,CN=Schema,CN=Configuration,DC=X

+instanceType: 4

+attributeID: 1.3.6.1.4.1.15953.9.1.2

+attributeSyntax: 2.5.5.5

+isSingleValued: FALSE

+showInAdvancedViewOnly: TRUE

+adminDisplayName: sudoHost

+adminDescription: Host(s) who may run sudo

+oMSyntax: 22

+lDAPDisplayName: sudoHost

+name: sudoHost

+schemaIDGUID:: d0TTjg+Y6U28g/Y+ns2k4w==

+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X

+

+dn: CN=sudoCommand,CN=Schema,CN=Configuration,DC=X

+changetype: add

+objectClass: top

+objectClass: attributeSchema

+cn: sudoCommand

+distinguishedName: CN=sudoCommand,CN=Schema,CN=Configuration,DC=X

+instanceType: 4

+attributeID: 1.3.6.1.4.1.15953.9.1.3

+attributeSyntax: 2.5.5.5

+isSingleValued: FALSE

+showInAdvancedViewOnly: TRUE

+adminDisplayName: sudoCommand

+adminDescription: Command(s) to be executed by sudo

+oMSyntax: 22

+lDAPDisplayName: sudoCommand

+name: sudoCommand

+schemaIDGUID:: D6QR4P5UyUen3RGYJCHCPg==

+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X

+

+dn: CN=sudoRunAs,CN=Schema,CN=Configuration,DC=X

+changetype: add

+objectClass: top

+objectClass: attributeSchema

+cn: sudoRunAs

+distinguishedName: CN=sudoRunAs,CN=Schema,CN=Configuration,DC=X

+instanceType: 4

+attributeID: 1.3.6.1.4.1.15953.9.1.4

+attributeSyntax: 2.5.5.5

+isSingleValued: FALSE

+showInAdvancedViewOnly: TRUE

+adminDisplayName: sudoRunAs

+adminDescription: User(s) impersonated by sudo (deprecated)

+oMSyntax: 22

+lDAPDisplayName: sudoRunAs

+name: sudoRunAs

+schemaIDGUID:: CP98mCQTyUKKxGrQeM80hQ==

+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X

+

+dn: CN=sudoOption,CN=Schema,CN=Configuration,DC=X

+changetype: add

+objectClass: top

+objectClass: attributeSchema

+cn: sudoOption

+distinguishedName: CN=sudoOption,CN=Schema,CN=Configuration,DC=X

+instanceType: 4

+attributeID: 1.3.6.1.4.1.15953.9.1.5

+attributeSyntax: 2.5.5.5

+isSingleValued: FALSE

+showInAdvancedViewOnly: TRUE

+adminDisplayName: sudoOption

+adminDescription: Option(s) followed by sudo

+oMSyntax: 22

+lDAPDisplayName: sudoOption

+name: sudoOption

+schemaIDGUID:: ojaPzBBlAEmsvrHxQctLnA==

+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X

+

+dn: CN=sudoRunAsUser,CN=Schema,CN=Configuration,DC=X

+changetype: add

+objectClass: top

+objectClass: attributeSchema

+cn: sudoRunAsUser

+distinguishedName: CN=sudoRunAsUser,CN=Schema,CN=Configuration,DC=X

+instanceType: 4

+attributeID: 1.3.6.1.4.1.15953.9.1.6

+attributeSyntax: 2.5.5.5

+isSingleValued: FALSE

+showInAdvancedViewOnly: TRUE

+adminDisplayName: sudoRunAsUser

+adminDescription: User(s) impersonated by sudo

+oMSyntax: 22

+lDAPDisplayName: sudoRunAsUser

+name: sudoRunAsUser

+schemaIDGUID:: 9C52yPYd3RG3jMR2VtiVkw==

+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X

+

+dn: CN=sudoRunAsGroup,CN=Schema,CN=Configuration,DC=X

+changetype: add

+objectClass: top

+objectClass: attributeSchema

+cn: sudoRunAsGroup

+distinguishedName: CN=sudoRunAsGroup,CN=Schema,CN=Configuration,DC=X

+instanceType: 4

+attributeID: 1.3.6.1.4.1.15953.9.1.7

+attributeSyntax: 2.5.5.5

+isSingleValued: FALSE

+showInAdvancedViewOnly: TRUE

+adminDisplayName: sudoRunAsGroup

+adminDescription: Groups(s) impersonated by sudo

+oMSyntax: 22

+lDAPDisplayName: sudoRunAsGroup

+name: sudoRunAsGroup

+schemaIDGUID:: xJhSt/Yd3RGJPTB1VtiVkw==

+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X

+

+dn:

+changetype: modify

+add: schemaUpdateNow

+schemaUpdateNow: 1

+-

+

+dn: CN=sudoRole,CN=Schema,CN=Configuration,DC=X

+changetype: add

+objectClass: top

+objectClass: classSchema

+cn: sudoRole

+distinguishedName: CN=sudoRole,CN=Schema,CN=Configuration,DC=X

+instanceType: 4

+possSuperiors: container

+possSuperiors: top

+subClassOf: top

+governsID: 1.3.6.1.4.1.15953.9.2.1

+mayContain: sudoCommand

+mayContain: sudoHost

+mayContain: sudoOption

+mayContain: sudoRunAs

+mayContain: sudoRunAsUser

+mayContain: sudoRunAsGroup

+mayContain: sudoUser

+rDNAttID: cn

+showInAdvancedViewOnly: FALSE

+adminDisplayName: sudoRole

+adminDescription: Sudoer Entries

+objectClassCategory: 1

+lDAPDisplayName: sudoRole

+name: sudoRole

+schemaIDGUID:: SQn432lnZ0+ukbdh3+gN3w==

+systemOnly: FALSE

+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X

+defaultObjectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=X

diff --git a/sudo-1.7.4p4/schema.OpenLDAP b/sudo-1.7.4p4/schema.OpenLDAP
new file mode 100644
index 0000000..df3fc0f
--- /dev/null
+++ b/sudo-1.7.4p4/schema.OpenLDAP
@@ -0,0 +1,55 @@
+#
+# OpenLDAP schema file for Sudo
+# Save as /etc/openldap/schema/sudo.schema
+#
+
+attributetype ( 1.3.6.1.4.1.15953.9.1.1
+    NAME 'sudoUser'
+    DESC 'User(s) who may  run sudo'
+    EQUALITY caseExactIA5Match
+    SUBSTR caseExactIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.15953.9.1.2
+    NAME 'sudoHost'
+    DESC 'Host(s) who may run sudo'
+    EQUALITY caseExactIA5Match
+    SUBSTR caseExactIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.15953.9.1.3
+    NAME 'sudoCommand'
+    DESC 'Command(s) to be executed by sudo'
+    EQUALITY caseExactIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.15953.9.1.4
+    NAME 'sudoRunAs'
+    DESC 'User(s) impersonated by sudo (deprecated)'
+    EQUALITY caseExactIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.15953.9.1.5
+    NAME 'sudoOption'
+    DESC 'Options(s) followed by sudo'
+    EQUALITY caseExactIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.15953.9.1.6
+    NAME 'sudoRunAsUser'
+    DESC 'User(s) impersonated by sudo'
+    EQUALITY caseExactIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.15953.9.1.7
+    NAME 'sudoRunAsGroup'
+    DESC 'Group(s) impersonated by sudo'
+    EQUALITY caseExactIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL
+    DESC 'Sudoer Entries'
+    MUST ( cn )
+    MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $
+	    description )
+    )
diff --git a/sudo-1.7.4p4/schema.iPlanet b/sudo-1.7.4p4/schema.iPlanet
new file mode 100644
index 0000000..3718fd7
--- /dev/null
+++ b/sudo-1.7.4p4/schema.iPlanet
@@ -0,0 +1,9 @@
+dn: cn=schema
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may  run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo (deprecated)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )
+objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ description ) X-ORIGIN 'SUDO' )
diff --git a/sudo-1.7.4p4/selinux.c b/sudo-1.7.4p4/selinux.c
new file mode 100644
index 0000000..2c03e6c
--- /dev/null
+++ b/sudo-1.7.4p4/selinux.c
@@ -0,0 +1,351 @@
+/*
+ * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 2008 Dan Walsh <dwalsh@redhat.com>
+ *
+ * Borrowed heavily from newrole source code
+ * Authors:
+ *	Anthony Colatrella
+ *	Tim Fraser
+ *	Steve Grubb <sgrubb@redhat.com>
+ *	Darrel Goeddel <DGoeddel@trustedcs.com>
+ *	Michael Thompson <mcthomps@us.ibm.com>
+ *	Dan Walsh <dwalsh@redhat.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#ifdef HAVE_LINUX_AUDIT
+#include <libaudit.h>
+#endif
+
+#include <selinux/flask.h>             /* for SECCLASS_CHR_FILE */
+#include <selinux/selinux.h>           /* for is_selinux_enabled() */
+#include <selinux/context.h>           /* for context-mangling functions */
+#include <selinux/get_default_type.h>
+#include <selinux/get_context_list.h>
+
+#include "sudo.h"
+#include "linux_audit.h"
+
+static struct selinux_state {
+    security_context_t old_context;
+    security_context_t new_context;
+    security_context_t tty_context;
+    security_context_t new_tty_context;
+    const char *ttyn;
+    int ttyfd;
+    int enforcing;
+} se_state;
+
+/*
+ * This function attempts to revert the relabeling done to the tty.
+ * fd		   - referencing the opened ttyn
+ * ttyn		   - name of tty to restore
+ *
+ * Returns zero on success, non-zero otherwise
+ */
+int
+selinux_restore_tty(void)
+{
+    int retval = 0;
+    security_context_t chk_tty_context = NULL;
+
+    if (se_state.ttyfd == -1 || se_state.new_tty_context == NULL)
+	goto skip_relabel;
+
+    /* Verify that the tty still has the context set by sudo. */
+    if ((retval = fgetfilecon(se_state.ttyfd, &chk_tty_context)) < 0) {
+	warning("unable to fgetfilecon %s", se_state.ttyn);
+	goto skip_relabel;
+    }
+
+    if ((retval = strcmp(chk_tty_context, se_state.new_tty_context))) {
+	warningx("%s changed labels.", se_state.ttyn);
+	goto skip_relabel;
+    }
+
+    if ((retval = fsetfilecon(se_state.ttyfd, se_state.tty_context)) < 0)
+	warning("unable to restore context for %s", se_state.ttyn);
+
+skip_relabel:
+    if (se_state.ttyfd != -1) {
+	close(se_state.ttyfd);
+	se_state.ttyfd = -1;
+    }
+    if (chk_tty_context != NULL) {
+	freecon(chk_tty_context);
+	chk_tty_context = NULL;
+    }
+    return retval;
+}
+
+/*
+ * This function attempts to relabel the tty. If this function fails, then
+ * the contexts are free'd and -1 is returned. On success, 0 is returned
+ * and tty_context and new_tty_context are set.
+ *
+ * This function will not fail if it can not relabel the tty when selinux is
+ * in permissive mode.
+ */
+static int
+relabel_tty(const char *ttyn, int ptyfd)
+{
+    security_context_t tty_con = NULL;
+    security_context_t new_tty_con = NULL;
+    int fd;
+
+    se_state.ttyfd = ptyfd;
+
+    /* It is perfectly legal to have no tty. */
+    if (ptyfd == -1 && ttyn == NULL)
+	return 0;
+
+    /* If sudo is not allocating a pty for the command, open current tty. */
+    if (ptyfd == -1) {
+	se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK);
+	if (se_state.ttyfd == -1) {
+	    warning("unable to open %s, not relabeling tty", ttyn);
+	    if (se_state.enforcing)
+		goto bad;
+	}
+	(void)fcntl(se_state.ttyfd, F_SETFL,
+	    fcntl(se_state.ttyfd, F_GETFL, 0) & ~O_NONBLOCK);
+    }
+
+    if (fgetfilecon(se_state.ttyfd, &tty_con) < 0) {
+	warning("unable to get current tty context, not relabeling tty");
+	if (se_state.enforcing)
+	    goto bad;
+    }
+
+    if (tty_con && (security_compute_relabel(se_state.new_context, tty_con,
+	SECCLASS_CHR_FILE, &new_tty_con) < 0)) {
+	warning("unable to get new tty context, not relabeling tty");
+	if (se_state.enforcing)
+	    goto bad;
+    }
+
+    if (new_tty_con != NULL) {
+	if (fsetfilecon(se_state.ttyfd, new_tty_con) < 0) {
+	    warning("unable to set new tty context");
+	    if (se_state.enforcing)
+		goto bad;
+	}
+    }
+
+    if (ptyfd != -1) {
+	/* Reopen pty that was relabeled, std{in,out,err} are reset later. */
+	se_state.ttyfd = open(ttyn, O_RDWR|O_NOCTTY, 0);
+	if (se_state.ttyfd == -1) {
+	    warning("cannot open %s", ttyn);
+	    if (se_state.enforcing)
+		goto bad;
+	}
+	if (dup2(se_state.ttyfd, ptyfd) == -1) {
+	    warning("dup2");
+	    goto bad;
+	}
+    } else {
+	/* Re-open tty to get new label and reset std{in,out,err} */
+	close(se_state.ttyfd);
+	se_state.ttyfd = open(ttyn, O_RDWR|O_NONBLOCK);
+	if (se_state.ttyfd == -1) {
+	    warning("unable to open %s", ttyn);
+	    goto bad;
+	}
+	(void)fcntl(se_state.ttyfd, F_SETFL,
+	    fcntl(se_state.ttyfd, F_GETFL, 0) & ~O_NONBLOCK);
+	for (fd = STDIN_FILENO; fd <= STDERR_FILENO; fd++) {
+	    if (isatty(fd) && dup2(se_state.ttyfd, fd) == -1) {
+		warning("dup2");
+		goto bad;
+	    }
+	}
+    }
+    /* Retain se_state.ttyfd so we can restore label when command finishes. */
+    (void)fcntl(se_state.ttyfd, F_SETFD, FD_CLOEXEC);
+
+    se_state.ttyn = ttyn;
+    se_state.tty_context = tty_con;
+    se_state.new_tty_context = new_tty_con;
+    return 0;
+
+bad:
+    if (se_state.ttyfd != -1 && se_state.ttyfd != ptyfd) {
+	close(se_state.ttyfd);
+	se_state.ttyfd = -1;
+    }
+    freecon(tty_con);
+    return -1;
+}
+
+/*
+ * Returns a new security context based on the old context and the
+ * specified role and type.
+ */
+security_context_t
+get_exec_context(security_context_t old_context, const char *role, const char *type)
+{
+    security_context_t new_context = NULL;
+    context_t context = NULL;
+    char *typebuf = NULL;
+    
+    /* We must have a role, the type is optional (we can use the default). */
+    if (!role) {
+	warningx("you must specify a role for type %s", type);
+	errno = EINVAL;
+	return NULL;
+    }
+    if (!type) {
+	if (get_default_type(role, &typebuf)) {
+	    warningx("unable to get default type for role %s", role);
+	    errno = EINVAL;
+	    return NULL;
+	}
+	type = typebuf;
+    }
+    
+    /* 
+     * Expand old_context into a context_t so that we extract and modify 
+     * its components easily. 
+     */
+    context = context_new(old_context);
+    
+    /*
+     * Replace the role and type in "context" with the role and
+     * type we will be running the command as.
+     */
+    if (context_role_set(context, role)) {
+	warning("failed to set new role %s", role);
+	goto bad;
+    }
+    if (context_type_set(context, type)) {
+	warning("failed to set new type %s", type);
+	goto bad;
+    }
+      
+    /*
+     * Convert "context" back into a string and verify it.
+     */
+    new_context = estrdup(context_str(context));
+    if (security_check_context(new_context) < 0) {
+	warningx("%s is not a valid context", new_context);
+	errno = EINVAL;
+	goto bad;
+    }
+
+#ifdef DEBUG
+    warningx("Your new context is %s", new_context);
+#endif
+
+    context_free(context);
+    return new_context;
+
+bad:
+    free(typebuf);
+    context_free(context);
+    freecon(new_context);
+    return NULL;
+}
+
+/* 
+ * Set the exec and tty contexts in preparation for fork/exec.
+ * Must run as root, before the uid change.
+ * If ptyfd is not -1, it indicates we are running
+ * in a pty and do not need to reset std{in,out,err}.
+ * Returns 0 on success and -1 on failure.
+ */
+int
+selinux_setup(const char *role, const char *type, const char *ttyn,
+    int ptyfd)
+{
+    int rval = -1;
+
+    /* Store the caller's SID in old_context. */
+    if (getprevcon(&se_state.old_context)) {
+	warning("failed to get old_context");
+	goto done;
+    }
+
+    se_state.enforcing = security_getenforce();
+    if (se_state.enforcing < 0) {
+	warning("unable to determine enforcing mode.");
+	goto done;
+    }
+
+#ifdef DEBUG
+    warningx("your old context was %s", se_state.old_context);
+#endif
+    se_state.new_context = get_exec_context(se_state.old_context, role, type);
+    if (!se_state.new_context)
+	goto done;
+    
+    if (relabel_tty(ttyn, ptyfd) < 0) {
+	warning("unable to setup tty context for %s", se_state.new_context);
+	goto done;
+    }
+
+#ifdef DEBUG
+    if (se_state.ttyfd != -1) {
+	warningx("your old tty context is %s", se_state.tty_context);
+	warningx("your new tty context is %s", se_state.new_tty_context);
+    }
+#endif
+
+#ifdef HAVE_LINUX_AUDIT
+    linux_audit_role_change(se_state.old_context, se_state.new_context,
+	se_state.ttyn);
+#endif
+
+    rval = 0;
+
+done:
+    return rval;
+}
+
+void
+selinux_execve(const char *path, char *argv[], char *envp[])
+{
+    if (setexeccon(se_state.new_context)) {
+	warning("unable to set exec context to %s", se_state.new_context);
+	if (se_state.enforcing)
+	    return;
+    }
+
+#ifdef HAVE_SETKEYCREATECON
+    if (setkeycreatecon(se_state.new_context)) {
+	warning("unable to set key creation context to %s", se_state.new_context);
+	if (se_state.enforcing)
+	    return;
+    }
+#endif /* HAVE_SETKEYCREATECON */
+
+    /* We use the "spare" slot in argv to store sesh. */
+    --argv;
+    argv[0] = *argv[1] == '-' ? "-sesh" : "sesh";
+    argv[1] = (char *)path;
+
+    execve(_PATH_SUDO_SESH, argv, envp);
+}
diff --git a/sudo-1.7.4p4/sesh.c b/sudo-1.7.4p4/sesh.c
new file mode 100644
index 0000000..3195e25
--- /dev/null
+++ b/sudo-1.7.4p4/sesh.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2008 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <err.h>
+#include <errno.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "compat.h"
+
+int
+main (int argc, char **argv)
+{
+    char *cp, *cmnd;
+
+    if (argc < 2)
+	errx(EXIT_FAILURE, "requires at least one argument");
+
+    /* Shift argv and make a copy of the command to execute. */
+    argv++;
+    argc--;
+    cmnd = strdup(argv[0]);
+    if (cmnd == NULL)
+	err(EXIT_FAILURE, NULL);
+
+    /* If invoked as a login shell, modify argv[0] accordingly. */
+    if (argv[0][0] == '-') {
+	if ((cp = strrchr(argv[0], '/')) == NULL)
+	    cp = argv[0];
+	*cp = '-';
+    }
+    execv(cmnd, argv);
+    warn("unable to execute %s", argv[0]);
+    _exit(EXIT_FAILURE);
+}
diff --git a/sudo-1.7.4p4/set_perms.c b/sudo-1.7.4p4/set_perms.c
new file mode 100644
index 0000000..81e2e76
--- /dev/null
+++ b/sudo-1.7.4p4/set_perms.c
@@ -0,0 +1,593 @@
+/*
+ * Copyright (c) 1994-1996,1998-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <errno.h>
+#include <grp.h>
+#ifdef HAVE_LOGIN_CAP_H
+# include <login_cap.h>
+#endif
+
+#include "sudo.h"
+
+#ifdef __TANDEM
+# define ROOT_UID	65535
+#else
+# define ROOT_UID	0
+#endif
+
+/*
+ * Prototypes
+ */
+static void runas_setup		__P((void));
+static void runas_setgroups	__P((void));
+static void restore_groups	__P((void));
+
+static int current_perm = -1;
+
+#ifdef HAVE_SETRESUID
+/*
+ * Set real and effective and saved uids and gids based on perm.
+ * We always retain a saved uid of 0 unless we are headed for an exec().
+ * We only flip the effective gid since it only changes for PERM_SUDOERS.
+ * This version of set_perms() works fine with the "stay_setuid" option.
+ */
+int
+set_perms(perm)
+    int perm;
+{
+    const char *errstr;
+    int noexit;
+
+    noexit = ISSET(perm, PERM_NOEXIT);
+    CLR(perm, PERM_MASK);
+
+    if (perm == current_perm)
+	return(1);
+
+    switch (perm) {
+	case PERM_ROOT:
+				if (setresuid(ROOT_UID, ROOT_UID, ROOT_UID)) {
+				    errstr = "setresuid(ROOT_UID, ROOT_UID, ROOT_UID)";
+				    goto bad;
+				}
+				(void) setresgid(-1, user_gid, -1);
+				if (current_perm == PERM_RUNAS)
+				    restore_groups();
+			      	break;
+
+	case PERM_USER:
+    	    	    	        (void) setresgid(-1, user_gid, -1);
+				if (setresuid(user_uid, user_uid, ROOT_UID)) {
+				    errstr = "setresuid(user_uid, user_uid, ROOT_UID)";
+				    goto bad;
+				}
+			      	break;
+				
+	case PERM_FULL_USER:
+				/* headed for exec() */
+    	    	    	        (void) setgid(user_gid);
+				if (setresuid(user_uid, user_uid, user_uid)) {
+				    errstr = "setresuid(user_uid, user_uid, user_uid)";
+				    goto bad;
+				}
+			      	break;
+				
+	case PERM_RUNAS:
+				runas_setgroups();
+				(void) setresgid(-1, runas_gr ?
+				    runas_gr->gr_gid : runas_pw->pw_gid, -1);
+				if (setresuid(-1, runas_pw ? runas_pw->pw_uid :
+				    user_uid, -1)) {
+				    errstr = "unable to change to runas uid";
+				    goto bad;
+				}
+			      	break;
+
+	case PERM_FULL_RUNAS:
+				/* headed for exec(), assume euid == ROOT_UID */
+				runas_setup();
+				if (setresuid(def_stay_setuid ?
+				    user_uid : runas_pw->pw_uid,
+				    runas_pw->pw_uid, runas_pw->pw_uid)) {
+				    errstr = "unable to change to runas uid";
+				    goto bad;
+				}
+				break;
+
+	case PERM_SUDOERS:
+				/* assume euid == ROOT_UID, ruid == user */
+				if (setresgid(-1, SUDOERS_GID, -1))
+				    error(1, "unable to change to sudoers gid");
+
+				/*
+				 * If SUDOERS_UID == ROOT_UID and SUDOERS_MODE
+				 * is group readable we use a non-zero
+				 * uid in order to avoid NFS lossage.
+				 * Using uid 1 is a bit bogus but should
+				 * work on all OS's.
+				 */
+				if (SUDOERS_UID == ROOT_UID) {
+				    if ((SUDOERS_MODE & 040) && setresuid(ROOT_UID, 1, ROOT_UID)) {
+					errstr = "setresuid(ROOT_UID, 1, ROOT_UID)";
+					goto bad;
+				    }
+				} else {
+				    if (setresuid(ROOT_UID, SUDOERS_UID, ROOT_UID)) {
+					errstr = "setresuid(ROOT_UID, SUDOERS_UID, ROOT_UID)";
+					goto bad;
+				    }
+				}
+			      	break;
+	case PERM_TIMESTAMP:
+				if (setresuid(ROOT_UID, timestamp_uid, ROOT_UID)) {
+				    errstr = "setresuid(ROOT_UID, timestamp_uid, ROOT_UID)";
+				    goto bad;
+				}
+			      	break;
+    }
+
+    current_perm = perm;
+    return(1);
+bad:
+    warningx("%s: %s", errstr,
+	errno == EAGAIN ? "too many processes" : strerror(errno));
+    if (noexit)
+	return(0);
+    exit(1);
+}
+
+#else
+# ifdef HAVE_SETREUID
+
+/*
+ * Set real and effective uids and gids based on perm.
+ * We always retain a real or effective uid of ROOT_UID unless
+ * we are headed for an exec().
+ * This version of set_perms() works fine with the "stay_setuid" option.
+ */
+int
+set_perms(perm)
+    int perm;
+{
+    const char *errstr;
+    int noexit;
+
+    noexit = ISSET(perm, PERM_NOEXIT);
+    CLR(perm, PERM_MASK);
+
+    if (perm == current_perm)
+	return(1);
+
+    switch (perm) {
+	case PERM_ROOT:
+				if (setreuid(-1, ROOT_UID)) {
+				    errstr = "setreuid(-1, ROOT_UID)";
+				    goto bad;
+				}
+				if (setuid(ROOT_UID)) {
+				    errstr = "setuid(ROOT_UID)";
+				    goto bad;
+				}
+				(void) setregid(-1, user_gid);
+				if (current_perm == PERM_RUNAS)
+				    restore_groups();
+			      	break;
+
+	case PERM_USER:
+    	    	    	        (void) setregid(-1, user_gid);
+				if (setreuid(ROOT_UID, user_uid)) {
+				    errstr = "setreuid(ROOT_UID, user_uid)";
+				    goto bad;
+				}
+			      	break;
+				
+	case PERM_FULL_USER:
+				/* headed for exec() */
+    	    	    	        (void) setgid(user_gid);
+				if (setreuid(user_uid, user_uid)) {
+				    errstr = "setreuid(user_uid, user_uid)";
+				    goto bad;
+				}
+			      	break;
+				
+	case PERM_RUNAS:
+				runas_setgroups();
+				(void) setregid(-1, runas_gr ?
+				    runas_gr->gr_gid : runas_pw->pw_gid);
+				if (setreuid(-1,
+				    runas_pw ? runas_pw->pw_uid : user_uid)) {
+				    errstr = "unable to change to runas uid";
+				    goto bad;
+				}
+			      	break;
+
+	case PERM_FULL_RUNAS:
+				/* headed for exec(), assume euid == ROOT_UID */
+				runas_setup();
+				if (setreuid(def_stay_setuid ? user_uid :
+				    runas_pw->pw_uid, runas_pw->pw_uid)) {
+				    errstr = "unable to change to runas uid";
+				    goto bad;
+				}
+				break;
+
+	case PERM_SUDOERS:
+				/* assume euid == ROOT_UID, ruid == user */
+				if (setregid(-1, SUDOERS_GID))
+				    error(1, "unable to change to sudoers gid");
+
+				/*
+				 * If SUDOERS_UID == ROOT_UID and SUDOERS_MODE
+				 * is group readable we use a non-zero
+				 * uid in order to avoid NFS lossage.
+				 * Using uid 1 is a bit bogus but should
+				 * work on all OS's.
+				 */
+				if (SUDOERS_UID == ROOT_UID) {
+				    if ((SUDOERS_MODE & 040) && setreuid(ROOT_UID, 1)) {
+					errstr = "setreuid(ROOT_UID, 1)";
+					goto bad;
+				    }
+				} else {
+				    if (setreuid(ROOT_UID, SUDOERS_UID)) {
+					errstr = "setreuid(ROOT_UID, SUDOERS_UID)";
+					goto bad;
+				    }
+				}
+			      	break;
+	case PERM_TIMESTAMP:
+				if (setreuid(ROOT_UID, timestamp_uid)) {
+				    errstr = "setreuid(ROOT_UID, timestamp_uid)";
+				    goto bad;
+				}
+			      	break;
+    }
+
+    current_perm = perm;
+    return(1);
+bad:
+    warningx("%s: %s", errstr,
+	errno == EAGAIN ? "too many processes" : strerror(errno));
+    if (noexit)
+	return(0);
+    exit(1);
+}
+
+# else /* !HAVE_SETRESUID && !HAVE_SETREUID */
+# ifdef HAVE_SETEUID
+
+/*
+ * Set real and effective uids and gids based on perm.
+ * NOTE: does not support the "stay_setuid" option.
+ */
+int
+set_perms(perm)
+    int perm;
+{
+    const char *errstr;
+    int noexit;
+
+    noexit = ISSET(perm, PERM_NOEXIT);
+    CLR(perm, PERM_MASK);
+
+    if (perm == current_perm)
+	return(1);
+
+    /*
+     * Since we only have setuid() and seteuid() and semantics
+     * for these calls differ on various systems, we set
+     * real and effective uids to ROOT_UID initially to be safe.
+     */
+    if (seteuid(ROOT_UID)) {
+	errstr = "seteuid(ROOT_UID)";
+	goto bad;
+    }
+    if (setuid(ROOT_UID)) {
+	errstr = "setuid(ROOT_UID)";
+	goto bad;
+    }
+
+    switch (perm) {
+	case PERM_ROOT:
+				/* uid set above */
+				(void) setegid(user_gid);
+				if (current_perm == PERM_RUNAS)
+				    restore_groups();
+			      	break;
+
+	case PERM_USER:
+    	    	    	        (void) setegid(user_gid);
+				if (seteuid(user_uid)) {
+				    errstr = "seteuid(user_uid)";
+				    goto bad;
+				}
+			      	break;
+				
+	case PERM_FULL_USER:
+				/* headed for exec() */
+    	    	    	        (void) setgid(user_gid);
+				if (setuid(user_uid)) {
+				    errstr = "setuid(user_uid)";
+				    goto bad;
+				}
+			      	break;
+				
+	case PERM_RUNAS:
+				runas_setgroups();
+				(void) setegid(runas_gr ?
+				    runas_gr->gr_gid : runas_pw->pw_gid);
+				if (seteuid(runas_pw ? runas_pw->pw_uid : user_uid)) {
+				    errstr = "unable to change to runas uid";
+				    goto bad;
+				}
+			      	break;
+
+	case PERM_FULL_RUNAS:
+				/* headed for exec() */
+				runas_setup();
+				if (setuid(runas_pw->pw_uid)) {
+				    errstr = "unable to change to runas uid";
+				    goto bad;
+				}
+				break;
+
+	case PERM_SUDOERS:
+				if (setegid(SUDOERS_GID))
+				    error(1, "unable to change to sudoers gid");
+
+				/*
+				 * If SUDOERS_UID == ROOT_UID and SUDOERS_MODE
+				 * is group readable we use a non-zero
+				 * uid in order to avoid NFS lossage.
+				 * Using uid 1 is a bit bogus but should
+				 * work on all OS's.
+				 */
+				if (SUDOERS_UID == ROOT_UID) {
+				    if ((SUDOERS_MODE & 040) && seteuid(1)) {
+					errstr = "seteuid(1)";
+					goto bad;
+				    }
+				} else {
+				    if (seteuid(SUDOERS_UID)) {
+					errstr = "seteuid(SUDOERS_UID)";
+					goto bad;
+				    }
+				}
+			      	break;
+	case PERM_TIMESTAMP:
+				if (seteuid(timestamp_uid)) {
+				    errstr = "seteuid(timestamp_uid)";
+				    goto bad;
+				}
+			      	break;
+    }
+
+    current_perm = perm;
+    return(1);
+bad:
+    warningx("%s: %s", errstr,
+	errno == EAGAIN ? "too many processes" : strerror(errno));
+    if (noexit)
+	return(0);
+    exit(1);
+}
+
+# else /* !HAVE_SETRESUID && !HAVE_SETREUID && !HAVE_SETEUID */
+
+/*
+ * Set uids and gids based on perm via setuid() and setgid().
+ * NOTE: does not support the "stay_setuid" or timestampowner options.
+ *       Also, SUDOERS_UID and SUDOERS_GID are not used.
+ */
+int
+set_perms(perm)
+    int perm;
+{
+    const char *errstr;
+    int noexit;
+
+    noexit = ISSET(perm, PERM_NOEXIT);
+    CLR(perm, PERM_MASK);
+
+    if (perm == current_perm)
+	return(1);
+
+    switch (perm) {
+	case PERM_ROOT:
+				if (setuid(ROOT_UID)) {
+				    errstr = "setuid(ROOT_UID)";
+				    goto bad;
+				}
+				if (current_perm == PERM_RUNAS)
+				    restore_groups();
+				break;
+
+	case PERM_FULL_USER:
+    	    	    	        (void) setgid(user_gid);
+				if (setuid(user_uid)) {
+				    errstr = "setuid(user_uid)";
+				    goto bad;
+				}
+			      	break;
+				
+	case PERM_FULL_RUNAS:
+				runas_setup();
+				if (setuid(runas_pw->pw_uid)) {
+				    errstr = "unable to change to runas uid";
+				    goto bad;
+				}
+				break;
+
+	case PERM_USER:
+	case PERM_SUDOERS:
+	case PERM_RUNAS:
+	case PERM_TIMESTAMP:
+				/* Unsupported since we can't set euid. */
+				break;
+    }
+
+    current_perm = perm;
+    return(1);
+bad:
+    warningx("%s: %s", errstr,
+	errno == EAGAIN ? "too many processes" : strerror(errno));
+    if (noexit)
+	return(0);
+    exit(1);
+}
+#  endif /* HAVE_SETEUID */
+# endif /* HAVE_SETREUID */
+#endif /* HAVE_SETRESUID */
+
+#ifdef HAVE_INITGROUPS
+static void
+runas_setgroups()
+{
+    static int ngroups = -1;
+# ifdef HAVE_GETGROUPS
+    static GETGROUPS_T *groups;
+# endif
+    static struct passwd *pw;
+    struct passwd *opw = pw;
+
+    if (def_preserve_groups)
+	return;
+
+    /*
+     * Use stashed copy of runas groups if available, else initgroups and stash.
+     */
+    pw = runas_pw ? runas_pw : sudo_user.pw;
+    if (pw != opw) {
+# ifdef HAVE_SETAUTHDB
+	aix_setauthdb(pw->pw_name);
+# endif
+	if (initgroups(pw->pw_name, pw->pw_gid) < 0)
+	    log_error(USE_ERRNO|MSG_ONLY, "can't set runas group vector");
+# ifdef HAVE_GETGROUPS
+	if (groups) {
+	    efree(groups);
+	    groups = NULL;
+	}
+	if ((ngroups = getgroups(0, NULL)) > 0) {
+	    groups = emalloc2(ngroups, sizeof(GETGROUPS_T));
+	    if (getgroups(ngroups, groups) < 0)
+		log_error(USE_ERRNO|MSG_ONLY, "can't get runas group vector");
+	}
+#  ifdef HAVE_SETAUTHDB
+	aix_restoreauthdb();
+#  endif
+    } else {
+	if (setgroups(ngroups, groups) < 0)
+	    log_error(USE_ERRNO|MSG_ONLY, "can't set runas group vector");
+# endif /* HAVE_GETGROUPS */
+    }
+}
+
+static void
+restore_groups()
+{
+    if (user_ngroups >= 0 && setgroups(user_ngroups, user_groups) < 0)
+	log_error(USE_ERRNO|MSG_ONLY, "can't reset user group vector");
+}
+
+#else
+
+static void
+runas_setgroups()
+{
+    /* STUB */
+}
+
+static void
+restore_groups()
+{
+    /* STUB */
+}
+
+#endif /* HAVE_INITGROUPS */
+
+static void
+runas_setup()
+{
+    gid_t gid;
+#ifdef HAVE_LOGIN_CAP_H
+    int flags;
+    extern login_cap_t *lc;
+#endif
+
+    if (runas_pw->pw_name != NULL) {
+	gid = runas_gr ? runas_gr->gr_gid : runas_pw->pw_gid;
+#ifdef HAVE_GETUSERATTR
+	aix_prep_user(runas_pw->pw_name, user_ttypath);
+#endif
+#ifdef HAVE_PAM
+	pam_begin_session(runas_pw);
+#endif /* HAVE_PAM */
+
+#ifdef HAVE_LOGIN_CAP_H
+	if (def_use_loginclass) {
+	    /*
+             * We only use setusercontext() to set the nice value and rlimits.
+	     */
+	    flags = LOGIN_SETRESOURCES|LOGIN_SETPRIORITY;
+	    if (setusercontext(lc, runas_pw, runas_pw->pw_uid, flags)) {
+		if (runas_pw->pw_uid != ROOT_UID)
+		    error(1, "unable to set user context");
+		else
+		    warning("unable to set user context");
+	    }
+	}
+#endif /* HAVE_LOGIN_CAP_H */
+	/*
+	 * Initialize group vector
+	 */
+	runas_setgroups();
+#ifdef HAVE_SETEUID
+	if (setegid(gid))
+	    warning("cannot set egid to runas gid");
+#endif
+	if (setgid(gid))
+	    warning("cannot set gid to runas gid");
+    }
+}
diff --git a/sudo-1.7.4p4/setsid.c b/sudo-1.7.4p4/setsid.c
new file mode 100644
index 0000000..d8bba8b
--- /dev/null
+++ b/sudo-1.7.4p4/setsid.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+
+#include <fcntl.h>
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+
+#include <pathnames.h>
+#include <compat.h>
+
+pid_t
+setsid()
+{
+    int fd;
+
+#ifdef SETPGRP_VOID
+    if (setpgrp() == -1)
+#else
+    if (setpgrp(0, 0) == -1)
+#endif
+	return -1;
+# ifdef TIOCNOTTY
+    if ((fd = open(_PATH_TTY, O_RDWR, 0644)) != -1) {
+        (void) ioctl(fd, TIOCNOTTY, NULL);
+        close(fd);
+    }
+# endif
+    return getpid();
+}
diff --git a/sudo-1.7.4p4/sigaction.c b/sudo-1.7.4p4/sigaction.c
new file mode 100644
index 0000000..e34d471
--- /dev/null
+++ b/sudo-1.7.4p4/sigaction.c
@@ -0,0 +1,137 @@
+/*
+ * Copyright (c) 2001-2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <signal.h>
+#include <errno.h>
+
+#include <compat.h>
+
+int
+sigaction(signo, sa, osa)
+    int signo;
+    const sigaction_t *sa;
+    sigaction_t *osa;
+{
+    sigaction_t nsa;
+    int error;
+
+    /* We must reverse SV_INTERRUPT since it is the opposite of SA_RESTART */
+    if (sa) {
+	nsa = *sa;
+	nsa.sa_flags ^= SV_INTERRUPT;
+	sa = &nsa;
+    }
+
+    error = sigvec(signo, sa, osa);
+    if (!error && osa)
+	osa->sa_flags ^= SV_INTERRUPT;		/* flip SV_INTERRUPT as above */
+
+    return(error);
+}
+
+int
+sigemptyset(set)
+    sigset_t *set;
+{
+
+    *set = 0;
+    return(0);
+}
+
+int
+sigfillset(set)
+    sigset_t *set;
+{
+
+    *set = ~0;;
+    return(0);
+}
+
+int
+sigaddset(set, signo)
+    sigset_t *set;
+    int signo;
+{
+
+    if (signo <= 0 || signo >= NSIG) {
+	errno = EINVAL;
+	return(-1);
+    }
+
+    SET(*set, sigmask(signo));
+    return(0);
+}
+
+int
+sigdelset(set, signo)
+    sigset_t *set;
+    int signo;
+{
+
+    if (signo <= 0 || signo >= NSIG) {
+	errno = EINVAL;
+	return(-1);
+    }
+
+    CLR(*set, sigmask(signo));
+    return(0);
+}
+
+int
+sigismember(set, signo)
+    sigset_t *set;
+    int signo;
+{
+
+    return(ISSET(*set, sigmask(signo)));
+}
+
+int
+sigprocmask(how, set, oset)
+    int how;
+    const sigset_t *set;
+    sigset_t *oset;
+{
+    int mask;
+
+    /* If 'set' is NULL the user just wants the current signal mask. */
+    if (set == 0)
+	mask = sigblock(0);
+    else
+	switch (how) {
+	    case SIG_BLOCK:
+		mask = sigblock(*set);
+		break;
+	    case SIG_UNBLOCK:
+		mask = sigsetmask(~*set);
+		break;
+	    case SIG_SETMASK:
+		mask = sigsetmask(*set);
+		break;
+	    default:
+		return(-1);
+	}
+
+    if (mask == -1)
+	return(-1);
+    if (oset)
+	*oset = mask;
+    return(0);
+}
diff --git a/sudo-1.7.4p4/siglist.in b/sudo-1.7.4p4/siglist.in
new file mode 100644
index 0000000..f149eb5
--- /dev/null
+++ b/sudo-1.7.4p4/siglist.in
@@ -0,0 +1,56 @@
+#
+# List of signals used to build sys_siglist (see mksiglist.c)
+# Adapted from pdksh; public domain
+#
+# Note that if a system has multiple defines for the same signal
+# (eg, SIGABRT vs SIGIOT, SIGCHLD vs SIGCLD), only the first one
+# will be seen, so the order in this list is important.
+#
+    HUP     Hangup
+    INT     Interrupt
+    QUIT    Quit
+    ILL     Illegal instruction
+    TRAP    Trace trap
+# before IOT (ABRT is posix and ABRT is sometimes the same as IOT)
+    ABRT    Abort
+    IOT     IOT instruction
+    EMT     EMT trap
+    FPE     Floating point exception
+    KILL    Killed
+# before BUS (Older Linux doesn't really have a BUS, but defines it to UNUSED)
+    UNUSED  Unused
+    BUS     Bus error
+    SEGV    Memory fault
+    SYS     Bad system call
+    PIPE    Broken pipe
+    ALRM    Alarm clock
+    TERM    Terminated
+    STKFLT  Stack fault
+# before POLL (POLL is sometimes the same as IO)
+    IO      I/O possible
+    XCPU    CPU time limit exceeded
+    XFSZ    File size limit exceeded
+    VTALRM  Virtual timer expired
+    PROF    Profiling timer expired
+    WINCH   Window size change
+    LOST    File lock lost
+    USR1    User defined signal 1
+    USR2    User defined signal 2
+    PWR     Power-fail/Restart
+    POLL    Pollable event occurred
+    STOP    Stopped (signal)
+    TSTP    Stopped
+    CONT    Continued
+# before CLD (CHLD is posix and CHLD is sometimes the same as CLD)
+    CHLD    Child exited
+    CLD     Child exited
+    TTIN    Stopped (tty input)
+    TTOU    Stopped (tty output)
+    INFO    Information request
+    URG     Urgent I/O condition
+# Solaris (svr4?) signals
+    WAITING No runnable LWPs
+    LWP	    Inter-LWP signal
+    FREEZE  Checkpoint freeze
+    THAW    Checkpoint thaw
+    CANCEL  Thread cancellation
diff --git a/sudo-1.7.4p4/snprintf.c b/sudo-1.7.4p4/snprintf.c
new file mode 100644
index 0000000..4123a9d
--- /dev/null
+++ b/sudo-1.7.4p4/snprintf.c
@@ -0,0 +1,774 @@
+/*
+ * Copyright (c) 1999-2005, 2008, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Chris Torek.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * From: @(#)vfprintf.c	8.1 (Berkeley) 6/4/93
+ */
+
+/*
+ * v?snprintf/v?asprintf based on 4.4BSD stdio.
+ * NOTE: does not support floating point.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+#  include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+# include <malloc.h>
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#include <limits.h>
+
+#ifdef __STDC__
+# include <stdarg.h>
+#else
+# include <varargs.h>
+#endif
+
+#include <compat.h>
+
+static int xxxprintf	 __P((char **, size_t, int, const char *, va_list));
+
+/*
+ * Some systems may not have these defined in <limits.h>
+ */
+#ifndef ULONG_MAX
+# define ULONG_MAX	((unsigned long)-1)
+#endif
+#ifndef LONG_MAX
+# define LONG_MAX	(ULONG_MAX / 2)
+#endif
+#ifdef HAVE_LONG_LONG_INT
+# ifndef ULLONG_MAX
+#  ifdef UQUAD_MAX
+#   define ULLONG_MAX	UQUAD_MAX
+#  else
+#   define ULLONG_MAX	((unsigned long long)-1)
+#  endif
+# endif
+# ifndef LLONG_MAX
+#  ifdef QUAD_MAX
+#   define LLONG_MAX	QUAD_MAX
+#  else
+#   define LLONG_MAX	(ULLONG_MAX / 2)
+#  endif
+# endif
+#endif /* HAVE_LONG_LONG_INT */
+
+/*
+ * Macros for converting digits to letters and vice versa
+ */
+#define	to_digit(c)	((c) - '0')
+#define is_digit(c)	((unsigned int)to_digit(c) <= 9)
+#define	to_char(n)	((n) + '0')
+
+/*
+ * Flags used during conversion.
+ */
+#define	ALT		0x001		/* alternate form */
+#define	HEXPREFIX	0x002		/* add 0x or 0X prefix */
+#define	LADJUST		0x004		/* left adjustment */
+#define	LONGDBL		0x008		/* long double; unimplemented */
+#define	LONGINT		0x010		/* long integer */
+#define	QUADINT		0x020		/* quad integer */
+#define	SHORTINT	0x040		/* short integer */
+#define	ZEROPAD		0x080		/* zero (as opposed to blank) pad */
+
+#define BUF		68
+
+#ifndef HAVE_MEMCHR
+void *
+memchr(s, c, n)
+	const void *s;
+	unsigned char c;
+	size_t n;
+{
+	if (n != 0) {
+		const unsigned char *p = s;
+
+		do {
+			if (*p++ == c)
+				return ((void *)(p - 1));
+		} while (--n != 0);
+	}
+	return (NULL);
+}
+#endif /* !HAVE_MEMCHR */
+
+/*
+ * Convert an unsigned long to ASCII for printf purposes, returning
+ * a pointer to the first character of the string representation.
+ * Octal numbers can be forced to have a leading zero; hex numbers
+ * use the given digits.
+ */
+static char *
+__ultoa(val, endp, base, octzero, xdigs)
+	unsigned long val;
+	char *endp;
+	int base, octzero;
+	char *xdigs;
+{
+	char *cp = endp;
+	long sval;
+
+	/*
+	 * Handle the three cases separately, in the hope of getting
+	 * better/faster code.
+	 */
+	switch (base) {
+	case 10:
+		if (val < 10) {	/* many numbers are 1 digit */
+			*--cp = to_char(val);
+			return (cp);
+		}
+		/*
+		 * On many machines, unsigned arithmetic is harder than
+		 * signed arithmetic, so we do at most one unsigned mod and
+		 * divide; this is sufficient to reduce the range of
+		 * the incoming value to where signed arithmetic works.
+		 */
+		if (val > LONG_MAX) {
+			*--cp = to_char(val % 10);
+			sval = val / 10;
+		} else
+			sval = val;
+		do {
+			*--cp = to_char(sval % 10);
+			sval /= 10;
+		} while (sval != 0);
+		break;
+
+	case 8:
+		do {
+			*--cp = to_char(val & 7);
+			val >>= 3;
+		} while (val);
+		if (octzero && *cp != '0')
+			*--cp = '0';
+		break;
+
+	case 16:
+		do {
+			*--cp = xdigs[val & 15];
+			val >>= 4;
+		} while (val);
+		break;
+
+	default:			/* oops */
+		abort();
+	}
+	return (cp);
+}
+
+/* Identical to __ultoa, but for quads. */
+#ifdef HAVE_LONG_LONG_INT
+# if SIZEOF_LONG_INT == 8
+#  define __uqtoa(v, e, b, o, x) __ultoa((unsigned long)(v), (e), (b), (o), (x))
+# else
+static char *
+__uqtoa(val, endp, base, octzero, xdigs)
+	unsigned long long val;
+	char *endp;
+	int base, octzero;
+	char *xdigs;
+{
+	char *cp = endp;
+	long long sval;
+
+	/* quick test for small values; __ultoa is typically much faster */
+	/* (perhaps instead we should run until small, then call __ultoa?) */
+	if (val <= (unsigned long long)ULONG_MAX)
+		return (__ultoa((unsigned long)val, endp, base, octzero, xdigs));
+	switch (base) {
+	case 10:
+		if (val < 10) {
+			*--cp = to_char(val % 10);
+			return (cp);
+		}
+		if (val > LLONG_MAX) {
+			*--cp = to_char(val % 10);
+			sval = val / 10;
+		} else
+			sval = val;
+		do {
+			*--cp = to_char(sval % 10);
+			sval /= 10;
+		} while (sval != 0);
+		break;
+
+	case 8:
+		do {
+			*--cp = to_char(val & 7);
+			val >>= 3;
+		} while (val);
+		if (octzero && *cp != '0')
+			*--cp = '0';
+		break;
+
+	case 16:
+		do {
+			*--cp = xdigs[val & 15];
+			val >>= 4;
+		} while (val);
+		break;
+
+	default:			/* oops */
+		abort();
+	}
+	return (cp);
+}
+# endif /* !SIZEOF_LONG_INT */
+#endif /* HAVE_LONG_LONG_INT */
+
+/*
+ * Actual printf innards.
+ */
+static int
+xxxprintf(strp, strsize, alloc, fmt0, ap)
+	char **strp;
+	size_t strsize;
+	int alloc;
+	const char *fmt0;
+	va_list ap;
+{
+	char *fmt;		/* format string */
+	int ch;			/* character from fmt */
+	int n;			/* handy integer (short term usage) */
+	char *cp;		/* handy char pointer (short term usage) */
+	int flags;		/* flags as above */
+	int ret;		/* return value accumulator */
+	int width;		/* width from format (%8d), or 0 */
+	int prec;		/* precision from format (%.3d), or -1 */
+	char sign;		/* sign prefix (' ', '+', '-', or \0) */
+	unsigned long ulval;	/* integer arguments %[diouxX] */
+#ifdef HAVE_LONG_LONG_INT
+	unsigned long long uqval; /* %q (quad) integers */
+#endif
+	int base;		/* base for [diouxX] conversion */
+	int dprec;		/* a copy of prec if [diouxX], 0 otherwise */
+	int fieldsz;		/* field size expanded by sign, etc */
+	int realsz;		/* field size expanded by dprec */
+	int size;		/* size of converted field or string */
+	char *xdigs;		/* digits for [xX] conversion */
+	char buf[BUF];		/* space for %c, %[diouxX], %[eEfgG] */
+	char ox[2];		/* space for 0x hex-prefix */
+	char *str;		/* pointer to string to fill */
+	char *estr;		/* pointer to last char in str */
+
+	/*
+	 * Choose PADSIZE to trade efficiency vs. size.  If larger printf
+	 * fields occur frequently, increase PADSIZE and make the initialisers
+	 * below longer.
+	 */
+#define	PADSIZE	16		/* pad chunk size */
+	static char blanks[PADSIZE] =
+	 {' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' ',' '};
+	static char zeroes[PADSIZE] =
+	 {'0','0','0','0','0','0','0','0','0','0','0','0','0','0','0','0'};
+
+	/* Print chars to "str", (allocate as needed if alloc is set). */
+#define	PRINT(ptr, len) do { \
+	const char *p = ptr; \
+	const char *endp = ptr + len; \
+	while (p < endp && (str < estr || alloc)) { \
+		if (alloc && str >= estr) { \
+			char *t; \
+			strsize = (strsize << 1) + 1; \
+			if (!(t = (char *)realloc(*strp, strsize))) { \
+				free(str); \
+				*strp = NULL; \
+				ret = -1; \
+				goto done; \
+			} \
+			str = t + (str - *strp); \
+			estr = t + strsize - 1; \
+			*strp = t; \
+		} \
+		*str++ = *p++; \
+	} \
+} while (0)
+
+	/* BEWARE, PAD uses `n'. */
+#define	PAD(howmany, with) do { \
+	if ((n = (howmany)) > 0) { \
+		while (n > PADSIZE) { \
+			PRINT(with, PADSIZE); \
+			n -= PADSIZE; \
+		} \
+		PRINT(with, n); \
+	} \
+} while (0)
+
+	/*
+	 * To extend shorts properly, we need both signed and unsigned
+	 * argument extraction methods.
+	 */
+#define	SARG() \
+	(flags&LONGINT ? va_arg(ap, long) : \
+	    flags&SHORTINT ? (long)(short)va_arg(ap, int) : \
+	    (long)va_arg(ap, int))
+#define	UARG() \
+	(flags&LONGINT ? va_arg(ap, unsigned long) : \
+	    flags&SHORTINT ? (unsigned long)(unsigned short)va_arg(ap, int) : \
+	    (unsigned long)va_arg(ap, unsigned int))
+
+	fmt = (char *)fmt0;
+	ret = 0;
+
+	if (alloc) {
+		strsize = 128;
+		*strp = str = (char *)malloc(strsize);
+		if (str == NULL) {
+			ret = -1;
+			goto done;
+		}
+		estr = str + 127;
+	} else {
+		str = *strp;
+		if (strsize)
+			estr = str + strsize - 1;
+		else
+			estr = NULL;
+	}
+
+	/*
+	 * Scan the format for conversions (`%' character).
+	 */
+	for (;;) {
+		for (cp = fmt; (ch = *fmt) != '\0' && ch != '%'; fmt++)
+			/* void */;
+		if ((n = fmt - cp) != 0) {
+			PRINT(cp, n);
+			ret += n;
+		}
+		if (ch == '\0')
+			goto done;
+		fmt++;		/* skip over '%' */
+
+		flags = 0;
+		dprec = 0;
+		width = 0;
+		prec = -1;
+		sign = '\0';
+
+rflag:		ch = *fmt++;
+reswitch:	switch (ch) {
+		case ' ':
+			/*
+			 * ``If the space and + flags both appear, the space
+			 * flag will be ignored.''
+			 *	-- ANSI X3J11
+			 */
+			if (!sign)
+				sign = ' ';
+			goto rflag;
+		case '#':
+			flags |= ALT;
+			goto rflag;
+		case '*':
+			/*
+			 * ``A negative field width argument is taken as a
+			 * - flag followed by a positive field width.''
+			 *	-- ANSI X3J11
+			 * They don't exclude field widths read from args.
+			 */
+			if ((width = va_arg(ap, int)) >= 0)
+				goto rflag;
+			width = -width;
+			/* FALLTHROUGH */
+		case '-':
+			flags |= LADJUST;
+			goto rflag;
+		case '+':
+			sign = '+';
+			goto rflag;
+		case '.':
+			if ((ch = *fmt++) == '*') {
+				n = va_arg(ap, int);
+				prec = n < 0 ? -1 : n;
+				goto rflag;
+			}
+			n = 0;
+			while (is_digit(ch)) {
+				n = 10 * n + to_digit(ch);
+				ch = *fmt++;
+			}
+			prec = n < 0 ? -1 : n;
+			goto reswitch;
+		case '0':
+			/*
+			 * ``Note that 0 is taken as a flag, not as the
+			 * beginning of a field width.''
+			 *	-- ANSI X3J11
+			 */
+			flags |= ZEROPAD;
+			goto rflag;
+		case '1': case '2': case '3': case '4':
+		case '5': case '6': case '7': case '8': case '9':
+			n = 0;
+			do {
+				n = 10 * n + to_digit(ch);
+				ch = *fmt++;
+			} while (is_digit(ch));
+			width = n;
+			goto reswitch;
+		case 'h':
+			flags |= SHORTINT;
+			goto rflag;
+		case 'l':
+			flags |= LONGINT;
+			goto rflag;
+#ifdef HAVE_LONG_LONG_INT
+		case 'q':
+			flags |= QUADINT;
+			goto rflag;
+#endif /* HAVE_LONG_LONG_INT */
+		case 'c':
+			*(cp = buf) = va_arg(ap, int);
+			size = 1;
+			sign = '\0';
+			break;
+		case 'D':
+			flags |= LONGINT;
+			/*FALLTHROUGH*/
+		case 'd':
+		case 'i':
+#ifdef HAVE_LONG_LONG_INT
+			if (flags & QUADINT) {
+				uqval = va_arg(ap, long long);
+				if ((long long)uqval < 0) {
+					uqval = -uqval;
+					sign = '-';
+				}
+			}
+			else
+#endif /* HAVE_LONG_LONG_INT */
+			{
+				ulval = SARG();
+				if ((long)ulval < 0) {
+					ulval = -ulval;
+					sign = '-';
+				}
+			}
+			base = 10;
+			goto number;
+		case 'n':
+#ifdef HAVE_LONG_LONG_INT
+			if (flags & QUADINT)
+				*va_arg(ap, long long *) = ret;
+			else
+#endif /* HAVE_LONG_LONG_INT */
+			if (flags & LONGINT)
+				*va_arg(ap, long *) = ret;
+			else if (flags & SHORTINT)
+				*va_arg(ap, short *) = ret;
+			else
+				*va_arg(ap, int *) = ret;
+			continue;	/* no output */
+		case 'O':
+			flags |= LONGINT;
+			/*FALLTHROUGH*/
+		case 'o':
+#ifdef HAVE_LONG_LONG_INT
+			if (flags & QUADINT)
+				uqval = va_arg(ap, unsigned long long);
+			else
+#endif /* HAVE_LONG_LONG_INT */
+				ulval = UARG();
+			base = 8;
+			goto nosign;
+		case 'p':
+			/*
+			 * ``The argument shall be a pointer to void.  The
+			 * value of the pointer is converted to a sequence
+			 * of printable characters, in an implementation-
+			 * defined manner.''
+			 *	-- ANSI X3J11
+			 */
+			ulval = (unsigned long)va_arg(ap, void *);
+			base = 16;
+			xdigs = "0123456789abcdef";
+			flags = (flags & ~QUADINT) | HEXPREFIX;
+			ch = 'x';
+			goto nosign;
+		case 's':
+			if ((cp = va_arg(ap, char *)) == NULL)
+				cp = "(null)";
+			if (prec >= 0) {
+				/*
+				 * can't use strlen; can only look for the
+				 * NUL in the first `prec' characters, and
+				 * strlen() will go further.
+				 */
+				char *p = memchr(cp, 0, prec);
+
+				if (p != NULL) {
+					size = p - cp;
+					if (size > prec)
+						size = prec;
+				} else
+					size = prec;
+			} else
+				size = strlen(cp);
+			sign = '\0';
+			break;
+		case 'U':
+			flags |= LONGINT;
+			/*FALLTHROUGH*/
+		case 'u':
+#ifdef HAVE_LONG_LONG_INT
+			if (flags & QUADINT)
+				uqval = va_arg(ap, unsigned long long);
+			else
+#endif /* HAVE_LONG_LONG_INT */
+				ulval = UARG();
+			base = 10;
+			goto nosign;
+		case 'X':
+			xdigs = "0123456789ABCDEF";
+			goto hex;
+		case 'x':
+			xdigs = "0123456789abcdef";
+hex:
+#ifdef HAVE_LONG_LONG_INT
+			if (flags & QUADINT)
+				uqval = va_arg(ap, unsigned long long);
+			else
+#endif /* HAVE_LONG_LONG_INT */
+				ulval = UARG();
+			base = 16;
+			/* leading 0x/X only if non-zero */
+			if (flags & ALT &&
+#ifdef HAVE_LONG_LONG_INT
+			    (flags & QUADINT ? uqval != 0 : ulval != 0))
+#else
+			    ulval != 0)
+#endif /* HAVE_LONG_LONG_INT */
+				flags |= HEXPREFIX;
+
+			/* unsigned conversions */
+nosign:			sign = '\0';
+			/*
+			 * ``... diouXx conversions ... if a precision is
+			 * specified, the 0 flag will be ignored.''
+			 *	-- ANSI X3J11
+			 */
+number:			if ((dprec = prec) >= 0)
+				flags &= ~ZEROPAD;
+
+			/*
+			 * ``The result of converting a zero value with an
+			 * explicit precision of zero is no characters.''
+			 *	-- ANSI X3J11
+			 */
+			cp = buf + BUF;
+#ifdef HAVE_LONG_LONG_INT
+			if (flags & QUADINT) {
+				if (uqval != 0 || prec != 0)
+					cp = __uqtoa(uqval, cp, base,
+					    flags & ALT, xdigs);
+			}
+			else
+#endif /* HAVE_LONG_LONG_INT */
+			{
+				if (ulval != 0 || prec != 0)
+					cp = __ultoa(ulval, cp, base,
+					    flags & ALT, xdigs);
+			}
+			size = buf + BUF - cp;
+			break;
+		default:	/* "%?" prints ?, unless ? is NUL */
+			if (ch == '\0')
+				goto done;
+			/* pretend it was %c with argument ch */
+			cp = buf;
+			*cp = ch;
+			size = 1;
+			sign = '\0';
+			break;
+		}
+
+		/*
+		 * All reasonable formats wind up here.  At this point, `cp'
+		 * points to a string which (if not flags&LADJUST) should be
+		 * padded out to `width' places.  If flags&ZEROPAD, it should
+		 * first be prefixed by any sign or other prefix; otherwise,
+		 * it should be blank padded before the prefix is emitted.
+		 * After any left-hand padding and prefixing, emit zeroes
+		 * required by a decimal [diouxX] precision, then print the
+		 * string proper, then emit zeroes required by any leftover
+		 * floating precision; finally, if LADJUST, pad with blanks.
+		 *
+		 * Compute actual size, so we know how much to pad.
+		 * fieldsz excludes decimal prec; realsz includes it.
+		 */
+		fieldsz = size;
+		if (sign)
+			fieldsz++;
+		else if (flags & HEXPREFIX)
+			fieldsz += 2;
+		realsz = dprec > fieldsz ? dprec : fieldsz;
+
+		/* right-adjusting blank padding */
+		if ((flags & (LADJUST|ZEROPAD)) == 0)
+			PAD(width - realsz, blanks);
+
+		/* prefix */
+		if (sign) {
+			PRINT(&sign, 1);
+		} else if (flags & HEXPREFIX) {
+			ox[0] = '0';
+			ox[1] = ch;
+			PRINT(ox, 2);
+		}
+
+		/* right-adjusting zero padding */
+		if ((flags & (LADJUST|ZEROPAD)) == ZEROPAD)
+			PAD(width - realsz, zeroes);
+
+		/* leading zeroes from decimal precision */
+		PAD(dprec - fieldsz, zeroes);
+
+		/* the string or number proper */
+		PRINT(cp, size);
+
+		/* left-adjusting padding (always blank) */
+		if (flags & LADJUST)
+			PAD(width - realsz, blanks);
+
+		/* finally, adjust ret */
+		ret += width > realsz ? width : realsz;
+	}
+done:
+	if (strsize)
+		*str = '\0';
+	return (ret);
+	/* NOTREACHED */
+}
+
+#ifndef HAVE_VSNPRINTF
+int
+vsnprintf(str, n, fmt, ap)
+	char *str;
+	size_t n;
+	const char *fmt;
+	va_list ap;
+{
+
+	return (xxxprintf(&str, n, 0, fmt, ap));
+}
+#endif /* HAVE_VSNPRINTF */
+
+#ifndef HAVE_SNPRINTF
+int
+#ifdef __STDC__
+snprintf(char *str, size_t n, char const *fmt, ...)
+#else
+snprintf(str, n, fmt, va_alist)
+	char *str;
+	size_t n;
+	char const *fmt;
+	va_dcl
+#endif
+{
+	int ret;
+	va_list ap;
+
+#ifdef __STDC__
+	va_start(ap, fmt);
+#else
+	va_start(ap);
+#endif
+	ret = xxxprintf(&str, n, 0, fmt, ap);
+	va_end(ap);
+	return (ret);
+}
+#endif /* HAVE_SNPRINTF */
+
+#ifndef HAVE_VASPRINTF
+int
+vasprintf(str, fmt, ap)
+	char **str;
+	const char *fmt;
+	va_list ap;
+{
+
+	return (xxxprintf(str, 0, 1, fmt, ap));
+}
+#endif /* HAVE_VASPRINTF */
+
+#ifndef HAVE_ASPRINTF
+int
+#ifdef __STDC__
+asprintf(char **str, char const *fmt, ...)
+#else
+asprintf(str, fmt, va_alist)
+	char **str;
+	char const *fmt;
+	va_dcl
+#endif
+{
+	int ret;
+	va_list ap;
+
+#ifdef __STDC__
+	va_start(ap, fmt);
+#else
+	va_start(ap);
+#endif
+	ret = xxxprintf(str, 0, 1, fmt, ap);
+	va_end(ap);
+	return (ret);
+}
+#endif /* HAVE_ASPRINTF */
diff --git a/sudo-1.7.4p4/strcasecmp.c b/sudo-1.7.4p4/strcasecmp.c
new file mode 100644
index 0000000..d14fdfb
--- /dev/null
+++ b/sudo-1.7.4p4/strcasecmp.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2004-2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+#include <config.h>
+#include <compat.h>
+
+/*
+ * Case insensitive string compare routines, same semantics as str[n]cmp()
+ * (assumes ASCII..).
+ * Derived from a public domain implementation included with the pdksh shell.
+ */
+static const char ichars[256] = {
+	   0,  0x1,  0x2,  0x3,  0x4,  0x5,  0x6,  0x7,
+	 0x8,  0x9,  0xa,  0xb,  0xc,  0xd,  0xe,  0xf,
+	0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+	0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+	0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+	0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+	0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+	0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+	0x40,  'a',  'b',  'c',  'd',  'e',  'f',  'g',
+	 'h',  'i',  'j',  'k',  'l',  'm',  'n',  'o',
+	 'p',  'q',  'r',  's',  't',  'u',  'v',  'w',
+	 'x',  'y',  'z', 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+	0x60,  'a',  'b',  'c',  'd',  'e',  'f',  'g',
+	 'h',  'i',  'j',  'k',  'l',  'm',  'n',  'o',
+	 'p',  'q',  'r',  's',  't',  'u',  'v',  'w',
+	 'x',  'y',  'z', 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
+	0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+	0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+	0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+	0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
+	0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+	0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
+	0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+	0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+	0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+	0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
+	0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
+	0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
+	0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+	0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+	0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+	0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
+};
+
+int
+strcasecmp(s1, s2)
+	const char *s1;
+	const char *s2;
+{
+	const unsigned char *us1 = (const unsigned char *) s1;
+	const unsigned char *us2 = (const unsigned char *) s2;
+
+	while (ichars[*us1] == ichars[*us2++]) {
+		if (*us1++ == '\0')
+			return 0;
+	}
+	return ichars[*us1] - ichars[*--us2];
+}
+
+int
+strncasecmp(s1, s2, n)
+	const char *s1;
+	const char *s2;
+	size_t n;
+{
+	const unsigned char *us1 = (const unsigned char *) s1;
+	const unsigned char *us2 = (const unsigned char *) s2;
+
+	while (n != 0 && ichars[*us1] == ichars[*us2++]) {
+		if (*us1++ == '\0')
+			return 0;
+		n--;
+	}
+	return n ? ichars[*us1] - ichars[*--us2] : 0;
+}
diff --git a/sudo-1.7.4p4/strerror.c b/sudo-1.7.4p4/strerror.c
new file mode 100644
index 0000000..cacd3f6
--- /dev/null
+++ b/sudo-1.7.4p4/strerror.c
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 1999-2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <stdio.h>
+#include <errno.h>
+
+#include <config.h>
+#include <compat.h>
+
+/*
+ * Map errno -> error string.
+ */
+char *
+strerror(n)
+    int n;
+{
+    extern int sys_nerr;
+    extern char *sys_errlist[];
+
+    if (n > 0 && n < sys_nerr)
+	return(sys_errlist[n]);
+    errno = EINVAL;
+    return("Unknown error");
+}
diff --git a/sudo-1.7.4p4/strlcat.c b/sudo-1.7.4p4/strlcat.c
new file mode 100644
index 0000000..97a803b
--- /dev/null
+++ b/sudo-1.7.4p4/strlcat.c
@@ -0,0 +1,62 @@
+/*	$OpenBSD: strlcat.c,v 1.8 2001/05/13 15:40:15 deraadt Exp $	*/
+
+/*
+ * Copyright (c) 1998, 2003-2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+#include <string.h>
+
+#include <config.h>
+#include <compat.h>
+
+
+/*
+ * Appends src to string dst of size siz (unlike strncat, siz is the
+ * full size of dst, not space left).  At most siz-1 characters
+ * will be copied.  Always NUL terminates (unless siz <= strlen(dst)).
+ * Returns strlen(src) + MIN(siz, strlen(initial dst)).
+ * If retval >= siz, truncation occurred.
+ */
+size_t
+strlcat(dst, src, siz)
+	char *dst;
+	const char *src;
+	size_t siz;
+{
+	char *d = dst;
+	const char *s = src;
+	size_t n = siz;
+	size_t dlen;
+
+	/* Find the end of dst and adjust bytes left but don't go past end */
+	while (n-- != 0 && *d != '\0')
+		d++;
+	dlen = d - dst;
+	n = siz - dlen;
+
+	if (n == 0)
+		return(dlen + strlen(s));
+	while (*s != '\0') {
+		if (n != 1) {
+			*d++ = *s;
+			n--;
+		}
+		s++;
+	}
+	*d = '\0';
+
+	return(dlen + (s - src));	/* count does not include NUL */
+}
diff --git a/sudo-1.7.4p4/strlcpy.c b/sudo-1.7.4p4/strlcpy.c
new file mode 100644
index 0000000..8d301c3
--- /dev/null
+++ b/sudo-1.7.4p4/strlcpy.c
@@ -0,0 +1,56 @@
+/*	$OpenBSD: strlcpy.c,v 1.5 2001/05/13 15:40:16 deraadt Exp $	*/
+
+/*
+ * Copyright (c) 1998, 2003-2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+
+#include <config.h>
+#include <compat.h>
+
+/*
+ * Copy src to string dst of size siz.  At most siz-1 characters
+ * will be copied.  Always NUL terminates (unless siz == 0).
+ * Returns strlen(src); if retval >= siz, truncation occurred.
+ */
+size_t
+strlcpy(dst, src, siz)
+	char *dst;
+	const char *src;
+	size_t siz;
+{
+	char *d = dst;
+	const char *s = src;
+	size_t n = siz;
+
+	/* Copy as many bytes as will fit */
+	if (n != 0 && --n != 0) {
+		do {
+			if ((*d++ = *s++) == 0)
+				break;
+		} while (--n != 0);
+	}
+
+	/* Not enough room in dst, add NUL and traverse rest of src */
+	if (n == 0) {
+		if (siz != 0)
+			*d = '\0';		/* NUL-terminate dst */
+		while (*s++)
+			;
+	}
+
+	return(s - src - 1);	/* count does not include NUL */
+}
diff --git a/sudo-1.7.4p4/strsignal.c b/sudo-1.7.4p4/strsignal.c
new file mode 100644
index 0000000..cead4ad
--- /dev/null
+++ b/sudo-1.7.4p4/strsignal.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdio.h>
+#include <signal.h>
+
+#include <config.h>
+#include <compat.h>
+
+#if defined(HAVE_DECL_SYS_SIGLIST) && HAVE_DECL_SYS_SIGLIST == 1
+# define my_sys_siglist	sys_siglist
+#elif defined(HAVE_DECL__SYS_SIGLIST) && HAVE_DECL__SYS_SIGLIST == 1
+# define my_sys_siglist	_sys_siglist
+#elif defined(HAVE_DECL___SYS_SIGLIST) && HAVE_DECL___SYS_SIGLIST == 1
+# define my_sys_siglist	__sys_siglist
+#else
+extern const char *const my_sys_siglist[NSIG];
+#endif
+
+/*
+ * Get signal description string
+ */
+char *
+strsignal(signo)
+    int signo;
+{
+    if (signo > 0 && signo < NSIG)
+	return((char *)my_sys_siglist[signo]);
+    return("Unknown signal");
+}
diff --git a/sudo-1.7.4p4/sudo.c b/sudo-1.7.4p4/sudo.c
new file mode 100644
index 0000000..159a2c8
--- /dev/null
+++ b/sudo-1.7.4p4/sudo.c
@@ -0,0 +1,1403 @@
+/*
+ * Copyright (c) 1993-1996, 1998-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ *
+ * For a brief history of sudo, please see the HISTORY file included
+ * with this distribution.
+ */
+
+#define _SUDO_MAIN
+
+#ifdef __TANDEM
+# include <floss.h>
+#endif
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#ifdef HAVE_SETRLIMIT
+# include <sys/time.h>
+# include <sys/resource.h>
+#endif
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+#  include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <grp.h>
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+#ifdef HAVE_SETLOCALE
+# include <locale.h>
+#endif
+#include <netinet/in.h>
+#include <netdb.h>
+#if defined(HAVE_GETPRPWNAM) && defined(HAVE_SET_AUTH_PARAMETERS)
+# ifdef __hpux
+#  undef MAXINT
+#  include <hpsecurity.h>
+# else
+#  include <sys/security.h>
+# endif /* __hpux */
+# include <prot.h>
+#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */
+#ifdef HAVE_LOGIN_CAP_H
+# include <login_cap.h>
+# ifndef LOGIN_DEFROOTCLASS
+#  define LOGIN_DEFROOTCLASS	"daemon"
+# endif
+#endif
+#ifdef HAVE_PROJECT_H
+# include <project.h>
+# include <sys/task.h>
+#endif
+#ifdef HAVE_MBR_CHECK_MEMBERSHIP
+# include <membership.h>
+#endif
+
+#include "sudo.h"
+#include "lbuf.h"
+#include "interfaces.h"
+#include <sudo_usage.h>
+
+#ifdef USING_NONUNIX_GROUPS
+# include "nonunix.h"
+#endif
+
+#if defined(HAVE_PAM) && !defined(NO_PAM_SESSION)
+# define CMND_WAIT	TRUE
+#else
+# define CMND_WAIT	FALSE
+#endif
+
+/*
+ * Prototypes
+ */
+static void init_vars			__P((char **));
+static int set_cmnd			__P((int));
+static void initial_setup		__P((void));
+static void set_loginclass		__P((struct passwd *));
+static void set_project			__P((struct passwd *));
+static void set_runasgr			__P((char *));
+static void set_runaspw			__P((char *));
+static void show_version		__P((void));
+static struct passwd *get_authpw	__P((void));
+static void create_admin_success_flag	__P((void));
+extern int sudo_edit			__P((int, char **, char **));
+int run_command __P((const char *path, char *argv[], char *envp[], uid_t uid, int dowait)); /* XXX should be in sudo.h */
+
+/*
+ * Globals
+ */
+int Argc, NewArgc;
+char **Argv, **NewArgv;
+char *prev_user;
+int user_closefrom = -1;
+struct sudo_user sudo_user;
+struct passwd *auth_pw, *list_pw;
+struct interface *interfaces;
+int num_interfaces;
+int tgetpass_flags;
+int long_list;
+uid_t timestamp_uid;
+extern int errorlineno;
+extern int parse_error;
+extern char *errorfile;
+#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL)
+static struct rlimit corelimit;
+#endif /* RLIMIT_CORE && !SUDO_DEVEL */
+#if defined(__linux__)
+static struct rlimit nproclimit;
+#endif
+#ifdef HAVE_LOGIN_CAP_H
+login_cap_t *lc;
+#endif /* HAVE_LOGIN_CAP_H */
+sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp;
+char *runas_user;
+char *runas_group;
+static struct sudo_nss_list *snl;
+int sudo_mode;
+
+/* For getopt(3) */
+extern char *optarg;
+extern int optind;
+
+int
+main(argc, argv, envp)
+    int argc;
+    char *argv[];
+    char *envp[];
+{
+    int sources = 0, validated;
+    int fd, cmnd_status, pwflag, rc = 0;
+    sigaction_t sa;
+    struct sudo_nss *nss;
+#if defined(SUDO_DEVEL) && defined(__OpenBSD__)
+    extern char *malloc_options;
+    malloc_options = "AFGJPR";
+#endif
+
+#ifdef HAVE_SETLOCALE
+    setlocale(LC_ALL, "");
+#endif
+
+    Argv = argv;
+    if ((Argc = argc) < 1)
+	usage(1);
+
+    /* Must be done as the first thing... */
+#if defined(HAVE_GETPRPWNAM) && defined(HAVE_SET_AUTH_PARAMETERS)
+    (void) set_auth_parameters(Argc, Argv);
+# ifdef HAVE_INITPRIVS
+    initprivs();
+# endif
+#endif /* HAVE_GETPRPWNAM && HAVE_SET_AUTH_PARAMETERS */
+
+    if (geteuid() != 0)
+	errorx(1, "must be setuid root");
+
+    /*
+     * Signal setup:
+     *	Ignore keyboard-generated signals so the user cannot interrupt
+     *  us at some point and avoid the logging.
+     *  Install handler to wait for children when they exit.
+     */
+    zero_bytes(&sa, sizeof(sa));
+    sigemptyset(&sa.sa_mask);
+    sa.sa_flags = SA_RESTART;
+    sa.sa_handler = SIG_IGN;
+    (void) sigaction(SIGINT, &sa, &saved_sa_int);
+    (void) sigaction(SIGQUIT, &sa, &saved_sa_quit);
+    (void) sigaction(SIGTSTP, &sa, &saved_sa_tstp);
+
+    /* Initialize environment functions (including replacements). */
+    env_init(FALSE);
+
+    /*
+     * Turn off core dumps and make sure fds 0-2 are open.
+     */
+    initial_setup();
+    sudo_setpwent();
+    sudo_setgrent();
+
+    /* Parse our arguments. */
+    sudo_mode = parse_args(Argc, Argv);
+
+    /* Setup defaults data structures. */
+    init_defaults();
+
+    /* Load the list of local ip addresses and netmasks.  */
+    load_interfaces();
+
+    pwflag = 0;
+    if (ISSET(sudo_mode, MODE_SHELL))
+	user_cmnd = "shell";
+    else if (ISSET(sudo_mode, MODE_EDIT))
+	user_cmnd = "sudoedit";
+    else {
+	switch (sudo_mode) {
+	    case MODE_VERSION:
+		show_version();
+		break;
+	    case MODE_HELP:
+		usage(0);
+		break;
+	    case MODE_VALIDATE:
+	    case MODE_VALIDATE|MODE_INVALIDATE:
+		user_cmnd = "validate";
+		pwflag = I_VERIFYPW;
+		break;
+	    case MODE_KILL:
+	    case MODE_INVALIDATE:
+		user_cmnd = "kill";
+		pwflag = -1;
+		break;
+	    case MODE_LISTDEFS:
+		list_options();
+		exit(0);
+		break;
+	    case MODE_LIST:
+	    case MODE_LIST|MODE_INVALIDATE:
+		user_cmnd = "list";
+		pwflag = I_LISTPW;
+		break;
+	    case MODE_CHECK:
+	    case MODE_CHECK|MODE_INVALIDATE:
+		pwflag = I_LISTPW;
+		break;
+	}
+    }
+
+    /* Must have a command to run... */
+    if (user_cmnd == NULL && NewArgc == 0)
+	usage(1);
+
+    init_vars(envp);			/* XXX - move this later? */
+
+#ifdef USING_NONUNIX_GROUPS
+    sudo_nonunix_groupcheck_init();	/* initialise nonunix groups impl */
+#endif /* USING_NONUNIX_GROUPS */
+
+    /* Parse nsswitch.conf for sudoers order. */
+    snl = sudo_read_nss();
+
+    /* Open and parse sudoers, set global defaults */
+    tq_foreach_fwd(snl, nss) {
+	if (nss->open(nss) == 0 && nss->parse(nss) == 0) {
+	    sources++;
+	    if (nss->setdefs(nss) != 0)
+		log_error(NO_STDERR|NO_EXIT, "problem with defaults entries");
+	}
+    }
+    if (sources == 0)
+	log_error(0, "no valid sudoers sources found, quitting");
+
+    /* XXX - collect post-sudoers parse settings into a function */
+
+    /*
+     * Set runas passwd/group entries based on command line or sudoers.
+     * Note that if runas_group was specified without runas_user we
+     * defer setting runas_pw so the match routines know to ignore it.
+     */
+    if (runas_group != NULL) {
+	set_runasgr(runas_group);
+	if (runas_user != NULL)
+	    set_runaspw(runas_user);
+    } else
+	set_runaspw(runas_user ? runas_user : def_runas_default);
+
+    if (!update_defaults(SETDEF_RUNAS))
+	log_error(NO_STDERR|NO_EXIT, "problem with defaults entries");
+
+    if (def_fqdn)
+	set_fqdn();	/* deferred until after sudoers is parsed */
+
+    /* Set login class if applicable. */
+    set_loginclass(sudo_user.pw);
+
+    /* Update initial shell now that runas is set. */
+    if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
+	NewArgv[0] = runas_pw->pw_shell;
+
+    /* This goes after sudoers is parsed since it may have timestamp options. */
+    if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE) {
+	remove_timestamp((sudo_mode == MODE_KILL));
+	cleanup(0);
+	exit(0);
+    }
+
+    /* Is root even allowed to run sudo? */
+    if (user_uid == 0 && !def_root_sudo) {
+	(void) fprintf(stderr,
+	    "Sorry, %s has been configured to not allow root to run it.\n",
+	    getprogname());
+	exit(1);
+    }
+
+    /* Check for -C overriding def_closefrom. */
+    if (user_closefrom >= 0 && user_closefrom != def_closefrom) {
+	if (!def_closefrom_override)
+	    errorx(1, "you are not permitted to use the -C option");
+	else
+	    def_closefrom = user_closefrom;
+    }
+
+    cmnd_status = set_cmnd(sudo_mode);
+
+#ifdef HAVE_SETLOCALE
+    if (!setlocale(LC_ALL, def_sudoers_locale)) {
+	warningx("unable to set locale to \"%s\", using \"C\"",
+	    def_sudoers_locale);
+	setlocale(LC_ALL, "C");
+    }
+#endif
+
+    validated = FLAG_NO_USER | FLAG_NO_HOST;
+    tq_foreach_fwd(snl, nss) {
+	validated = nss->lookup(nss, validated, pwflag);
+
+	if (ISSET(validated, VALIDATE_OK)) {
+	    /* Handle "= auth" in netsvc.conf */
+	    if (nss->ret_if_found)
+		break;
+	} else {
+	    /* Handle [NOTFOUND=return] */
+	    if (nss->ret_if_notfound)
+		break;
+	}
+    }
+
+    if (safe_cmnd == NULL)
+	safe_cmnd = estrdup(user_cmnd);
+
+#ifdef HAVE_SETLOCALE
+    setlocale(LC_ALL, "");
+#endif
+
+    /* If only a group was specified, set runas_pw based on invoking user. */
+    if (runas_pw == NULL)
+	set_runaspw(user_name);
+
+    /*
+     * Look up the timestamp dir owner if one is specified.
+     */
+    if (def_timestampowner) {
+	struct passwd *pw;
+
+	if (*def_timestampowner == '#')
+	    pw = sudo_getpwuid(atoi(def_timestampowner + 1));
+	else
+	    pw = sudo_getpwnam(def_timestampowner);
+	if (!pw)
+	    log_error(0, "timestamp owner (%s): No such user",
+		def_timestampowner);
+	timestamp_uid = pw->pw_uid;
+    }
+
+    /* If given the -P option, set the "preserve_groups" flag. */
+    if (ISSET(sudo_mode, MODE_PRESERVE_GROUPS))
+	def_preserve_groups = TRUE;
+
+    /* If no command line args and "set_home" is not set, error out. */
+    if (ISSET(sudo_mode, MODE_IMPLIED_SHELL) && !def_shell_noargs)
+	usage(1);
+
+    /* Bail if a tty is required and we don't have one.  */
+    if (def_requiretty) {
+	if ((fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1) {
+	    audit_failure(NewArgv, "no tty");
+	    log_error(NO_MAIL, "sorry, you must have a tty to run sudo");
+	} else
+	    (void) close(fd);
+    }
+
+    /* Use askpass value from sudoers unless user specified their own. */
+    if (def_askpass && !user_askpass)
+	user_askpass = def_askpass;
+
+    /*
+     * We don't reset the environment for sudoedit or if the user
+     * specified the -E command line flag and they have setenv privs.
+     */
+    if (ISSET(sudo_mode, MODE_EDIT) ||
+        (ISSET(sudo_mode, MODE_PRESERVE_ENV) && def_setenv))
+        def_env_reset = FALSE;
+
+    /* Build a new environment that avoids any nasty bits. */
+    rebuild_env(def_noexec);
+
+    /* Fill in passwd struct based on user we are authenticating as.  */
+    auth_pw = get_authpw();
+
+    /* Require a password if sudoers says so.  */
+    if (def_authenticate)
+	check_user(validated, sudo_mode);
+
+    /* If run as root with SUDO_USER set, set sudo_user.pw to that user. */
+    /* XXX - causes confusion when root is not listed in sudoers */
+    if (sudo_mode & (MODE_RUN | MODE_EDIT) && prev_user != NULL) {
+	if (user_uid == 0 && strcmp(prev_user, "root") != 0) {
+	    struct passwd *pw;
+
+	    if ((pw = sudo_getpwnam(prev_user)) != NULL) {
+		    sudo_user.pw = pw;
+#ifdef HAVE_MBR_CHECK_MEMBERSHIP
+		    mbr_uid_to_uuid(user_uid, user_uuid);
+#endif
+	    }
+	}
+    }
+
+    if (ISSET(validated, VALIDATE_OK)) {
+	/* Create Ubuntu-style dot file to indicate sudo was successful. */
+	create_admin_success_flag();
+
+	/* Finally tell the user if the command did not exist. */
+	if (cmnd_status == NOT_FOUND_DOT) {
+	    audit_failure(NewArgv, "command in current directory");
+	    errorx(1, "ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd);
+	} else if (cmnd_status == NOT_FOUND) {
+	    audit_failure(NewArgv, "%s: command not found", user_cmnd);
+	    errorx(1, "%s: command not found", user_cmnd);
+	}
+
+	/* If user specified env vars make sure sudoers allows it. */
+	if (ISSET(sudo_mode, MODE_RUN) && !def_setenv) {
+	    if (ISSET(sudo_mode, MODE_PRESERVE_ENV))
+		log_error(NO_MAIL,
+		    "sorry, you are not allowed to preserve the environment");
+	    else
+		validate_env_vars(sudo_user.env_vars);
+	}
+
+#ifdef _PATH_SUDO_IO_LOGDIR
+	/* Get next session ID so we can log it. */
+	if (ISSET(sudo_mode, (MODE_RUN | MODE_EDIT)) && (def_log_input || def_log_output))
+	    io_nextid();
+#endif
+	log_allowed(validated);
+	if (ISSET(sudo_mode, MODE_CHECK))
+	    rc = display_cmnd(snl, list_pw ? list_pw : sudo_user.pw);
+	else if (ISSET(sudo_mode, MODE_LIST))
+	    display_privs(snl, list_pw ? list_pw : sudo_user.pw);
+
+	/* Cleanup sudoers sources */
+	tq_foreach_fwd(snl, nss)
+	    nss->close(nss);
+
+#ifdef USING_NONUNIX_GROUPS
+	/* Finished with the groupcheck code */
+	sudo_nonunix_groupcheck_cleanup();
+#endif
+
+	/* Deferred exit due to sudo_ldap_close() */
+	if (ISSET(sudo_mode, (MODE_VALIDATE|MODE_CHECK|MODE_LIST)))
+	    exit(rc);
+
+	/* Must audit before uid change. */
+	audit_success(NewArgv);
+
+	if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
+	    char *p;
+
+	    /* Convert /bin/sh -> -sh so shell knows it is a login shell */
+	    if ((p = strrchr(NewArgv[0], '/')) == NULL)
+		p = NewArgv[0];
+	    *p = '-';
+	    NewArgv[0] = p;
+
+#if defined(__linux__) || defined(_AIX)
+	    /* Insert system-wide environment variables. */
+	    read_env_file(_PATH_ENVIRONMENT, TRUE);
+#endif
+	}
+
+	if (ISSET(sudo_mode, MODE_RUN)) {
+	    /* Insert system-wide environment variables. */
+	    if (def_env_file)
+		read_env_file(def_env_file, FALSE);
+
+	    /* Insert user-specified environment variables. */
+	    insert_env_vars(sudo_user.env_vars);
+	}
+
+	/* Restore signal handlers before we exec. */
+	(void) sigaction(SIGINT, &saved_sa_int, NULL);
+	(void) sigaction(SIGQUIT, &saved_sa_quit, NULL);
+	(void) sigaction(SIGTSTP, &saved_sa_tstp, NULL);
+
+	if (ISSET(sudo_mode, MODE_EDIT)) {
+	    exit(sudo_edit(NewArgc, NewArgv, envp));
+	} else {
+	    exit(run_command(safe_cmnd, NewArgv, env_get(), runas_pw->pw_uid,
+		CMND_WAIT));
+	}
+    } else if (ISSET(validated, FLAG_NO_USER | FLAG_NO_HOST)) {
+	audit_failure(NewArgv, "No user or host");
+	log_denial(validated, 1);
+	exit(1);
+    } else {
+	if (def_path_info) {
+	    /*
+	     * We'd like to not leak path info at all here, but that can
+	     * *really* confuse the users.  To really close the leak we'd
+	     * have to say "not allowed to run foo" even when the problem
+	     * is just "no foo in path" since the user can trivially set
+	     * their path to just contain a single dir.
+	     */
+	    log_denial(validated,
+		!(cmnd_status == NOT_FOUND_DOT || cmnd_status == NOT_FOUND));
+	    if (cmnd_status == NOT_FOUND)
+		warningx("%s: command not found", user_cmnd);
+	    else if (cmnd_status == NOT_FOUND_DOT)
+		warningx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd);
+	} else {
+	    /* Just tell the user they are not allowed to run foo. */
+	    log_denial(validated, 1);
+	}
+	audit_failure(NewArgv, "validation failure");
+	exit(1);
+    }
+    exit(0);	/* not reached */
+}
+
+/*
+ * Initialize timezone, set umask, fill in ``sudo_user'' struct and
+ * load the ``interfaces'' array.
+ */
+static void
+init_vars(envp)
+    char **envp;
+{
+    char *p, **ep, thost[MAXHOSTNAMELEN + 1];
+    int nohostname;
+
+    /* Sanity check command from user. */
+    if (user_cmnd == NULL && strlen(NewArgv[0]) >= PATH_MAX)
+	errorx(1, "%s: File name too long", NewArgv[0]);
+
+#ifdef HAVE_TZSET
+    (void) tzset();		/* set the timezone if applicable */
+#endif /* HAVE_TZSET */
+
+    /* Default value for cmnd and cwd, overridden later. */
+    if (user_cmnd == NULL)
+	user_cmnd = NewArgv[0];
+    (void) strlcpy(user_cwd, "unknown", sizeof(user_cwd));
+
+    /*
+     * We avoid gethostbyname() if possible since we don't want
+     * sudo to block if DNS or NIS is hosed.
+     * "host" is the (possibly fully-qualified) hostname and
+     * "shost" is the unqualified form of the hostname.
+     */
+    nohostname = gethostname(thost, sizeof(thost));
+    if (nohostname) {
+	user_host = user_shost = "localhost";
+    } else {
+	thost[sizeof(thost) - 1] = '\0';
+	user_host = estrdup(thost);
+	if ((p = strchr(user_host, '.'))) {
+	    *p = '\0';
+	    user_shost = estrdup(user_host);
+	    *p = '.';
+	} else {
+	    user_shost = user_host;
+	}
+    }
+
+    if ((p = ttyname(STDIN_FILENO)) || (p = ttyname(STDOUT_FILENO)) ||
+	(p = ttyname(STDERR_FILENO))) {
+	user_tty = user_ttypath = estrdup(p);
+	if (strncmp(user_tty, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0)
+	    user_tty += sizeof(_PATH_DEV) - 1;
+    } else
+	user_tty = "unknown";
+
+    for (ep = envp; *ep; ep++) {
+	/* XXX - don't fill in if empty string */
+	switch (**ep) {
+	    case 'D':
+		if (strncmp("DISPLAY=", *ep, 8) == 0)
+		    user_display = *ep + 8;
+		break;
+	    case 'K':
+		if (strncmp("KRB5CCNAME=", *ep, 11) == 0)
+		    user_ccname = *ep + 11;
+		break;
+	    case 'P':
+		if (strncmp("PATH=", *ep, 5) == 0)
+		    user_path = *ep + 5;
+		break;
+	    case 'S':
+		if (strncmp("SHELL=", *ep, 6) == 0)
+		    user_shell = *ep + 6;
+		else if (!user_prompt && strncmp("SUDO_PROMPT=", *ep, 12) == 0)
+		    user_prompt = *ep + 12;
+		else if (strncmp("SUDO_USER=", *ep, 10) == 0)
+		    prev_user = *ep + 10;
+		else if (strncmp("SUDO_ASKPASS=", *ep, 13) == 0)
+		    user_askpass = *ep + 13;
+		break;
+	    }
+    }
+
+    /*
+     * Get a local copy of the user's struct passwd with the shadow password
+     * if necessary.  It is assumed that euid is 0 at this point so we
+     * can read the shadow passwd file if necessary.
+     */
+    if ((sudo_user.pw = sudo_getpwuid(getuid())) == NULL) {
+	/* Need to make a fake struct passwd for logging to work. */
+	struct passwd pw;
+	char pw_name[MAX_UID_T_LEN + 1];
+
+	pw.pw_uid = getuid();
+	(void) snprintf(pw_name, sizeof(pw_name), "%lu",
+	    (unsigned long) pw.pw_uid);
+	pw.pw_name = pw_name;
+	sudo_user.pw = &pw;
+
+	/*
+	 * If we are in -k/-K mode, just spew to stderr.  It is not unusual for
+	 * users to place "sudo -k" in a .logout file which can cause sudo to
+	 * be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
+	 */
+	if (sudo_mode == MODE_KILL || sudo_mode == MODE_INVALIDATE)
+	    errorx(1, "unknown uid: %s", pw_name);
+	log_error(0, "unknown uid: %s", pw_name);
+    }
+#ifdef HAVE_MBR_CHECK_MEMBERSHIP
+    mbr_uid_to_uuid(user_uid, user_uuid);
+#endif
+    if (user_shell == NULL || *user_shell == '\0')
+	user_shell = estrdup(sudo_user.pw->pw_shell);
+
+    /* It is now safe to use log_error() and set_perms() */
+
+#ifdef HAVE_GETGROUPS
+    if ((user_ngroups = getgroups(0, NULL)) > 0) {
+	user_groups = emalloc2(user_ngroups, sizeof(GETGROUPS_T));
+	if (getgroups(user_ngroups, user_groups) < 0)
+	    log_error(USE_ERRNO|MSG_ONLY, "can't get group vector");
+    }
+#endif
+
+    if (nohostname)
+	log_error(USE_ERRNO|MSG_ONLY, "can't get hostname");
+
+    /*
+     * Get current working directory.  Try as user, fall back to root.
+     */
+    set_perms(PERM_USER);
+    if (!getcwd(user_cwd, sizeof(user_cwd))) {
+	set_perms(PERM_ROOT);
+	if (!getcwd(user_cwd, sizeof(user_cwd))) {
+	    warningx("cannot get working directory");
+	    (void) strlcpy(user_cwd, "unknown", sizeof(user_cwd));
+	}
+    } else
+	set_perms(PERM_ROOT);
+
+    /*
+     * If we were given the '-e', '-i' or '-s' options we need to redo
+     * NewArgv and NewArgc.
+     */
+    if (ISSET(sudo_mode, MODE_EDIT)) {
+	NewArgv--;
+	NewArgc++;
+	NewArgv[0] = "sudoedit";
+    } else if (ISSET(sudo_mode, MODE_SHELL)) {
+	char **av;
+
+	/* Allocate an extra slot for execve() failure (ENOEXEC). */
+	av = (char **) emalloc2(5, sizeof(char *));
+	av++;
+
+	av[0] = user_shell;	/* may be updated later */
+	if (NewArgc > 0) {
+	    size_t cmnd_size = 1024;
+	    char *cmnd, *src, *dst, **ap;
+
+	    cmnd = dst = emalloc(cmnd_size);
+	    for (ap = NewArgv; *ap != NULL; ap++) {
+		for (src = *ap; *src != '\0'; src++) {
+		    /* reserve room for an escaped char + space */
+		    if (cmnd_size < (dst - cmnd) + 3) {
+			char *new_cmnd;
+			cmnd_size <<= 1;
+			new_cmnd = erealloc(cmnd, cmnd_size);
+			dst = new_cmnd + (dst - cmnd);
+			cmnd = new_cmnd;
+		    }
+		    if (isalnum((unsigned char)*src) || *src == '_' || *src == '-') {
+			*dst++ = *src;
+		    } else {
+			/* quote potential meta character */
+			*dst++ = '\\';
+			*dst++ = *src;
+		    }
+		}
+		*dst++ = ' ';
+	    }
+	    if (cmnd != dst)
+		dst--;	/* replace last space with a NUL */
+	    *dst = '\0';
+	    av[1] = "-c";
+	    av[2] = cmnd;
+	    NewArgc = 2;
+	}
+	av[++NewArgc] = NULL;
+	NewArgv = av;
+    }
+}
+
+/*
+ * Fill in user_cmnd, user_args, user_base and user_stat variables
+ * and apply any command-specific defaults entries.
+ */
+static int
+set_cmnd(sudo_mode)
+    int sudo_mode;
+{
+    int rval;
+    char *path = user_path;
+
+    /* Set project if applicable. */
+    set_project(runas_pw);
+
+    /* Resolve the path and return. */
+    rval = FOUND;
+    user_stat = emalloc(sizeof(struct stat));
+    if (sudo_mode & (MODE_RUN | MODE_EDIT | MODE_CHECK)) {
+	if (ISSET(sudo_mode, MODE_RUN | MODE_CHECK)) {
+	    if (def_secure_path && !user_is_exempt())
+		path = def_secure_path;
+	    set_perms(PERM_RUNAS);
+	    rval = find_path(NewArgv[0], &user_cmnd, user_stat, path,
+		def_ignore_dot);
+	    set_perms(PERM_ROOT);
+	    if (rval != FOUND) {
+		/* Failed as root, try as invoking user. */
+		set_perms(PERM_USER);
+		rval = find_path(NewArgv[0], &user_cmnd, user_stat, path,
+		    def_ignore_dot);
+		set_perms(PERM_ROOT);
+	    }
+	}
+
+	/* set user_args */
+	if (NewArgc > 1) {
+	    char *to, **from;
+	    size_t size, n;
+
+	    /* If we didn't realloc NewArgv it is contiguous so just count. */
+	    if (!ISSET(sudo_mode, MODE_SHELL)) {
+		size = (size_t) (NewArgv[NewArgc-1] - NewArgv[1]) +
+			strlen(NewArgv[NewArgc-1]) + 1;
+	    } else {
+		for (size = 0, from = NewArgv + 1; *from; from++)
+		    size += strlen(*from) + 1;
+	    }
+
+	    /* Alloc and build up user_args. */
+	    user_args = (char *) emalloc(size);
+	    for (to = user_args, from = NewArgv + 1; *from; from++) {
+		n = strlcpy(to, *from, size - (to - user_args));
+		if (n >= size - (to - user_args))
+		    errorx(1, "internal error, init_vars() overflow");
+		to += n;
+		*to++ = ' ';
+	    }
+	    *--to = '\0';
+	}
+    }
+    if ((user_base = strrchr(user_cmnd, '/')) != NULL)
+	user_base++;
+    else
+	user_base = user_cmnd;
+
+    if (!update_defaults(SETDEF_CMND))
+	log_error(NO_STDERR|NO_EXIT, "problem with defaults entries");
+
+    if (!runas_user && !runas_group)
+	set_runaspw(def_runas_default);	/* may have been updated above */
+
+    return(rval);
+}
+
+/*
+ * Setup the execution environment immediately prior to the call to execve()
+ * Returns TRUE on success and FALSE on failure.
+ */
+int
+exec_setup(rbac_enabled, ttyname, ttyfd)
+    int rbac_enabled;
+    const char *ttyname;
+    int ttyfd;
+{
+    int rval = FALSE;
+
+#ifdef HAVE_SELINUX
+    if (rbac_enabled) {
+       if (selinux_setup(user_role, user_type, ttyname, ttyfd) == -1)
+	   goto done;
+    }
+#endif
+
+    /* Close the password and group files and free up memory. */
+    sudo_endpwent();
+    sudo_endgrent();
+
+    /*
+     * For sudoedit, the command runas a the user with no additional setup.
+     */
+    if (ISSET(sudo_mode, MODE_EDIT)) {
+	set_perms(PERM_FULL_USER);
+	rval = TRUE;
+	goto done;
+    }
+
+    /*
+     * Set umask based on sudoers.
+     * If user's umask is more restrictive, OR in those bits too
+     * unless umask_override is set.
+     */
+    if (def_umask != 0777) {
+	if (def_umask_override) {
+	    umask(def_umask);
+	} else {
+	    mode_t mask = umask(def_umask);
+	    mask |= def_umask;
+	    if (mask != def_umask)
+		umask(mask);
+	}
+    }
+
+    /* Restore coredumpsize resource limit. */
+#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL)
+    (void) setrlimit(RLIMIT_CORE, &corelimit);
+#endif /* RLIMIT_CORE && !SUDO_DEVEL */
+
+    if (ISSET(sudo_mode, MODE_RUN))
+	set_perms(PERM_FULL_RUNAS);
+
+    if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) {
+	/* Change to target user's homedir. */
+	if (chdir(runas_pw->pw_dir) == -1) {
+	    warning("unable to change directory to %s", runas_pw->pw_dir);
+	    goto done;
+	}
+    }
+
+    /*
+     * Restore nproc resource limit if pam_limits didn't do it for us.
+     * We must do this *after* the uid change to avoid potential EAGAIN
+     * from setuid().
+     */
+#if defined(__linux__)
+    {
+	struct rlimit rl;
+	if (getrlimit(RLIMIT_NPROC, &rl) == 0) {
+	    if (rl.rlim_cur == RLIM_INFINITY && rl.rlim_max == RLIM_INFINITY)
+		(void) setrlimit(RLIMIT_NPROC, &nproclimit);
+	}
+    }
+#endif
+
+    rval = TRUE;
+
+done:
+    return(rval);
+}
+
+/*
+ * Run the command and wait for it to complete.
+ */
+int
+run_command(path, argv, envp, uid, dowait)
+    const char *path;
+    char *argv[];
+    char *envp[];
+    uid_t uid;
+    int dowait;
+{
+    struct command_status cstat;
+    int exitcode = 1;
+
+#ifdef PROFILING
+    exit(0);
+#endif
+
+    cstat.type = CMD_INVALID;
+    cstat.val = 0;
+
+    sudo_execve(path, argv, envp, uid, &cstat, dowait,
+	ISSET(sudo_mode, MODE_BACKGROUND));
+
+    switch (cstat.type) {
+    case CMD_ERRNO:
+	/* exec_setup() or execve() returned an error. */
+	warningx("unable to execute %s: %s", path, strerror(cstat.val));
+	exitcode = 127;
+	break;
+    case CMD_WSTATUS:
+	/* Command ran, exited or was killed. */
+	if (WIFEXITED(cstat.val))
+	    exitcode = WEXITSTATUS(cstat.val);
+	else if (WIFSIGNALED(cstat.val))
+	    exitcode = WTERMSIG(cstat.val) | 128;
+	break;
+    default:
+	warningx("unexpected child termination condition: %d", cstat.type);
+	break;
+    }
+#ifdef HAVE_PAM
+    pam_end_session();
+#endif /* HAVE_PAM */
+#ifdef _PATH_SUDO_IO_LOGDIR
+    io_log_close();
+#endif
+    return(exitcode);
+}
+
+/*
+ * Open sudoers and sanity check mode/owner/type.
+ * Returns a handle to the sudoers file or NULL on error.
+ */
+FILE *
+open_sudoers(sudoers, doedit, keepopen)
+    const char *sudoers;
+    int doedit;
+    int *keepopen;
+{
+    struct stat statbuf;
+    FILE *fp = NULL;
+    int rootstat;
+
+    /*
+     * Fix the mode and group on sudoers file from old default.
+     * Only works if file system is readable/writable by root.
+     */
+    if ((rootstat = stat_sudoers(sudoers, &statbuf)) == 0 &&
+	SUDOERS_UID == statbuf.st_uid && SUDOERS_MODE != 0400 &&
+	(statbuf.st_mode & 0007777) == 0400) {
+
+	if (chmod(sudoers, SUDOERS_MODE) == 0) {
+	    warningx("fixed mode on %s", sudoers);
+	    SET(statbuf.st_mode, SUDOERS_MODE);
+	    if (statbuf.st_gid != SUDOERS_GID) {
+		if (chown(sudoers, (uid_t) -1, SUDOERS_GID) == 0) {
+		    warningx("set group on %s", sudoers);
+		    statbuf.st_gid = SUDOERS_GID;
+		} else
+		    warning("unable to set group on %s", sudoers);
+	    }
+	} else
+	    warning("unable to fix mode on %s", sudoers);
+    }
+
+    /*
+     * Sanity checks on sudoers file.  Must be done as sudoers
+     * file owner.  We already did a stat as root, so use that
+     * data if we can't stat as sudoers file owner.
+     */
+    set_perms(PERM_SUDOERS);
+
+    if (rootstat != 0 && stat_sudoers(sudoers, &statbuf) != 0)
+	log_error(USE_ERRNO|NO_EXIT, "can't stat %s", sudoers);
+    else if (!S_ISREG(statbuf.st_mode))
+	log_error(NO_EXIT, "%s is not a regular file", sudoers);
+    else if ((statbuf.st_mode & 07777) != SUDOERS_MODE)
+	log_error(NO_EXIT, "%s is mode 0%o, should be 0%o", sudoers,
+	    (unsigned int) (statbuf.st_mode & 07777),
+	    (unsigned int) SUDOERS_MODE);
+    else if (statbuf.st_uid != SUDOERS_UID)
+	log_error(NO_EXIT, "%s is owned by uid %lu, should be %lu", sudoers,
+	    (unsigned long) statbuf.st_uid, (unsigned long) SUDOERS_UID);
+    else if (statbuf.st_gid != SUDOERS_GID)
+	log_error(NO_EXIT, "%s is owned by gid %lu, should be %lu", sudoers,
+	    (unsigned long) statbuf.st_gid, (unsigned long) SUDOERS_GID);
+    else if ((fp = fopen(sudoers, "r")) == NULL)
+	log_error(USE_ERRNO|NO_EXIT, "can't open %s", sudoers);
+    else {
+	/*
+	 * Make sure we can actually read sudoers so we can present the
+	 * user with a reasonable error message (unlike the lexer).
+	 */
+	if (statbuf.st_size != 0 && fgetc(fp) == EOF) {
+	    log_error(USE_ERRNO|NO_EXIT, "can't read %s", sudoers);
+	    fclose(fp);
+	    fp = NULL;
+	}
+    }
+
+    if (fp != NULL) {
+	rewind(fp);
+	(void) fcntl(fileno(fp), F_SETFD, 1);
+    }
+
+    set_perms(PERM_ROOT);		/* change back to root */
+    return(fp);
+}
+
+/*
+ * Close all open files (except std*) and turn off core dumps.
+ * Also sets the set_perms() pointer to the correct function.
+ */
+static void
+initial_setup()
+{
+    int miss[3], devnull = -1;
+#if defined(__linux__) || (defined(RLIMIT_CORE) && !defined(SUDO_DEVEL))
+    struct rlimit rl;
+#endif
+
+#if defined(__linux__)
+    /*
+     * Unlimit the number of processes since Linux's setuid() will
+     * apply resource limits when changing uid and return EAGAIN if
+     * nproc would be violated by the uid switch.
+     */
+    (void) getrlimit(RLIMIT_NPROC, &nproclimit);
+    rl.rlim_cur = rl.rlim_max = RLIM_INFINITY;
+    if (setrlimit(RLIMIT_NPROC, &rl)) {
+	memcpy(&rl, &nproclimit, sizeof(struct rlimit));
+	rl.rlim_cur = rl.rlim_max;
+	(void)setrlimit(RLIMIT_NPROC, &rl);
+    }
+#endif /* __linux__ */
+#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL)
+    /*
+     * Turn off core dumps.
+     */
+    (void) getrlimit(RLIMIT_CORE, &corelimit);
+    memcpy(&rl, &corelimit, sizeof(struct rlimit));
+    rl.rlim_cur = 0;
+    (void) setrlimit(RLIMIT_CORE, &rl);
+#endif /* RLIMIT_CORE && !SUDO_DEVEL */
+
+    /*
+     * stdin, stdout and stderr must be open; set them to /dev/null
+     * if they are closed and close all other fds.
+     */
+    miss[STDIN_FILENO] = fcntl(STDIN_FILENO, F_GETFL, 0) == -1;
+    miss[STDOUT_FILENO] = fcntl(STDOUT_FILENO, F_GETFL, 0) == -1;
+    miss[STDERR_FILENO] = fcntl(STDERR_FILENO, F_GETFL, 0) == -1;
+    if (miss[STDIN_FILENO] || miss[STDOUT_FILENO] || miss[STDERR_FILENO]) {
+	if ((devnull = open(_PATH_DEVNULL, O_RDWR, 0644)) == -1)
+	    error(1, "unable to open %s", _PATH_DEVNULL);
+	if (miss[STDIN_FILENO] && dup2(devnull, STDIN_FILENO) == -1)
+	    error(1, "dup2");
+	if (miss[STDOUT_FILENO] && dup2(devnull, STDOUT_FILENO) == -1)
+	    error(1, "dup2");
+	if (miss[STDERR_FILENO] && dup2(devnull, STDERR_FILENO) == -1)
+	    error(1, "dup2");
+	if (devnull > STDERR_FILENO)
+	    close(devnull);
+    }
+}
+
+#ifdef HAVE_LOGIN_CAP_H
+static void
+set_loginclass(pw)
+    struct passwd *pw;
+{
+    int errflags;
+
+    /*
+     * Don't make it a fatal error if the user didn't specify the login
+     * class themselves.  We do this because if login.conf gets
+     * corrupted we want the admin to be able to use sudo to fix it.
+     */
+    if (login_class)
+	errflags = NO_MAIL|MSG_ONLY;
+    else
+	errflags = NO_MAIL|MSG_ONLY|NO_EXIT;
+
+    if (login_class && strcmp(login_class, "-") != 0) {
+	if (user_uid != 0 &&
+	    strcmp(runas_user ? runas_user : def_runas_default, "root") != 0)
+	    errorx(1, "only root can use -c %s", login_class);
+    } else {
+	login_class = pw->pw_class;
+	if (!login_class || !*login_class)
+	    login_class =
+		(pw->pw_uid == 0) ? LOGIN_DEFROOTCLASS : LOGIN_DEFCLASS;
+    }
+
+    lc = login_getclass(login_class);
+    if (!lc || !lc->lc_class || strcmp(lc->lc_class, login_class) != 0) {
+	log_error(errflags, "unknown login class: %s", login_class);
+	if (!lc)
+	    lc = login_getclass(NULL);	/* needed for login_getstyle() later */
+    }
+}
+#else
+static void
+set_loginclass(pw)
+    struct passwd *pw;
+{
+}
+#endif /* HAVE_LOGIN_CAP_H */
+
+#ifdef HAVE_PROJECT_H
+static void
+set_project(pw)
+    struct passwd *pw;
+{
+    int errflags = NO_MAIL|MSG_ONLY|NO_EXIT;
+    int errval;
+    struct project proj;
+    struct project *resultp = '\0';
+    char buf[1024];
+
+    /*
+     * Collect the default project for the user and settaskid
+     */
+    setprojent();
+    if (resultp = getdefaultproj(pw->pw_name, &proj, buf, sizeof(buf))) {
+	errval = setproject(resultp->pj_name, pw->pw_name, TASK_NORMAL);
+	if (errval != 0) {
+	    switch(errval) {
+	    case SETPROJ_ERR_TASK:
+		if (errno == EAGAIN)
+		    log_error(errflags, "resource control limit has been reached");
+		else if (errno == ESRCH)
+		    log_error(errflags, "user \"%s\" is not a member of "
+			"project \"%s\"", pw->pw_name, resultp->pj_name);
+		else if (errno == EACCES)
+		    log_error(errflags, "the invoking task is final");
+		else
+		    log_error(errflags, "could not join project \"%s\"",
+			resultp->pj_name);
+		break;
+	    case SETPROJ_ERR_POOL:
+		if (errno == EACCES)
+		    log_error(errflags, "no resource pool accepting "
+			    "default bindings exists for project \"%s\"",
+			    resultp->pj_name);
+		else if (errno == ESRCH)
+		    log_error(errflags, "specified resource pool does "
+			    "not exist for project \"%s\"", resultp->pj_name);
+		else
+		    log_error(errflags, "could not bind to default "
+			    "resource pool for project \"%s\"", resultp->pj_name);
+		break;
+	    default:
+		if (errval <= 0) {
+		    log_error(errflags, "setproject failed for project \"%s\"",
+			resultp->pj_name);
+		} else {
+		    log_error(errflags, "warning, resource control assignment "
+			"failed for project \"%s\"", resultp->pj_name);
+		}
+	    }
+	}
+    } else {
+	log_error(errflags, "getdefaultproj() error: %s", strerror(errno));
+    }
+    endprojent();
+}
+#else
+static void
+set_project(pw)
+    struct passwd *pw;
+{
+}
+#endif /* HAVE_PROJECT_H */
+
+/*
+ * Look up the fully qualified domain name and set user_host and user_shost.
+ */
+void
+set_fqdn()
+{
+#ifdef HAVE_GETADDRINFO
+    struct addrinfo *res0, hint;
+#else
+    struct hostent *hp;
+#endif
+    char *p;
+
+#ifdef HAVE_GETADDRINFO
+    zero_bytes(&hint, sizeof(hint));
+    hint.ai_family = PF_UNSPEC;
+    hint.ai_flags = AI_CANONNAME;
+    if (getaddrinfo(user_host, NULL, &hint, &res0) != 0) {
+#else
+    if (!(hp = gethostbyname(user_host))) {
+#endif
+	log_error(MSG_ONLY|NO_EXIT,
+	    "unable to resolve host %s", user_host);
+    } else {
+	if (user_shost != user_host)
+	    efree(user_shost);
+	efree(user_host);
+#ifdef HAVE_GETADDRINFO
+	user_host = estrdup(res0->ai_canonname);
+	freeaddrinfo(res0);
+#else
+	user_host = estrdup(hp->h_name);
+#endif
+    }
+    if ((p = strchr(user_host, '.'))) {
+	*p = '\0';
+	user_shost = estrdup(user_host);
+	*p = '.';
+    } else {
+	user_shost = user_host;
+    }
+}
+
+/*
+ * Get passwd entry for the user we are going to run commands as.
+ * By default, this is "root".  Updates runas_pw as a side effect.
+ */
+static void
+set_runaspw(user)
+    char *user;
+{
+    if (*user == '#') {
+	if ((runas_pw = sudo_getpwuid(atoi(user + 1))) == NULL)
+	    runas_pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0);
+    } else {
+	if ((runas_pw = sudo_getpwnam(user)) == NULL) {
+	    audit_failure(NewArgv, "unknown user: %s", user);
+	    log_error(NO_MAIL|MSG_ONLY, "unknown user: %s", user);
+	}
+    }
+}
+
+/*
+ * Get group entry for the group we are going to run commands as.
+ * Updates runas_pw as a side effect.
+ */
+static void
+set_runasgr(group)
+    char *group;
+{
+    if (*group == '#') {
+	if ((runas_gr = sudo_getgrgid(atoi(group + 1))) == NULL)
+	    runas_gr = sudo_fakegrnam(group);
+    } else {
+	if ((runas_gr = sudo_getgrnam(group)) == NULL)
+	    log_error(NO_MAIL|MSG_ONLY, "unknown group: %s", group);
+    }
+}
+
+/*
+ * Get passwd entry for the user we are going to authenticate as.
+ * By default, this is the user invoking sudo.  In the most common
+ * case, this matches sudo_user.pw or runas_pw.
+ */
+static struct passwd *
+get_authpw()
+{
+    struct passwd *pw;
+
+    if (def_rootpw) {
+	if ((pw = sudo_getpwuid(0)) == NULL)
+	    log_error(0, "unknown uid: 0");
+    } else if (def_runaspw) {
+	if ((pw = sudo_getpwnam(def_runas_default)) == NULL)
+	    log_error(0, "unknown user: %s", def_runas_default);
+    } else if (def_targetpw) {
+	if (runas_pw->pw_name == NULL)
+	    log_error(NO_MAIL|MSG_ONLY, "unknown uid: %lu",
+		(unsigned long) runas_pw->pw_uid);
+	pw = runas_pw;
+    } else
+	pw = sudo_user.pw;
+
+    return(pw);
+}
+
+/*
+ * Cleanup hook for error()/errorx()
+ */
+void
+cleanup(gotsignal)
+    int gotsignal;
+{
+    struct sudo_nss *nss;
+
+    if (!gotsignal) {
+	if (snl != NULL) {
+	    tq_foreach_fwd(snl, nss)
+		nss->close(nss);
+	}
+#ifdef USING_NONUNIX_GROUPS
+	sudo_nonunix_groupcheck_cleanup();
+#endif
+	sudo_endpwent();
+	sudo_endgrent();
+#ifdef _PATH_SUDO_IO_LOGDIR
+	io_log_close();
+#endif
+    }
+    term_restore(STDIN_FILENO, 0);
+#ifdef HAVE_SELINUX
+    selinux_restore_tty();
+#endif
+}
+
+static void
+show_version()
+{
+    (void) printf("Sudo version %s\n", PACKAGE_VERSION);
+    if (getuid() == 0) {
+	putchar('\n');
+	(void) printf("Configure args: %s\n", CONFIGURE_ARGS);
+	(void) printf("Sudoers path: %s\n", _PATH_SUDOERS);
+#ifdef HAVE_LDAP
+# ifdef _PATH_NSSWITCH_CONF
+	(void) printf("nsswitch path: %s\n", _PATH_NSSWITCH_CONF);
+# endif
+	(void) printf("ldap.conf path: %s\n", _PATH_LDAP_CONF);
+	(void) printf("ldap.secret path: %s\n", _PATH_LDAP_SECRET);
+#endif
+	dump_auth_methods();
+	dump_defaults();
+	dump_interfaces();
+    }
+    exit(0);
+}
+
+#ifdef USE_ADMIN_FLAG
+static void
+create_admin_success_flag()
+{
+    struct stat statbuf;
+    char flagfile[PATH_MAX];
+    int fd, n;
+
+    /* Check whether the user is in the admin group. */
+    if (!user_in_group(sudo_user.pw, "admin"))
+	return;
+
+    /* Build path to flag file. */
+    n = snprintf(flagfile, sizeof(flagfile), "%s/.sudo_as_admin_successful",
+	user_dir);
+    if (n <= 0 || n >= sizeof(flagfile))
+	return;
+
+    /* Create admin flag file if it doesn't already exist. */
+    set_perms(PERM_USER);
+    if (stat(flagfile, &statbuf) == 0) {
+	set_perms(PERM_ROOT);
+	return;
+    }
+
+    fd = open(flagfile, O_CREAT|O_WRONLY|O_EXCL, 0644);
+    close(fd);
+    set_perms(PERM_ROOT);
+}
+#else /* !USE_ADMIN_FLAG */
+static void
+create_admin_success_flag()
+{
+    /* STUB */
+}
+#endif /* USE_ADMIN_FLAG */
diff --git a/sudo-1.7.4p4/sudo.cat b/sudo-1.7.4p4/sudo.cat
new file mode 100644
index 0000000..9f85ccd
--- /dev/null
+++ b/sudo-1.7.4p4/sudo.cat
@@ -0,0 +1,660 @@
+
+
+
+SUDO(1m)               MAINTENANCE COMMANDS              SUDO(1m)
+
+
+NNAAMMEE
+       sudo, sudoedit - execute a command as another user
+
+SSYYNNOOPPSSIISS
+       ssuuddoo --hh | --KK | --kk | --LL | --VV
+
+       ssuuddoo --vv [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t]
+       [--uu _u_s_e_r_n_a_m_e|_#_u_i_d]
+
+       ssuuddoo --ll[[ll]] [--AAkknnSS] [--aa _a_u_t_h___t_y_p_e] [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t]
+       [--UU _u_s_e_r _n_a_m_e] [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] [_c_o_m_m_a_n_d]
+
+       ssuuddoo [--AAbbEEHHnnPPSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-]
+       [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] [--rr _r_o_l_e] [--tt _t_y_p_e]
+       [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] [VVAARR=_v_a_l_u_e] [--ii | --ss] [_c_o_m_m_a_n_d]
+
+       ssuuddooeeddiitt [--AAnnSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-]
+       [--gg _g_r_o_u_p _n_a_m_e|_#_g_i_d] [--pp _p_r_o_m_p_t] [--uu _u_s_e_r _n_a_m_e|_#_u_i_d] file ...
+
+DDEESSCCRRIIPPTTIIOONN
+       ssuuddoo allows a permitted user to execute a _c_o_m_m_a_n_d as the superuser or
+       another user, as specified in the _s_u_d_o_e_r_s file.  The real and effective
+       uid and gid are set to match those of the target user as specified in
+       the passwd file and the group vector is initialized based on the group
+       file (unless the --PP option was specified).  If the invoking user is
+       root or if the target user is the same as the invoking user, no
+       password is required.  Otherwise, ssuuddoo requires that users authenticate
+       themselves with a password by default (NOTE: in the default
+       configuration this is the user's password, not the root password).
+       Once a user has been authenticated, a time stamp is updated and the
+       user may then use sudo without a password for a short period of time (5
+       minutes unless overridden in _s_u_d_o_e_r_s).
+
+       When invoked as ssuuddooeeddiitt, the --ee option (described below), is implied.
+
+       ssuuddoo determines who is an authorized user by consulting the file
+       _/_e_t_c_/_s_u_d_o_e_r_s.  By running ssuuddoo with the --vv option, a user can update
+       the time stamp without running a _c_o_m_m_a_n_d.  If a password is required,
+       ssuuddoo will exit if the user's password is not entered within a
+       configurable time limit.  The default password prompt timeout is 5
+       minutes.
+
+       If a user who is not listed in the _s_u_d_o_e_r_s file tries to run a command
+       via ssuuddoo, mail is sent to the proper authorities, as defined at
+       configure time or in the _s_u_d_o_e_r_s file (defaults to root).  Note that
+       the mail will not be sent if an unauthorized user tries to run sudo
+       with the --ll or --vv option.  This allows users to determine for
+       themselves whether or not they are allowed to use ssuuddoo.
+
+       If ssuuddoo is run by root and the SUDO_USER environment variable is set,
+       ssuuddoo will use this value to determine who the actual user is.  This can
+       be used by a user to log commands through sudo even when a root shell
+       has been invoked.  It also allows the --ee option to remain useful even
+       when being run via a sudo-run script or program.  Note however, that
+
+
+
+1.7.4                     July 19, 2010                         1
+
+
+
+
+
+SUDO(1m)               MAINTENANCE COMMANDS              SUDO(1m)
+
+
+       the sudoers lookup is still done for root, not the user specified by
+       SUDO_USER.
+
+       ssuuddoo can log both successful and unsuccessful attempts (as well as
+       errors) to _s_y_s_l_o_g(3), a log file, or both.  By default ssuuddoo will log
+       via _s_y_s_l_o_g(3) but this is changeable at configure time or via the
+       _s_u_d_o_e_r_s file.
+
+OOPPTTIIOONNSS
+       ssuuddoo accepts the following command line options:
+
+       -A          Normally, if ssuuddoo requires a password, it will read it from
+                   the current terminal.  If the --AA (_a_s_k_p_a_s_s) option is
+                   specified, a (possibly graphical) helper program is
+                   executed to read the user's password and output the
+                   password to the standard output.  If the SUDO_ASKPASS
+                   environment variable is set, it specifies the path to the
+                   helper program.  Otherwise, the value specified by the
+                   _a_s_k_p_a_s_s option in _s_u_d_o_e_r_s(4) is used.
+
+       -a _t_y_p_e     The --aa (_a_u_t_h_e_n_t_i_c_a_t_i_o_n _t_y_p_e) option causes ssuuddoo to use the
+                   specified authentication type when validating the user, as
+                   allowed by _/_e_t_c_/_l_o_g_i_n_._c_o_n_f.  The system administrator may
+                   specify a list of sudo-specific authentication methods by
+                   adding an "auth-sudo" entry in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f.  This
+                   option is only available on systems that support BSD
+                   authentication.
+
+       -b          The --bb (_b_a_c_k_g_r_o_u_n_d) option tells ssuuddoo to run the given
+                   command in the background.  Note that if you use the --bb
+                   option you cannot use shell job control to manipulate the
+                   process.
+
+       -C _f_d       Normally, ssuuddoo will close all open file descriptors other
+                   than standard input, standard output and standard error.
+                   The --CC (_c_l_o_s_e _f_r_o_m) option allows the user to specify a
+                   starting point above the standard error (file descriptor
+                   three).  Values less than three are not permitted.  This
+                   option is only available if the administrator has enabled
+                   the _c_l_o_s_e_f_r_o_m___o_v_e_r_r_i_d_e option in _s_u_d_o_e_r_s(4).
+
+       -c _c_l_a_s_s    The --cc (_c_l_a_s_s) option causes ssuuddoo to run the specified
+                   command with resources limited by the specified login
+                   class.  The _c_l_a_s_s argument can be either a class name as
+                   defined in _/_e_t_c_/_l_o_g_i_n_._c_o_n_f, or a single '-' character.
+                   Specifying a _c_l_a_s_s of - indicates that the command should
+                   be run restricted by the default login capabilities for the
+                   user the command is run as.  If the _c_l_a_s_s argument
+                   specifies an existing user class, the command must be run
+                   as root, or the ssuuddoo command must be run from a shell that
+                   is already root.  This option is only available on systems
+                   with BSD login classes.
+
+       -E          The --EE (_p_r_e_s_e_r_v_e _e_n_v_i_r_o_n_m_e_n_t) option will override the
+
+
+
+1.7.4                     July 19, 2010                         2
+
+
+
+
+
+SUDO(1m)               MAINTENANCE COMMANDS              SUDO(1m)
+
+
+                   _e_n_v___r_e_s_e_t option in _s_u_d_o_e_r_s(4)).  It is only available when
+                   either the matching command has the SETENV tag or the
+                   _s_e_t_e_n_v option is set in _s_u_d_o_e_r_s(4).
+
+       -e          The --ee (_e_d_i_t) option indicates that, instead of running a
+                   command, the user wishes to edit one or more files.  In
+                   lieu of a command, the string "sudoedit" is used when
+                   consulting the _s_u_d_o_e_r_s file.  If the user is authorized by
+                   _s_u_d_o_e_r_s the following steps are taken:
+
+                   1.  Temporary copies are made of the files to be edited
+                       with the owner set to the invoking user.
+
+                   2.  The editor specified by the SUDO_EDITOR, VISUAL or
+                       EDITOR environment variables is run to edit the
+                       temporary files.  If none of SUDO_EDITOR, VISUAL or
+                       EDITOR are set, the first program listed in the _e_d_i_t_o_r
+                       _s_u_d_o_e_r_s variable is used.
+
+                   3.  If they have been modified, the temporary files are
+                       copied back to their original location and the
+                       temporary versions are removed.
+
+                   If the specified file does not exist, it will be created.
+                   Note that unlike most commands run by ssuuddoo, the editor is
+                   run with the invoking user's environment unmodified.  If,
+                   for some reason, ssuuddoo is unable to update a file with its
+                   edited version, the user will receive a warning and the
+                   edited copy will remain in a temporary file.
+
+       -g _g_r_o_u_p    Normally, ssuuddoo sets the primary group to the one specified
+                   by the passwd database for the user the command is being
+                   run as (by default, root).  The --gg (_g_r_o_u_p) option causes
+                   ssuuddoo to run the specified command with the primary group
+                   set to _g_r_o_u_p.  To specify a _g_i_d instead of a _g_r_o_u_p _n_a_m_e,
+                   use _#_g_i_d.  When running commands as a _g_i_d, many shells
+                   require that the '#' be escaped with a backslash ('\').  If
+                   no --uu option is specified, the command will be run as the
+                   invoking user (not root).  In either case, the primary
+                   group will be set to _g_r_o_u_p.
+
+       -H          The --HH (_H_O_M_E) option sets the HOME environment variable to
+                   the homedir of the target user (root by default) as
+                   specified in _p_a_s_s_w_d(4).  The default handling of the HOME
+                   environment variable depends on _s_u_d_o_e_r_s(4) settings.  By
+                   default, ssuuddoo will set HOME if _e_n_v___r_e_s_e_t or _a_l_w_a_y_s___s_e_t___h_o_m_e
+                   are set, or if _s_e_t___h_o_m_e is set and the --ss option is
+                   specified on the command line.
+
+       -h          The --hh (_h_e_l_p) option causes ssuuddoo to print a usage message
+                   and exit.
+
+       -i [command]
+                   The --ii (_s_i_m_u_l_a_t_e _i_n_i_t_i_a_l _l_o_g_i_n) option runs the shell
+
+
+
+1.7.4                     July 19, 2010                         3
+
+
+
+
+
+SUDO(1m)               MAINTENANCE COMMANDS              SUDO(1m)
+
+
+                   specified in the _p_a_s_s_w_d(4) entry of the target user as a
+                   login shell.  This means that login-specific resource files
+                   such as .profile or .login will be read by the shell.  If a
+                   command is specified, it is passed to the shell for
+                   execution.  Otherwise, an interactive shell is executed.
+                   ssuuddoo attempts to change to that user's home directory
+                   before running the shell.  It also initializes the
+                   environment, leaving _D_I_S_P_L_A_Y and _T_E_R_M unchanged, setting
+                   _H_O_M_E, _M_A_I_L, _S_H_E_L_L, _U_S_E_R, _L_O_G_N_A_M_E, and _P_A_T_H, as well as the
+                   contents of _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t on Linux and AIX systems.  All
+                   other environment variables are removed.
+
+       -K          The --KK (sure _k_i_l_l) option is like --kk except that it removes
+                   the user's time stamp entirely and may not be used in
+                   conjunction with a command or other option.  This option
+                   does not require a password.
+
+       -k          When used by itself, the --kk (_k_i_l_l) option to ssuuddoo
+                   invalidates the user's time stamp by setting the time on it
+                   to the Epoch.  The next time ssuuddoo is run a password will be
+                   required.  This option does not require a password and was
+                   added to allow a user to revoke ssuuddoo permissions from a
+                   .logout file.
+
+                   When used in conjunction with a command or an option that
+                   may require a password, the --kk option will cause ssuuddoo to
+                   ignore the user's time stamp file.  As a result, ssuuddoo will
+                   prompt for a password (if one is required by _s_u_d_o_e_r_s) and
+                   will not update the user's time stamp file.
+
+       -L          The --LL (_l_i_s_t defaults) option will list the parameters that
+                   may be set in a _D_e_f_a_u_l_t_s line along with a short
+                   description for each.  This option will be removed from a
+                   future version of ssuuddoo.
+
+       -l[l] [_c_o_m_m_a_n_d]
+                   If no _c_o_m_m_a_n_d is specified, the --ll (_l_i_s_t) option will list
+                   the allowed (and forbidden) commands for the invoking user
+                   (or the user specified by the --UU option) on the current
+                   host.  If a _c_o_m_m_a_n_d is specified and is permitted by
+                   _s_u_d_o_e_r_s, the fully-qualified path to the command is
+                   displayed along with any command line arguments.  If
+                   _c_o_m_m_a_n_d is specified but not allowed, ssuuddoo will exit with a
+                   status value of 1.  If the --ll option is specified with an ll
+                   argument (i.e. --llll), or if --ll is specified multiple times,
+                   a longer list format is used.
+
+       -n          The --nn (_n_o_n_-_i_n_t_e_r_a_c_t_i_v_e) option prevents ssuuddoo from
+                   prompting the user for a password.  If a password is
+                   required for the command to run, ssuuddoo will display an error
+                   messages and exit.
+
+       -P          The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to
+                   preserve the invoking user's group vector unaltered.  By
+
+
+
+1.7.4                     July 19, 2010                         4
+
+
+
+
+
+SUDO(1m)               MAINTENANCE COMMANDS              SUDO(1m)
+
+
+                   default, ssuuddoo will initialize the group vector to the list
+                   of groups the target user is in.  The real and effective
+                   group IDs, however, are still set to match the target user.
+
+       -p _p_r_o_m_p_t   The --pp (_p_r_o_m_p_t) option allows you to override the default
+                   password prompt and use a custom one.  The following
+                   percent (`%') escapes are supported:
+
+                   %H  expanded to the local host name including the domain
+                       name (on if the machine's host name is fully qualified
+                       or the _f_q_d_n _s_u_d_o_e_r_s option is set)
+
+                   %h  expanded to the local host name without the domain name
+
+                   %p  expanded to the user whose password is being asked for
+                       (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w and _r_u_n_a_s_p_w flags in
+                       _s_u_d_o_e_r_s)
+
+                   %U  expanded to the login name of the user the command will
+                       be run as (defaults to root)
+
+                   %u  expanded to the invoking user's login name
+
+                   %%  two consecutive % characters are collapsed into a
+                       single % character
+
+                   The prompt specified by the --pp option will override the
+                   system password prompt on systems that support PAM unless
+                   the _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag is disabled in _s_u_d_o_e_r_s.
+
+       -r _r_o_l_e     The --rr (_r_o_l_e) option causes the new (SELinux) security
+                   context to have the role specified by _r_o_l_e.
+
+       -S          The --SS (_s_t_d_i_n) option causes ssuuddoo to read the password from
+                   the standard input instead of the terminal device.  The
+                   password must be followed by a newline character.
+
+       -s [command]
+                   The --ss (_s_h_e_l_l) option runs the shell specified by the _S_H_E_L_L
+                   environment variable if it is set or the shell as specified
+                   in _p_a_s_s_w_d(4).  If a command is specified, it is passed to
+                   the shell for execution.  Otherwise, an interactive shell
+                   is executed.
+
+       -t _t_y_p_e     The --tt (_t_y_p_e) option causes the new (SELinux) security
+                   context to have the type specified by _t_y_p_e.  If no type is
+                   specified, the default type is derived from the specified
+                   role.
+
+       -U _u_s_e_r     The --UU (_o_t_h_e_r _u_s_e_r) option is used in conjunction with the
+                   --ll option to specify the user whose privileges should be
+                   listed.  Only root or a user with ssuuddoo ALL on the current
+                   host may use this option.
+
+
+
+
+1.7.4                     July 19, 2010                         5
+
+
+
+
+
+SUDO(1m)               MAINTENANCE COMMANDS              SUDO(1m)
+
+
+       -u _u_s_e_r     The --uu (_u_s_e_r) option causes ssuuddoo to run the specified
+                   command as a user other than _r_o_o_t.  To specify a _u_i_d
+                   instead of a _u_s_e_r _n_a_m_e, use _#_u_i_d.  When running commands as
+                   a _u_i_d, many shells require that the '#' be escaped with a
+                   backslash ('\').  Note that if the _t_a_r_g_e_t_p_w Defaults option
+                   is set (see _s_u_d_o_e_r_s(4)) it is not possible to run commands
+                   with a uid not listed in the password database.
+
+       -V          The --VV (_v_e_r_s_i_o_n) option causes ssuuddoo to print the version
+                   number and exit.  If the invoking user is already root the
+                   --VV option will print out a list of the defaults ssuuddoo was
+                   compiled with as well as the machine's local network
+                   addresses.
+
+       -v          If given the --vv (_v_a_l_i_d_a_t_e) option, ssuuddoo will update the
+                   user's time stamp, prompting for the user's password if
+                   necessary.  This extends the ssuuddoo timeout for another 5
+                   minutes (or whatever the timeout is set to in _s_u_d_o_e_r_s) but
+                   does not run a command.
+
+       --          The ---- option indicates that ssuuddoo should stop processing
+                   command line arguments.
+
+       Environment variables to be set for the command may also be passed on
+       the command line in the form of VVAARR=_v_a_l_u_e, e.g.
+       LLDD__LLIIBBRRAARRYY__PPAATTHH=_/_u_s_r_/_l_o_c_a_l_/_p_k_g_/_l_i_b.  Variables passed on the command
+       line are subject to the same restrictions as normal environment
+       variables with one important exception.  If the _s_e_t_e_n_v option is set in
+       _s_u_d_o_e_r_s, the command to be run has the SETENV tag set or the command
+       matched is ALL, the user may set variables that would overwise be
+       forbidden.  See _s_u_d_o_e_r_s(4) for more information.
+
+RREETTUURRNN VVAALLUUEESS
+       Upon successful execution of a program, the exit status from ssuuddoo will
+       simply be the exit status of the program that was executed.
+
+       Otherwise, ssuuddoo quits with an exit value of 1 if there is a
+       configuration/permission problem or if ssuuddoo cannot execute the given
+       command.  In the latter case the error string is printed to stderr.  If
+       ssuuddoo cannot _s_t_a_t(2) one or more entries in the user's PATH an error is
+       printed on stderr.  (If the directory does not exist or if it is not
+       really a directory, the entry is ignored and no error is printed.)
+       This should not happen under normal circumstances.  The most common
+       reason for _s_t_a_t(2) to return "permission denied" is if you are running
+       an automounter and one of the directories in your PATH is on a machine
+       that is currently unreachable.
+
+SSEECCUURRIITTYY NNOOTTEESS
+       ssuuddoo tries to be safe when executing external commands.
+
+       There are two distinct ways to deal with environment variables.  By
+       default, the _e_n_v___r_e_s_e_t _s_u_d_o_e_r_s option is enabled.  This causes commands
+       to be executed with a minimal environment containing TERM, PATH, HOME,
+       SHELL, LOGNAME, USER and USERNAME in addition to variables from the
+
+
+
+1.7.4                     July 19, 2010                         6
+
+
+
+
+
+SUDO(1m)               MAINTENANCE COMMANDS              SUDO(1m)
+
+
+       invoking process permitted by the _e_n_v___c_h_e_c_k and _e_n_v___k_e_e_p _s_u_d_o_e_r_s
+       options.  There is effectively a whitelist for environment variables.
+
+       If, however, the _e_n_v___r_e_s_e_t option is disabled in _s_u_d_o_e_r_s, any variables
+       not explicitly denied by the _e_n_v___c_h_e_c_k and _e_n_v___d_e_l_e_t_e options are
+       inherited from the invoking process.  In this case, _e_n_v___c_h_e_c_k and
+       _e_n_v___d_e_l_e_t_e behave like a blacklist.  Since it is not possible to
+       blacklist all potentially dangerous environment variables, use of the
+       default _e_n_v___r_e_s_e_t behavior is encouraged.
+
+       In all cases, environment variables with a value beginning with () are
+       removed as they could be interpreted as bbaasshh functions.  The list of
+       environment variables that ssuuddoo allows or denies is contained in the
+       output of sudo -V when run as root.
+
+       Note that the dynamic linker on most operating systems will remove
+       variables that can control dynamic linking from the environment of
+       setuid executables, including ssuuddoo.  Depending on the operating system
+       this may include _RLD*, DYLD_*, LD_*, LDR_*, LIBPATH, SHLIB_PATH, and
+       others.  These type of variables are removed from the environment
+       before ssuuddoo even begins execution and, as such, it is not possible for
+       ssuuddoo to preserve them.
+
+       To prevent command spoofing, ssuuddoo checks "." and "" (both denoting
+       current directory) last when searching for a command in the user's PATH
+       (if one or both are in the PATH).  Note, however, that the actual PATH
+       environment variable is _n_o_t modified and is passed unchanged to the
+       program that ssuuddoo executes.
+
+       ssuuddoo will check the ownership of its time stamp directory
+       (_/_v_a_r_/_a_d_m_/_s_u_d_o by default) and ignore the directory's contents if it is
+       not owned by root or if it is writable by a user other than root.  On
+       systems that allow non-root users to give away files via _c_h_o_w_n(2), if
+       the time stamp directory is located in a directory writable by anyone
+       (e.g., _/_t_m_p), it is possible for a user to create the time stamp
+       directory before ssuuddoo is run.  However, because ssuuddoo checks the
+       ownership and mode of the directory and its contents, the only damage
+       that can be done is to "hide" files by putting them in the time stamp
+       dir.  This is unlikely to happen since once the time stamp dir is owned
+       by root and inaccessible by any other user, the user placing files
+       there would be unable to get them back out.  To get around this issue
+       you can use a directory that is not world-writable for the time stamps
+       (_/_v_a_r_/_a_d_m_/_s_u_d_o for instance) or create _/_v_a_r_/_a_d_m_/_s_u_d_o with the
+       appropriate owner (root) and permissions (0700) in the system startup
+       files.
+
+       ssuuddoo will not honor time stamps set far in the future.  Timestamps with
+       a date greater than current_time + 2 * TIMEOUT will be ignored and sudo
+       will log and complain.  This is done to keep a user from creating
+       his/her own time stamp with a bogus date on systems that allow users to
+       give away files.
+
+       On systems where the boot time is available, ssuuddoo will also not honor
+       time stamps from before the machine booted.
+
+
+
+1.7.4                     July 19, 2010                         7
+
+
+
+
+
+SUDO(1m)               MAINTENANCE COMMANDS              SUDO(1m)
+
+
+       Since time stamp files live in the file system, they can outlive a
+       user's login session.  As a result, a user may be able to login, run a
+       command with ssuuddoo after authenticating, logout, login again, and run
+       ssuuddoo without authenticating so long as the time stamp file's
+       modification time is within 5 minutes (or whatever the timeout is set
+       to in _s_u_d_o_e_r_s).  When the _t_t_y___t_i_c_k_e_t_s option is enabled in _s_u_d_o_e_r_s, the
+       time stamp has per-tty granularity but still may outlive the user's
+       session.  On Linux systems where the devpts filesystem is used, Solaris
+       systems with the devices filesystem, as well as other systems that
+       utilize a devfs filesystem that monotonically increase the inode number
+       of devices as they are created (such as Mac OS X), ssuuddoo is able to
+       determine when a tty-based time stamp file is stale and will ignore it.
+       Administrators should not rely on this feature as it is not universally
+       available.
+
+       Please note that ssuuddoo will normally only log the command it explicitly
+       runs.  If a user runs a command such as sudo su or sudo sh, subsequent
+       commands run from that shell will _n_o_t be logged, nor will ssuuddoo's access
+       control affect them.  The same is true for commands that offer shell
+       escapes (including most editors).  Because of this, care must be taken
+       when giving users access to commands via ssuuddoo to verify that the
+       command does not inadvertently give the user an effective root shell.
+       For more information, please see the PREVENTING SHELL ESCAPES section
+       in _s_u_d_o_e_r_s(4).
+
+EENNVVIIRROONNMMEENNTT
+       ssuuddoo utilizes the following environment variables:
+
+       EDITOR          Default editor to use in --ee (sudoedit) mode if neither
+                       SUDO_EDITOR nor VISUAL is set
+
+       MAIL            In --ii mode or when _e_n_v___r_e_s_e_t is enabled in _s_u_d_o_e_r_s, set
+                       to the mail spool of the target user
+
+       HOME            Set to the home directory of the target user if --ii or
+                       --HH are specified, _e_n_v___r_e_s_e_t or _a_l_w_a_y_s___s_e_t___h_o_m_e are set
+                       in _s_u_d_o_e_r_s, or when the --ss option is specified and
+                       _s_e_t___h_o_m_e is set in _s_u_d_o_e_r_s
+
+       PATH            Set to a sane value if the _s_e_c_u_r_e___p_a_t_h sudoers option
+                       is set.
+
+       SHELL           Used to determine shell to run with -s option
+
+       SUDO_ASKPASS    Specifies the path to a helper program used to read the
+                       password if no terminal is available or if the -A
+                       option is specified.
+
+       SUDO_COMMAND    Set to the command run by sudo
+
+       SUDO_EDITOR     Default editor to use in --ee (sudoedit) mode
+
+       SUDO_GID        Set to the group ID of the user who invoked sudo
+
+
+
+
+1.7.4                     July 19, 2010                         8
+
+
+
+
+
+SUDO(1m)               MAINTENANCE COMMANDS              SUDO(1m)
+
+
+       SUDO_PROMPT     Used as the default password prompt
+
+       SUDO_PS1        If set, PS1 will be set to its value for the program
+                       being run
+
+       SUDO_UID        Set to the user ID of the user who invoked sudo
+
+       SUDO_USER       Set to the login of the user who invoked sudo
+
+       USER            Set to the target user (root unless the --uu option is
+                       specified)
+
+       VISUAL          Default editor to use in --ee (sudoedit) mode if
+                       SUDO_EDITOR is not set
+
+FFIILLEESS
+       _/_e_t_c_/_s_u_d_o_e_r_s            List of who can run what
+
+       _/_v_a_r_/_a_d_m_/_s_u_d_o           Directory containing time stamps
+
+       _/_e_t_c_/_e_n_v_i_r_o_n_m_e_n_t        Initial environment for --ii mode on Linux and
+                               AIX
+
+EEXXAAMMPPLLEESS
+       Note: the following examples assume suitable _s_u_d_o_e_r_s(4) entries.
+
+       To get a file listing of an unreadable directory:
+
+        $ sudo ls /usr/local/protected
+
+       To list the home directory of user yaz on a machine where the file
+       system holding ~yaz is not exported as root:
+
+        $ sudo -u yaz ls ~yaz
+
+       To edit the _i_n_d_e_x_._h_t_m_l file as user www:
+
+        $ sudo -u www vi ~www/htdocs/index.html
+
+       To view system logs only accessible to root and users in the adm group:
+
+        $ sudo -g adm view /var/log/syslog
+
+       To run an editor as jim with a different primary group:
+
+        $ sudo -u jim -g audio vi ~jim/sound.txt
+
+       To shutdown a machine:
+
+        $ sudo shutdown -r +15 "quick reboot"
+
+       To make a usage listing of the directories in the /home partition.
+       Note that this runs the commands in a sub-shell to make the cd and file
+       redirection work.
+
+
+
+1.7.4                     July 19, 2010                         9
+
+
+
+
+
+SUDO(1m)               MAINTENANCE COMMANDS              SUDO(1m)
+
+
+        $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
+
+SSEEEE AALLSSOO
+       _g_r_e_p(1), _s_u(1), _s_t_a_t(2), _l_o_g_i_n___c_a_p(3), _p_a_s_s_w_d(4), _s_u_d_o_e_r_s(5),
+       _v_i_s_u_d_o(1m)
+
+AAUUTTHHOORRSS
+       Many people have worked on ssuuddoo over the years; this version consists
+       of code written primarily by:
+
+               Todd C. Miller
+
+       See the HISTORY file in the ssuuddoo distribution or visit
+       http://www.sudo.ws/sudo/history.html for a short history of ssuuddoo.
+
+CCAAVVEEAATTSS
+       There is no easy way to prevent a user from gaining a root shell if
+       that user is allowed to run arbitrary commands via ssuuddoo.  Also, many
+       programs (such as editors) allow the user to run commands via shell
+       escapes, thus avoiding ssuuddoo's checks.  However, on most systems it is
+       possible to prevent shell escapes with ssuuddoo's _n_o_e_x_e_c functionality.
+       See the _s_u_d_o_e_r_s(4) manual for details.
+
+       It is not meaningful to run the cd command directly via sudo, e.g.,
+
+        $ sudo cd /usr/local/protected
+
+       since when the command exits the parent process (your shell) will still
+       be the same.  Please see the EXAMPLES section for more information.
+
+       If users have sudo ALL there is nothing to prevent them from creating
+       their own program that gives them a root shell regardless of any '!'
+       elements in the user specification.
+
+       Running shell scripts via ssuuddoo can expose the same kernel bugs that
+       make setuid shell scripts unsafe on some operating systems (if your OS
+       has a /dev/fd/ directory, setuid shell scripts are generally safe).
+
+BBUUGGSS
+       If you feel you have found a bug in ssuuddoo, please submit a bug report at
+       http://www.sudo.ws/sudo/bugs/
+
+SSUUPPPPOORRTT
+       Limited free support is available via the sudo-users mailing list, see
+       http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
+       the archives.
+
+DDIISSCCLLAAIIMMEERR
+       ssuuddoo is provided ``AS IS'' and any express or implied warranties,
+       including, but not limited to, the implied warranties of
+       merchantability and fitness for a particular purpose are disclaimed.
+       See the LICENSE file distributed with ssuuddoo or
+       http://www.sudo.ws/sudo/license.html for complete details.
+
+
+
+
+1.7.4                     July 19, 2010                        10
+
+
diff --git a/sudo-1.7.4p4/sudo.h b/sudo-1.7.4p4/sudo.h
new file mode 100644
index 0000000..f946291
--- /dev/null
+++ b/sudo-1.7.4p4/sudo.h
@@ -0,0 +1,366 @@
+/*
+ * Copyright (c) 1993-1996, 1998-2005, 2007-2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#ifndef _SUDO_SUDO_H
+#define _SUDO_SUDO_H
+
+#include <pathnames.h>
+#include <limits.h>
+#include "compat.h"
+#include "alloc.h"
+#include "defaults.h"
+#include "error.h"
+#include "list.h"
+#include "logging.h"
+#include "missing.h"
+#include "sudo_nss.h"
+
+#ifdef HAVE_MBR_CHECK_MEMBERSHIP
+# include <membership.h>
+#endif
+
+/*
+ * Info pertaining to the invoking user.
+ */
+struct sudo_user {
+    struct passwd *pw;
+    struct passwd *_runas_pw;
+    struct group *_runas_gr;
+    struct stat *cmnd_stat;
+    char *path;
+    char *shell;
+    char *tty;
+    char *ttypath;
+    char *host;
+    char *shost;
+    char *prompt;
+    char *cmnd;
+    char *cmnd_args;
+    char *cmnd_base;
+    char *cmnd_safe;
+    char *class_name;
+    char *krb5_ccname;
+    char *display;
+    char *askpass;
+    int   ngroups;
+    GETGROUPS_T *groups;
+    struct list_member *env_vars;
+#ifdef HAVE_SELINUX
+    char *role;
+    char *type;
+#endif
+    char  cwd[PATH_MAX];
+    char  sessid[7];
+#ifdef HAVE_MBR_CHECK_MEMBERSHIP
+    uuid_t uuid;
+#endif
+};
+
+/* Status passed between parent and child via socketpair */
+struct command_status {
+#define CMD_INVALID 0
+#define CMD_ERRNO 1
+#define CMD_WSTATUS 2
+#define CMD_SIGNO 3
+    int type;
+    int val;
+};
+
+/*
+ * Return values for sudoers_lookup(), also used as arguments for log_auth()
+ * Note: cannot use '0' as a value here.
+ */
+/* XXX - VALIDATE_SUCCESS and VALIDATE_FAILURE instead? */
+#define VALIDATE_ERROR          0x001
+#define VALIDATE_OK		0x002
+#define VALIDATE_NOT_OK		0x004
+#define FLAG_CHECK_USER		0x010
+#define FLAG_NO_USER		0x020
+#define FLAG_NO_HOST		0x040
+#define FLAG_NO_CHECK		0x080
+
+/*
+ * Pseudo-boolean values
+ */
+#undef TRUE
+#define TRUE                     1
+#undef FALSE
+#define FALSE                    0
+
+/*
+ * find_path()/load_cmnd() return values
+ */
+#define FOUND                    1
+#define NOT_FOUND                0
+#define NOT_FOUND_DOT		-1
+
+/*
+ * Various modes sudo can be in (based on arguments) in hex
+ */
+#define MODE_RUN		0x00000001
+#define MODE_EDIT		0x00000002
+#define MODE_VALIDATE		0x00000004
+#define MODE_INVALIDATE		0x00000008
+#define MODE_KILL		0x00000010
+#define MODE_VERSION		0x00000020
+#define MODE_HELP		0x00000040
+#define MODE_LIST		0x00000080
+#define MODE_CHECK		0x00000100
+#define MODE_LISTDEFS		0x00000200
+#define MODE_MASK		0x0000ffff
+
+/* Mode flags */
+#define MODE_BACKGROUND		0x00010000
+#define MODE_SHELL		0x00020000
+#define MODE_LOGIN_SHELL	0x00040000
+#define MODE_IMPLIED_SHELL	0x00080000
+#define MODE_RESET_HOME		0x00100000
+#define MODE_PRESERVE_GROUPS	0x00200000
+#define MODE_PRESERVE_ENV	0x00400000
+#define MODE_NONINTERACTIVE	0x00800000
+
+/*
+ * Used with set_perms()
+ */
+#define PERM_ROOT                0x00
+#define PERM_USER                0x01
+#define PERM_FULL_USER           0x02
+#define PERM_SUDOERS             0x03
+#define PERM_RUNAS               0x04
+#define PERM_FULL_RUNAS          0x05
+#define PERM_TIMESTAMP           0x06
+#define PERM_NOEXIT              0x10 /* flag */
+#define PERM_MASK                0xf0
+
+/*
+ * Shortcuts for sudo_user contents.
+ */
+#define user_name		(sudo_user.pw->pw_name)
+#define user_passwd		(sudo_user.pw->pw_passwd)
+#define user_uid		(sudo_user.pw->pw_uid)
+#define user_uuid		(sudo_user.uuid)
+#define user_gid		(sudo_user.pw->pw_gid)
+#define user_dir		(sudo_user.pw->pw_dir)
+#define user_shell		(sudo_user.shell)
+#define user_ngroups		(sudo_user.ngroups)
+#define user_groups		(sudo_user.groups)
+#define user_tty		(sudo_user.tty)
+#define user_ttypath		(sudo_user.ttypath)
+#define user_cwd		(sudo_user.cwd)
+#define user_cmnd		(sudo_user.cmnd)
+#define user_args		(sudo_user.cmnd_args)
+#define user_base		(sudo_user.cmnd_base)
+#define user_stat		(sudo_user.cmnd_stat)
+#define user_path		(sudo_user.path)
+#define user_prompt		(sudo_user.prompt)
+#define user_host		(sudo_user.host)
+#define user_shost		(sudo_user.shost)
+#define user_ccname		(sudo_user.krb5_ccname)
+#define user_display		(sudo_user.display)
+#define user_askpass		(sudo_user.askpass)
+#define safe_cmnd		(sudo_user.cmnd_safe)
+#define login_class		(sudo_user.class_name)
+#define runas_pw		(sudo_user._runas_pw)
+#define runas_gr		(sudo_user._runas_gr)
+#define user_role		(sudo_user.role)
+#define user_type		(sudo_user.type)
+
+/*
+ * We used to use the system definition of PASS_MAX or _PASSWD_LEN,
+ * but that caused problems with various alternate authentication
+ * methods.  So, we just define our own and assume that it is >= the
+ * system max.
+ */
+#define SUDO_PASS_MAX	256
+
+/*
+ * Flags for lock_file()
+ */
+#define SUDO_LOCK	1		/* lock a file */
+#define SUDO_TLOCK	2		/* test & lock a file (non-blocking) */
+#define SUDO_UNLOCK	4		/* unlock a file */
+
+/*
+ * Flags for tgetpass()
+ */
+#define TGP_ECHO	0x01		/* leave echo on when reading passwd */
+#define TGP_STDIN	0x02		/* read from stdin, not /dev/tty */
+#define TGP_ASKPASS	0x04		/* read from askpass helper program */
+
+struct lbuf;
+struct passwd;
+struct stat;
+struct timeval;
+
+/* aix.c */
+void aix_prep_user __P((char *, char *));
+void aix_setauthdb __P((char *user));
+void aix_restoreauthdb __P((void));
+
+/* boottime.c */
+int get_boottime __P((struct timeval *));
+
+/* check.c */
+int user_is_exempt	__P((void));
+void check_user		__P((int, int));
+void remove_timestamp	__P((int));
+
+/* env.c */
+char **env_get		__P((void));
+void env_init		__P((int lazy));
+void init_envtables	__P((void));
+void insert_env_vars	__P((struct list_member *));
+void read_env_file	__P((const char *, int));
+void rebuild_env	__P((int));
+void validate_env_vars	__P((struct list_member *));
+
+/* exec.c */
+int sudo_execve __P((const char *path, char *argv[], char *envp[], uid_t uid,
+    struct command_status *cstat, int dowait, int bgmode));
+
+/* fileops.c */
+char *sudo_parseln	__P((FILE *));
+int lock_file		__P((int, int));
+int touch		__P((int, char *, struct timeval *));
+
+/* find_path.c */
+int find_path		__P((char *, char **, struct stat *, char *, int));
+
+/* getspwuid.c */
+char *sudo_getepw	__P((const struct passwd *));
+
+/* gettime.c */
+int gettime		__P((struct timeval *));
+
+/* goodpath.c */
+char *sudo_goodpath	__P((const char *, struct stat *));
+
+/* gram.y */
+int yyparse		__P((void));
+
+/* iolog.c */
+int io_log_open __P((void));
+int log_stderr __P((const char *buf, unsigned int len));
+int log_stdin __P((const char *buf, unsigned int len));
+int log_stdout __P((const char *buf, unsigned int len));
+int log_ttyin __P((const char *buf, unsigned int len));
+int log_ttyout __P((const char *buf, unsigned int len));
+void io_log_close __P((void));
+void io_nextid __P((void));
+
+/* pam.c */
+int pam_begin_session	__P((struct passwd *));
+int pam_end_session	__P((void));
+
+/* parse.c */
+int sudo_file_open	__P((struct sudo_nss *));
+int sudo_file_close	__P((struct sudo_nss *));
+int sudo_file_setdefs	__P((struct sudo_nss *));
+int sudo_file_lookup	__P((struct sudo_nss *, int, int));
+int sudo_file_parse	__P((struct sudo_nss *));
+int sudo_file_display_cmnd __P((struct sudo_nss *, struct passwd *));
+int sudo_file_display_defaults __P((struct sudo_nss *, struct passwd *, struct lbuf *));
+int sudo_file_display_bound_defaults __P((struct sudo_nss *, struct passwd *, struct lbuf *));
+int sudo_file_display_privs __P((struct sudo_nss *, struct passwd *, struct lbuf *));
+
+/* parse_args.c */
+int parse_args __P((int, char **));
+
+/* get_pty.c */
+int get_pty __P((int *master, int *slave, char *name, size_t namesz, uid_t uid));
+
+/* pwutil.c */
+int user_in_group	__P((struct passwd *, const char *));
+struct group *sudo_fakegrnam __P((const char *));
+struct group *sudo_getgrgid __P((gid_t));
+struct group *sudo_getgrnam __P((const char *));
+struct passwd *sudo_fakepwnam __P((const char *, gid_t));
+struct passwd *sudo_getpwnam __P((const char *));
+struct passwd *sudo_getpwuid __P((uid_t));
+void sudo_endgrent	__P((void));
+void sudo_endpwent	__P((void));
+void sudo_endspent	__P((void));
+void sudo_setgrent	__P((void));
+void sudo_setpwent	__P((void));
+void sudo_setspent	__P((void));
+
+/* selinux.c */
+int selinux_restore_tty __P((void));
+int selinux_setup __P((const char *role, const char *type, const char *ttyn,
+    int ttyfd));
+void selinux_execve __P((const char *path, char *argv[], char *envp[]));
+
+/* set_perms.c */
+int set_perms		__P((int));
+
+/* sudo.c */
+FILE *open_sudoers	__P((const char *, int, int *));
+int exec_setup		__P((int, const char *, int));
+void cleanup		__P((int));
+void set_fqdn		__P((void));
+
+/* sudo_auth.c */
+void verify_user	__P((struct passwd *, char *));
+void pass_warn		__P((FILE *));
+void dump_auth_methods	__P((void));
+
+/* sudo_nss.c */
+void display_privs	__P((struct sudo_nss_list *, struct passwd *));
+int display_cmnd	__P((struct sudo_nss_list *, struct passwd *));
+
+/* term.c */
+int term_cbreak __P((int));
+int term_copy __P((int, int));
+int term_noecho __P((int));
+int term_raw __P((int, int));
+int term_restore __P((int, int));
+
+/* tgetpass.c */
+char *tgetpass		__P((const char *, int, int));
+int tty_present		__P((void));
+
+/* timestr.c */
+char *get_timestr __P((time_t, int));
+
+/* toke.l */
+#define YY_DECL int yylex __P((void))
+YY_DECL;
+
+/* zero_bytes.c */
+void zero_bytes		__P((volatile void *, size_t));
+
+/* Only provide extern declarations outside of sudo.c. */
+#ifndef _SUDO_MAIN
+extern struct sudo_user sudo_user;
+extern struct passwd *auth_pw, *list_pw;
+
+extern int tgetpass_flags;
+extern int long_list;
+extern int sudo_mode;
+extern uid_t timestamp_uid;
+/* XXX - conflicts with the one in visudo */
+int run_command __P((const char *path, char *argv[], char *envp[], uid_t uid, int dowait));
+#endif
+#ifndef errno
+extern int errno;
+#endif
+
+#endif /* _SUDO_SUDO_H */
diff --git a/sudo-1.7.4p4/sudo.man.in b/sudo-1.7.4p4/sudo.man.in
new file mode 100644
index 0000000..3d67a76
--- /dev/null
+++ b/sudo-1.7.4p4/sudo.man.in
@@ -0,0 +1,802 @@
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2010
+.\" 	Todd C. Miller <Todd.Miller@courtesan.com>
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\" 
+.\" Sponsored in part by the Defense Advanced Research Projects
+.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
+.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
+.\" 
+.nr SL @SEMAN@
+.nr BA @BAMAN@
+.nr LC @LCMAN@
+.nr PT @password_timeout@
+.\"
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` 
+.    ds C' 
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SUDO @mansectsu@"
+.TH SUDO @mansectsu@ "July 19, 2010" "1.7.4" "MAINTENANCE COMMANDS"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+sudo, sudoedit \- execute a command as another user
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBsudo\fR \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-L\fR | \fB\-V\fR
+.PP
+\&\fBsudo\fR \fB\-v\fR [\fB\-AknS\fR]
+.if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
+[\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
+[\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
+.PP
+\&\fBsudo\fR \fB\-l[l]\fR [\fB\-AknS\fR]
+.if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
+[\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
+[\fB\-U\fR\ \fIuser\ name\fR] [\fB\-u\fR\ \fIuser\ name\fR|\fI#uid\fR] [\fIcommand\fR]
+.PP
+\&\fBsudo\fR [\fB\-AbEHnPS\fR]
+.if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
+[\fB\-C\fR\ \fIfd\fR]
+.if \n(LC [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
+[\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
+.if \n(SL [\fB\-r\fR\ \fIrole\fR] [\fB\-t\fR\ \fItype\fR]
+[\fB\-u\fR\ \fIuser\ name\fR|\fI#uid\fR]
+[\fB\s-1VAR\s0\fR=\fIvalue\fR] [\fB\-i\fR\ |\ \fB\-s\fR] [\fIcommand\fR]
+.PP
+\&\fBsudoedit\fR [\fB\-AnS\fR]
+.if \n(BA [\fB\-a\fR\ \fIauth_type\fR]
+[\fB\-C\fR\ \fIfd\fR]
+.if \n(LC [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
+[\fB\-g\fR\ \fIgroup\ name\fR|\fI#gid\fR] [\fB\-p\fR\ \fIprompt\fR]
+[\fB\-u\fR\ \fIuser\ name\fR|\fI#uid\fR] file ...
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fBsudo\fR allows a permitted user to execute a \fIcommand\fR as the
+superuser or another user, as specified in the \fIsudoers\fR file.
+The real and effective uid and gid are set to match those of the
+target user as specified in the passwd file and the group vector
+is initialized based on the group file (unless the \fB\-P\fR option was
+specified).  If the invoking user is root or if the target user is
+the same as the invoking user, no password is required.  Otherwise,
+\&\fBsudo\fR requires that users authenticate themselves with a password
+by default (\s-1NOTE:\s0 in the default configuration this is the user's
+password, not the root password).  Once a user has been authenticated,
+a time stamp is updated and the user may then use sudo without a
+password for a short period of time (\f(CW\*(C`@timeout@\*(C'\fR minutes unless
+overridden in \fIsudoers\fR).
+.PP
+When invoked as \fBsudoedit\fR, the \fB\-e\fR option (described below),
+is implied.
+.PP
+\&\fBsudo\fR determines who is an authorized user by consulting the file
+\&\fI@sysconfdir@/sudoers\fR.  By running \fBsudo\fR with the \fB\-v\fR option,
+a user can update the time stamp without running a \fIcommand\fR.  If
+a password is required, \fBsudo\fR will exit if the user's password
+is not entered within a configurable time limit.  The default
+password prompt timeout is 
+.ie \n(PT \f(CW\*(C`@password_timeout@\*(C'\fR minutes.
+.el unlimited.
+.PP
+If a user who is not listed in the \fIsudoers\fR file tries to run a
+command via \fBsudo\fR, mail is sent to the proper authorities, as
+defined at configure time or in the \fIsudoers\fR file (defaults to
+\&\f(CW\*(C`@mailto@\*(C'\fR).  Note that the mail will not be sent if an unauthorized
+user tries to run sudo with the \fB\-l\fR or \fB\-v\fR option.  This allows
+users to determine for themselves whether or not they are allowed
+to use \fBsudo\fR.
+.PP
+If \fBsudo\fR is run by root and the \f(CW\*(C`SUDO_USER\*(C'\fR environment variable
+is set, \fBsudo\fR will use this value to determine who the actual
+user is.  This can be used by a user to log commands through sudo
+even when a root shell has been invoked.  It also allows the \fB\-e\fR
+option to remain useful even when being run via a sudo-run script or
+program.  Note however, that the sudoers lookup is still done for
+root, not the user specified by \f(CW\*(C`SUDO_USER\*(C'\fR.
+.PP
+\&\fBsudo\fR can log both successful and unsuccessful attempts (as well
+as errors) to \fIsyslog\fR\|(3), a log file, or both.  By default \fBsudo\fR
+will log via \fIsyslog\fR\|(3) but this is changeable at configure time
+or via the \fIsudoers\fR file.
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+\&\fBsudo\fR accepts the following command line options:
+.IP "\-A" 12
+.IX Item "-A"
+Normally, if \fBsudo\fR requires a password, it will read it from the
+current terminal.  If the \fB\-A\fR (\fIaskpass\fR) option is specified,
+a (possibly graphical) helper program is executed to read the
+user's password and output the password to the standard output.  If
+the \f(CW\*(C`SUDO_ASKPASS\*(C'\fR environment variable is set, it specifies the
+path to the helper program.  Otherwise, the value specified by the
+\&\fIaskpass\fR option in \fIsudoers\fR\|(@mansectform@) is used.
+.if \n(BA \{\
+.IP "\-a \fItype\fR" 12
+.IX Item "-a type"
+The \fB\-a\fR (\fIauthentication type\fR) option causes \fBsudo\fR to use the
+specified authentication type when validating the user, as allowed
+by \fI/etc/login.conf\fR.  The system administrator may specify a list
+of sudo-specific authentication methods by adding an \*(L"auth-sudo\*(R"
+entry in \fI/etc/login.conf\fR.  This option is only available on systems
+that support \s-1BSD\s0 authentication.
+\}
+.IP "\-b" 12
+.IX Item "-b"
+The \fB\-b\fR (\fIbackground\fR) option tells \fBsudo\fR to run the given
+command in the background.  Note that if you use the \fB\-b\fR
+option you cannot use shell job control to manipulate the process.
+.IP "\-C \fIfd\fR" 12
+.IX Item "-C fd"
+Normally, \fBsudo\fR will close all open file descriptors other than
+standard input, standard output and standard error.  The \fB\-C\fR
+(\fIclose from\fR) option allows the user to specify a starting point
+above the standard error (file descriptor three).  Values less than
+three are not permitted.  This option is only available if the
+administrator has enabled the \fIclosefrom_override\fR option in
+\&\fIsudoers\fR\|(@mansectform@).
+.if \n(LC \{\
+.IP "\-c \fIclass\fR" 12
+.IX Item "-c class"
+The \fB\-c\fR (\fIclass\fR) option causes \fBsudo\fR to run the specified command
+with resources limited by the specified login class.  The \fIclass\fR
+argument can be either a class name as defined in \fI/etc/login.conf\fR,
+or a single '\-' character.  Specifying a \fIclass\fR of \f(CW\*(C`\-\*(C'\fR indicates
+that the command should be run restricted by the default login
+capabilities for the user the command is run as.  If the \fIclass\fR
+argument specifies an existing user class, the command must be run
+as root, or the \fBsudo\fR command must be run from a shell that is already
+root.  This option is only available on systems with \s-1BSD\s0 login classes.
+\}
+.IP "\-E" 12
+.IX Item "-E"
+The \fB\-E\fR (\fIpreserve\fR \fIenvironment\fR) option will override the
+\&\fIenv_reset\fR option in \fIsudoers\fR\|(@mansectform@)).  It is only
+available when either the matching command has the \f(CW\*(C`SETENV\*(C'\fR tag
+or the \fIsetenv\fR option is set in \fIsudoers\fR\|(@mansectform@).
+.IP "\-e" 12
+.IX Item "-e"
+The \fB\-e\fR (\fIedit\fR) option indicates that, instead of running
+a command, the user wishes to edit one or more files.  In lieu
+of a command, the string \*(L"sudoedit\*(R" is used when consulting
+the \fIsudoers\fR file.  If the user is authorized by \fIsudoers\fR
+the following steps are taken:
+.RS 12
+.IP "1." 4
+Temporary copies are made of the files to be edited with the owner
+set to the invoking user.
+.IP "2." 4
+The editor specified by the \f(CW\*(C`SUDO_EDITOR\*(C'\fR, \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR
+environment variables is run to edit the temporary files.  If none
+of \f(CW\*(C`SUDO_EDITOR\*(C'\fR, \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR are set, the first program
+listed in the \fIeditor\fR \fIsudoers\fR variable is used.
+.IP "3." 4
+If they have been modified, the temporary files are copied back to
+their original location and the temporary versions are removed.
+.RE
+.RS 12
+.Sp
+If the specified file does not exist, it will be created.  Note
+that unlike most commands run by \fBsudo\fR, the editor is run with
+the invoking user's environment unmodified.  If, for some reason,
+\&\fBsudo\fR is unable to update a file with its edited version, the
+user will receive a warning and the edited copy will remain in a
+temporary file.
+.RE
+.IP "\-g \fIgroup\fR" 12
+.IX Item "-g group"
+Normally, \fBsudo\fR sets the primary group to the one specified by
+the passwd database for the user the command is being run as (by
+default, root).  The \fB\-g\fR (\fIgroup\fR) option causes \fBsudo\fR to run
+the specified command with the primary group set to \fIgroup\fR.  To
+specify a \fIgid\fR instead of a \fIgroup name\fR, use \fI#gid\fR.  When
+running commands as a \fIgid\fR, many shells require that the '#' be
+escaped with a backslash ('\e').  If no \fB\-u\fR option is specified,
+the command will be run as the invoking user (not root).  In either
+case, the primary group will be set to \fIgroup\fR.
+.IP "\-H" 12
+.IX Item "-H"
+The \fB\-H\fR (\fI\s-1HOME\s0\fR) option sets the \f(CW\*(C`HOME\*(C'\fR environment variable
+to the homedir of the target user (root by default) as specified
+in \fIpasswd\fR\|(@mansectform@).  The default handling of the \f(CW\*(C`HOME\*(C'\fR environment
+variable depends on \fIsudoers\fR\|(@mansectform@) settings.  By default, \fBsudo\fR
+will set \f(CW\*(C`HOME\*(C'\fR if \fIenv_reset\fR or \fIalways_set_home\fR are set, or
+if \fIset_home\fR is set and the \fB\-s\fR option is specified on the
+command line.
+.IP "\-h" 12
+.IX Item "-h"
+The \fB\-h\fR (\fIhelp\fR) option causes \fBsudo\fR to print a usage message and exit.
+.IP "\-i [command]" 12
+.IX Item "-i [command]"
+The \fB\-i\fR (\fIsimulate initial login\fR) option runs the shell specified
+in the \fIpasswd\fR\|(@mansectform@) entry of the target user as a login shell.  This
+means that login-specific resource files such as \f(CW\*(C`.profile\*(C'\fR or
+\&\f(CW\*(C`.login\*(C'\fR will be read by the shell.  If a command is specified,
+it is passed to the shell for execution.  Otherwise, an interactive
+shell is executed.  \fBsudo\fR attempts to change to that user's home
+directory before running the shell.  It also initializes the
+environment, leaving \fI\s-1DISPLAY\s0\fR and \fI\s-1TERM\s0\fR unchanged, setting
+\&\fI\s-1HOME\s0\fR, \fI\s-1MAIL\s0\fR, \fI\s-1SHELL\s0\fR, \fI\s-1USER\s0\fR, \fI\s-1LOGNAME\s0\fR, and \fI\s-1PATH\s0\fR, as well as
+the contents of \fI/etc/environment\fR on Linux and \s-1AIX\s0 systems.
+All other environment variables are removed.
+.IP "\-K" 12
+.IX Item "-K"
+The \fB\-K\fR (sure \fIkill\fR) option is like \fB\-k\fR except that it removes
+the user's time stamp entirely and may not be used in conjunction
+with a command or other option.  This option does not require a
+password.
+.IP "\-k" 12
+.IX Item "-k"
+When used by itself, the \fB\-k\fR (\fIkill\fR) option to \fBsudo\fR invalidates
+the user's time stamp by setting the time on it to the Epoch.  The
+next time \fBsudo\fR is run a password will be required.  This option
+does not require a password and was added to allow a user to revoke
+\&\fBsudo\fR permissions from a .logout file.
+.Sp
+When used in conjunction with a command or an option that may require
+a password, the \fB\-k\fR option will cause \fBsudo\fR to ignore the user's
+time stamp file.  As a result, \fBsudo\fR will prompt for a password
+(if one is required by \fIsudoers\fR) and will not update the user's
+time stamp file.
+.IP "\-L" 12
+.IX Item "-L"
+The \fB\-L\fR (\fIlist\fR defaults) option will list the parameters that
+may be set in a \fIDefaults\fR line along with a short description for
+each.  This option will be removed from a future version of \fBsudo\fR.
+.IP "\-l[l] [\fIcommand\fR]" 12
+.IX Item "-l[l] [command]"
+If no \fIcommand\fR is specified, the \fB\-l\fR (\fIlist\fR) option will list
+the allowed (and forbidden) commands for the invoking user (or the
+user specified by the \fB\-U\fR option) on the current host.  If a
+\&\fIcommand\fR is specified and is permitted by \fIsudoers\fR, the
+fully-qualified path to the command is displayed along with any
+command line arguments.  If \fIcommand\fR is specified but not allowed,
+\&\fBsudo\fR will exit with a status value of 1.  If the \fB\-l\fR option is
+specified with an \fBl\fR argument (i.e. \fB\-ll\fR), or if \fB\-l\fR
+is specified multiple times, a longer list format is used.
+.IP "\-n" 12
+.IX Item "-n"
+The \fB\-n\fR (\fInon-interactive\fR) option prevents \fBsudo\fR from prompting
+the user for a password.  If a password is required for the command
+to run, \fBsudo\fR will display an error messages and exit.
+.IP "\-P" 12
+.IX Item "-P"
+The \fB\-P\fR (\fIpreserve\fR \fIgroup vector\fR) option causes \fBsudo\fR to
+preserve the invoking user's group vector unaltered.  By default,
+\&\fBsudo\fR will initialize the group vector to the list of groups the
+target user is in.  The real and effective group IDs, however, are
+still set to match the target user.
+.IP "\-p \fIprompt\fR" 12
+.IX Item "-p prompt"
+The \fB\-p\fR (\fIprompt\fR) option allows you to override the default
+password prompt and use a custom one.  The following percent (`\f(CW\*(C`%\*(C'\fR')
+escapes are supported:
+.RS 12
+.ie n .IP "%H" 4
+.el .IP "\f(CW%H\fR" 4
+.IX Item "%H"
+expanded to the local host name including the domain name
+(on if the machine's host name is fully qualified or the \fIfqdn\fR
+\&\fIsudoers\fR option is set)
+.ie n .IP "%h" 4
+.el .IP "\f(CW%h\fR" 4
+.IX Item "%h"
+expanded to the local host name without the domain name
+.ie n .IP "%p" 4
+.el .IP "\f(CW%p\fR" 4
+.IX Item "%p"
+expanded to the user whose password is being asked for (respects the
+\&\fIrootpw\fR, \fItargetpw\fR and \fIrunaspw\fR flags in \fIsudoers\fR)
+.ie n .IP "%U" 4
+.el .IP "\f(CW%U\fR" 4
+.IX Item "%U"
+expanded to the login name of the user the command will
+be run as (defaults to root)
+.ie n .IP "%u" 4
+.el .IP "\f(CW%u\fR" 4
+.IX Item "%u"
+expanded to the invoking user's login name
+.ie n .IP "\*(C`%%\*(C'" 4
+.el .IP "\f(CW\*(C`%%\*(C'\fR" 4
+.IX Item "%%"
+two consecutive \f(CW\*(C`%\*(C'\fR characters are collapsed into a single \f(CW\*(C`%\*(C'\fR character
+.RE
+.RS 12
+.Sp
+The prompt specified by the \fB\-p\fR option will override the system
+password prompt on systems that support \s-1PAM\s0 unless the
+\&\fIpassprompt_override\fR flag is disabled in \fIsudoers\fR.
+.RE
+.if \n(SL \{\
+.IP "\-r \fIrole\fR" 12
+.IX Item "-r role"
+The \fB\-r\fR (\fIrole\fR) option causes the new (SELinux) security context to
+have the role specified by \fIrole\fR.
+\}
+.IP "\-S" 12
+.IX Item "-S"
+The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
+the standard input instead of the terminal device.  The password must
+be followed by a newline character.
+.IP "\-s [command]" 12
+.IX Item "-s [command]"
+The \fB\-s\fR (\fIshell\fR) option runs the shell specified by the \fI\s-1SHELL\s0\fR
+environment variable if it is set or the shell as specified in
+\&\fIpasswd\fR\|(@mansectform@).  If a command is specified, it is passed to the shell
+for execution.  Otherwise, an interactive shell is executed.
+.if \n(SL \{\
+.IP "\-t \fItype\fR" 12
+.IX Item "-t type"
+The \fB\-t\fR (\fItype\fR) option causes the new (SELinux) security context to
+have the type specified by \fItype\fR.  If no type is specified, the default
+type is derived from the specified role.
+\}
+.IP "\-U \fIuser\fR" 12
+.IX Item "-U user"
+The \fB\-U\fR (\fIother user\fR) option is used in conjunction with the \fB\-l\fR
+option to specify the user whose privileges should be listed.  Only
+root or a user with \fBsudo\fR \f(CW\*(C`ALL\*(C'\fR on the current host may use this
+option.
+.IP "\-u \fIuser\fR" 12
+.IX Item "-u user"
+The \fB\-u\fR (\fIuser\fR) option causes \fBsudo\fR to run the specified
+command as a user other than \fIroot\fR.  To specify a \fIuid\fR instead
+of a \fIuser name\fR, use \fI#uid\fR.  When running commands as a \fIuid\fR,
+many shells require that the '#' be escaped with a backslash ('\e').
+Note that if the \fItargetpw\fR Defaults option is set (see \fIsudoers\fR\|(@mansectform@))
+it is not possible to run commands with a uid not listed in the
+password database.
+.IP "\-V" 12
+.IX Item "-V"
+The \fB\-V\fR (\fIversion\fR) option causes \fBsudo\fR to print the version
+number and exit.  If the invoking user is already root the \fB\-V\fR
+option will print out a list of the defaults \fBsudo\fR was compiled
+with as well as the machine's local network addresses.
+.IP "\-v" 12
+.IX Item "-v"
+If given the \fB\-v\fR (\fIvalidate\fR) option, \fBsudo\fR will update the
+user's time stamp, prompting for the user's password if necessary.
+This extends the \fBsudo\fR timeout for another \f(CW\*(C`@timeout@\*(C'\fR minutes
+(or whatever the timeout is set to in \fIsudoers\fR) but does not run
+a command.
+.IP "\-\-" 12
+The \fB\-\-\fR option indicates that \fBsudo\fR should stop processing command
+line arguments.
+.PP
+Environment variables to be set for the command may also be passed
+on the command line in the form of \fB\s-1VAR\s0\fR=\fIvalue\fR, e.g.
+\&\fB\s-1LD_LIBRARY_PATH\s0\fR=\fI/usr/local/pkg/lib\fR.  Variables passed on the
+command line are subject to the same restrictions as normal environment
+variables with one important exception.  If the \fIsetenv\fR option
+is set in \fIsudoers\fR, the command to be run has the \f(CW\*(C`SETENV\*(C'\fR tag
+set or the command matched is \f(CW\*(C`ALL\*(C'\fR, the user may set variables
+that would overwise be forbidden.  See \fIsudoers\fR\|(@mansectform@) for more information.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+Upon successful execution of a program, the exit status from \fBsudo\fR
+will simply be the exit status of the program that was executed.
+.PP
+Otherwise, \fBsudo\fR quits with an exit value of 1 if there is a
+configuration/permission problem or if \fBsudo\fR cannot execute the
+given command.  In the latter case the error string is printed to
+stderr.  If \fBsudo\fR cannot \fIstat\fR\|(2) one or more entries in the user's
+\&\f(CW\*(C`PATH\*(C'\fR an error is printed on stderr.  (If the directory does not
+exist or if it is not really a directory, the entry is ignored and
+no error is printed.)  This should not happen under normal
+circumstances.  The most common reason for \fIstat\fR\|(2) to return
+\&\*(L"permission denied\*(R" is if you are running an automounter and one
+of the directories in your \f(CW\*(C`PATH\*(C'\fR is on a machine that is currently
+unreachable.
+.SH "SECURITY NOTES"
+.IX Header "SECURITY NOTES"
+\&\fBsudo\fR tries to be safe when executing external commands.
+.PP
+There are two distinct ways to deal with environment variables.
+By default, the \fIenv_reset\fR \fIsudoers\fR option is enabled.
+This causes commands to be executed with a minimal environment
+containing \f(CW\*(C`TERM\*(C'\fR, \f(CW\*(C`PATH\*(C'\fR, \f(CW\*(C`HOME\*(C'\fR, \f(CW\*(C`SHELL\*(C'\fR, \f(CW\*(C`LOGNAME\*(C'\fR, \f(CW\*(C`USER\*(C'\fR
+and \f(CW\*(C`USERNAME\*(C'\fR in addition to variables from the invoking process
+permitted by the \fIenv_check\fR and \fIenv_keep\fR \fIsudoers\fR options.
+There is effectively a whitelist for environment variables.
+.PP
+If, however, the \fIenv_reset\fR option is disabled in \fIsudoers\fR, any
+variables not explicitly denied by the \fIenv_check\fR and \fIenv_delete\fR
+options are inherited from the invoking process.  In this case,
+\&\fIenv_check\fR and \fIenv_delete\fR behave like a blacklist.  Since it
+is not possible to blacklist all potentially dangerous environment
+variables, use of the default \fIenv_reset\fR behavior is encouraged.
+.PP
+In all cases, environment variables with a value beginning with
+\&\f(CW\*(C`()\*(C'\fR are removed as they could be interpreted as \fBbash\fR functions.
+The list of environment variables that \fBsudo\fR allows or denies is
+contained in the output of \f(CW\*(C`sudo \-V\*(C'\fR when run as root.
+.PP
+Note that the dynamic linker on most operating systems will remove
+variables that can control dynamic linking from the environment of
+setuid executables, including \fBsudo\fR.  Depending on the operating
+system this may include \f(CW\*(C`_RLD*\*(C'\fR, \f(CW\*(C`DYLD_*\*(C'\fR, \f(CW\*(C`LD_*\*(C'\fR, \f(CW\*(C`LDR_*\*(C'\fR,
+\&\f(CW\*(C`LIBPATH\*(C'\fR, \f(CW\*(C`SHLIB_PATH\*(C'\fR, and others.  These type of variables are
+removed from the environment before \fBsudo\fR even begins execution
+and, as such, it is not possible for \fBsudo\fR to preserve them.
+.PP
+To prevent command spoofing, \fBsudo\fR checks \*(L".\*(R" and "" (both denoting
+current directory) last when searching for a command in the user's
+\&\s-1PATH\s0 (if one or both are in the \s-1PATH\s0).  Note, however, that the
+actual \f(CW\*(C`PATH\*(C'\fR environment variable is \fInot\fR modified and is passed
+unchanged to the program that \fBsudo\fR executes.
+.PP
+\&\fBsudo\fR will check the ownership of its time stamp directory
+(\fI@timedir@\fR by default) and ignore the directory's contents if
+it is not owned by root or if it is writable by a user other than
+root.  On systems that allow non-root users to give away files via
+\&\fIchown\fR\|(2), if the time stamp directory is located in a directory
+writable by anyone (e.g., \fI/tmp\fR), it is possible for a user to
+create the time stamp directory before \fBsudo\fR is run.  However,
+because \fBsudo\fR checks the ownership and mode of the directory and
+its contents, the only damage that can be done is to \*(L"hide\*(R" files
+by putting them in the time stamp dir.  This is unlikely to happen
+since once the time stamp dir is owned by root and inaccessible by
+any other user, the user placing files there would be unable to get
+them back out.  To get around this issue you can use a directory
+that is not world-writable for the time stamps (\fI/var/adm/sudo\fR for
+instance) or create \fI@timedir@\fR with the appropriate owner (root)
+and permissions (0700) in the system startup files.
+.PP
+\&\fBsudo\fR will not honor time stamps set far in the future.
+Timestamps with a date greater than current_time + 2 * \f(CW\*(C`TIMEOUT\*(C'\fR
+will be ignored and sudo will log and complain.  This is done to
+keep a user from creating his/her own time stamp with a bogus
+date on systems that allow users to give away files.
+.PP
+On systems where the boot time is available, \fBsudo\fR will also not
+honor time stamps from before the machine booted.
+.PP
+Since time stamp files live in the file system, they can outlive a
+user's login session.  As a result, a user may be able to login,
+run a command with \fBsudo\fR after authenticating, logout, login
+again, and run \fBsudo\fR without authenticating so long as the time
+stamp file's modification time is within \f(CW\*(C`@timeout@\*(C'\fR minutes (or
+whatever the timeout is set to in \fIsudoers\fR).  When the \fItty_tickets\fR
+option is enabled in \fIsudoers\fR, the time stamp has per-tty granularity
+but still may outlive the user's session.  On Linux systems where
+the devpts filesystem is used, Solaris systems with the devices
+filesystem, as well as other systems that utilize a devfs filesystem
+that monotonically increase the inode number of devices as they are
+created (such as Mac \s-1OS\s0 X), \fBsudo\fR is able to determine when a
+tty-based time stamp file is stale and will ignore it.  Administrators
+should not rely on this feature as it is not universally available.
+.PP
+Please note that \fBsudo\fR will normally only log the command it
+explicitly runs.  If a user runs a command such as \f(CW\*(C`sudo su\*(C'\fR or
+\&\f(CW\*(C`sudo sh\*(C'\fR, subsequent commands run from that shell will \fInot\fR be
+logged, nor will \fBsudo\fR's access control affect them.  The same
+is true for commands that offer shell escapes (including most
+editors).  Because of this, care must be taken when giving users
+access to commands via \fBsudo\fR to verify that the command does not
+inadvertently give the user an effective root shell.  For more
+information, please see the \f(CW\*(C`PREVENTING SHELL ESCAPES\*(C'\fR section in
+\&\fIsudoers\fR\|(@mansectform@).
+.SH "ENVIRONMENT"
+.IX Header "ENVIRONMENT"
+\&\fBsudo\fR utilizes the following environment variables:
+.ie n .IP "\*(C`EDITOR\*(C'" 16
+.el .IP "\f(CW\*(C`EDITOR\*(C'\fR" 16
+.IX Item "EDITOR"
+Default editor to use in \fB\-e\fR (sudoedit) mode if neither \f(CW\*(C`SUDO_EDITOR\*(C'\fR
+nor \f(CW\*(C`VISUAL\*(C'\fR is set
+.ie n .IP "\*(C`MAIL\*(C'" 16
+.el .IP "\f(CW\*(C`MAIL\*(C'\fR" 16
+.IX Item "MAIL"
+In \fB\-i\fR mode or when \fIenv_reset\fR is enabled in \fIsudoers\fR, set
+to the mail spool of the target user
+.ie n .IP "\*(C`HOME\*(C'" 16
+.el .IP "\f(CW\*(C`HOME\*(C'\fR" 16
+.IX Item "HOME"
+Set to the home directory of the target user if \fB\-i\fR or \fB\-H\fR are
+specified, \fIenv_reset\fR or \fIalways_set_home\fR are set in \fIsudoers\fR,
+or when the \fB\-s\fR option is specified and \fIset_home\fR is set in
+\&\fIsudoers\fR
+.ie n .IP "\*(C`PATH\*(C'" 16
+.el .IP "\f(CW\*(C`PATH\*(C'\fR" 16
+.IX Item "PATH"
+Set to a sane value if the \fIsecure_path\fR sudoers option is set.
+.ie n .IP "\*(C`SHELL\*(C'" 16
+.el .IP "\f(CW\*(C`SHELL\*(C'\fR" 16
+.IX Item "SHELL"
+Used to determine shell to run with \f(CW\*(C`\-s\*(C'\fR option
+.ie n .IP "\*(C`SUDO_ASKPASS\*(C'" 16
+.el .IP "\f(CW\*(C`SUDO_ASKPASS\*(C'\fR" 16
+.IX Item "SUDO_ASKPASS"
+Specifies the path to a helper program used to read the password
+if no terminal is available or if the \f(CW\*(C`\-A\*(C'\fR option is specified.
+.ie n .IP "\*(C`SUDO_COMMAND\*(C'" 16
+.el .IP "\f(CW\*(C`SUDO_COMMAND\*(C'\fR" 16
+.IX Item "SUDO_COMMAND"
+Set to the command run by sudo
+.ie n .IP "\*(C`SUDO_EDITOR\*(C'" 16
+.el .IP "\f(CW\*(C`SUDO_EDITOR\*(C'\fR" 16
+.IX Item "SUDO_EDITOR"
+Default editor to use in \fB\-e\fR (sudoedit) mode
+.ie n .IP "\*(C`SUDO_GID\*(C'" 16
+.el .IP "\f(CW\*(C`SUDO_GID\*(C'\fR" 16
+.IX Item "SUDO_GID"
+Set to the group \s-1ID\s0 of the user who invoked sudo
+.ie n .IP "\*(C`SUDO_PROMPT\*(C'" 16
+.el .IP "\f(CW\*(C`SUDO_PROMPT\*(C'\fR" 16
+.IX Item "SUDO_PROMPT"
+Used as the default password prompt
+.ie n .IP "\*(C`SUDO_PS1\*(C'" 16
+.el .IP "\f(CW\*(C`SUDO_PS1\*(C'\fR" 16
+.IX Item "SUDO_PS1"
+If set, \f(CW\*(C`PS1\*(C'\fR will be set to its value for the program being run
+.ie n .IP "\*(C`SUDO_UID\*(C'" 16
+.el .IP "\f(CW\*(C`SUDO_UID\*(C'\fR" 16
+.IX Item "SUDO_UID"
+Set to the user \s-1ID\s0 of the user who invoked sudo
+.ie n .IP "\*(C`SUDO_USER\*(C'" 16
+.el .IP "\f(CW\*(C`SUDO_USER\*(C'\fR" 16
+.IX Item "SUDO_USER"
+Set to the login of the user who invoked sudo
+.ie n .IP "\*(C`USER\*(C'" 16
+.el .IP "\f(CW\*(C`USER\*(C'\fR" 16
+.IX Item "USER"
+Set to the target user (root unless the \fB\-u\fR option is specified)
+.ie n .IP "\*(C`VISUAL\*(C'" 16
+.el .IP "\f(CW\*(C`VISUAL\*(C'\fR" 16
+.IX Item "VISUAL"
+Default editor to use in \fB\-e\fR (sudoedit) mode if \f(CW\*(C`SUDO_EDITOR\*(C'\fR
+is not set
+.SH "FILES"
+.IX Header "FILES"
+.ie n .IP "\fI@sysconfdir@/sudoers\fR" 24
+.el .IP "\fI@sysconfdir@/sudoers\fR" 24
+.IX Item "@sysconfdir@/sudoers"
+List of who can run what
+.ie n .IP "\fI@timedir@\fR" 24
+.el .IP "\fI@timedir@\fR" 24
+.IX Item "@timedir@"
+Directory containing time stamps
+.IP "\fI/etc/environment\fR" 24
+.IX Item "/etc/environment"
+Initial environment for \fB\-i\fR mode on Linux and \s-1AIX\s0
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Note: the following examples assume suitable \fIsudoers\fR\|(@mansectform@) entries.
+.PP
+To get a file listing of an unreadable directory:
+.PP
+.Vb 1
+\& $ sudo ls /usr/local/protected
+.Ve
+.PP
+To list the home directory of user yaz on a machine where the
+file system holding ~yaz is not exported as root:
+.PP
+.Vb 1
+\& $ sudo \-u yaz ls ~yaz
+.Ve
+.PP
+To edit the \fIindex.html\fR file as user www:
+.PP
+.Vb 1
+\& $ sudo \-u www vi ~www/htdocs/index.html
+.Ve
+.PP
+To view system logs only accessible to root and users in the adm group:
+.PP
+.Vb 1
+\& $ sudo \-g adm view /var/log/syslog
+.Ve
+.PP
+To run an editor as jim with a different primary group:
+.PP
+.Vb 1
+\& $ sudo \-u jim \-g audio vi ~jim/sound.txt
+.Ve
+.PP
+To shutdown a machine:
+.PP
+.Vb 1
+\& $ sudo shutdown \-r +15 "quick reboot"
+.Ve
+.PP
+To make a usage listing of the directories in the /home
+partition.  Note that this runs the commands in a sub-shell
+to make the \f(CW\*(C`cd\*(C'\fR and file redirection work.
+.PP
+.Vb 1
+\& $ sudo sh \-c "cd /home ; du \-s * | sort \-rn > USAGE"
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIgrep\fR\|(1), \fIsu\fR\|(1), \fIstat\fR\|(2),
+.if \n(LC \&\fIlogin_cap\fR\|(3),
+\&\fIpasswd\fR\|(@mansectform@), \fIsudoers\fR\|(5), \fIvisudo\fR\|(@mansectsu@)
+.SH "AUTHORS"
+.IX Header "AUTHORS"
+Many people have worked on \fBsudo\fR over the years; this
+version consists of code written primarily by:
+.PP
+.Vb 1
+\&        Todd C. Miller
+.Ve
+.PP
+See the \s-1HISTORY\s0 file in the \fBsudo\fR distribution or visit
+http://www.sudo.ws/sudo/history.html for a short history
+of \fBsudo\fR.
+.SH "CAVEATS"
+.IX Header "CAVEATS"
+There is no easy way to prevent a user from gaining a root shell
+if that user is allowed to run arbitrary commands via \fBsudo\fR.
+Also, many programs (such as editors) allow the user to run commands
+via shell escapes, thus avoiding \fBsudo\fR's checks.  However, on
+most systems it is possible to prevent shell escapes with \fBsudo\fR's
+\&\fInoexec\fR functionality.  See the \fIsudoers\fR\|(@mansectform@) manual
+for details.
+.PP
+It is not meaningful to run the \f(CW\*(C`cd\*(C'\fR command directly via sudo, e.g.,
+.PP
+.Vb 1
+\& $ sudo cd /usr/local/protected
+.Ve
+.PP
+since when the command exits the parent process (your shell) will
+still be the same.  Please see the \s-1EXAMPLES\s0 section for more information.
+.PP
+If users have sudo \f(CW\*(C`ALL\*(C'\fR there is nothing to prevent them from
+creating their own program that gives them a root shell regardless
+of any '!' elements in the user specification.
+.PP
+Running shell scripts via \fBsudo\fR can expose the same kernel bugs that
+make setuid shell scripts unsafe on some operating systems (if your \s-1OS\s0
+has a /dev/fd/ directory, setuid shell scripts are generally safe).
+.SH "BUGS"
+.IX Header "BUGS"
+If you feel you have found a bug in \fBsudo\fR, please submit a bug report
+at http://www.sudo.ws/sudo/bugs/
+.SH "SUPPORT"
+.IX Header "SUPPORT"
+Limited free support is available via the sudo-users mailing list,
+see http://www.sudo.ws/mailman/listinfo/sudo\-users to subscribe or
+search the archives.
+.SH "DISCLAIMER"
+.IX Header "DISCLAIMER"
+\&\fBsudo\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties,
+including, but not limited to, the implied warranties of merchantability
+and fitness for a particular purpose are disclaimed.  See the \s-1LICENSE\s0
+file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html
+for complete details.
diff --git a/sudo-1.7.4p4/sudo.man.pl b/sudo-1.7.4p4/sudo.man.pl
new file mode 100644
index 0000000..e8e6125
--- /dev/null
+++ b/sudo-1.7.4p4/sudo.man.pl
@@ -0,0 +1,35 @@
+#!/usr/bin/perl -p
+
+BEGIN {
+    %tags = ( 'a', 'BA', 'c', 'LC', 'r', 'SL', 't', 'SL');
+    $cond = -1;
+}
+
+# Initialize the numeric register we use for conditionals
+if ($cond == -1) {
+    $_ = ".nr SL \@SEMAN\@\n.nr BA \@BAMAN\@\n.nr LC \@LCMAN\@\n.nr PT \@password_timeout\@\n.\\\"\n$_";
+    $cond = 0;
+}
+
+# Add conditionals
+if (/^\.IP.*-([acrt])/) {
+    $_ = ".if \\n($tags{$1} \\{\\\n$_";
+    $cond = 1;
+} elsif ($cond && /^\.(Sh|SS|IP|PP)/) {
+    $_ = "\\}\n$_";
+    $cond = 0;
+}
+
+if (/-a.*auth_type/) {
+    $_ = ".if \\n($tags{'a'} $_";
+} elsif (/(-c.*class.*\||login_cap)/) {
+    $_ = ".if \\n($tags{'c'} $_";
+} elsif (/-r.*role.*-t.*type/) {
+    $_ = ".if \\n($tags{'r'} $_";
+}
+
+# Fix up broken pod2man formatting of F<@foo@/bar>
+s/\\fI\\f(\(C)?I\@([^\@]*)\\fI\@/\\fI\@$2\@/g;
+
+# Try to deal sensibly with password_timeout being set to 0 by default
+s/([^ ]*\@password_timeout\@[^ ]* minutes.$)/\n.ie \\n(PT $1\n.el unlimited./;
diff --git a/sudo-1.7.4p4/sudo.pod b/sudo-1.7.4p4/sudo.pod
new file mode 100644
index 0000000..33bcb6a
--- /dev/null
+++ b/sudo-1.7.4p4/sudo.pod
@@ -0,0 +1,701 @@
+Copyright (c) 1994-1996, 1998-2005, 2007-2010
+	Todd C. Miller <Todd.Miller@courtesan.com>
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Sponsored in part by the Defense Advanced Research Projects
+Agency (DARPA) and Air Force Research Laboratory, Air Force
+Materiel Command, USAF, under agreement number F39502-99-1-0512.
+
+=pod
+
+=head1 NAME
+
+sudo, sudoedit - execute a command as another user
+
+=head1 SYNOPSIS
+
+B<sudo> B<-h> | B<-K> | B<-k> | B<-L> | B<-V>
+
+B<sudo> B<-v> [B<-AknS>]
+S<[B<-a> I<auth_type>]>
+S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]>
+S<[B<-u> I<username>|I<#uid>]>
+
+B<sudo> B<-l[l]> [B<-AknS>]
+S<[B<-a> I<auth_type>]>
+S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]>
+S<[B<-U> I<user name>]> S<[B<-u> I<user name>|I<#uid>]> [I<command>]
+
+B<sudo> [B<-AbEHnPS>]
+S<[B<-a> I<auth_type>]>
+S<[B<-C> I<fd>]>
+S<[B<-c> I<class>|I<->]>
+S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]>
+S<[B<-r> I<role>]> S<[B<-t> I<type>]>
+S<[B<-u> I<user name>|I<#uid>]>
+S<[B<VAR>=I<value>]> S<[B<-i> | B<-s>]> [I<command>]
+
+B<sudoedit> [B<-AnS>]
+S<[B<-a> I<auth_type>]>
+S<[B<-C> I<fd>]>
+S<[B<-c> I<class>|I<->]>
+S<[B<-g> I<group name>|I<#gid>]> S<[B<-p> I<prompt>]>
+S<[B<-u> I<user name>|I<#uid>]> file ...
+
+=head1 DESCRIPTION
+
+B<sudo> allows a permitted user to execute a I<command> as the
+superuser or another user, as specified in the I<sudoers> file.
+The real and effective uid and gid are set to match those of the
+target user as specified in the passwd file and the group vector
+is initialized based on the group file (unless the B<-P> option was
+specified).  If the invoking user is root or if the target user is
+the same as the invoking user, no password is required.  Otherwise,
+B<sudo> requires that users authenticate themselves with a password
+by default (NOTE: in the default configuration this is the user's
+password, not the root password).  Once a user has been authenticated,
+a time stamp is updated and the user may then use sudo without a
+password for a short period of time (C<@timeout@> minutes unless
+overridden in I<sudoers>).
+
+When invoked as B<sudoedit>, the B<-e> option (described below),
+is implied.
+
+B<sudo> determines who is an authorized user by consulting the file
+F<@sysconfdir@/sudoers>.  By running B<sudo> with the B<-v> option,
+a user can update the time stamp without running a I<command>.  If
+a password is required, B<sudo> will exit if the user's password
+is not entered within a configurable time limit.  The default
+password prompt timeout is C<@password_timeout@> minutes.
+
+If a user who is not listed in the I<sudoers> file tries to run a
+command via B<sudo>, mail is sent to the proper authorities, as
+defined at configure time or in the I<sudoers> file (defaults to
+C<@mailto@>).  Note that the mail will not be sent if an unauthorized
+user tries to run sudo with the B<-l> or B<-v> option.  This allows
+users to determine for themselves whether or not they are allowed
+to use B<sudo>.
+
+If B<sudo> is run by root and the C<SUDO_USER> environment variable
+is set, B<sudo> will use this value to determine who the actual
+user is.  This can be used by a user to log commands through sudo
+even when a root shell has been invoked.  It also allows the B<-e>
+option to remain useful even when being run via a sudo-run script or
+program.  Note however, that the sudoers lookup is still done for
+root, not the user specified by C<SUDO_USER>.
+
+B<sudo> can log both successful and unsuccessful attempts (as well
+as errors) to syslog(3), a log file, or both.  By default B<sudo>
+will log via syslog(3) but this is changeable at configure time
+or via the I<sudoers> file.
+
+=head1 OPTIONS
+
+B<sudo> accepts the following command line options:
+
+=over 12
+
+=item -A
+
+Normally, if B<sudo> requires a password, it will read it from the
+current terminal.  If the B<-A> (I<askpass>) option is specified,
+a (possibly graphical) helper program is executed to read the
+user's password and output the password to the standard output.  If
+the C<SUDO_ASKPASS> environment variable is set, it specifies the
+path to the helper program.  Otherwise, the value specified by the
+I<askpass> option in L<sudoers(5)> is used.
+
+=item -a I<type>
+
+The B<-a> (I<authentication type>) option causes B<sudo> to use the
+specified authentication type when validating the user, as allowed
+by F</etc/login.conf>.  The system administrator may specify a list
+of sudo-specific authentication methods by adding an "auth-sudo"
+entry in F</etc/login.conf>.  This option is only available on systems
+that support BSD authentication.
+
+=item -b
+
+The B<-b> (I<background>) option tells B<sudo> to run the given
+command in the background.  Note that if you use the B<-b>
+option you cannot use shell job control to manipulate the process.
+
+=item -C I<fd>
+
+Normally, B<sudo> will close all open file descriptors other than
+standard input, standard output and standard error.  The B<-C>
+(I<close from>) option allows the user to specify a starting point
+above the standard error (file descriptor three).  Values less than
+three are not permitted.  This option is only available if the
+administrator has enabled the I<closefrom_override> option in
+L<sudoers(5)>.
+
+=item -c I<class>
+
+The B<-c> (I<class>) option causes B<sudo> to run the specified command
+with resources limited by the specified login class.  The I<class>
+argument can be either a class name as defined in F</etc/login.conf>,
+or a single '-' character.  Specifying a I<class> of C<-> indicates
+that the command should be run restricted by the default login
+capabilities for the user the command is run as.  If the I<class>
+argument specifies an existing user class, the command must be run
+as root, or the B<sudo> command must be run from a shell that is already
+root.  This option is only available on systems with BSD login classes.
+
+=item -E
+
+The B<-E> (I<preserve> I<environment>) option will override the
+I<env_reset> option in L<sudoers(5)>).  It is only
+available when either the matching command has the C<SETENV> tag
+or the I<setenv> option is set in L<sudoers(5)>.
+
+=item -e
+
+The B<-e> (I<edit>) option indicates that, instead of running
+a command, the user wishes to edit one or more files.  In lieu
+of a command, the string "sudoedit" is used when consulting
+the I<sudoers> file.  If the user is authorized by I<sudoers>
+the following steps are taken:
+
+=over 4
+
+=item 1.
+
+Temporary copies are made of the files to be edited with the owner
+set to the invoking user.
+
+=item 2.
+
+The editor specified by the C<SUDO_EDITOR>, C<VISUAL> or C<EDITOR>
+environment variables is run to edit the temporary files.  If none
+of C<SUDO_EDITOR>, C<VISUAL> or C<EDITOR> are set, the first program
+listed in the I<editor> I<sudoers> variable is used.
+
+=item 3.
+
+If they have been modified, the temporary files are copied back to
+their original location and the temporary versions are removed.
+
+=back
+
+If the specified file does not exist, it will be created.  Note
+that unlike most commands run by B<sudo>, the editor is run with
+the invoking user's environment unmodified.  If, for some reason,
+B<sudo> is unable to update a file with its edited version, the
+user will receive a warning and the edited copy will remain in a
+temporary file.
+
+=item -g I<group>
+
+Normally, B<sudo> sets the primary group to the one specified by
+the passwd database for the user the command is being run as (by
+default, root).  The B<-g> (I<group>) option causes B<sudo> to run
+the specified command with the primary group set to I<group>.  To
+specify a I<gid> instead of a I<group name>, use I<#gid>.  When
+running commands as a I<gid>, many shells require that the '#' be
+escaped with a backslash ('\').  If no B<-u> option is specified,
+the command will be run as the invoking user (not root).  In either
+case, the primary group will be set to I<group>.
+
+=item -H
+
+The B<-H> (I<HOME>) option sets the C<HOME> environment variable
+to the homedir of the target user (root by default) as specified
+in passwd(5).  The default handling of the C<HOME> environment
+variable depends on L<sudoers(5)> settings.  By default, B<sudo>
+will set C<HOME> if I<env_reset> or I<always_set_home> are set, or
+if I<set_home> is set and the B<-s> option is specified on the
+command line.
+
+=item -h
+
+The B<-h> (I<help>) option causes B<sudo> to print a usage message and exit.
+
+=item -i [command]
+
+The B<-i> (I<simulate initial login>) option runs the shell specified
+in the L<passwd(5)> entry of the target user as a login shell.  This
+means that login-specific resource files such as C<.profile> or
+C<.login> will be read by the shell.  If a command is specified,
+it is passed to the shell for execution.  Otherwise, an interactive
+shell is executed.  B<sudo> attempts to change to that user's home
+directory before running the shell.  It also initializes the
+environment, leaving I<DISPLAY> and I<TERM> unchanged, setting
+I<HOME>, I<MAIL>, I<SHELL>, I<USER>, I<LOGNAME>, and I<PATH>, as well as
+the contents of F</etc/environment> on Linux and AIX systems.
+All other environment variables are removed.
+
+=item -K
+
+The B<-K> (sure I<kill>) option is like B<-k> except that it removes
+the user's time stamp entirely and may not be used in conjunction
+with a command or other option.  This option does not require a
+password.
+
+=item -k
+
+When used by itself, the B<-k> (I<kill>) option to B<sudo> invalidates
+the user's time stamp by setting the time on it to the Epoch.  The
+next time B<sudo> is run a password will be required.  This option
+does not require a password and was added to allow a user to revoke
+B<sudo> permissions from a .logout file.
+
+When used in conjunction with a command or an option that may require
+a password, the B<-k> option will cause B<sudo> to ignore the user's
+time stamp file.  As a result, B<sudo> will prompt for a password
+(if one is required by I<sudoers>) and will not update the user's
+time stamp file.
+
+=item -L
+
+The B<-L> (I<list> defaults) option will list the parameters that
+may be set in a I<Defaults> line along with a short description for
+each.  This option will be removed from a future version of B<sudo>.
+
+=item -l[l] [I<command>]
+
+If no I<command> is specified, the B<-l> (I<list>) option will list
+the allowed (and forbidden) commands for the invoking user (or the
+user specified by the B<-U> option) on the current host.  If a
+I<command> is specified and is permitted by I<sudoers>, the
+fully-qualified path to the command is displayed along with any
+command line arguments.  If I<command> is specified but not allowed,
+B<sudo> will exit with a status value of 1.  If the B<-l> option is
+specified with an B<l> argument (i.e. B<-ll>), or if B<-l>
+is specified multiple times, a longer list format is used.
+
+=item -n
+
+The B<-n> (I<non-interactive>) option prevents B<sudo> from prompting
+the user for a password.  If a password is required for the command
+to run, B<sudo> will display an error messages and exit.
+
+=item -P
+
+The B<-P> (I<preserve> I<group vector>) option causes B<sudo> to
+preserve the invoking user's group vector unaltered.  By default,
+B<sudo> will initialize the group vector to the list of groups the
+target user is in.  The real and effective group IDs, however, are
+still set to match the target user.
+
+=item -p I<prompt>
+
+The B<-p> (I<prompt>) option allows you to override the default
+password prompt and use a custom one.  The following percent (`C<%>')
+escapes are supported:
+
+=over 4
+
+=item C<%H>
+
+expanded to the local host name including the domain name
+(on if the machine's host name is fully qualified or the I<fqdn>
+I<sudoers> option is set)
+
+=item C<%h>
+
+expanded to the local host name without the domain name
+
+=item C<%p>
+
+expanded to the user whose password is being asked for (respects the
+I<rootpw>, I<targetpw> and I<runaspw> flags in I<sudoers>)
+
+=item C<%U>
+
+expanded to the login name of the user the command will
+be run as (defaults to root)
+
+=item C<%u>
+
+expanded to the invoking user's login name
+
+=item C<%%>
+
+two consecutive C<%> characters are collapsed into a single C<%> character
+
+=back
+
+The prompt specified by the B<-p> option will override the system
+password prompt on systems that support PAM unless the
+I<passprompt_override> flag is disabled in I<sudoers>.
+
+=item -r I<role>
+
+The B<-r> (I<role>) option causes the new (SELinux) security context to
+have the role specified by I<role>.
+
+=item -S
+
+The B<-S> (I<stdin>) option causes B<sudo> to read the password from
+the standard input instead of the terminal device.  The password must
+be followed by a newline character.
+
+=item -s [command]
+
+The B<-s> (I<shell>) option runs the shell specified by the I<SHELL>
+environment variable if it is set or the shell as specified in
+L<passwd(5)>.  If a command is specified, it is passed to the shell
+for execution.  Otherwise, an interactive shell is executed.
+
+=item -t I<type>
+
+The B<-t> (I<type>) option causes the new (SELinux) security context to
+have the type specified by I<type>.  If no type is specified, the default
+type is derived from the specified role.
+
+=item -U I<user>
+
+The B<-U> (I<other user>) option is used in conjunction with the B<-l>
+option to specify the user whose privileges should be listed.  Only
+root or a user with B<sudo> C<ALL> on the current host may use this
+option.
+
+=item -u I<user>
+
+The B<-u> (I<user>) option causes B<sudo> to run the specified
+command as a user other than I<root>.  To specify a I<uid> instead
+of a I<user name>, use I<#uid>.  When running commands as a I<uid>,
+many shells require that the '#' be escaped with a backslash ('\').
+Note that if the I<targetpw> Defaults option is set (see L<sudoers(5)>)
+it is not possible to run commands with a uid not listed in the
+password database.
+
+=item -V
+
+The B<-V> (I<version>) option causes B<sudo> to print the version
+number and exit.  If the invoking user is already root the B<-V>
+option will print out a list of the defaults B<sudo> was compiled
+with as well as the machine's local network addresses.
+
+=item -v
+
+If given the B<-v> (I<validate>) option, B<sudo> will update the
+user's time stamp, prompting for the user's password if necessary.
+This extends the B<sudo> timeout for another C<@timeout@> minutes
+(or whatever the timeout is set to in I<sudoers>) but does not run
+a command.
+
+=item --
+
+The B<--> option indicates that B<sudo> should stop processing command
+line arguments.
+
+=back
+
+Environment variables to be set for the command may also be passed
+on the command line in the form of B<VAR>=I<value>, e.g.
+B<LD_LIBRARY_PATH>=I</usr/local/pkg/lib>.  Variables passed on the
+command line are subject to the same restrictions as normal environment
+variables with one important exception.  If the I<setenv> option
+is set in I<sudoers>, the command to be run has the C<SETENV> tag
+set or the command matched is C<ALL>, the user may set variables
+that would overwise be forbidden.  See L<sudoers(5)> for more information.
+
+=head1 RETURN VALUES
+
+Upon successful execution of a program, the exit status from B<sudo>
+will simply be the exit status of the program that was executed.
+
+Otherwise, B<sudo> quits with an exit value of 1 if there is a
+configuration/permission problem or if B<sudo> cannot execute the
+given command.  In the latter case the error string is printed to
+stderr.  If B<sudo> cannot L<stat(2)> one or more entries in the user's
+C<PATH> an error is printed on stderr.  (If the directory does not
+exist or if it is not really a directory, the entry is ignored and
+no error is printed.)  This should not happen under normal
+circumstances.  The most common reason for L<stat(2)> to return
+"permission denied" is if you are running an automounter and one
+of the directories in your C<PATH> is on a machine that is currently
+unreachable.
+
+=head1 SECURITY NOTES
+
+B<sudo> tries to be safe when executing external commands.
+
+There are two distinct ways to deal with environment variables.
+By default, the I<env_reset> I<sudoers> option is enabled.
+This causes commands to be executed with a minimal environment
+containing C<TERM>, C<PATH>, C<HOME>, C<SHELL>, C<LOGNAME>, C<USER>
+and C<USERNAME> in addition to variables from the invoking process
+permitted by the I<env_check> and I<env_keep> I<sudoers> options.
+There is effectively a whitelist for environment variables.
+
+If, however, the I<env_reset> option is disabled in I<sudoers>, any
+variables not explicitly denied by the I<env_check> and I<env_delete>
+options are inherited from the invoking process.  In this case,
+I<env_check> and I<env_delete> behave like a blacklist.  Since it
+is not possible to blacklist all potentially dangerous environment
+variables, use of the default I<env_reset> behavior is encouraged.
+
+In all cases, environment variables with a value beginning with
+C<()> are removed as they could be interpreted as B<bash> functions.
+The list of environment variables that B<sudo> allows or denies is
+contained in the output of C<sudo -V> when run as root.
+
+Note that the dynamic linker on most operating systems will remove
+variables that can control dynamic linking from the environment of
+setuid executables, including B<sudo>.  Depending on the operating
+system this may include C<_RLD*>, C<DYLD_*>, C<LD_*>, C<LDR_*>,
+C<LIBPATH>, C<SHLIB_PATH>, and others.  These type of variables are
+removed from the environment before B<sudo> even begins execution
+and, as such, it is not possible for B<sudo> to preserve them.
+
+To prevent command spoofing, B<sudo> checks "." and "" (both denoting
+current directory) last when searching for a command in the user's
+PATH (if one or both are in the PATH).  Note, however, that the
+actual C<PATH> environment variable is I<not> modified and is passed
+unchanged to the program that B<sudo> executes.
+
+B<sudo> will check the ownership of its time stamp directory
+(F<@timedir@> by default) and ignore the directory's contents if
+it is not owned by root or if it is writable by a user other than
+root.  On systems that allow non-root users to give away files via
+L<chown(2)>, if the time stamp directory is located in a directory
+writable by anyone (e.g., F</tmp>), it is possible for a user to
+create the time stamp directory before B<sudo> is run.  However,
+because B<sudo> checks the ownership and mode of the directory and
+its contents, the only damage that can be done is to "hide" files
+by putting them in the time stamp dir.  This is unlikely to happen
+since once the time stamp dir is owned by root and inaccessible by
+any other user, the user placing files there would be unable to get
+them back out.  To get around this issue you can use a directory
+that is not world-writable for the time stamps (F</var/adm/sudo> for
+instance) or create F<@timedir@> with the appropriate owner (root)
+and permissions (0700) in the system startup files.
+
+B<sudo> will not honor time stamps set far in the future.
+Timestamps with a date greater than current_time + 2 * C<TIMEOUT>
+will be ignored and sudo will log and complain.  This is done to
+keep a user from creating his/her own time stamp with a bogus
+date on systems that allow users to give away files.
+
+On systems where the boot time is available, B<sudo> will also not
+honor time stamps from before the machine booted.
+
+Since time stamp files live in the file system, they can outlive a
+user's login session.  As a result, a user may be able to login,
+run a command with B<sudo> after authenticating, logout, login
+again, and run B<sudo> without authenticating so long as the time
+stamp file's modification time is within C<@timeout@> minutes (or
+whatever the timeout is set to in I<sudoers>).  When the I<tty_tickets>
+option is enabled in I<sudoers>, the time stamp has per-tty granularity
+but still may outlive the user's session.  On Linux systems where
+the devpts filesystem is used, Solaris systems with the devices
+filesystem, as well as other systems that utilize a devfs filesystem
+that monotonically increase the inode number of devices as they are
+created (such as Mac OS X), B<sudo> is able to determine when a
+tty-based time stamp file is stale and will ignore it.  Administrators
+should not rely on this feature as it is not universally available.
+
+Please note that B<sudo> will normally only log the command it
+explicitly runs.  If a user runs a command such as C<sudo su> or
+C<sudo sh>, subsequent commands run from that shell will I<not> be
+logged, nor will B<sudo>'s access control affect them.  The same
+is true for commands that offer shell escapes (including most
+editors).  Because of this, care must be taken when giving users
+access to commands via B<sudo> to verify that the command does not
+inadvertently give the user an effective root shell.  For more
+information, please see the C<PREVENTING SHELL ESCAPES> section in
+L<sudoers(5)>.
+
+=head1 ENVIRONMENT
+
+B<sudo> utilizes the following environment variables:
+
+=over 16
+
+=item C<EDITOR>
+
+Default editor to use in B<-e> (sudoedit) mode if neither C<SUDO_EDITOR>
+nor C<VISUAL> is set
+
+=item C<MAIL>
+
+In B<-i> mode or when I<env_reset> is enabled in I<sudoers>, set
+to the mail spool of the target user
+
+=item C<HOME>
+
+Set to the home directory of the target user if B<-i> or B<-H> are
+specified, I<env_reset> or I<always_set_home> are set in I<sudoers>,
+or when the B<-s> option is specified and I<set_home> is set in
+I<sudoers>
+
+=item C<PATH>
+
+Set to a sane value if the I<secure_path> sudoers option is set.
+
+=item C<SHELL>
+
+Used to determine shell to run with C<-s> option
+
+=item C<SUDO_ASKPASS>
+
+Specifies the path to a helper program used to read the password
+if no terminal is available or if the C<-A> option is specified.
+
+=item C<SUDO_COMMAND>
+
+Set to the command run by sudo
+
+=item C<SUDO_EDITOR>
+
+Default editor to use in B<-e> (sudoedit) mode
+
+=item C<SUDO_GID>
+
+Set to the group ID of the user who invoked sudo
+
+=item C<SUDO_PROMPT>
+
+Used as the default password prompt
+
+=item C<SUDO_PS1>
+
+If set, C<PS1> will be set to its value for the program being run
+
+=item C<SUDO_UID>
+
+Set to the user ID of the user who invoked sudo
+
+=item C<SUDO_USER>
+
+Set to the login of the user who invoked sudo
+
+=item C<USER>
+
+Set to the target user (root unless the B<-u> option is specified)
+
+=item C<VISUAL>
+
+Default editor to use in B<-e> (sudoedit) mode if C<SUDO_EDITOR>
+is not set
+
+=back
+
+=head1 FILES
+
+=over 24
+
+=item F<@sysconfdir@/sudoers>
+
+List of who can run what
+
+=item F<@timedir@>
+
+Directory containing time stamps
+
+=item F</etc/environment>
+
+Initial environment for B<-i> mode on Linux and AIX
+
+=back
+
+=head1 EXAMPLES
+
+Note: the following examples assume suitable L<sudoers(5)> entries.
+
+To get a file listing of an unreadable directory:
+
+ $ sudo ls /usr/local/protected
+
+To list the home directory of user yaz on a machine where the
+file system holding ~yaz is not exported as root:
+
+ $ sudo -u yaz ls ~yaz
+
+To edit the F<index.html> file as user www:
+
+ $ sudo -u www vi ~www/htdocs/index.html
+
+To view system logs only accessible to root and users in the adm group:
+
+ $ sudo -g adm view /var/log/syslog
+
+To run an editor as jim with a different primary group:
+
+ $ sudo -u jim -g audio vi ~jim/sound.txt
+
+To shutdown a machine:
+
+ $ sudo shutdown -r +15 "quick reboot"
+
+To make a usage listing of the directories in the /home
+partition.  Note that this runs the commands in a sub-shell
+to make the C<cd> and file redirection work.
+
+ $ sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
+
+=head1 SEE ALSO
+
+L<grep(1)>, L<su(1)>, L<stat(2)>,
+L<login_cap(3)>,
+L<passwd(5)>, L<sudoers(5)>, L<visudo(8)>
+
+=head1 AUTHORS
+
+Many people have worked on B<sudo> over the years; this
+version consists of code written primarily by:
+
+	Todd C. Miller
+
+See the HISTORY file in the B<sudo> distribution or visit
+http://www.sudo.ws/sudo/history.html for a short history
+of B<sudo>.
+
+=head1 CAVEATS
+
+There is no easy way to prevent a user from gaining a root shell
+if that user is allowed to run arbitrary commands via B<sudo>.
+Also, many programs (such as editors) allow the user to run commands
+via shell escapes, thus avoiding B<sudo>'s checks.  However, on
+most systems it is possible to prevent shell escapes with B<sudo>'s
+I<noexec> functionality.  See the L<sudoers(5)> manual
+for details.
+
+It is not meaningful to run the C<cd> command directly via sudo, e.g.,
+
+ $ sudo cd /usr/local/protected
+
+since when the command exits the parent process (your shell) will
+still be the same.  Please see the EXAMPLES section for more information.
+
+If users have sudo C<ALL> there is nothing to prevent them from
+creating their own program that gives them a root shell regardless
+of any '!' elements in the user specification.
+
+Running shell scripts via B<sudo> can expose the same kernel bugs that
+make setuid shell scripts unsafe on some operating systems (if your OS
+has a /dev/fd/ directory, setuid shell scripts are generally safe).
+
+=head1 BUGS
+
+If you feel you have found a bug in B<sudo>, please submit a bug report
+at http://www.sudo.ws/sudo/bugs/
+
+=head1 SUPPORT
+
+Limited free support is available via the sudo-users mailing list,
+see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
+search the archives.
+
+=head1 DISCLAIMER
+
+B<sudo> is provided ``AS IS'' and any express or implied warranties,
+including, but not limited to, the implied warranties of merchantability
+and fitness for a particular purpose are disclaimed.  See the LICENSE
+file distributed with B<sudo> or http://www.sudo.ws/sudo/license.html
+for complete details.
diff --git a/sudo-1.7.4p4/sudo.pp b/sudo-1.7.4p4/sudo.pp
new file mode 100644
index 0000000..1f203d8
--- /dev/null
+++ b/sudo-1.7.4p4/sudo.pp
@@ -0,0 +1,236 @@
+%set
+	if test -n "$flavor"; then
+		name="sudo-$flavor"
+		pp_kit_package="sudo_$flavor"
+	else
+		name="sudo"
+		pp_kit_package="sudo"
+	fi
+	summary="Provide limited super-user priveleges to specific users"
+	description="Sudo is a program designed to allow a sysadmin to give \
+limited root privileges to users and log root activity.  \
+The basic philosophy is to give as few privileges as possible but \
+still allow people to get their work done."
+	vendor="Todd C. Miller"
+	copyright="(c) 1993-1996,1998-2010 Todd C. Miller"
+
+	# Convert to 4 part version for AIX, including patch level
+	pp_aix_version=`echo $version|sed -e 's/\([0-9]*\.[0-9]*\.[0-9]*\)$/\1.0/' -e 's/[^0-9]*\([0-9]*\)$/.\1/'`
+
+	# Strip of patchlevel for kit which only supports x.y.z versions
+	pp_kit_version="`echo $version|sed -e 's/\.//g' -e 's/p[0-9]*$//'`"
+	pp_kit_name="TCM"
+
+	pp_sd_vendor_tag="TCM"
+	pp_solaris_name="TCM${name}"
+%if [rpm,deb]
+	# Convert patch level into release and remove from version
+	pp_rpm_release="`echo $version|sed 's/^[0-9]*\.[0-9]*\.[0-9]*[^0-9]*//'`"
+	pp_rpm_release="`expr $pp_rpm_release + 1`"
+	pp_rpm_version="`echo $version|sed 's/p[0-9]*$//'`"
+	pp_rpm_license="BSD"
+	pp_rpm_url="http://www.sudo.ws/"
+	pp_rpm_group="Applications/System"
+	pp_rpm_packager="Todd.Miller@courtesan.com"
+
+	pp_deb_maintainer="$pp_rpm_packager"
+	pp_deb_release="$pp_rpm_release"
+	pp_deb_version="$pp_rpm_version"
+%else
+	# For all but RPM and Debian we need to install sudoers with a different
+	# name and make a copy of it if there is no existing file.
+	mv ${pp_destdir}$sudoersdir/sudoers ${pp_destdir}$sudoersdir/sudoers.dist
+%endif
+
+%set [rpm]
+	# Add distro info to release
+	osrelease=`echo "$pp_rpm_distro" | sed -e 's/^[^0-9]*//' -e 's/-.*$//'`
+	case "$pp_rpm_distro" in
+	centos*|rhel*)
+		pp_rpm_release="$pp_rpm_release.el${osrelease%%[0-9]}"
+		;;
+	sles*)
+		pp_rpm_release="$pp_rpm_release.sles$osrelease"
+		;;
+	esac
+
+	# Uncomment some Defaults in sudoers
+	# Note that the order must match that of sudoers.
+	case "$pp_rpm_distro" in
+	centos*|rhel*)
+		/bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
+		/Locale settings/+1,s/^# //
+		/Desktop path settings/+1,s/^# //
+		w
+		q
+		EOF
+		;;
+	sles*)
+		/bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
+		/Locale settings/+1,s/^# //
+		/ConsoleKit session/+1,s/^# //
+		/allow any user to run sudo if they know the password/+2,s/^# //
+		/allow any user to run sudo if they know the password/+3,s/^# //
+		w
+		q
+		EOF
+		;;
+	esac
+
+	# For RedHat the doc dir is expected to include version and release
+	case "$pp_rpm_distro" in
+	centos*|rhel*)
+		mv ${pp_destdir}/${docdir} ${pp_destdir}/${docdir}-${version}-${pp_rpm_release}
+		docdir=${docdir}-${version}-${pp_rpm_release}
+		;;
+	esac
+
+	# Choose the correct PAM file by distro, must be tab indented for "<<-"
+	case "$pp_rpm_distro" in
+	centos*|rhel*)
+		mkdir -p ${pp_destdir}/etc/pam.d
+		if test $osrelease -lt 50; then
+			cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
+			#%PAM-1.0
+			auth       required	pam_stack.so service=system-auth
+			account    required	pam_stack.so service=system-auth
+			password   required	pam_stack.so service=system-auth
+			session    required	pam_limits.so
+			EOF
+		else
+			cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
+			#%PAM-1.0
+			auth       include	system-auth
+			account    include	system-auth
+			password   include	system-auth
+			session    optional	pam_keyinit.so revoke
+			session    required	pam_limits.so
+			EOF
+			cat > ${pp_destdir}/etc/pam.d/sudo-i <<-EOF
+			#%PAM-1.0
+			auth       include	sudo
+			account    include	sudo
+			password   include	sudo
+			session    optional	pam_keyinit.so force revoke
+			session    required	pam_limits.so
+			EOF
+		fi
+		;;
+	  sles*)
+		mkdir -p ${pp_destdir}/etc/pam.d
+		if test $osrelease -lt 10; then
+			cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
+			#%PAM-1.0
+			auth     required       pam_unix2.so
+			session  required       pam_limits.so
+			EOF
+		else
+			cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
+			#%PAM-1.0
+			auth     include	common-auth
+			account  include	common-account
+			password include	common-password
+			session  include	common-session
+			# session  optional	pam_xauth.so
+			EOF
+		fi
+		;;
+	esac
+
+%set [deb]
+	# Uncomment some Defaults and the %sudo rule in sudoers
+	# Note that the order must match that of sudoers and be tab-indented.
+	/bin/ed - ${pp_destdir}${sudoersdir}/sudoers <<-'EOF'
+	/Locale settings/+1,s/^# //
+	/X11 resource/+1,s/^# //
+	/^# \%sudo/,s/^# //
+	w
+	q
+	EOF
+	mkdir -p ${pp_destdir}/etc/pam.d
+	cat > ${pp_destdir}/etc/pam.d/sudo <<-EOF
+	#%PAM-1.0
+
+	@include common-auth
+	@include common-account
+
+	session required pam_permit.so
+	session required pam_limits.so
+	EOF
+
+%set [aix]
+	summary="Configurable super-user privileges"
+
+%files
+	$bindir/sudo        4111 root:
+	$bindir/sudoedit    4111 root:
+	$sbindir/visudo     0111
+	$bindir/sudoreplay  0111
+	$libexecdir/*
+	$sudoersdir/sudoers.d/	0750 $sudoers_uid:$sudoers_gid
+	$timedir/		0700 root:
+	$docdir/
+	$docdir/*
+	/etc/pam.d/*		volatile,optional
+%if [rpm,deb]
+	$sudoersdir/sudoers $sudoers_mode $sudoers_uid:$sudoers_gid volatile
+%else
+	$sudoersdir/sudoers.dist $sudoers_mode $sudoers_uid:$sudoers_gid volatile
+%endif
+
+%files [!aix]
+	$mandir/man*/*
+
+%files [aix]
+	# Some versions use catpages, some use manpages.
+	$mandir/cat*/* optional
+	$mandir/man*/* optional
+
+%post [!rpm,deb]
+	# Don't overwrite an existing sudoers file
+	sudoersdir=%{sudoersdir}
+	if test ! -r $sudoersdir/sudoers; then
+		cp -p $sudoersdir/sudoers.dist $sudoersdir/sudoers
+	fi
+
+%post [deb]
+	# dpkg-deb does not maintain the mode on the sudoers file, and
+	# installs it 0640 when sudo requires 0440
+	chmod %{sudoers_mode} %{sudoersdir}/sudoers
+
+	# create symlink to ease transition to new path for ldap config
+	# if old config file exists and new one doesn't
+	if test X"%{flavor}" = X"ldap" -a \
+	    -r /etc/ldap/ldap.conf -a ! -r /etc/sudo-ldap.conf; then
+		ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf
+	fi
+
+	# Debian uses a sudo group in its default sudoers file
+	perl -e '
+		exit 0 if getgrnam("sudo");
+		$gid = 27; # default debian sudo gid
+		setgrent();
+		while (getgrgid($gid)) { $gid++; }
+		if ($gid != 27) {
+			print "On Debian we normally use gid 27 for \"sudo\".\n";
+			$gname = getgrgid(27);
+			print "However, on your system gid 27 is group \"$gname\".\n\n";
+			print "Would you like me to stop configuring sudo so that you can change this? [n] "; 
+			$ans = <STDIN>;
+			if ($ans =~ /^[yY]/) {
+				print "\"dpkg --pending --configure\" will restart the configuration.\n\n";
+				exit 1;
+			}
+		}
+		print "Creating group \"sudo\" with gid = $gid\n";
+		system("groupadd -g $gid sudo");
+		exit 0;
+	'
+
+%preun [deb]
+	# Remove the /etc/ldap/ldap.conf -> /etc/sudo-ldap.conf symlink if
+	# it matches what we created in the postinstall script.
+	if test X"%{flavor}" = X"ldap" -a \
+	    X"`readlink /etc/sudo-ldap.conf 2>/dev/null`" = X"/etc/ldap/ldap.conf"; then
+		rm -f /etc/sudo-ldap.conf
+	fi
diff --git a/sudo-1.7.4p4/sudo_edit.c b/sudo-1.7.4p4/sudo_edit.c
new file mode 100644
index 0000000..f8666d9
--- /dev/null
+++ b/sudo-1.7.4p4/sudo_edit.c
@@ -0,0 +1,396 @@
+/*
+ * Copyright (c) 2004-2008, 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#if defined(HAVE_SETRESUID) || defined(HAVE_SETREUID) || defined(HAVE_SETEUID)
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/wait.h>
+#include <sys/socket.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <ctype.h>
+#include <grp.h>
+#include <pwd.h>
+#include <signal.h>
+#include <errno.h>
+#include <fcntl.h>
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+
+#include "sudo.h"
+
+static char *find_editor __P((int *argc_out, char ***argv_out));
+
+extern char **NewArgv; /* XXX */
+
+/*
+ * Wrapper to allow users to edit privileged files with their own uid.
+ */
+int
+sudo_edit(argc, argv, envp)
+    int argc;
+    char *argv[];
+    char *envp[];
+{
+    ssize_t nread, nwritten;
+    const char *tmpdir;
+    char *cp, *suff, **nargv, *editor, **files;
+    char **editor_argv = NULL;
+    char buf[BUFSIZ];
+    int rc, i, j, ac, ofd, tfd, nargc, rval, nfiles, tmplen;
+    int editor_argc = 0;
+    struct stat sb;
+    struct timeval tv, tv1, tv2;
+    struct tempfile {
+	char *tfile;
+	char *ofile;
+	struct timeval omtim;
+	off_t osize;
+    } *tf;
+
+    /* Determine user's editor. */
+    editor = find_editor(&editor_argc, &editor_argv);
+    if (editor == NULL)
+	return 1;
+
+    /*
+     * Find our temporary directory, one of /var/tmp, /usr/tmp, or /tmp
+     */
+    if (stat(_PATH_VARTMP, &sb) == 0 && S_ISDIR(sb.st_mode))
+	tmpdir = _PATH_VARTMP;
+#ifdef _PATH_USRTMP
+    else if (stat(_PATH_USRTMP, &sb) == 0 && S_ISDIR(sb.st_mode))
+	tmpdir = _PATH_USRTMP;
+#endif
+    else
+	tmpdir = _PATH_TMP;
+    tmplen = strlen(tmpdir);
+    while (tmplen > 0 && tmpdir[tmplen - 1] == '/')
+	tmplen--;
+
+    /*
+     * For each file specified by the user, make a temporary version
+     * and copy the contents of the original to it.
+     */
+    files = argv + 1;
+    nfiles = argc - 1;
+    tf = emalloc2(nfiles, sizeof(*tf));
+    zero_bytes(tf, nfiles * sizeof(*tf));
+    for (i = 0, j = 0; i < nfiles; i++) {
+	rc = -1;
+	set_perms(PERM_RUNAS);
+	if ((ofd = open(files[i], O_RDONLY, 0644)) != -1 || errno == ENOENT) {
+	    if (ofd == -1) {
+		zero_bytes(&sb, sizeof(sb));		/* new file */
+		rc = 0;
+	    } else {
+#ifdef HAVE_FSTAT
+		rc = fstat(ofd, &sb);
+#else
+		rc = stat(tf[j].ofile, &sb);
+#endif
+	    }
+	}
+	set_perms(PERM_ROOT);
+	if (rc || (ofd != -1 && !S_ISREG(sb.st_mode))) {
+	    if (rc)
+		warning("%s", files[i]);
+	    else
+		warningx("%s: not a regular file", files[i]);
+	    if (ofd != -1)
+		close(ofd);
+	    continue;
+	}
+	tf[j].ofile = files[i];
+	tf[j].osize = sb.st_size;
+	mtim_get(&sb, &tf[j].omtim);
+	if ((cp = strrchr(tf[j].ofile, '/')) != NULL)
+	    cp++;
+	else
+	    cp = tf[j].ofile;
+	suff = strrchr(cp, '.');
+	if (suff != NULL) {
+	    easprintf(&tf[j].tfile, "%.*s/%.*sXXXXXXXX%s", tmplen, tmpdir, (int)(size_t)(suff - cp), cp, suff);
+	} else {
+	    easprintf(&tf[j].tfile, "%.*s/%s.XXXXXXXX", tmplen, tmpdir, cp);
+	}
+	set_perms(PERM_USER);
+	tfd = mkstemps(tf[j].tfile, suff ? strlen(suff) : 0);
+	set_perms(PERM_ROOT);
+	if (tfd == -1) {
+	    warning("mkstemps");
+	    goto cleanup;
+	}
+	if (ofd != -1) {
+	    while ((nread = read(ofd, buf, sizeof(buf))) != 0) {
+		if ((nwritten = write(tfd, buf, nread)) != nread) {
+		    if (nwritten == -1)
+			warning("%s", tf[j].tfile);
+		    else
+			warningx("%s: short write", tf[j].tfile);
+		    goto cleanup;
+		}
+	    }
+	    close(ofd);
+	}
+	/*
+	 * We always update the stashed mtime because the time
+	 * resolution of the filesystem the temporary file is on may
+	 * not match that of the filesystem where the file to be edited
+	 * resides.  It is OK if touch() fails since we only use the info
+	 * to determine whether or not a file has been modified.
+	 */
+	(void) touch(tfd, NULL, &tf[j].omtim);
+#ifdef HAVE_FSTAT
+	rc = fstat(tfd, &sb);
+#else
+	rc = stat(tf[j].tfile, &sb);
+#endif
+	if (!rc)
+	    mtim_get(&sb, &tf[j].omtim);
+	close(tfd);
+	j++;
+    }
+    if ((nfiles = j) == 0)
+	return 1;			/* no files readable, you lose */
+
+    /*
+     * Allocate space for the new argument vector and fill it in.
+     * We concatenate the editor with its args and the file list
+     * to create a new argv.
+     * We allocate an extra slot to be used if execve() fails.
+     */
+    nargc = editor_argc + nfiles;
+    nargv = (char **) emalloc2(1 + nargc + 1, sizeof(char *));
+    nargv++;
+    for (ac = 0; ac < editor_argc; ac++)
+	nargv[ac] = editor_argv[ac];
+    for (i = 0; i < nfiles && ac < nargc; )
+	nargv[ac++] = tf[i++].tfile;
+    nargv[ac] = NULL;
+
+    /*
+     * Run the editor with the invoking user's creds,
+     * keeping track of the time spent in the editor.
+     */
+    gettime(&tv1);
+    rval = run_command(editor, nargv, envp, user_uid, TRUE);
+    gettime(&tv2);
+
+    /* Copy contents of temp files to real ones */
+    for (i = 0; i < nfiles; i++) {
+	rc = -1;
+	set_perms(PERM_USER);
+	if ((tfd = open(tf[i].tfile, O_RDONLY, 0644)) != -1) {
+#ifdef HAVE_FSTAT
+	    rc = fstat(tfd, &sb);
+#else
+	    rc = stat(tf[i].tfile, &sb);
+#endif
+	}
+	set_perms(PERM_ROOT);
+	if (rc || !S_ISREG(sb.st_mode)) {
+	    if (rc)
+		warning("%s", tf[i].tfile);
+	    else
+		warningx("%s: not a regular file", tf[i].tfile);
+	    warningx("%s left unmodified", tf[i].ofile);
+	    if (tfd != -1)
+		close(tfd);
+	    continue;
+	}
+	mtim_get(&sb, &tv);
+	if (tf[i].osize == sb.st_size && timevalcmp(&tf[i].omtim, &tv, ==)) {
+	    /*
+	     * If mtime and size match but the user spent no measurable
+	     * time in the editor we can't tell if the file was changed.
+	     */
+	    timevalsub(&tv1, &tv2);
+	    if (timevalisset(&tv2)) {
+		warningx("%s unchanged", tf[i].ofile);
+		unlink(tf[i].tfile);
+		close(tfd);
+		continue;
+	    }
+	}
+	set_perms(PERM_RUNAS);
+	ofd = open(tf[i].ofile, O_WRONLY|O_TRUNC|O_CREAT, 0644);
+	set_perms(PERM_ROOT);
+	if (ofd == -1) {
+	    warning("unable to write to %s", tf[i].ofile);
+	    warningx("contents of edit session left in %s", tf[i].tfile);
+	    close(tfd);
+	    continue;
+	}
+	while ((nread = read(tfd, buf, sizeof(buf))) > 0) {
+	    if ((nwritten = write(ofd, buf, nread)) != nread) {
+		if (nwritten == -1)
+		    warning("%s", tf[i].ofile);
+		else
+		    warningx("%s: short write", tf[i].ofile);
+		break;
+	    }
+	}
+	if (nread == 0) {
+	    /* success, got EOF */
+	    unlink(tf[i].tfile);
+	} else if (nread < 0) {
+	    warning("unable to read temporary file");
+	    warningx("contents of edit session left in %s", tf[i].tfile);
+	} else {
+	    warning("unable to write to %s", tf[i].ofile);
+	    warningx("contents of edit session left in %s", tf[i].tfile);
+	}
+	close(ofd);
+    }
+
+    return rval;
+cleanup:
+    /* Clean up temp files and return. */
+    for (i = 0; i < nfiles; i++) {
+	if (tf[i].tfile != NULL)
+	    unlink(tf[i].tfile);
+    }
+    return 1;
+}
+
+static char *
+resolve_editor(editor, argc_out, argv_out)
+    char *editor;
+    int *argc_out;
+    char ***argv_out;
+{
+    char *cp, **nargv, *editor_path = NULL;
+    int ac, nargc, wasblank;
+
+    editor = estrdup(editor); /* becomes part of argv_out */
+
+    /*
+     * Split editor into an argument vector; editor is reused (do not free).
+     * The EDITOR and VISUAL environment variables may contain command
+     * line args so look for those and alloc space for them too.
+     */
+    nargc = 1;
+    for (wasblank = FALSE, cp = editor; *cp != '\0'; cp++) {
+	if (isblank((unsigned char) *cp))
+	    wasblank = TRUE;
+	else if (wasblank) {
+	    wasblank = FALSE;
+	    nargc++;
+	}
+    }
+    /* If we can't find the editor in the user's PATH, give up. */
+    cp = strtok(editor, " \t");
+    if (cp == NULL ||
+	find_path(cp, &editor_path, NULL, getenv("PATH"), 0) != FOUND) {
+	efree(editor);
+	return NULL;
+    }
+    nargv = (char **) emalloc2(nargc + 1, sizeof(char *));
+    for (ac = 0; cp != NULL && ac < nargc; ac++) {
+	nargv[ac] = cp;
+	cp = strtok(NULL, " \t");
+    }
+    nargv[ac] = NULL;
+
+    *argc_out = nargc;
+    *argv_out = nargv;
+    return editor_path;
+}
+
+/*
+ * Determine which editor to use.  We don't need to worry about restricting
+ * this to a "safe" editor since it runs with the uid of the invoking user,
+ * not the runas (privileged) user.
+ * Fills in argv_out with an argument vector suitable for execve() that
+ * includes the editor with the specified files.
+ */
+static char *
+find_editor(argc_out, argv_out)
+    int *argc_out;
+    char ***argv_out;
+{
+    char *cp, *editor, *editor_path = NULL, **ev, *ev0[4];
+
+    /*
+     * If any of SUDO_EDITOR, VISUAL or EDITOR are set, choose the first one.
+     */
+    ev0[0] = "SUDO_EDITOR";
+    ev0[1] = "VISUAL";
+    ev0[2] = "EDITOR";
+    ev0[3] = NULL;
+    for (ev = ev0; *ev != NULL; ev++) {
+	if ((editor = getenv(*ev)) != NULL && *editor != '\0') {
+	    editor_path = resolve_editor(editor, argc_out, argv_out);
+	    if (editor_path != NULL)
+		break;
+	}
+    }
+    if (editor_path == NULL) {
+	/* def_editor could be a path, split it up */
+	editor = estrdup(def_editor);
+	cp = strtok(editor, ":");
+	while (cp != NULL && editor_path == NULL) {
+	    editor_path = resolve_editor(cp, argc_out, argv_out);
+	    cp = strtok(NULL, ":");
+	}
+	if (editor_path)
+	    efree(editor);
+    }
+    if (!editor_path) {
+	audit_failure(NewArgv, "%s: command not found", editor);
+	warningx("%s: command not found", editor);
+    }
+    return editor_path;
+}
+
+#else /* HAVE_SETRESUID || HAVE_SETREUID || HAVE_SETEUID */
+
+/*
+ * Must have the ability to change the effective uid to use sudoedit.
+ */
+int
+sudo_edit(argc, argv, envp)
+    int argc;
+    char *argv[];
+    char *envp[];
+{
+    return 1;
+}
+
+#endif /* HAVE_SETRESUID || HAVE_SETREUID || HAVE_SETEUID */
diff --git a/sudo-1.7.4p4/sudo_exec.h b/sudo-1.7.4p4/sudo_exec.h
new file mode 100644
index 0000000..6e26913
--- /dev/null
+++ b/sudo-1.7.4p4/sudo_exec.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _SUDO_EXEC_H
+#define _SUDO_EXEC_H
+
+/*
+ * Symbols shared between exec.c and exec_pty.c
+ */
+
+/* exec.c */
+int my_execve __P((const char *path, char *argv[], char *envp[]));
+
+/* exec_pty.c */
+int fork_pty __P((const char *path, char *argv[], char *envp[], int sv[],
+    int rbac_enabled, int *maxfd));
+int perform_io __P((fd_set *fdsr, fd_set *fdsw, struct command_status *cstat));
+int suspend_parent __P((int signo));
+void fd_set_iobs __P((fd_set *fdsr, fd_set *fdsw));
+void handler __P((int s));
+void pty_close __P((struct command_status *cstat));
+void pty_setup __P((uid_t uid));
+extern sig_atomic_t recvsig[NSIG];
+
+#endif /* _SUDO_EXEC_H */
diff --git a/sudo-1.7.4p4/sudo_noexec.c b/sudo-1.7.4p4/sudo_noexec.c
new file mode 100644
index 0000000..eff07b9
--- /dev/null
+++ b/sudo-1.7.4p4/sudo_noexec.c
@@ -0,0 +1,111 @@
+/*
+ * Copyright (c) 2004-2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <errno.h>
+#ifndef HAVE_TIMESPEC
+# include <time.h>
+#endif
+#ifdef __STDC__
+# include <stdarg.h>
+#else
+# include <varargs.h>
+#endif
+
+#include <compat.h>
+
+/*
+ * Dummy versions of the execve() family of syscalls.  We don't need
+ * to stub out all of them, just the ones that correspond to actual
+ * system calls (which varies by OS).  Note that it is still possible
+ * to access the real syscalls via the syscall() interface but very
+ * few programs actually do that.
+ */
+
+#ifndef errno
+extern int errno;
+#endif
+
+#define DUMMY_BODY				\
+{						\
+    errno = EACCES;				\
+    return(-1);					\
+}
+
+#ifdef __STDC__
+
+#define DUMMY2(fn, t1, t2)			\
+int						\
+fn(t1 a1, t2 a2)				\
+DUMMY_BODY
+
+#define DUMMY3(fn, t1, t2, t3)			\
+int						\
+fn(t1 a1, t2 a2, t3 a3)				\
+DUMMY_BODY
+
+#define DUMMY_VA(fn, t1, t2)			\
+int						\
+fn(t1 a1, t2 a2, ...)				\
+DUMMY_BODY
+
+#else /* !__STDC__ */
+
+#define DUMMY2(fn, t1, t2)			\
+int						\
+fn(a1, a2)					\
+t1 a1; t2 a2;					\
+DUMMY_BODY
+
+#define DUMMY3(fn, t1, t2, t3)			\
+int						\
+fn(a1, a2, a3)					\
+t1 a1; t2 a2; t3 a3;				\
+DUMMY_BODY
+
+#define DUMMY_VA(fn, t1, t2)			\
+int						\
+fn(a1, a2, va_alist)				\
+t1 a1; t2 a2; va_dcl				\
+DUMMY_BODY
+
+#endif /* !__STDC__ */
+
+DUMMY_VA(execl, const char *, const char *)
+DUMMY_VA(_execl, const char *, const char *)
+DUMMY_VA(__execl, const char *, const char *)
+DUMMY_VA(execle, const char *, const char *)
+DUMMY_VA(_execle, const char *, const char *)
+DUMMY_VA(__execle, const char *, const char *)
+DUMMY_VA(execlp, const char *, const char *)
+DUMMY_VA(_execlp, const char *, const char *)
+DUMMY_VA(__execlp, const char *, const char *)
+DUMMY2(execv, const char *, char * const *)
+DUMMY2(_execv, const char *, char * const *)
+DUMMY2(__execv, const char *, char * const *)
+DUMMY2(execvp, const char *, char * const *)
+DUMMY2(_execvp, const char *, char * const *)
+DUMMY2(__execvp, const char *, char * const *)
+DUMMY3(execvP, const char *, const char *, char * const *)
+DUMMY3(_execvP, const char *, const char *, char * const *)
+DUMMY3(__execvP, const char *, const char *, char * const *)
+DUMMY3(execve, const char *, char * const *, char * const *)
+DUMMY3(_execve, const char *, char * const *, char * const *)
+DUMMY3(__execve, const char *, char * const *, char * const *)
+DUMMY3(fexecve, int , char * const *, char * const *)
+DUMMY3(_fexecve, int , char * const *, char * const *)
+DUMMY3(__fexecve, int , char * const *, char * const *)
diff --git a/sudo-1.7.4p4/sudo_nss.c b/sudo-1.7.4p4/sudo_nss.c
new file mode 100644
index 0000000..e21aaae
--- /dev/null
+++ b/sudo-1.7.4p4/sudo_nss.c
@@ -0,0 +1,316 @@
+/*
+ * Copyright (c) 2007-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <grp.h>
+#include <ctype.h>
+
+#include "sudo.h"
+#include "lbuf.h"
+
+extern struct sudo_nss sudo_nss_file;
+#ifdef HAVE_LDAP
+extern struct sudo_nss sudo_nss_ldap;
+#endif
+
+#if defined(HAVE_LDAP) && defined(_PATH_NSSWITCH_CONF)
+/*
+ * Read in /etc/nsswitch.conf
+ * Returns a tail queue of matches.
+ */
+struct sudo_nss_list *
+sudo_read_nss()
+{
+    FILE *fp;
+    char *cp;
+    int saw_files = FALSE;
+    int saw_ldap = FALSE;
+    int got_match = FALSE;
+    static struct sudo_nss_list snl;
+
+    if ((fp = fopen(_PATH_NSSWITCH_CONF, "r")) == NULL)
+	goto nomatch;
+
+    while ((cp = sudo_parseln(fp)) != NULL) {
+	/* Skip blank or comment lines */
+	if (*cp == '\0')
+	    continue;
+
+	/* Look for a line starting with "sudoers:" */
+	if (strncasecmp(cp, "sudoers:", 8) != 0)
+	    continue;
+
+	/* Parse line */
+	for ((cp = strtok(cp + 8, " \t")); cp != NULL; (cp = strtok(NULL, " \t"))) {
+	    if (strcasecmp(cp, "files") == 0 && !saw_files) {
+		tq_append(&snl, &sudo_nss_file);
+		got_match = TRUE;
+	    } else if (strcasecmp(cp, "ldap") == 0 && !saw_ldap) {
+		tq_append(&snl, &sudo_nss_ldap);
+		got_match = TRUE;
+	    } else if (strcasecmp(cp, "[NOTFOUND=return]") == 0 && got_match) {
+		/* NOTFOUND affects the most recent entry */
+		tq_last(&snl)->ret_if_notfound = TRUE;
+		got_match = FALSE;
+	    } else
+		got_match = FALSE;
+	}
+	/* Only parse the first "sudoers:" line */
+	break;
+    }
+    fclose(fp);
+
+nomatch:
+    /* Default to files only if no matches */
+    if (tq_empty(&snl))
+	tq_append(&snl, &sudo_nss_file);
+
+    return(&snl);
+}
+
+#else /* HAVE_LDAP && _PATH_NSSWITCH_CONF */
+
+# if defined(HAVE_LDAP) && defined(_PATH_NETSVC_CONF)
+
+/*
+ * Read in /etc/netsvc.conf (like nsswitch.conf on AIX)
+ * Returns a tail queue of matches.
+ */
+struct sudo_nss_list *
+sudo_read_nss()
+{
+    FILE *fp;
+    char *cp, *ep;
+    int saw_files = FALSE;
+    int saw_ldap = FALSE;
+    int got_match = FALSE;
+    static struct sudo_nss_list snl;
+
+    if ((fp = fopen(_PATH_NETSVC_CONF, "r")) == NULL)
+	goto nomatch;
+
+    while ((cp = sudo_parseln(fp)) != NULL) {
+	/* Skip blank or comment lines */
+	if (*cp == '\0')
+	    continue;
+
+	/* Look for a line starting with "sudoers = " */
+	if (strncasecmp(cp, "sudoers", 7) != 0)
+	    continue;
+	cp += 7;
+	while (isspace((unsigned char)*cp))
+	    cp++;
+	if (*cp++ != '=')
+	    continue;
+
+	/* Parse line */
+	for ((cp = strtok(cp, ",")); cp != NULL; (cp = strtok(NULL, ","))) {
+	    /* Trim leading whitespace. */
+	    while (isspace((unsigned char)*cp))
+		cp++;
+
+	    if (!saw_files && strncasecmp(cp, "files", 5) == 0 &&
+		(isspace((unsigned char)cp[5]) || cp[5] == '\0')) {
+		tq_append(&snl, &sudo_nss_file);
+		got_match = TRUE;
+		ep = &cp[5];
+	    } else if (!saw_ldap && strncasecmp(cp, "ldap", 4) == 0 &&
+		(isspace((unsigned char)cp[4]) || cp[4] == '\0')) {
+		tq_append(&snl, &sudo_nss_ldap);
+		got_match = TRUE;
+		ep = &cp[4];
+	    } else {
+		got_match = FALSE;
+	    }
+
+	    /* check for = auth qualifier */
+	    if (got_match && *ep) {
+		cp = ep;
+		while (isspace((unsigned char)*cp) || *cp == '=')
+		    cp++;
+		if (strncasecmp(cp, "auth", 4) == 0 &&
+		    (isspace((unsigned char)cp[4]) || cp[4] == '\0')) {
+		    tq_last(&snl)->ret_if_found = TRUE;
+		}
+	    }
+	}
+	/* Only parse the first "sudoers" line */
+	break;
+    }
+    fclose(fp);
+
+nomatch:
+    /* Default to files only if no matches */
+    if (tq_empty(&snl))
+	tq_append(&snl, &sudo_nss_file);
+
+    return(&snl);
+}
+
+# else /* !_PATH_NETSVC_CONF && !_PATH_NSSWITCH_CONF */
+
+/*
+ * Non-nsswitch.conf version with hard-coded order.
+ */
+struct sudo_nss_list *
+sudo_read_nss()
+{
+    static struct sudo_nss_list snl;
+
+#  ifdef HAVE_LDAP
+    tq_append(&snl, &sudo_nss_ldap);
+#  endif
+    tq_append(&snl, &sudo_nss_file);
+
+    return(&snl);
+}
+
+# endif /* !HAVE_LDAP || !_PATH_NETSVC_CONF */
+
+#endif /* HAVE_LDAP && _PATH_NSSWITCH_CONF */
+
+/* Reset user_groups based on passwd entry. */
+static void
+reset_groups(pw)
+    struct passwd *pw;
+{
+#if defined(HAVE_INITGROUPS) && defined(HAVE_GETGROUPS)
+    if (pw != sudo_user.pw) {
+# ifdef HAVE_SETAUTHDB
+        aix_setauthdb(pw->pw_name);
+# endif
+	(void) initgroups(pw->pw_name, pw->pw_gid);
+	efree(user_groups);
+	user_groups = NULL;
+	if ((user_ngroups = getgroups(0, NULL)) > 0) {
+	    user_groups = emalloc2(user_ngroups, sizeof(GETGROUPS_T));
+	    if (getgroups(user_ngroups, user_groups) < 0)
+		log_error(USE_ERRNO|MSG_ONLY, "can't get group vector");
+	}
+# ifdef HAVE_SETAUTHDB
+        aix_restoreauthdb();
+# endif
+    }
+#endif /* HAVE_INITGROUPS && HAVE_GETGROUPS */
+}
+
+static int
+output(buf)
+    const char *buf;
+{
+    return fputs(buf, stdout);
+}
+
+/*
+ * Print out privileges for the specified user.
+ * We only get here if the user is allowed to run something on this host.
+ */
+void
+display_privs(snl, pw)
+    struct sudo_nss_list *snl;
+    struct passwd *pw;
+{
+    struct sudo_nss *nss;
+    struct lbuf lbuf;
+    int count;
+
+    /* Reset group vector so group matching works correctly. */
+    reset_groups(pw);
+
+    lbuf_init(&lbuf, output, 4, NULL);
+
+    /* Display defaults from all sources. */
+    lbuf_append(&lbuf, "Matching Defaults entries for ", pw->pw_name,
+	" on this host:\n", NULL);
+    count = 0;
+    tq_foreach_fwd(snl, nss) {
+	count += nss->display_defaults(nss, pw, &lbuf);
+    }
+    if (count) {
+	lbuf_append(&lbuf, "\n\n", NULL);
+	lbuf_print(&lbuf);
+    }
+
+    /* Display Runas and Cmnd-specific defaults from all sources. */
+    lbuf.len = 0;
+    lbuf_append(&lbuf, "Runas and Command-specific defaults for ", pw->pw_name,
+	":\n", NULL);
+    count = 0;
+    tq_foreach_fwd(snl, nss) {
+	count += nss->display_bound_defaults(nss, pw, &lbuf);
+    }
+    if (count) {
+	lbuf_append(&lbuf, "\n\n", NULL);
+	lbuf_print(&lbuf);
+    }
+
+    /* Display privileges from all sources. */
+    lbuf.len = 0;
+    lbuf_append(&lbuf, "User ", pw->pw_name,
+	" may run the following commands on this host:\n", NULL);
+    count = 0;
+    tq_foreach_fwd(snl, nss) {
+	count += nss->display_privs(nss, pw, &lbuf);
+    }
+    if (count) {
+	lbuf_print(&lbuf);
+    }
+
+    lbuf_destroy(&lbuf);
+}
+
+/*
+ * Check user_cmnd against sudoers and print the matching entry if the
+ * command is allowed.
+ */
+int
+display_cmnd(snl, pw)
+    struct sudo_nss_list *snl;
+    struct passwd *pw;
+{
+    struct sudo_nss *nss;
+
+    /* Reset group vector so group matching works correctly. */
+    reset_groups(pw);
+
+    tq_foreach_fwd(snl, nss) {
+	if (nss->display_cmnd(nss, pw) == 0)
+	    return(0);
+    }
+    return(1);
+}
diff --git a/sudo-1.7.4p4/sudo_nss.h b/sudo-1.7.4p4/sudo_nss.h
new file mode 100644
index 0000000..f036add
--- /dev/null
+++ b/sudo-1.7.4p4/sudo_nss.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2007-2009 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+struct lbuf;
+struct passwd;
+
+struct sudo_nss {
+    struct sudo_nss *prev;
+    struct sudo_nss *next;
+    int (*open) __P((struct sudo_nss *nss));
+    int (*close) __P((struct sudo_nss *nss));
+    int (*parse) __P((struct sudo_nss *nss));
+    int (*setdefs) __P((struct sudo_nss *nss));
+    int (*lookup) __P((struct sudo_nss *nss, int, int));
+    int (*display_cmnd) __P((struct sudo_nss *nss, struct passwd *));
+    int (*display_defaults) __P((struct sudo_nss *nss, struct passwd *, struct lbuf *));
+    int (*display_bound_defaults) __P((struct sudo_nss *nss, struct passwd *, struct lbuf *));
+    int (*display_privs) __P((struct sudo_nss *nss, struct passwd *, struct lbuf *));
+    void *handle;
+    short ret_if_found;
+    short ret_if_notfound;
+};
+
+TQ_DECLARE(sudo_nss)
+
+struct sudo_nss_list *sudo_read_nss	__P((void));
diff --git a/sudo-1.7.4p4/sudo_usage.h.in b/sudo-1.7.4p4/sudo_usage.h.in
new file mode 100644
index 0000000..af15b87
--- /dev/null
+++ b/sudo-1.7.4p4/sudo_usage.h.in
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2007-2009 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _SUDO_USAGE_H
+#define _SUDO_USAGE_H
+
+void usage __P((int)) __attribute__((__noreturn__));
+
+/*
+ * Usage strings for sudo.  These are here because we
+ * need to be able to substitute values from configure.
+ */
+#define SUDO_USAGE1 " -h | -K | -k | -L | -V"
+#define SUDO_USAGE2 " -v [-AknS] @BSDAUTH_USAGE@[-g groupname|#gid] [-p prompt] [-u user name|#uid]"
+#define SUDO_USAGE3 " -l[l] [-AknS] @BSDAUTH_USAGE@[-g groupname|#gid] [-p prompt] [-U user name] [-u user name|#uid] [-g groupname|#gid] [command]"
+#define SUDO_USAGE4 " [-AbEHknPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C fd] @LOGINCAP_USAGE@[-g groupname|#gid] [-p prompt] [-u user name|#uid] [-g groupname|#gid] [VAR=value] [-i|-s] [<command>]"
+#define SUDO_USAGE5 " -e [-AknS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C fd] @LOGINCAP_USAGE@[-g groupname|#gid] [-p prompt] [-u user name|#uid] file ..."
+
+/*
+ * Configure script arguments used to build sudo.
+ */
+#define CONFIGURE_ARGS "@CONFIGURE_ARGS@"
+
+#endif /* _SUDO_USAGE_H */
diff --git a/sudo-1.7.4p4/sudoers.cat b/sudo-1.7.4p4/sudoers.cat
new file mode 100644
index 0000000..1649855
--- /dev/null
+++ b/sudo-1.7.4p4/sudoers.cat
@@ -0,0 +1,1782 @@
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+NNAAMMEE
+       sudoers - list of which users may execute what
+
+DDEESSCCRRIIPPTTIIOONN
+       The _s_u_d_o_e_r_s file is composed of two types of entries: aliases
+       (basically variables) and user specifications (which specify who may
+       run what).
+
+       When multiple entries match for a user, they are applied in order.
+       Where there are multiple matches, the last match is used (which is not
+       necessarily the most specific match).
+
+       The _s_u_d_o_e_r_s grammar will be described below in Extended Backus-Naur
+       Form (EBNF).  Don't despair if you don't know what EBNF is; it is
+       fairly simple, and the definitions below are annotated.
+
+   QQuuiicckk gguuiiddee ttoo EEBBNNFF
+       EBNF is a concise and exact way of describing the grammar of a
+       language.  Each EBNF definition is made up of _p_r_o_d_u_c_t_i_o_n _r_u_l_e_s.  E.g.,
+
+        symbol ::= definition | alternate1 | alternate2 ...
+
+       Each _p_r_o_d_u_c_t_i_o_n _r_u_l_e references others and thus makes up a grammar for
+       the language.  EBNF also contains the following operators, which many
+       readers will recognize from regular expressions.  Do not, however,
+       confuse them with "wildcard" characters, which have different meanings.
+
+       ?   Means that the preceding symbol (or group of symbols) is optional.
+           That is, it may appear once or not at all.
+
+       *   Means that the preceding symbol (or group of symbols) may appear
+           zero or more times.
+
+       +   Means that the preceding symbol (or group of symbols) may appear
+           one or more times.
+
+       Parentheses may be used to group symbols together.  For clarity, we
+       will use single quotes ('') to designate what is a verbatim character
+       string (as opposed to a symbol name).
+
+   AAlliiaasseess
+       There are four kinds of aliases: User_Alias, Runas_Alias, Host_Alias
+       and Cmnd_Alias.
+
+        Alias ::= 'User_Alias'  User_Alias (':' User_Alias)* |
+                  'Runas_Alias' Runas_Alias (':' Runas_Alias)* |
+                  'Host_Alias'  Host_Alias (':' Host_Alias)* |
+                  'Cmnd_Alias'  Cmnd_Alias (':' Cmnd_Alias)*
+
+        User_Alias ::= NAME '=' User_List
+
+        Runas_Alias ::= NAME '=' Runas_List
+
+        Host_Alias ::= NAME '=' Host_List
+
+
+
+1.7.4                     July 21, 2010                         1
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+
+        Cmnd_Alias ::= NAME '=' Cmnd_List
+
+        NAME ::= [A-Z]([A-Z][0-9]_)*
+
+       Each _a_l_i_a_s definition is of the form
+
+        Alias_Type NAME = item1, item2, ...
+
+       where _A_l_i_a_s___T_y_p_e is one of User_Alias, Runas_Alias, Host_Alias, or
+       Cmnd_Alias.  A NAME is a string of uppercase letters, numbers, and
+       underscore characters ('_').  A NAME mmuusstt start with an uppercase
+       letter.  It is possible to put several alias definitions of the same
+       type on a single line, joined by a colon (':').  E.g.,
+
+        Alias_Type NAME = item1, item2, item3 : NAME = item4, item5
+
+       The definitions of what constitutes a valid _a_l_i_a_s member follow.
+
+        User_List ::= User |
+                      User ',' User_List
+
+        User ::= '!'* user name |
+                 '!'* '#'uid |
+                 '!'* '%'group |
+                 '!'* '+'netgroup |
+                 '!'* '%:'nonunix_group |
+                 '!'* User_Alias
+
+       A User_List is made up of one or more user names, uids (prefixed with
+       '#'), system groups (prefixed with '%'), netgroups (prefixed with '+')
+       and User_Aliases.  Each list item may be prefixed with zero or more '!'
+       operators.  An odd number of '!' operators negate the value of the
+       item; an even number just cancel each other out.
+
+       A user name, group, netgroup or nonunix_group may be enclosed in double
+       quotes to avoid the need for escaping special characters.  Alternately,
+       special characters may be specified in escaped hex mode, e.g. \x20 for
+       space.
+
+       The nonunix_group syntax depends on the underlying implementation.  For
+       instance, the QAS AD backend supports the following formats:
+
+       +o   Group in the same domain: "Group Name"
+
+       +o   Group in any domain: "Group Name@FULLY.QUALIFIED.DOMAIN"
+
+       +o   Group SID: "S-1-2-34-5678901234-5678901234-5678901234-567"
+
+       Note that quotes around group names are optional.  Unquoted strings
+       must use a backslash (\) to escape spaces and the '@' symbol.
+
+        Runas_List ::= Runas_Member |
+                       Runas_Member ',' Runas_List
+
+
+
+1.7.4                     July 21, 2010                         2
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+
+        Runas_Member ::= '!'* user name |
+                         '!'* '#'uid |
+                         '!'* '%'group |
+                         '!'* +netgroup |
+                         '!'* Runas_Alias
+
+       A Runas_List is similar to a User_List except that instead of
+       User_Aliases it can contain Runas_Aliases.  Note that user names and
+       groups are matched as strings.  In other words, two users (groups) with
+       the same uid (gid) are considered to be distinct.  If you wish to match
+       all user names with the same uid (e.g. root and toor), you can use a
+       uid instead (#0 in the example given).
+
+        Host_List ::= Host |
+                      Host ',' Host_List
+
+        Host ::= '!'* host name |
+                 '!'* ip_addr |
+                 '!'* network(/netmask)? |
+                 '!'* '+'netgroup |
+                 '!'* Host_Alias
+
+       A Host_List is made up of one or more host names, IP addresses, network
+       numbers, netgroups (prefixed with '+') and other aliases.  Again, the
+       value of an item may be negated with the '!' operator.  If you do not
+       specify a netmask along with the network number, ssuuddoo will query each
+       of the local host's network interfaces and, if the network number
+       corresponds to one of the hosts's network interfaces, the corresponding
+       netmask will be used.  The netmask may be specified either in standard
+       IP address notation (e.g. 255.255.255.0 or ffff:ffff:ffff:ffff::), or
+       CIDR notation (number of bits, e.g. 24 or 64).  A host name may include
+       shell-style wildcards (see the Wildcards section below), but unless the
+       host name command on your machine returns the fully qualified host
+       name, you'll need to use the _f_q_d_n option for wildcards to be useful.
+       Note ssuuddoo only inspects actual network interfaces; this means that IP
+       address 127.0.0.1 (localhost) will never match.  Also, the host name
+       "localhost" will only match if that is the actual host name, which is
+       usually only the case for non-networked systems.
+
+        Cmnd_List ::= Cmnd |
+                      Cmnd ',' Cmnd_List
+
+        commandname ::= file name |
+                        file name args |
+                        file name '""'
+
+        Cmnd ::= '!'* commandname |
+                 '!'* directory |
+                 '!'* "sudoedit" |
+                 '!'* Cmnd_Alias
+
+       A Cmnd_List is a list of one or more commandnames, directories, and
+       other aliases.  A commandname is a fully qualified file name which may
+
+
+
+1.7.4                     July 21, 2010                         3
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+       include shell-style wildcards (see the Wildcards section below).  A
+       simple file name allows the user to run the command with any arguments
+       he/she wishes.  However, you may also specify command line arguments
+       (including wildcards).  Alternately, you can specify "" to indicate
+       that the command may only be run wwiitthhoouutt command line arguments.  A
+       directory is a fully qualified path name ending in a '/'.  When you
+       specify a directory in a Cmnd_List, the user will be able to run any
+       file within that directory (but not in any subdirectories therein).
+
+       If a Cmnd has associated command line arguments, then the arguments in
+       the Cmnd must match exactly those given by the user on the command line
+       (or match the wildcards if there are any).  Note that the following
+       characters must be escaped with a '\' if they are used in command
+       arguments: ',', ':', '=', '\'.  The special command "sudoedit" is used
+       to permit a user to run ssuuddoo with the --ee option (or as ssuuddooeeddiitt).  It
+       may take command line arguments just as a normal command does.
+
+   DDeeffaauullttss
+       Certain configuration options may be changed from their default values
+       at runtime via one or more Default_Entry lines.  These may affect all
+       users on any host, all users on a specific host, a specific user, a
+       specific command, or commands being run as a specific user.  Note that
+       per-command entries may not include command line arguments.  If you
+       need to specify arguments, define a Cmnd_Alias and reference that
+       instead.
+
+        Default_Type ::= 'Defaults' |
+                         'Defaults' '@' Host_List |
+                         'Defaults' ':' User_List |
+                         'Defaults' '!' Cmnd_List |
+                         'Defaults' '>' Runas_List
+
+        Default_Entry ::= Default_Type Parameter_List
+
+        Parameter_List ::= Parameter |
+                           Parameter ',' Parameter_List
+
+        Parameter ::= Parameter '=' Value |
+                      Parameter '+=' Value |
+                      Parameter '-=' Value |
+                      '!'* Parameter
+
+       Parameters may be ffllaaggss, iinntteeggeerr values, ssttrriinnggss, or lliissttss.  Flags are
+       implicitly boolean and can be turned off via the '!'  operator.  Some
+       integer, string and list parameters may also be used in a boolean
+       context to disable them.  Values may be enclosed in double quotes (")
+       when they contain multiple words.  Special characters may be escaped
+       with a backslash (\).
+
+       Lists have two additional assignment operators, += and -=.  These
+       operators are used to add to and delete from a list respectively.  It
+       is not an error to use the -= operator to remove an element that does
+       not exist in a list.
+
+
+
+
+1.7.4                     July 21, 2010                         4
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+       Defaults entries are parsed in the following order: generic, host and
+       user Defaults first, then runas Defaults and finally command defaults.
+
+       See "SUDOERS OPTIONS" for a list of supported Defaults parameters.
+
+   UUsseerr SSppeecciiffiiccaattiioonn
+        User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \
+                      (':' Host_List '=' Cmnd_Spec_List)*
+
+        Cmnd_Spec_List ::= Cmnd_Spec |
+                           Cmnd_Spec ',' Cmnd_Spec_List
+
+        Cmnd_Spec ::= Runas_Spec? SELinux_Spec? Tag_Spec* Cmnd
+
+        Runas_Spec ::= '(' Runas_List? (':' Runas_List)? ')'
+
+        SELinux_Spec ::= ('ROLE=role' | 'TYPE=type')
+
+        Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' |
+                      'SETENV:' | 'NOSETENV:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' |
+                      'LOG_OUTPUT:' | 'NOLOG_OUTPUT:')
+
+       A uusseerr ssppeecciiffiiccaattiioonn determines which commands a user may run (and as
+       what user) on specified hosts.  By default, commands are run as rroooott,
+       but this can be changed on a per-command basis.
+
+       The basic structure of a user specification is `who = where (as_whom)
+       what'.  Let's break that down into its constituent parts:
+
+   RRuunnaass__SSppeecc
+       A Runas_Spec determines the user and/or the group that a command may be
+       run as.  A fully-specified Runas_Spec consists of two Runas_Lists (as
+       defined above) separated by a colon (':') and enclosed in a set of
+       parentheses.  The first Runas_List indicates which users the command
+       may be run as via ssuuddoo's --uu option.  The second defines a list of
+       groups that can be specified via ssuuddoo's --gg option.  If both Runas_Lists
+       are specified, the command may be run with any combination of users and
+       groups listed in their respective Runas_Lists.  If only the first is
+       specified, the command may be run as any user in the list but no --gg
+       option may be specified.  If the first Runas_List is empty but the
+       second is specified, the command may be run as the invoking user with
+       the group set to any listed in the Runas_List.  If no Runas_Spec is
+       specified the command may be run as rroooott and no group may be specified.
+
+       A Runas_Spec sets the default for the commands that follow it.  What
+       this means is that for the entry:
+
+        dgb    boulder = (operator) /bin/ls, /bin/kill, /usr/bin/lprm
+
+       The user ddggbb may run _/_b_i_n_/_l_s, _/_b_i_n_/_k_i_l_l, and _/_u_s_r_/_b_i_n_/_l_p_r_m -- but only
+       as ooppeerraattoorr.  E.g.,
+
+        $ sudo -u operator /bin/ls.
+
+
+
+
+1.7.4                     July 21, 2010                         5
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+       It is also possible to override a Runas_Spec later on in an entry.  If
+       we modify the entry like so:
+
+        dgb    boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm
+
+       Then user ddggbb is now allowed to run _/_b_i_n_/_l_s as ooppeerraattoorr, but  _/_b_i_n_/_k_i_l_l
+       and _/_u_s_r_/_b_i_n_/_l_p_r_m as rroooott.
+
+       We can extend this to allow ddggbb to run /bin/ls with either the user or
+       group set to ooppeerraattoorr:
+
+        dgb    boulder = (operator : operator) /bin/ls, (root) /bin/kill, \
+               /usr/bin/lprm
+
+       In the following example, user ttccmm may run commands that access a modem
+       device file with the dialer group.  Note that in this example only the
+       group will be set, the command still runs as user ttccmm.
+
+        tcm    boulder = (:dialer) /usr/bin/tip, /usr/bin/cu, \
+               /usr/local/bin/minicom
+
+   SSEELLiinnuuxx__SSppeecc
+       On systems with SELinux support, _s_u_d_o_e_r_s entries may optionally have an
+       SELinux role and/or type associated with a command.  If a role or type
+       is specified with the command it will override any default values
+       specified in _s_u_d_o_e_r_s.  A role or type specified on the command line,
+       however, will supercede the values in _s_u_d_o_e_r_s.
+
+   TTaagg__SSppeecc
+       A command may have zero or more tags associated with it.  There are
+       eight possible tag values, NOPASSWD, PASSWD, NOEXEC, EXEC, SETENV,
+       NOSETENV, LOG_INPUT, NOLOG_INPUT, LOG_OUTPUT and NOLOG_OUTPUT.  Once a
+       tag is set on a Cmnd, subsequent Cmnds in the Cmnd_Spec_List, inherit
+       the tag unless it is overridden by the opposite tag (i.e.: PASSWD
+       overrides NOPASSWD and NOEXEC overrides EXEC).
+
+       _N_O_P_A_S_S_W_D _a_n_d _P_A_S_S_W_D
+
+       By default, ssuuddoo requires that a user authenticate him or herself
+       before running a command.  This behavior can be modified via the
+       NOPASSWD tag.  Like a Runas_Spec, the NOPASSWD tag sets a default for
+       the commands that follow it in the Cmnd_Spec_List.  Conversely, the
+       PASSWD tag can be used to reverse things.  For example:
+
+        ray    rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
+
+       would allow the user rraayy to run _/_b_i_n_/_k_i_l_l, _/_b_i_n_/_l_s, and _/_u_s_r_/_b_i_n_/_l_p_r_m
+       as rroooott on the machine rushmore without authenticating himself.  If we
+       only want rraayy to be able to run _/_b_i_n_/_k_i_l_l without a password the entry
+       would be:
+
+        ray    rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
+
+       Note, however, that the PASSWD tag has no effect on users who are in
+
+
+
+1.7.4                     July 21, 2010                         6
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+       the group specified by the _e_x_e_m_p_t___g_r_o_u_p option.
+
+       By default, if the NOPASSWD tag is applied to any of the entries for a
+       user on the current host, he or she will be able to run sudo -l without
+       a password.  Additionally, a user may only run sudo -v without a
+       password if the NOPASSWD tag is present for all a user's entries that
+       pertain to the current host.  This behavior may be overridden via the
+       verifypw and listpw options.
+
+       _N_O_E_X_E_C _a_n_d _E_X_E_C
+
+       If ssuuddoo has been compiled with _n_o_e_x_e_c support and the underlying
+       operating system supports it, the NOEXEC tag can be used to prevent a
+       dynamically-linked executable from running further commands itself.
+
+       In the following example, user aaaarroonn may run _/_u_s_r_/_b_i_n_/_m_o_r_e and
+       _/_u_s_r_/_b_i_n_/_v_i but shell escapes will be disabled.
+
+        aaron  shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
+
+       See the "PREVENTING SHELL ESCAPES" section below for more details on
+       how NOEXEC works and whether or not it will work on your system.
+
+       _S_E_T_E_N_V _a_n_d _N_O_S_E_T_E_N_V
+
+       These tags override the value of the _s_e_t_e_n_v option on a per-command
+       basis.  Note that if SETENV has been set for a command, any environment
+       variables set on the command line way are not subject to the
+       restrictions imposed by _e_n_v___c_h_e_c_k, _e_n_v___d_e_l_e_t_e, or _e_n_v___k_e_e_p.  As such,
+       only trusted users should be allowed to set variables in this manner.
+       If the command matched is AALLLL, the SETENV tag is implied for that
+       command; this default may be overridden by use of the NOSETENV tag.
+
+       _L_O_G___I_N_P_U_T _a_n_d _N_O_L_O_G___I_N_P_U_T
+
+       These tags override the value of the _l_o_g___i_n_p_u_t option on a per-command
+       basis.  For more information, see the description of _l_o_g___i_n_p_u_t in the
+       "SUDOERS OPTIONS" section below.
+
+       _L_O_G___O_U_T_P_U_T _a_n_d _N_O_L_O_G___O_U_T_P_U_T
+
+       These tags override the value of the _l_o_g___o_u_t_p_u_t option on a per-command
+       basis.  For more information, see the description of _l_o_g___o_u_t_p_u_t in the
+       "SUDOERS OPTIONS" section below.
+
+   WWiillddccaarrddss
+       ssuuddoo allows shell-style _w_i_l_d_c_a_r_d_s (aka meta or glob characters) to be
+       used in host names, path names and command line arguments in the
+       _s_u_d_o_e_r_s file.  Wildcard matching is done via the PPOOSSIIXX _g_l_o_b(3) and
+       _f_n_m_a_t_c_h(3) routines.  Note that these are _n_o_t regular expressions.
+
+       *       Matches any set of zero or more characters.
+
+       ?       Matches any single character.
+
+
+
+1.7.4                     July 21, 2010                         7
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+       [...]   Matches any character in the specified range.
+
+       [!...]  Matches any character nnoott in the specified range.
+
+       \x      For any character "x", evaluates to "x".  This is used to
+               escape special characters such as: "*", "?", "[", and "}".
+
+       POSIX character classes may also be used if your system's _g_l_o_b(3) and
+       _f_n_m_a_t_c_h(3) functions support them.  However, because the ':' character
+       has special meaning in _s_u_d_o_e_r_s, it must be escaped.  For example:
+
+           /bin/ls [[\:alpha\:]]*
+
+       Would match any file name beginning with a letter.
+
+       Note that a forward slash ('/') will nnoott be matched by wildcards used
+       in the path name.  When matching the command line arguments, however, a
+       slash ddooeess get matched by wildcards.  This is to make a path like:
+
+           /usr/bin/*
+
+       match _/_u_s_r_/_b_i_n_/_w_h_o but not _/_u_s_r_/_b_i_n_/_X_1_1_/_x_t_e_r_m.
+
+   EExxcceeppttiioonnss ttoo wwiillddccaarrdd rruulleess
+       The following exceptions apply to the above rules:
+
+       ""      If the empty string "" is the only command line argument in the
+               _s_u_d_o_e_r_s entry it means that command is not allowed to be run
+               with aannyy arguments.
+
+   IInncclluuddiinngg ootthheerr ffiilleess ffrroomm wwiitthhiinn ssuuddooeerrss
+       It is possible to include other _s_u_d_o_e_r_s files from within the _s_u_d_o_e_r_s
+       file currently being parsed using the #include and #includedir
+       directives.
+
+       This can be used, for example, to keep a site-wide _s_u_d_o_e_r_s file in
+       addition to a local, per-machine file.  For the sake of this example
+       the site-wide _s_u_d_o_e_r_s will be _/_e_t_c_/_s_u_d_o_e_r_s and the per-machine one will
+       be _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l.  To include _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l from within
+       _/_e_t_c_/_s_u_d_o_e_r_s we would use the following line in _/_e_t_c_/_s_u_d_o_e_r_s:
+
+           #include /etc/sudoers.local
+
+       When ssuuddoo reaches this line it will suspend processing of the current
+       file (_/_e_t_c_/_s_u_d_o_e_r_s) and switch to _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l.  Upon reaching
+       the end of _/_e_t_c_/_s_u_d_o_e_r_s_._l_o_c_a_l, the rest of _/_e_t_c_/_s_u_d_o_e_r_s will be
+       processed.  Files that are included may themselves include other files.
+       A hard limit of 128 nested include files is enforced to prevent include
+       file loops.
+
+       The file name may include the %h escape, signifying the short form of
+       the host name.  I.e., if the machine's host name is "xerxes", then
+
+       #include /etc/sudoers.%h
+
+
+
+1.7.4                     July 21, 2010                         8
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+       will cause ssuuddoo to include the file _/_e_t_c_/_s_u_d_o_e_r_s_._x_e_r_x_e_s.
+
+       The #includedir directive can be used to create a _s_u_d_o_._d directory that
+       the system package manager can drop _s_u_d_o_e_r_s rules into as part of
+       package installation.  For example, given:
+
+       #includedir /etc/sudoers.d
+
+       ssuuddoo will read each file in _/_e_t_c_/_s_u_d_o_e_r_s_._d, skipping file names that
+       end in ~ or contain a . character to avoid causing problems with
+       package manager or editor temporary/backup files.  Files are parsed in
+       sorted lexical order.  That is, _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_0_1___f_i_r_s_t will be parsed
+       before _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_1_0___s_e_c_o_n_d.  Be aware that because the sorting is
+       lexical, not numeric, _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_1___w_h_o_o_p_s would be loaded aafftteerr
+       _/_e_t_c_/_s_u_d_o_e_r_s_._d_/_1_0___s_e_c_o_n_d.  Using a consistent number of leading zeroes
+       in the file names can be used to avoid such problems.
+
+       Note that unlike files included via #include, vviissuuddoo will not edit the
+       files in a #includedir directory unless one of them contains a syntax
+       error.  It is still possible to run vviissuuddoo with the -f flag to edit the
+       files directly.
+
+   OOtthheerr ssppeecciiaall cchhaarraacctteerrss aanndd rreesseerrvveedd wwoorrddss
+       The pound sign ('#') is used to indicate a comment (unless it is part
+       of a #include directive or unless it occurs in the context of a user
+       name and is followed by one or more digits, in which case it is treated
+       as a uid).  Both the comment character and any text after it, up to the
+       end of the line, are ignored.
+
+       The reserved word AALLLL is a built-in _a_l_i_a_s that always causes a match to
+       succeed.  It can be used wherever one might otherwise use a Cmnd_Alias,
+       User_Alias, Runas_Alias, or Host_Alias.  You should not try to define
+       your own _a_l_i_a_s called AALLLL as the built-in alias will be used in
+       preference to your own.  Please note that using AALLLL can be dangerous
+       since in a command context, it allows the user to run aannyy command on
+       the system.
+
+       An exclamation point ('!') can be used as a logical _n_o_t operator both
+       in an _a_l_i_a_s and in front of a Cmnd.  This allows one to exclude certain
+       values.  Note, however, that using a ! in conjunction with the built-in
+       ALL alias to allow a user to run "all but a few" commands rarely works
+       as intended (see SECURITY NOTES below).
+
+       Long lines can be continued with a backslash ('\') as the last
+       character on the line.
+
+       Whitespace between elements in a list as well as special syntactic
+       characters in a _U_s_e_r _S_p_e_c_i_f_i_c_a_t_i_o_n ('=', ':', '(', ')') is optional.
+
+       The following characters must be escaped with a backslash ('\') when
+       used as part of a word (e.g. a user name or host name): '@', '!', '=',
+       ':', ',', '(', ')', '\'.
+
+
+
+
+
+1.7.4                     July 21, 2010                         9
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+SSUUDDOOEERRSS OOPPTTIIOONNSS
+       ssuuddoo's behavior can be modified by Default_Entry lines, as explained
+       earlier.  A list of all supported Defaults parameters, grouped by type,
+       are listed below.
+
+       BBoooolleeaann FFllaaggss:
+
+       always_set_home If enabled, ssuuddoo will set the HOME environment variable
+                       to the home directory of the target user (which is root
+                       unless the --uu option is used).  This effectively means
+                       that the --HH option is always implied.  Note that HOME
+                       is already set when the the _e_n_v___r_e_s_e_t option is
+                       enabled, so _a_l_w_a_y_s___s_e_t___h_o_m_e is only effective for
+                       configurations where _e_n_v___r_e_s_e_t is disabled.  This flag
+                       is _o_f_f by default.
+
+       authenticate    If set, users must authenticate themselves via a
+                       password (or other means of authentication) before they
+                       may run commands.  This default may be overridden via
+                       the PASSWD and NOPASSWD tags.  This flag is _o_n by
+                       default.
+
+       closefrom_override
+                       If set, the user may use ssuuddoo's --CC option which
+                       overrides the default starting point at which ssuuddoo
+                       begins closing open file descriptors.  This flag is _o_f_f
+                       by default.
+
+       compress_io     If set, and ssuuddoo is configured to log a command's input
+                       or output, the I/O logs will be compressed using zzlliibb.
+                       This flag is _o_n by default when ssuuddoo is compiled with
+                       zzlliibb support.
+
+       env_editor      If set, vviissuuddoo will use the value of the EDITOR or
+                       VISUAL environment variables before falling back on the
+                       default editor list.  Note that this may create a
+                       security hole as it allows the user to run any
+                       arbitrary command as root without logging.  A safer
+                       alternative is to place a colon-separated list of
+                       editors in the editor variable.  vviissuuddoo will then only
+                       use the EDITOR or VISUAL if they match a value
+                       specified in editor.  This flag is _o_f_f by default.
+
+       env_reset       If set, ssuuddoo will reset the environment to only contain
+                       the LOGNAME, MAIL, SHELL, USER, USERNAME and the SUDO_*
+                       variables.  Any variables in the caller's environment
+                       that match the env_keep and env_check lists are then
+                       added.  The default contents of the env_keep and
+                       env_check lists are displayed when ssuuddoo is run by root
+                       with the _-_V option.  If the _s_e_c_u_r_e___p_a_t_h option is set,
+                       its value will be used for the PATH environment
+                       variable.  This flag is _o_n by default.
+
+       fast_glob       Normally, ssuuddoo uses the _g_l_o_b(3) function to do shell-
+
+
+
+1.7.4                     July 21, 2010                        10
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+                       style globbing when matching path names.  However,
+                       since it accesses the file system, _g_l_o_b(3) can take a
+                       long time to complete for some patterns, especially
+                       when the pattern references a network file system that
+                       is mounted on demand (automounted).  The _f_a_s_t___g_l_o_b
+                       option causes ssuuddoo to use the _f_n_m_a_t_c_h(3) function,
+                       which does not access the file system to do its
+                       matching.  The disadvantage of _f_a_s_t___g_l_o_b is that it is
+                       unable to match relative path names such as _._/_l_s or
+                       _._._/_b_i_n_/_l_s.  This has security implications when path
+                       names that include globbing characters are used with
+                       the negation operator, '!', as such rules can be
+                       trivially bypassed.  As such, this option should not be
+                       used when _s_u_d_o_e_r_s contains rules that contain negated
+                       path names which include globbing characters.  This
+                       flag is _o_f_f by default.
+
+       fqdn            Set this flag if you want to put fully qualified host
+                       names in the _s_u_d_o_e_r_s file.  I.e., instead of myhost you
+                       would use myhost.mydomain.edu.  You may still use the
+                       short form if you wish (and even mix the two).  Beware
+                       that turning on _f_q_d_n requires ssuuddoo to make DNS lookups
+                       which may make ssuuddoo unusable if DNS stops working (for
+                       example if the machine is not plugged into the
+                       network).  Also note that you must use the host's
+                       official name as DNS knows it.  That is, you may not
+                       use a host alias (CNAME entry) due to performance
+                       issues and the fact that there is no way to get all
+                       aliases from DNS.  If your machine's host name (as
+                       returned by the hostname command) is already fully
+                       qualified you shouldn't need to set _f_q_d_n.  This flag is
+                       _o_f_f by default.
+
+       ignore_dot      If set, ssuuddoo will ignore '.' or '' (current dir) in the
+                       PATH environment variable; the PATH itself is not
+                       modified.  This flag is _o_f_f by default.
+
+       ignore_local_sudoers
+                       If set via LDAP, parsing of _/_e_t_c_/_s_u_d_o_e_r_s will be
+                       skipped.  This is intended for Enterprises that wish to
+                       prevent the usage of local sudoers files so that only
+                       LDAP is used.  This thwarts the efforts of rogue
+                       operators who would attempt to add roles to
+                       _/_e_t_c_/_s_u_d_o_e_r_s.  When this option is present,
+                       _/_e_t_c_/_s_u_d_o_e_r_s does not even need to exist. Since this
+                       option tells ssuuddoo how to behave when no specific LDAP
+                       entries have been matched, this sudoOption is only
+                       meaningful for the cn=defaults section.  This flag is
+                       _o_f_f by default.
+
+       insults         If set, ssuuddoo will insult users when they enter an
+                       incorrect password.  This flag is _o_f_f by default.
+
+       log_host        If set, the host name will be logged in the (non-
+
+
+
+1.7.4                     July 21, 2010                        11
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+                       syslog) ssuuddoo log file.  This flag is _o_f_f by default.
+
+       log_year        If set, the four-digit year will be logged in the (non-
+                       syslog) ssuuddoo log file.  This flag is _o_f_f by default.
+
+       long_otp_prompt When validating with a One Time Password (OPT) scheme
+                       such as SS//KKeeyy or OOPPIIEE, a two-line prompt is used to
+                       make it easier to cut and paste the challenge to a
+                       local window.  It's not as pretty as the default but
+                       some people find it more convenient.  This flag is _o_f_f
+                       by default.
+
+       mail_always     Send mail to the _m_a_i_l_t_o user every time a users runs
+                       ssuuddoo.  This flag is _o_f_f by default.
+
+       mail_badpass    Send mail to the _m_a_i_l_t_o user if the user running ssuuddoo
+                       does not enter the correct password.  This flag is _o_f_f
+                       by default.
+
+       mail_no_host    If set, mail will be sent to the _m_a_i_l_t_o user if the
+                       invoking user exists in the _s_u_d_o_e_r_s file, but is not
+                       allowed to run commands on the current host.  This flag
+                       is _o_f_f by default.
+
+       mail_no_perms   If set, mail will be sent to the _m_a_i_l_t_o user if the
+                       invoking user is allowed to use ssuuddoo but the command
+                       they are trying is not listed in their _s_u_d_o_e_r_s file
+                       entry or is explicitly denied.  This flag is _o_f_f by
+                       default.
+
+       mail_no_user    If set, mail will be sent to the _m_a_i_l_t_o user if the
+                       invoking user is not in the _s_u_d_o_e_r_s file.  This flag is
+                       _o_n by default.
+
+       noexec          If set, all commands run via ssuuddoo will behave as if the
+                       NOEXEC tag has been set, unless overridden by a EXEC
+                       tag.  See the description of _N_O_E_X_E_C _a_n_d _E_X_E_C below as
+                       well as the "PREVENTING SHELL ESCAPES" section at the
+                       end of this manual.  This flag is _o_f_f by default.
+
+       path_info       Normally, ssuuddoo will tell the user when a command could
+                       not be found in their PATH environment variable.  Some
+                       sites may wish to disable this as it could be used to
+                       gather information on the location of executables that
+                       the normal user does not have access to.  The
+                       disadvantage is that if the executable is simply not in
+                       the user's PATH, ssuuddoo will tell the user that they are
+                       not allowed to run it, which can be confusing.  This
+                       flag is _o_n by default.
+
+       passprompt_override
+                       The password prompt specified by _p_a_s_s_p_r_o_m_p_t will
+                       normally only be used if the password prompt provided
+                       by systems such as PAM matches the string "Password:".
+
+
+
+1.7.4                     July 21, 2010                        12
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+                       If _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e is set, _p_a_s_s_p_r_o_m_p_t will always
+                       be used.  This flag is _o_f_f by default.
+
+       preserve_groups By default, ssuuddoo will initialize the group vector to
+                       the list of groups the target user is in.  When
+                       _p_r_e_s_e_r_v_e___g_r_o_u_p_s is set, the user's existing group
+                       vector is left unaltered.  The real and effective group
+                       IDs, however, are still set to match the target user.
+                       This flag is _o_f_f by default.
+
+       pwfeedback      By default, ssuuddoo reads the password like most other
+                       Unix programs, by turning off echo until the user hits
+                       the return (or enter) key.  Some users become confused
+                       by this as it appears to them that ssuuddoo has hung at
+                       this point.  When _p_w_f_e_e_d_b_a_c_k is set, ssuuddoo will provide
+                       visual feedback when the user presses a key.  Note that
+                       this does have a security impact as an onlooker may be
+                       able to determine the length of the password being
+                       entered.  This flag is _o_f_f by default.
+
+       requiretty      If set, ssuuddoo will only run when the user is logged in
+                       to a real tty.  When this flag is set, ssuuddoo can only be
+                       run from a login session and not via other means such
+                       as _c_r_o_n(1m) or cgi-bin scripts.  This flag is _o_f_f by
+                       default.
+
+       root_sudo       If set, root is allowed to run ssuuddoo too.  Disabling
+                       this prevents users from "chaining" ssuuddoo commands to
+                       get a root shell by doing something like "sudo sudo
+                       /bin/sh".  Note, however, that turning off _r_o_o_t___s_u_d_o
+                       will also prevent root from running ssuuddooeeddiitt.
+                       Disabling _r_o_o_t___s_u_d_o provides no real additional
+                       security; it exists purely for historical reasons.
+                       This flag is _o_n by default.
+
+       rootpw          If set, ssuuddoo will prompt for the root password instead
+                       of the password of the invoking user.  This flag is _o_f_f
+                       by default.
+
+       runaspw         If set, ssuuddoo will prompt for the password of the user
+                       defined by the _r_u_n_a_s___d_e_f_a_u_l_t option (defaults to root)
+                       instead of the password of the invoking user.  This
+                       flag is _o_f_f by default.
+
+       set_home        If enabled and ssuuddoo is invoked with the --ss option the
+                       HOME environment variable will be set to the home
+                       directory of the target user (which is root unless the
+                       --uu option is used).  This effectively makes the --ss
+                       option imply --HH.  Note that HOME is already set when
+                       the the _e_n_v___r_e_s_e_t option is enabled, so _s_e_t___h_o_m_e is
+                       only effective for configurations where _e_n_v___r_e_s_e_t is
+                       disabled.  This flag is _o_f_f by default.
+
+       set_logname     Normally, ssuuddoo will set the LOGNAME, USER and USERNAME
+
+
+
+1.7.4                     July 21, 2010                        13
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+                       environment variables to the name of the target user
+                       (usually root unless the --uu option is given).  However,
+                       since some programs (including the RCS revision control
+                       system) use LOGNAME to determine the real identity of
+                       the user, it may be desirable to change this behavior.
+                       This can be done by negating the set_logname option.
+                       Note that if the _e_n_v___r_e_s_e_t option has not been
+                       disabled, entries in the _e_n_v___k_e_e_p list will override
+                       the value of _s_e_t___l_o_g_n_a_m_e.  This flag is _o_n by default.
+
+       setenv          Allow the user to disable the _e_n_v___r_e_s_e_t option from the
+                       command line.  Additionally, environment variables set
+                       via the command line are not subject to the
+                       restrictions imposed by _e_n_v___c_h_e_c_k, _e_n_v___d_e_l_e_t_e, or
+                       _e_n_v___k_e_e_p.  As such, only trusted users should be
+                       allowed to set variables in this manner.  This flag is
+                       _o_f_f by default.
+
+       shell_noargs    If set and ssuuddoo is invoked with no arguments it acts as
+                       if the --ss option had been given.  That is, it runs a
+                       shell as root (the shell is determined by the SHELL
+                       environment variable if it is set, falling back on the
+                       shell listed in the invoking user's /etc/passwd entry
+                       if not).  This flag is _o_f_f by default.
+
+       stay_setuid     Normally, when ssuuddoo executes a command the real and
+                       effective UIDs are set to the target user (root by
+                       default).  This option changes that behavior such that
+                       the real UID is left as the invoking user's UID.  In
+                       other words, this makes ssuuddoo act as a setuid wrapper.
+                       This can be useful on systems that disable some
+                       potentially dangerous functionality when a program is
+                       run setuid.  This option is only effective on systems
+                       with either the _s_e_t_r_e_u_i_d_(_) or _s_e_t_r_e_s_u_i_d_(_) function.
+                       This flag is _o_f_f by default.
+
+       targetpw        If set, ssuuddoo will prompt for the password of the user
+                       specified by the --uu option (defaults to root) instead
+                       of the password of the invoking user.  In addition, the
+                       timestamp file name will include the target user's
+                       name.  Note that this flag precludes the use of a uid
+                       not listed in the passwd database as an argument to the
+                       --uu option.  This flag is _o_f_f by default.
+
+       log_input       If set, ssuuddoo will run the command in a _p_s_e_u_d_o _t_t_y and
+                       log all user input.  If the standard input is not
+                       connected to the user's tty, due to I/O redirection or
+                       because the command is part of a pipeline, that input
+                       is also captured and stored in a separate log file.
+
+                       Input is logged to the _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o directory using
+                       a unique session ID that is included in the normal ssuuddoo
+                       log line, prefixed with _T_S_I_D_=.
+
+
+
+
+1.7.4                     July 21, 2010                        14
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+       log_output      If set, ssuuddoo will run the command in a _p_s_e_u_d_o _t_t_y and
+                       log all output that is sent to the screen, similar to
+                       the _s_c_r_i_p_t(1) command.  If the standard output or
+                       standard error is not connected to the user's tty, due
+                       to I/O redirection or because the command is part of a
+                       pipeline, that output is also captured and stored in
+                       separate log files.
+
+                       Output is logged to the _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o directory
+                       using a unique session ID that is included in the
+                       normal ssuuddoo log line, prefixed with _T_S_I_D_=.
+
+                       Output logs may be viewed with the _s_u_d_o_r_e_p_l_a_y(1m)
+                       utility, which can also be used to list or search the
+                       available logs.
+
+       tty_tickets     If set, users must authenticate on a per-tty basis.
+                       With this flag enabled, ssuuddoo will use a file named for
+                       the tty the user is logged in on in the user's time
+                       stamp directory.  If disabled, the time stamp of the
+                       directory is used instead.  This flag is _o_n by default.
+
+       umask_override  If set, ssuuddoo will set the umask as specified by _s_u_d_o_e_r_s
+                       without modification.  This makes it possible to
+                       specify a more permissive umask in _s_u_d_o_e_r_s than the
+                       user's own umask and matches historical behavior.  If
+                       _u_m_a_s_k___o_v_e_r_r_i_d_e is not set, ssuuddoo will set the umask to
+                       be the union of the user's umask and what is specified
+                       in _s_u_d_o_e_r_s.  This flag is _o_f_f by default.
+
+       use_loginclass  If set, ssuuddoo will apply the defaults specified for the
+                       target user's login class if one exists.  Only
+                       available if ssuuddoo is configured with the
+                       --with-logincap option.  This flag is _o_f_f by default.
+
+       use_pty         If set, ssuuddoo will run the command in a pseudo-pty even
+                       if no I/O logging is being gone.  A malicious program
+                       run under ssuuddoo could conceivably fork a background
+                       process that retains to the user's terminal device
+                       after the main program has finished executing.  Use of
+                       this option will make that impossible.
+
+       visiblepw       By default, ssuuddoo will refuse to run if the user must
+                       enter a password but it is not possible to disable echo
+                       on the terminal.  If the _v_i_s_i_b_l_e_p_w flag is set, ssuuddoo
+                       will prompt for a password even when it would be
+                       visible on the screen.  This makes it possible to run
+                       things like "rsh somehost sudo ls" since _r_s_h(1) does
+                       not allocate a tty.  This flag is _o_f_f by default.
+
+       IInntteeggeerrss:
+
+       closefrom       Before it executes a command, ssuuddoo will close all open
+                       file descriptors other than standard input, standard
+
+
+
+1.7.4                     July 21, 2010                        15
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+                       output and standard error (ie: file descriptors 0-2).
+                       The _c_l_o_s_e_f_r_o_m option can be used to specify a different
+                       file descriptor at which to start closing.  The default
+                       is 3.
+
+       passwd_tries    The number of tries a user gets to enter his/her
+                       password before ssuuddoo logs the failure and exits.  The
+                       default is 3.
+
+       IInntteeggeerrss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt:
+
+       loglinelen      Number of characters per line for the file log.  This
+                       value is used to decide when to wrap lines for nicer
+                       log files.  This has no effect on the syslog log file,
+                       only the file log.  The default is 80 (use 0 or negate
+                       the option to disable word wrap).
+
+       passwd_timeout  Number of minutes before the ssuuddoo password prompt times
+                       out, or 0 for no timeout.  The timeout may include a
+                       fractional component if minute granularity is
+                       insufficient, for example 2.5.  The default is 5.
+
+       timestamp_timeout
+                       Number of minutes that can elapse before ssuuddoo will ask
+                       for a passwd again.  The timeout may include a
+                       fractional component if minute granularity is
+                       insufficient, for example 2.5.  The default is 5.  Set
+                       this to 0 to always prompt for a password.  If set to a
+                       value less than 0 the user's timestamp will never
+                       expire.  This can be used to allow users to create or
+                       delete their own timestamps via sudo -v and sudo -k
+                       respectively.
+
+       umask           Umask to use when running the command.  Negate this
+                       option or set it to 0777 to preserve the user's umask.
+                       The actual umask that is used will be the union of the
+                       user's umask and 0022.  This guarantees that ssuuddoo never
+                       lowers the umask when running a command.  Note on
+                       systems that use PAM, the default PAM configuration may
+                       specify its own umask which will override the value set
+                       in _s_u_d_o_e_r_s.
+
+       SSttrriinnggss:
+
+       badpass_message Message that is displayed if a user enters an incorrect
+                       password.  The default is Sorry, try again. unless
+                       insults are enabled.
+
+       editor          A colon (':') separated list of editors allowed to be
+                       used with vviissuuddoo.  vviissuuddoo will choose the editor that
+                       matches the user's EDITOR environment variable if
+                       possible, or the first editor in the list that exists
+                       and is executable.  The default is "vi".
+
+
+
+
+1.7.4                     July 21, 2010                        16
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+       mailsub         Subject of the mail sent to the _m_a_i_l_t_o user. The escape
+                       %h will expand to the host name of the machine.
+                       Default is *** SECURITY information for %h ***.
+
+       noexec_file     Path to a shared library containing dummy versions of
+                       the _e_x_e_c_v_(_), _e_x_e_c_v_e_(_) and _f_e_x_e_c_v_e_(_) library functions
+                       that just return an error.  This is used to implement
+                       the _n_o_e_x_e_c functionality on systems that support
+                       LD_PRELOAD or its equivalent.  Defaults to
+                       _/_u_s_r_/_l_o_c_a_l_/_l_i_b_e_x_e_c_/_s_u_d_o___n_o_e_x_e_c_._s_o.
+
+       passprompt      The default prompt to use when asking for a password;
+                       can be overridden via the --pp option or the SUDO_PROMPT
+                       environment variable.  The following percent (`%')
+                       escapes are supported:
+
+                       %H  expanded to the local host name including the
+                           domain name (on if the machine's host name is fully
+                           qualified or the _f_q_d_n option is set)
+
+                       %h  expanded to the local host name without the domain
+                           name
+
+                       %p  expanded to the user whose password is being asked
+                           for (respects the _r_o_o_t_p_w, _t_a_r_g_e_t_p_w and _r_u_n_a_s_p_w
+                           flags in _s_u_d_o_e_r_s)
+
+                       %U  expanded to the login name of the user the command
+                           will be run as (defaults to root)
+
+                       %u  expanded to the invoking user's login name
+
+                       %%  two consecutive % characters are collapsed into a
+                           single % character
+
+                       The default value is Password:.
+
+       role            The default SELinux role to use when constructing a new
+                       security context to run the command.  The default role
+                       may be overridden on a per-command basis in _s_u_d_o_e_r_s or
+                       via command line options.  This option is only
+                       available whe ssuuddoo is built with SELinux support.
+
+       runas_default   The default user to run commands as if the --uu option is
+                       not specified on the command line.  This defaults to
+                       root.  Note that if _r_u_n_a_s___d_e_f_a_u_l_t is set it mmuusstt occur
+                       before any Runas_Alias specifications.
+
+       syslog_badpri   Syslog priority to use when user authenticates
+                       unsuccessfully.  Defaults to alert.
+
+       syslog_goodpri  Syslog priority to use when user authenticates
+                       successfully.  Defaults to notice.
+
+
+
+
+1.7.4                     July 21, 2010                        17
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+       sudoers_locale  Locale to use when parsing the sudoers file.  Note that
+                       changing the locale may affect how sudoers is
+                       interpreted.  Defaults to "C".
+
+       timestampdir    The directory in which ssuuddoo stores its timestamp files.
+                       The default is _/_v_a_r_/_a_d_m_/_s_u_d_o.
+
+       timestampowner  The owner of the timestamp directory and the timestamps
+                       stored therein.  The default is root.
+
+       type            The default SELinux type to use when constructing a new
+                       security context to run the command.  The default type
+                       may be overridden on a per-command basis in _s_u_d_o_e_r_s or
+                       via command line options.  This option is only
+                       available whe ssuuddoo is built with SELinux support.
+
+       SSttrriinnggss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt:
+
+       askpass     The _a_s_k_p_a_s_s option specifies the fully qualified path to a
+                   helper program used to read the user's password when no
+                   terminal is available.  This may be the case when ssuuddoo is
+                   executed from a graphical (as opposed to text-based)
+                   application.  The program specified by _a_s_k_p_a_s_s should
+                   display the argument passed to it as the prompt and write
+                   the user's password to the standard output.  The value of
+                   _a_s_k_p_a_s_s may be overridden by the SUDO_ASKPASS environment
+                   variable.
+
+       env_file    The _e_n_v___f_i_l_e options specifies the fully qualified path to
+                   a file containing variables to be set in the environment of
+                   the program being run.  Entries in this file should either
+                   be of the form VARIABLE=value or export VARIABLE=value.
+                   The value may optionally be surrounded by single or double
+                   quotes.  Variables in this file are subject to other ssuuddoo
+                   environment settings such as _e_n_v___k_e_e_p and _e_n_v___c_h_e_c_k.
+
+       exempt_group
+                   Users in this group are exempt from password and PATH
+                   requirements.  This is not set by default.
+
+       lecture     This option controls when a short lecture will be printed
+                   along with the password prompt.  It has the following
+                   possible values:
+
+                   always  Always lecture the user.
+
+                   never   Never lecture the user.
+
+                   once    Only lecture the user the first time they run ssuuddoo.
+
+                   If no value is specified, a value of _o_n_c_e is implied.
+                   Negating the option results in a value of _n_e_v_e_r being used.
+                   The default value is _o_n_c_e.
+
+
+
+
+1.7.4                     July 21, 2010                        18
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+       lecture_file
+                   Path to a file containing an alternate ssuuddoo lecture that
+                   will be used in place of the standard lecture if the named
+                   file exists.  By default, ssuuddoo uses a built-in lecture.
+
+       listpw      This option controls when a password will be required when
+                   a user runs ssuuddoo with the --ll option.  It has the following
+                   possible values:
+
+                   all     All the user's _s_u_d_o_e_r_s entries for the current host
+                           must have the NOPASSWD flag set to avoid entering a
+                           password.
+
+                   always  The user must always enter a password to use the --ll
+                           option.
+
+                   any     At least one of the user's _s_u_d_o_e_r_s entries for the
+                           current host must have the NOPASSWD flag set to
+                           avoid entering a password.
+
+                   never   The user need never enter a password to use the --ll
+                           option.
+
+                   If no value is specified, a value of _a_n_y is implied.
+                   Negating the option results in a value of _n_e_v_e_r being used.
+                   The default value is _a_n_y.
+
+       logfile     Path to the ssuuddoo log file (not the syslog log file).
+                   Setting a path turns on logging to a file; negating this
+                   option turns it off.  By default, ssuuddoo logs via syslog.
+
+       mailerflags Flags to use when invoking mailer. Defaults to --tt.
+
+       mailerpath  Path to mail program used to send warning mail.  Defaults
+                   to the path to sendmail found at configure time.
+
+       mailfrom    Address to use for the "from" address when sending warning
+                   and error mail.  The address should be enclosed in double
+                   quotes (") to protect against ssuuddoo interpreting the @ sign.
+                   Defaults to the name of the user running ssuuddoo.
+
+       mailto      Address to send warning and error mail to.  The address
+                   should be enclosed in double quotes (") to protect against
+                   ssuuddoo interpreting the @ sign.  Defaults to root.
+
+       secure_path Path used for every command run from ssuuddoo.  If you don't
+                   trust the people running ssuuddoo to have a sane PATH
+                   environment variable you may want to use this.  Another use
+                   is if you want to have the "root path" be separate from the
+                   "user path."  Users in the group specified by the
+                   _e_x_e_m_p_t___g_r_o_u_p option are not affected by _s_e_c_u_r_e___p_a_t_h.  This
+                   option is not set by default.
+
+       syslog      Syslog facility if syslog is being used for logging (negate
+
+
+
+1.7.4                     July 21, 2010                        19
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+                   to disable syslog logging).  Defaults to auth.
+
+       verifypw    This option controls when a password will be required when
+                   a user runs ssuuddoo with the --vv option.  It has the following
+                   possible values:
+
+                   all     All the user's _s_u_d_o_e_r_s entries for the current host
+                           must have the NOPASSWD flag set to avoid entering a
+                           password.
+
+                   always  The user must always enter a password to use the --vv
+                           option.
+
+                   any     At least one of the user's _s_u_d_o_e_r_s entries for the
+                           current host must have the NOPASSWD flag set to
+                           avoid entering a password.
+
+                   never   The user need never enter a password to use the --vv
+                           option.
+
+                   If no value is specified, a value of _a_l_l is implied.
+                   Negating the option results in a value of _n_e_v_e_r being used.
+                   The default value is _a_l_l.
+
+       LLiissttss tthhaatt ccaann bbee uusseedd iinn aa bboooolleeaann ccoonntteexxtt:
+
+       env_check       Environment variables to be removed from the user's
+                       environment if the variable's value contains % or /
+                       characters.  This can be used to guard against printf-
+                       style format vulnerabilities in poorly-written
+                       programs.  The argument may be a double-quoted, space-
+                       separated list or a single value without double-quotes.
+                       The list can be replaced, added to, deleted from, or
+                       disabled by using the =, +=, -=, and ! operators
+                       respectively.  Regardless of whether the env_reset
+                       option is enabled or disabled, variables specified by
+                       env_check will be preserved in the environment if they
+                       pass the aforementioned check.  The default list of
+                       environment variables to check is displayed when ssuuddoo
+                       is run by root with the _-_V option.
+
+       env_delete      Environment variables to be removed from the user's
+                       environment when the _e_n_v___r_e_s_e_t option is not in effect.
+                       The argument may be a double-quoted, space-separated
+                       list or a single value without double-quotes.  The list
+                       can be replaced, added to, deleted from, or disabled by
+                       using the =, +=, -=, and ! operators respectively.  The
+                       default list of environment variables to remove is
+                       displayed when ssuuddoo is run by root with the _-_V option.
+                       Note that many operating systems will remove
+                       potentially dangerous variables from the environment of
+                       any setuid process (such as ssuuddoo).
+
+       env_keep        Environment variables to be preserved in the user's
+
+
+
+1.7.4                     July 21, 2010                        20
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+                       environment when the _e_n_v___r_e_s_e_t option is in effect.
+                       This allows fine-grained control over the environment
+                       ssuuddoo-spawned processes will receive.  The argument may
+                       be a double-quoted, space-separated list or a single
+                       value without double-quotes.  The list can be replaced,
+                       added to, deleted from, or disabled by using the =, +=,
+                       -=, and ! operators respectively.  The default list of
+                       variables to keep is displayed when ssuuddoo is run by root
+                       with the _-_V option.
+
+       When logging via _s_y_s_l_o_g(3), ssuuddoo accepts the following values for the
+       syslog facility (the value of the ssyysslloogg Parameter): aauutthhpprriivv (if your
+       OS supports it), aauutthh, ddaaeemmoonn, uusseerr, llooccaall00, llooccaall11, llooccaall22, llooccaall33,
+       llooccaall44, llooccaall55, llooccaall66, and llooccaall77.  The following syslog priorities
+       are supported: aalleerrtt, ccrriitt, ddeebbuugg, eemmeerrgg, eerrrr, iinnffoo, nnoottiiccee, and
+       wwaarrnniinngg.
+
+FFIILLEESS
+       _/_e_t_c_/_s_u_d_o_e_r_s            List of who can run what
+
+       _/_e_t_c_/_g_r_o_u_p              Local groups file
+
+       _/_e_t_c_/_n_e_t_g_r_o_u_p           List of network groups
+
+       _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o        I/O log files
+
+EEXXAAMMPPLLEESS
+       Below are example _s_u_d_o_e_r_s entries.  Admittedly, some of these are a bit
+       contrived.  First, we allow a few environment variables to pass and
+       then define our _a_l_i_a_s_e_s:
+
+        # Run X applications through sudo; HOME is used to find the
+        # .Xauthority file.  Note that other programs use HOME to find
+        # configuration files and this may lead to privilege escalation!
+        Defaults env_keep += "DISPLAY HOME"
+
+        # User alias specification
+        User_Alias     FULLTIMERS = millert, mikef, dowdy
+        User_Alias     PARTTIMERS = bostley, jwfox, crawl
+        User_Alias     WEBMASTERS = will, wendy, wim
+
+        # Runas alias specification
+        Runas_Alias    OP = root, operator
+        Runas_Alias    DB = oracle, sybase
+        Runas_Alias    ADMINGRP = adm, oper
+
+        # Host alias specification
+        Host_Alias     SPARC = bigtime, eclipse, moet, anchor :\
+                       SGI = grolsch, dandelion, black :\
+                       ALPHA = widget, thalamus, foobar :\
+                       HPPA = boa, nag, python
+        Host_Alias     CUNETS = 128.138.0.0/255.255.0.0
+        Host_Alias     CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
+        Host_Alias     SERVERS = master, mail, www, ns
+
+
+
+1.7.4                     July 21, 2010                        21
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+        Host_Alias     CDROM = orion, perseus, hercules
+
+        # Cmnd alias specification
+        Cmnd_Alias     DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
+                               /usr/sbin/restore, /usr/sbin/rrestore
+        Cmnd_Alias     KILL = /usr/bin/kill
+        Cmnd_Alias     PRINTING = /usr/sbin/lpc, /usr/bin/lprm
+        Cmnd_Alias     SHUTDOWN = /usr/sbin/shutdown
+        Cmnd_Alias     HALT = /usr/sbin/halt
+        Cmnd_Alias     REBOOT = /usr/sbin/reboot
+        Cmnd_Alias     SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
+                                /usr/local/bin/tcsh, /usr/bin/rsh, \
+                                /usr/local/bin/zsh
+        Cmnd_Alias     SU = /usr/bin/su
+        Cmnd_Alias     PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
+
+       Here we override some of the compiled in default values.  We want ssuuddoo
+       to log via _s_y_s_l_o_g(3) using the _a_u_t_h facility in all cases.  We don't
+       want to subject the full time staff to the ssuuddoo lecture, user mmiilllleerrtt
+       need not give a password, and we don't want to reset the LOGNAME, USER
+       or USERNAME environment variables when running commands as root.
+       Additionally, on the machines in the _S_E_R_V_E_R_S Host_Alias, we keep an
+       additional local log file and make sure we log the year in each log
+       line since the log entries will be kept around for several years.
+       Lastly, we disable shell escapes for the commands in the PAGERS
+       Cmnd_Alias (_/_u_s_r_/_b_i_n_/_m_o_r_e, _/_u_s_r_/_b_i_n_/_p_g and _/_u_s_r_/_b_i_n_/_l_e_s_s).
+
+        # Override built-in defaults
+        Defaults               syslog=auth
+        Defaults>root          !set_logname
+        Defaults:FULLTIMERS    !lecture
+        Defaults:millert       !authenticate
+        Defaults@SERVERS       log_year, logfile=/var/log/sudo.log
+        Defaults!PAGERS        noexec
+
+       The _U_s_e_r _s_p_e_c_i_f_i_c_a_t_i_o_n is the part that actually determines who may run
+       what.
+
+        root           ALL = (ALL) ALL
+        %wheel         ALL = (ALL) ALL
+
+       We let rroooott and any user in group wwhheeeell run any command on any host as
+       any user.
+
+        FULLTIMERS     ALL = NOPASSWD: ALL
+
+       Full time sysadmins (mmiilllleerrtt, mmiikkeeff, and ddoowwddyy) may run any command on
+       any host without authenticating themselves.
+
+        PARTTIMERS     ALL = ALL
+
+       Part time sysadmins (bboossttlleeyy, jjwwffooxx, and ccrraawwll) may run any command on
+       any host but they must authenticate themselves first (since the entry
+       lacks the NOPASSWD tag).
+
+
+
+1.7.4                     July 21, 2010                        22
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+        jack           CSNETS = ALL
+
+       The user jjaacckk may run any command on the machines in the _C_S_N_E_T_S alias
+       (the networks 128.138.243.0, 128.138.204.0, and 128.138.242.0).  Of
+       those networks, only 128.138.204.0 has an explicit netmask (in CIDR
+       notation) indicating it is a class C network.  For the other networks
+       in _C_S_N_E_T_S, the local machine's netmask will be used during matching.
+
+        lisa           CUNETS = ALL
+
+       The user lliissaa may run any command on any host in the _C_U_N_E_T_S alias (the
+       class B network 128.138.0.0).
+
+        operator       ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\
+                       sudoedit /etc/printcap, /usr/oper/bin/
+
+       The ooppeerraattoorr user may run commands limited to simple maintenance.
+       Here, those are commands related to backups, killing processes, the
+       printing system, shutting down the system, and any commands in the
+       directory _/_u_s_r_/_o_p_e_r_/_b_i_n_/.
+
+        joe            ALL = /usr/bin/su operator
+
+       The user jjooee may only _s_u(1) to operator.
+
+        pete           HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root
+
+        %opers         ALL = (: ADMINGRP) /usr/sbin/
+
+       Users in the ooppeerrss group may run commands in _/_u_s_r_/_s_b_i_n_/ as themselves
+       with any group in the _A_D_M_I_N_G_R_P Runas_Alias (the aaddmm and ooppeerr groups).
+
+       The user ppeettee is allowed to change anyone's password except for root on
+       the _H_P_P_A machines.  Note that this assumes _p_a_s_s_w_d(1) does not take
+       multiple user names on the command line.
+
+        bob            SPARC = (OP) ALL : SGI = (OP) ALL
+
+       The user bboobb may run anything on the _S_P_A_R_C and _S_G_I machines as any user
+       listed in the _O_P Runas_Alias (rroooott and ooppeerraattoorr).
+
+        jim            +biglab = ALL
+
+       The user jjiimm may run any command on machines in the _b_i_g_l_a_b netgroup.
+       ssuuddoo knows that "biglab" is a netgroup due to the '+' prefix.
+
+        +secretaries   ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
+
+       Users in the sseeccrreettaarriieess netgroup need to help manage the printers as
+       well as add and remove users, so they are allowed to run those commands
+       on all machines.
+
+        fred           ALL = (DB) NOPASSWD: ALL
+
+
+
+
+1.7.4                     July 21, 2010                        23
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+       The user ffrreedd can run commands as any user in the _D_B Runas_Alias
+       (oorraaccllee or ssyybbaassee) without giving a password.
+
+        john           ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
+
+       On the _A_L_P_H_A machines, user jjoohhnn may su to anyone except root but he is
+       not allowed to specify any options to the _s_u(1) command.
+
+        jen            ALL, !SERVERS = ALL
+
+       The user jjeenn may run any command on any machine except for those in the
+       _S_E_R_V_E_R_S Host_Alias (master, mail, www and ns).
+
+        jill           SERVERS = /usr/bin/, !SU, !SHELLS
+
+       For any machine in the _S_E_R_V_E_R_S Host_Alias, jjiillll may run any commands in
+       the directory _/_u_s_r_/_b_i_n_/ except for those commands belonging to the _S_U
+       and _S_H_E_L_L_S Cmnd_Aliases.
+
+        steve          CSNETS = (operator) /usr/local/op_commands/
+
+       The user sstteevvee may run any command in the directory
+       /usr/local/op_commands/ but only as user operator.
+
+        matt           valkyrie = KILL
+
+       On his personal workstation, valkyrie, mmaatttt needs to be able to kill
+       hung processes.
+
+        WEBMASTERS     www = (www) ALL, (root) /usr/bin/su www
+
+       On the host www, any user in the _W_E_B_M_A_S_T_E_R_S User_Alias (will, wendy,
+       and wim), may run any command as user www (which owns the web pages) or
+       simply _s_u(1) to www.
+
+        ALL            CDROM = NOPASSWD: /sbin/umount /CDROM,\
+                       /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
+
+       Any user may mount or unmount a CD-ROM on the machines in the CDROM
+       Host_Alias (orion, perseus, hercules) without entering a password.
+       This is a bit tedious for users to type, so it is a prime candidate for
+       encapsulating in a shell script.
+
+SSEECCUURRIITTYY NNOOTTEESS
+       It is generally not effective to "subtract" commands from ALL using the
+       '!' operator.  A user can trivially circumvent this by copying the
+       desired command to a different name and then executing that.  For
+       example:
+
+           bill        ALL = ALL, !SU, !SHELLS
+
+       Doesn't really prevent bbiillll from running the commands listed in _S_U or
+       _S_H_E_L_L_S since he can simply copy those commands to a different name, or
+       use a shell escape from an editor or other program.  Therefore, these
+
+
+
+1.7.4                     July 21, 2010                        24
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+       kind of restrictions should be considered advisory at best (and
+       reinforced by policy).
+
+       Furthermore, if the _f_a_s_t___g_l_o_b option is in use, it is not possible to
+       reliably negate commands where the path name includes globbing (aka
+       wildcard) characters.  This is because the C library's _f_n_m_a_t_c_h(3)
+       function cannot resolve relative paths.  While this is typically only
+       an inconvenience for rules that grant privileges, it can result in a
+       security issue for rules that subtract or revoke privileges.
+
+       For example, given the following _s_u_d_o_e_r_s entry:
+
+        john   ALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*,
+             /usr/bin/chfn [a-zA-Z0-9]*, !/usr/bin/* root
+
+       User jjoohhnn can still run /usr/bin/passwd root if _f_a_s_t___g_l_o_b is enabled by
+       changing to _/_u_s_r_/_b_i_n and running ./passwd root instead.
+
+PPRREEVVEENNTTIINNGG SSHHEELLLL EESSCCAAPPEESS
+       Once ssuuddoo executes a program, that program is free to do whatever it
+       pleases, including run other programs.  This can be a security issue
+       since it is not uncommon for a program to allow shell escapes, which
+       lets a user bypass ssuuddoo's access control and logging.  Common programs
+       that permit shell escapes include shells (obviously), editors,
+       paginators, mail and terminal programs.
+
+       There are two basic approaches to this problem:
+
+       restrict  Avoid giving users access to commands that allow the user to
+                 run arbitrary commands.  Many editors have a restricted mode
+                 where shell escapes are disabled, though ssuuddooeeddiitt is a better
+                 solution to running editors via ssuuddoo.  Due to the large
+                 number of programs that offer shell escapes, restricting
+                 users to the set of programs that do not if often unworkable.
+
+       noexec    Many systems that support shared libraries have the ability
+                 to override default library functions by pointing an
+                 environment variable (usually LD_PRELOAD) to an alternate
+                 shared library.  On such systems, ssuuddoo's _n_o_e_x_e_c functionality
+                 can be used to prevent a program run by ssuuddoo from executing
+                 any other programs.  Note, however, that this applies only to
+                 native dynamically-linked executables.  Statically-linked
+                 executables and foreign executables running under binary
+                 emulation are not affected.
+
+                 To tell whether or not ssuuddoo supports _n_o_e_x_e_c, you can run the
+                 following as root:
+
+                     sudo -V | grep "dummy exec"
+
+                 If the resulting output contains a line that begins with:
+
+                     File containing dummy exec functions:
+
+
+
+
+1.7.4                     July 21, 2010                        25
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+                 then ssuuddoo may be able to replace the exec family of functions
+                 in the standard library with its own that simply return an
+                 error.  Unfortunately, there is no foolproof way to know
+                 whether or not _n_o_e_x_e_c will work at compile-time.  _n_o_e_x_e_c
+                 should work on SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX,
+                 MacOS X, and HP-UX 11.x.  It is known nnoott to work on AIX and
+                 UnixWare.  _n_o_e_x_e_c is expected to work on most operating
+                 systems that support the LD_PRELOAD environment variable.
+                 Check your operating system's manual pages for the dynamic
+                 linker (usually ld.so, ld.so.1, dyld, dld.sl, rld, or loader)
+                 to see if LD_PRELOAD is supported.
+
+                 To enable _n_o_e_x_e_c for a command, use the NOEXEC tag as
+                 documented in the User Specification section above.  Here is
+                 that example again:
+
+                  aaron  shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
+
+                 This allows user aaaarroonn to run _/_u_s_r_/_b_i_n_/_m_o_r_e and _/_u_s_r_/_b_i_n_/_v_i
+                 with _n_o_e_x_e_c enabled.  This will prevent those two commands
+                 from executing other commands (such as a shell).  If you are
+                 unsure whether or not your system is capable of supporting
+                 _n_o_e_x_e_c you can always just try it out and see if it works.
+
+       Note that restricting shell escapes is not a panacea.  Programs running
+       as root are still capable of many potentially hazardous operations
+       (such as changing or overwriting files) that could lead to unintended
+       privilege escalation.  In the specific case of an editor, a safer
+       approach is to give the user permission to run ssuuddooeeddiitt.
+
+SSEEEE AALLSSOO
+       _r_s_h(1), _s_u(1), _f_n_m_a_t_c_h(3), _g_l_o_b(3), _s_u_d_o(1m), _v_i_s_u_d_o(8)
+
+CCAAVVEEAATTSS
+       The _s_u_d_o_e_r_s file should aallwwaayyss be edited by the vviissuuddoo command which
+       locks the file and does grammatical checking. It is imperative that
+       _s_u_d_o_e_r_s be free of syntax errors since ssuuddoo will not run with a
+       syntactically incorrect _s_u_d_o_e_r_s file.
+
+       When using netgroups of machines (as opposed to users), if you store
+       fully qualified host name in the netgroup (as is usually the case), you
+       either need to have the machine's host name be fully qualified as
+       returned by the hostname command or use the _f_q_d_n option in _s_u_d_o_e_r_s.
+
+BBUUGGSS
+       If you feel you have found a bug in ssuuddoo, please submit a bug report at
+       http://www.sudo.ws/sudo/bugs/
+
+SSUUPPPPOORRTT
+       Limited free support is available via the sudo-users mailing list, see
+       http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
+       the archives.
+
+
+
+
+
+1.7.4                     July 21, 2010                        26
+
+
+
+
+
+SUDOERS(4)             MAINTENANCE COMMANDS            SUDOERS(4)
+
+
+DDIISSCCLLAAIIMMEERR
+       ssuuddoo is provided ``AS IS'' and any express or implied warranties,
+       including, but not limited to, the implied warranties of
+       merchantability and fitness for a particular purpose are disclaimed.
+       See the LICENSE file distributed with ssuuddoo or
+       http://www.sudo.ws/sudo/license.html for complete details.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+1.7.4                     July 21, 2010                        27
+
+
diff --git a/sudo-1.7.4p4/sudoers.in b/sudo-1.7.4p4/sudoers.in
new file mode 100644
index 0000000..42e639e
--- /dev/null
+++ b/sudo-1.7.4p4/sudoers.in
@@ -0,0 +1,90 @@
+## sudoers file.
+##
+## This file MUST be edited with the 'visudo' command as root.
+## Failure to use 'visudo' may result in syntax or file permission errors
+## that prevent sudo from running.
+##
+## See the sudoers man page for the details on how to write a sudoers file.
+##
+
+##
+## Host alias specification
+##
+## Groups of machines. These may include host names (optionally with wildcards),
+## IP addresses, network numbers or netgroups.
+# Host_Alias	WEBSERVERS = www1, www2, www3
+
+##
+## User alias specification
+##
+## Groups of users.  These may consist of user names, uids, Unix groups,
+## or netgroups.
+# User_Alias	ADMINS = millert, dowdy, mikef
+
+##
+## Cmnd alias specification
+##
+## Groups of commands.  Often used to group related commands together.
+# Cmnd_Alias	PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
+# 			    /usr/bin/pkill, /usr/bin/top
+
+##
+## Defaults specification
+##
+## You may wish to keep some of the following environment variables
+## when running commands via sudo.
+##
+## Locale settings
+# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
+##
+## Run X applications through sudo; HOME is used to find the
+## .Xauthority file.  Note that other programs use HOME to find   
+## configuration files and this may lead to privilege escalation!
+# Defaults env_keep += "HOME"
+##
+## X11 resource path settings
+# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
+##
+## Desktop path settings
+# Defaults env_keep += "QTDIR KDEDIR"
+##
+## Allow sudo-run commands to inherit the callers' ConsoleKit session
+# Defaults env_keep += "XDG_SESSION_COOKIE"
+##
+## Uncomment to enable special input methods.  Care should be taken as
+## this may allow users to subvert the command being run via sudo.
+# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
+##
+## Uncomment to enable logging of a command's output, except for
+## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.
+# Defaults log_output
+# Defaults!/usr/bin/sudoreplay !log_output
+# Defaults!/usr/local/bin/sudoreplay !log_output
+# Defaults!/sbin/reboot !log_output
+
+##
+## Runas alias specification
+##
+
+##
+## User privilege specification
+##
+root ALL=(ALL) ALL
+
+## Uncomment to allow members of group wheel to execute any command
+# %wheel ALL=(ALL) ALL
+
+## Same thing without a password
+# %wheel ALL=(ALL) NOPASSWD: ALL
+
+## Uncomment to allow members of group sudo to execute any command
+# %sudo	ALL=(ALL) ALL
+
+## Uncomment to allow any user to run sudo if they know the password
+## of the user they are running the command as (root by default).
+# Defaults targetpw  # Ask for the password of the target user
+# ALL ALL=(ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'
+
+## Read drop-in files from @sysconfdir@/sudoers.d
+## (the '#' here does not indicate a comment)
+#includedir @sysconfdir@/sudoers.d
diff --git a/sudo-1.7.4p4/sudoers.ldap.cat b/sudo-1.7.4p4/sudoers.ldap.cat
new file mode 100644
index 0000000..20374d4
--- /dev/null
+++ b/sudo-1.7.4p4/sudoers.ldap.cat
@@ -0,0 +1,792 @@
+
+
+
+SUDOERS.LDAP(4)        MAINTENANCE COMMANDS       SUDOERS.LDAP(4)
+
+
+NNAAMMEE
+       sudoers.ldap - sudo LDAP configuration
+
+DDEESSCCRRIIPPTTIIOONN
+       In addition to the standard _s_u_d_o_e_r_s file, ssuuddoo may be configured via
+       LDAP.  This can be especially useful for synchronizing _s_u_d_o_e_r_s in a
+       large, distributed environment.
+
+       Using LDAP for _s_u_d_o_e_r_s has several benefits:
+
+       +o   ssuuddoo no longer needs to read _s_u_d_o_e_r_s in its entirety.  When LDAP is
+           used, there are only two or three LDAP queries per invocation.
+           This makes it especially fast and particularly usable in LDAP
+           environments.
+
+       +o   ssuuddoo no longer exits if there is a typo in _s_u_d_o_e_r_s.  It is not
+           possible to load LDAP data into the server that does not conform to
+           the sudoers schema, so proper syntax is guaranteed.  It is still
+           possible to have typos in a user or host name, but this will not
+           prevent ssuuddoo from running.
+
+       +o   It is possible to specify per-entry options that override the
+           global default options.  _/_e_t_c_/_s_u_d_o_e_r_s only supports default options
+           and limited options associated with user/host/commands/aliases.
+           The syntax is complicated and can be difficult for users to
+           understand.  Placing the options directly in the entry is more
+           natural.
+
+       +o   The vviissuuddoo program is no longer needed.  vviissuuddoo provides locking
+           and syntax checking of the _/_e_t_c_/_s_u_d_o_e_r_s file.  Since LDAP updates
+           are atomic, locking is no longer necessary.  Because syntax is
+           checked when the data is inserted into LDAP, there is no need for a
+           specialized tool to check syntax.
+
+       Another major difference between LDAP and file-based _s_u_d_o_e_r_s is that in
+       LDAP, ssuuddoo-specific Aliases are not supported.
+
+       For the most part, there is really no need for ssuuddoo-specific Aliases.
+       Unix groups or user netgroups can be used in place of User_Aliases and
+       RunasAliases.  Host netgroups can be used in place of HostAliases.
+       Since Unix groups and netgroups can also be stored in LDAP there is no
+       real need for ssuuddoo-specific aliases.
+
+       Cmnd_Aliases are not really required either since it is possible to
+       have multiple users listed in a sudoRole.  Instead of defining a
+       Cmnd_Alias that is referenced by multiple users, one can create a
+       sudoRole that contains the commands and assign multiple users to it.
+
+   SSUUDDOOeerrss LLDDAAPP ccoonnttaaiinneerr
+       The _s_u_d_o_e_r_s configuration is contained in the ou=SUDOers LDAP
+       container.
+
+       Sudo first looks for the cn=default entry in the SUDOers container.  If
+       found, the multi-valued sudoOption attribute is parsed in the same
+
+
+
+1.7.4                     July 12, 2010                         1
+
+
+
+
+
+SUDOERS.LDAP(4)        MAINTENANCE COMMANDS       SUDOERS.LDAP(4)
+
+
+       manner as a global Defaults line in _/_e_t_c_/_s_u_d_o_e_r_s.  In the following
+       example, the SSH_AUTH_SOCK variable will be preserved in the
+       environment for all users.
+
+           dn: cn=defaults,ou=SUDOers,dc=example,dc=com
+           objectClass: top
+           objectClass: sudoRole
+           cn: defaults
+           description: Default sudoOption's go here
+           sudoOption: env_keep+=SSH_AUTH_SOCK
+
+       The equivalent of a sudoer in LDAP is a sudoRole.  It consists of the
+       following components:
+
+       ssuuddooUUsseerr
+           A user name, uid (prefixed with '#'), Unix group (prefixed with a
+           '%') or user netgroup (prefixed with a '+').
+
+       ssuuddooHHoosstt
+           A host name, IP address, IP network, or host netgroup (prefixed
+           with a '+').  The special value ALL will match any host.
+
+       ssuuddooCCoommmmaanndd
+           A Unix command with optional command line arguments, potentially
+           including globbing characters (aka wild cards).  The special value
+           ALL will match any command.  If a command is prefixed with an
+           exclamation point '!', the user will be prohibited from running
+           that command.
+
+       ssuuddooOOppttiioonn
+           Identical in function to the global options described above, but
+           specific to the sudoRole in which it resides.
+
+       ssuuddooRRuunnAAssUUsseerr
+           A user name or uid (prefixed with '#') that commands may be run as
+           or a Unix group (prefixed with a '%') or user netgroup (prefixed
+           with a '+') that contains a list of users that commands may be run
+           as.  The special value ALL will match any user.
+
+       ssuuddooRRuunnAAssGGrroouupp
+           A Unix group or gid (prefixed with '#') that commands may be run
+           as.  The special value ALL will match any group.
+
+       Each component listed above should contain a single value, but there
+       may be multiple instances of each component type.  A sudoRole must
+       contain at least one sudoUser, sudoHost and sudoCommand.
+
+       The following example allows users in group wheel to run any command on
+       any host via ssuuddoo:
+
+
+
+
+
+
+
+
+1.7.4                     July 12, 2010                         2
+
+
+
+
+
+SUDOERS.LDAP(4)        MAINTENANCE COMMANDS       SUDOERS.LDAP(4)
+
+
+           dn: cn=%wheel,ou=SUDOers,dc=example,dc=com
+           objectClass: top
+           objectClass: sudoRole
+           cn: %wheel
+           sudoUser: %wheel
+           sudoHost: ALL
+           sudoCommand: ALL
+
+   AAnnaattoommyy ooff LLDDAAPP ssuuddooeerrss llooookkuupp
+       When looking up a sudoer using LDAP there are only two or three LDAP
+       queries per invocation.  The first query is to parse the global
+       options.  The second is to match against the user's name and the groups
+       that the user belongs to.  (The special ALL tag is matched in this
+       query too.)  If no match is returned for the user's name and groups, a
+       third query returns all entries containing user netgroups and checks to
+       see if the user belongs to any of them.
+
+   DDiiffffeerreenncceess bbeettwweeeenn LLDDAAPP aanndd nnoonn--LLDDAAPP ssuuddooeerrss
+       There are some subtle differences in the way sudoers is handled once in
+       LDAP.  Probably the biggest is that according to the RFC, LDAP ordering
+       is arbitrary and you cannot expect that Attributes and Entries are
+       returned in any specific order.  If there are conflicting command rules
+       on an entry, the negative takes precedence.  This is called paranoid
+       behavior (not necessarily the most specific match).
+
+       Here is an example:
+
+           # /etc/sudoers:
+           # Allow all commands except shell
+           johnny  ALL=(root) ALL,!/bin/sh
+           # Always allows all commands because ALL is matched last
+           puddles ALL=(root) !/bin/sh,ALL
+
+           # LDAP equivalent of johnny
+           # Allows all commands except shell
+           dn: cn=role1,ou=Sudoers,dc=my-domain,dc=com
+           objectClass: sudoRole
+           objectClass: top
+           cn: role1
+           sudoUser: johnny
+           sudoHost: ALL
+           sudoCommand: ALL
+           sudoCommand: !/bin/sh
+
+           # LDAP equivalent of puddles
+           # Notice that even though ALL comes last, it still behaves like
+           # role1 since the LDAP code assumes the more paranoid configuration
+           dn: cn=role2,ou=Sudoers,dc=my-domain,dc=com
+           objectClass: sudoRole
+           objectClass: top
+           cn: role2
+           sudoUser: puddles
+           sudoHost: ALL
+           sudoCommand: !/bin/sh
+
+
+
+1.7.4                     July 12, 2010                         3
+
+
+
+
+
+SUDOERS.LDAP(4)        MAINTENANCE COMMANDS       SUDOERS.LDAP(4)
+
+
+           sudoCommand: ALL
+
+       Another difference is that negations on the Host, User or Runas are
+       currently ignorred.  For example, the following attributes do not
+       behave the way one might expect.
+
+           # does not match all but joe
+           # rather, does not match anyone
+           sudoUser: !joe
+
+           # does not match all but joe
+           # rather, matches everyone including Joe
+           sudoUser: ALL
+           sudoUser: !joe
+
+           # does not match all but web01
+           # rather, matches all hosts including web01
+           sudoHost: ALL
+           sudoHost: !web01
+
+   SSuuddooeerrss SScchheemmaa
+       In order to use ssuuddoo's LDAP support, the ssuuddoo schema must be installed
+       on your LDAP server.  In addition, be sure to index the 'sudoUser'
+       attribute.
+
+       Three versions of the schema: one for OpenLDAP servers
+       (_s_c_h_e_m_a_._O_p_e_n_L_D_A_P), one for Netscape-derived servers (_s_c_h_e_m_a_._i_P_l_a_n_e_t),
+       and one for Microsoft Active Directory (_s_c_h_e_m_a_._A_c_t_i_v_e_D_i_r_e_c_t_o_r_y) may be
+       found in the ssuuddoo distribution.
+
+       The schema for ssuuddoo in OpenLDAP form is included in the EXAMPLES
+       section.
+
+   CCoonnffiigguurriinngg llddaapp..ccoonnff
+       Sudo reads the _/_e_t_c_/_l_d_a_p_._c_o_n_f file for LDAP-specific configuration.
+       Typically, this file is shared amongst different LDAP-aware clients.
+       As such, most of the settings are not ssuuddoo-specific.  Note that ssuuddoo
+       parses _/_e_t_c_/_l_d_a_p_._c_o_n_f itself and may support options that differ from
+       those described in the _l_d_a_p_._c_o_n_f(4) manual.
+
+       Also note that on systems using the OpenLDAP libraries, default values
+       specified in _/_e_t_c_/_o_p_e_n_l_d_a_p_/_l_d_a_p_._c_o_n_f or the user's _._l_d_a_p_r_c files are
+       not used.
+
+       Only those options explicitly listed in _/_e_t_c_/_l_d_a_p_._c_o_n_f that are
+       supported by ssuuddoo are honored.  Configuration options are listed below
+       in upper case but are parsed in a case-independent manner.
+
+       UURRII ldap[s]://[hostname[:port]] ...
+           Specifies a whitespace-delimited list of one or more URIs
+           describing the LDAP server(s) to connect to.  The _p_r_o_t_o_c_o_l may be
+           either llddaapp or llddaappss, the latter being for servers that support TLS
+           (SSL) encryption.  If no _p_o_r_t is specified, the default is port 389
+           for ldap:// or port 636 for ldaps://.  If no _h_o_s_t_n_a_m_e is specified,
+
+
+
+1.7.4                     July 12, 2010                         4
+
+
+
+
+
+SUDOERS.LDAP(4)        MAINTENANCE COMMANDS       SUDOERS.LDAP(4)
+
+
+           ssuuddoo will connect to llooccaallhhoosstt.  Multiple UURRII lines are treated
+           identically to a UURRII line containing multiple entries.  Only
+           systems using the OpenSSL libraries support the mixing of ldap://
+           and ldaps:// URIs.  The Netscape-derived libraries used on most
+           commercial versions of Unix are only capable of supporting one or
+           the other.
+
+       HHOOSSTT name[:port] ...
+           If no UURRII is specified, the HHOOSSTT parameter specifies a whitespace-
+           delimited list of LDAP servers to connect to.  Each host may
+           include an optional _p_o_r_t separated by a colon (':').  The HHOOSSTT
+           parameter is deprecated in favor of the UURRII specification and is
+           included for backwards compatibility.
+
+       PPOORRTT port_number
+           If no UURRII is specified, the PPOORRTT parameter specifies the default
+           port to connect to on the LDAP server if a HHOOSSTT parameter does not
+           specify the port itself.  If no PPOORRTT parameter is used, the default
+           is port 389 for LDAP and port 636 for LDAP over TLS (SSL).  The
+           PPOORRTT parameter is deprecated in favor of the UURRII specification and
+           is included for backwards compatibility.
+
+       BBIINNDD__TTIIMMEELLIIMMIITT seconds
+           The BBIINNDD__TTIIMMEELLIIMMIITT parameter specifies the amount of time, in
+           seconds, to wait while trying to connect to an LDAP server.  If
+           multiple UURRIIs or HHOOSSTTs are specified, this is the amount of time to
+           wait before trying the next one in the list.
+
+       TTIIMMEELLIIMMIITT seconds
+           The TTIIMMEELLIIMMIITT parameter specifies the amount of time, in seconds,
+           to wait for a response to an LDAP query.
+
+       SSUUDDOOEERRSS__BBAASSEE base
+           The base DN to use when performing ssuuddoo LDAP queries.  Typically
+           this is of the form ou=SUDOers,dc=example,dc=com for the domain
+           example.com.  Multiple SSUUDDOOEERRSS__BBAASSEE lines may be specified, in
+           which case they are queried in the order specified.
+
+       SSUUDDOOEERRSS__DDEEBBUUGG debug_level
+           This sets the debug level for ssuuddoo LDAP queries.  Debugging
+           information is printed to the standard error.  A value of 1 results
+           in a moderate amount of debugging information.  A value of 2 shows
+           the results of the matches themselves.  This parameter should not
+           be set in a production environment as the extra information is
+           likely to confuse users.
+
+       BBIINNDDDDNN DN
+           The BBIINNDDDDNN parameter specifies the identity, in the form of a
+           Distinguished Name (DN), to use when performing LDAP operations.
+           If not specified, LDAP operations are performed with an anonymous
+           identity.  By default, most LDAP servers will allow anonymous
+           access.
+
+
+
+
+
+1.7.4                     July 12, 2010                         5
+
+
+
+
+
+SUDOERS.LDAP(4)        MAINTENANCE COMMANDS       SUDOERS.LDAP(4)
+
+
+       BBIINNDDPPWW secret
+           The BBIINNDDPPWW parameter specifies the password to use when performing
+           LDAP operations.  This is typically used in conjunction with the
+           BBIINNDDDDNN parameter.
+
+       RROOOOTTBBIINNDDDDNN DN
+           The RROOOOTTBBIINNDDDDNN parameter specifies the identity, in the form of a
+           Distinguished Name (DN), to use when performing privileged LDAP
+           operations, such as _s_u_d_o_e_r_s queries.  The password corresponding to
+           the identity should be stored in _/_e_t_c_/_l_d_a_p_._s_e_c_r_e_t.  If not
+           specified, the BBIINNDDDDNN identity is used (if any).
+
+       LLDDAAPP__VVEERRSSIIOONN number
+           The version of the LDAP protocol to use when connecting to the
+           server.  The default value is protocol version 3.
+
+       SSSSLL on/true/yes/off/false/no
+           If the SSSSLL parameter is set to on, true or yes, TLS (SSL)
+           encryption is always used when communicating with the LDAP server.
+           Typically, this involves connecting to the server on port 636
+           (ldaps).
+
+       SSSSLL start_tls
+           If the SSSSLL parameter is set to start_tls, the LDAP server
+           connection is initiated normally and TLS encryption is begun before
+           the bind credentials are sent.  This has the advantage of not
+           requiring a dedicated port for encrypted communications.  This
+           parameter is only supported by LDAP servers that honor the
+           start_tls extension, such as the OpenLDAP server.
+
+       TTLLSS__CCHHEECCKKPPEEEERR on/true/yes/off/false/no
+           If enabled, TTLLSS__CCHHEECCKKPPEEEERR will cause the LDAP server's TLS
+           certificated to be verified.  If the server's TLS certificate
+           cannot be verified (usually because it is signed by an unknown
+           certificate authority), ssuuddoo will be unable to connect to it.  If
+           TTLLSS__CCHHEECCKKPPEEEERR is disabled, no check is made.  Note that disabling
+           the check creates an opportunity for man-in-the-middle attacks
+           since the server's identity will not be authenticated.  If
+           possible, the CA's certificate should be installed locally so it
+           can be verified.
+
+       TTLLSS__CCAACCEERRTT file name
+           An alias for TTLLSS__CCAACCEERRTTFFIILLEE.
+
+       TTLLSS__CCAACCEERRTTFFIILLEE file name
+           The path to a certificate authority bundle which contains the
+           certificates for all the Certificate Authorities the client knows
+           to be valid, e.g. _/_e_t_c_/_s_s_l_/_c_a_-_b_u_n_d_l_e_._p_e_m.  This option is only
+           supported by the OpenLDAP libraries.  Netscape-derived LDAP
+           libraries use the same certificate database for CA and client
+           certificates (see TTLLSS__CCEERRTT).
+
+       TTLLSS__CCAACCEERRTTDDIIRR directory
+           Similar to TTLLSS__CCAACCEERRTTFFIILLEE but instead of a file, it is a directory
+
+
+
+1.7.4                     July 12, 2010                         6
+
+
+
+
+
+SUDOERS.LDAP(4)        MAINTENANCE COMMANDS       SUDOERS.LDAP(4)
+
+
+           containing individual Certificate Authority certificates, e.g.
+           _/_e_t_c_/_s_s_l_/_c_e_r_t_s.  The directory specified by TTLLSS__CCAACCEERRTTDDIIRR is
+           checked after TTLLSS__CCAACCEERRTTFFIILLEE.  This option is only supported by the
+           OpenLDAP libraries.
+
+       TTLLSS__CCEERRTT file name
+           The path to a file containing the client certificate which can be
+           used to authenticate the client to the LDAP server.  The
+           certificate type depends on the LDAP libraries used.
+
+           OpenLDAP:
+               tls_cert /etc/ssl/client_cert.pem
+
+           Netscape-derived:
+               tls_cert /var/ldap/cert7.db
+
+           When using Netscape-derived libraries, this file may also contain
+           Certificate Authority certificates.
+
+       TTLLSS__KKEEYY file name
+           The path to a file containing the private key which matches the
+           certificate specified by TTLLSS__CCEERRTT.  The private key must not be
+           password-protected.  The key type depends on the LDAP libraries
+           used.
+
+           OpenLDAP:
+               tls_key /etc/ssl/client_key.pem
+
+           Netscape-derived:
+               tls_key /var/ldap/key3.db
+
+       TTLLSS__RRAANNDDFFIILLEE file name
+           The TTLLSS__RRAANNDDFFIILLEE parameter specifies the path to an entropy source
+           for systems that lack a random device.  It is generally used in
+           conjunction with _p_r_n_g_d or _e_g_d.  This option is only supported by
+           the OpenLDAP libraries.
+
+       TTLLSS__CCIIPPHHEERRSS cipher list
+           The TTLLSS__CCIIPPHHEERRSS parameter allows the administer to restrict which
+           encryption algorithms may be used for TLS (SSL) connections.  See
+           the OpenSSL manual for a list of valid ciphers.  This option is
+           only supported by the OpenLDAP libraries.
+
+       UUSSEE__SSAASSLL on/true/yes/off/false/no
+           Enable UUSSEE__SSAASSLL for LDAP servers that support SASL authentication.
+
+       SSAASSLL__AAUUTTHH__IIDD identity
+           The SASL user name to use when connecting to the LDAP server.  By
+           default, ssuuddoo will use an anonymous connection.
+
+       RROOOOTTUUSSEE__SSAASSLL on/true/yes/off/false/no
+           Enable RROOOOTTUUSSEE__SSAASSLL to enable SASL authentication when connecting
+           to an LDAP server from a privileged process, such as ssuuddoo.
+
+
+
+
+1.7.4                     July 12, 2010                         7
+
+
+
+
+
+SUDOERS.LDAP(4)        MAINTENANCE COMMANDS       SUDOERS.LDAP(4)
+
+
+       RROOOOTTSSAASSLL__AAUUTTHH__IIDD identity
+           The SASL user name to use when RROOOOTTUUSSEE__SSAASSLL is enabled.
+
+       SSAASSLL__SSEECCPPRROOPPSS none/properties
+           SASL security properties or _n_o_n_e for no properties.  See the SASL
+           programmer's manual for details.
+
+       KKRRBB55__CCCCNNAAMMEE file name
+           The path to the Kerberos 5 credential cache to use when
+           authenticating with the remote server.
+
+       See the ldap.conf entry in the EXAMPLES section.
+
+   CCoonnffiigguurriinngg nnsssswwiittcchh..ccoonnff
+       Unless it is disabled at build time, ssuuddoo consults the Name Service
+       Switch file, _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f, to specify the _s_u_d_o_e_r_s search order.
+       Sudo looks for a line beginning with sudoers: and uses this to
+       determine the search order.  Note that ssuuddoo does not stop searching
+       after the first match and later matches take precedence over earlier
+       ones.
+
+       The following sources are recognized:
+
+           files       read sudoers from F</etc/sudoers>
+           ldap        read sudoers from LDAP
+
+       In addition, the entry [NOTFOUND=return] will short-circuit the search
+       if the user was not found in the preceding source.
+
+       To consult LDAP first followed by the local sudoers file (if it
+       exists), use:
+
+           sudoers: ldap files
+
+       The local _s_u_d_o_e_r_s file can be ignored completely by using:
+
+           sudoers: ldap
+
+       If the _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f file is not present or there is no sudoers
+       line, the following default is assumed:
+
+           sudoers: files
+
+       Note that _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f is supported even when the underlying
+       operating system does not use an nsswitch.conf file.
+
+   CCoonnffiigguurriinngg nneettssvvcc..ccoonnff
+       On AIX systems, the _/_e_t_c_/_n_e_t_s_v_c_._c_o_n_f file is consulted instead of
+       _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f.  ssuuddoo simply treats _n_e_t_s_v_c_._c_o_n_f as a variant of
+       _n_s_s_w_i_t_c_h_._c_o_n_f; information in the previous section unrelated to the
+       file format itself still applies.
+
+       To consult LDAP first followed by the local sudoers file (if it
+       exists), use:
+
+
+
+1.7.4                     July 12, 2010                         8
+
+
+
+
+
+SUDOERS.LDAP(4)        MAINTENANCE COMMANDS       SUDOERS.LDAP(4)
+
+
+           sudoers = ldap, files
+
+       The local _s_u_d_o_e_r_s file can be ignored completely by using:
+
+           sudoers = ldap
+
+       To treat LDAP as authoratative and only use the local sudoers file if
+       the user is not present in LDAP, use:
+
+           sudoers = ldap = auth, files
+
+       Note that in the above example, the auth qualfier only affects user
+       lookups; both LDAP and _s_u_d_o_e_r_s will be queried for Defaults entries.
+
+       If the _/_e_t_c_/_n_e_t_s_v_c_._c_o_n_f file is not present or there is no sudoers
+       line, the following default is assumed:
+
+           sudoers = files
+
+FFIILLEESS
+       _/_e_t_c_/_l_d_a_p_._c_o_n_f          LDAP configuration file
+
+       _/_e_t_c_/_n_s_s_w_i_t_c_h_._c_o_n_f      determines sudoers source order
+
+       _/_e_t_c_/_n_e_t_s_v_c_._c_o_n_f        determines sudoers source order on AIX
+
+EEXXAAMMPPLLEESS
+   EExxaammppllee llddaapp..ccoonnff
+         # Either specify one or more URIs or one or more host:port pairs.
+         # If neither is specified sudo will default to localhost, port 389.
+         #
+         #host          ldapserver
+         #host          ldapserver1 ldapserver2:390
+         #
+         # Default port if host is specified without one, defaults to 389.
+         #port          389
+         #
+         # URI will override the host and port settings.
+         uri            ldap://ldapserver
+         #uri            ldaps://secureldapserver
+         #uri            ldaps://secureldapserver ldap://ldapserver
+         #
+         # The amount of time, in seconds, to wait while trying to connect to
+         # an LDAP server.
+         bind_timelimit 30
+         #
+         # The amount of time, in seconds, to wait while performing an LDAP query.
+         timelimit 30
+         #
+         # Must be set or sudo will ignore LDAP; may be specified multiple times.
+         sudoers_base   ou=SUDOers,dc=example,dc=com
+         #
+         # verbose sudoers matching from ldap
+         #sudoers_debug 2
+
+
+
+1.7.4                     July 12, 2010                         9
+
+
+
+
+
+SUDOERS.LDAP(4)        MAINTENANCE COMMANDS       SUDOERS.LDAP(4)
+
+
+         #
+         # optional proxy credentials
+         #binddn        <who to search as>
+         #bindpw        <password>
+         #rootbinddn    <who to search as, uses /etc/ldap.secret for bindpw>
+         #
+         # LDAP protocol version, defaults to 3
+         #ldap_version 3
+         #
+         # Define if you want to use an encrypted LDAP connection.
+         # Typically, you must also set the port to 636 (ldaps).
+         #ssl on
+         #
+         # Define if you want to use port 389 and switch to
+         # encryption before the bind credentials are sent.
+         # Only supported by LDAP servers that support the start_tls
+         # extension such as OpenLDAP.
+         #ssl start_tls
+         #
+         # Additional TLS options follow that allow tweaking of the
+         # SSL/TLS connection.
+         #
+         #tls_checkpeer yes # verify server SSL certificate
+         #tls_checkpeer no  # ignore server SSL certificate
+         #
+         # If you enable tls_checkpeer, specify either tls_cacertfile
+         # or tls_cacertdir.  Only supported when using OpenLDAP.
+         #
+         #tls_cacertfile /etc/certs/trusted_signers.pem
+         #tls_cacertdir  /etc/certs
+         #
+         # For systems that don't have /dev/random
+         # use this along with PRNGD or EGD.pl to seed the
+         # random number pool to generate cryptographic session keys.
+         # Only supported when using OpenLDAP.
+         #
+         #tls_randfile /etc/egd-pool
+         #
+         # You may restrict which ciphers are used.  Consult your SSL
+         # documentation for which options go here.
+         # Only supported when using OpenLDAP.
+         #
+         #tls_ciphers <cipher-list>
+         #
+         # Sudo can provide a client certificate when communicating to
+         # the LDAP server.
+         # Tips:
+         #   * Enable both lines at the same time.
+         #   * Do not password protect the key file.
+         #   * Ensure the keyfile is only readable by root.
+         #
+         # For OpenLDAP:
+         #tls_cert /etc/certs/client_cert.pem
+         #tls_key  /etc/certs/client_key.pem
+
+
+
+1.7.4                     July 12, 2010                        10
+
+
+
+
+
+SUDOERS.LDAP(4)        MAINTENANCE COMMANDS       SUDOERS.LDAP(4)
+
+
+         #
+         # For SunONE or iPlanet LDAP, tls_cert and tls_key may specify either
+         # a directory, in which case the files in the directory must have the
+         # default names (e.g. cert8.db and key4.db), or the path to the cert
+         # and key files themselves.  However, a bug in version 5.0 of the LDAP
+         # SDK will prevent specific file names from working.  For this reason
+         # it is suggested that tls_cert and tls_key be set to a directory,
+         # not a file name.
+         #
+         # The certificate database specified by tls_cert may contain CA certs
+         # and/or the client's cert.  If the client's cert is included, tls_key
+         # should be specified as well.
+         # For backward compatibility, "sslpath" may be used in place of tls_cert.
+         #tls_cert /var/ldap
+         #tls_key /var/ldap
+         #
+         # If using SASL authentication for LDAP (OpenSSL)
+         # use_sasl yes
+         # sasl_auth_id <SASL user name>
+         # rootuse_sasl yes
+         # rootsasl_auth_id <SASL user name for root access>
+         # sasl_secprops none
+         # krb5_ccname /etc/.ldapcache
+
+   SSuuddoo sscchheemmaa ffoorr OOppeennLLDDAAPP
+       The following schema is in OpenLDAP format.  Simply copy it to the
+       schema directory (e.g. _/_e_t_c_/_o_p_e_n_l_d_a_p_/_s_c_h_e_m_a), add the proper include
+       line in slapd.conf and restart ssllaappdd.
+
+        attributetype ( 1.3.6.1.4.1.15953.9.1.1
+           NAME 'sudoUser'
+           DESC 'User(s) who may  run sudo'
+           EQUALITY caseExactIA5Match
+           SUBSTR caseExactIA5SubstringsMatch
+           SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+        attributetype ( 1.3.6.1.4.1.15953.9.1.2
+           NAME 'sudoHost'
+           DESC 'Host(s) who may run sudo'
+           EQUALITY caseExactIA5Match
+           SUBSTR caseExactIA5SubstringsMatch
+           SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+        attributetype ( 1.3.6.1.4.1.15953.9.1.3
+           NAME 'sudoCommand'
+           DESC 'Command(s) to be executed by sudo'
+           EQUALITY caseExactIA5Match
+           SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+        attributetype ( 1.3.6.1.4.1.15953.9.1.4
+           NAME 'sudoRunAs'
+           DESC 'User(s) impersonated by sudo'
+           EQUALITY caseExactIA5Match
+           SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+
+
+1.7.4                     July 12, 2010                        11
+
+
+
+
+
+SUDOERS.LDAP(4)        MAINTENANCE COMMANDS       SUDOERS.LDAP(4)
+
+
+
+        attributetype ( 1.3.6.1.4.1.15953.9.1.5
+           NAME 'sudoOption'
+           DESC 'Options(s) followed by sudo'
+           EQUALITY caseExactIA5Match
+           SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+        attributetype ( 1.3.6.1.4.1.15953.9.1.6
+           NAME 'sudoRunAsUser'
+           DESC 'User(s) impersonated by sudo'
+           EQUALITY caseExactIA5Match
+           SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+        attributetype ( 1.3.6.1.4.1.15953.9.1.7
+           NAME 'sudoRunAsGroup'
+           DESC 'Group(s) impersonated by sudo'
+           EQUALITY caseExactIA5Match
+           SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+        objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL
+           DESC 'Sudoer Entries'
+           MUST ( cn )
+           MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $
+                 sudoRunAsGroup $ sudoOption $ description )
+           )
+
+SSEEEE AALLSSOO
+       _l_d_a_p_._c_o_n_f(4), _s_u_d_o_e_r_s(5)
+
+CCAAVVEEAATTSS
+       The way that _s_u_d_o_e_r_s is parsed differs between Note that there are
+       differences in the way that LDAP-based _s_u_d_o_e_r_s is parsed compared to
+       file-based _s_u_d_o_e_r_s.  See the "Differences between LDAP and non-LDAP
+       sudoers" section for more information.
+
+BBUUGGSS
+       If you feel you have found a bug in ssuuddoo, please submit a bug report at
+       http://www.sudo.ws/sudo/bugs/
+
+SSUUPPPPOORRTT
+       Limited free support is available via the sudo-users mailing list, see
+       http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
+       the archives.
+
+DDIISSCCLLAAIIMMEERR
+       ssuuddoo is provided ``AS IS'' and any express or implied warranties,
+       including, but not limited to, the implied warranties of
+       merchantability and fitness for a particular purpose are disclaimed.
+       See the LICENSE file distributed with ssuuddoo or
+       http://www.sudo.ws/sudo/license.html for complete details.
+
+
+
+
+
+
+
+1.7.4                     July 12, 2010                        12
+
+
diff --git a/sudo-1.7.4p4/sudoers.ldap.man.in b/sudo-1.7.4p4/sudoers.ldap.man.in
new file mode 100644
index 0000000..66a1b03
--- /dev/null
+++ b/sudo-1.7.4p4/sudoers.ldap.man.in
@@ -0,0 +1,826 @@
+.\" Copyright (c) 2003-2010
+.\" 	Todd C. Miller <Todd.Miller@courtesan.com>
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\" 
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` 
+.    ds C' 
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SUDOERS.LDAP @mansectform@"
+.TH SUDOERS.LDAP @mansectform@ "July 12, 2010" "1.7.4" "MAINTENANCE COMMANDS"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+sudoers.ldap \- sudo LDAP configuration
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+In addition to the standard \fIsudoers\fR file, \fBsudo\fR may be configured
+via \s-1LDAP\s0.  This can be especially useful for synchronizing \fIsudoers\fR
+in a large, distributed environment.
+.PP
+Using \s-1LDAP\s0 for \fIsudoers\fR has several benefits:
+.IP "\(bu" 4
+\&\fBsudo\fR no longer needs to read \fIsudoers\fR in its entirety.  When
+\&\s-1LDAP\s0 is used, there are only two or three \s-1LDAP\s0 queries per invocation.
+This makes it especially fast and particularly usable in \s-1LDAP\s0
+environments.
+.IP "\(bu" 4
+\&\fBsudo\fR no longer exits if there is a typo in \fIsudoers\fR.
+It is not possible to load \s-1LDAP\s0 data into the server that does
+not conform to the sudoers schema, so proper syntax is guaranteed.
+It is still possible to have typos in a user or host name, but
+this will not prevent \fBsudo\fR from running.
+.IP "\(bu" 4
+It is possible to specify per-entry options that override the global
+default options.  \fI@sysconfdir@/sudoers\fR only supports default options and
+limited options associated with user/host/commands/aliases.  The
+syntax is complicated and can be difficult for users to understand.
+Placing the options directly in the entry is more natural.
+.IP "\(bu" 4
+The \fBvisudo\fR program is no longer needed.  \fBvisudo\fR provides
+locking and syntax checking of the \fI@sysconfdir@/sudoers\fR file.
+Since \s-1LDAP\s0 updates are atomic, locking is no longer necessary.
+Because syntax is checked when the data is inserted into \s-1LDAP\s0, there
+is no need for a specialized tool to check syntax.
+.PP
+Another major difference between \s-1LDAP\s0 and file-based \fIsudoers\fR
+is that in \s-1LDAP\s0, \fBsudo\fR\-specific Aliases are not supported.
+.PP
+For the most part, there is really no need for \fBsudo\fR\-specific
+Aliases.  Unix groups or user netgroups can be used in place of
+User_Aliases and RunasAliases.  Host netgroups can be used in place
+of HostAliases.  Since Unix groups and netgroups can also be stored
+in \s-1LDAP\s0 there is no real need for \fBsudo\fR\-specific aliases.
+.PP
+Cmnd_Aliases are not really required either since it is possible
+to have multiple users listed in a sudoRole.  Instead of defining
+a Cmnd_Alias that is referenced by multiple users, one can create
+a sudoRole that contains the commands and assign multiple users
+to it.
+.SS "SUDOers \s-1LDAP\s0 container"
+.IX Subsection "SUDOers LDAP container"
+The \fIsudoers\fR configuration is contained in the \f(CW\*(C`ou=SUDOers\*(C'\fR \s-1LDAP\s0
+container.
+.PP
+Sudo first looks for the \f(CW\*(C`cn=default\*(C'\fR entry in the SUDOers container.
+If found, the multi-valued \f(CW\*(C`sudoOption\*(C'\fR attribute is parsed in the
+same manner as a global \f(CW\*(C`Defaults\*(C'\fR line in \fI@sysconfdir@/sudoers\fR.  In
+the following example, the \f(CW\*(C`SSH_AUTH_SOCK\*(C'\fR variable will be preserved
+in the environment for all users.
+.PP
+.Vb 6
+\&    dn: cn=defaults,ou=SUDOers,dc=example,dc=com
+\&    objectClass: top
+\&    objectClass: sudoRole
+\&    cn: defaults
+\&    description: Default sudoOption\*(Aqs go here
+\&    sudoOption: env_keep+=SSH_AUTH_SOCK
+.Ve
+.PP
+The equivalent of a sudoer in \s-1LDAP\s0 is a \f(CW\*(C`sudoRole\*(C'\fR.  It consists of
+the following components:
+.IP "\fBsudoUser\fR" 4
+.IX Item "sudoUser"
+A user name, uid (prefixed with \f(CW\*(Aq#\*(Aq\fR), Unix group (prefixed with
+a \f(CW\*(Aq%\*(Aq\fR) or user netgroup (prefixed with a \f(CW\*(Aq+\*(Aq\fR).
+.IP "\fBsudoHost\fR" 4
+.IX Item "sudoHost"
+A host name, \s-1IP\s0 address, \s-1IP\s0 network, or host netgroup (prefixed
+with a \f(CW\*(Aq+\*(Aq\fR).
+The special value \f(CW\*(C`ALL\*(C'\fR will match any host.
+.IP "\fBsudoCommand\fR" 4
+.IX Item "sudoCommand"
+A Unix command with optional command line arguments, potentially
+including globbing characters (aka wild cards).
+The special value \f(CW\*(C`ALL\*(C'\fR will match any command.
+If a command is prefixed with an exclamation point \f(CW\*(Aq!\*(Aq\fR, the
+user will be prohibited from running that command.
+.IP "\fBsudoOption\fR" 4
+.IX Item "sudoOption"
+Identical in function to the global options described above, but
+specific to the \f(CW\*(C`sudoRole\*(C'\fR in which it resides.
+.IP "\fBsudoRunAsUser\fR" 4
+.IX Item "sudoRunAsUser"
+A user name or uid (prefixed with \f(CW\*(Aq#\*(Aq\fR) that commands may be run
+as or a Unix group (prefixed with a \f(CW\*(Aq%\*(Aq\fR) or user netgroup (prefixed
+with a \f(CW\*(Aq+\*(Aq\fR) that contains a list of users that commands may be
+run as.
+The special value \f(CW\*(C`ALL\*(C'\fR will match any user.
+.IP "\fBsudoRunAsGroup\fR" 4
+.IX Item "sudoRunAsGroup"
+A Unix group or gid (prefixed with \f(CW\*(Aq#\*(Aq\fR) that commands may be run as.
+The special value \f(CW\*(C`ALL\*(C'\fR will match any group.
+.PP
+Each component listed above should contain a single value, but there
+may be multiple instances of each component type.  A sudoRole must
+contain at least one \f(CW\*(C`sudoUser\*(C'\fR, \f(CW\*(C`sudoHost\*(C'\fR and \f(CW\*(C`sudoCommand\*(C'\fR.
+.PP
+The following example allows users in group wheel to run any command
+on any host via \fBsudo\fR:
+.PP
+.Vb 7
+\&    dn: cn=%wheel,ou=SUDOers,dc=example,dc=com
+\&    objectClass: top
+\&    objectClass: sudoRole
+\&    cn: %wheel
+\&    sudoUser: %wheel
+\&    sudoHost: ALL
+\&    sudoCommand: ALL
+.Ve
+.SS "Anatomy of \s-1LDAP\s0 sudoers lookup"
+.IX Subsection "Anatomy of LDAP sudoers lookup"
+When looking up a sudoer using \s-1LDAP\s0 there are only two or three
+\&\s-1LDAP\s0 queries per invocation.  The first query is to parse the global
+options.  The second is to match against the user's name and the
+groups that the user belongs to.  (The special \s-1ALL\s0 tag is matched
+in this query too.)  If no match is returned for the user's name
+and groups, a third query returns all entries containing user
+netgroups and checks to see if the user belongs to any of them.
+.SS "Differences between \s-1LDAP\s0 and non-LDAP sudoers"
+.IX Subsection "Differences between LDAP and non-LDAP sudoers"
+There are some subtle differences in the way sudoers is handled
+once in \s-1LDAP\s0.  Probably the biggest is that according to the \s-1RFC\s0,
+\&\s-1LDAP\s0 ordering is arbitrary and you cannot expect that Attributes
+and Entries are returned in any specific order.  If there are
+conflicting command rules on an entry, the negative takes precedence.
+This is called paranoid behavior (not necessarily the most specific
+match).
+.PP
+Here is an example:
+.PP
+.Vb 5
+\&    # /etc/sudoers:
+\&    # Allow all commands except shell
+\&    johnny  ALL=(root) ALL,!/bin/sh
+\&    # Always allows all commands because ALL is matched last
+\&    puddles ALL=(root) !/bin/sh,ALL
+\&
+\&    # LDAP equivalent of johnny
+\&    # Allows all commands except shell
+\&    dn: cn=role1,ou=Sudoers,dc=my\-domain,dc=com
+\&    objectClass: sudoRole
+\&    objectClass: top
+\&    cn: role1
+\&    sudoUser: johnny
+\&    sudoHost: ALL
+\&    sudoCommand: ALL
+\&    sudoCommand: !/bin/sh
+\&
+\&    # LDAP equivalent of puddles
+\&    # Notice that even though ALL comes last, it still behaves like
+\&    # role1 since the LDAP code assumes the more paranoid configuration
+\&    dn: cn=role2,ou=Sudoers,dc=my\-domain,dc=com
+\&    objectClass: sudoRole
+\&    objectClass: top
+\&    cn: role2
+\&    sudoUser: puddles
+\&    sudoHost: ALL
+\&    sudoCommand: !/bin/sh
+\&    sudoCommand: ALL
+.Ve
+.PP
+Another difference is that negations on the Host, User or Runas are
+currently ignorred.  For example, the following attributes do not
+behave the way one might expect.
+.PP
+.Vb 3
+\&    # does not match all but joe
+\&    # rather, does not match anyone
+\&    sudoUser: !joe
+\&
+\&    # does not match all but joe
+\&    # rather, matches everyone including Joe
+\&    sudoUser: ALL
+\&    sudoUser: !joe
+\&
+\&    # does not match all but web01
+\&    # rather, matches all hosts including web01
+\&    sudoHost: ALL
+\&    sudoHost: !web01
+.Ve
+.SS "Sudoers Schema"
+.IX Subsection "Sudoers Schema"
+In order to use \fBsudo\fR's \s-1LDAP\s0 support, the \fBsudo\fR schema must be
+installed on your \s-1LDAP\s0 server.  In addition, be sure to index the
+\&'sudoUser' attribute.
+.PP
+Three versions of the schema: one for OpenLDAP servers (\fIschema.OpenLDAP\fR),
+one for Netscape-derived servers (\fIschema.iPlanet\fR), and one for
+Microsoft Active Directory (\fIschema.ActiveDirectory\fR) may
+be found in the \fBsudo\fR distribution.
+.PP
+The schema for \fBsudo\fR in OpenLDAP form is included in the \s-1EXAMPLES\s0
+section.
+.SS "Configuring ldap.conf"
+.IX Subsection "Configuring ldap.conf"
+Sudo reads the \fI@ldap_conf@\fR file for LDAP-specific configuration.
+Typically, this file is shared amongst different LDAP-aware clients.
+As such, most of the settings are not \fBsudo\fR\-specific.  Note that
+\&\fBsudo\fR parses \fI@ldap_conf@\fR itself and may support options
+that differ from those described in the \fIldap.conf\fR\|(@mansectform@) manual.
+.PP
+Also note that on systems using the OpenLDAP libraries, default
+values specified in \fI/etc/openldap/ldap.conf\fR or the user's
+\&\fI.ldaprc\fR files are not used.
+.PP
+Only those options explicitly listed in \fI@ldap_conf@\fR that are
+supported by \fBsudo\fR are honored.  Configuration options are listed
+below in upper case but are parsed in a case-independent manner.
+.IP "\fB\s-1URI\s0\fR ldap[s]://[hostname[:port]] ..." 4
+.IX Item "URI ldap[s]://[hostname[:port]] ..."
+Specifies a whitespace-delimited list of one or more URIs describing
+the \s-1LDAP\s0 server(s) to connect to.  The \fIprotocol\fR may be either
+\&\fBldap\fR or \fBldaps\fR, the latter being for servers that support \s-1TLS\s0
+(\s-1SSL\s0) encryption.  If no \fIport\fR is specified, the default is port
+389 for \f(CW\*(C`ldap://\*(C'\fR or port 636 for \f(CW\*(C`ldaps://\*(C'\fR.  If no \fIhostname\fR
+is specified, \fBsudo\fR will connect to \fBlocalhost\fR.  Multiple \fB\s-1URI\s0\fR
+lines are treated identically to a \fB\s-1URI\s0\fR line containing multiple
+entries.  Only systems using the OpenSSL libraries support the
+mixing of \f(CW\*(C`ldap://\*(C'\fR and \f(CW\*(C`ldaps://\*(C'\fR URIs.  The Netscape-derived
+libraries used on most commercial versions of Unix are only capable
+of supporting one or the other.
+.IP "\fB\s-1HOST\s0\fR name[:port] ..." 4
+.IX Item "HOST name[:port] ..."
+If no \fB\s-1URI\s0\fR is specified, the \fB\s-1HOST\s0\fR parameter specifies a
+whitespace-delimited list of \s-1LDAP\s0 servers to connect to.  Each host
+may include an optional \fIport\fR separated by a colon (':').  The
+\&\fB\s-1HOST\s0\fR parameter is deprecated in favor of the \fB\s-1URI\s0\fR specification
+and is included for backwards compatibility.
+.IP "\fB\s-1PORT\s0\fR port_number" 4
+.IX Item "PORT port_number"
+If no \fB\s-1URI\s0\fR is specified, the \fB\s-1PORT\s0\fR parameter specifies the
+default port to connect to on the \s-1LDAP\s0 server if a \fB\s-1HOST\s0\fR parameter
+does not specify the port itself.  If no \fB\s-1PORT\s0\fR parameter is used,
+the default is port 389 for \s-1LDAP\s0 and port 636 for \s-1LDAP\s0 over \s-1TLS\s0
+(\s-1SSL\s0).  The \fB\s-1PORT\s0\fR parameter is deprecated in favor of the \fB\s-1URI\s0\fR
+specification and is included for backwards compatibility.
+.IP "\fB\s-1BIND_TIMELIMIT\s0\fR seconds" 4
+.IX Item "BIND_TIMELIMIT seconds"
+The \fB\s-1BIND_TIMELIMIT\s0\fR parameter specifies the amount of time, in seconds,
+to wait while trying to connect to an \s-1LDAP\s0 server.  If multiple \fB\s-1URI\s0\fRs or
+\&\fB\s-1HOST\s0\fRs are specified, this is the amount of time to wait before trying
+the next one in the list.
+.IP "\fB\s-1TIMELIMIT\s0\fR seconds" 4
+.IX Item "TIMELIMIT seconds"
+The \fB\s-1TIMELIMIT\s0\fR parameter specifies the amount of time, in seconds,
+to wait for a response to an \s-1LDAP\s0 query.
+.IP "\fB\s-1SUDOERS_BASE\s0\fR base" 4
+.IX Item "SUDOERS_BASE base"
+The base \s-1DN\s0 to use when performing \fBsudo\fR \s-1LDAP\s0 queries.  Typically
+this is of the form \f(CW\*(C`ou=SUDOers,dc=example,dc=com\*(C'\fR for the domain
+\&\f(CW\*(C`example.com\*(C'\fR.  Multiple \fB\s-1SUDOERS_BASE\s0\fR lines may be specified,
+in which case they are queried in the order specified.
+.IP "\fB\s-1SUDOERS_DEBUG\s0\fR debug_level" 4
+.IX Item "SUDOERS_DEBUG debug_level"
+This sets the debug level for \fBsudo\fR \s-1LDAP\s0 queries.  Debugging
+information is printed to the standard error.  A value of 1 results
+in a moderate amount of debugging information.  A value of 2 shows
+the results of the matches themselves.  This parameter should not
+be set in a production environment as the extra information is
+likely to confuse users.
+.IP "\fB\s-1BINDDN\s0\fR \s-1DN\s0" 4
+.IX Item "BINDDN DN"
+The \fB\s-1BINDDN\s0\fR parameter specifies the identity, in the form of a
+Distinguished Name (\s-1DN\s0), to use when performing \s-1LDAP\s0 operations.
+If not specified, \s-1LDAP\s0 operations are performed with an anonymous
+identity.  By default, most \s-1LDAP\s0 servers will allow anonymous access.
+.IP "\fB\s-1BINDPW\s0\fR secret" 4
+.IX Item "BINDPW secret"
+The \fB\s-1BINDPW\s0\fR parameter specifies the password to use when performing
+\&\s-1LDAP\s0 operations.  This is typically used in conjunction with the
+\&\fB\s-1BINDDN\s0\fR parameter.
+.IP "\fB\s-1ROOTBINDDN\s0\fR \s-1DN\s0" 4
+.IX Item "ROOTBINDDN DN"
+The \fB\s-1ROOTBINDDN\s0\fR parameter specifies the identity, in the form of
+a Distinguished Name (\s-1DN\s0), to use when performing privileged \s-1LDAP\s0
+operations, such as \fIsudoers\fR queries.  The password corresponding
+to the identity should be stored in \fI@ldap_secret@\fR.
+If not specified, the \fB\s-1BINDDN\s0\fR identity is used (if any).
+.IP "\fB\s-1LDAP_VERSION\s0\fR number" 4
+.IX Item "LDAP_VERSION number"
+The version of the \s-1LDAP\s0 protocol to use when connecting to the server.
+The default value is protocol version 3.
+.IP "\fB\s-1SSL\s0\fR on/true/yes/off/false/no" 4
+.IX Item "SSL on/true/yes/off/false/no"
+If the \fB\s-1SSL\s0\fR parameter is set to \f(CW\*(C`on\*(C'\fR, \f(CW\*(C`true\*(C'\fR or \f(CW\*(C`yes\*(C'\fR, \s-1TLS\s0
+(\s-1SSL\s0) encryption is always used when communicating with the \s-1LDAP\s0
+server.  Typically, this involves connecting to the server on port
+636 (ldaps).
+.IP "\fB\s-1SSL\s0\fR start_tls" 4
+.IX Item "SSL start_tls"
+If the \fB\s-1SSL\s0\fR parameter is set to \f(CW\*(C`start_tls\*(C'\fR, the \s-1LDAP\s0 server
+connection is initiated normally and \s-1TLS\s0 encryption is begun before
+the bind credentials are sent.  This has the advantage of not
+requiring a dedicated port for encrypted communications.  This
+parameter is only supported by \s-1LDAP\s0 servers that honor the \f(CW\*(C`start_tls\*(C'\fR
+extension, such as the OpenLDAP server.
+.IP "\fB\s-1TLS_CHECKPEER\s0\fR on/true/yes/off/false/no" 4
+.IX Item "TLS_CHECKPEER on/true/yes/off/false/no"
+If enabled, \fB\s-1TLS_CHECKPEER\s0\fR will cause the \s-1LDAP\s0 server's \s-1TLS\s0
+certificated to be verified.  If the server's \s-1TLS\s0 certificate cannot
+be verified (usually because it is signed by an unknown certificate
+authority), \fBsudo\fR will be unable to connect to it.  If \fB\s-1TLS_CHECKPEER\s0\fR
+is disabled, no check is made.  Note that disabling the check creates
+an opportunity for man-in-the-middle attacks since the server's
+identity will not be authenticated.  If possible, the \s-1CA\s0's certificate
+should be installed locally so it can be verified.
+.IP "\fB\s-1TLS_CACERT\s0\fR file name" 4
+.IX Item "TLS_CACERT file name"
+An alias for \fB\s-1TLS_CACERTFILE\s0\fR.
+.IP "\fB\s-1TLS_CACERTFILE\s0\fR file name" 4
+.IX Item "TLS_CACERTFILE file name"
+The path to a certificate authority bundle which contains the certificates
+for all the Certificate Authorities the client knows to be valid,
+e.g. \fI/etc/ssl/ca\-bundle.pem\fR.
+This option is only supported by the OpenLDAP libraries.
+Netscape-derived \s-1LDAP\s0 libraries use the same certificate
+database for \s-1CA\s0 and client certificates (see \fB\s-1TLS_CERT\s0\fR).
+.IP "\fB\s-1TLS_CACERTDIR\s0\fR directory" 4
+.IX Item "TLS_CACERTDIR directory"
+Similar to \fB\s-1TLS_CACERTFILE\s0\fR but instead of a file, it is a
+directory containing individual Certificate Authority certificates,
+e.g. \fI/etc/ssl/certs\fR.
+The directory specified by \fB\s-1TLS_CACERTDIR\s0\fR is checked after
+\&\fB\s-1TLS_CACERTFILE\s0\fR.
+This option is only supported by the OpenLDAP libraries.
+.IP "\fB\s-1TLS_CERT\s0\fR file name" 4
+.IX Item "TLS_CERT file name"
+The path to a file containing the client certificate which can
+be used to authenticate the client to the \s-1LDAP\s0 server.
+The certificate type depends on the \s-1LDAP\s0 libraries used.
+.Sp
+OpenLDAP:
+    \f(CW\*(C`tls_cert /etc/ssl/client_cert.pem\*(C'\fR
+.Sp
+Netscape-derived:
+    \f(CW\*(C`tls_cert /var/ldap/cert7.db\*(C'\fR
+.Sp
+When using Netscape-derived libraries, this file may also contain
+Certificate Authority certificates.
+.IP "\fB\s-1TLS_KEY\s0\fR file name" 4
+.IX Item "TLS_KEY file name"
+The path to a file containing the private key which matches the
+certificate specified by \fB\s-1TLS_CERT\s0\fR.  The private key must not be
+password-protected.  The key type depends on the \s-1LDAP\s0 libraries
+used.
+.Sp
+OpenLDAP:
+    \f(CW\*(C`tls_key /etc/ssl/client_key.pem\*(C'\fR
+.Sp
+Netscape-derived:
+    \f(CW\*(C`tls_key /var/ldap/key3.db\*(C'\fR
+.IP "\fB\s-1TLS_RANDFILE\s0\fR file name" 4
+.IX Item "TLS_RANDFILE file name"
+The \fB\s-1TLS_RANDFILE\s0\fR parameter specifies the path to an entropy
+source for systems that lack a random device.  It is generally used
+in conjunction with \fIprngd\fR or \fIegd\fR.
+This option is only supported by the OpenLDAP libraries.
+.IP "\fB\s-1TLS_CIPHERS\s0\fR cipher list" 4
+.IX Item "TLS_CIPHERS cipher list"
+The \fB\s-1TLS_CIPHERS\s0\fR parameter allows the administer to restrict
+which encryption algorithms may be used for \s-1TLS\s0 (\s-1SSL\s0) connections.
+See the OpenSSL manual for a list of valid ciphers.
+This option is only supported by the OpenLDAP libraries.
+.IP "\fB\s-1USE_SASL\s0\fR on/true/yes/off/false/no" 4
+.IX Item "USE_SASL on/true/yes/off/false/no"
+Enable \fB\s-1USE_SASL\s0\fR for \s-1LDAP\s0 servers that support \s-1SASL\s0 authentication.
+.IP "\fB\s-1SASL_AUTH_ID\s0\fR identity" 4
+.IX Item "SASL_AUTH_ID identity"
+The \s-1SASL\s0 user name to use when connecting to the \s-1LDAP\s0 server.
+By default, \fBsudo\fR will use an anonymous connection.
+.IP "\fB\s-1ROOTUSE_SASL\s0\fR on/true/yes/off/false/no" 4
+.IX Item "ROOTUSE_SASL on/true/yes/off/false/no"
+Enable \fB\s-1ROOTUSE_SASL\s0\fR to enable \s-1SASL\s0 authentication when connecting
+to an \s-1LDAP\s0 server from a privileged process, such as \fBsudo\fR.
+.IP "\fB\s-1ROOTSASL_AUTH_ID\s0\fR identity" 4
+.IX Item "ROOTSASL_AUTH_ID identity"
+The \s-1SASL\s0 user name to use when \fB\s-1ROOTUSE_SASL\s0\fR is enabled.
+.IP "\fB\s-1SASL_SECPROPS\s0\fR none/properties" 4
+.IX Item "SASL_SECPROPS none/properties"
+\&\s-1SASL\s0 security properties or \fInone\fR for no properties.  See the
+\&\s-1SASL\s0 programmer's manual for details.
+.IP "\fB\s-1KRB5_CCNAME\s0\fR file name" 4
+.IX Item "KRB5_CCNAME file name"
+The path to the Kerberos 5 credential cache to use when authenticating
+with the remote server.
+.PP
+See the \f(CW\*(C`ldap.conf\*(C'\fR entry in the \s-1EXAMPLES\s0 section.
+.SS "Configuring nsswitch.conf"
+.IX Subsection "Configuring nsswitch.conf"
+Unless it is disabled at build time, \fBsudo\fR consults the Name
+Service Switch file, \fI@nsswitch_conf@\fR, to specify the \fIsudoers\fR
+search order.  Sudo looks for a line beginning with \f(CW\*(C`sudoers\*(C'\fR: and
+uses this to determine the search order.  Note that \fBsudo\fR does
+not stop searching after the first match and later matches take
+precedence over earlier ones.
+.PP
+The following sources are recognized:
+.PP
+.Vb 2
+\&    files       read sudoers from F<@sysconfdir@/sudoers>
+\&    ldap        read sudoers from LDAP
+.Ve
+.PP
+In addition, the entry \f(CW\*(C`[NOTFOUND=return]\*(C'\fR will short-circuit the
+search if the user was not found in the preceding source.
+.PP
+To consult \s-1LDAP\s0 first followed by the local sudoers file (if it
+exists), use:
+.PP
+.Vb 1
+\&    sudoers: ldap files
+.Ve
+.PP
+The local \fIsudoers\fR file can be ignored completely by using:
+.PP
+.Vb 1
+\&    sudoers: ldap
+.Ve
+.PP
+If the \fI@nsswitch_conf@\fR file is not present or there is no
+sudoers line, the following default is assumed:
+.PP
+.Vb 1
+\&    sudoers: files
+.Ve
+.PP
+Note that \fI@nsswitch_conf@\fR is supported even when the underlying
+operating system does not use an nsswitch.conf file.
+.SS "Configuring netsvc.conf"
+.IX Subsection "Configuring netsvc.conf"
+On \s-1AIX\s0 systems, the \fI@netsvc_conf@\fR file is consulted instead of
+\&\fI@nsswitch_conf@\fR.  \fBsudo\fR simply treats \fInetsvc.conf\fR as a
+variant of \fInsswitch.conf\fR; information in the previous section
+unrelated to the file format itself still applies.
+.PP
+To consult \s-1LDAP\s0 first followed by the local sudoers file (if it
+exists), use:
+.PP
+.Vb 1
+\&    sudoers = ldap, files
+.Ve
+.PP
+The local \fIsudoers\fR file can be ignored completely by using:
+.PP
+.Vb 1
+\&    sudoers = ldap
+.Ve
+.PP
+To treat \s-1LDAP\s0 as authoratative and only use the local sudoers file
+if the user is not present in \s-1LDAP\s0, use:
+.PP
+.Vb 1
+\&    sudoers = ldap = auth, files
+.Ve
+.PP
+Note that in the above example, the \f(CW\*(C`auth\*(C'\fR qualfier only affects
+user lookups; both \s-1LDAP\s0 and \fIsudoers\fR will be queried for \f(CW\*(C`Defaults\*(C'\fR
+entries.
+.PP
+If the \fI@netsvc_conf@\fR file is not present or there is no
+sudoers line, the following default is assumed:
+.PP
+.Vb 1
+\&    sudoers = files
+.Ve
+.SH "FILES"
+.IX Header "FILES"
+.ie n .IP "\fI@ldap_conf@\fR" 24
+.el .IP "\fI@ldap_conf@\fR" 24
+.IX Item "@ldap_conf@"
+\&\s-1LDAP\s0 configuration file
+.ie n .IP "\fI@nsswitch_conf@\fR" 24
+.el .IP "\fI@nsswitch_conf@\fR" 24
+.IX Item "@nsswitch_conf@"
+determines sudoers source order
+.ie n .IP "\fI@netsvc_conf@\fR" 24
+.el .IP "\fI@netsvc_conf@\fR" 24
+.IX Item "@netsvc_conf@"
+determines sudoers source order on \s-1AIX\s0
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+.SS "Example ldap.conf"
+.IX Subsection "Example ldap.conf"
+.Vb 10
+\&  # Either specify one or more URIs or one or more host:port pairs.
+\&  # If neither is specified sudo will default to localhost, port 389.
+\&  #
+\&  #host          ldapserver
+\&  #host          ldapserver1 ldapserver2:390
+\&  #
+\&  # Default port if host is specified without one, defaults to 389.
+\&  #port          389
+\&  #
+\&  # URI will override the host and port settings.
+\&  uri            ldap://ldapserver
+\&  #uri            ldaps://secureldapserver
+\&  #uri            ldaps://secureldapserver ldap://ldapserver
+\&  #
+\&  # The amount of time, in seconds, to wait while trying to connect to
+\&  # an LDAP server.
+\&  bind_timelimit 30
+\&  #
+\&  # The amount of time, in seconds, to wait while performing an LDAP query.
+\&  timelimit 30
+\&  #
+\&  # Must be set or sudo will ignore LDAP; may be specified multiple times.
+\&  sudoers_base   ou=SUDOers,dc=example,dc=com
+\&  #
+\&  # verbose sudoers matching from ldap
+\&  #sudoers_debug 2
+\&  #
+\&  # optional proxy credentials
+\&  #binddn        <who to search as>
+\&  #bindpw        <password>
+\&  #rootbinddn    <who to search as, uses /etc/ldap.secret for bindpw>
+\&  #
+\&  # LDAP protocol version, defaults to 3
+\&  #ldap_version 3
+\&  #
+\&  # Define if you want to use an encrypted LDAP connection.
+\&  # Typically, you must also set the port to 636 (ldaps).
+\&  #ssl on
+\&  #
+\&  # Define if you want to use port 389 and switch to
+\&  # encryption before the bind credentials are sent.
+\&  # Only supported by LDAP servers that support the start_tls
+\&  # extension such as OpenLDAP.
+\&  #ssl start_tls
+\&  #
+\&  # Additional TLS options follow that allow tweaking of the
+\&  # SSL/TLS connection.
+\&  #
+\&  #tls_checkpeer yes # verify server SSL certificate
+\&  #tls_checkpeer no  # ignore server SSL certificate
+\&  #
+\&  # If you enable tls_checkpeer, specify either tls_cacertfile
+\&  # or tls_cacertdir.  Only supported when using OpenLDAP.
+\&  #
+\&  #tls_cacertfile /etc/certs/trusted_signers.pem
+\&  #tls_cacertdir  /etc/certs
+\&  #
+\&  # For systems that don\*(Aqt have /dev/random
+\&  # use this along with PRNGD or EGD.pl to seed the
+\&  # random number pool to generate cryptographic session keys.
+\&  # Only supported when using OpenLDAP.
+\&  #
+\&  #tls_randfile /etc/egd\-pool
+\&  #
+\&  # You may restrict which ciphers are used.  Consult your SSL
+\&  # documentation for which options go here.
+\&  # Only supported when using OpenLDAP.
+\&  #
+\&  #tls_ciphers <cipher\-list>
+\&  #
+\&  # Sudo can provide a client certificate when communicating to
+\&  # the LDAP server.
+\&  # Tips:
+\&  #   * Enable both lines at the same time.
+\&  #   * Do not password protect the key file.
+\&  #   * Ensure the keyfile is only readable by root.
+\&  #
+\&  # For OpenLDAP:
+\&  #tls_cert /etc/certs/client_cert.pem
+\&  #tls_key  /etc/certs/client_key.pem
+\&  #
+\&  # For SunONE or iPlanet LDAP, tls_cert and tls_key may specify either
+\&  # a directory, in which case the files in the directory must have the
+\&  # default names (e.g. cert8.db and key4.db), or the path to the cert
+\&  # and key files themselves.  However, a bug in version 5.0 of the LDAP
+\&  # SDK will prevent specific file names from working.  For this reason
+\&  # it is suggested that tls_cert and tls_key be set to a directory,
+\&  # not a file name.
+\&  #
+\&  # The certificate database specified by tls_cert may contain CA certs
+\&  # and/or the client\*(Aqs cert.  If the client\*(Aqs cert is included, tls_key
+\&  # should be specified as well.
+\&  # For backward compatibility, "sslpath" may be used in place of tls_cert.
+\&  #tls_cert /var/ldap
+\&  #tls_key /var/ldap
+\&  #
+\&  # If using SASL authentication for LDAP (OpenSSL)
+\&  # use_sasl yes
+\&  # sasl_auth_id <SASL user name>
+\&  # rootuse_sasl yes
+\&  # rootsasl_auth_id <SASL user name for root access>
+\&  # sasl_secprops none
+\&  # krb5_ccname /etc/.ldapcache
+.Ve
+.SS "Sudo schema for OpenLDAP"
+.IX Subsection "Sudo schema for OpenLDAP"
+The following schema is in OpenLDAP format.  Simply copy it to the
+schema directory (e.g. \fI/etc/openldap/schema\fR), add the proper
+\&\f(CW\*(C`include\*(C'\fR line in \f(CW\*(C`slapd.conf\*(C'\fR and restart \fBslapd\fR.
+.PP
+.Vb 6
+\& attributetype ( 1.3.6.1.4.1.15953.9.1.1
+\&    NAME \*(AqsudoUser\*(Aq
+\&    DESC \*(AqUser(s) who may  run sudo\*(Aq
+\&    EQUALITY caseExactIA5Match
+\&    SUBSTR caseExactIA5SubstringsMatch
+\&    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+\&
+\& attributetype ( 1.3.6.1.4.1.15953.9.1.2
+\&    NAME \*(AqsudoHost\*(Aq
+\&    DESC \*(AqHost(s) who may run sudo\*(Aq
+\&    EQUALITY caseExactIA5Match
+\&    SUBSTR caseExactIA5SubstringsMatch
+\&    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+\&
+\& attributetype ( 1.3.6.1.4.1.15953.9.1.3
+\&    NAME \*(AqsudoCommand\*(Aq
+\&    DESC \*(AqCommand(s) to be executed by sudo\*(Aq
+\&    EQUALITY caseExactIA5Match
+\&    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+\&
+\& attributetype ( 1.3.6.1.4.1.15953.9.1.4
+\&    NAME \*(AqsudoRunAs\*(Aq
+\&    DESC \*(AqUser(s) impersonated by sudo\*(Aq
+\&    EQUALITY caseExactIA5Match
+\&    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+\&
+\& attributetype ( 1.3.6.1.4.1.15953.9.1.5
+\&    NAME \*(AqsudoOption\*(Aq
+\&    DESC \*(AqOptions(s) followed by sudo\*(Aq
+\&    EQUALITY caseExactIA5Match
+\&    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+\&
+\& attributetype ( 1.3.6.1.4.1.15953.9.1.6
+\&    NAME \*(AqsudoRunAsUser\*(Aq
+\&    DESC \*(AqUser(s) impersonated by sudo\*(Aq
+\&    EQUALITY caseExactIA5Match
+\&    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+\&
+\& attributetype ( 1.3.6.1.4.1.15953.9.1.7
+\&    NAME \*(AqsudoRunAsGroup\*(Aq
+\&    DESC \*(AqGroup(s) impersonated by sudo\*(Aq
+\&    EQUALITY caseExactIA5Match
+\&    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+\&
+\& objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME \*(AqsudoRole\*(Aq SUP top STRUCTURAL
+\&    DESC \*(AqSudoer Entries\*(Aq
+\&    MUST ( cn )
+\&    MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $
+\&          sudoRunAsGroup $ sudoOption $ description )
+\&    )
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIldap.conf\fR\|(@mansectform@), \fIsudoers\fR\|(5)
+.SH "CAVEATS"
+.IX Header "CAVEATS"
+The way that \fIsudoers\fR is parsed differs between Note that there
+are differences in the way that LDAP-based \fIsudoers\fR is parsed
+compared to file-based \fIsudoers\fR.  See the \*(L"Differences between
+\&\s-1LDAP\s0 and non-LDAP sudoers\*(R" section for more information.
+.SH "BUGS"
+.IX Header "BUGS"
+If you feel you have found a bug in \fBsudo\fR, please submit a bug report
+at http://www.sudo.ws/sudo/bugs/
+.SH "SUPPORT"
+.IX Header "SUPPORT"
+Limited free support is available via the sudo-users mailing list,
+see http://www.sudo.ws/mailman/listinfo/sudo\-users to subscribe or
+search the archives.
+.SH "DISCLAIMER"
+.IX Header "DISCLAIMER"
+\&\fBsudo\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties,
+including, but not limited to, the implied warranties of merchantability
+and fitness for a particular purpose are disclaimed.  See the \s-1LICENSE\s0
+file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html
+for complete details.
diff --git a/sudo-1.7.4p4/sudoers.ldap.pod b/sudo-1.7.4p4/sudoers.ldap.pod
new file mode 100644
index 0000000..f7a39c9
--- /dev/null
+++ b/sudo-1.7.4p4/sudoers.ldap.pod
@@ -0,0 +1,742 @@
+Copyright (c) 2003-2010
+	Todd C. Miller <Todd.Miller@courtesan.com>
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+=pod
+
+=head1 NAME
+
+sudoers.ldap - sudo LDAP configuration
+
+=head1 DESCRIPTION
+
+In addition to the standard I<sudoers> file, B<sudo> may be configured
+via LDAP.  This can be especially useful for synchronizing I<sudoers>
+in a large, distributed environment.
+
+Using LDAP for I<sudoers> has several benefits:
+
+=over 4
+
+=item *
+
+B<sudo> no longer needs to read I<sudoers> in its entirety.  When
+LDAP is used, there are only two or three LDAP queries per invocation.
+This makes it especially fast and particularly usable in LDAP
+environments.
+
+=item *
+
+B<sudo> no longer exits if there is a typo in I<sudoers>.
+It is not possible to load LDAP data into the server that does
+not conform to the sudoers schema, so proper syntax is guaranteed.
+It is still possible to have typos in a user or host name, but
+this will not prevent B<sudo> from running.
+
+=item *
+
+It is possible to specify per-entry options that override the global
+default options.  F<@sysconfdir@/sudoers> only supports default options and
+limited options associated with user/host/commands/aliases.  The
+syntax is complicated and can be difficult for users to understand.
+Placing the options directly in the entry is more natural.
+
+=item *
+
+The B<visudo> program is no longer needed.  B<visudo> provides
+locking and syntax checking of the F<@sysconfdir@/sudoers> file.
+Since LDAP updates are atomic, locking is no longer necessary.
+Because syntax is checked when the data is inserted into LDAP, there
+is no need for a specialized tool to check syntax.
+
+=back
+
+Another major difference between LDAP and file-based I<sudoers>
+is that in LDAP, B<sudo>-specific Aliases are not supported.
+
+For the most part, there is really no need for B<sudo>-specific
+Aliases.  Unix groups or user netgroups can be used in place of
+User_Aliases and RunasAliases.  Host netgroups can be used in place
+of HostAliases.  Since Unix groups and netgroups can also be stored
+in LDAP there is no real need for B<sudo>-specific aliases.
+
+Cmnd_Aliases are not really required either since it is possible
+to have multiple users listed in a sudoRole.  Instead of defining
+a Cmnd_Alias that is referenced by multiple users, one can create
+a sudoRole that contains the commands and assign multiple users
+to it.
+
+=head2 SUDOers LDAP container
+
+The I<sudoers> configuration is contained in the C<ou=SUDOers> LDAP
+container.
+
+Sudo first looks for the C<cn=default> entry in the SUDOers container.
+If found, the multi-valued C<sudoOption> attribute is parsed in the
+same manner as a global C<Defaults> line in F<@sysconfdir@/sudoers>.  In
+the following example, the C<SSH_AUTH_SOCK> variable will be preserved
+in the environment for all users.
+
+    dn: cn=defaults,ou=SUDOers,dc=example,dc=com
+    objectClass: top
+    objectClass: sudoRole
+    cn: defaults
+    description: Default sudoOption's go here
+    sudoOption: env_keep+=SSH_AUTH_SOCK
+ 
+The equivalent of a sudoer in LDAP is a C<sudoRole>.  It consists of
+the following components:
+
+=over 4
+
+=item B<sudoUser>
+
+A user name, uid (prefixed with C<'#'>), Unix group (prefixed with
+a C<'%'>) or user netgroup (prefixed with a C<'+'>).
+
+=item B<sudoHost>
+
+A host name, IP address, IP network, or host netgroup (prefixed
+with a C<'+'>).
+The special value C<ALL> will match any host.
+
+=item B<sudoCommand>
+
+A Unix command with optional command line arguments, potentially
+including globbing characters (aka wild cards).
+The special value C<ALL> will match any command.
+If a command is prefixed with an exclamation point C<'!'>, the
+user will be prohibited from running that command.
+
+=item B<sudoOption>
+
+Identical in function to the global options described above, but
+specific to the C<sudoRole> in which it resides.
+
+=item B<sudoRunAsUser>
+
+A user name or uid (prefixed with C<'#'>) that commands may be run
+as or a Unix group (prefixed with a C<'%'>) or user netgroup (prefixed
+with a C<'+'>) that contains a list of users that commands may be
+run as.
+The special value C<ALL> will match any user.
+
+=item B<sudoRunAsGroup>
+
+A Unix group or gid (prefixed with C<'#'>) that commands may be run as.
+The special value C<ALL> will match any group.
+
+=back
+
+Each component listed above should contain a single value, but there
+may be multiple instances of each component type.  A sudoRole must
+contain at least one C<sudoUser>, C<sudoHost> and C<sudoCommand>.
+
+The following example allows users in group wheel to run any command
+on any host via B<sudo>:
+
+    dn: cn=%wheel,ou=SUDOers,dc=example,dc=com
+    objectClass: top
+    objectClass: sudoRole
+    cn: %wheel
+    sudoUser: %wheel
+    sudoHost: ALL
+    sudoCommand: ALL
+
+=head2 Anatomy of LDAP sudoers lookup
+
+When looking up a sudoer using LDAP there are only two or three
+LDAP queries per invocation.  The first query is to parse the global
+options.  The second is to match against the user's name and the
+groups that the user belongs to.  (The special ALL tag is matched
+in this query too.)  If no match is returned for the user's name
+and groups, a third query returns all entries containing user
+netgroups and checks to see if the user belongs to any of them.
+
+=head2 Differences between LDAP and non-LDAP sudoers
+
+There are some subtle differences in the way sudoers is handled
+once in LDAP.  Probably the biggest is that according to the RFC,
+LDAP ordering is arbitrary and you cannot expect that Attributes
+and Entries are returned in any specific order.  If there are
+conflicting command rules on an entry, the negative takes precedence.
+This is called paranoid behavior (not necessarily the most specific
+match).
+
+Here is an example:
+
+    # /etc/sudoers:
+    # Allow all commands except shell
+    johnny  ALL=(root) ALL,!/bin/sh
+    # Always allows all commands because ALL is matched last
+    puddles ALL=(root) !/bin/sh,ALL
+
+    # LDAP equivalent of johnny
+    # Allows all commands except shell
+    dn: cn=role1,ou=Sudoers,dc=my-domain,dc=com
+    objectClass: sudoRole
+    objectClass: top
+    cn: role1
+    sudoUser: johnny
+    sudoHost: ALL
+    sudoCommand: ALL
+    sudoCommand: !/bin/sh
+
+    # LDAP equivalent of puddles
+    # Notice that even though ALL comes last, it still behaves like
+    # role1 since the LDAP code assumes the more paranoid configuration
+    dn: cn=role2,ou=Sudoers,dc=my-domain,dc=com
+    objectClass: sudoRole
+    objectClass: top
+    cn: role2
+    sudoUser: puddles
+    sudoHost: ALL
+    sudoCommand: !/bin/sh
+    sudoCommand: ALL
+
+Another difference is that negations on the Host, User or Runas are
+currently ignorred.  For example, the following attributes do not
+behave the way one might expect.
+
+    # does not match all but joe
+    # rather, does not match anyone
+    sudoUser: !joe
+
+    # does not match all but joe
+    # rather, matches everyone including Joe
+    sudoUser: ALL
+    sudoUser: !joe
+
+    # does not match all but web01
+    # rather, matches all hosts including web01
+    sudoHost: ALL
+    sudoHost: !web01
+
+=head2 Sudoers Schema
+
+In order to use B<sudo>'s LDAP support, the B<sudo> schema must be
+installed on your LDAP server.  In addition, be sure to index the
+'sudoUser' attribute.
+
+Three versions of the schema: one for OpenLDAP servers (F<schema.OpenLDAP>),
+one for Netscape-derived servers (F<schema.iPlanet>), and one for
+Microsoft Active Directory (F<schema.ActiveDirectory>) may
+be found in the B<sudo> distribution.
+
+The schema for B<sudo> in OpenLDAP form is included in the L<EXAMPLES>
+section.
+
+=head2 Configuring ldap.conf
+
+Sudo reads the F<@ldap_conf@> file for LDAP-specific configuration.
+Typically, this file is shared amongst different LDAP-aware clients.
+As such, most of the settings are not B<sudo>-specific.  Note that
+B<sudo> parses F<@ldap_conf@> itself and may support options
+that differ from those described in the L<ldap.conf(5)> manual.
+
+Also note that on systems using the OpenLDAP libraries, default
+values specified in F</etc/openldap/ldap.conf> or the user's
+F<.ldaprc> files are not used.
+
+Only those options explicitly listed in F<@ldap_conf@> that are
+supported by B<sudo> are honored.  Configuration options are listed
+below in upper case but are parsed in a case-independent manner.
+
+=over 4
+
+=item B<URI> ldap[s]://[hostname[:port]] ...
+
+Specifies a whitespace-delimited list of one or more URIs describing
+the LDAP server(s) to connect to.  The I<protocol> may be either
+B<ldap> or B<ldaps>, the latter being for servers that support TLS
+(SSL) encryption.  If no I<port> is specified, the default is port
+389 for C<ldap://> or port 636 for C<ldaps://>.  If no I<hostname>
+is specified, B<sudo> will connect to B<localhost>.  Multiple B<URI>
+lines are treated identically to a B<URI> line containing multiple
+entries.  Only systems using the OpenSSL libraries support the
+mixing of C<ldap://> and C<ldaps://> URIs.  The Netscape-derived
+libraries used on most commercial versions of Unix are only capable
+of supporting one or the other.
+
+=item B<HOST> name[:port] ...
+
+If no B<URI> is specified, the B<HOST> parameter specifies a
+whitespace-delimited list of LDAP servers to connect to.  Each host
+may include an optional I<port> separated by a colon (':').  The
+B<HOST> parameter is deprecated in favor of the B<URI> specification
+and is included for backwards compatibility.
+
+=item B<PORT> port_number
+
+If no B<URI> is specified, the B<PORT> parameter specifies the
+default port to connect to on the LDAP server if a B<HOST> parameter
+does not specify the port itself.  If no B<PORT> parameter is used,
+the default is port 389 for LDAP and port 636 for LDAP over TLS
+(SSL).  The B<PORT> parameter is deprecated in favor of the B<URI>
+specification and is included for backwards compatibility.
+
+=item B<BIND_TIMELIMIT> seconds
+
+The B<BIND_TIMELIMIT> parameter specifies the amount of time, in seconds,
+to wait while trying to connect to an LDAP server.  If multiple B<URI>s or
+B<HOST>s are specified, this is the amount of time to wait before trying
+the next one in the list.
+
+=item B<TIMELIMIT> seconds
+
+The B<TIMELIMIT> parameter specifies the amount of time, in seconds,
+to wait for a response to an LDAP query.
+
+=item B<SUDOERS_BASE> base
+
+The base DN to use when performing B<sudo> LDAP queries.  Typically
+this is of the form C<ou=SUDOers,dc=example,dc=com> for the domain
+C<example.com>.  Multiple B<SUDOERS_BASE> lines may be specified,
+in which case they are queried in the order specified.
+
+=item B<SUDOERS_DEBUG> debug_level
+
+This sets the debug level for B<sudo> LDAP queries.  Debugging
+information is printed to the standard error.  A value of 1 results
+in a moderate amount of debugging information.  A value of 2 shows
+the results of the matches themselves.  This parameter should not
+be set in a production environment as the extra information is
+likely to confuse users.
+
+=item B<BINDDN> DN
+
+The B<BINDDN> parameter specifies the identity, in the form of a
+Distinguished Name (DN), to use when performing LDAP operations.
+If not specified, LDAP operations are performed with an anonymous
+identity.  By default, most LDAP servers will allow anonymous access.
+
+=item B<BINDPW> secret
+
+The B<BINDPW> parameter specifies the password to use when performing
+LDAP operations.  This is typically used in conjunction with the
+B<BINDDN> parameter.
+
+=item B<ROOTBINDDN> DN
+
+The B<ROOTBINDDN> parameter specifies the identity, in the form of
+a Distinguished Name (DN), to use when performing privileged LDAP
+operations, such as I<sudoers> queries.  The password corresponding
+to the identity should be stored in F<@ldap_secret@>.
+If not specified, the B<BINDDN> identity is used (if any).
+
+=item B<LDAP_VERSION> number
+
+The version of the LDAP protocol to use when connecting to the server.
+The default value is protocol version 3.
+
+=item B<SSL> on/true/yes/off/false/no
+
+If the B<SSL> parameter is set to C<on>, C<true> or C<yes>, TLS
+(SSL) encryption is always used when communicating with the LDAP
+server.  Typically, this involves connecting to the server on port
+636 (ldaps).
+
+=item B<SSL> start_tls
+
+If the B<SSL> parameter is set to C<start_tls>, the LDAP server
+connection is initiated normally and TLS encryption is begun before
+the bind credentials are sent.  This has the advantage of not
+requiring a dedicated port for encrypted communications.  This
+parameter is only supported by LDAP servers that honor the C<start_tls>
+extension, such as the OpenLDAP server.
+
+=item B<TLS_CHECKPEER> on/true/yes/off/false/no
+
+If enabled, B<TLS_CHECKPEER> will cause the LDAP server's TLS
+certificated to be verified.  If the server's TLS certificate cannot
+be verified (usually because it is signed by an unknown certificate
+authority), B<sudo> will be unable to connect to it.  If B<TLS_CHECKPEER>
+is disabled, no check is made.  Note that disabling the check creates
+an opportunity for man-in-the-middle attacks since the server's
+identity will not be authenticated.  If possible, the CA's certificate
+should be installed locally so it can be verified.
+
+=item B<TLS_CACERT> file name
+
+An alias for B<TLS_CACERTFILE>.
+
+=item B<TLS_CACERTFILE> file name
+
+The path to a certificate authority bundle which contains the certificates
+for all the Certificate Authorities the client knows to be valid,
+e.g. F</etc/ssl/ca-bundle.pem>.
+This option is only supported by the OpenLDAP libraries.
+Netscape-derived LDAP libraries use the same certificate
+database for CA and client certificates (see B<TLS_CERT>).
+
+=item B<TLS_CACERTDIR> directory
+
+Similar to B<TLS_CACERTFILE> but instead of a file, it is a
+directory containing individual Certificate Authority certificates,
+e.g. F</etc/ssl/certs>.
+The directory specified by B<TLS_CACERTDIR> is checked after
+B<TLS_CACERTFILE>.
+This option is only supported by the OpenLDAP libraries.
+
+=item B<TLS_CERT> file name
+
+The path to a file containing the client certificate which can
+be used to authenticate the client to the LDAP server.
+The certificate type depends on the LDAP libraries used.
+
+OpenLDAP:
+    C<tls_cert /etc/ssl/client_cert.pem>
+
+Netscape-derived:
+    C<tls_cert /var/ldap/cert7.db>
+
+When using Netscape-derived libraries, this file may also contain
+Certificate Authority certificates.
+
+=item B<TLS_KEY> file name
+
+The path to a file containing the private key which matches the
+certificate specified by B<TLS_CERT>.  The private key must not be
+password-protected.  The key type depends on the LDAP libraries
+used.
+
+OpenLDAP:
+    C<tls_key /etc/ssl/client_key.pem>
+
+Netscape-derived:
+    C<tls_key /var/ldap/key3.db>
+
+=item B<TLS_RANDFILE> file name
+
+The B<TLS_RANDFILE> parameter specifies the path to an entropy
+source for systems that lack a random device.  It is generally used
+in conjunction with I<prngd> or I<egd>.
+This option is only supported by the OpenLDAP libraries.
+
+=item B<TLS_CIPHERS> cipher list
+
+The B<TLS_CIPHERS> parameter allows the administer to restrict
+which encryption algorithms may be used for TLS (SSL) connections.
+See the OpenSSL manual for a list of valid ciphers.
+This option is only supported by the OpenLDAP libraries.
+
+=item B<USE_SASL> on/true/yes/off/false/no
+
+Enable B<USE_SASL> for LDAP servers that support SASL authentication.
+
+=item B<SASL_AUTH_ID> identity
+
+The SASL user name to use when connecting to the LDAP server.
+By default, B<sudo> will use an anonymous connection.
+
+=item B<ROOTUSE_SASL> on/true/yes/off/false/no
+
+Enable B<ROOTUSE_SASL> to enable SASL authentication when connecting
+to an LDAP server from a privileged process, such as B<sudo>.
+
+=item B<ROOTSASL_AUTH_ID> identity
+
+The SASL user name to use when B<ROOTUSE_SASL> is enabled.
+
+=item B<SASL_SECPROPS> none/properties
+
+SASL security properties or I<none> for no properties.  See the
+SASL programmer's manual for details.
+
+=item B<KRB5_CCNAME> file name
+
+The path to the Kerberos 5 credential cache to use when authenticating
+with the remote server.
+
+=back
+
+See the C<ldap.conf> entry in the L<EXAMPLES> section.
+
+=head2 Configuring nsswitch.conf
+
+Unless it is disabled at build time, B<sudo> consults the Name
+Service Switch file, F<@nsswitch_conf@>, to specify the I<sudoers>
+search order.  Sudo looks for a line beginning with C<sudoers>: and
+uses this to determine the search order.  Note that B<sudo> does
+not stop searching after the first match and later matches take
+precedence over earlier ones.
+
+The following sources are recognized:
+
+    files	read sudoers from F<@sysconfdir@/sudoers>
+    ldap	read sudoers from LDAP
+
+In addition, the entry C<[NOTFOUND=return]> will short-circuit the
+search if the user was not found in the preceding source.
+
+To consult LDAP first followed by the local sudoers file (if it
+exists), use:
+
+    sudoers: ldap files
+
+The local I<sudoers> file can be ignored completely by using:
+
+    sudoers: ldap
+
+If the F<@nsswitch_conf@> file is not present or there is no
+sudoers line, the following default is assumed:
+
+    sudoers: files
+
+Note that F<@nsswitch_conf@> is supported even when the underlying
+operating system does not use an nsswitch.conf file.
+
+=head2 Configuring netsvc.conf
+
+On AIX systems, the F<@netsvc_conf@> file is consulted instead of
+F<@nsswitch_conf@>.  B<sudo> simply treats I<netsvc.conf> as a
+variant of I<nsswitch.conf>; information in the previous section
+unrelated to the file format itself still applies.
+
+To consult LDAP first followed by the local sudoers file (if it
+exists), use:
+
+    sudoers = ldap, files
+
+The local I<sudoers> file can be ignored completely by using:
+
+    sudoers = ldap
+
+To treat LDAP as authoratative and only use the local sudoers file
+if the user is not present in LDAP, use:
+
+    sudoers = ldap = auth, files
+
+Note that in the above example, the C<auth> qualfier only affects
+user lookups; both LDAP and I<sudoers> will be queried for C<Defaults>
+entries.
+
+If the F<@netsvc_conf@> file is not present or there is no
+sudoers line, the following default is assumed:
+
+    sudoers = files
+
+=head1 FILES
+
+=over 24
+
+=item F<@ldap_conf@>
+
+LDAP configuration file
+
+=item F<@nsswitch_conf@>
+
+determines sudoers source order
+
+=item F<@netsvc_conf@>
+
+determines sudoers source order on AIX
+
+=back
+
+=head1 EXAMPLES
+
+=head2 Example ldap.conf
+
+  # Either specify one or more URIs or one or more host:port pairs.
+  # If neither is specified sudo will default to localhost, port 389.
+  #
+  #host          ldapserver
+  #host          ldapserver1 ldapserver2:390
+  #
+  # Default port if host is specified without one, defaults to 389.
+  #port          389
+  #
+  # URI will override the host and port settings.
+  uri            ldap://ldapserver
+  #uri            ldaps://secureldapserver
+  #uri            ldaps://secureldapserver ldap://ldapserver
+  #
+  # The amount of time, in seconds, to wait while trying to connect to
+  # an LDAP server.
+  bind_timelimit 30
+  #
+  # The amount of time, in seconds, to wait while performing an LDAP query.
+  timelimit 30
+  #
+  # Must be set or sudo will ignore LDAP; may be specified multiple times.
+  sudoers_base   ou=SUDOers,dc=example,dc=com
+  #
+  # verbose sudoers matching from ldap
+  #sudoers_debug 2
+  #
+  # optional proxy credentials
+  #binddn        <who to search as>
+  #bindpw        <password>
+  #rootbinddn    <who to search as, uses /etc/ldap.secret for bindpw>
+  #
+  # LDAP protocol version, defaults to 3
+  #ldap_version 3
+  #
+  # Define if you want to use an encrypted LDAP connection.
+  # Typically, you must also set the port to 636 (ldaps).
+  #ssl on
+  #
+  # Define if you want to use port 389 and switch to
+  # encryption before the bind credentials are sent.
+  # Only supported by LDAP servers that support the start_tls
+  # extension such as OpenLDAP.
+  #ssl start_tls
+  #
+  # Additional TLS options follow that allow tweaking of the
+  # SSL/TLS connection.
+  #
+  #tls_checkpeer yes # verify server SSL certificate
+  #tls_checkpeer no  # ignore server SSL certificate
+  #
+  # If you enable tls_checkpeer, specify either tls_cacertfile
+  # or tls_cacertdir.  Only supported when using OpenLDAP.
+  #
+  #tls_cacertfile /etc/certs/trusted_signers.pem
+  #tls_cacertdir  /etc/certs
+  #
+  # For systems that don't have /dev/random
+  # use this along with PRNGD or EGD.pl to seed the
+  # random number pool to generate cryptographic session keys.
+  # Only supported when using OpenLDAP.
+  #
+  #tls_randfile /etc/egd-pool
+  #
+  # You may restrict which ciphers are used.  Consult your SSL
+  # documentation for which options go here.
+  # Only supported when using OpenLDAP.
+  #
+  #tls_ciphers <cipher-list>
+  #
+  # Sudo can provide a client certificate when communicating to
+  # the LDAP server.
+  # Tips:
+  #   * Enable both lines at the same time.
+  #   * Do not password protect the key file.
+  #   * Ensure the keyfile is only readable by root.
+  #
+  # For OpenLDAP:
+  #tls_cert /etc/certs/client_cert.pem
+  #tls_key  /etc/certs/client_key.pem
+  #
+  # For SunONE or iPlanet LDAP, tls_cert and tls_key may specify either
+  # a directory, in which case the files in the directory must have the
+  # default names (e.g. cert8.db and key4.db), or the path to the cert
+  # and key files themselves.  However, a bug in version 5.0 of the LDAP
+  # SDK will prevent specific file names from working.  For this reason
+  # it is suggested that tls_cert and tls_key be set to a directory,
+  # not a file name.
+  #
+  # The certificate database specified by tls_cert may contain CA certs
+  # and/or the client's cert.  If the client's cert is included, tls_key
+  # should be specified as well.
+  # For backward compatibility, "sslpath" may be used in place of tls_cert.
+  #tls_cert /var/ldap
+  #tls_key /var/ldap
+  #
+  # If using SASL authentication for LDAP (OpenSSL)
+  # use_sasl yes
+  # sasl_auth_id <SASL user name>
+  # rootuse_sasl yes
+  # rootsasl_auth_id <SASL user name for root access>
+  # sasl_secprops none
+  # krb5_ccname /etc/.ldapcache
+
+=head2 Sudo schema for OpenLDAP 
+
+The following schema is in OpenLDAP format.  Simply copy it to the
+schema directory (e.g. F</etc/openldap/schema>), add the proper
+C<include> line in C<slapd.conf> and restart B<slapd>.
+
+ attributetype ( 1.3.6.1.4.1.15953.9.1.1
+    NAME 'sudoUser'
+    DESC 'User(s) who may  run sudo'
+    EQUALITY caseExactIA5Match
+    SUBSTR caseExactIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+ attributetype ( 1.3.6.1.4.1.15953.9.1.2
+    NAME 'sudoHost'
+    DESC 'Host(s) who may run sudo'
+    EQUALITY caseExactIA5Match
+    SUBSTR caseExactIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+ attributetype ( 1.3.6.1.4.1.15953.9.1.3
+    NAME 'sudoCommand'
+    DESC 'Command(s) to be executed by sudo'
+    EQUALITY caseExactIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+ attributetype ( 1.3.6.1.4.1.15953.9.1.4
+    NAME 'sudoRunAs'
+    DESC 'User(s) impersonated by sudo'
+    EQUALITY caseExactIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+ attributetype ( 1.3.6.1.4.1.15953.9.1.5
+    NAME 'sudoOption'
+    DESC 'Options(s) followed by sudo'
+    EQUALITY caseExactIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+ attributetype ( 1.3.6.1.4.1.15953.9.1.6
+    NAME 'sudoRunAsUser'
+    DESC 'User(s) impersonated by sudo'
+    EQUALITY caseExactIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+ attributetype ( 1.3.6.1.4.1.15953.9.1.7
+    NAME 'sudoRunAsGroup'
+    DESC 'Group(s) impersonated by sudo'
+    EQUALITY caseExactIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+ objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL
+    DESC 'Sudoer Entries'
+    MUST ( cn )
+    MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $
+	  sudoRunAsGroup $ sudoOption $ description )
+    )
+
+=head1 SEE ALSO
+
+L<ldap.conf(5)>, L<sudoers(5)>
+
+=head1 CAVEATS
+
+The way that I<sudoers> is parsed differs between Note that there
+are differences in the way that LDAP-based I<sudoers> is parsed
+compared to file-based I<sudoers>.  See the L<Differences between
+LDAP and non-LDAP sudoers> section for more information.
+
+=head1 BUGS
+
+If you feel you have found a bug in B<sudo>, please submit a bug report
+at http://www.sudo.ws/sudo/bugs/
+
+=head1 SUPPORT
+
+Limited free support is available via the sudo-users mailing list,
+see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
+search the archives.
+
+=head1 DISCLAIMER
+
+B<sudo> is provided ``AS IS'' and any express or implied warranties,
+including, but not limited to, the implied warranties of merchantability
+and fitness for a particular purpose are disclaimed.  See the LICENSE
+file distributed with B<sudo> or http://www.sudo.ws/sudo/license.html
+for complete details.
diff --git a/sudo-1.7.4p4/sudoers.man.in b/sudo-1.7.4p4/sudoers.man.in
new file mode 100644
index 0000000..5dff200
--- /dev/null
+++ b/sudo-1.7.4p4/sudoers.man.in
@@ -0,0 +1,1758 @@
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2010
+.\" 	Todd C. Miller <Todd.Miller@courtesan.com>
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\" 
+.\" Sponsored in part by the Defense Advanced Research Projects
+.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
+.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
+.\" 
+.nr SL @SEMAN@
+.nr BA @BAMAN@
+.nr LC @LCMAN@
+.\"
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` 
+.    ds C' 
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SUDOERS @mansectform@"
+.TH SUDOERS @mansectform@ "July 21, 2010" "1.7.4" "MAINTENANCE COMMANDS"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+sudoers \- list of which users may execute what
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+The \fIsudoers\fR file is composed of two types of entries: aliases
+(basically variables) and user specifications (which specify who
+may run what).
+.PP
+When multiple entries match for a user, they are applied in order.
+Where there are multiple matches, the last match is used (which is
+not necessarily the most specific match).
+.PP
+The \fIsudoers\fR grammar will be described below in Extended Backus-Naur
+Form (\s-1EBNF\s0).  Don't despair if you don't know what \s-1EBNF\s0 is; it is
+fairly simple, and the definitions below are annotated.
+.SS "Quick guide to \s-1EBNF\s0"
+.IX Subsection "Quick guide to EBNF"
+\&\s-1EBNF\s0 is a concise and exact way of describing the grammar of a language.
+Each \s-1EBNF\s0 definition is made up of \fIproduction rules\fR.  E.g.,
+.PP
+.Vb 1
+\& symbol ::= definition | alternate1 | alternate2 ...
+.Ve
+.PP
+Each \fIproduction rule\fR references others and thus makes up a
+grammar for the language.  \s-1EBNF\s0 also contains the following
+operators, which many readers will recognize from regular
+expressions.  Do not, however, confuse them with \*(L"wildcard\*(R"
+characters, which have different meanings.
+.ie n .IP "\*(C`?\*(C'" 4
+.el .IP "\f(CW\*(C`?\*(C'\fR" 4
+.IX Item "?"
+Means that the preceding symbol (or group of symbols) is optional.
+That is, it may appear once or not at all.
+.ie n .IP "\*(C`*\*(C'" 4
+.el .IP "\f(CW\*(C`*\*(C'\fR" 4
+.IX Item "*"
+Means that the preceding symbol (or group of symbols) may appear
+zero or more times.
+.ie n .IP "\*(C`+\*(C'" 4
+.el .IP "\f(CW\*(C`+\*(C'\fR" 4
+.IX Item "+"
+Means that the preceding symbol (or group of symbols) may appear
+one or more times.
+.PP
+Parentheses may be used to group symbols together.  For clarity,
+we will use single quotes ('') to designate what is a verbatim character
+string (as opposed to a symbol name).
+.SS "Aliases"
+.IX Subsection "Aliases"
+There are four kinds of aliases: \f(CW\*(C`User_Alias\*(C'\fR, \f(CW\*(C`Runas_Alias\*(C'\fR,
+\&\f(CW\*(C`Host_Alias\*(C'\fR and \f(CW\*(C`Cmnd_Alias\*(C'\fR.
+.PP
+.Vb 4
+\& Alias ::= \*(AqUser_Alias\*(Aq  User_Alias (\*(Aq:\*(Aq User_Alias)* |
+\&           \*(AqRunas_Alias\*(Aq Runas_Alias (\*(Aq:\*(Aq Runas_Alias)* |
+\&           \*(AqHost_Alias\*(Aq  Host_Alias (\*(Aq:\*(Aq Host_Alias)* |
+\&           \*(AqCmnd_Alias\*(Aq  Cmnd_Alias (\*(Aq:\*(Aq Cmnd_Alias)*
+\&
+\& User_Alias ::= NAME \*(Aq=\*(Aq User_List
+\&
+\& Runas_Alias ::= NAME \*(Aq=\*(Aq Runas_List
+\&
+\& Host_Alias ::= NAME \*(Aq=\*(Aq Host_List
+\&
+\& Cmnd_Alias ::= NAME \*(Aq=\*(Aq Cmnd_List
+\&
+\& NAME ::= [A\-Z]([A\-Z][0\-9]_)*
+.Ve
+.PP
+Each \fIalias\fR definition is of the form
+.PP
+.Vb 1
+\& Alias_Type NAME = item1, item2, ...
+.Ve
+.PP
+where \fIAlias_Type\fR is one of \f(CW\*(C`User_Alias\*(C'\fR, \f(CW\*(C`Runas_Alias\*(C'\fR, \f(CW\*(C`Host_Alias\*(C'\fR,
+or \f(CW\*(C`Cmnd_Alias\*(C'\fR.  A \f(CW\*(C`NAME\*(C'\fR is a string of uppercase letters, numbers,
+and underscore characters ('_').  A \f(CW\*(C`NAME\*(C'\fR \fBmust\fR start with an
+uppercase letter.  It is possible to put several alias definitions
+of the same type on a single line, joined by a colon (':').  E.g.,
+.PP
+.Vb 1
+\& Alias_Type NAME = item1, item2, item3 : NAME = item4, item5
+.Ve
+.PP
+The definitions of what constitutes a valid \fIalias\fR member follow.
+.PP
+.Vb 2
+\& User_List ::= User |
+\&               User \*(Aq,\*(Aq User_List
+\&
+\& User ::= \*(Aq!\*(Aq* user name |
+\&          \*(Aq!\*(Aq* \*(Aq#\*(Aquid |
+\&          \*(Aq!\*(Aq* \*(Aq%\*(Aqgroup |
+\&          \*(Aq!\*(Aq* \*(Aq+\*(Aqnetgroup |
+\&          \*(Aq!\*(Aq* \*(Aq%:\*(Aqnonunix_group |
+\&          \*(Aq!\*(Aq* User_Alias
+.Ve
+.PP
+A \f(CW\*(C`User_List\*(C'\fR is made up of one or more user names, uids (prefixed
+with '#'), system groups (prefixed with '%'), netgroups (prefixed
+with '+') and \f(CW\*(C`User_Alias\*(C'\fRes.  Each list item may be prefixed with
+zero or more '!' operators.  An odd number of '!' operators negate
+the value of the item; an even number just cancel each other out.
+.PP
+A \f(CW\*(C`user name\*(C'\fR, \f(CW\*(C`group\*(C'\fR, \f(CW\*(C`netgroup\*(C'\fR or \f(CW\*(C`nonunix_group\*(C'\fR may
+be enclosed in double quotes to avoid the need for escaping special
+characters.  Alternately, special characters may be specified in
+escaped hex mode, e.g. \ex20 for space.
+.PP
+The \f(CW\*(C`nonunix_group\*(C'\fR syntax depends on the underlying implementation.
+For instance, the \s-1QAS\s0 \s-1AD\s0 backend supports the following formats:
+.IP "\(bu" 4
+Group in the same domain: \*(L"Group Name\*(R"
+.IP "\(bu" 4
+Group in any domain: \*(L"Group Name@FULLY.QUALIFIED.DOMAIN\*(R"
+.IP "\(bu" 4
+Group \s-1SID:\s0 \*(L"S\-1\-2\-34\-5678901234\-5678901234\-5678901234\-567\*(R"
+.PP
+Note that quotes around group names are optional.  Unquoted strings must
+use a backslash (\e) to escape spaces and the '@' symbol.
+.PP
+.Vb 2
+\& Runas_List ::= Runas_Member |
+\&                Runas_Member \*(Aq,\*(Aq Runas_List
+\&
+\& Runas_Member ::= \*(Aq!\*(Aq* user name |
+\&                  \*(Aq!\*(Aq* \*(Aq#\*(Aquid |
+\&                  \*(Aq!\*(Aq* \*(Aq%\*(Aqgroup |
+\&                  \*(Aq!\*(Aq* +netgroup |
+\&                  \*(Aq!\*(Aq* Runas_Alias
+.Ve
+.PP
+A \f(CW\*(C`Runas_List\*(C'\fR is similar to a \f(CW\*(C`User_List\*(C'\fR except that instead
+of \f(CW\*(C`User_Alias\*(C'\fRes it can contain \f(CW\*(C`Runas_Alias\*(C'\fRes.  Note that
+user names and groups are matched as strings.  In other words, two
+users (groups) with the same uid (gid) are considered to be distinct.
+If you wish to match all user names with the same uid (e.g.\ root
+and toor), you can use a uid instead (#0 in the example given).
+.PP
+.Vb 2
+\& Host_List ::= Host |
+\&               Host \*(Aq,\*(Aq Host_List
+\&
+\& Host ::= \*(Aq!\*(Aq* host name |
+\&          \*(Aq!\*(Aq* ip_addr |
+\&          \*(Aq!\*(Aq* network(/netmask)? |
+\&          \*(Aq!\*(Aq* \*(Aq+\*(Aqnetgroup |
+\&          \*(Aq!\*(Aq* Host_Alias
+.Ve
+.PP
+A \f(CW\*(C`Host_List\*(C'\fR is made up of one or more host names, \s-1IP\s0 addresses,
+network numbers, netgroups (prefixed with '+') and other aliases.
+Again, the value of an item may be negated with the '!' operator.
+If you do not specify a netmask along with the network number,
+\&\fBsudo\fR will query each of the local host's network interfaces and,
+if the network number corresponds to one of the hosts's network
+interfaces, the corresponding netmask will be used.  The netmask
+may be specified either in standard \s-1IP\s0 address notation
+(e.g.\ 255.255.255.0 or ffff:ffff:ffff:ffff::),
+or \s-1CIDR\s0 notation (number of bits, e.g.\ 24 or 64).  A host name may
+include shell-style wildcards (see the Wildcards section below),
+but unless the \f(CW\*(C`host name\*(C'\fR command on your machine returns the fully
+qualified host name, you'll need to use the \fIfqdn\fR option for
+wildcards to be useful.  Note \fBsudo\fR only inspects actual network
+interfaces; this means that \s-1IP\s0 address 127.0.0.1 (localhost) will
+never match.  Also, the host name \*(L"localhost\*(R" will only match if
+that is the actual host name, which is usually only the case for
+non-networked systems.
+.PP
+.Vb 2
+\& Cmnd_List ::= Cmnd |
+\&               Cmnd \*(Aq,\*(Aq Cmnd_List
+\&
+\& commandname ::= file name |
+\&                 file name args |
+\&                 file name \*(Aq""\*(Aq
+\&
+\& Cmnd ::= \*(Aq!\*(Aq* commandname |
+\&          \*(Aq!\*(Aq* directory |
+\&          \*(Aq!\*(Aq* "sudoedit" |
+\&          \*(Aq!\*(Aq* Cmnd_Alias
+.Ve
+.PP
+A \f(CW\*(C`Cmnd_List\*(C'\fR is a list of one or more commandnames, directories, and other
+aliases.  A commandname is a fully qualified file name which may include
+shell-style wildcards (see the Wildcards section below).  A simple
+file name allows the user to run the command with any arguments he/she
+wishes.  However, you may also specify command line arguments (including
+wildcards).  Alternately, you can specify \f(CW""\fR to indicate that the command
+may only be run \fBwithout\fR command line arguments.  A directory is a
+fully qualified path name ending in a '/'.  When you specify a directory
+in a \f(CW\*(C`Cmnd_List\*(C'\fR, the user will be able to run any file within that directory
+(but not in any subdirectories therein).
+.PP
+If a \f(CW\*(C`Cmnd\*(C'\fR has associated command line arguments, then the arguments
+in the \f(CW\*(C`Cmnd\*(C'\fR must match exactly those given by the user on the command line
+(or match the wildcards if there are any).  Note that the following
+characters must be escaped with a '\e' if they are used in command
+arguments: ',', ':', '=', '\e'.  The special command \f(CW"sudoedit"\fR
+is used to permit a user to run \fBsudo\fR with the \fB\-e\fR option (or
+as \fBsudoedit\fR).  It may take command line arguments just as
+a normal command does.
+.SS "Defaults"
+.IX Subsection "Defaults"
+Certain configuration options may be changed from their default
+values at runtime via one or more \f(CW\*(C`Default_Entry\*(C'\fR lines.  These
+may affect all users on any host, all users on a specific host, a
+specific user, a specific command, or commands being run as a specific user.
+Note that per-command entries may not include command line arguments.
+If you need to specify arguments, define a \f(CW\*(C`Cmnd_Alias\*(C'\fR and reference
+that instead.
+.PP
+.Vb 5
+\& Default_Type ::= \*(AqDefaults\*(Aq |
+\&                  \*(AqDefaults\*(Aq \*(Aq@\*(Aq Host_List |
+\&                  \*(AqDefaults\*(Aq \*(Aq:\*(Aq User_List |
+\&                  \*(AqDefaults\*(Aq \*(Aq!\*(Aq Cmnd_List |
+\&                  \*(AqDefaults\*(Aq \*(Aq>\*(Aq Runas_List
+\&
+\& Default_Entry ::= Default_Type Parameter_List
+\&
+\& Parameter_List ::= Parameter |
+\&                    Parameter \*(Aq,\*(Aq Parameter_List
+\&
+\& Parameter ::= Parameter \*(Aq=\*(Aq Value |
+\&               Parameter \*(Aq+=\*(Aq Value |
+\&               Parameter \*(Aq\-=\*(Aq Value |
+\&               \*(Aq!\*(Aq* Parameter
+.Ve
+.PP
+Parameters may be \fBflags\fR, \fBinteger\fR values, \fBstrings\fR, or \fBlists\fR.
+Flags are implicitly boolean and can be turned off via the '!'
+operator.  Some integer, string and list parameters may also be
+used in a boolean context to disable them.  Values may be enclosed
+in double quotes (\f(CW\*(C`"\*(C'\fR) when they contain multiple words.  Special
+characters may be escaped with a backslash (\f(CW\*(C`\e\*(C'\fR).
+.PP
+Lists have two additional assignment operators, \f(CW\*(C`+=\*(C'\fR and \f(CW\*(C`\-=\*(C'\fR.
+These operators are used to add to and delete from a list respectively.
+It is not an error to use the \f(CW\*(C`\-=\*(C'\fR operator to remove an element
+that does not exist in a list.
+.PP
+Defaults entries are parsed in the following order: generic, host
+and user Defaults first, then runas Defaults and finally command
+defaults.
+.PP
+See \*(L"\s-1SUDOERS\s0 \s-1OPTIONS\s0\*(R" for a list of supported Defaults parameters.
+.SS "User Specification"
+.IX Subsection "User Specification"
+.Vb 2
+\& User_Spec ::= User_List Host_List \*(Aq=\*(Aq Cmnd_Spec_List \e
+\&               (\*(Aq:\*(Aq Host_List \*(Aq=\*(Aq Cmnd_Spec_List)*
+\&
+\& Cmnd_Spec_List ::= Cmnd_Spec |
+\&                    Cmnd_Spec \*(Aq,\*(Aq Cmnd_Spec_List
+\&
+.ie \n(SL \& Cmnd_Spec ::= Runas_Spec? SELinux_Spec? Tag_Spec* Cmnd
+.el \& Cmnd_Spec ::= Runas_Spec? Tag_Spec* Cmnd
+\&
+\& Runas_Spec ::= \*(Aq(\*(Aq Runas_List? (\*(Aq:\*(Aq Runas_List)? \*(Aq)\*(Aq
+\&
+.if \n(SL \{\
+\& SELinux_Spec ::= (\*(AqROLE=role\*(Aq | \*(AqTYPE=type\*(Aq)
+\&
+\}
+\& Tag_Spec ::= (\*(AqNOPASSWD:\*(Aq | \*(AqPASSWD:\*(Aq | \*(AqNOEXEC:\*(Aq | \*(AqEXEC:\*(Aq |
+\&               \*(AqSETENV:\*(Aq | \*(AqNOSETENV:\*(Aq | \*(AqLOG_INPUT:\*(Aq | \*(AqNOLOG_INPUT:\*(Aq |
+\&               \*(AqLOG_OUTPUT:\*(Aq | \*(AqNOLOG_OUTPUT:\*(Aq)
+.Ve
+.PP
+A \fBuser specification\fR determines which commands a user may run
+(and as what user) on specified hosts.  By default, commands are
+run as \fBroot\fR, but this can be changed on a per-command basis.
+.PP
+The basic structure of a user specification is `who = where (as_whom)
+what'.  Let's break that down into its constituent parts:
+.SS "Runas_Spec"
+.IX Subsection "Runas_Spec"
+A \f(CW\*(C`Runas_Spec\*(C'\fR determines the user and/or the group that a command
+may be run as.  A fully-specified \f(CW\*(C`Runas_Spec\*(C'\fR consists of two
+\&\f(CW\*(C`Runas_List\*(C'\fRs (as defined above) separated by a colon (':') and
+enclosed in a set of parentheses.  The first \f(CW\*(C`Runas_List\*(C'\fR indicates
+which users the command may be run as via \fBsudo\fR's \fB\-u\fR option.
+The second defines a list of groups that can be specified via
+\&\fBsudo\fR's \fB\-g\fR option.  If both \f(CW\*(C`Runas_List\*(C'\fRs are specified, the
+command may be run with any combination of users and groups listed
+in their respective \f(CW\*(C`Runas_List\*(C'\fRs.  If only the first is specified,
+the command may be run as any user in the list but no \fB\-g\fR option
+may be specified.  If the first \f(CW\*(C`Runas_List\*(C'\fR is empty but the
+second is specified, the command may be run as the invoking user
+with the group set to any listed in the \f(CW\*(C`Runas_List\*(C'\fR.  If no
+\&\f(CW\*(C`Runas_Spec\*(C'\fR is specified the command may be run as \fBroot\fR and
+no group may be specified.
+.PP
+A \f(CW\*(C`Runas_Spec\*(C'\fR sets the default for the commands that follow it.
+What this means is that for the entry:
+.PP
+.Vb 1
+\& dgb    boulder = (operator) /bin/ls, /bin/kill, /usr/bin/lprm
+.Ve
+.PP
+The user \fBdgb\fR may run \fI/bin/ls\fR, \fI/bin/kill\fR, and
+\&\fI/usr/bin/lprm\fR \*(-- but only as \fBoperator\fR.  E.g.,
+.PP
+.Vb 1
+\& $ sudo \-u operator /bin/ls.
+.Ve
+.PP
+It is also possible to override a \f(CW\*(C`Runas_Spec\*(C'\fR later on in an
+entry.  If we modify the entry like so:
+.PP
+.Vb 1
+\& dgb    boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm
+.Ve
+.PP
+Then user \fBdgb\fR is now allowed to run \fI/bin/ls\fR as \fBoperator\fR,
+but  \fI/bin/kill\fR and \fI/usr/bin/lprm\fR as \fBroot\fR.
+.PP
+We can extend this to allow \fBdgb\fR to run \f(CW\*(C`/bin/ls\*(C'\fR with either
+the user or group set to \fBoperator\fR:
+.PP
+.Vb 2
+\& dgb    boulder = (operator : operator) /bin/ls, (root) /bin/kill, \e
+\&        /usr/bin/lprm
+.Ve
+.PP
+In the following example, user \fBtcm\fR may run commands that access
+a modem device file with the dialer group.  Note that in this example
+only the group will be set, the command still runs as user \fBtcm\fR.
+.PP
+.Vb 2
+\& tcm    boulder = (:dialer) /usr/bin/tip, /usr/bin/cu, \e
+\&        /usr/local/bin/minicom
+.Ve
+.if \n(SL \{\
+.SS "SELinux_Spec"
+.IX Subsection "SELinux_Spec"
+On systems with SELinux support, \fIsudoers\fR entries may optionally have
+an SELinux role and/or type associated with a command.  If a role or
+type is specified with the command it will override any default values
+specified in \fIsudoers\fR.  A role or type specified on the command line,
+however, will supercede the values in \fIsudoers\fR.
+\}
+.SS "Tag_Spec"
+.IX Subsection "Tag_Spec"
+A command may have zero or more tags associated with it.  There are
+eight possible tag values, \f(CW\*(C`NOPASSWD\*(C'\fR, \f(CW\*(C`PASSWD\*(C'\fR, \f(CW\*(C`NOEXEC\*(C'\fR,
+\&\f(CW\*(C`EXEC\*(C'\fR, \f(CW\*(C`SETENV\*(C'\fR, \f(CW\*(C`NOSETENV\*(C'\fR, \f(CW\*(C`LOG_INPUT\*(C'\fR, \f(CW\*(C`NOLOG_INPUT\*(C'\fR,
+\&\f(CW\*(C`LOG_OUTPUT\*(C'\fR and \f(CW\*(C`NOLOG_OUTPUT\*(C'\fR.  Once a tag is set on a \f(CW\*(C`Cmnd\*(C'\fR,
+subsequent \f(CW\*(C`Cmnd\*(C'\fRs in the \f(CW\*(C`Cmnd_Spec_List\*(C'\fR, inherit the tag unless
+it is overridden by the opposite tag (i.e.: \f(CW\*(C`PASSWD\*(C'\fR overrides
+\&\f(CW\*(C`NOPASSWD\*(C'\fR and \f(CW\*(C`NOEXEC\*(C'\fR overrides \f(CW\*(C`EXEC\*(C'\fR).
+.PP
+\fI\s-1NOPASSWD\s0 and \s-1PASSWD\s0\fR
+.IX Subsection "NOPASSWD and PASSWD"
+.PP
+By default, \fBsudo\fR requires that a user authenticate him or herself
+before running a command.  This behavior can be modified via the
+\&\f(CW\*(C`NOPASSWD\*(C'\fR tag.  Like a \f(CW\*(C`Runas_Spec\*(C'\fR, the \f(CW\*(C`NOPASSWD\*(C'\fR tag sets
+a default for the commands that follow it in the \f(CW\*(C`Cmnd_Spec_List\*(C'\fR.
+Conversely, the \f(CW\*(C`PASSWD\*(C'\fR tag can be used to reverse things.
+For example:
+.PP
+.Vb 1
+\& ray    rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
+.Ve
+.PP
+would allow the user \fBray\fR to run \fI/bin/kill\fR, \fI/bin/ls\fR, and
+\&\fI/usr/bin/lprm\fR as \fBroot\fR on the machine rushmore without
+authenticating himself.  If we only want \fBray\fR to be able to
+run \fI/bin/kill\fR without a password the entry would be:
+.PP
+.Vb 1
+\& ray    rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
+.Ve
+.PP
+Note, however, that the \f(CW\*(C`PASSWD\*(C'\fR tag has no effect on users who are
+in the group specified by the \fIexempt_group\fR option.
+.PP
+By default, if the \f(CW\*(C`NOPASSWD\*(C'\fR tag is applied to any of the entries
+for a user on the current host, he or she will be able to run
+\&\f(CW\*(C`sudo \-l\*(C'\fR without a password.  Additionally, a user may only run
+\&\f(CW\*(C`sudo \-v\*(C'\fR without a password if the \f(CW\*(C`NOPASSWD\*(C'\fR tag is present
+for all a user's entries that pertain to the current host.
+This behavior may be overridden via the verifypw and listpw options.
+.PP
+\fI\s-1NOEXEC\s0 and \s-1EXEC\s0\fR
+.IX Subsection "NOEXEC and EXEC"
+.PP
+If \fBsudo\fR has been compiled with \fInoexec\fR support and the underlying
+operating system supports it, the \f(CW\*(C`NOEXEC\*(C'\fR tag can be used to prevent
+a dynamically-linked executable from running further commands itself.
+.PP
+In the following example, user \fBaaron\fR may run \fI/usr/bin/more\fR
+and \fI/usr/bin/vi\fR but shell escapes will be disabled.
+.PP
+.Vb 1
+\& aaron  shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
+.Ve
+.PP
+See the \*(L"\s-1PREVENTING\s0 \s-1SHELL\s0 \s-1ESCAPES\s0\*(R" section below for more details
+on how \f(CW\*(C`NOEXEC\*(C'\fR works and whether or not it will work on your system.
+.PP
+\fI\s-1SETENV\s0 and \s-1NOSETENV\s0\fR
+.IX Subsection "SETENV and NOSETENV"
+.PP
+These tags override the value of the \fIsetenv\fR option on a per-command
+basis.  Note that if \f(CW\*(C`SETENV\*(C'\fR has been set for a command, any
+environment variables set on the command line way are not subject
+to the restrictions imposed by \fIenv_check\fR, \fIenv_delete\fR, or
+\&\fIenv_keep\fR.  As such, only trusted users should be allowed to set
+variables in this manner.  If the command matched is \fB\s-1ALL\s0\fR, the
+\&\f(CW\*(C`SETENV\*(C'\fR tag is implied for that command; this default may
+be overridden by use of the \f(CW\*(C`NOSETENV\*(C'\fR tag.
+.PP
+\fI\s-1LOG_INPUT\s0 and \s-1NOLOG_INPUT\s0\fR
+.IX Subsection "LOG_INPUT and NOLOG_INPUT"
+.PP
+These tags override the value of the \fIlog_input\fR option on a
+per-command basis.  For more information, see the description of
+\&\fIlog_input\fR in the \*(L"\s-1SUDOERS\s0 \s-1OPTIONS\s0\*(R" section below.
+.PP
+\fI\s-1LOG_OUTPUT\s0 and \s-1NOLOG_OUTPUT\s0\fR
+.IX Subsection "LOG_OUTPUT and NOLOG_OUTPUT"
+.PP
+These tags override the value of the \fIlog_output\fR option on a
+per-command basis.  For more information, see the description of
+\&\fIlog_output\fR in the \*(L"\s-1SUDOERS\s0 \s-1OPTIONS\s0\*(R" section below.
+.SS "Wildcards"
+.IX Subsection "Wildcards"
+\&\fBsudo\fR allows shell-style \fIwildcards\fR (aka meta or glob characters)
+to be used in host names, path names and command line arguments in
+the \fIsudoers\fR file.  Wildcard matching is done via the \fB\s-1POSIX\s0\fR
+\&\fIglob\fR\|(3) and \fIfnmatch\fR\|(3) routines.  Note that these are \fInot\fR
+regular expressions.
+.ie n .IP "\*(C`*\*(C'" 8
+.el .IP "\f(CW\*(C`*\*(C'\fR" 8
+.IX Item "*"
+Matches any set of zero or more characters.
+.ie n .IP "\*(C`?\*(C'" 8
+.el .IP "\f(CW\*(C`?\*(C'\fR" 8
+.IX Item "?"
+Matches any single character.
+.ie n .IP "\*(C`[...]\*(C'" 8
+.el .IP "\f(CW\*(C`[...]\*(C'\fR" 8
+.IX Item "[...]"
+Matches any character in the specified range.
+.ie n .IP "\*(C`[!...]\*(C'" 8
+.el .IP "\f(CW\*(C`[!...]\*(C'\fR" 8
+.IX Item "[!...]"
+Matches any character \fBnot\fR in the specified range.
+.ie n .IP "\*(C`\ex\*(C'" 8
+.el .IP "\f(CW\*(C`\ex\*(C'\fR" 8
+.IX Item "x"
+For any character \*(L"x\*(R", evaluates to \*(L"x\*(R".  This is used to
+escape special characters such as: \*(L"*\*(R", \*(L"?\*(R", \*(L"[\*(R", and \*(L"}\*(R".
+.PP
+\&\s-1POSIX\s0 character classes may also be used if your system's \fIglob\fR\|(3)
+and \fIfnmatch\fR\|(3) functions support them.  However, because the
+\&\f(CW\*(Aq:\*(Aq\fR character has special meaning in \fIsudoers\fR, it must be
+escaped.  For example:
+.PP
+.Vb 1
+\&    /bin/ls [[\e:alpha\e:]]*
+.Ve
+.PP
+Would match any file name beginning with a letter.
+.PP
+Note that a forward slash ('/') will \fBnot\fR be matched by
+wildcards used in the path name.  When matching the command
+line arguments, however, a slash \fBdoes\fR get matched by
+wildcards.  This is to make a path like:
+.PP
+.Vb 1
+\&    /usr/bin/*
+.Ve
+.PP
+match \fI/usr/bin/who\fR but not \fI/usr/bin/X11/xterm\fR.
+.SS "Exceptions to wildcard rules"
+.IX Subsection "Exceptions to wildcard rules"
+The following exceptions apply to the above rules:
+.ie n .IP """""" 8
+.el .IP "\f(CW``''\fR" 8
+.IX Item """"""
+If the empty string \f(CW""\fR is the only command line argument in the
+\&\fIsudoers\fR entry it means that command is not allowed to be run
+with \fBany\fR arguments.
+.SS "Including other files from within sudoers"
+.IX Subsection "Including other files from within sudoers"
+It is possible to include other \fIsudoers\fR files from within the
+\&\fIsudoers\fR file currently being parsed using the \f(CW\*(C`#include\*(C'\fR and
+\&\f(CW\*(C`#includedir\*(C'\fR directives.
+.PP
+This can be used, for example, to keep a site-wide \fIsudoers\fR file
+in addition to a local, per-machine file.  For the sake of this
+example the site-wide \fIsudoers\fR will be \fI/etc/sudoers\fR and the
+per-machine one will be \fI/etc/sudoers.local\fR.  To include
+\&\fI/etc/sudoers.local\fR from within \fI/etc/sudoers\fR we would use the
+following line in \fI/etc/sudoers\fR:
+.Sp
+.RS 4
+\&\f(CW\*(C`#include /etc/sudoers.local\*(C'\fR
+.RE
+.PP
+When \fBsudo\fR reaches this line it will suspend processing of the
+current file (\fI/etc/sudoers\fR) and switch to \fI/etc/sudoers.local\fR.
+Upon reaching the end of \fI/etc/sudoers.local\fR, the rest of
+\&\fI/etc/sudoers\fR will be processed.  Files that are included may
+themselves include other files.  A hard limit of 128 nested include
+files is enforced to prevent include file loops.
+.PP
+The file name may include the \f(CW%h\fR escape, signifying the short form
+of the host name.  I.e., if the machine's host name is \*(L"xerxes\*(R", then
+.PP
+\&\f(CW\*(C`#include /etc/sudoers.%h\*(C'\fR
+.PP
+will cause \fBsudo\fR to include the file \fI/etc/sudoers.xerxes\fR.
+.PP
+The \f(CW\*(C`#includedir\*(C'\fR directive can be used to create a \fIsudo.d\fR
+directory that the system package manager can drop \fIsudoers\fR rules
+into as part of package installation.  For example, given:
+.PP
+\&\f(CW\*(C`#includedir /etc/sudoers.d\*(C'\fR
+.PP
+\&\fBsudo\fR will read each file in \fI/etc/sudoers.d\fR, skipping file
+names that end in \f(CW\*(C`~\*(C'\fR or contain a \f(CW\*(C`.\*(C'\fR character to avoid causing
+problems with package manager or editor temporary/backup files.
+Files are parsed in sorted lexical order.  That is,
+\&\fI/etc/sudoers.d/01_first\fR will be parsed before
+\&\fI/etc/sudoers.d/10_second\fR.  Be aware that because the sorting is
+lexical, not numeric, \fI/etc/sudoers.d/1_whoops\fR would be loaded
+\&\fBafter\fR \fI/etc/sudoers.d/10_second\fR.  Using a consistent number
+of leading zeroes in the file names can be used to avoid such
+problems.
+.PP
+Note that unlike files included via \f(CW\*(C`#include\*(C'\fR, \fBvisudo\fR will not
+edit the files in a \f(CW\*(C`#includedir\*(C'\fR directory unless one of them
+contains a syntax error.  It is still possible to run \fBvisudo\fR
+with the \f(CW\*(C`\-f\*(C'\fR flag to edit the files directly.
+.SS "Other special characters and reserved words"
+.IX Subsection "Other special characters and reserved words"
+The pound sign ('#') is used to indicate a comment (unless it is
+part of a #include directive or unless it occurs in the context of
+a user name and is followed by one or more digits, in which case
+it is treated as a uid).  Both the comment character and any text
+after it, up to the end of the line, are ignored.
+.PP
+The reserved word \fB\s-1ALL\s0\fR is a built-in \fIalias\fR that always causes
+a match to succeed.  It can be used wherever one might otherwise
+use a \f(CW\*(C`Cmnd_Alias\*(C'\fR, \f(CW\*(C`User_Alias\*(C'\fR, \f(CW\*(C`Runas_Alias\*(C'\fR, or \f(CW\*(C`Host_Alias\*(C'\fR.
+You should not try to define your own \fIalias\fR called \fB\s-1ALL\s0\fR as the
+built-in alias will be used in preference to your own.  Please note
+that using \fB\s-1ALL\s0\fR can be dangerous since in a command context, it
+allows the user to run \fBany\fR command on the system.
+.PP
+An exclamation point ('!') can be used as a logical \fInot\fR operator
+both in an \fIalias\fR and in front of a \f(CW\*(C`Cmnd\*(C'\fR.  This allows one to
+exclude certain values.  Note, however, that using a \f(CW\*(C`!\*(C'\fR in
+conjunction with the built-in \f(CW\*(C`ALL\*(C'\fR alias to allow a user to
+run \*(L"all but a few\*(R" commands rarely works as intended (see \s-1SECURITY\s0
+\&\s-1NOTES\s0 below).
+.PP
+Long lines can be continued with a backslash ('\e') as the last
+character on the line.
+.PP
+Whitespace between elements in a list as well as special syntactic
+characters in a \fIUser Specification\fR ('=', ':', '(', ')') is optional.
+.PP
+The following characters must be escaped with a backslash ('\e') when
+used as part of a word (e.g.\ a user name or host name):
+\&'@', '!', '=', ':', ',', '(', ')', '\e'.
+.SH "SUDOERS OPTIONS"
+.IX Header "SUDOERS OPTIONS"
+\&\fBsudo\fR's behavior can be modified by \f(CW\*(C`Default_Entry\*(C'\fR lines, as
+explained earlier.  A list of all supported Defaults parameters,
+grouped by type, are listed below.
+.PP
+\&\fBBoolean Flags\fR:
+.IP "always_set_home" 16
+.IX Item "always_set_home"
+If enabled, \fBsudo\fR will set the \f(CW\*(C`HOME\*(C'\fR environment variable to the
+home directory of the target user (which is root unless the \fB\-u\fR
+option is used).  This effectively means that the \fB\-H\fR option is
+always implied.  Note that \f(CW\*(C`HOME\*(C'\fR is already set when the the
+\&\fIenv_reset\fR option is enabled, so \fIalways_set_home\fR is only
+effective for configurations where \fIenv_reset\fR is disabled.
+This flag is \fIoff\fR by default.
+.IP "authenticate" 16
+.IX Item "authenticate"
+If set, users must authenticate themselves via a password (or other
+means of authentication) before they may run commands.  This default
+may be overridden via the \f(CW\*(C`PASSWD\*(C'\fR and \f(CW\*(C`NOPASSWD\*(C'\fR tags.
+This flag is \fIon\fR by default.
+.IP "closefrom_override" 16
+.IX Item "closefrom_override"
+If set, the user may use \fBsudo\fR's \fB\-C\fR option which
+overrides the default starting point at which \fBsudo\fR begins
+closing open file descriptors.  This flag is \fIoff\fR by default.
+.IP "compress_io" 16
+.IX Item "compress_io"
+If set, and \fBsudo\fR is configured to log a command's input or output,
+the I/O logs will be compressed using \fBzlib\fR.  This flag is \fIon\fR
+by default when \fBsudo\fR is compiled with \fBzlib\fR support.
+.IP "env_editor" 16
+.IX Item "env_editor"
+If set, \fBvisudo\fR will use the value of the \s-1EDITOR\s0 or \s-1VISUAL\s0
+environment variables before falling back on the default editor list.
+Note that this may create a security hole as it allows the user to
+run any arbitrary command as root without logging.  A safer alternative
+is to place a colon-separated list of editors in the \f(CW\*(C`editor\*(C'\fR
+variable.  \fBvisudo\fR will then only use the \s-1EDITOR\s0 or \s-1VISUAL\s0 if
+they match a value specified in \f(CW\*(C`editor\*(C'\fR.  This flag is \fI@env_editor@\fR by
+default.
+.IP "env_reset" 16
+.IX Item "env_reset"
+If set, \fBsudo\fR will reset the environment to only contain the
+\&\s-1LOGNAME\s0, \s-1MAIL\s0, \s-1SHELL\s0, \s-1USER\s0, \s-1USERNAME\s0 and the \f(CW\*(C`SUDO_*\*(C'\fR variables.  Any
+variables in the caller's environment that match the \f(CW\*(C`env_keep\*(C'\fR
+and \f(CW\*(C`env_check\*(C'\fR lists are then added.  The default contents of the
+\&\f(CW\*(C`env_keep\*(C'\fR and \f(CW\*(C`env_check\*(C'\fR lists are displayed when \fBsudo\fR is
+run by root with the \fI\-V\fR option.  If the \fIsecure_path\fR option
+is set, its value will be used for the \f(CW\*(C`PATH\*(C'\fR environment variable.
+This flag is \fIon\fR by default.
+.IP "fast_glob" 16
+.IX Item "fast_glob"
+Normally, \fBsudo\fR uses the \fIglob\fR\|(3) function to do shell-style
+globbing when matching path names.  However, since it accesses the
+file system, \fIglob\fR\|(3) can take a long time to complete for some
+patterns, especially when the pattern references a network file
+system that is mounted on demand (automounted).  The \fIfast_glob\fR
+option causes \fBsudo\fR to use the \fIfnmatch\fR\|(3) function, which does
+not access the file system to do its matching.  The disadvantage
+of \fIfast_glob\fR is that it is unable to match relative path names
+such as \fI./ls\fR or \fI../bin/ls\fR.  This has security implications
+when path names that include globbing characters are used with the
+negation operator, \f(CW\*(Aq!\*(Aq\fR, as such rules can be trivially bypassed.
+As such, this option should not be used when \fIsudoers\fR contains rules 
+that contain negated path names which include globbing characters.
+This flag is \fIoff\fR by default.
+.IP "fqdn" 16
+.IX Item "fqdn"
+Set this flag if you want to put fully qualified host names in the
+\&\fIsudoers\fR file.  I.e., instead of myhost you would use myhost.mydomain.edu.
+You may still use the short form if you wish (and even mix the two).
+Beware that turning on \fIfqdn\fR requires \fBsudo\fR to make \s-1DNS\s0 lookups
+which may make \fBsudo\fR unusable if \s-1DNS\s0 stops working (for example
+if the machine is not plugged into the network).  Also note that
+you must use the host's official name as \s-1DNS\s0 knows it.  That is,
+you may not use a host alias (\f(CW\*(C`CNAME\*(C'\fR entry) due to performance
+issues and the fact that there is no way to get all aliases from
+\&\s-1DNS\s0.  If your machine's host name (as returned by the \f(CW\*(C`hostname\*(C'\fR
+command) is already fully qualified you shouldn't need to set
+\&\fIfqdn\fR.  This flag is \fI@fqdn@\fR by default.
+.IP "ignore_dot" 16
+.IX Item "ignore_dot"
+If set, \fBsudo\fR will ignore '.' or '' (current dir) in the \f(CW\*(C`PATH\*(C'\fR
+environment variable; the \f(CW\*(C`PATH\*(C'\fR itself is not modified.  This
+flag is \fI@ignore_dot@\fR by default.
+.IP "ignore_local_sudoers" 16
+.IX Item "ignore_local_sudoers"
+If set via \s-1LDAP\s0, parsing of \fI@sysconfdir@/sudoers\fR will be skipped.
+This is intended for Enterprises that wish to prevent the usage of local
+sudoers files so that only \s-1LDAP\s0 is used.  This thwarts the efforts of
+rogue operators who would attempt to add roles to \fI@sysconfdir@/sudoers\fR.
+When this option is present, \fI@sysconfdir@/sudoers\fR does not even need to
+exist. Since this option tells \fBsudo\fR how to behave when no specific \s-1LDAP\s0
+entries have been matched, this sudoOption is only meaningful for the
+\&\f(CW\*(C`cn=defaults\*(C'\fR section.  This flag is \fIoff\fR by default.
+.IP "insults" 16
+.IX Item "insults"
+If set, \fBsudo\fR will insult users when they enter an incorrect
+password.  This flag is \fI@insults@\fR by default.
+.IP "log_host" 16
+.IX Item "log_host"
+If set, the host name will be logged in the (non-syslog) \fBsudo\fR log file.
+This flag is \fIoff\fR by default.
+.IP "log_year" 16
+.IX Item "log_year"
+If set, the four-digit year will be logged in the (non-syslog) \fBsudo\fR log file.
+This flag is \fIoff\fR by default.
+.IP "long_otp_prompt" 16
+.IX Item "long_otp_prompt"
+When validating with a One Time Password (\s-1OPT\s0) scheme such as
+\&\fBS/Key\fR or \fB\s-1OPIE\s0\fR, a two-line prompt is used to make it easier
+to cut and paste the challenge to a local window.  It's not as
+pretty as the default but some people find it more convenient.  This
+flag is \fI@long_otp_prompt@\fR by default.
+.IP "mail_always" 16
+.IX Item "mail_always"
+Send mail to the \fImailto\fR user every time a users runs \fBsudo\fR.
+This flag is \fIoff\fR by default.
+.IP "mail_badpass" 16
+.IX Item "mail_badpass"
+Send mail to the \fImailto\fR user if the user running \fBsudo\fR does not
+enter the correct password.  This flag is \fIoff\fR by default.
+.IP "mail_no_host" 16
+.IX Item "mail_no_host"
+If set, mail will be sent to the \fImailto\fR user if the invoking
+user exists in the \fIsudoers\fR file, but is not allowed to run
+commands on the current host.  This flag is \fI@mail_no_host@\fR by default.
+.IP "mail_no_perms" 16
+.IX Item "mail_no_perms"
+If set, mail will be sent to the \fImailto\fR user if the invoking
+user is allowed to use \fBsudo\fR but the command they are trying is not
+listed in their \fIsudoers\fR file entry or is explicitly denied.
+This flag is \fI@mail_no_perms@\fR by default.
+.IP "mail_no_user" 16
+.IX Item "mail_no_user"
+If set, mail will be sent to the \fImailto\fR user if the invoking
+user is not in the \fIsudoers\fR file.  This flag is \fI@mail_no_user@\fR
+by default.
+.IP "noexec" 16
+.IX Item "noexec"
+If set, all commands run via \fBsudo\fR will behave as if the \f(CW\*(C`NOEXEC\*(C'\fR
+tag has been set, unless overridden by a \f(CW\*(C`EXEC\*(C'\fR tag.  See the
+description of \fI\s-1NOEXEC\s0 and \s-1EXEC\s0\fR below as well as the \*(L"\s-1PREVENTING\s0 \s-1SHELL\s0
+\&\s-1ESCAPES\s0\*(R" section at the end of this manual.  This flag is \fIoff\fR by default.
+.IP "path_info" 16
+.IX Item "path_info"
+Normally, \fBsudo\fR will tell the user when a command could not be
+found in their \f(CW\*(C`PATH\*(C'\fR environment variable.  Some sites may wish
+to disable this as it could be used to gather information on the
+location of executables that the normal user does not have access
+to.  The disadvantage is that if the executable is simply not in
+the user's \f(CW\*(C`PATH\*(C'\fR, \fBsudo\fR will tell the user that they are not
+allowed to run it, which can be confusing.  This flag is \fI@path_info@\fR
+by default.
+.IP "passprompt_override" 16
+.IX Item "passprompt_override"
+The password prompt specified by \fIpassprompt\fR will normally only
+be used if the password prompt provided by systems such as \s-1PAM\s0 matches
+the string \*(L"Password:\*(R".  If \fIpassprompt_override\fR is set, \fIpassprompt\fR
+will always be used.  This flag is \fIoff\fR by default.
+.IP "preserve_groups" 16
+.IX Item "preserve_groups"
+By default, \fBsudo\fR will initialize the group vector to the list of
+groups the target user is in.  When \fIpreserve_groups\fR is set, the
+user's existing group vector is left unaltered.  The real and
+effective group IDs, however, are still set to match the target
+user.  This flag is \fIoff\fR by default.
+.IP "pwfeedback" 16
+.IX Item "pwfeedback"
+By default, \fBsudo\fR reads the password like most other Unix programs,
+by turning off echo until the user hits the return (or enter) key.
+Some users become confused by this as it appears to them that \fBsudo\fR
+has hung at this point.  When \fIpwfeedback\fR is set, \fBsudo\fR will
+provide visual feedback when the user presses a key.  Note that
+this does have a security impact as an onlooker may be able to
+determine the length of the password being entered.
+This flag is \fIoff\fR by default.
+.IP "requiretty" 16
+.IX Item "requiretty"
+If set, \fBsudo\fR will only run when the user is logged in to a real
+tty.  When this flag is set, \fBsudo\fR can only be run from a login
+session and not via other means such as \fIcron\fR\|(@mansectsu@) or cgi-bin scripts.
+This flag is \fIoff\fR by default.
+.IP "root_sudo" 16
+.IX Item "root_sudo"
+If set, root is allowed to run \fBsudo\fR too.  Disabling this prevents users
+from \*(L"chaining\*(R" \fBsudo\fR commands to get a root shell by doing something
+like \f(CW"sudo sudo /bin/sh"\fR.  Note, however, that turning off \fIroot_sudo\fR
+will also prevent root from running \fBsudoedit\fR.
+Disabling \fIroot_sudo\fR provides no real additional security; it
+exists purely for historical reasons.
+This flag is \fI@root_sudo@\fR by default.
+.IP "rootpw" 16
+.IX Item "rootpw"
+If set, \fBsudo\fR will prompt for the root password instead of the password
+of the invoking user.  This flag is \fIoff\fR by default.
+.IP "runaspw" 16
+.IX Item "runaspw"
+If set, \fBsudo\fR will prompt for the password of the user defined by the
+\&\fIrunas_default\fR option (defaults to \f(CW\*(C`@runas_default@\*(C'\fR) instead of the
+password of the invoking user.  This flag is \fIoff\fR by default.
+.IP "set_home" 16
+.IX Item "set_home"
+If enabled and \fBsudo\fR is invoked with the \fB\-s\fR option the \f(CW\*(C`HOME\*(C'\fR
+environment variable will be set to the home directory of the target
+user (which is root unless the \fB\-u\fR option is used).  This effectively
+makes the \fB\-s\fR option imply \fB\-H\fR.  Note that \f(CW\*(C`HOME\*(C'\fR is already
+set when the the \fIenv_reset\fR option is enabled, so \fIset_home\fR is
+only effective for configurations where \fIenv_reset\fR is disabled.
+This flag is \fIoff\fR by default.
+.IP "set_logname" 16
+.IX Item "set_logname"
+Normally, \fBsudo\fR will set the \f(CW\*(C`LOGNAME\*(C'\fR, \f(CW\*(C`USER\*(C'\fR and \f(CW\*(C`USERNAME\*(C'\fR
+environment variables to the name of the target user (usually root
+unless the \fB\-u\fR option is given).  However, since some programs
+(including the \s-1RCS\s0 revision control system) use \f(CW\*(C`LOGNAME\*(C'\fR to
+determine the real identity of the user, it may be desirable to
+change this behavior.  This can be done by negating the set_logname
+option.  Note that if the \fIenv_reset\fR option has not been disabled,
+entries in the \fIenv_keep\fR list will override the value of
+\&\fIset_logname\fR.  This flag is \fIon\fR by default.
+.IP "setenv" 16
+.IX Item "setenv"
+Allow the user to disable the \fIenv_reset\fR option from the command
+line.  Additionally, environment variables set via the command line
+are not subject to the restrictions imposed by \fIenv_check\fR,
+\&\fIenv_delete\fR, or \fIenv_keep\fR.  As such, only trusted users should
+be allowed to set variables in this manner.  This flag is \fIoff\fR
+by default.
+.IP "shell_noargs" 16
+.IX Item "shell_noargs"
+If set and \fBsudo\fR is invoked with no arguments it acts as if the
+\&\fB\-s\fR option had been given.  That is, it runs a shell as root (the
+shell is determined by the \f(CW\*(C`SHELL\*(C'\fR environment variable if it is
+set, falling back on the shell listed in the invoking user's
+/etc/passwd entry if not).  This flag is \fIoff\fR by default.
+.IP "stay_setuid" 16
+.IX Item "stay_setuid"
+Normally, when \fBsudo\fR executes a command the real and effective
+UIDs are set to the target user (root by default).  This option
+changes that behavior such that the real \s-1UID\s0 is left as the invoking
+user's \s-1UID\s0.  In other words, this makes \fBsudo\fR act as a setuid
+wrapper.  This can be useful on systems that disable some potentially
+dangerous functionality when a program is run setuid.  This option
+is only effective on systems with either the \fIsetreuid()\fR or \fIsetresuid()\fR
+function.  This flag is \fIoff\fR by default.
+.IP "targetpw" 16
+.IX Item "targetpw"
+If set, \fBsudo\fR will prompt for the password of the user specified
+by the \fB\-u\fR option (defaults to \f(CW\*(C`root\*(C'\fR) instead of the password
+of the invoking user.  In addition, the timestamp file name will
+include the target user's name.  Note that this flag precludes the
+use of a uid not listed in the passwd database as an argument to
+the \fB\-u\fR option.  This flag is \fIoff\fR by default.
+.IP "log_input" 16
+.IX Item "log_input"
+If set, \fBsudo\fR will run the command in a \fIpseudo tty\fR and log all
+user input.
+If the standard input is not connected to the user's tty, due to
+I/O redirection or because the command is part of a pipeline, that
+input is also captured and stored in a separate log file.
+.Sp
+Input is logged to the \fI/var/log/sudo\-io\fR directory using a unique
+session \s-1ID\s0 that is included in the normal \fBsudo\fR log line, prefixed
+with \fITSID=\fR.
+.IP "log_output" 16
+.IX Item "log_output"
+If set, \fBsudo\fR will run the command in a \fIpseudo tty\fR and log all
+output that is sent to the screen, similar to the \fIscript\fR\|(1) command.
+If the standard output or standard error is not connected to the
+user's tty, due to I/O redirection or because the command is part
+of a pipeline, that output is also captured and stored in separate
+log files.
+.Sp
+Output is logged to the
+\&\fI/var/log/sudo\-io\fR directory using a unique session \s-1ID\s0 that is
+included in the normal \fBsudo\fR log line, prefixed with \fITSID=\fR.
+.Sp
+Output logs may be viewed with the \fIsudoreplay\fR\|(@mansectsu@) utility, which
+can also be used to list or search the available logs.
+.IP "tty_tickets" 16
+.IX Item "tty_tickets"
+If set, users must authenticate on a per-tty basis.  With this flag
+enabled, \fBsudo\fR will use a file named for the tty the user is
+logged in on in the user's time stamp directory.  If disabled, the
+time stamp of the directory is used instead.  This flag is
+\&\fI@tty_tickets@\fR by default.
+.IP "umask_override" 16
+.IX Item "umask_override"
+If set, \fBsudo\fR will set the umask as specified by \fIsudoers\fR without
+modification.  This makes it possible to specify a more permissive
+umask in \fIsudoers\fR than the user's own umask and matches historical
+behavior.  If \fIumask_override\fR is not set, \fBsudo\fR will set the
+umask to be the union of the user's umask and what is specified in
+\&\fIsudoers\fR.  This flag is \fIoff\fR by default.
+.if \n(LC \{\
+.IP "use_loginclass" 16
+.IX Item "use_loginclass"
+If set, \fBsudo\fR will apply the defaults specified for the target user's
+login class if one exists.  Only available if \fBsudo\fR is configured with
+the \-\-with\-logincap option.  This flag is \fIoff\fR by default.
+\}
+.IP "use_pty" 16
+.IX Item "use_pty"
+If set, \fBsudo\fR will run the command in a pseudo-pty even if no I/O
+logging is being gone.  A malicious program run under \fBsudo\fR could
+conceivably fork a background process that retains to the user's
+terminal device after the main program has finished executing.  Use
+of this option will make that impossible.
+.IP "visiblepw" 16
+.IX Item "visiblepw"
+By default, \fBsudo\fR will refuse to run if the user must enter a
+password but it is not possible to disable echo on the terminal.
+If the \fIvisiblepw\fR flag is set, \fBsudo\fR will prompt for a password
+even when it would be visible on the screen.  This makes it possible
+to run things like \f(CW"rsh somehost sudo ls"\fR since \fIrsh\fR\|(1) does
+not allocate a tty.  This flag is \fIoff\fR by default.
+.PP
+\&\fBIntegers\fR:
+.IP "closefrom" 16
+.IX Item "closefrom"
+Before it executes a command, \fBsudo\fR will close all open file
+descriptors other than standard input, standard output and standard
+error (ie: file descriptors 0\-2).  The \fIclosefrom\fR option can be used
+to specify a different file descriptor at which to start closing.
+The default is \f(CW3\fR.
+.IP "passwd_tries" 16
+.IX Item "passwd_tries"
+The number of tries a user gets to enter his/her password before
+\&\fBsudo\fR logs the failure and exits.  The default is \f(CW\*(C`@passwd_tries@\*(C'\fR.
+.PP
+\&\fBIntegers that can be used in a boolean context\fR:
+.IP "loglinelen" 16
+.IX Item "loglinelen"
+Number of characters per line for the file log.  This value is used
+to decide when to wrap lines for nicer log files.  This has no
+effect on the syslog log file, only the file log.  The default is
+\&\f(CW\*(C`@loglen@\*(C'\fR (use 0 or negate the option to disable word wrap).
+.IP "passwd_timeout" 16
+.IX Item "passwd_timeout"
+Number of minutes before the \fBsudo\fR password prompt times out, or
+\&\f(CW0\fR for no timeout.  The timeout may include a fractional component
+if minute granularity is insufficient, for example \f(CW2.5\fR.  The
+default is \f(CW\*(C`@password_timeout@\*(C'\fR.
+.IP "timestamp_timeout" 16
+.IX Item "timestamp_timeout"
+Number of minutes that can elapse before \fBsudo\fR will ask for a
+passwd again.  The timeout may include a fractional component if
+minute granularity is insufficient, for example \f(CW2.5\fR.  The default
+is \f(CW\*(C`@timeout@\*(C'\fR.  Set this to \f(CW0\fR to always prompt for a password.
+If set to a value less than \f(CW0\fR the user's timestamp will never
+expire.  This can be used to allow users to create or delete their
+own timestamps via \f(CW\*(C`sudo \-v\*(C'\fR and \f(CW\*(C`sudo \-k\*(C'\fR respectively.
+.IP "umask" 16
+.IX Item "umask"
+Umask to use when running the command.  Negate this option or set
+it to 0777 to preserve the user's umask.  The actual umask that is
+used will be the union of the user's umask and \f(CW\*(C`@sudo_umask@\*(C'\fR.
+This guarantees that \fBsudo\fR never lowers the umask when running a
+command.  Note on systems that use \s-1PAM\s0, the default \s-1PAM\s0 configuration
+may specify its own umask which will override the value set in
+\&\fIsudoers\fR.
+.PP
+\&\fBStrings\fR:
+.IP "badpass_message" 16
+.IX Item "badpass_message"
+Message that is displayed if a user enters an incorrect password.
+The default is \f(CW\*(C`@badpass_message@\*(C'\fR unless insults are enabled.
+.IP "editor" 16
+.IX Item "editor"
+A colon (':') separated list of editors allowed to be used with
+\&\fBvisudo\fR.  \fBvisudo\fR will choose the editor that matches the user's
+\&\s-1EDITOR\s0 environment variable if possible, or the first editor in the
+list that exists and is executable.  The default is \f(CW"@editor@"\fR.
+.IP "mailsub" 16
+.IX Item "mailsub"
+Subject of the mail sent to the \fImailto\fR user. The escape \f(CW%h\fR
+will expand to the host name of the machine.
+Default is \f(CW\*(C`@mailsub@\*(C'\fR.
+.IP "noexec_file" 16
+.IX Item "noexec_file"
+Path to a shared library containing dummy versions of the \fIexecv()\fR,
+\&\fIexecve()\fR and \fIfexecve()\fR library functions that just return an error.
+This is used to implement the \fInoexec\fR functionality on systems that
+support \f(CW\*(C`LD_PRELOAD\*(C'\fR or its equivalent.  Defaults to \fI@noexec_file@\fR.
+.IP "passprompt" 16
+.IX Item "passprompt"
+The default prompt to use when asking for a password; can be overridden
+via the \fB\-p\fR option or the \f(CW\*(C`SUDO_PROMPT\*(C'\fR environment variable.
+The following percent (`\f(CW\*(C`%\*(C'\fR') escapes are supported:
+.RS 16
+.ie n .IP "%H" 4
+.el .IP "\f(CW%H\fR" 4
+.IX Item "%H"
+expanded to the local host name including the domain name
+(on if the machine's host name is fully qualified or the \fIfqdn\fR
+option is set)
+.ie n .IP "%h" 4
+.el .IP "\f(CW%h\fR" 4
+.IX Item "%h"
+expanded to the local host name without the domain name
+.ie n .IP "%p" 4
+.el .IP "\f(CW%p\fR" 4
+.IX Item "%p"
+expanded to the user whose password is being asked for (respects the 
+\&\fIrootpw\fR, \fItargetpw\fR and \fIrunaspw\fR flags in \fIsudoers\fR)
+.ie n .IP "%U" 4
+.el .IP "\f(CW%U\fR" 4
+.IX Item "%U"
+expanded to the login name of the user the command will
+be run as (defaults to root)
+.ie n .IP "%u" 4
+.el .IP "\f(CW%u\fR" 4
+.IX Item "%u"
+expanded to the invoking user's login name
+.ie n .IP "\*(C`%%\*(C'" 4
+.el .IP "\f(CW\*(C`%%\*(C'\fR" 4
+.IX Item "%%"
+two consecutive \f(CW\*(C`%\*(C'\fR characters are collapsed into a single \f(CW\*(C`%\*(C'\fR character
+.RE
+.RS 16
+.Sp
+The default value is \f(CW\*(C`@passprompt@\*(C'\fR.
+.RE
+.if \n(SL \{\
+.IP "role" 16
+.IX Item "role"
+The default SELinux role to use when constructing a new security
+context to run the command.  The default role may be overridden on
+a per-command basis in \fIsudoers\fR or via command line options.
+This option is only available whe \fBsudo\fR is built with SELinux support.
+\}
+.IP "runas_default" 16
+.IX Item "runas_default"
+The default user to run commands as if the \fB\-u\fR option is not specified
+on the command line.  This defaults to \f(CW\*(C`@runas_default@\*(C'\fR.
+Note that if \fIrunas_default\fR is set it \fBmust\fR occur before
+any \f(CW\*(C`Runas_Alias\*(C'\fR specifications.
+.IP "syslog_badpri" 16
+.IX Item "syslog_badpri"
+Syslog priority to use when user authenticates unsuccessfully.
+Defaults to \f(CW\*(C`@badpri@\*(C'\fR.
+.IP "syslog_goodpri" 16
+.IX Item "syslog_goodpri"
+Syslog priority to use when user authenticates successfully.
+Defaults to \f(CW\*(C`@goodpri@\*(C'\fR.
+.IP "sudoers_locale" 16
+.IX Item "sudoers_locale"
+Locale to use when parsing the sudoers file.  Note that changing
+the locale may affect how sudoers is interpreted.
+Defaults to \f(CW"C"\fR.
+.IP "timestampdir" 16
+.IX Item "timestampdir"
+The directory in which \fBsudo\fR stores its timestamp files.
+The default is \fI@timedir@\fR.
+.IP "timestampowner" 16
+.IX Item "timestampowner"
+The owner of the timestamp directory and the timestamps stored therein.
+The default is \f(CW\*(C`root\*(C'\fR.
+.if \n(SL \{\
+.IP "type" 16
+.IX Item "type"
+The default SELinux type to use when constructing a new security
+context to run the command.  The default type may be overridden on
+a per-command basis in \fIsudoers\fR or via command line options.
+This option is only available whe \fBsudo\fR is built with SELinux support.
+\}
+.PP
+\&\fBStrings that can be used in a boolean context\fR:
+.IP "askpass" 12
+.IX Item "askpass"
+The \fIaskpass\fR option specifies the fully qualified path to a helper
+program used to read the user's password when no terminal is
+available.  This may be the case when \fBsudo\fR is executed from a
+graphical (as opposed to text-based) application.  The program
+specified by \fIaskpass\fR should display the argument passed to it
+as the prompt and write the user's password to the standard output.
+The value of \fIaskpass\fR may be overridden by the \f(CW\*(C`SUDO_ASKPASS\*(C'\fR
+environment variable.
+.IP "env_file" 12
+.IX Item "env_file"
+The \fIenv_file\fR options specifies the fully qualified path to a
+file containing variables to be set in the environment of the program
+being run.  Entries in this file should either be of the form
+\&\f(CW\*(C`VARIABLE=value\*(C'\fR or \f(CW\*(C`export VARIABLE=value\*(C'\fR.  The value may
+optionally be surrounded by single or double quotes.  Variables in
+this file are subject to other \fBsudo\fR environment settings such
+as \fIenv_keep\fR and \fIenv_check\fR.
+.IP "exempt_group" 12
+.IX Item "exempt_group"
+Users in this group are exempt from password and \s-1PATH\s0 requirements.
+This is not set by default.
+.IP "lecture" 12
+.IX Item "lecture"
+This option controls when a short lecture will be printed along with
+the password prompt.  It has the following possible values:
+.RS 12
+.IP "always" 8
+.IX Item "always"
+Always lecture the user.
+.IP "never" 8
+.IX Item "never"
+Never lecture the user.
+.IP "once" 8
+.IX Item "once"
+Only lecture the user the first time they run \fBsudo\fR.
+.RE
+.RS 12
+.Sp
+If no value is specified, a value of \fIonce\fR is implied.
+Negating the option results in a value of \fInever\fR being used.
+The default value is \fI@lecture@\fR.
+.RE
+.IP "lecture_file" 12
+.IX Item "lecture_file"
+Path to a file containing an alternate \fBsudo\fR lecture that will
+be used in place of the standard lecture if the named file exists.
+By default, \fBsudo\fR uses a built-in lecture.
+.IP "listpw" 12
+.IX Item "listpw"
+This option controls when a password will be required when a
+user runs \fBsudo\fR with the \fB\-l\fR option.  It has the following possible values:
+.RS 12
+.IP "all" 8
+.IX Item "all"
+All the user's \fIsudoers\fR entries for the current host must have
+the \f(CW\*(C`NOPASSWD\*(C'\fR flag set to avoid entering a password.
+.IP "always" 8
+.IX Item "always"
+The user must always enter a password to use the \fB\-l\fR option.
+.IP "any" 8
+.IX Item "any"
+At least one of the user's \fIsudoers\fR entries for the current host
+must have the \f(CW\*(C`NOPASSWD\*(C'\fR flag set to avoid entering a password.
+.IP "never" 8
+.IX Item "never"
+The user need never enter a password to use the \fB\-l\fR option.
+.RE
+.RS 12
+.Sp
+If no value is specified, a value of \fIany\fR is implied.
+Negating the option results in a value of \fInever\fR being used.
+The default value is \fIany\fR.
+.RE
+.IP "logfile" 12
+.IX Item "logfile"
+Path to the \fBsudo\fR log file (not the syslog log file).  Setting a path
+turns on logging to a file; negating this option turns it off.
+By default, \fBsudo\fR logs via syslog.
+.IP "mailerflags" 12
+.IX Item "mailerflags"
+Flags to use when invoking mailer. Defaults to \fB\-t\fR.
+.IP "mailerpath" 12
+.IX Item "mailerpath"
+Path to mail program used to send warning mail.
+Defaults to the path to sendmail found at configure time.
+.IP "mailfrom" 12
+.IX Item "mailfrom"
+Address to use for the \*(L"from\*(R" address when sending warning and error
+mail.  The address should be enclosed in double quotes (\f(CW\*(C`"\*(C'\fR) to
+protect against \fBsudo\fR interpreting the \f(CW\*(C`@\*(C'\fR sign.  Defaults to
+the name of the user running \fBsudo\fR.
+.IP "mailto" 12
+.IX Item "mailto"
+Address to send warning and error mail to.  The address should
+be enclosed in double quotes (\f(CW\*(C`"\*(C'\fR) to protect against \fBsudo\fR
+interpreting the \f(CW\*(C`@\*(C'\fR sign.  Defaults to \f(CW\*(C`@mailto@\*(C'\fR.
+.IP "secure_path" 12
+.IX Item "secure_path"
+Path used for every command run from \fBsudo\fR.  If you don't trust the
+people running \fBsudo\fR to have a sane \f(CW\*(C`PATH\*(C'\fR environment variable you may
+want to use this.  Another use is if you want to have the \*(L"root path\*(R"
+be separate from the \*(L"user path.\*(R"  Users in the group specified by the
+\&\fIexempt_group\fR option are not affected by \fIsecure_path\fR.
+This option is @secure_path@ by default.
+.IP "syslog" 12
+.IX Item "syslog"
+Syslog facility if syslog is being used for logging (negate to
+disable syslog logging).  Defaults to \f(CW\*(C`@logfac@\*(C'\fR.
+.IP "verifypw" 12
+.IX Item "verifypw"
+This option controls when a password will be required when a user runs
+\&\fBsudo\fR with the \fB\-v\fR option.  It has the following possible values:
+.RS 12
+.IP "all" 8
+.IX Item "all"
+All the user's \fIsudoers\fR entries for the current host must have
+the \f(CW\*(C`NOPASSWD\*(C'\fR flag set to avoid entering a password.
+.IP "always" 8
+.IX Item "always"
+The user must always enter a password to use the \fB\-v\fR option.
+.IP "any" 8
+.IX Item "any"
+At least one of the user's \fIsudoers\fR entries for the current host
+must have the \f(CW\*(C`NOPASSWD\*(C'\fR flag set to avoid entering a password.
+.IP "never" 8
+.IX Item "never"
+The user need never enter a password to use the \fB\-v\fR option.
+.RE
+.RS 12
+.Sp
+If no value is specified, a value of \fIall\fR is implied.
+Negating the option results in a value of \fInever\fR being used.
+The default value is \fIall\fR.
+.RE
+.PP
+\&\fBLists that can be used in a boolean context\fR:
+.IP "env_check" 16
+.IX Item "env_check"
+Environment variables to be removed from the user's environment if
+the variable's value contains \f(CW\*(C`%\*(C'\fR or \f(CW\*(C`/\*(C'\fR characters.  This can
+be used to guard against printf-style format vulnerabilities in
+poorly-written programs.  The argument may be a double-quoted,
+space-separated list or a single value without double-quotes.  The
+list can be replaced, added to, deleted from, or disabled by using
+the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and \f(CW\*(C`!\*(C'\fR operators respectively.  Regardless
+of whether the \f(CW\*(C`env_reset\*(C'\fR option is enabled or disabled, variables
+specified by \f(CW\*(C`env_check\*(C'\fR will be preserved in the environment if
+they pass the aforementioned check.  The default list of environment
+variables to check is displayed when \fBsudo\fR is run by root with
+the \fI\-V\fR option.
+.IP "env_delete" 16
+.IX Item "env_delete"
+Environment variables to be removed from the user's environment
+when the \fIenv_reset\fR option is not in effect.  The argument may
+be a double-quoted, space-separated list or a single value without
+double-quotes.  The list can be replaced, added to, deleted from,
+or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and \f(CW\*(C`!\*(C'\fR operators
+respectively.  The default list of environment variables to remove
+is displayed when \fBsudo\fR is run by root with the \fI\-V\fR option.
+Note that many operating systems will remove potentially dangerous
+variables from the environment of any setuid process (such as
+\&\fBsudo\fR).
+.IP "env_keep" 16
+.IX Item "env_keep"
+Environment variables to be preserved in the user's environment
+when the \fIenv_reset\fR option is in effect.  This allows fine-grained
+control over the environment \fBsudo\fR\-spawned processes will receive.
+The argument may be a double-quoted, space-separated list or a
+single value without double-quotes.  The list can be replaced, added
+to, deleted from, or disabled by using the \f(CW\*(C`=\*(C'\fR, \f(CW\*(C`+=\*(C'\fR, \f(CW\*(C`\-=\*(C'\fR, and
+\&\f(CW\*(C`!\*(C'\fR operators respectively.  The default list of variables to keep
+is displayed when \fBsudo\fR is run by root with the \fI\-V\fR option.
+.PP
+When logging via \fIsyslog\fR\|(3), \fBsudo\fR accepts the following values
+for the syslog facility (the value of the \fBsyslog\fR Parameter):
+\&\fBauthpriv\fR (if your \s-1OS\s0 supports it), \fBauth\fR, \fBdaemon\fR, \fBuser\fR,
+\&\fBlocal0\fR, \fBlocal1\fR, \fBlocal2\fR, \fBlocal3\fR, \fBlocal4\fR, \fBlocal5\fR,
+\&\fBlocal6\fR, and \fBlocal7\fR.  The following syslog priorities are
+supported: \fBalert\fR, \fBcrit\fR, \fBdebug\fR, \fBemerg\fR, \fBerr\fR, \fBinfo\fR,
+\&\fBnotice\fR, and \fBwarning\fR.
+.SH "FILES"
+.IX Header "FILES"
+.ie n .IP "\fI@sysconfdir@/sudoers\fR" 24
+.el .IP "\fI@sysconfdir@/sudoers\fR" 24
+.IX Item "@sysconfdir@/sudoers"
+List of who can run what
+.IP "\fI/etc/group\fR" 24
+.IX Item "/etc/group"
+Local groups file
+.IP "\fI/etc/netgroup\fR" 24
+.IX Item "/etc/netgroup"
+List of network groups
+.IP "\fI/var/log/sudo\-io\fR" 24
+.IX Item "/var/log/sudo-io"
+I/O log files
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Below are example \fIsudoers\fR entries.  Admittedly, some of
+these are a bit contrived.  First, we allow a few environment
+variables to pass and then define our \fIaliases\fR:
+.PP
+.Vb 4
+\& # Run X applications through sudo; HOME is used to find the
+\& # .Xauthority file.  Note that other programs use HOME to find
+\& # configuration files and this may lead to privilege escalation!
+\& Defaults env_keep += "DISPLAY HOME"
+\&
+\& # User alias specification
+\& User_Alias     FULLTIMERS = millert, mikef, dowdy
+\& User_Alias     PARTTIMERS = bostley, jwfox, crawl
+\& User_Alias     WEBMASTERS = will, wendy, wim
+\&
+\& # Runas alias specification
+\& Runas_Alias    OP = root, operator
+\& Runas_Alias    DB = oracle, sybase
+\& Runas_Alias    ADMINGRP = adm, oper
+\&
+\& # Host alias specification
+\& Host_Alias     SPARC = bigtime, eclipse, moet, anchor :\e
+\&                SGI = grolsch, dandelion, black :\e
+\&                ALPHA = widget, thalamus, foobar :\e
+\&                HPPA = boa, nag, python
+\& Host_Alias     CUNETS = 128.138.0.0/255.255.0.0
+\& Host_Alias     CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
+\& Host_Alias     SERVERS = master, mail, www, ns
+\& Host_Alias     CDROM = orion, perseus, hercules
+\&
+\& # Cmnd alias specification
+\& Cmnd_Alias     DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\e
+\&                        /usr/sbin/restore, /usr/sbin/rrestore
+\& Cmnd_Alias     KILL = /usr/bin/kill
+\& Cmnd_Alias     PRINTING = /usr/sbin/lpc, /usr/bin/lprm
+\& Cmnd_Alias     SHUTDOWN = /usr/sbin/shutdown
+\& Cmnd_Alias     HALT = /usr/sbin/halt
+\& Cmnd_Alias     REBOOT = /usr/sbin/reboot
+\& Cmnd_Alias     SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \e
+\&                         /usr/local/bin/tcsh, /usr/bin/rsh, \e
+\&                         /usr/local/bin/zsh
+\& Cmnd_Alias     SU = /usr/bin/su
+\& Cmnd_Alias     PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
+.Ve
+.PP
+Here we override some of the compiled in default values.  We want
+\&\fBsudo\fR to log via \fIsyslog\fR\|(3) using the \fIauth\fR facility in all
+cases.  We don't want to subject the full time staff to the \fBsudo\fR
+lecture, user \fBmillert\fR need not give a password, and we don't
+want to reset the \f(CW\*(C`LOGNAME\*(C'\fR, \f(CW\*(C`USER\*(C'\fR or \f(CW\*(C`USERNAME\*(C'\fR environment
+variables when running commands as root.  Additionally, on the
+machines in the \fI\s-1SERVERS\s0\fR \f(CW\*(C`Host_Alias\*(C'\fR, we keep an additional
+local log file and make sure we log the year in each log line since
+the log entries will be kept around for several years.  Lastly, we
+disable shell escapes for the commands in the \s-1PAGERS\s0 \f(CW\*(C`Cmnd_Alias\*(C'\fR
+(\fI/usr/bin/more\fR, \fI/usr/bin/pg\fR and \fI/usr/bin/less\fR).
+.PP
+.Vb 7
+\& # Override built\-in defaults
+\& Defaults               syslog=auth
+\& Defaults>root          !set_logname
+\& Defaults:FULLTIMERS    !lecture
+\& Defaults:millert       !authenticate
+\& Defaults@SERVERS       log_year, logfile=/var/log/sudo.log
+\& Defaults!PAGERS        noexec
+.Ve
+.PP
+The \fIUser specification\fR is the part that actually determines who may
+run what.
+.PP
+.Vb 2
+\& root           ALL = (ALL) ALL
+\& %wheel         ALL = (ALL) ALL
+.Ve
+.PP
+We let \fBroot\fR and any user in group \fBwheel\fR run any command on any
+host as any user.
+.PP
+.Vb 1
+\& FULLTIMERS     ALL = NOPASSWD: ALL
+.Ve
+.PP
+Full time sysadmins (\fBmillert\fR, \fBmikef\fR, and \fBdowdy\fR) may run any
+command on any host without authenticating themselves.
+.PP
+.Vb 1
+\& PARTTIMERS     ALL = ALL
+.Ve
+.PP
+Part time sysadmins (\fBbostley\fR, \fBjwfox\fR, and \fBcrawl\fR) may run any
+command on any host but they must authenticate themselves first
+(since the entry lacks the \f(CW\*(C`NOPASSWD\*(C'\fR tag).
+.PP
+.Vb 1
+\& jack           CSNETS = ALL
+.Ve
+.PP
+The user \fBjack\fR may run any command on the machines in the \fI\s-1CSNETS\s0\fR alias
+(the networks \f(CW128.138.243.0\fR, \f(CW128.138.204.0\fR, and \f(CW128.138.242.0\fR).
+Of those networks, only \f(CW128.138.204.0\fR has an explicit netmask (in
+\&\s-1CIDR\s0 notation) indicating it is a class C network.  For the other
+networks in \fI\s-1CSNETS\s0\fR, the local machine's netmask will be used
+during matching.
+.PP
+.Vb 1
+\& lisa           CUNETS = ALL
+.Ve
+.PP
+The user \fBlisa\fR may run any command on any host in the \fI\s-1CUNETS\s0\fR alias
+(the class B network \f(CW128.138.0.0\fR).
+.PP
+.Vb 2
+\& operator       ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\e
+\&                sudoedit /etc/printcap, /usr/oper/bin/
+.Ve
+.PP
+The \fBoperator\fR user may run commands limited to simple maintenance.
+Here, those are commands related to backups, killing processes, the
+printing system, shutting down the system, and any commands in the
+directory \fI/usr/oper/bin/\fR.
+.PP
+.Vb 1
+\& joe            ALL = /usr/bin/su operator
+.Ve
+.PP
+The user \fBjoe\fR may only \fIsu\fR\|(1) to operator.
+.PP
+.Vb 1
+\& pete           HPPA = /usr/bin/passwd [A\-Za\-z]*, !/usr/bin/passwd root
+\&
+\& %opers         ALL = (: ADMINGRP) /usr/sbin/
+.Ve
+.PP
+Users in the \fBopers\fR group may run commands in \fI/usr/sbin/\fR as themselves
+with any group in the \fI\s-1ADMINGRP\s0\fR \f(CW\*(C`Runas_Alias\*(C'\fR (the \fBadm\fR and \fBoper\fR
+groups).
+.PP
+The user \fBpete\fR is allowed to change anyone's password except for
+root on the \fI\s-1HPPA\s0\fR machines.  Note that this assumes \fIpasswd\fR\|(1)
+does not take multiple user names on the command line.
+.PP
+.Vb 1
+\& bob            SPARC = (OP) ALL : SGI = (OP) ALL
+.Ve
+.PP
+The user \fBbob\fR may run anything on the \fI\s-1SPARC\s0\fR and \fI\s-1SGI\s0\fR machines
+as any user listed in the \fI\s-1OP\s0\fR \f(CW\*(C`Runas_Alias\*(C'\fR (\fBroot\fR and \fBoperator\fR).
+.PP
+.Vb 1
+\& jim            +biglab = ALL
+.Ve
+.PP
+The user \fBjim\fR may run any command on machines in the \fIbiglab\fR netgroup.
+\&\fBsudo\fR knows that \*(L"biglab\*(R" is a netgroup due to the '+' prefix.
+.PP
+.Vb 1
+\& +secretaries   ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
+.Ve
+.PP
+Users in the \fBsecretaries\fR netgroup need to help manage the printers
+as well as add and remove users, so they are allowed to run those
+commands on all machines.
+.PP
+.Vb 1
+\& fred           ALL = (DB) NOPASSWD: ALL
+.Ve
+.PP
+The user \fBfred\fR can run commands as any user in the \fI\s-1DB\s0\fR \f(CW\*(C`Runas_Alias\*(C'\fR
+(\fBoracle\fR or \fBsybase\fR) without giving a password.
+.PP
+.Vb 1
+\& john           ALPHA = /usr/bin/su [!\-]*, !/usr/bin/su *root*
+.Ve
+.PP
+On the \fI\s-1ALPHA\s0\fR machines, user \fBjohn\fR may su to anyone except root
+but he is not allowed to specify any options to the \fIsu\fR\|(1) command.
+.PP
+.Vb 1
+\& jen            ALL, !SERVERS = ALL
+.Ve
+.PP
+The user \fBjen\fR may run any command on any machine except for those
+in the \fI\s-1SERVERS\s0\fR \f(CW\*(C`Host_Alias\*(C'\fR (master, mail, www and ns).
+.PP
+.Vb 1
+\& jill           SERVERS = /usr/bin/, !SU, !SHELLS
+.Ve
+.PP
+For any machine in the \fI\s-1SERVERS\s0\fR \f(CW\*(C`Host_Alias\*(C'\fR, \fBjill\fR may run
+any commands in the directory \fI/usr/bin/\fR except for those commands
+belonging to the \fI\s-1SU\s0\fR and \fI\s-1SHELLS\s0\fR \f(CW\*(C`Cmnd_Aliases\*(C'\fR.
+.PP
+.Vb 1
+\& steve          CSNETS = (operator) /usr/local/op_commands/
+.Ve
+.PP
+The user \fBsteve\fR may run any command in the directory /usr/local/op_commands/
+but only as user operator.
+.PP
+.Vb 1
+\& matt           valkyrie = KILL
+.Ve
+.PP
+On his personal workstation, valkyrie, \fBmatt\fR needs to be able to
+kill hung processes.
+.PP
+.Vb 1
+\& WEBMASTERS     www = (www) ALL, (root) /usr/bin/su www
+.Ve
+.PP
+On the host www, any user in the \fI\s-1WEBMASTERS\s0\fR \f(CW\*(C`User_Alias\*(C'\fR (will,
+wendy, and wim), may run any command as user www (which owns the
+web pages) or simply \fIsu\fR\|(1) to www.
+.PP
+.Vb 2
+\& ALL            CDROM = NOPASSWD: /sbin/umount /CDROM,\e
+\&                /sbin/mount \-o nosuid\e,nodev /dev/cd0a /CDROM
+.Ve
+.PP
+Any user may mount or unmount a CD-ROM on the machines in the \s-1CDROM\s0
+\&\f(CW\*(C`Host_Alias\*(C'\fR (orion, perseus, hercules) without entering a password.
+This is a bit tedious for users to type, so it is a prime candidate
+for encapsulating in a shell script.
+.SH "SECURITY NOTES"
+.IX Header "SECURITY NOTES"
+It is generally not effective to \*(L"subtract\*(R" commands from \f(CW\*(C`ALL\*(C'\fR
+using the '!' operator.  A user can trivially circumvent this
+by copying the desired command to a different name and then
+executing that.  For example:
+.PP
+.Vb 1
+\&    bill        ALL = ALL, !SU, !SHELLS
+.Ve
+.PP
+Doesn't really prevent \fBbill\fR from running the commands listed in
+\&\fI\s-1SU\s0\fR or \fI\s-1SHELLS\s0\fR since he can simply copy those commands to a
+different name, or use a shell escape from an editor or other
+program.  Therefore, these kind of restrictions should be considered
+advisory at best (and reinforced by policy).
+.PP
+Furthermore, if the \fIfast_glob\fR option is in use, it is not possible
+to reliably negate commands where the path name includes globbing
+(aka wildcard) characters.  This is because the C library's
+\&\fIfnmatch\fR\|(3) function cannot resolve relative paths.  While this
+is typically only an inconvenience for rules that grant privileges,
+it can result in a security issue for rules that subtract or revoke
+privileges.
+.PP
+For example, given the following \fIsudoers\fR entry:
+.PP
+.Vb 2
+\& john   ALL = /usr/bin/passwd [a\-zA\-Z0\-9]*, /usr/bin/chsh [a\-zA\-Z0\-9]*,
+\&      /usr/bin/chfn [a\-zA\-Z0\-9]*, !/usr/bin/* root
+.Ve
+.PP
+User \fBjohn\fR can still run \f(CW\*(C`/usr/bin/passwd root\*(C'\fR if \fIfast_glob\fR is
+enabled by changing to \fI/usr/bin\fR and running \f(CW\*(C`./passwd root\*(C'\fR instead.
+.SH "PREVENTING SHELL ESCAPES"
+.IX Header "PREVENTING SHELL ESCAPES"
+Once \fBsudo\fR executes a program, that program is free to do whatever
+it pleases, including run other programs.  This can be a security
+issue since it is not uncommon for a program to allow shell escapes,
+which lets a user bypass \fBsudo\fR's access control and logging.
+Common programs that permit shell escapes include shells (obviously),
+editors, paginators, mail and terminal programs.
+.PP
+There are two basic approaches to this problem:
+.IP "restrict" 10
+.IX Item "restrict"
+Avoid giving users access to commands that allow the user to run
+arbitrary commands.  Many editors have a restricted mode where shell
+escapes are disabled, though \fBsudoedit\fR is a better solution to
+running editors via \fBsudo\fR.  Due to the large number of programs that
+offer shell escapes, restricting users to the set of programs that
+do not if often unworkable.
+.IP "noexec" 10
+.IX Item "noexec"
+Many systems that support shared libraries have the ability to
+override default library functions by pointing an environment
+variable (usually \f(CW\*(C`LD_PRELOAD\*(C'\fR) to an alternate shared library.
+On such systems, \fBsudo\fR's \fInoexec\fR functionality can be used to
+prevent a program run by \fBsudo\fR from executing any other programs.
+Note, however, that this applies only to native dynamically-linked
+executables.  Statically-linked executables and foreign executables
+running under binary emulation are not affected.
+.Sp
+To tell whether or not \fBsudo\fR supports \fInoexec\fR, you can run
+the following as root:
+.Sp
+.Vb 1
+\&    sudo \-V | grep "dummy exec"
+.Ve
+.Sp
+If the resulting output contains a line that begins with:
+.Sp
+.Vb 1
+\&    File containing dummy exec functions:
+.Ve
+.Sp
+then \fBsudo\fR may be able to replace the exec family of functions
+in the standard library with its own that simply return an error.
+Unfortunately, there is no foolproof way to know whether or not
+\&\fInoexec\fR will work at compile-time.  \fInoexec\fR should work on
+SunOS, Solaris, *BSD, Linux, \s-1IRIX\s0, Tru64 \s-1UNIX\s0, MacOS X, and HP-UX
+11.x.  It is known \fBnot\fR to work on \s-1AIX\s0 and UnixWare.  \fInoexec\fR
+is expected to work on most operating systems that support the
+\&\f(CW\*(C`LD_PRELOAD\*(C'\fR environment variable.  Check your operating system's
+manual pages for the dynamic linker (usually ld.so, ld.so.1, dyld,
+dld.sl, rld, or loader) to see if \f(CW\*(C`LD_PRELOAD\*(C'\fR is supported.
+.Sp
+To enable \fInoexec\fR for a command, use the \f(CW\*(C`NOEXEC\*(C'\fR tag as documented
+in the User Specification section above.  Here is that example again:
+.Sp
+.Vb 1
+\& aaron  shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
+.Ve
+.Sp
+This allows user \fBaaron\fR to run \fI/usr/bin/more\fR and \fI/usr/bin/vi\fR
+with \fInoexec\fR enabled.  This will prevent those two commands from
+executing other commands (such as a shell).  If you are unsure
+whether or not your system is capable of supporting \fInoexec\fR you
+can always just try it out and see if it works.
+.PP
+Note that restricting shell escapes is not a panacea.  Programs
+running as root are still capable of many potentially hazardous
+operations (such as changing or overwriting files) that could lead
+to unintended privilege escalation.  In the specific case of an
+editor, a safer approach is to give the user permission to run
+\&\fBsudoedit\fR.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIrsh\fR\|(1), \fIsu\fR\|(1), \fIfnmatch\fR\|(3), \fIglob\fR\|(3), \fIsudo\fR\|(@mansectsu@), \fIvisudo\fR\|(8)
+.SH "CAVEATS"
+.IX Header "CAVEATS"
+The \fIsudoers\fR file should \fBalways\fR be edited by the \fBvisudo\fR
+command which locks the file and does grammatical checking. It is
+imperative that \fIsudoers\fR be free of syntax errors since \fBsudo\fR
+will not run with a syntactically incorrect \fIsudoers\fR file.
+.PP
+When using netgroups of machines (as opposed to users), if you
+store fully qualified host name in the netgroup (as is usually the
+case), you either need to have the machine's host name be fully qualified
+as returned by the \f(CW\*(C`hostname\*(C'\fR command or use the \fIfqdn\fR option in
+\&\fIsudoers\fR.
+.SH "BUGS"
+.IX Header "BUGS"
+If you feel you have found a bug in \fBsudo\fR, please submit a bug report
+at http://www.sudo.ws/sudo/bugs/
+.SH "SUPPORT"
+.IX Header "SUPPORT"
+Limited free support is available via the sudo-users mailing list,
+see http://www.sudo.ws/mailman/listinfo/sudo\-users to subscribe or
+search the archives.
+.SH "DISCLAIMER"
+.IX Header "DISCLAIMER"
+\&\fBsudo\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties,
+including, but not limited to, the implied warranties of merchantability
+and fitness for a particular purpose are disclaimed.  See the \s-1LICENSE\s0
+file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html
+for complete details.
diff --git a/sudo-1.7.4p4/sudoers.man.pl b/sudo-1.7.4p4/sudoers.man.pl
new file mode 100644
index 0000000..6e5da2c
--- /dev/null
+++ b/sudo-1.7.4p4/sudoers.man.pl
@@ -0,0 +1,39 @@
+#!/usr/bin/perl -p
+
+BEGIN {
+    $cond = -1;
+}
+
+# Initialize the numeric register we use for conditionals
+if ($cond == -1) {
+    $_ = ".nr SL \@SEMAN\@\n.nr BA \@BAMAN\@\n.nr LC \@LCMAN\@\n.\\\"\n$_";
+    $cond = 0;
+}
+
+# Make SELinux_Spec conditional
+if (/(.*)SELinux_Spec\? (.*)$/) {
+    $_ = ".ie \\n(SL $_.el $1$2\n";
+} elsif (/^(.*SELinux_Spec ::=)/) {
+    $_ = ".if \\n(SL \\{\\\n$_";
+} elsif (/^(.*Tag_Spec ::=)/) {
+    $_ = "\\}\n$_";
+}
+
+if (/^\.S[Sh] "SELinux_Spec"/) {
+    $_ = ".if \\n(SL \\{\\\n$_";
+    $cond = 1;
+} elsif (/^\.IP "(role|type)"/) {
+    $_ = ".if \\n(SL \\{\\\n$_";
+    $cond = 1;
+} elsif (/^\.IP "use_loginclass"/) {
+    $_ = ".if \\n(LC \\{\\\n$_";
+    $cond = 1;
+} elsif ($cond && /^\.(Sh|SS|IP|PP)/) {
+    $_ = "\\}\n$_";
+    $cond = 0;
+}
+
+# Fix up broken pod2man formatting of F<@foo@/bar>
+s/\\fI\\f(\(C)?I\@([^\@]*)\\fI\@/\\fI\@$2\@/g;
+s/\\f\(\CW\@([^\@]*)\\fR\@/\@$1\@/g;
+#\f(CW@secure_path\fR@
diff --git a/sudo-1.7.4p4/sudoers.pod b/sudo-1.7.4p4/sudoers.pod
new file mode 100644
index 0000000..798295c
--- /dev/null
+++ b/sudo-1.7.4p4/sudoers.pod
@@ -0,0 +1,1688 @@
+Copyright (c) 1994-1996, 1998-2005, 2007-2010
+	Todd C. Miller <Todd.Miller@courtesan.com>
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Sponsored in part by the Defense Advanced Research Projects
+Agency (DARPA) and Air Force Research Laboratory, Air Force
+Materiel Command, USAF, under agreement number F39502-99-1-0512.
+
+=pod
+
+=head1 NAME
+
+sudoers - list of which users may execute what
+
+=head1 DESCRIPTION
+
+The I<sudoers> file is composed of two types of entries: aliases
+(basically variables) and user specifications (which specify who
+may run what).
+
+When multiple entries match for a user, they are applied in order.
+Where there are multiple matches, the last match is used (which is
+not necessarily the most specific match).
+
+The I<sudoers> grammar will be described below in Extended Backus-Naur
+Form (EBNF).  Don't despair if you don't know what EBNF is; it is
+fairly simple, and the definitions below are annotated.
+
+=head2 Quick guide to EBNF
+
+EBNF is a concise and exact way of describing the grammar of a language.
+Each EBNF definition is made up of I<production rules>.  E.g.,
+
+ symbol ::= definition | alternate1 | alternate2 ...
+
+Each I<production rule> references others and thus makes up a
+grammar for the language.  EBNF also contains the following
+operators, which many readers will recognize from regular
+expressions.  Do not, however, confuse them with "wildcard"
+characters, which have different meanings.
+
+=over 4
+
+=item C<?>
+
+Means that the preceding symbol (or group of symbols) is optional.
+That is, it may appear once or not at all.
+
+=item C<*>
+
+Means that the preceding symbol (or group of symbols) may appear
+zero or more times.
+
+=item C<+>
+
+Means that the preceding symbol (or group of symbols) may appear
+one or more times.
+
+=back
+
+Parentheses may be used to group symbols together.  For clarity,
+we will use single quotes ('') to designate what is a verbatim character
+string (as opposed to a symbol name).
+
+=head2 Aliases
+
+There are four kinds of aliases: C<User_Alias>, C<Runas_Alias>,
+C<Host_Alias> and C<Cmnd_Alias>.
+
+ Alias ::= 'User_Alias'  User_Alias (':' User_Alias)* |
+	   'Runas_Alias' Runas_Alias (':' Runas_Alias)* |
+	   'Host_Alias'  Host_Alias (':' Host_Alias)* |
+	   'Cmnd_Alias'  Cmnd_Alias (':' Cmnd_Alias)*
+
+ User_Alias ::= NAME '=' User_List
+
+ Runas_Alias ::= NAME '=' Runas_List
+
+ Host_Alias ::= NAME '=' Host_List
+
+ Cmnd_Alias ::= NAME '=' Cmnd_List
+
+ NAME ::= [A-Z]([A-Z][0-9]_)*
+
+Each I<alias> definition is of the form
+
+ Alias_Type NAME = item1, item2, ...
+
+where I<Alias_Type> is one of C<User_Alias>, C<Runas_Alias>, C<Host_Alias>,
+or C<Cmnd_Alias>.  A C<NAME> is a string of uppercase letters, numbers,
+and underscore characters ('_').  A C<NAME> B<must> start with an
+uppercase letter.  It is possible to put several alias definitions
+of the same type on a single line, joined by a colon (':').  E.g.,
+
+ Alias_Type NAME = item1, item2, item3 : NAME = item4, item5
+
+The definitions of what constitutes a valid I<alias> member follow.
+
+ User_List ::= User |
+	       User ',' User_List
+
+ User ::= '!'* user name |
+	  '!'* '#'uid |
+	  '!'* '%'group |
+	  '!'* '+'netgroup |
+	  '!'* '%:'nonunix_group |
+	  '!'* User_Alias
+
+A C<User_List> is made up of one or more user names, uids (prefixed
+with '#'), system groups (prefixed with '%'), netgroups (prefixed
+with '+') and C<User_Alias>es.  Each list item may be prefixed with
+zero or more '!' operators.  An odd number of '!' operators negate
+the value of the item; an even number just cancel each other out.
+
+A C<user name>, C<group>, C<netgroup> or C<nonunix_group> may
+be enclosed in double quotes to avoid the need for escaping special
+characters.  Alternately, special characters may be specified in
+escaped hex mode, e.g. \x20 for space.
+
+The C<nonunix_group> syntax depends on the underlying implementation.
+For instance, the QAS AD backend supports the following formats:
+
+=over 4
+
+=item *
+
+Group in the same domain: "Group Name"
+
+=item *
+
+Group in any domain: "Group Name@FULLY.QUALIFIED.DOMAIN"
+
+=item *
+
+Group SID: "S-1-2-34-5678901234-5678901234-5678901234-567"
+
+=back
+
+Note that quotes around group names are optional.  Unquoted strings must
+use a backslash (\) to escape spaces and the '@' symbol.
+
+ Runas_List ::= Runas_Member |
+		Runas_Member ',' Runas_List
+
+ Runas_Member ::= '!'* user name |
+	          '!'* '#'uid |
+	          '!'* '%'group |
+	          '!'* +netgroup |
+	          '!'* Runas_Alias
+
+A C<Runas_List> is similar to a C<User_List> except that instead
+of C<User_Alias>es it can contain C<Runas_Alias>es.  Note that
+user names and groups are matched as strings.  In other words, two
+users (groups) with the same uid (gid) are considered to be distinct.
+If you wish to match all user names with the same uid (e.g.E<nbsp>root
+and toor), you can use a uid instead (#0 in the example given).
+
+ Host_List ::= Host |
+	       Host ',' Host_List
+
+ Host ::= '!'* host name |
+	  '!'* ip_addr |
+	  '!'* network(/netmask)? |
+	  '!'* '+'netgroup |
+	  '!'* Host_Alias
+
+A C<Host_List> is made up of one or more host names, IP addresses,
+network numbers, netgroups (prefixed with '+') and other aliases.
+Again, the value of an item may be negated with the '!' operator.
+If you do not specify a netmask along with the network number,
+B<sudo> will query each of the local host's network interfaces and,
+if the network number corresponds to one of the hosts's network
+interfaces, the corresponding netmask will be used.  The netmask
+may be specified either in standard IP address notation
+(e.g.E<nbsp>255.255.255.0 or ffff:ffff:ffff:ffff::),
+or CIDR notation (number of bits, e.g.E<nbsp>24 or 64).  A host name may
+include shell-style wildcards (see the L<Wildcards> section below),
+but unless the C<host name> command on your machine returns the fully
+qualified host name, you'll need to use the I<fqdn> option for
+wildcards to be useful.  Note B<sudo> only inspects actual network
+interfaces; this means that IP address 127.0.0.1 (localhost) will
+never match.  Also, the host name "localhost" will only match if
+that is the actual host name, which is usually only the case for
+non-networked systems.
+
+ Cmnd_List ::= Cmnd |
+	       Cmnd ',' Cmnd_List
+
+ commandname ::= file name |
+	         file name args |
+	         file name '""'
+
+ Cmnd ::= '!'* commandname |
+	  '!'* directory |
+	  '!'* "sudoedit" |
+	  '!'* Cmnd_Alias
+
+A C<Cmnd_List> is a list of one or more commandnames, directories, and other
+aliases.  A commandname is a fully qualified file name which may include
+shell-style wildcards (see the L<Wildcards> section below).  A simple
+file name allows the user to run the command with any arguments he/she
+wishes.  However, you may also specify command line arguments (including
+wildcards).  Alternately, you can specify C<""> to indicate that the command
+may only be run B<without> command line arguments.  A directory is a
+fully qualified path name ending in a '/'.  When you specify a directory
+in a C<Cmnd_List>, the user will be able to run any file within that directory
+(but not in any subdirectories therein).
+
+If a C<Cmnd> has associated command line arguments, then the arguments
+in the C<Cmnd> must match exactly those given by the user on the command line
+(or match the wildcards if there are any).  Note that the following
+characters must be escaped with a '\' if they are used in command
+arguments: ',', ':', '=', '\'.  The special command C<"sudoedit">
+is used to permit a user to run B<sudo> with the B<-e> option (or
+as B<sudoedit>).  It may take command line arguments just as
+a normal command does.
+
+=head2 Defaults
+
+Certain configuration options may be changed from their default
+values at runtime via one or more C<Default_Entry> lines.  These
+may affect all users on any host, all users on a specific host, a
+specific user, a specific command, or commands being run as a specific user.
+Note that per-command entries may not include command line arguments.
+If you need to specify arguments, define a C<Cmnd_Alias> and reference
+that instead.
+
+ Default_Type ::= 'Defaults' |
+		  'Defaults' '@' Host_List |
+		  'Defaults' ':' User_List |
+		  'Defaults' '!' Cmnd_List |
+		  'Defaults' '>' Runas_List
+
+ Default_Entry ::= Default_Type Parameter_List
+
+ Parameter_List ::= Parameter |
+		    Parameter ',' Parameter_List
+
+ Parameter ::= Parameter '=' Value |
+	       Parameter '+=' Value |
+	       Parameter '-=' Value |
+	       '!'* Parameter
+
+Parameters may be B<flags>, B<integer> values, B<strings>, or B<lists>.
+Flags are implicitly boolean and can be turned off via the '!'
+operator.  Some integer, string and list parameters may also be
+used in a boolean context to disable them.  Values may be enclosed
+in double quotes (C<">) when they contain multiple words.  Special
+characters may be escaped with a backslash (C<\>).
+
+Lists have two additional assignment operators, C<+=> and C<-=>.
+These operators are used to add to and delete from a list respectively.
+It is not an error to use the C<-=> operator to remove an element
+that does not exist in a list.
+
+Defaults entries are parsed in the following order: generic, host
+and user Defaults first, then runas Defaults and finally command
+defaults.
+
+See L<"SUDOERS OPTIONS"> for a list of supported Defaults parameters.
+
+=head2 User Specification
+
+ User_Spec ::= User_List Host_List '=' Cmnd_Spec_List \
+	       (':' Host_List '=' Cmnd_Spec_List)*
+
+ Cmnd_Spec_List ::= Cmnd_Spec |
+		    Cmnd_Spec ',' Cmnd_Spec_List
+
+ Cmnd_Spec ::= Runas_Spec? SELinux_Spec? Tag_Spec* Cmnd
+
+ Runas_Spec ::= '(' Runas_List? (':' Runas_List)? ')'
+
+ SELinux_Spec ::= ('ROLE=role' | 'TYPE=type')
+
+ Tag_Spec ::= ('NOPASSWD:' | 'PASSWD:' | 'NOEXEC:' | 'EXEC:' |
+	       'SETENV:' | 'NOSETENV:' | 'LOG_INPUT:' | 'NOLOG_INPUT:' |
+               'LOG_OUTPUT:' | 'NOLOG_OUTPUT:')
+
+A B<user specification> determines which commands a user may run
+(and as what user) on specified hosts.  By default, commands are
+run as B<root>, but this can be changed on a per-command basis.
+
+The basic structure of a user specification is `who = where (as_whom)
+what'.  Let's break that down into its constituent parts:
+
+=head2 Runas_Spec
+
+A C<Runas_Spec> determines the user and/or the group that a command
+may be run as.  A fully-specified C<Runas_Spec> consists of two
+C<Runas_List>s (as defined above) separated by a colon (':') and
+enclosed in a set of parentheses.  The first C<Runas_List> indicates
+which users the command may be run as via B<sudo>'s B<-u> option.
+The second defines a list of groups that can be specified via
+B<sudo>'s B<-g> option.  If both C<Runas_List>s are specified, the
+command may be run with any combination of users and groups listed
+in their respective C<Runas_List>s.  If only the first is specified,
+the command may be run as any user in the list but no B<-g> option
+may be specified.  If the first C<Runas_List> is empty but the
+second is specified, the command may be run as the invoking user
+with the group set to any listed in the C<Runas_List>.  If no
+C<Runas_Spec> is specified the command may be run as B<root> and
+no group may be specified.
+
+A C<Runas_Spec> sets the default for the commands that follow it.
+What this means is that for the entry:
+
+ dgb	boulder = (operator) /bin/ls, /bin/kill, /usr/bin/lprm
+
+The user B<dgb> may run F</bin/ls>, F</bin/kill>, and
+F</usr/bin/lprm> -- but only as B<operator>.  E.g.,
+
+ $ sudo -u operator /bin/ls.
+
+It is also possible to override a C<Runas_Spec> later on in an
+entry.  If we modify the entry like so:
+
+ dgb	boulder = (operator) /bin/ls, (root) /bin/kill, /usr/bin/lprm
+
+Then user B<dgb> is now allowed to run F</bin/ls> as B<operator>,
+but  F</bin/kill> and F</usr/bin/lprm> as B<root>.
+
+We can extend this to allow B<dgb> to run C</bin/ls> with either
+the user or group set to B<operator>:
+
+ dgb	boulder = (operator : operator) /bin/ls, (root) /bin/kill, \
+	/usr/bin/lprm
+
+In the following example, user B<tcm> may run commands that access
+a modem device file with the dialer group.  Note that in this example
+only the group will be set, the command still runs as user B<tcm>.
+
+ tcm	boulder = (:dialer) /usr/bin/tip, /usr/bin/cu, \
+	/usr/local/bin/minicom
+
+=head2 SELinux_Spec
+
+On systems with SELinux support, I<sudoers> entries may optionally have
+an SELinux role and/or type associated with a command.  If a role or
+type is specified with the command it will override any default values
+specified in I<sudoers>.  A role or type specified on the command line,
+however, will supercede the values in I<sudoers>.
+
+=head2 Tag_Spec
+
+A command may have zero or more tags associated with it.  There are
+eight possible tag values, C<NOPASSWD>, C<PASSWD>, C<NOEXEC>,
+C<EXEC>, C<SETENV>, C<NOSETENV>, C<LOG_INPUT>, C<NOLOG_INPUT>,
+C<LOG_OUTPUT> and C<NOLOG_OUTPUT>.  Once a tag is set on a C<Cmnd>,
+subsequent C<Cmnd>s in the C<Cmnd_Spec_List>, inherit the tag unless
+it is overridden by the opposite tag (i.e.: C<PASSWD> overrides
+C<NOPASSWD> and C<NOEXEC> overrides C<EXEC>).
+
+=head3 NOPASSWD and PASSWD
+
+By default, B<sudo> requires that a user authenticate him or herself
+before running a command.  This behavior can be modified via the
+C<NOPASSWD> tag.  Like a C<Runas_Spec>, the C<NOPASSWD> tag sets
+a default for the commands that follow it in the C<Cmnd_Spec_List>.
+Conversely, the C<PASSWD> tag can be used to reverse things.
+For example:
+
+ ray	rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
+
+would allow the user B<ray> to run F</bin/kill>, F</bin/ls>, and
+F</usr/bin/lprm> as B<root> on the machine rushmore without
+authenticating himself.  If we only want B<ray> to be able to
+run F</bin/kill> without a password the entry would be:
+
+ ray	rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
+
+Note, however, that the C<PASSWD> tag has no effect on users who are
+in the group specified by the I<exempt_group> option.
+
+By default, if the C<NOPASSWD> tag is applied to any of the entries
+for a user on the current host, he or she will be able to run
+C<sudo -l> without a password.  Additionally, a user may only run
+C<sudo -v> without a password if the C<NOPASSWD> tag is present
+for all a user's entries that pertain to the current host.
+This behavior may be overridden via the verifypw and listpw options.
+
+=head3 NOEXEC and EXEC
+
+If B<sudo> has been compiled with I<noexec> support and the underlying
+operating system supports it, the C<NOEXEC> tag can be used to prevent
+a dynamically-linked executable from running further commands itself.
+
+In the following example, user B<aaron> may run F</usr/bin/more>
+and F</usr/bin/vi> but shell escapes will be disabled.
+
+ aaron	shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
+
+See the L<PREVENTING SHELL ESCAPES> section below for more details
+on how C<NOEXEC> works and whether or not it will work on your system.
+
+=head3 SETENV and NOSETENV
+
+These tags override the value of the I<setenv> option on a per-command
+basis.  Note that if C<SETENV> has been set for a command, any
+environment variables set on the command line way are not subject
+to the restrictions imposed by I<env_check>, I<env_delete>, or
+I<env_keep>.  As such, only trusted users should be allowed to set
+variables in this manner.  If the command matched is B<ALL>, the
+C<SETENV> tag is implied for that command; this default may
+be overridden by use of the C<NOSETENV> tag.
+
+=head3 LOG_INPUT and NOLOG_INPUT
+
+These tags override the value of the I<log_input> option on a
+per-command basis.  For more information, see the description of
+I<log_input> in the L<"SUDOERS OPTIONS"> section below.
+
+=head3 LOG_OUTPUT and NOLOG_OUTPUT
+
+These tags override the value of the I<log_output> option on a
+per-command basis.  For more information, see the description of
+I<log_output> in the L<"SUDOERS OPTIONS"> section below.
+
+=head2 Wildcards
+
+B<sudo> allows shell-style I<wildcards> (aka meta or glob characters)
+to be used in host names, path names and command line arguments in
+the I<sudoers> file.  Wildcard matching is done via the B<POSIX>
+L<glob(3)> and L<fnmatch(3)> routines.  Note that these are I<not>
+regular expressions.
+
+=over 8
+
+=item C<*>
+
+Matches any set of zero or more characters.
+
+=item C<?>
+
+Matches any single character.
+
+=item C<[...]>
+
+Matches any character in the specified range.
+
+=item C<[!...]>
+
+Matches any character B<not> in the specified range.
+
+=item C<\x>
+
+For any character "x", evaluates to "x".  This is used to
+escape special characters such as: "*", "?", "[", and "}".
+
+=back
+
+POSIX character classes may also be used if your system's L<glob(3)>
+and L<fnmatch(3)> functions support them.  However, because the
+C<':'> character has special meaning in I<sudoers>, it must be
+escaped.  For example:
+
+    /bin/ls [[\:alpha\:]]*
+
+Would match any file name beginning with a letter.
+
+Note that a forward slash ('/') will B<not> be matched by
+wildcards used in the path name.  When matching the command
+line arguments, however, a slash B<does> get matched by
+wildcards.  This is to make a path like:
+
+    /usr/bin/*
+
+match F</usr/bin/who> but not F</usr/bin/X11/xterm>.
+
+=head2 Exceptions to wildcard rules
+
+The following exceptions apply to the above rules:
+
+=over 8
+
+=item C<"">
+
+If the empty string C<""> is the only command line argument in the
+I<sudoers> entry it means that command is not allowed to be run
+with B<any> arguments.
+
+=back
+
+=head2 Including other files from within sudoers
+
+It is possible to include other I<sudoers> files from within the
+I<sudoers> file currently being parsed using the C<#include> and
+C<#includedir> directives.
+
+This can be used, for example, to keep a site-wide I<sudoers> file
+in addition to a local, per-machine file.  For the sake of this
+example the site-wide I<sudoers> will be F</etc/sudoers> and the
+per-machine one will be F</etc/sudoers.local>.  To include
+F</etc/sudoers.local> from within F</etc/sudoers> we would use the
+following line in F</etc/sudoers>:
+
+=over 4
+
+C<#include /etc/sudoers.local>
+
+=back
+
+When B<sudo> reaches this line it will suspend processing of the
+current file (F</etc/sudoers>) and switch to F</etc/sudoers.local>.
+Upon reaching the end of F</etc/sudoers.local>, the rest of
+F</etc/sudoers> will be processed.  Files that are included may
+themselves include other files.  A hard limit of 128 nested include
+files is enforced to prevent include file loops.
+
+The file name may include the C<%h> escape, signifying the short form
+of the host name.  I.e., if the machine's host name is "xerxes", then
+
+C<#include /etc/sudoers.%h>
+
+will cause B<sudo> to include the file F</etc/sudoers.xerxes>.
+
+The C<#includedir> directive can be used to create a F<sudo.d>
+directory that the system package manager can drop I<sudoers> rules
+into as part of package installation.  For example, given:
+
+C<#includedir /etc/sudoers.d>
+
+B<sudo> will read each file in F</etc/sudoers.d>, skipping file
+names that end in C<~> or contain a C<.> character to avoid causing
+problems with package manager or editor temporary/backup files.
+Files are parsed in sorted lexical order.  That is,
+F</etc/sudoers.d/01_first> will be parsed before
+F</etc/sudoers.d/10_second>.  Be aware that because the sorting is
+lexical, not numeric, F</etc/sudoers.d/1_whoops> would be loaded
+B<after> F</etc/sudoers.d/10_second>.  Using a consistent number
+of leading zeroes in the file names can be used to avoid such
+problems.
+
+Note that unlike files included via C<#include>, B<visudo> will not
+edit the files in a C<#includedir> directory unless one of them
+contains a syntax error.  It is still possible to run B<visudo>
+with the C<-f> flag to edit the files directly.
+
+=head2 Other special characters and reserved words
+
+The pound sign ('#') is used to indicate a comment (unless it is
+part of a #include directive or unless it occurs in the context of
+a user name and is followed by one or more digits, in which case
+it is treated as a uid).  Both the comment character and any text
+after it, up to the end of the line, are ignored.
+
+The reserved word B<ALL> is a built-in I<alias> that always causes
+a match to succeed.  It can be used wherever one might otherwise
+use a C<Cmnd_Alias>, C<User_Alias>, C<Runas_Alias>, or C<Host_Alias>.
+You should not try to define your own I<alias> called B<ALL> as the
+built-in alias will be used in preference to your own.  Please note
+that using B<ALL> can be dangerous since in a command context, it
+allows the user to run B<any> command on the system.
+
+An exclamation point ('!') can be used as a logical I<not> operator
+both in an I<alias> and in front of a C<Cmnd>.  This allows one to
+exclude certain values.  Note, however, that using a C<!> in
+conjunction with the built-in C<ALL> alias to allow a user to
+run "all but a few" commands rarely works as intended (see SECURITY
+NOTES below).
+
+Long lines can be continued with a backslash ('\') as the last
+character on the line.
+
+Whitespace between elements in a list as well as special syntactic
+characters in a I<User Specification> ('=', ':', '(', ')') is optional.
+
+The following characters must be escaped with a backslash ('\') when
+used as part of a word (e.g.E<nbsp>a user name or host name):
+'@', '!', '=', ':', ',', '(', ')', '\'.
+
+=head1 SUDOERS OPTIONS
+
+B<sudo>'s behavior can be modified by C<Default_Entry> lines, as
+explained earlier.  A list of all supported Defaults parameters,
+grouped by type, are listed below.
+
+B<Boolean Flags>:
+
+=over 16
+
+=item always_set_home
+
+If enabled, B<sudo> will set the C<HOME> environment variable to the
+home directory of the target user (which is root unless the B<-u>
+option is used).  This effectively means that the B<-H> option is
+always implied.  Note that C<HOME> is already set when the the
+I<env_reset> option is enabled, so I<always_set_home> is only
+effective for configurations where I<env_reset> is disabled.
+This flag is I<off> by default.
+
+=item authenticate
+
+If set, users must authenticate themselves via a password (or other
+means of authentication) before they may run commands.  This default
+may be overridden via the C<PASSWD> and C<NOPASSWD> tags.
+This flag is I<on> by default.
+
+=item closefrom_override
+
+If set, the user may use B<sudo>'s B<-C> option which
+overrides the default starting point at which B<sudo> begins
+closing open file descriptors.  This flag is I<off> by default.
+
+=item compress_io
+
+If set, and B<sudo> is configured to log a command's input or output,
+the I/O logs will be compressed using B<zlib>.  This flag is I<on>
+by default when B<sudo> is compiled with B<zlib> support.
+
+=item env_editor
+
+If set, B<visudo> will use the value of the EDITOR or VISUAL
+environment variables before falling back on the default editor list.
+Note that this may create a security hole as it allows the user to
+run any arbitrary command as root without logging.  A safer alternative
+is to place a colon-separated list of editors in the C<editor>
+variable.  B<visudo> will then only use the EDITOR or VISUAL if
+they match a value specified in C<editor>.  This flag is I<@env_editor@> by
+default.
+
+=item env_reset
+
+If set, B<sudo> will reset the environment to only contain the
+LOGNAME, MAIL, SHELL, USER, USERNAME and the C<SUDO_*> variables.  Any
+variables in the caller's environment that match the C<env_keep>
+and C<env_check> lists are then added.  The default contents of the
+C<env_keep> and C<env_check> lists are displayed when B<sudo> is
+run by root with the I<-V> option.  If the I<secure_path> option
+is set, its value will be used for the C<PATH> environment variable.
+This flag is I<on> by default.
+
+=item fast_glob
+
+Normally, B<sudo> uses the L<glob(3)> function to do shell-style
+globbing when matching path names.  However, since it accesses the
+file system, L<glob(3)> can take a long time to complete for some
+patterns, especially when the pattern references a network file
+system that is mounted on demand (automounted).  The I<fast_glob>
+option causes B<sudo> to use the L<fnmatch(3)> function, which does
+not access the file system to do its matching.  The disadvantage
+of I<fast_glob> is that it is unable to match relative path names
+such as F<./ls> or F<../bin/ls>.  This has security implications
+when path names that include globbing characters are used with the
+negation operator, C<'!'>, as such rules can be trivially bypassed.
+As such, this option should not be used when I<sudoers> contains rules 
+that contain negated path names which include globbing characters.
+This flag is I<off> by default.
+
+=item fqdn
+
+Set this flag if you want to put fully qualified host names in the
+I<sudoers> file.  I.e., instead of myhost you would use myhost.mydomain.edu.
+You may still use the short form if you wish (and even mix the two).
+Beware that turning on I<fqdn> requires B<sudo> to make DNS lookups
+which may make B<sudo> unusable if DNS stops working (for example
+if the machine is not plugged into the network).  Also note that
+you must use the host's official name as DNS knows it.  That is,
+you may not use a host alias (C<CNAME> entry) due to performance
+issues and the fact that there is no way to get all aliases from
+DNS.  If your machine's host name (as returned by the C<hostname>
+command) is already fully qualified you shouldn't need to set
+I<fqdn>.  This flag is I<@fqdn@> by default.
+
+=item ignore_dot
+
+If set, B<sudo> will ignore '.' or '' (current dir) in the C<PATH>
+environment variable; the C<PATH> itself is not modified.  This
+flag is I<@ignore_dot@> by default.
+
+=item ignore_local_sudoers
+
+If set via LDAP, parsing of F<@sysconfdir@/sudoers> will be skipped.
+This is intended for Enterprises that wish to prevent the usage of local
+sudoers files so that only LDAP is used.  This thwarts the efforts of
+rogue operators who would attempt to add roles to F<@sysconfdir@/sudoers>.
+When this option is present, F<@sysconfdir@/sudoers> does not even need to
+exist. Since this option tells B<sudo> how to behave when no specific LDAP
+entries have been matched, this sudoOption is only meaningful for the
+C<cn=defaults> section.  This flag is I<off> by default.
+
+=item insults
+
+If set, B<sudo> will insult users when they enter an incorrect
+password.  This flag is I<@insults@> by default.
+
+=item log_host
+
+If set, the host name will be logged in the (non-syslog) B<sudo> log file.
+This flag is I<off> by default.
+
+=item log_year
+
+If set, the four-digit year will be logged in the (non-syslog) B<sudo> log file.
+This flag is I<off> by default.
+
+=item long_otp_prompt
+
+When validating with a One Time Password (OPT) scheme such as
+B<S/Key> or B<OPIE>, a two-line prompt is used to make it easier
+to cut and paste the challenge to a local window.  It's not as
+pretty as the default but some people find it more convenient.  This
+flag is I<@long_otp_prompt@> by default.
+
+=item mail_always
+
+Send mail to the I<mailto> user every time a users runs B<sudo>.
+This flag is I<off> by default.
+
+=item mail_badpass
+
+Send mail to the I<mailto> user if the user running B<sudo> does not
+enter the correct password.  This flag is I<off> by default.
+
+=item mail_no_host
+
+If set, mail will be sent to the I<mailto> user if the invoking
+user exists in the I<sudoers> file, but is not allowed to run
+commands on the current host.  This flag is I<@mail_no_host@> by default.
+
+=item mail_no_perms
+
+If set, mail will be sent to the I<mailto> user if the invoking
+user is allowed to use B<sudo> but the command they are trying is not
+listed in their I<sudoers> file entry or is explicitly denied.
+This flag is I<@mail_no_perms@> by default.
+
+=item mail_no_user
+
+If set, mail will be sent to the I<mailto> user if the invoking
+user is not in the I<sudoers> file.  This flag is I<@mail_no_user@>
+by default.
+
+=item noexec
+
+If set, all commands run via B<sudo> will behave as if the C<NOEXEC>
+tag has been set, unless overridden by a C<EXEC> tag.  See the
+description of I<NOEXEC and EXEC> below as well as the L<PREVENTING SHELL
+ESCAPES> section at the end of this manual.  This flag is I<off> by default.
+
+=item path_info
+
+Normally, B<sudo> will tell the user when a command could not be
+found in their C<PATH> environment variable.  Some sites may wish
+to disable this as it could be used to gather information on the
+location of executables that the normal user does not have access
+to.  The disadvantage is that if the executable is simply not in
+the user's C<PATH>, B<sudo> will tell the user that they are not
+allowed to run it, which can be confusing.  This flag is I<@path_info@>
+by default.
+
+=item passprompt_override
+
+The password prompt specified by I<passprompt> will normally only
+be used if the password prompt provided by systems such as PAM matches
+the string "Password:".  If I<passprompt_override> is set, I<passprompt>
+will always be used.  This flag is I<off> by default.
+
+=item preserve_groups
+
+By default, B<sudo> will initialize the group vector to the list of
+groups the target user is in.  When I<preserve_groups> is set, the
+user's existing group vector is left unaltered.  The real and
+effective group IDs, however, are still set to match the target
+user.  This flag is I<off> by default.
+
+=item pwfeedback
+
+By default, B<sudo> reads the password like most other Unix programs,
+by turning off echo until the user hits the return (or enter) key.
+Some users become confused by this as it appears to them that B<sudo>
+has hung at this point.  When I<pwfeedback> is set, B<sudo> will
+provide visual feedback when the user presses a key.  Note that
+this does have a security impact as an onlooker may be able to
+determine the length of the password being entered.
+This flag is I<off> by default.
+
+=item requiretty
+
+If set, B<sudo> will only run when the user is logged in to a real
+tty.  When this flag is set, B<sudo> can only be run from a login
+session and not via other means such as L<cron(8)> or cgi-bin scripts.
+This flag is I<off> by default.
+
+=item root_sudo
+
+If set, root is allowed to run B<sudo> too.  Disabling this prevents users
+from "chaining" B<sudo> commands to get a root shell by doing something
+like C<"sudo sudo /bin/sh">.  Note, however, that turning off I<root_sudo>
+will also prevent root from running B<sudoedit>.
+Disabling I<root_sudo> provides no real additional security; it
+exists purely for historical reasons.
+This flag is I<@root_sudo@> by default.
+
+=item rootpw
+
+If set, B<sudo> will prompt for the root password instead of the password
+of the invoking user.  This flag is I<off> by default.
+
+=item runaspw
+
+If set, B<sudo> will prompt for the password of the user defined by the
+I<runas_default> option (defaults to C<@runas_default@>) instead of the
+password of the invoking user.  This flag is I<off> by default.
+
+=item set_home
+
+If enabled and B<sudo> is invoked with the B<-s> option the C<HOME>
+environment variable will be set to the home directory of the target
+user (which is root unless the B<-u> option is used).  This effectively
+makes the B<-s> option imply B<-H>.  Note that C<HOME> is already
+set when the the I<env_reset> option is enabled, so I<set_home> is
+only effective for configurations where I<env_reset> is disabled.
+This flag is I<off> by default.
+
+=item set_logname
+
+Normally, B<sudo> will set the C<LOGNAME>, C<USER> and C<USERNAME>
+environment variables to the name of the target user (usually root
+unless the B<-u> option is given).  However, since some programs
+(including the RCS revision control system) use C<LOGNAME> to
+determine the real identity of the user, it may be desirable to
+change this behavior.  This can be done by negating the set_logname
+option.  Note that if the I<env_reset> option has not been disabled,
+entries in the I<env_keep> list will override the value of
+I<set_logname>.  This flag is I<on> by default.
+
+=item setenv
+
+Allow the user to disable the I<env_reset> option from the command
+line.  Additionally, environment variables set via the command line
+are not subject to the restrictions imposed by I<env_check>,
+I<env_delete>, or I<env_keep>.  As such, only trusted users should
+be allowed to set variables in this manner.  This flag is I<off>
+by default.
+
+=item shell_noargs
+
+If set and B<sudo> is invoked with no arguments it acts as if the
+B<-s> option had been given.  That is, it runs a shell as root (the
+shell is determined by the C<SHELL> environment variable if it is
+set, falling back on the shell listed in the invoking user's
+/etc/passwd entry if not).  This flag is I<off> by default.
+
+=item stay_setuid
+
+Normally, when B<sudo> executes a command the real and effective
+UIDs are set to the target user (root by default).  This option
+changes that behavior such that the real UID is left as the invoking
+user's UID.  In other words, this makes B<sudo> act as a setuid
+wrapper.  This can be useful on systems that disable some potentially
+dangerous functionality when a program is run setuid.  This option
+is only effective on systems with either the setreuid() or setresuid()
+function.  This flag is I<off> by default.
+
+=item targetpw
+
+If set, B<sudo> will prompt for the password of the user specified
+by the B<-u> option (defaults to C<root>) instead of the password
+of the invoking user.  In addition, the timestamp file name will
+include the target user's name.  Note that this flag precludes the
+use of a uid not listed in the passwd database as an argument to
+the B<-u> option.  This flag is I<off> by default.
+
+=item log_input
+
+If set, B<sudo> will run the command in a I<pseudo tty> and log all
+user input.
+If the standard input is not connected to the user's tty, due to
+I/O redirection or because the command is part of a pipeline, that
+input is also captured and stored in a separate log file.
+
+Input is logged to the F</var/log/sudo-io> directory using a unique
+session ID that is included in the normal B<sudo> log line, prefixed
+with I<TSID=>.
+
+=item log_output
+
+If set, B<sudo> will run the command in a I<pseudo tty> and log all
+output that is sent to the screen, similar to the script(1) command.
+If the standard output or standard error is not connected to the
+user's tty, due to I/O redirection or because the command is part
+of a pipeline, that output is also captured and stored in separate
+log files.
+
+Output is logged to the
+F</var/log/sudo-io> directory using a unique session ID that is
+included in the normal B<sudo> log line, prefixed with I<TSID=>.
+
+Output logs may be viewed with the L<sudoreplay(8)> utility, which
+can also be used to list or search the available logs.
+
+=item tty_tickets
+
+If set, users must authenticate on a per-tty basis.  With this flag
+enabled, B<sudo> will use a file named for the tty the user is
+logged in on in the user's time stamp directory.  If disabled, the
+time stamp of the directory is used instead.  This flag is
+I<@tty_tickets@> by default.
+
+=item umask_override
+
+If set, B<sudo> will set the umask as specified by I<sudoers> without
+modification.  This makes it possible to specify a more permissive
+umask in I<sudoers> than the user's own umask and matches historical
+behavior.  If I<umask_override> is not set, B<sudo> will set the
+umask to be the union of the user's umask and what is specified in
+I<sudoers>.  This flag is I<off> by default.
+
+=item use_loginclass
+
+If set, B<sudo> will apply the defaults specified for the target user's
+login class if one exists.  Only available if B<sudo> is configured with
+the --with-logincap option.  This flag is I<off> by default.
+
+=item use_pty
+
+If set, B<sudo> will run the command in a pseudo-pty even if no I/O
+logging is being gone.  A malicious program run under B<sudo> could
+conceivably fork a background process that retains to the user's
+terminal device after the main program has finished executing.  Use
+of this option will make that impossible.
+
+=item visiblepw
+
+By default, B<sudo> will refuse to run if the user must enter a
+password but it is not possible to disable echo on the terminal.
+If the I<visiblepw> flag is set, B<sudo> will prompt for a password
+even when it would be visible on the screen.  This makes it possible
+to run things like C<"rsh somehost sudo ls"> since L<rsh(1)> does
+not allocate a tty.  This flag is I<off> by default.
+
+=back
+
+B<Integers>:
+
+=over 16
+
+=item closefrom
+
+Before it executes a command, B<sudo> will close all open file
+descriptors other than standard input, standard output and standard
+error (ie: file descriptors 0-2).  The I<closefrom> option can be used
+to specify a different file descriptor at which to start closing.
+The default is C<3>.
+
+=item passwd_tries
+
+The number of tries a user gets to enter his/her password before
+B<sudo> logs the failure and exits.  The default is C<@passwd_tries@>.
+
+=back
+
+B<Integers that can be used in a boolean context>:
+
+=over 16
+
+=item loglinelen
+
+Number of characters per line for the file log.  This value is used
+to decide when to wrap lines for nicer log files.  This has no
+effect on the syslog log file, only the file log.  The default is
+C<@loglen@> (use 0 or negate the option to disable word wrap).
+
+=item passwd_timeout
+
+Number of minutes before the B<sudo> password prompt times out, or
+C<0> for no timeout.  The timeout may include a fractional component
+if minute granularity is insufficient, for example C<2.5>.  The
+default is C<@password_timeout@>.
+
+=item timestamp_timeout
+
+Number of minutes that can elapse before B<sudo> will ask for a
+passwd again.  The timeout may include a fractional component if
+minute granularity is insufficient, for example C<2.5>.  The default
+is C<@timeout@>.  Set this to C<0> to always prompt for a password.
+If set to a value less than C<0> the user's timestamp will never
+expire.  This can be used to allow users to create or delete their
+own timestamps via C<sudo -v> and C<sudo -k> respectively.
+
+=item umask
+
+Umask to use when running the command.  Negate this option or set
+it to 0777 to preserve the user's umask.  The actual umask that is
+used will be the union of the user's umask and C<@sudo_umask@>.
+This guarantees that B<sudo> never lowers the umask when running a
+command.  Note on systems that use PAM, the default PAM configuration
+may specify its own umask which will override the value set in
+I<sudoers>.
+
+=back
+
+B<Strings>:
+
+=over 16
+
+=item badpass_message
+
+Message that is displayed if a user enters an incorrect password.
+The default is C<@badpass_message@> unless insults are enabled.
+
+=item editor
+
+A colon (':') separated list of editors allowed to be used with
+B<visudo>.  B<visudo> will choose the editor that matches the user's
+EDITOR environment variable if possible, or the first editor in the
+list that exists and is executable.  The default is C<"@editor@">.
+
+=item mailsub
+
+Subject of the mail sent to the I<mailto> user. The escape C<%h>
+will expand to the host name of the machine.
+Default is C<@mailsub@>.
+
+=item noexec_file
+
+Path to a shared library containing dummy versions of the execv(),
+execve() and fexecve() library functions that just return an error.
+This is used to implement the I<noexec> functionality on systems that
+support C<LD_PRELOAD> or its equivalent.  Defaults to F<@noexec_file@>.
+
+=item passprompt
+
+The default prompt to use when asking for a password; can be overridden
+via the B<-p> option or the C<SUDO_PROMPT> environment variable.
+The following percent (`C<%>') escapes are supported:
+
+=over 4
+
+=item C<%H>
+
+expanded to the local host name including the domain name
+(on if the machine's host name is fully qualified or the I<fqdn>
+option is set)
+
+=item C<%h>
+
+expanded to the local host name without the domain name
+
+=item C<%p>
+
+expanded to the user whose password is being asked for (respects the 
+I<rootpw>, I<targetpw> and I<runaspw> flags in I<sudoers>)
+
+=item C<%U>
+
+expanded to the login name of the user the command will
+be run as (defaults to root)
+
+=item C<%u>
+
+expanded to the invoking user's login name
+
+=item C<%%>
+
+two consecutive C<%> characters are collapsed into a single C<%> character
+
+=back
+
+The default value is C<@passprompt@>.
+
+=item role
+
+The default SELinux role to use when constructing a new security
+context to run the command.  The default role may be overridden on
+a per-command basis in I<sudoers> or via command line options.
+This option is only available whe B<sudo> is built with SELinux support.
+
+=item runas_default
+
+The default user to run commands as if the B<-u> option is not specified
+on the command line.  This defaults to C<@runas_default@>.
+Note that if I<runas_default> is set it B<must> occur before
+any C<Runas_Alias> specifications.
+
+=item syslog_badpri
+
+Syslog priority to use when user authenticates unsuccessfully.
+Defaults to C<@badpri@>.
+
+=item syslog_goodpri
+
+Syslog priority to use when user authenticates successfully.
+Defaults to C<@goodpri@>.
+
+=item sudoers_locale
+
+Locale to use when parsing the sudoers file.  Note that changing
+the locale may affect how sudoers is interpreted.
+Defaults to C<"C">.
+
+=item timestampdir
+
+The directory in which B<sudo> stores its timestamp files.
+The default is F<@timedir@>.
+
+=item timestampowner
+
+The owner of the timestamp directory and the timestamps stored therein.
+The default is C<root>.
+
+=item type
+
+The default SELinux type to use when constructing a new security
+context to run the command.  The default type may be overridden on
+a per-command basis in I<sudoers> or via command line options.
+This option is only available whe B<sudo> is built with SELinux support.
+
+=back
+
+B<Strings that can be used in a boolean context>:
+
+=over 12
+
+=item askpass
+
+The I<askpass> option specifies the fully qualified path to a helper
+program used to read the user's password when no terminal is
+available.  This may be the case when B<sudo> is executed from a
+graphical (as opposed to text-based) application.  The program
+specified by I<askpass> should display the argument passed to it
+as the prompt and write the user's password to the standard output.
+The value of I<askpass> may be overridden by the C<SUDO_ASKPASS>
+environment variable.
+
+=item env_file
+
+The I<env_file> options specifies the fully qualified path to a
+file containing variables to be set in the environment of the program
+being run.  Entries in this file should either be of the form
+C<VARIABLE=value> or C<export VARIABLE=value>.  The value may
+optionally be surrounded by single or double quotes.  Variables in
+this file are subject to other B<sudo> environment settings such
+as I<env_keep> and I<env_check>.
+
+=item exempt_group
+
+Users in this group are exempt from password and PATH requirements.
+This is not set by default.
+
+=item lecture
+
+This option controls when a short lecture will be printed along with
+the password prompt.  It has the following possible values:
+
+=over 8
+
+=item always
+
+Always lecture the user.
+
+=item never
+
+Never lecture the user.
+
+=item once
+
+Only lecture the user the first time they run B<sudo>.
+
+=back
+
+If no value is specified, a value of I<once> is implied.
+Negating the option results in a value of I<never> being used.
+The default value is I<@lecture@>.
+
+=item lecture_file
+
+Path to a file containing an alternate B<sudo> lecture that will
+be used in place of the standard lecture if the named file exists.
+By default, B<sudo> uses a built-in lecture.
+
+=item listpw
+
+This option controls when a password will be required when a
+user runs B<sudo> with the B<-l> option.  It has the following possible values:
+
+=over 8
+
+=item all
+
+All the user's I<sudoers> entries for the current host must have
+the C<NOPASSWD> flag set to avoid entering a password.
+
+=item always
+
+The user must always enter a password to use the B<-l> option.
+
+=item any
+
+At least one of the user's I<sudoers> entries for the current host
+must have the C<NOPASSWD> flag set to avoid entering a password.
+
+=item never
+
+The user need never enter a password to use the B<-l> option.
+
+=back
+
+If no value is specified, a value of I<any> is implied.
+Negating the option results in a value of I<never> being used.
+The default value is I<any>.
+
+=item logfile
+
+Path to the B<sudo> log file (not the syslog log file).  Setting a path
+turns on logging to a file; negating this option turns it off.
+By default, B<sudo> logs via syslog.
+
+=item mailerflags
+
+Flags to use when invoking mailer. Defaults to B<-t>.
+
+=item mailerpath
+
+Path to mail program used to send warning mail.
+Defaults to the path to sendmail found at configure time.
+
+=item mailfrom
+
+Address to use for the "from" address when sending warning and error
+mail.  The address should be enclosed in double quotes (C<">) to
+protect against B<sudo> interpreting the C<@> sign.  Defaults to
+the name of the user running B<sudo>.
+
+=item mailto
+
+Address to send warning and error mail to.  The address should
+be enclosed in double quotes (C<">) to protect against B<sudo>
+interpreting the C<@> sign.  Defaults to C<@mailto@>.
+
+=item secure_path
+
+Path used for every command run from B<sudo>.  If you don't trust the
+people running B<sudo> to have a sane C<PATH> environment variable you may
+want to use this.  Another use is if you want to have the "root path"
+be separate from the "user path."  Users in the group specified by the
+I<exempt_group> option are not affected by I<secure_path>.
+This option is @secure_path@ by default.
+
+=item syslog
+
+Syslog facility if syslog is being used for logging (negate to
+disable syslog logging).  Defaults to C<@logfac@>.
+
+=item verifypw
+
+This option controls when a password will be required when a user runs
+B<sudo> with the B<-v> option.  It has the following possible values:
+
+=over 8
+
+=item all
+
+All the user's I<sudoers> entries for the current host must have
+the C<NOPASSWD> flag set to avoid entering a password.
+
+=item always
+
+The user must always enter a password to use the B<-v> option.
+
+=item any
+
+At least one of the user's I<sudoers> entries for the current host
+must have the C<NOPASSWD> flag set to avoid entering a password.
+
+=item never
+
+The user need never enter a password to use the B<-v> option.
+
+=back
+
+If no value is specified, a value of I<all> is implied.
+Negating the option results in a value of I<never> being used.
+The default value is I<all>.
+
+=back
+
+B<Lists that can be used in a boolean context>:
+
+=over 16
+
+=item env_check
+
+Environment variables to be removed from the user's environment if
+the variable's value contains C<%> or C</> characters.  This can
+be used to guard against printf-style format vulnerabilities in
+poorly-written programs.  The argument may be a double-quoted,
+space-separated list or a single value without double-quotes.  The
+list can be replaced, added to, deleted from, or disabled by using
+the C<=>, C<+=>, C<-=>, and C<!> operators respectively.  Regardless
+of whether the C<env_reset> option is enabled or disabled, variables
+specified by C<env_check> will be preserved in the environment if
+they pass the aforementioned check.  The default list of environment
+variables to check is displayed when B<sudo> is run by root with
+the I<-V> option.
+
+=item env_delete
+
+Environment variables to be removed from the user's environment
+when the I<env_reset> option is not in effect.  The argument may
+be a double-quoted, space-separated list or a single value without
+double-quotes.  The list can be replaced, added to, deleted from,
+or disabled by using the C<=>, C<+=>, C<-=>, and C<!> operators
+respectively.  The default list of environment variables to remove
+is displayed when B<sudo> is run by root with the I<-V> option.
+Note that many operating systems will remove potentially dangerous
+variables from the environment of any setuid process (such as
+B<sudo>).
+
+=item env_keep
+
+Environment variables to be preserved in the user's environment
+when the I<env_reset> option is in effect.  This allows fine-grained
+control over the environment B<sudo>-spawned processes will receive.
+The argument may be a double-quoted, space-separated list or a
+single value without double-quotes.  The list can be replaced, added
+to, deleted from, or disabled by using the C<=>, C<+=>, C<-=>, and
+C<!> operators respectively.  The default list of variables to keep
+is displayed when B<sudo> is run by root with the I<-V> option.
+
+=back
+
+When logging via L<syslog(3)>, B<sudo> accepts the following values
+for the syslog facility (the value of the B<syslog> Parameter):
+B<authpriv> (if your OS supports it), B<auth>, B<daemon>, B<user>,
+B<local0>, B<local1>, B<local2>, B<local3>, B<local4>, B<local5>,
+B<local6>, and B<local7>.  The following syslog priorities are
+supported: B<alert>, B<crit>, B<debug>, B<emerg>, B<err>, B<info>,
+B<notice>, and B<warning>.
+
+=head1 FILES
+
+=over 24
+
+=item F<@sysconfdir@/sudoers>
+
+List of who can run what
+
+=item F</etc/group>
+
+Local groups file
+
+=item F</etc/netgroup>
+
+List of network groups
+
+=item F</var/log/sudo-io>
+
+I/O log files
+
+=back
+
+=head1 EXAMPLES
+
+Below are example I<sudoers> entries.  Admittedly, some of
+these are a bit contrived.  First, we allow a few environment
+variables to pass and then define our I<aliases>:
+
+ # Run X applications through sudo; HOME is used to find the
+ # .Xauthority file.  Note that other programs use HOME to find
+ # configuration files and this may lead to privilege escalation!
+ Defaults env_keep += "DISPLAY HOME"
+
+ # User alias specification
+ User_Alias	FULLTIMERS = millert, mikef, dowdy
+ User_Alias	PARTTIMERS = bostley, jwfox, crawl
+ User_Alias	WEBMASTERS = will, wendy, wim
+
+ # Runas alias specification
+ Runas_Alias	OP = root, operator
+ Runas_Alias	DB = oracle, sybase
+ Runas_Alias	ADMINGRP = adm, oper
+
+ # Host alias specification
+ Host_Alias	SPARC = bigtime, eclipse, moet, anchor :\
+		SGI = grolsch, dandelion, black :\
+		ALPHA = widget, thalamus, foobar :\
+		HPPA = boa, nag, python
+ Host_Alias	CUNETS = 128.138.0.0/255.255.0.0
+ Host_Alias	CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
+ Host_Alias	SERVERS = master, mail, www, ns
+ Host_Alias	CDROM = orion, perseus, hercules
+
+ # Cmnd alias specification
+ Cmnd_Alias	DUMPS = /usr/bin/mt, /usr/sbin/dump, /usr/sbin/rdump,\
+			/usr/sbin/restore, /usr/sbin/rrestore
+ Cmnd_Alias	KILL = /usr/bin/kill
+ Cmnd_Alias	PRINTING = /usr/sbin/lpc, /usr/bin/lprm
+ Cmnd_Alias	SHUTDOWN = /usr/sbin/shutdown
+ Cmnd_Alias	HALT = /usr/sbin/halt
+ Cmnd_Alias	REBOOT = /usr/sbin/reboot
+ Cmnd_Alias	SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
+			 /usr/local/bin/tcsh, /usr/bin/rsh, \
+			 /usr/local/bin/zsh
+ Cmnd_Alias	SU = /usr/bin/su
+ Cmnd_Alias	PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
+
+Here we override some of the compiled in default values.  We want
+B<sudo> to log via L<syslog(3)> using the I<auth> facility in all
+cases.  We don't want to subject the full time staff to the B<sudo>
+lecture, user B<millert> need not give a password, and we don't
+want to reset the C<LOGNAME>, C<USER> or C<USERNAME> environment
+variables when running commands as root.  Additionally, on the
+machines in the I<SERVERS> C<Host_Alias>, we keep an additional
+local log file and make sure we log the year in each log line since
+the log entries will be kept around for several years.  Lastly, we
+disable shell escapes for the commands in the PAGERS C<Cmnd_Alias>
+(F</usr/bin/more>, F</usr/bin/pg> and F</usr/bin/less>).
+
+ # Override built-in defaults
+ Defaults		syslog=auth
+ Defaults>root		!set_logname
+ Defaults:FULLTIMERS	!lecture
+ Defaults:millert	!authenticate
+ Defaults@SERVERS	log_year, logfile=/var/log/sudo.log
+ Defaults!PAGERS	noexec
+
+The I<User specification> is the part that actually determines who may
+run what.
+
+ root		ALL = (ALL) ALL
+ %wheel		ALL = (ALL) ALL
+
+We let B<root> and any user in group B<wheel> run any command on any
+host as any user.
+
+ FULLTIMERS	ALL = NOPASSWD: ALL
+
+Full time sysadmins (B<millert>, B<mikef>, and B<dowdy>) may run any
+command on any host without authenticating themselves.
+
+ PARTTIMERS	ALL = ALL
+
+Part time sysadmins (B<bostley>, B<jwfox>, and B<crawl>) may run any
+command on any host but they must authenticate themselves first
+(since the entry lacks the C<NOPASSWD> tag).
+
+ jack		CSNETS = ALL
+
+The user B<jack> may run any command on the machines in the I<CSNETS> alias
+(the networks C<128.138.243.0>, C<128.138.204.0>, and C<128.138.242.0>).
+Of those networks, only C<128.138.204.0> has an explicit netmask (in
+CIDR notation) indicating it is a class C network.  For the other
+networks in I<CSNETS>, the local machine's netmask will be used
+during matching.
+
+ lisa		CUNETS = ALL
+
+The user B<lisa> may run any command on any host in the I<CUNETS> alias
+(the class B network C<128.138.0.0>).
+
+ operator	ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\
+		sudoedit /etc/printcap, /usr/oper/bin/
+
+The B<operator> user may run commands limited to simple maintenance.
+Here, those are commands related to backups, killing processes, the
+printing system, shutting down the system, and any commands in the
+directory F</usr/oper/bin/>.
+
+ joe		ALL = /usr/bin/su operator
+
+The user B<joe> may only L<su(1)> to operator.
+
+ pete		HPPA = /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root
+
+ %opers		ALL = (: ADMINGRP) /usr/sbin/
+
+Users in the B<opers> group may run commands in F</usr/sbin/> as themselves
+with any group in the I<ADMINGRP> C<Runas_Alias> (the B<adm> and B<oper>
+groups).
+
+The user B<pete> is allowed to change anyone's password except for
+root on the I<HPPA> machines.  Note that this assumes L<passwd(1)>
+does not take multiple user names on the command line.
+
+ bob		SPARC = (OP) ALL : SGI = (OP) ALL
+
+The user B<bob> may run anything on the I<SPARC> and I<SGI> machines
+as any user listed in the I<OP> C<Runas_Alias> (B<root> and B<operator>).
+
+ jim		+biglab = ALL
+
+The user B<jim> may run any command on machines in the I<biglab> netgroup.
+B<sudo> knows that "biglab" is a netgroup due to the '+' prefix.
+
+ +secretaries	ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
+
+Users in the B<secretaries> netgroup need to help manage the printers
+as well as add and remove users, so they are allowed to run those
+commands on all machines.
+
+ fred		ALL = (DB) NOPASSWD: ALL
+
+The user B<fred> can run commands as any user in the I<DB> C<Runas_Alias>
+(B<oracle> or B<sybase>) without giving a password.
+
+ john		ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
+
+On the I<ALPHA> machines, user B<john> may su to anyone except root
+but he is not allowed to specify any options to the L<su(1)> command.
+
+ jen		ALL, !SERVERS = ALL
+
+The user B<jen> may run any command on any machine except for those
+in the I<SERVERS> C<Host_Alias> (master, mail, www and ns).
+
+ jill		SERVERS = /usr/bin/, !SU, !SHELLS
+
+For any machine in the I<SERVERS> C<Host_Alias>, B<jill> may run
+any commands in the directory F</usr/bin/> except for those commands
+belonging to the I<SU> and I<SHELLS> C<Cmnd_Aliases>.
+
+ steve		CSNETS = (operator) /usr/local/op_commands/
+
+The user B<steve> may run any command in the directory /usr/local/op_commands/
+but only as user operator.
+
+ matt		valkyrie = KILL
+
+On his personal workstation, valkyrie, B<matt> needs to be able to
+kill hung processes.
+
+ WEBMASTERS	www = (www) ALL, (root) /usr/bin/su www
+
+On the host www, any user in the I<WEBMASTERS> C<User_Alias> (will,
+wendy, and wim), may run any command as user www (which owns the
+web pages) or simply L<su(1)> to www.
+
+ ALL		CDROM = NOPASSWD: /sbin/umount /CDROM,\
+		/sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
+
+Any user may mount or unmount a CD-ROM on the machines in the CDROM
+C<Host_Alias> (orion, perseus, hercules) without entering a password.
+This is a bit tedious for users to type, so it is a prime candidate
+for encapsulating in a shell script.
+
+=head1 SECURITY NOTES
+
+It is generally not effective to "subtract" commands from C<ALL>
+using the '!' operator.  A user can trivially circumvent this
+by copying the desired command to a different name and then
+executing that.  For example:
+
+    bill	ALL = ALL, !SU, !SHELLS
+
+Doesn't really prevent B<bill> from running the commands listed in
+I<SU> or I<SHELLS> since he can simply copy those commands to a
+different name, or use a shell escape from an editor or other
+program.  Therefore, these kind of restrictions should be considered
+advisory at best (and reinforced by policy).
+
+Furthermore, if the I<fast_glob> option is in use, it is not possible
+to reliably negate commands where the path name includes globbing
+(aka wildcard) characters.  This is because the C library's
+L<fnmatch(3)> function cannot resolve relative paths.  While this
+is typically only an inconvenience for rules that grant privileges,
+it can result in a security issue for rules that subtract or revoke
+privileges.
+
+For example, given the following I<sudoers> entry:
+
+ john	ALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*,
+      /usr/bin/chfn [a-zA-Z0-9]*, !/usr/bin/* root
+
+User B<john> can still run C</usr/bin/passwd root> if I<fast_glob> is
+enabled by changing to F</usr/bin> and running C<./passwd root> instead.
+
+=head1 PREVENTING SHELL ESCAPES
+
+Once B<sudo> executes a program, that program is free to do whatever
+it pleases, including run other programs.  This can be a security
+issue since it is not uncommon for a program to allow shell escapes,
+which lets a user bypass B<sudo>'s access control and logging.
+Common programs that permit shell escapes include shells (obviously),
+editors, paginators, mail and terminal programs.
+
+There are two basic approaches to this problem:
+
+=over 10
+
+=item restrict
+
+Avoid giving users access to commands that allow the user to run
+arbitrary commands.  Many editors have a restricted mode where shell
+escapes are disabled, though B<sudoedit> is a better solution to
+running editors via B<sudo>.  Due to the large number of programs that
+offer shell escapes, restricting users to the set of programs that
+do not if often unworkable.
+
+=item noexec
+
+Many systems that support shared libraries have the ability to
+override default library functions by pointing an environment
+variable (usually C<LD_PRELOAD>) to an alternate shared library.
+On such systems, B<sudo>'s I<noexec> functionality can be used to
+prevent a program run by B<sudo> from executing any other programs.
+Note, however, that this applies only to native dynamically-linked
+executables.  Statically-linked executables and foreign executables
+running under binary emulation are not affected.
+
+To tell whether or not B<sudo> supports I<noexec>, you can run
+the following as root:
+
+    sudo -V | grep "dummy exec"
+
+If the resulting output contains a line that begins with:
+
+    File containing dummy exec functions:
+
+then B<sudo> may be able to replace the exec family of functions
+in the standard library with its own that simply return an error.
+Unfortunately, there is no foolproof way to know whether or not
+I<noexec> will work at compile-time.  I<noexec> should work on
+SunOS, Solaris, *BSD, Linux, IRIX, Tru64 UNIX, MacOS X, and HP-UX
+11.x.  It is known B<not> to work on AIX and UnixWare.  I<noexec>
+is expected to work on most operating systems that support the
+C<LD_PRELOAD> environment variable.  Check your operating system's
+manual pages for the dynamic linker (usually ld.so, ld.so.1, dyld,
+dld.sl, rld, or loader) to see if C<LD_PRELOAD> is supported.
+
+To enable I<noexec> for a command, use the C<NOEXEC> tag as documented
+in the User Specification section above.  Here is that example again:
+
+ aaron	shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
+
+This allows user B<aaron> to run F</usr/bin/more> and F</usr/bin/vi>
+with I<noexec> enabled.  This will prevent those two commands from
+executing other commands (such as a shell).  If you are unsure
+whether or not your system is capable of supporting I<noexec> you
+can always just try it out and see if it works.
+
+=back
+
+Note that restricting shell escapes is not a panacea.  Programs
+running as root are still capable of many potentially hazardous
+operations (such as changing or overwriting files) that could lead
+to unintended privilege escalation.  In the specific case of an
+editor, a safer approach is to give the user permission to run
+B<sudoedit>.
+
+=head1 SEE ALSO
+
+L<rsh(1)>, L<su(1)>, L<fnmatch(3)>, L<glob(3)>, L<sudo(8)>, L<visudo(8)>
+
+=head1 CAVEATS
+
+The I<sudoers> file should B<always> be edited by the B<visudo>
+command which locks the file and does grammatical checking. It is
+imperative that I<sudoers> be free of syntax errors since B<sudo>
+will not run with a syntactically incorrect I<sudoers> file.
+
+When using netgroups of machines (as opposed to users), if you
+store fully qualified host name in the netgroup (as is usually the
+case), you either need to have the machine's host name be fully qualified
+as returned by the C<hostname> command or use the I<fqdn> option in
+I<sudoers>.
+
+=head1 BUGS
+
+If you feel you have found a bug in B<sudo>, please submit a bug report
+at http://www.sudo.ws/sudo/bugs/
+
+=head1 SUPPORT
+
+Limited free support is available via the sudo-users mailing list,
+see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
+search the archives.
+
+=head1 DISCLAIMER
+
+B<sudo> is provided ``AS IS'' and any express or implied warranties,
+including, but not limited to, the implied warranties of merchantability
+and fitness for a particular purpose are disclaimed.  See the LICENSE
+file distributed with B<sudo> or http://www.sudo.ws/sudo/license.html
+for complete details.
diff --git a/sudo-1.7.4p4/sudoers2ldif b/sudo-1.7.4p4/sudoers2ldif
new file mode 100644
index 0000000..0fe0ad1
--- /dev/null
+++ b/sudo-1.7.4p4/sudoers2ldif
@@ -0,0 +1,132 @@
+#!/usr/bin/env perl
+use strict;
+
+#
+# Converts a sudoers file to LDIF format in prepration for loading into
+# the LDAP server.
+#
+
+# BUGS:
+#   Does not yet handle multiple lines with : in them
+#   Does not yet remove quotation marks from options
+#   Does not yet escape + at the beginning of a dn
+#   Does not yet handle line wraps correctly
+#   Does not yet handle multiple roles with same name (needs tiebreaker)
+#
+# CAVEATS:
+#   Sudoers entries can have multiple RunAs entries that override former ones,
+#	with LDAP sudoRunAs{Group,User} applies to all commands in a sudoRole
+
+my %RA;
+my %UA;
+my %HA;
+my %CA;
+my $base=$ENV{SUDOERS_BASE} or die "$0: Container SUDOERS_BASE undefined\n";
+my @options=();
+
+my $did_defaults=0;
+
+# parse sudoers one line at a time
+while (<>){
+
+  # remove comment
+  s/#.*//;
+
+  # line continuation
+  $_.=<> while s/\\\s*$//s;
+
+  # cleanup newline
+  chomp;
+
+  # ignore blank lines
+  next if /^\s*$/;
+
+  if (/^Defaults\s+/i) {
+    my $opt=$';
+    $opt=~s/\s+$//; # remove trailing whitespace
+    push @options,$opt;
+  } elsif (/^(\S+)\s+(.+)=\s*(.*)/) {
+
+    # Aliases or Definitions
+    my ($p1,$p2,$p3)=($1,$2,$3);
+    $p2=~s/\s+$//; # remove trailing whitespace
+    $p3=~s/\s+$//; # remove trailing whitespace
+
+    if ($p1 eq "User_Alias") {
+      $UA{$p2}=$p3;
+    } elsif ($p1 eq "Runas_Alias") {
+      $RA{$p2}=$p3;
+    } elsif ($p1 eq "Host_Alias") {
+      $HA{$p2}=$p3;
+    } elsif ($p1 eq "Cmnd_Alias") {
+      $CA{$p2}=$p3;
+    } else {
+      if (!$did_defaults++){
+        # do this once
+        print "dn: cn=defaults,$base\n";
+        print "objectClass: top\n";
+        print "objectClass: sudoRole\n";
+        print "cn: defaults\n";
+     print "description: Default sudoOption's go here\n";
+        print "sudoOption: $_\n" foreach @options;
+        print "\n";
+      }
+      # Definition
+      my @users=split /\s*,\s*/,$p1;
+      my @hosts=split /\s*,\s*/,$p2;
+      my @cmds= split /\s*,\s*/,$p3;
+      @options=();
+      print "dn: cn=$users[0],$base\n";
+      print "objectClass: top\n";
+      print "objectClass: sudoRole\n";
+      print "cn: $users[0]\n";
+      # will clobber options
+      print "sudoUser: $_\n"   foreach expand(\%UA,@users);
+      print "sudoHost: $_\n"   foreach expand(\%HA,@hosts);
+      foreach (@cmds) {
+	if (s/^\(([^\)]+)\)\s*//) {
+	  my @runas = split(/:\s*/, $1);
+	  if (defined($runas[0])) {
+	    print "sudoRunAsUser: $_\n" foreach expand(\%RA, split(/,\s*/, $runas[0]));
+	  }
+	  if (defined($runas[1])) {
+	    print "sudoRunAsGroup: $_\n" foreach expand(\%RA, split(/,\s*/, $runas[1]));
+	  }
+	}
+      }
+      print "sudoCommand: $_\n" foreach expand(\%CA,@cmds);
+      print "sudoOption: $_\n" foreach @options;
+      print "\n";
+    }
+
+  } else {
+    print "parse error: $_\n";
+  }
+
+}
+
+#
+# recursively expand hash elements
+sub expand{
+  my $ref=shift;
+  my @a=();
+
+  # preen the line a little
+  foreach (@_){
+    # if NOPASSWD: directive found, mark entire entry as not requiring
+    s/NOPASSWD:\s*// && push @options,"!authenticate";
+    s/PASSWD:\s*// && push @options,"authenticate";
+    s/NOEXEC:\s*// && push @options,"noexec";
+    s/EXEC:\s*// && push @options,"!noexec";
+    s/SETENV:\s*// && push @options,"setenv";
+    s/NOSETENV:\s*// && push @options,"!setenv";
+    s/\w+://; # silently remove other directives
+    s/\s+$//; # right trim
+  }
+
+  # do the expanding
+  push @a,$ref->{$_} ? expand($ref,split /\s*,\s*/,$ref->{$_}):$_ foreach @_;
+  @a;
+}
+
+
diff --git a/sudo-1.7.4p4/sudoreplay.c b/sudo-1.7.4p4/sudoreplay.c
new file mode 100644
index 0000000..58b8639
--- /dev/null
+++ b/sudo-1.7.4p4/sudoreplay.c
@@ -0,0 +1,958 @@
+/*
+ * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/wait.h>
+#include <sys/ioctl.h>
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif /* HAVE_SYS_SELECT_H */
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+#  include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+#ifndef HAVE_TIMESPEC
+# include <emul/timespec.h>
+#endif
+#include <ctype.h>
+#include <errno.h>
+#include <limits.h>
+#include <fcntl.h>
+#ifdef HAVE_DIRENT_H
+# include <dirent.h>
+# define NAMLEN(dirent) strlen((dirent)->d_name)
+#else
+# define dirent direct
+# define NAMLEN(dirent) (dirent)->d_namlen
+# ifdef HAVE_SYS_NDIR_H
+#  include <sys/ndir.h>
+# endif
+# ifdef HAVE_SYS_DIR_H
+#  include <sys/dir.h>
+# endif
+# ifdef HAVE_NDIR_H
+#  include <ndir.h>
+# endif
+#endif
+#ifdef HAVE_REGCOMP
+# include <regex.h>
+#endif
+#ifdef HAVE_ZLIB_H
+# include <zlib.h>
+#endif
+#ifdef HAVE_SETLOCALE
+# include <locale.h>
+#endif
+#include <signal.h>
+
+#include <pathnames.h>
+
+#include "compat.h"
+#include "alloc.h"
+#include "error.h"
+#include "missing.h"
+
+#ifndef LINE_MAX
+# define LINE_MAX 2048
+#endif
+
+/* Must match the defines in iolog.c */
+#define IOFD_STDIN      0
+#define IOFD_STDOUT     1
+#define IOFD_STDERR     2
+#define IOFD_TTYIN      3
+#define IOFD_TTYOUT     4
+#define IOFD_TIMING     5
+#define IOFD_MAX        6
+
+/* Bitmap of iofds to be replayed */
+unsigned int replay_filter = (1 << IOFD_STDOUT) | (1 << IOFD_STDERR) |
+			     (1 << IOFD_TTYOUT);
+
+/* For getopt(3) */
+extern char *optarg;
+extern int optind;
+
+int Argc;
+char **Argv;
+
+union io_fd {
+    FILE *f;
+#ifdef HAVE_ZLIB_H
+    gzFile g;
+#endif
+    void *v;
+};
+
+/*
+ * Info present in the I/O log file
+ */
+struct log_info {
+    char *cwd;
+    char *user;
+    char *runas_user;
+    char *runas_group;
+    char *tty;
+    char *cmd;
+    time_t tstamp;
+};
+
+/*
+ * Handle expressions like:
+ * ( user millert or user root ) and tty console and command /bin/sh
+ */
+struct search_node {
+    struct search_node *next;
+#define ST_EXPR		1
+#define ST_TTY		2
+#define ST_USER		3
+#define ST_PATTERN	4
+#define ST_RUNASUSER	5
+#define ST_RUNASGROUP	6
+#define ST_FROMDATE	7
+#define ST_TODATE	8
+#define ST_CWD		9
+    char type;
+    char negated;
+    char or;
+    char pad;
+    union {
+#ifdef HAVE_REGCOMP
+	regex_t cmdre;
+#endif
+	time_t tstamp;
+	char *cwd;
+	char *tty;
+	char *user;
+	char *pattern;
+	char *runas_group;
+	char *runas_user;
+	struct search_node *expr;
+	void *ptr;
+    } u;
+} *search_expr;
+
+#define STACK_NODE_SIZE	32
+static struct search_node *node_stack[32];
+static int stack_top;
+
+static const char *session_dir = _PATH_SUDO_IO_LOGDIR;
+
+static union io_fd io_fds[IOFD_MAX];
+static const char *io_fnames[IOFD_MAX] = {
+    "/stdin",
+    "/stdout",
+    "/stderr",
+    "/ttyin",
+    "/ttyout",
+    "/timing"
+};
+
+extern time_t get_date __P((char *));
+extern char *get_timestr __P((time_t, int));
+extern int term_raw __P((int, int));
+extern int term_restore __P((int, int));
+extern void zero_bytes __P((volatile void *, size_t));
+void cleanup __P((int));
+
+static int list_sessions __P((int, char **, const char *, const char *, const char *));
+static int parse_expr __P((struct search_node **, char **));
+static void check_input __P((int, double *));
+static void delay __P((double));
+static void usage __P((void));
+static void *open_io_fd __P((char *pathbuf, int len, const char *suffix));
+static int parse_timing __P((const char *buf, const char *decimal, int *idx, double *seconds, size_t *nbytes));
+
+#ifdef HAVE_REGCOMP
+# define REGEX_T	regex_t
+#else
+# define REGEX_T	char
+#endif
+
+#define VALID_ID(s) (isalnum((unsigned char)(s)[0]) && \
+    isalnum((unsigned char)(s)[1]) && isalnum((unsigned char)(s)[2]) && \
+    isalnum((unsigned char)(s)[3]) && isalnum((unsigned char)(s)[4]) && \
+    isalnum((unsigned char)(s)[5]) && (s)[6] == '\0')
+
+int
+main(argc, argv)
+    int argc;
+    char *argv[];
+{
+    int ch, idx, plen, nready, interactive = 0, listonly = 0;
+    const char *id, *user = NULL, *pattern = NULL, *tty = NULL, *decimal = ".";
+    char path[PATH_MAX], buf[LINE_MAX], *cp, *ep;
+    double seconds, to_wait, speed = 1.0, max_wait = 0;
+    FILE *lfile;
+    fd_set *fdsw;
+    sigaction_t sa;
+    size_t len, nbytes, nread, off;
+    ssize_t nwritten;
+
+    Argc = argc;
+    Argv = argv;
+
+#ifdef HAVE_SETLOCALE
+    setlocale(LC_ALL, "");
+    decimal = localeconv()->decimal_point;
+#endif
+
+    while ((ch = getopt(argc, argv, "d:f:lm:s:V")) != -1) {
+	switch(ch) {
+	case 'd':
+	    session_dir = optarg;
+	    break;
+	case 'f':
+	    /* Set the replay filter. */
+	    replay_filter = 0;
+	    for (cp = strtok(optarg, ","); cp; cp = strtok(NULL, ",")) {
+		if (strcmp(cp, "stdout") == 0)
+		    SET(replay_filter, 1 << IOFD_STDOUT);
+		else if (strcmp(cp, "stderr") == 0)
+		    SET(replay_filter, 1 << IOFD_STDERR);
+		else if (strcmp(cp, "ttyout") == 0)
+		    SET(replay_filter, 1 << IOFD_TTYOUT);
+		else
+		    errorx(1, "invalid filter option: %s", optarg);
+	    }
+	    break;
+	case 'l':
+	    listonly = 1;
+	    break;
+	case 'm':
+	    errno = 0;
+	    max_wait = strtod(optarg, &ep);
+	    if (*ep != '\0' || errno != 0)
+		errorx(1, "invalid max wait: %s", optarg);
+	    break;
+	case 's':
+	    errno = 0;
+	    speed = strtod(optarg, &ep);
+	    if (*ep != '\0' || errno != 0)
+		errorx(1, "invalid speed factor: %s", optarg);
+	    break;
+	case 'V':
+	    (void) printf("%s version %s\n", getprogname(), PACKAGE_VERSION);
+	    exit(0);
+	default:
+	    usage();
+	    /* NOTREACHED */
+	}
+
+    }
+    argc -= optind;
+    argv += optind;
+
+    if (listonly)
+	exit(list_sessions(argc, argv, pattern, user, tty));
+
+    if (argc != 1)
+	usage();
+
+    /* 6 digit ID in base 36, e.g. 01G712AB */
+    id = argv[0];
+    if (!VALID_ID(id))
+	errorx(1, "invalid ID %s", id);
+
+    plen = snprintf(path, sizeof(path), "%s/%.2s/%.2s/%.2s/timing",
+	session_dir, id, &id[2], &id[4]);
+    if (plen <= 0 || plen >= sizeof(path))
+	errorx(1, "%s/%.2s/%.2s/%.2s/%.2s/timing: %s", session_dir,
+	    id, &id[2], &id[4], strerror(ENAMETOOLONG));
+    plen -= 7;
+
+    /* Open files for replay, applying replay filter for the -f flag. */
+    for (idx = 0; idx < IOFD_MAX; idx++) {
+	if (ISSET(replay_filter, 1 << idx) || idx == IOFD_TIMING) {
+	    io_fds[idx].v = open_io_fd(path, plen, io_fnames[idx]);
+	    if (io_fds[idx].v == NULL)
+		error(1, "unable to open %s", path);
+	}
+    }
+
+    /* Read log file. */
+    path[plen] = '\0';
+    strlcat(path, "/log", sizeof(path));
+    lfile = fopen(path, "r");
+    if (lfile == NULL)
+	error(1, "unable to open %s", path);
+    cp = NULL;
+    len = 0;
+    getline(&cp, &len, lfile); /* log */
+    getline(&cp, &len, lfile); /* cwd */
+    getline(&cp, &len, lfile); /* command */
+    printf("Replaying sudo session: %s", cp);
+    free(cp);
+    fclose(lfile);
+
+    fflush(stdout);
+    zero_bytes(&sa, sizeof(sa));
+    sigemptyset(&sa.sa_mask);
+    sa.sa_flags = SA_RESETHAND;
+    sa.sa_handler = cleanup;
+    (void) sigaction(SIGINT, &sa, NULL);
+    (void) sigaction(SIGKILL, &sa, NULL);
+    (void) sigaction(SIGTERM, &sa, NULL);
+    (void) sigaction(SIGHUP, &sa, NULL);
+    sa.sa_flags = SA_RESTART;
+    sa.sa_handler = SIG_IGN;
+    (void) sigaction(SIGTSTP, &sa, NULL);
+    (void) sigaction(SIGQUIT, &sa, NULL);
+
+    /* XXX - read user input from /dev/tty and set STDOUT to raw if not a pipe */
+    /* Set stdin to raw mode if it is a tty */
+    interactive = isatty(STDIN_FILENO);
+    if (interactive) {
+	ch = fcntl(STDIN_FILENO, F_GETFL, 0);
+	if (ch != -1)
+	    (void) fcntl(STDIN_FILENO, F_SETFL, ch | O_NONBLOCK);
+	if (!term_raw(STDIN_FILENO, 1))
+	    error(1, "cannot set tty to raw mode");
+    }
+    fdsw = (fd_set *)emalloc2(howmany(STDOUT_FILENO + 1, NFDBITS),
+	sizeof(fd_mask));
+
+    /*
+     * Timing file consists of line of the format: "%f %d\n"
+     */
+#ifdef HAVE_ZLIB_H
+    while (gzgets(io_fds[IOFD_TIMING].g, buf, sizeof(buf)) != NULL) {
+#else
+    while (fgets(buf, sizeof(buf), io_fds[IOFD_TIMING].f) != NULL) {
+#endif
+	if (!parse_timing(buf, decimal, &idx, &seconds, &nbytes))
+	    errorx(1, "invalid timing file line: %s", buf);
+
+	if (interactive)
+	    check_input(STDIN_FILENO, &speed);
+
+	/* Adjust delay using speed factor and clamp to max_wait */
+	to_wait = seconds / speed;
+	if (max_wait && to_wait > max_wait)
+	    to_wait = max_wait;
+	delay(to_wait);
+
+	/* Even if we are not relaying, we still have to delay. */
+	if (io_fds[idx].v == NULL)
+	    continue;
+
+	/* All output is sent to stdout. */
+	while (nbytes != 0) {
+	    if (nbytes > sizeof(buf))
+		len = sizeof(buf);
+	    else
+		len = nbytes;
+#ifdef HAVE_ZLIB_H
+	    nread = gzread(io_fds[idx].g, buf, len);
+#else
+	    nread = fread(buf, 1, len, io_fds[idx].f);
+#endif
+	    nbytes -= nread;
+	    off = 0;
+	    do {
+		/* no stdio, must be unbuffered */
+		nwritten = write(STDOUT_FILENO, buf + off, nread - off);
+		if (nwritten == -1) {
+		    if (errno == EINTR)
+			continue;
+		    if (errno == EAGAIN) {
+			FD_SET(STDOUT_FILENO, fdsw);
+			do {
+			    nready = select(STDOUT_FILENO + 1, NULL, fdsw, NULL, NULL);
+			} while (nready == -1 && errno == EINTR);
+			if (nready == 1)
+			    continue;
+		    }
+		    error(1, "writing to standard output");
+		}
+		off += nwritten;
+	    } while (nread > off);
+	}
+    }
+    term_restore(STDIN_FILENO, 1);
+    exit(0);
+}
+
+static void
+delay(secs)
+    double secs;
+{
+    struct timespec ts, rts;
+    int rval;
+
+    /*
+     * Typical max resolution is 1/HZ but we can't portably check that.
+     * If the interval is small enough, just ignore it.
+     */
+    if (secs < 0.0001)
+	return;
+
+    rts.tv_sec = secs;
+    rts.tv_nsec = (secs - (double) rts.tv_sec) * 1000000000.0;
+    do {
+      memcpy(&ts, &rts, sizeof(ts));
+      rval = nanosleep(&ts, &rts);
+    } while (rval == -1 && errno == EINTR);
+    if (rval == -1)
+	error(1, "nanosleep: tv_sec %ld, tv_nsec %ld", ts.tv_sec, ts.tv_nsec);
+}
+
+static void *
+open_io_fd(path, len, suffix)
+    char *path;
+    int len;
+    const char *suffix;
+{
+    path[len] = '\0';
+    strlcat(path, suffix, PATH_MAX);
+
+#ifdef HAVE_ZLIB_H
+    return gzopen(path, "r");
+#else
+    return fopen(path, "r");
+#endif
+}
+
+/*
+ * Build expression list from search args
+ */
+static int
+parse_expr(headp, argv)
+    struct search_node **headp;
+    char *argv[];
+{
+    struct search_node *sn, *newsn;
+    char or = 0, not = 0, type, **av;
+
+    sn = *headp;
+    for (av = argv; *av; av++) {
+	switch (av[0][0]) {
+	case 'a': /* and (ignore) */
+	    if (strncmp(*av, "and", strlen(*av)) != 0)
+		goto bad;
+	    continue;
+	case 'o': /* or */
+	    if (strncmp(*av, "or", strlen(*av)) != 0)
+		goto bad;
+	    or = 1;
+	    continue;
+	case '!': /* negate */
+	    if (av[0][1] != '\0')
+		goto bad;
+	    not = 1;
+	    continue;
+	case 'c': /* command */
+	    if (av[0][1] == '\0')
+		errorx(1, "ambiguous expression \"%s\"", *av);
+	    if (strncmp(*av, "cwd", strlen(*av)) == 0)
+		type = ST_CWD;
+	    else if (strncmp(*av, "command", strlen(*av)) == 0)
+		type = ST_PATTERN;
+	    else
+		goto bad;
+	    break;
+	case 'f': /* from date */
+	    if (strncmp(*av, "fromdate", strlen(*av)) != 0)
+		goto bad;
+	    type = ST_FROMDATE;
+	    break;
+	case 'g': /* runas group */
+	    if (strncmp(*av, "group", strlen(*av)) != 0)
+		goto bad;
+	    type = ST_RUNASGROUP;
+	    break;
+	case 'r': /* runas user */
+	    if (strncmp(*av, "runas", strlen(*av)) != 0)
+		goto bad;
+	    type = ST_RUNASUSER;
+	    break;
+	case 't': /* tty or to date */
+	    if (av[0][1] == '\0')
+		errorx(1, "ambiguous expression \"%s\"", *av);
+	    if (strncmp(*av, "todate", strlen(*av)) == 0)
+		type = ST_TODATE;
+	    else if (strncmp(*av, "tty", strlen(*av)) == 0)
+		type = ST_TTY;
+	    else
+		goto bad;
+	    break;
+	case 'u': /* user */
+	    if (strncmp(*av, "user", strlen(*av)) != 0)
+		goto bad;
+	    type = ST_USER;
+	    break;
+	case '(': /* start sub-expression */
+	    if (av[0][1] != '\0')
+		goto bad;
+	    if (stack_top + 1 == STACK_NODE_SIZE) {
+		errorx(1, "too many parenthesized expressions, max %d",
+		    STACK_NODE_SIZE);
+	    }
+	    node_stack[stack_top++] = sn;
+	    type = ST_EXPR;
+	    break;
+	case ')': /* end sub-expression */
+	    if (av[0][1] != '\0')
+		goto bad;
+	    /* pop */
+	    if (--stack_top < 0)
+		errorx(1, "unmatched ')' in expression");
+	    if (node_stack[stack_top])
+		sn->next = node_stack[stack_top]->next;
+	    return(av - argv + 1);
+	bad:
+	default:
+	    errorx(1, "unknown search term \"%s\"", *av);
+	    /* NOTREACHED */
+	}
+
+	/* Allocate new search node */
+	newsn = emalloc(sizeof(*newsn));
+	newsn->next = NULL;
+	newsn->type = type;
+	newsn->or = or;
+	newsn->negated = not;
+	if (type == ST_EXPR) {
+	    av += parse_expr(&newsn->u.expr, av + 1);
+	} else {
+	    if (*(++av) == NULL)
+		errorx(1, "%s requires an argument", av[-1]);
+#ifdef HAVE_REGCOMP
+	    if (type == ST_PATTERN) {
+		if (regcomp(&newsn->u.cmdre, *av, REG_EXTENDED|REG_NOSUB) != 0)
+		    errorx(1, "invalid regex: %s", *av);
+	    } else
+#endif
+	    if (type == ST_TODATE || type == ST_FROMDATE) {
+		newsn->u.tstamp = get_date(*av);
+		if (newsn->u.tstamp == -1)
+		    errorx(1, "could not parse date \"%s\"", *av);
+	    } else {
+		newsn->u.ptr = *av;
+	    }
+	}
+	not = or = 0; /* reset state */
+	if (sn)
+	    sn->next = newsn;
+	else
+	    *headp = newsn;
+	sn = newsn;
+    }
+    if (stack_top)
+	errorx(1, "unmatched '(' in expression");
+    if (or)
+	errorx(1, "illegal trailing \"or\"");
+    if (not)
+	errorx(1, "illegal trailing \"!\"");
+
+    return(av - argv);
+}
+
+static int
+match_expr(head, log)
+    struct search_node *head;
+    struct log_info *log;
+{
+    struct search_node *sn;
+    int matched = 1, rc;
+
+    for (sn = head; sn; sn = sn->next) {
+	/* If we have no match, skip ahead to the next OR entry. */
+	if (!matched && !sn->or)
+	    continue;
+
+	switch (sn->type) {
+	case ST_EXPR:
+	    matched = match_expr(sn->u.expr, log);
+	    break;
+	case ST_CWD:
+	    matched = strcmp(sn->u.cwd, log->cwd) == 0;
+	    break;
+	case ST_TTY:
+	    matched = strcmp(sn->u.tty, log->tty) == 0;
+	    break;
+	case ST_RUNASGROUP:
+	    matched = strcmp(sn->u.runas_group, log->runas_group) == 0;
+	    break;
+	case ST_RUNASUSER:
+	    matched = strcmp(sn->u.runas_user, log->runas_user) == 0;
+	    break;
+	case ST_USER:
+	    matched = strcmp(sn->u.user, log->user) == 0;
+	    break;
+	case ST_PATTERN:
+#ifdef HAVE_REGCOMP
+	    rc = regexec(&sn->u.cmdre, log->cmd, 0, NULL, 0);
+	    if (rc && rc != REG_NOMATCH) {
+		char buf[BUFSIZ];
+		regerror(rc, &sn->u.cmdre, buf, sizeof(buf));
+		errorx(1, "%s", buf);
+	    }
+	    matched = rc == REG_NOMATCH ? 0 : 1;
+#else
+	    matched = strstr(log.cmd, sn->u.pattern) != NULL;
+#endif
+	    break;
+	case ST_FROMDATE:
+	    matched = log->tstamp >= sn->u.tstamp;
+	    break;
+	case ST_TODATE:
+	    matched = log->tstamp <= sn->u.tstamp;
+	    break;
+	}
+	if (sn->negated)
+	    matched = !matched;
+    }
+    return(matched);
+}
+
+static int
+list_session_dir(pathbuf, re, user, tty)
+    char *pathbuf;
+    REGEX_T *re;
+    const char *user;
+    const char *tty;
+{
+    FILE *fp;
+    DIR *d;
+    struct dirent *dp;
+    char *buf = NULL, *cmd = NULL, *cwd = NULL, idstr[7], *cp;
+    struct log_info li;
+    size_t bufsize = 0, cwdsize = 0, cmdsize = 0, plen;
+
+    plen = strlen(pathbuf);
+    d = opendir(pathbuf);
+    if (d == NULL && errno != ENOTDIR) {
+	warning("cannot opendir %s", pathbuf);
+	return(-1);
+    }
+    while ((dp = readdir(d)) != NULL) {
+	if (NAMLEN(dp) != 2 || !isalnum((unsigned char)dp->d_name[0]) ||
+	    !isalnum((unsigned char)dp->d_name[1]))
+	    continue;
+
+	/* open log file, print id and command */
+	pathbuf[plen + 0] = '/';
+	pathbuf[plen + 1] = dp->d_name[0];
+	pathbuf[plen + 2] = dp->d_name[1];
+	pathbuf[plen + 3] = '/';
+	pathbuf[plen + 4] = 'l';
+	pathbuf[plen + 5] = 'o';
+	pathbuf[plen + 6] = 'g';
+	pathbuf[plen + 7] = '\0';
+	fp = fopen(pathbuf, "r");
+	if (fp == NULL) {
+	    warning("unable to open %s", pathbuf);
+	    continue;
+	}
+
+	/*
+	 * ID file has three lines:
+	 *  1) a log info line
+	 *  2) cwd
+	 *  3) command with args
+	 */
+	if (getline(&buf, &bufsize, fp) == -1 ||
+	    getline(&cwd, &cwdsize, fp) == -1 ||
+	    getline(&cmd, &cmdsize, fp) == -1) {
+	    fclose(fp);
+	    continue;
+	}
+	fclose(fp);
+
+	/* crack the log line: timestamp:user:runas_user:runas_group:tty */
+	buf[strcspn(buf, "\n")] = '\0';
+	if ((li.tstamp = atoi(buf)) == 0)
+	    continue;
+
+	if ((cp = strchr(buf, ':')) == NULL)
+	    continue;
+	*cp++ = '\0';
+	li.user = cp;
+
+	if ((cp = strchr(cp, ':')) == NULL)
+	    continue;
+	*cp++ = '\0';
+	li.runas_user = cp;
+
+	if ((cp = strchr(cp, ':')) == NULL)
+	    continue;
+	*cp++ = '\0';
+	li.runas_group = cp;
+
+	if ((cp = strchr(cp, ':')) == NULL)
+	    continue;
+	*cp++ = '\0';
+	li.tty = cp;
+
+	cwd[strcspn(cwd, "\n")] = '\0';
+	li.cwd = cwd;
+
+	cmd[strcspn(cmd, "\n")] = '\0';
+	li.cmd = cmd;
+
+	/* Match on search expression if there is one. */
+	if (search_expr && !match_expr(search_expr, &li))
+	    continue;
+
+	/* Convert from /var/log/sudo-sessions/00/00/01 to 000001 */
+	idstr[0] = pathbuf[plen - 5];
+	idstr[1] = pathbuf[plen - 4];
+	idstr[2] = pathbuf[plen - 2];
+	idstr[3] = pathbuf[plen - 1];
+	idstr[4] = pathbuf[plen + 1];
+	idstr[5] = pathbuf[plen + 2];
+	idstr[6] = '\0';
+	printf("%s : %s : TTY=%s ; CWD=%s ; USER=%s ; ",
+	    get_timestr(li.tstamp, 1), li.user, li.tty, li.cwd, li.runas_user);
+	if (*li.runas_group)
+	    printf("GROUP=%s ; ", li.runas_group);
+	printf("TSID=%s ; COMMAND=%s\n", idstr, li.cmd);
+    }
+    return(0);
+}
+
+static int
+list_sessions(argc, argv, pattern, user, tty)
+    int argc;
+    char **argv;
+    const char *pattern;
+    const char *user;
+    const char *tty;
+{
+    DIR *d1, *d2;
+    struct dirent *dp1, *dp2;
+    REGEX_T rebuf, *re = NULL;
+    size_t sdlen;
+    char pathbuf[PATH_MAX];
+
+    /* Parse search expression if present */
+    parse_expr(&search_expr, argv);
+
+    d1 = opendir(session_dir);
+    if (d1 == NULL)
+	error(1, "unable to open %s", session_dir);
+
+#ifdef HAVE_REGCOMP
+    /* optional regex */
+    if (pattern) {
+	re = &rebuf;
+	if (regcomp(re, pattern, REG_EXTENDED|REG_NOSUB) != 0)
+	    errorx(1, "invalid regex: %s", pattern);
+    }
+#else
+    re = (char *) pattern;
+#endif /* HAVE_REGCOMP */
+
+    sdlen = strlcpy(pathbuf, session_dir, sizeof(pathbuf));
+    if (sdlen + sizeof("/00/00/00/log") >= sizeof(pathbuf)) {
+	errno = ENAMETOOLONG;
+	error(1, "%s/00/00/00/log", session_dir);
+    }
+
+    /*
+     * Three levels of directory, e.g. 00/00/00 .. ZZ/ZZ/ZZ
+     * We do a depth-first traversal.
+     */
+    while ((dp1 = readdir(d1)) != NULL) {
+	if (NAMLEN(dp1) != 2 || !isalnum((unsigned char)dp1->d_name[0]) ||
+	    !isalnum((unsigned char)dp1->d_name[1]))
+	    continue;
+
+	pathbuf[sdlen + 0] = '/';
+	pathbuf[sdlen + 1] = dp1->d_name[0];
+	pathbuf[sdlen + 2] = dp1->d_name[1];
+	pathbuf[sdlen + 3] = '\0';
+	d2 = opendir(pathbuf);
+	if (d2 == NULL)
+	    continue;
+
+	while ((dp2 = readdir(d2)) != NULL) {
+	    if (NAMLEN(dp2) != 2 || !isalnum((unsigned char)dp2->d_name[0]) ||
+		!isalnum((unsigned char)dp2->d_name[1]))
+		continue;
+
+	    pathbuf[sdlen + 3] = '/';
+	    pathbuf[sdlen + 4] = dp2->d_name[0];
+	    pathbuf[sdlen + 5] = dp2->d_name[1];
+	    pathbuf[sdlen + 6] = '\0';
+	    list_session_dir(pathbuf, re, user, tty);
+	}
+	closedir(d2);
+    }
+    closedir(d1);
+    return(0);
+}
+
+/*
+ * Check input for ' ', '<', '>'
+ * pause, slow, fast
+ */
+static void
+check_input(ttyfd, speed)
+    int ttyfd;
+    double *speed;
+{
+    fd_set *fdsr;
+    int nready, paused = 0;
+    struct timeval tv;
+    char ch;
+    ssize_t n;
+
+    fdsr = (fd_set *)emalloc2(howmany(ttyfd + 1, NFDBITS), sizeof(fd_mask));
+
+    for (;;) {
+	FD_SET(ttyfd, fdsr);
+	tv.tv_sec = 0;
+	tv.tv_usec = 0;
+
+	nready = select(ttyfd + 1, fdsr, NULL, NULL, paused ? NULL : &tv);
+	if (nready != 1)
+	    break;
+	n = read(ttyfd, &ch, 1);
+	if (n == 1) {
+	    if (paused) {
+		paused = 0;
+		continue;
+	    }
+	    switch (ch) {
+	    case ' ':
+		paused = 1;
+		break;
+	    case '<':
+		*speed /= 2;
+		break;
+	    case '>':
+		*speed *= 2;
+		break;
+	    }
+	}
+    }
+    free(fdsr);
+}
+
+/*
+ * Parse a timing line, which is formatted as:
+ *	index sleep_time num_bytes
+ * Where index is IOFD_*, sleep_time is the number of seconds to sleep
+ * before writing the data and num_bytes is the number of bytes to output.
+ * Returns 1 on success and 0 on failure.
+ */
+static int
+parse_timing(buf, decimal, idx, seconds, nbytes)
+    const char *buf;
+    const char *decimal;
+    int *idx;
+    double *seconds;
+    size_t *nbytes;
+{
+    unsigned long ul;
+    long l;
+    double d, fract = 0;
+    char *cp, *ep;
+
+    /* Parse index */
+    ul = strtoul(buf, &ep, 10);
+    if (ul > IOFD_MAX)
+	goto bad;
+    *idx = (int)ul;
+    for (cp = ep + 1; isspace((unsigned char) *cp); cp++)
+	continue;
+
+    /*
+     * Parse number of seconds.  Sudo logs timing data in the C locale
+     * but this may not match the current locale so we cannot use strtod().
+     * Furthermore, sudo < 1.7.4 logged with the user's locale so we need
+     * to be able to parse those logs too.
+     */
+    errno = 0;
+    l = strtol(cp, &ep, 10);
+    if ((errno == ERANGE && (l == LONG_MAX || l == LONG_MIN)) ||
+	l < 0 || l > INT_MAX ||
+	(*ep != '.' && strncmp(ep, decimal, strlen(decimal)) != 0)) {
+	goto bad;
+    }
+    *seconds = (double)l;
+    cp = ep + (*ep == '.' ? 1 : strlen(decimal));
+    d = 10.0;
+    while (isdigit((unsigned char) *cp)) {
+	fract += (*cp - '0') / d;
+	d *= 10;
+	cp++;
+    }
+    *seconds += fract;
+    while (isspace((unsigned char) *cp))
+	cp++;
+
+    errno = 0;
+    ul = strtoul(cp, &ep, 10);
+    if (errno == ERANGE && ul == ULONG_MAX)
+	goto bad;
+    *nbytes = (size_t)ul;
+
+    return 1;
+bad:
+    return 0;
+}
+
+static void
+usage()
+{
+    fprintf(stderr,
+	"usage: %s [-d directory] [-m max_wait] [-s speed_factor] ID\n",
+	getprogname());
+    fprintf(stderr,
+	"usage: %s [-d directory] -l [search expression]\n",
+	getprogname());
+    exit(1);
+}
+
+/*
+ * Cleanup hook for error()/errorx()
+  */
+void
+cleanup(signo)
+    int signo;
+{
+    term_restore(STDIN_FILENO, 0);
+    if (signo)
+	kill(getpid(), signo);
+}
diff --git a/sudo-1.7.4p4/sudoreplay.cat b/sudo-1.7.4p4/sudoreplay.cat
new file mode 100644
index 0000000..9c03469
--- /dev/null
+++ b/sudo-1.7.4p4/sudoreplay.cat
@@ -0,0 +1,330 @@
+
+
+
+SUDOREPLAY(1m)         MAINTENANCE COMMANDS        SUDOREPLAY(1m)
+
+
+NNAAMMEE
+       sudoreplay - replay sudo session logs
+
+SSYYNNOOPPSSIISS
+       ssuuddoorreeppllaayy [--dd _d_i_r_e_c_t_o_r_y] [--ff _f_i_l_t_e_r] [--mm _m_a_x___w_a_i_t] [--ss _s_p_e_e_d___f_a_c_t_o_r]
+       ID
+
+       ssuuddoorreeppllaayy [--dd _d_i_r_e_c_t_o_r_y] -l [search expression]
+
+DDEESSCCRRIIPPTTIIOONN
+       ssuuddoorreeppllaayy plays back or lists the session logs created by ssuuddoo.  When
+       replaying, ssuuddoorreeppllaayy can play the session back in real-time, or the
+       playback speed may be adjusted (faster or slower) based on the command
+       line options.  The _I_D should be a six character sequence of digits and
+       upper case letters, e.g.  0100A5, which is logged by ssuuddoo when a
+       command is run with session logging enabled.
+
+       In list mode, ssuuddoorreeppllaayy can be used to find the ID of a session based
+       on a number of criteria such as the user, tty or command run.
+
+       In replay mode, if the standard output has not been redirected,
+       ssuuddoorreeppllaayy will act on the following keys:
+
+       ' ' (space)
+               Pause output; press any key to resume.
+
+       '<'     Reduce the playback speed by one half.
+
+       '>'     Double the playback speed.
+
+OOPPTTIIOONNSS
+       ssuuddoorreeppllaayy accepts the following command line options:
+
+       -d _d_i_r_e_c_t_o_r_y
+                   Use _d_i_r_e_c_t_o_r_y to for the session logs instead of the
+                   default, _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o.
+
+       -f _f_i_l_t_e_r   By default, ssuuddoorreeppllaayy will play back the command's
+                   standard output, standard error and tty output.  The _-_f
+                   option can be used to select which of these to output.  The
+                   _f_i_l_t_e_r argument is a comma-separated list, consisting of
+                   one or more of following: _s_t_d_o_u_t, _s_t_d_e_r_r, and _t_t_y_o_u_t.
+
+       -l          Enable "list mode".  In this mode, ssuuddoorreeppllaayy will list
+                   available session IDs.  If a _s_e_a_r_c_h _e_x_p_r_e_s_s_i_o_n is
+                   specified, it will be used to restrict the IDs that are
+                   displayed.  An expression is composed of the following
+                   predicates:
+
+                   command _c_o_m_m_a_n_d _p_a_t_t_e_r_n
+                           Evaluates to true if the command run matches
+                           _c_o_m_m_a_n_d _p_a_t_t_e_r_n.  On systems with POSIX regular
+                           expression support, the pattern may be an extended
+                           regular expression.  On systems without POSIX
+
+
+
+1.7.4                     July 12, 2010                         1
+
+
+
+
+
+SUDOREPLAY(1m)         MAINTENANCE COMMANDS        SUDOREPLAY(1m)
+
+
+                           regular expression support, a simple substring
+                           match is performed instead.
+
+                   cwd _d_i_r_e_c_t_o_r_y
+                           Evaluates to true if the command was run with the
+                           specified current working directory.
+
+                   fromdate _d_a_t_e
+                           Evaluates to true if the command was run on or
+                           after _d_a_t_e.  See "Date and time format" for a
+                           description of supported date and time formats.
+
+                   group _r_u_n_a_s___g_r_o_u_p
+                           Evaluates to true if the command was run with the
+                           specified _r_u_n_a_s___g_r_o_u_p.  Note that unless a
+                           _r_u_n_a_s___g_r_o_u_p was explicitly specified when ssuuddoo was
+                           run this field will be empty in the log.
+
+                   runas _r_u_n_a_s___u_s_e_r
+                           Evaluates to true if the command was run as the
+                           specified _r_u_n_a_s___u_s_e_r.  Note that ssuuddoo runs commands
+                           as user _r_o_o_t by default.
+
+                   todate _d_a_t_e
+                           Evaluates to true if the command was run on or
+                           prior to _d_a_t_e.  See "Date and time format" for a
+                           description of supported date and time formats.
+
+                   tty _t_t_y Evaluates to true if the command was run on the
+                           specified terminal device.  The _t_t_y should be
+                           specified without the _/_d_e_v_/ prefix, e.g.  _t_t_y_0_1
+                           instead of _/_d_e_v_/_t_t_y_0_1.
+
+                   user _u_s_e_r _n_a_m_e
+                           Evaluates to true if the ID matches a command run
+                           by _u_s_e_r _n_a_m_e.
+
+                   Predicates may be abbreviated to the shortest unique string
+                   (currently all predicates may be shortened to a single
+                   character).
+
+                   Predicates may be combined using _a_n_d, _o_r and _! operators as
+                   well as '(' and ')' for grouping (note that parentheses
+                   must generally be escaped from the shell).  The _a_n_d
+                   operator is optional, adjacent predicates have an implied
+                   _a_n_d unless separated by an _o_r.
+
+       -m _m_a_x___w_a_i_t Specify an upper bound on how long to wait between key
+                   presses or output data.  By default, ssuuddoo__rreeppllaayy will
+                   accurately reproduce the delays between key presses or
+                   program output.  However, this can be tedious when the
+                   session includes long pauses.  When the _-_m option is
+                   specified, ssuuddoorreeppllaayy will limit these pauses to at most
+                   _m_a_x___w_a_i_t seconds.  The value may be specified as a floating
+
+
+
+1.7.4                     July 12, 2010                         2
+
+
+
+
+
+SUDOREPLAY(1m)         MAINTENANCE COMMANDS        SUDOREPLAY(1m)
+
+
+                   point number, .e.g. _2_._5.
+
+       -s _s_p_e_e_d___f_a_c_t_o_r
+                   This option causes ssuuddoorreeppllaayy to adjust the number of
+                   seconds it will wait between key presses or program output.
+                   This can be used to slow down or speed up the display.  For
+                   example, a _s_p_e_e_d___f_a_c_t_o_r of _2 would make the output twice as
+                   fast whereas a _s_p_e_e_d___f_a_c_t_o_r of <.5> would make the output
+                   twice as slow.
+
+       -V          The --VV (version) option causes ssuuddoorreeppllaayy to print its
+                   version number and exit.
+
+   DDaattee aanndd ttiimmee ffoorrmmaatt
+       The time and date may be specified multiple ways, common formats
+       include:
+
+       HH:MM:SS am MM/DD/CCYY timezone
+               24 hour time may be used in place of am/pm.
+
+       HH:MM:SS am Month, Day Year timezone
+               24 hour time may be used in place of am/pm, and month and day
+               names may be abbreviated.  Note that month and day of the week
+               names must be specified in English.
+
+       CCYY-MM-DD HH:MM:SS
+               ISO time format
+
+       DD Month CCYY HH:MM:SS
+               The month name may be abbreviated.
+
+       Either time or date may be omitted, the am/pm and timezone are
+       optional.  If no date is specified, the current day is assumed; if no
+       time is specified, the first second of the specified date is used.  The
+       less significant parts of both time and date may also be omitted, in
+       which case zero is assumed.  For example, the following are all valid:
+
+       The following are all valid time and date specifications:
+
+       now     The current time and date.
+
+       tomorrow
+               Exactly one day from now.
+
+       yesterday
+               24 hours ago.
+
+       2 hours ago
+               2 hours ago.
+
+       next Friday
+               The first second of the next Friday.
+
+
+
+
+
+1.7.4                     July 12, 2010                         3
+
+
+
+
+
+SUDOREPLAY(1m)         MAINTENANCE COMMANDS        SUDOREPLAY(1m)
+
+
+       this week
+               The current time but the first day of the coming week.
+
+       a fortnight ago
+               The current time but 14 days ago.
+
+       10:01 am 9/17/2009
+               10:01 am, September 17, 2009.
+
+       10:01 am
+               10:01 am on the current day.
+
+       10      10:00 am on the current day.
+
+       9/17/2009
+               00:00 am, September 17, 2009.
+
+       10:01 am Sep 17, 2009
+               10:01 am, September 17, 2009.
+
+FFIILLEESS
+       _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o        The default I/O log directory.
+
+       _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_l_o_g
+                               Example session log info.
+
+       _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_s_t_d_i_n
+                               Example session standard input log.
+
+       _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_s_t_d_o_u_t
+                               Example session standard output log.
+
+       _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_s_t_d_e_r_r
+                               Example session standard error log.
+
+       _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_t_t_y_i_n
+                               Example session tty input file.
+
+       _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_t_t_y_o_u_t
+                               Example session tty output file.
+
+       _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_t_i_m_i_n_g
+                               Example session timing file.
+
+       Note that the _s_t_d_i_n, _s_t_d_o_u_t and _s_t_d_e_r_r files will be empty unless ssuuddoo
+       was used as part of a pipeline for a particular command.
+
+EEXXAAMMPPLLEESS
+       List sessions run by user _m_i_l_l_e_r_t:
+
+        sudoreplay -l user millert
+
+       List sessions run by user _b_o_b with a command containing the string vi:
+
+
+
+
+1.7.4                     July 12, 2010                         4
+
+
+
+
+
+SUDOREPLAY(1m)         MAINTENANCE COMMANDS        SUDOREPLAY(1m)
+
+
+        sudoreplay -l user bob command vi
+
+       List sessions run by user _j_e_f_f that match a regular expression:
+
+        sudoreplay -l user jeff command '/bin/[a-z]*sh'
+
+       List sessions run by jeff or bob on the console:
+
+        sudoreplay -l ( user jeff or user bob ) tty console
+
+SSEEEE AALLSSOO
+       _s_u_d_o(1m), _s_c_r_i_p_t(1)
+
+AAUUTTHHOORR
+       Todd C. Miller
+
+BBUUGGSS
+       If you feel you have found a bug in ssuuddoorreeppllaayy, please submit a bug
+       report at http://www.sudo.ws/sudo/bugs/
+
+SSUUPPPPOORRTT
+       Limited free support is available via the sudo-users mailing list, see
+       http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
+       the archives.
+
+DDIISSCCLLAAIIMMEERR
+       ssuuddoorreeppllaayy is provided ``AS IS'' and any express or implied warranties,
+       including, but not limited to, the implied warranties of
+       merchantability and fitness for a particular purpose are disclaimed.
+       See the LICENSE file distributed with ssuuddoo or
+       http://www.sudo.ws/sudo/license.html for complete details.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+1.7.4                     July 12, 2010                         5
+
+
diff --git a/sudo-1.7.4p4/sudoreplay.man.in b/sudo-1.7.4p4/sudoreplay.man.in
new file mode 100644
index 0000000..1ed044d
--- /dev/null
+++ b/sudo-1.7.4p4/sudoreplay.man.in
@@ -0,0 +1,404 @@
+.\" Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\" 
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` 
+.    ds C' 
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SUDOREPLAY @mansectsu@"
+.TH SUDOREPLAY @mansectsu@ "July 12, 2010" "1.7.4" "MAINTENANCE COMMANDS"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+sudoreplay \- replay sudo session logs
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBsudoreplay\fR [\fB\-d\fR \fIdirectory\fR] [\fB\-f\fR \fIfilter\fR] [\fB\-m\fR \fImax_wait\fR] [\fB\-s\fR \fIspeed_factor\fR] \s-1ID\s0
+.PP
+\&\fBsudoreplay\fR [\fB\-d\fR \fIdirectory\fR] \-l [search expression]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fBsudoreplay\fR plays back or lists the session logs created by
+\&\fBsudo\fR.  When replaying, \fBsudoreplay\fR can play the session back
+in real-time, or the playback speed may be adjusted (faster or
+slower) based on the command line options.  The \fI\s-1ID\s0\fR should be
+a six character sequence of digits and upper case letters, e.g.
+0100A5, which is logged by \fBsudo\fR when a command is run with
+session logging enabled.
+.PP
+In list mode, \fBsudoreplay\fR can be used to find the \s-1ID\s0 of a session
+based on a number of criteria such as the user, tty or command run.
+.PP
+In replay mode, if the standard output has not been redirected,
+\&\fBsudoreplay\fR will act on the following keys:
+.IP "' ' (space)" 8
+.IX Item "' ' (space)"
+Pause output; press any key to resume.
+.IP "'<'" 8
+Reduce the playback speed by one half.
+.IP "'>'" 8
+Double the playback speed.
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+\&\fBsudoreplay\fR accepts the following command line options:
+.IP "\-d \fIdirectory\fR" 12
+.IX Item "-d directory"
+Use \fIdirectory\fR to for the session logs instead of the default,
+\&\fI/var/log/sudo\-io\fR.
+.IP "\-f \fIfilter\fR" 12
+.IX Item "-f filter"
+By default, \fBsudoreplay\fR will play back the command's standard
+output, standard error and tty output.  The \fI\-f\fR option can be
+used to select which of these to output.  The \fIfilter\fR argument
+is a comma-separated list, consisting of one or more of following:
+\&\fIstdout\fR, \fIstderr\fR, and \fIttyout\fR.
+.IP "\-l" 12
+.IX Item "-l"
+Enable \*(L"list mode\*(R".  In this mode, \fBsudoreplay\fR will list available
+session IDs.  If a \fIsearch expression\fR is specified, it will be
+used to restrict the IDs that are displayed.  An expression is
+composed of the following predicates:
+.RS 12
+.IP "command \fIcommand pattern\fR" 8
+.IX Item "command command pattern"
+Evaluates to true if the command run matches \fIcommand pattern\fR.
+On systems with \s-1POSIX\s0 regular expression support, the pattern may
+be an extended regular expression.  On systems without \s-1POSIX\s0 regular
+expression support, a simple substring match is performed instead.
+.IP "cwd \fIdirectory\fR" 8
+.IX Item "cwd directory"
+Evaluates to true if the command was run with the specified current
+working directory.
+.IP "fromdate \fIdate\fR" 8
+.IX Item "fromdate date"
+Evaluates to true if the command was run on or after \fIdate\fR.
+See \*(L"Date and time format\*(R" for a description of supported
+date and time formats.
+.IP "group \fIrunas_group\fR" 8
+.IX Item "group runas_group"
+Evaluates to true if the command was run with the specified
+\&\fIrunas_group\fR.  Note that unless a \fIrunas_group\fR was explicitly
+specified when \fBsudo\fR was run this field will be empty in the log.
+.IP "runas \fIrunas_user\fR" 8
+.IX Item "runas runas_user"
+Evaluates to true if the command was run as the specified \fIrunas_user\fR.
+Note that \fBsudo\fR runs commands as user \fIroot\fR by default.
+.IP "todate \fIdate\fR" 8
+.IX Item "todate date"
+Evaluates to true if the command was run on or prior to \fIdate\fR.
+See \*(L"Date and time format\*(R" for a description of supported
+date and time formats.
+.IP "tty \fItty\fR" 8
+.IX Item "tty tty"
+Evaluates to true if the command was run on the specified terminal
+device.  The \fItty\fR should be specified without the \fI/dev/\fR prefix,
+e.g.  \fItty01\fR instead of \fI/dev/tty01\fR.
+.IP "user \fIuser name\fR" 8
+.IX Item "user user name"
+Evaluates to true if the \s-1ID\s0 matches a command run by \fIuser name\fR.
+.RE
+.RS 12
+.Sp
+Predicates may be abbreviated to the shortest unique string (currently
+all predicates may be shortened to a single character).
+.Sp
+Predicates may be combined using \fIand\fR, \fIor\fR and \fI!\fR operators
+as well as \f(CW\*(Aq(\*(Aq\fR and \f(CW\*(Aq)\*(Aq\fR for grouping (note that parentheses
+must generally be escaped from the shell).  The \fIand\fR operator is
+optional, adjacent predicates have an implied \fIand\fR unless separated
+by an \fIor\fR.
+.RE
+.IP "\-m \fImax_wait\fR" 12
+.IX Item "-m max_wait"
+Specify an upper bound on how long to wait between key presses or
+output data.  By default, \fBsudo_replay\fR will accurately reproduce
+the delays between key presses or program output.  However, this
+can be tedious when the session includes long pauses.  When the
+\&\fI\-m\fR option is specified, \fBsudoreplay\fR will limit these pauses
+to at most \fImax_wait\fR seconds.  The value may be specified as a
+floating point number, .e.g. \fI2.5\fR.
+.IP "\-s \fIspeed_factor\fR" 12
+.IX Item "-s speed_factor"
+This option causes \fBsudoreplay\fR to adjust the number of seconds
+it will wait between key presses or program output.  This can be
+used to slow down or speed up the display.  For example, a
+\&\fIspeed_factor\fR of \fI2\fR would make the output twice as fast whereas
+a \fIspeed_factor\fR of <.5> would make the output twice as slow.
+.IP "\-V" 12
+.IX Item "-V"
+The \fB\-V\fR (version) option causes \fBsudoreplay\fR to print its version number
+and exit.
+.SS "Date and time format"
+.IX Subsection "Date and time format"
+The time and date may be specified multiple ways, common formats include:
+.IP "\s-1HH:MM:SS\s0 am \s-1MM/DD/CCYY\s0 timezone" 8
+.IX Item "HH:MM:SS am MM/DD/CCYY timezone"
+24 hour time may be used in place of am/pm.
+.IP "\s-1HH:MM:SS\s0 am Month, Day Year timezone" 8
+.IX Item "HH:MM:SS am Month, Day Year timezone"
+24 hour time may be used in place of am/pm, and month and day names
+may be abbreviated.  Note that month and day of the week names must
+be specified in English.
+.IP "CCYY-MM-DD \s-1HH:MM:SS\s0" 8
+.IX Item "CCYY-MM-DD HH:MM:SS"
+\&\s-1ISO\s0 time format
+.IP "\s-1DD\s0 Month \s-1CCYY\s0 \s-1HH:MM:SS\s0" 8
+.IX Item "DD Month CCYY HH:MM:SS"
+The month name may be abbreviated.
+.PP
+Either time or date may be omitted, the am/pm and timezone are
+optional.  If no date is specified, the current day is assumed; if
+no time is specified, the first second of the specified date is
+used.  The less significant parts of both time and date may also
+be omitted, in which case zero is assumed.  For example, the following
+are all valid:
+.PP
+The following are all valid time and date specifications:
+.IP "now" 8
+.IX Item "now"
+The current time and date.
+.IP "tomorrow" 8
+.IX Item "tomorrow"
+Exactly one day from now.
+.IP "yesterday" 8
+.IX Item "yesterday"
+24 hours ago.
+.IP "2 hours ago" 8
+.IX Item "2 hours ago"
+2 hours ago.
+.IP "next Friday" 8
+.IX Item "next Friday"
+The first second of the next Friday.
+.IP "this week" 8
+.IX Item "this week"
+The current time but the first day of the coming week.
+.IP "a fortnight ago" 8
+.IX Item "a fortnight ago"
+The current time but 14 days ago.
+.IP "10:01 am 9/17/2009" 8
+.IX Item "10:01 am 9/17/2009"
+10:01 am, September 17, 2009.
+.IP "10:01 am" 8
+.IX Item "10:01 am"
+10:01 am on the current day.
+.IP "10" 8
+.IX Item "10"
+10:00 am on the current day.
+.IP "9/17/2009" 8
+.IX Item "9/17/2009"
+00:00 am, September 17, 2009.
+.IP "10:01 am Sep 17, 2009" 8
+.IX Item "10:01 am Sep 17, 2009"
+10:01 am, September 17, 2009.
+.SH "FILES"
+.IX Header "FILES"
+.IP "\fI/var/log/sudo\-io\fR" 24
+.IX Item "/var/log/sudo-io"
+The default I/O log directory.
+.IP "\fI/var/log/sudo\-io/00/00/01/log\fR" 24
+.IX Item "/var/log/sudo-io/00/00/01/log"
+Example session log info.
+.IP "\fI/var/log/sudo\-io/00/00/01/stdin\fR" 24
+.IX Item "/var/log/sudo-io/00/00/01/stdin"
+Example session standard input log.
+.IP "\fI/var/log/sudo\-io/00/00/01/stdout\fR" 24
+.IX Item "/var/log/sudo-io/00/00/01/stdout"
+Example session standard output log.
+.IP "\fI/var/log/sudo\-io/00/00/01/stderr\fR" 24
+.IX Item "/var/log/sudo-io/00/00/01/stderr"
+Example session standard error log.
+.IP "\fI/var/log/sudo\-io/00/00/01/ttyin\fR" 24
+.IX Item "/var/log/sudo-io/00/00/01/ttyin"
+Example session tty input file.
+.IP "\fI/var/log/sudo\-io/00/00/01/ttyout\fR" 24
+.IX Item "/var/log/sudo-io/00/00/01/ttyout"
+Example session tty output file.
+.IP "\fI/var/log/sudo\-io/00/00/01/timing\fR" 24
+.IX Item "/var/log/sudo-io/00/00/01/timing"
+Example session timing file.
+.PP
+Note that the \fIstdin\fR, \fIstdout\fR and \fIstderr\fR files will be empty
+unless \fBsudo\fR was used as part of a pipeline for a particular
+command.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+List sessions run by user \fImillert\fR:
+.PP
+.Vb 1
+\& sudoreplay \-l user millert
+.Ve
+.PP
+List sessions run by user \fIbob\fR with a command containing the string vi:
+.PP
+.Vb 1
+\& sudoreplay \-l user bob command vi
+.Ve
+.PP
+List sessions run by user \fIjeff\fR that match a regular expression:
+.PP
+.Vb 1
+\& sudoreplay \-l user jeff command \*(Aq/bin/[a\-z]*sh\*(Aq
+.Ve
+.PP
+List sessions run by jeff or bob on the console:
+.PP
+.Vb 1
+\& sudoreplay \-l ( user jeff or user bob ) tty console
+.Ve
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIsudo\fR\|(@mansectsu@), \fIscript\fR\|(1)
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Todd C. Miller
+.SH "BUGS"
+.IX Header "BUGS"
+If you feel you have found a bug in \fBsudoreplay\fR, please submit a bug report
+at http://www.sudo.ws/sudo/bugs/
+.SH "SUPPORT"
+.IX Header "SUPPORT"
+Limited free support is available via the sudo-users mailing list,
+see http://www.sudo.ws/mailman/listinfo/sudo\-users to subscribe or
+search the archives.
+.SH "DISCLAIMER"
+.IX Header "DISCLAIMER"
+\&\fBsudoreplay\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties,
+including, but not limited to, the implied warranties of merchantability
+and fitness for a particular purpose are disclaimed.  See the \s-1LICENSE\s0
+file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html
+for complete details.
diff --git a/sudo-1.7.4p4/sudoreplay.pod b/sudo-1.7.4p4/sudoreplay.pod
new file mode 100644
index 0000000..c36f913
--- /dev/null
+++ b/sudo-1.7.4p4/sudoreplay.pod
@@ -0,0 +1,341 @@
+Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+=pod
+
+=head1 NAME
+
+sudoreplay - replay sudo session logs
+
+=head1 SYNOPSIS
+
+B<sudoreplay> [B<-d> I<directory>] [B<-f> I<filter>] [B<-m> I<max_wait>] [B<-s> I<speed_factor>] ID
+
+B<sudoreplay> [B<-d> I<directory>] -l [search expression]
+
+=head1 DESCRIPTION
+
+B<sudoreplay> plays back or lists the session logs created by
+B<sudo>.  When replaying, B<sudoreplay> can play the session back
+in real-time, or the playback speed may be adjusted (faster or
+slower) based on the command line options.  The I<ID> should be
+a six character sequence of digits and upper case letters, e.g.
+0100A5, which is logged by B<sudo> when a command is run with
+session logging enabled.
+
+In list mode, B<sudoreplay> can be used to find the ID of a session
+based on a number of criteria such as the user, tty or command run.
+
+In replay mode, if the standard output has not been redirected,
+B<sudoreplay> will act on the following keys:
+
+=over 8
+
+=item ' ' (space)
+
+Pause output; press any key to resume.
+
+=item '<'
+
+Reduce the playback speed by one half.
+
+=item '>'
+
+Double the playback speed.
+
+=back
+
+=head1 OPTIONS
+
+B<sudoreplay> accepts the following command line options:
+
+=over 12
+
+=item -d I<directory>
+
+Use I<directory> to for the session logs instead of the default,
+F</var/log/sudo-io>.
+
+=item -f I<filter>
+
+By default, B<sudoreplay> will play back the command's standard
+output, standard error and tty output.  The I<-f> option can be
+used to select which of these to output.  The I<filter> argument
+is a comma-separated list, consisting of one or more of following:
+I<stdout>, I<stderr>, and I<ttyout>.
+
+=item -l
+
+Enable "list mode".  In this mode, B<sudoreplay> will list available
+session IDs.  If a I<search expression> is specified, it will be
+used to restrict the IDs that are displayed.  An expression is
+composed of the following predicates:
+
+=over 8
+
+=item command I<command pattern>
+
+Evaluates to true if the command run matches I<command pattern>.
+On systems with POSIX regular expression support, the pattern may
+be an extended regular expression.  On systems without POSIX regular
+expression support, a simple substring match is performed instead.
+
+=item cwd I<directory>
+
+Evaluates to true if the command was run with the specified current
+working directory.
+
+=item fromdate I<date>
+
+Evaluates to true if the command was run on or after I<date>.
+See L<"Date and time format"> for a description of supported
+date and time formats.
+
+=item group I<runas_group>
+
+Evaluates to true if the command was run with the specified
+I<runas_group>.  Note that unless a I<runas_group> was explicitly
+specified when B<sudo> was run this field will be empty in the log.
+
+=item runas I<runas_user>
+
+Evaluates to true if the command was run as the specified I<runas_user>.
+Note that B<sudo> runs commands as user I<root> by default.
+
+=item todate I<date>
+
+Evaluates to true if the command was run on or prior to I<date>.
+See L<"Date and time format"> for a description of supported
+date and time formats.
+
+=item tty I<tty>
+
+Evaluates to true if the command was run on the specified terminal
+device.  The I<tty> should be specified without the F</dev/> prefix,
+e.g.  F<tty01> instead of F</dev/tty01>.
+
+=item user I<user name>
+
+Evaluates to true if the ID matches a command run by I<user name>.
+
+=back
+
+Predicates may be abbreviated to the shortest unique string (currently
+all predicates may be shortened to a single character).
+
+Predicates may be combined using I<and>, I<or> and I<!> operators
+as well as C<'('> and C<')'> for grouping (note that parentheses
+must generally be escaped from the shell).  The I<and> operator is
+optional, adjacent predicates have an implied I<and> unless separated
+by an I<or>.
+
+=item -m I<max_wait>
+
+Specify an upper bound on how long to wait between key presses or
+output data.  By default, B<sudo_replay> will accurately reproduce
+the delays between key presses or program output.  However, this
+can be tedious when the session includes long pauses.  When the
+I<-m> option is specified, B<sudoreplay> will limit these pauses
+to at most I<max_wait> seconds.  The value may be specified as a
+floating point number, .e.g. I<2.5>.
+
+=item -s I<speed_factor>
+
+This option causes B<sudoreplay> to adjust the number of seconds
+it will wait between key presses or program output.  This can be
+used to slow down or speed up the display.  For example, a
+I<speed_factor> of I<2> would make the output twice as fast whereas
+a I<speed_factor> of <.5> would make the output twice as slow.
+
+=item -V
+
+The B<-V> (version) option causes B<sudoreplay> to print its version number
+and exit.
+
+=back
+
+=head2 Date and time format
+
+The time and date may be specified multiple ways, common formats include:
+
+=over 8
+
+=item HH:MM:SS am MM/DD/CCYY timezone
+
+24 hour time may be used in place of am/pm.
+
+=item HH:MM:SS am Month, Day Year timezone
+
+24 hour time may be used in place of am/pm, and month and day names
+may be abbreviated.  Note that month and day of the week names must
+be specified in English.
+
+=item CCYY-MM-DD HH:MM:SS
+
+ISO time format
+
+=item DD Month CCYY HH:MM:SS
+
+The month name may be abbreviated.
+
+=back
+
+Either time or date may be omitted, the am/pm and timezone are
+optional.  If no date is specified, the current day is assumed; if
+no time is specified, the first second of the specified date is
+used.  The less significant parts of both time and date may also
+be omitted, in which case zero is assumed.  For example, the following
+are all valid:
+
+The following are all valid time and date specifications:
+
+=over 8
+
+=item now
+
+The current time and date.
+
+=item tomorrow
+
+Exactly one day from now.
+
+=item yesterday
+
+24 hours ago.
+
+=item 2 hours ago
+
+2 hours ago.
+
+=item next Friday
+
+The first second of the next Friday.
+
+=item this week
+
+The current time but the first day of the coming week.
+
+=item a fortnight ago
+
+The current time but 14 days ago.
+
+=item 10:01 am 9/17/2009
+
+10:01 am, September 17, 2009.
+
+=item 10:01 am
+
+10:01 am on the current day.
+
+=item 10
+
+10:00 am on the current day.
+
+=item 9/17/2009
+
+00:00 am, September 17, 2009.
+
+=item 10:01 am Sep 17, 2009
+
+10:01 am, September 17, 2009.
+
+=back
+
+=head1 FILES
+
+=over 24
+
+=item F</var/log/sudo-io>
+
+The default I/O log directory.
+
+=item F</var/log/sudo-io/00/00/01/log>
+
+Example session log info.
+
+=item F</var/log/sudo-io/00/00/01/stdin>
+
+Example session standard input log.
+
+=item F</var/log/sudo-io/00/00/01/stdout>
+
+Example session standard output log.
+
+=item F</var/log/sudo-io/00/00/01/stderr>
+
+Example session standard error log.
+
+=item F</var/log/sudo-io/00/00/01/ttyin>
+
+Example session tty input file.
+
+=item F</var/log/sudo-io/00/00/01/ttyout>
+
+Example session tty output file.
+
+=item F</var/log/sudo-io/00/00/01/timing>
+
+Example session timing file.
+
+=back
+
+Note that the I<stdin>, I<stdout> and I<stderr> files will be empty
+unless B<sudo> was used as part of a pipeline for a particular
+command.
+
+=head1 EXAMPLES
+
+List sessions run by user I<millert>:
+
+ sudoreplay -l user millert
+
+List sessions run by user I<bob> with a command containing the string vi:
+
+ sudoreplay -l user bob command vi
+
+List sessions run by user I<jeff> that match a regular expression:
+
+ sudoreplay -l user jeff command '/bin/[a-z]*sh'
+
+List sessions run by jeff or bob on the console:
+
+ sudoreplay -l ( user jeff or user bob ) tty console
+
+=head1 SEE ALSO
+
+L<sudo(8)>, L<script(1)>
+
+=head1 AUTHOR
+
+Todd C. Miller
+
+=head1 BUGS
+
+If you feel you have found a bug in B<sudoreplay>, please submit a bug report
+at http://www.sudo.ws/sudo/bugs/
+
+=head1 SUPPORT
+
+Limited free support is available via the sudo-users mailing list,
+see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
+search the archives.
+
+=head1 DISCLAIMER
+
+B<sudoreplay> is provided ``AS IS'' and any express or implied warranties,
+including, but not limited to, the implied warranties of merchantability
+and fitness for a particular purpose are disclaimed.  See the LICENSE
+file distributed with B<sudo> or http://www.sudo.ws/sudo/license.html
+for complete details.
diff --git a/sudo-1.7.4p4/term.c b/sudo-1.7.4p4/term.c
new file mode 100644
index 0000000..a3cad61
--- /dev/null
+++ b/sudo-1.7.4p4/term.c
@@ -0,0 +1,267 @@
+/*
+ * Copyright (c) 2009-2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+#  include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_TERMIOS_H
+# include <termios.h>
+#else
+# ifdef HAVE_TERMIO_H
+#  include <termio.h>
+# else
+#  include <sgtty.h>
+#  include <sys/ioctl.h>
+# endif /* HAVE_TERMIO_H */
+#endif /* HAVE_TERMIOS_H */
+
+#include "sudo.h"
+
+#ifndef TCSASOFT
+# define TCSASOFT	0
+#endif
+#ifndef ECHONL
+# define ECHONL		0
+#endif
+#ifndef IEXTEN
+# define IEXTEN		0
+#endif
+#ifndef IUCLC
+# define IUCLC		0
+#endif
+
+#ifndef _POSIX_VDISABLE
+# ifdef VDISABLE
+#  define _POSIX_VDISABLE	VDISABLE
+# else
+#  define _POSIX_VDISABLE	0
+# endif
+#endif
+
+/*
+ * Compat macros for non-termios systems.
+ */
+#ifndef HAVE_TERMIOS_H
+# ifdef HAVE_TERMIO_H
+#  undef termios
+#  define termios		termio
+#  define tcgetattr(f, t)	ioctl(f, TCGETA, t)
+#  define tcsetattr(f, a, t)	ioctl(f, a, t)
+#  undef TCSAFLUSH
+#  define TCSAFLUSH		TCSETAF
+#  undef TCSADRAIN
+#  define TCSADRAIN		TCSETAW
+# else /* SGTTY */
+#  undef termios
+#  define termios		sgttyb
+#  define c_lflag		sg_flags
+#  define tcgetattr(f, t)	ioctl(f, TIOCGETP, t)
+#  define tcsetattr(f, a, t)	ioctl(f, a, t)
+#  undef TCSAFLUSH
+#  define TCSAFLUSH		TIOCSETP
+#  undef TCSADRAIN
+#  define TCSADRAIN		TIOCSETN
+# endif /* HAVE_TERMIO_H */
+#endif /* HAVE_TERMIOS_H */
+
+typedef struct termios sudo_term_t;
+
+static sudo_term_t term, oterm;
+static int changed;
+int term_erase;
+int term_kill;
+
+int
+term_restore(fd, flush)
+    int fd;
+    int flush;
+{
+    if (changed) {
+	int flags = TCSASOFT;
+	flags |= flush ? TCSAFLUSH : TCSADRAIN;
+	if (tcsetattr(fd, flags, &oterm) != 0)
+	    return(0);
+	changed = 0;
+    }
+    return(1);
+}
+
+int
+term_noecho(fd)
+    int fd;
+{
+    if (!changed && tcgetattr(fd, &oterm) != 0)
+	return(0);
+    (void) memcpy(&term, &oterm, sizeof(term));
+    CLR(term.c_lflag, ECHO|ECHONL);
+#ifdef VSTATUS
+    term.c_cc[VSTATUS] = _POSIX_VDISABLE;
+#endif
+    if (tcsetattr(fd, TCSADRAIN|TCSASOFT, &term) == 0) {
+	changed = 1;
+	return(1);
+    }
+    return(0);
+}
+
+#if defined(HAVE_TERMIOS_H) || defined(HAVE_TERMIO_H)
+
+int
+term_raw(fd, isig)
+    int fd;
+    int isig;
+{
+    struct termios term;
+
+    if (!changed && tcgetattr(fd, &oterm) != 0)
+	return(0);
+    (void) memcpy(&term, &oterm, sizeof(term));
+    /* Set terminal to raw mode */
+    term.c_cc[VMIN] = 1;
+    term.c_cc[VTIME] = 0;
+    CLR(term.c_lflag, ECHO | ECHONL | ICANON | ISIG | IEXTEN);
+    if (isig)
+	SET(term.c_lflag, ISIG);
+    CLR(term.c_iflag, ICRNL | IGNCR | INLCR | IUCLC | IXON);
+    if (tcsetattr(fd, TCSADRAIN|TCSASOFT, &term) == 0) {
+	changed = 1;
+    	return(1);
+    }
+    return(0);
+}
+
+int
+term_cbreak(fd)
+    int fd;
+{
+    if (!changed && tcgetattr(fd, &oterm) != 0)
+	return(0);
+    (void) memcpy(&term, &oterm, sizeof(term));
+    /* Set terminal to half-cooked mode */
+    term.c_cc[VMIN] = 1;
+    term.c_cc[VTIME] = 0;
+    CLR(term.c_lflag, ECHO | ECHONL | ICANON | IEXTEN);
+    SET(term.c_lflag, ISIG);
+#ifdef VSTATUS
+    term.c_cc[VSTATUS] = _POSIX_VDISABLE;
+#endif
+    if (tcsetattr(fd, TCSADRAIN|TCSASOFT, &term) == 0) {
+	term_erase = term.c_cc[VERASE];
+	term_kill = term.c_cc[VKILL];
+	changed = 1;
+	return(1);
+    }
+    return(0);
+}
+
+int
+term_copy(src, dst)
+    int src;
+    int dst;
+{
+    struct termios tt;
+
+    if (tcgetattr(src, &tt) != 0)
+	return(0);
+    /* XXX - add TCSANOW compat define */
+    if (tcsetattr(dst, TCSANOW|TCSASOFT, &tt) != 0)
+	return(0);
+    return(1);
+}
+
+#else /* SGTTY */
+
+int
+term_raw(fd, isig)
+    int fd;
+    int isig;
+{
+    if (!changed && ioctl(fd, TIOCGETP, &oterm) != 0)
+	return(0);
+    (void) memcpy(&term, &oterm, sizeof(term));
+    /* Set terminal to raw mode */
+    /* XXX - how to support isig? */
+    CLR(term.c_lflag, ECHO);
+    SET(term.sg_flags, RAW);
+    if (ioctl(fd, TIOCSETP, &term) == 0) {
+	changed = 1;
+	return(1);
+    }
+    return(0);
+}
+
+int
+term_cbreak(fd)
+    int fd;
+{
+    if (!changed && ioctl(fd, TIOCGETP, &oterm) != 0)
+	return(0);
+    (void) memcpy(&term, &oterm, sizeof(term));
+    /* Set terminal to half-cooked mode */
+    CLR(term.c_lflag, ECHO);
+    SET(term.sg_flags, CBREAK);
+    if (ioctl(fd, TIOCSETP, &term) == 0) {
+	term_erase = term.sg_erase;
+	term_kill = term.sg_kill;
+	changed = 1;
+	return(1);
+    }
+    return(0);
+}
+
+int
+term_copy(src, dst)
+    int src;
+    int dst;
+{
+    struct sgttyb b;
+    struct tchars tc;
+    struct ltchars lc;
+    int l, lb;
+
+    if (ioctl(src, TIOCGETP, &b) != 0 || ioctl(src, TIOCGETC, &tc) != 0 ||
+	ioctl(src, TIOCGETD, &l) != 0 || ioctl(src, TIOCGLTC, &lc) != 0 ||
+	ioctl(src, TIOCLGET, &lb)) {
+	return(0);
+    }
+    if (ioctl(dst, TIOCSETP, &b) != 0 || ioctl(dst, TIOCSETC, &tc) != 0 ||
+	ioctl(dst, TIOCSLTC, &lc) != 0 || ioctl(dst, TIOCLSET, &lb) != 0 ||
+	ioctl(dst, TIOCSETD, &l) != 0) {
+	return(0);
+    }
+    return(1);
+}
+
+#endif
diff --git a/sudo-1.7.4p4/testsudoers.c b/sudo-1.7.4p4/testsudoers.c
new file mode 100644
index 0000000..1bf2cd3
--- /dev/null
+++ b/sudo-1.7.4p4/testsudoers.c
@@ -0,0 +1,554 @@
+/*
+ * Copyright (c) 1996, 1998-2005, 2007-2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#define _SUDO_MAIN
+
+#include <config.h>
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#ifdef HAVE_FNMATCH
+# include <fnmatch.h>
+#endif /* HAVE_FNMATCH */
+#ifdef HAVE_NETGROUP_H
+# include <netgroup.h>
+#endif /* HAVE_NETGROUP_H */
+#include <ctype.h>
+#include <pwd.h>
+#include <grp.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
+#include "sudo.h"
+#include "interfaces.h"
+#include "parse.h"
+#include <gram.h>
+
+#ifndef HAVE_FNMATCH
+# include "emul/fnmatch.h"
+#endif /* HAVE_FNMATCH */
+
+/*
+ * Globals
+ */
+int  Argc, NewArgc;
+char **Argv, **NewArgv;
+int num_interfaces;
+struct interface *interfaces;
+struct sudo_user sudo_user;
+struct passwd *list_pw;
+extern int parse_error;
+
+/* For getopt(3) */
+extern char *optarg;
+extern int optind;
+
+#if defined(SUDO_DEVEL) && defined(__OpenBSD__)
+extern char *malloc_options;
+#endif
+#ifdef YYDEBUG
+extern int yydebug;
+#endif
+
+int  print_alias __P((void *, void *));
+void dump_sudoers __P((void));
+void print_defaults __P((void));
+void print_privilege __P((struct privilege *));
+void print_userspecs __P((void));
+void usage __P((void)) __attribute__((__noreturn__));
+void set_runasgr __P((char *));
+void set_runaspw __P((char *));
+
+extern void setgrfile __P((const char *));
+extern void setgrent __P((void));
+extern void endgrent __P((void));
+extern struct group *getgrent __P((void));
+extern struct group *getgrnam __P((const char *));
+extern struct group *getgrgid __P((gid_t));
+extern void setpwfile __P((const char *));
+extern void setpwent __P((void));
+extern void endpwent __P((void));
+extern struct passwd *getpwent __P((void));
+extern struct passwd *getpwnam __P((const char *));
+extern struct passwd *getpwuid __P((uid_t));
+
+int
+main(argc, argv)
+    int argc;
+    char **argv;
+{
+    struct cmndspec *cs;
+    struct privilege *priv;
+    struct userspec *us;
+    char *p, *grfile, *pwfile, *runas_group, *runas_user;
+    char hbuf[MAXHOSTNAMELEN + 1];
+    int ch, dflag, rval, matched;
+
+#if defined(SUDO_DEVEL) && defined(__OpenBSD__)
+    malloc_options = "AFGJPR";
+#endif
+#ifdef YYDEBUG
+    yydebug = 1;
+#endif
+
+    Argv = argv;
+    Argc = argc;
+
+    dflag = 0;
+    grfile = pwfile = runas_group = runas_user = NULL;
+    while ((ch = getopt(argc, argv, "dg:G:h:p:u:")) != -1) {
+	switch (ch) {
+	    case 'd':
+		dflag = 1;
+		break;
+	    case 'h':
+		user_host = optarg;
+		break;
+	    case 'G':
+		grfile = optarg;
+		break;
+	    case 'g':
+		runas_group = optarg;
+		break;
+	    case 'p':
+		pwfile = optarg;
+		break;
+	    case 'u':
+		runas_user = optarg;
+		break;
+	    default:
+		usage();
+		break;
+	}
+    }
+    argc -= optind;
+    argv += optind;
+    NewArgc = argc;
+    NewArgv = argv;
+
+    /* Set group/passwd file and init the cache. */
+    if (grfile)
+	setgrfile(grfile);
+    if (pwfile)
+	setpwfile(pwfile);
+    sudo_setpwent();
+    sudo_setgrent();
+
+    if (argc < 2) {
+	if (!dflag)
+	    usage();
+	if ((sudo_user.pw = sudo_getpwnam("nobody")) == NULL)
+            errorx(1, "no passwd entry for nobody!");
+	user_cmnd = user_base = "true";
+    } else {
+	if ((sudo_user.pw = sudo_getpwnam(*argv)) == NULL)
+            errorx(1, "no passwd entry for %s!", *argv);
+	user_cmnd = *++argv;
+	if ((p = strrchr(user_cmnd, '/')) != NULL)
+	    user_base = p + 1;
+	else
+	    user_base = user_cmnd;
+	NewArgc -= 2;
+    }
+
+    if (user_host == NULL) {
+	if (gethostname(hbuf, sizeof(hbuf)) != 0)
+	    error(1, "gethostname");
+	hbuf[sizeof(hbuf) - 1] = '\0';
+	user_host = hbuf;
+    }
+    if ((p = strchr(user_host, '.'))) {
+	*p = '\0';
+	user_shost = estrdup(user_host);
+	*p = '.';
+    } else {
+	user_shost = user_host;
+    }
+
+    /* Fill in user_args from NewArgv. */
+    if (NewArgc > 1) {
+	char *to, **from;
+	size_t size, n;
+
+	for (size = 0, from = NewArgv + 1; *from; from++)
+	    size += strlen(*from) + 1;
+
+	user_args = (char *) emalloc(size);
+	for (to = user_args, from = NewArgv + 1; *from; from++) {
+	    n = strlcpy(to, *from, size - (to - user_args));
+	    if (n >= size - (to - user_args))
+		    errorx(1, "internal error, init_vars() overflow");
+	    to += n;
+	    *to++ = ' ';
+	}
+	*--to = '\0';
+    }
+
+    /* Initialize default values. */
+    init_defaults();
+
+    /* Load ip addr/mask for each interface. */
+    load_interfaces();
+
+    /* Allocate space for data structures in the parser. */
+    init_parser("sudoers", 0);
+
+    if (yyparse() != 0 || parse_error)
+	(void) fputs("Does not parse", stdout);
+    else
+	(void) fputs("Parses OK", stdout);
+
+    if (!update_defaults(SETDEF_ALL))
+	(void) fputs(" (problem with defaults entries)", stdout);
+    puts(".");
+
+    /*
+     * Set runas passwd/group entries based on command line or sudoers.
+     * Note that if runas_group was specified without runas_user we
+     * defer setting runas_pw so the match routines know to ignore it.
+     */
+    if (runas_group != NULL) {
+        set_runasgr(runas_group);
+        if (runas_user != NULL)
+            set_runaspw(runas_user);
+    } else
+        set_runaspw(runas_user ? runas_user : def_runas_default);
+
+    if (dflag) {
+	(void) putchar('\n');
+	dump_sudoers();
+	if (argc < 2)
+	    exit(0);
+    }
+
+    /* This loop must match the one in sudoers_lookup() */
+    printf("\nEntries for user %s:\n", user_name);
+    matched = UNSPEC;
+    tq_foreach_rev(&userspecs, us) {
+	if (userlist_matches(sudo_user.pw, &us->users) != ALLOW)
+	    continue;
+	tq_foreach_rev(&us->privileges, priv) {
+	    putchar('\n');
+	    print_privilege(priv); /* XXX */
+	    putchar('\n');
+	    if (hostlist_matches(&priv->hostlist) == ALLOW) {
+		puts("\thost  matched");
+		tq_foreach_rev(&priv->cmndlist, cs) {
+		    if (runaslist_matches(&cs->runasuserlist,
+			&cs->runasgrouplist) == ALLOW) {
+			puts("\trunas matched");
+			rval = cmnd_matches(cs->cmnd);
+			if (rval != UNSPEC)
+			    matched = rval;
+			printf("\tcmnd  %s\n", rval == ALLOW ? "allowed" :
+			    rval == DENY ? "denied" : "unmatched");
+		    }
+		}
+	    } else
+		puts("\thost  unmatched");
+	}
+    }
+    printf("\nCommand %s\n", matched == ALLOW ? "allowed" :
+	matched == DENY ? "denied" : "unmatched");
+
+    exit(0);
+}
+
+void
+set_runaspw(user)
+    char *user;
+{
+    if (*user == '#') {
+	if ((runas_pw = sudo_getpwuid(atoi(user + 1))) == NULL)
+	    runas_pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0);
+    } else {
+	if ((runas_pw = sudo_getpwnam(user)) == NULL)
+	    errorx(1, "unknown user: %s", user);
+    }
+}
+
+void
+set_runasgr(group)
+    char *group;
+{
+    if (*group == '#') {
+	if ((runas_gr = sudo_getgrgid(atoi(group + 1))) == NULL)
+	    runas_gr = sudo_fakegrnam(group);
+    } else {
+	if ((runas_gr = sudo_getgrnam(group)) == NULL)
+	    errorx(1, "unknown group: %s", group);
+    }
+}
+
+void
+sudo_setspent()
+{
+    return;
+}
+
+void
+sudo_endspent()
+{
+    return;
+}
+
+char *
+sudo_getepw(pw)
+    const struct passwd *pw;
+{
+    return (pw->pw_passwd);
+}
+
+void
+set_fqdn()
+{
+    return;
+}
+
+FILE *
+open_sudoers(path, isdir, keepopen)
+    const char *path;
+    int isdir;
+    int *keepopen;
+{
+    return(fopen(path, "r"));
+}
+
+void
+init_envtables()
+{
+    return;
+}
+
+int
+set_perms(perm)
+    int perm;
+{
+    return(1);
+}
+
+void
+cleanup(gotsignal)
+    int gotsignal;
+{
+    if (!gotsignal) {
+	sudo_endpwent();
+	sudo_endgrent();
+    }
+}
+
+void
+print_member(m)    
+    struct member *m;
+{
+    struct sudo_command *c;
+
+    if (m->negated)
+	putchar('!');
+    if (m->name == NULL)
+	fputs("ALL", stdout);
+    else if (m->type != COMMAND)
+	fputs(m->name, stdout);
+    else {
+	c = (struct sudo_command *) m->name;
+	printf("%s%s%s", c->cmnd, c->args ? " " : "",
+	    c->args ? c->args : "");
+    }
+}
+
+void
+print_defaults()
+{
+    struct defaults *d;
+    struct member *m;
+
+    tq_foreach_fwd(&defaults, d) {
+	(void) fputs("Defaults", stdout);
+	switch (d->type) {
+	    case DEFAULTS_HOST:
+		putchar('@');
+		break;
+	    case DEFAULTS_USER:
+		putchar(':');
+		break;
+	    case DEFAULTS_RUNAS:
+		putchar('>');
+		break;
+	    case DEFAULTS_CMND:
+		putchar('!');
+		break;
+	}
+	tq_foreach_fwd(&d->binding, m) {
+	    if (m != tq_first(&d->binding))
+		putchar(',');
+	    print_member(m);
+	}
+	printf("\t%s%s", d->op == FALSE ? "!" : "", d->var);
+	if (d->val != NULL) {
+	    printf("%c%s", d->op == TRUE ? '=' : d->op, d->val);
+	}
+	putchar('\n');
+    }
+}
+
+int
+print_alias(v1, v2)
+    void *v1, *v2;
+{
+    struct alias *a = (struct alias *)v1;
+    struct member *m;
+    struct sudo_command *c;
+
+    switch (a->type) {
+	case HOSTALIAS:
+	    (void) printf("Host_Alias\t%s = ", a->name);
+	    break;
+	case CMNDALIAS:
+	    (void) printf("Cmnd_Alias\t%s = ", a->name);
+	    break;
+	case USERALIAS:
+	    (void) printf("User_Alias\t%s = ", a->name);
+	    break;
+	case RUNASALIAS:
+	    (void) printf("Runas_Alias\t%s = ", a->name);
+	    break;
+    }
+    tq_foreach_fwd(&a->members, m) {
+	if (m != tq_first(&a->members))
+	    fputs(", ", stdout);
+	if (m->type == COMMAND) {
+	    c = (struct sudo_command *) m->name;
+	    printf("%s%s%s", c->cmnd, c->args ? " " : "",
+		c->args ? c->args : "");
+	} else
+	    fputs(m->name, stdout);
+    }
+    putchar('\n');
+    return(0);
+}
+
+void
+print_privilege(priv)
+    struct privilege *priv;
+{
+    struct cmndspec *cs;
+    struct member *m;
+    struct privilege *p;
+    struct cmndtag tags;
+
+    for (p = priv; p != NULL; p = p->next) {
+	if (p != priv)
+	    fputs(" : ", stdout);
+	tq_foreach_fwd(&p->hostlist, m) {
+	    if (m != tq_first(&p->hostlist))
+		fputs(", ", stdout);
+	    print_member(m);
+	}
+	fputs(" = ", stdout);
+	tags.nopasswd = tags.noexec = UNSPEC;
+	tq_foreach_fwd(&p->cmndlist, cs) {
+	    if (cs != tq_first(&p->cmndlist))
+		fputs(", ", stdout);
+	    /* XXX - runasgrouplist too */
+	    if (!tq_empty(&cs->runasuserlist)) {
+		fputs("(", stdout);
+		tq_foreach_fwd(&cs->runasuserlist, m) {
+		    if (m != tq_first(&cs->runasuserlist))
+			fputs(", ", stdout);
+		    print_member(m);
+		}
+		fputs(") ", stdout);
+	    }
+#ifdef HAVE_SELINUX
+	    if (cs->role)
+		printf("ROLE=%s ", cs->role);
+	    if (cs->type)
+		printf("TYPE=%s ", cs->type);
+#endif /* HAVE_SELINUX */
+	    if (cs->tags.nopasswd != UNSPEC && cs->tags.nopasswd != tags.nopasswd)
+		printf("%sPASSWD: ", cs->tags.nopasswd ? "NO" : "");
+	    if (cs->tags.noexec != UNSPEC && cs->tags.noexec != tags.noexec)
+		printf("%sEXEC: ", cs->tags.noexec ? "NO" : "");
+	    print_member(cs->cmnd);
+	    memcpy(&tags, &cs->tags, sizeof(tags));
+	}
+    }
+}
+
+void
+print_userspecs()
+{
+    struct member *m;
+    struct userspec *us;
+
+    tq_foreach_fwd(&userspecs, us) {
+	tq_foreach_fwd(&us->users, m) {
+	    if (m != tq_first(&us->users))
+		fputs(", ", stdout);
+	    print_member(m);
+	}
+	putchar('\t');
+	print_privilege(us->privileges.first); /* XXX */
+	putchar('\n');
+    }
+}
+
+void
+dump_sudoers()
+{
+    print_defaults();
+
+    putchar('\n');
+    alias_apply(print_alias, NULL);
+
+    putchar('\n');
+    print_userspecs();
+}
+
+void
+usage()
+{
+    (void) fprintf(stderr, "usage: %s [-d] [-G grfile] [-g group] [-h host] [-p pwfile] [-u user] <user> <command> [args]\n", getprogname());
+    exit(1);
+}
diff --git a/sudo-1.7.4p4/tgetpass.c b/sudo-1.7.4p4/tgetpass.c
new file mode 100644
index 0000000..8127eab
--- /dev/null
+++ b/sudo-1.7.4p4/tgetpass.c
@@ -0,0 +1,300 @@
+/*
+ * Copyright (c) 1996, 1998-2005, 2007-2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#ifdef __TANDEM
+# include <floss.h>
+#endif
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+#  include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <pwd.h>
+#include <errno.h>
+#include <signal.h>
+#include <fcntl.h>
+
+#include "sudo.h"
+
+static volatile sig_atomic_t signo[NSIG];
+
+static void handler __P((int));
+static char *getln __P((int, char *, size_t, int));
+static char *sudo_askpass __P((const char *));
+
+/*
+ * Like getpass(3) but with timeout and echo flags.
+ */
+char *
+tgetpass(prompt, timeout, flags)
+    const char *prompt;
+    int timeout;
+    int flags;
+{
+    sigaction_t sa, savealrm, saveint, savehup, savequit, saveterm;
+    sigaction_t savetstp, savettin, savettou, savepipe;
+    char *pass;
+    static char buf[SUDO_PASS_MAX + 1];
+    int i, input, output, save_errno, neednl = 0, need_restart;
+
+    (void) fflush(stdout);
+
+    /* If using a helper program to get the password, run it instead. */
+    if (ISSET(flags, TGP_ASKPASS) && user_askpass)
+	return(sudo_askpass(prompt));
+
+restart:
+    for (i = 0; i < NSIG; i++)
+	signo[i] = 0;
+    pass = NULL;
+    save_errno = 0;
+    need_restart = 0;
+    /* Open /dev/tty for reading/writing if possible else use stdin/stderr. */
+    if (ISSET(flags, TGP_STDIN) ||
+	(input = output = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1) {
+	input = STDIN_FILENO;
+	output = STDERR_FILENO;
+    }
+
+    /*
+     * If we are using a tty but are not the foreground pgrp this will
+     * generate SIGTTOU, so do it *before* installing the signal handlers.
+     */
+    if (!ISSET(flags, TGP_ECHO)) {
+	if (def_pwfeedback)
+	    neednl = term_cbreak(input);
+	else
+	    neednl = term_noecho(input);
+    }
+
+    /*
+     * Catch signals that would otherwise cause the user to end
+     * up with echo turned off in the shell.
+     */
+    zero_bytes(&sa, sizeof(sa));
+    sigemptyset(&sa.sa_mask);
+    sa.sa_flags = SA_INTERRUPT;	/* don't restart system calls */
+    sa.sa_handler = handler;
+    (void) sigaction(SIGALRM, &sa, &savealrm);
+    (void) sigaction(SIGINT, &sa, &saveint);
+    (void) sigaction(SIGHUP, &sa, &savehup);
+    (void) sigaction(SIGQUIT, &sa, &savequit);
+    (void) sigaction(SIGTERM, &sa, &saveterm);
+    (void) sigaction(SIGTSTP, &sa, &savetstp);
+    (void) sigaction(SIGTTIN, &sa, &savettin);
+    (void) sigaction(SIGTTOU, &sa, &savettou);
+
+    /* Ignore SIGPIPE in case stdin is a pipe and TGP_STDIN is set */
+    sa.sa_handler = SIG_IGN;
+    (void) sigaction(SIGPIPE, &sa, &savepipe);
+
+    if (prompt)
+	(void) write(output, prompt, strlen(prompt));
+
+    if (timeout > 0)
+	alarm(timeout);
+    pass = getln(input, buf, sizeof(buf), def_pwfeedback);
+    alarm(0);
+    save_errno = errno;
+
+    if (neednl || pass == NULL)
+	(void) write(output, "\n", 1);
+
+    /* Restore old tty settings and signals. */
+    if (!ISSET(flags, TGP_ECHO))
+	term_restore(input, 1);
+    (void) sigaction(SIGALRM, &savealrm, NULL);
+    (void) sigaction(SIGINT, &saveint, NULL);
+    (void) sigaction(SIGHUP, &savehup, NULL);
+    (void) sigaction(SIGQUIT, &savequit, NULL);
+    (void) sigaction(SIGTERM, &saveterm, NULL);
+    (void) sigaction(SIGTSTP, &savetstp, NULL);
+    (void) sigaction(SIGTTIN, &savettin, NULL);
+    (void) sigaction(SIGTTOU, &savettou, NULL);
+    (void) sigaction(SIGTTOU, &savepipe, NULL);
+    if (input != STDIN_FILENO)
+	(void) close(input);
+
+    /*
+     * If we were interrupted by a signal, resend it to ourselves
+     * now that we have restored the signal handlers.
+     */
+    for (i = 0; i < NSIG; i++) {
+	if (signo[i]) {
+	    kill(getpid(), i);
+	    switch (i) {
+		case SIGTSTP:
+		case SIGTTIN:
+		case SIGTTOU:
+		    need_restart = 1;
+		    break;
+	    }
+	}
+    }
+    if (need_restart)
+	goto restart;
+
+    if (save_errno)
+	errno = save_errno;
+    return(pass);
+}
+
+/*
+ * Fork a child and exec sudo-askpass to get the password from the user.
+ */
+static char *
+sudo_askpass(prompt)
+    const char *prompt;
+{
+    static char buf[SUDO_PASS_MAX + 1], *pass;
+    sigaction_t sa, saved_sa_pipe;
+    int pfd[2];
+    pid_t pid;
+
+    if (pipe(pfd) == -1)
+	error(1, "unable to create pipe");
+
+    if ((pid = fork()) == -1)
+	error(1, "unable to fork");
+
+    if (pid == 0) {
+	/* child, point stdout to output side of the pipe and exec askpass */
+	if (dup2(pfd[1], STDOUT_FILENO) == -1) {
+	    warning("dup2");
+	    _exit(255);
+	}
+	(void) dup2(pfd[1], STDOUT_FILENO);
+	set_perms(PERM_FULL_USER);
+	closefrom(STDERR_FILENO + 1);
+	execl(user_askpass, user_askpass, prompt, (char *)NULL);
+	warning("unable to run %s", user_askpass);
+	_exit(255);
+    }
+
+    /* Ignore SIGPIPE in case child exits prematurely */
+    zero_bytes(&sa, sizeof(sa));
+    sigemptyset(&sa.sa_mask);
+    sa.sa_flags = SA_INTERRUPT;
+    sa.sa_handler = SIG_IGN;
+    (void) sigaction(SIGPIPE, &sa, &saved_sa_pipe);
+
+    /* Get response from child (askpass) and restore SIGPIPE handler */
+    (void) close(pfd[1]);
+    pass = getln(pfd[0], buf, sizeof(buf), 0);
+    (void) close(pfd[0]);
+    (void) sigaction(SIGPIPE, &saved_sa_pipe, NULL);
+
+    return(pass);
+}
+
+extern int term_erase, term_kill;
+
+static char *
+getln(fd, buf, bufsiz, feedback)
+    int fd;
+    char *buf;
+    size_t bufsiz;
+    int feedback;
+{
+    size_t left = bufsiz;
+    ssize_t nr = -1;
+    char *cp = buf;
+    char c = '\0';
+
+    if (left == 0) {
+	errno = EINVAL;
+	return(NULL);			/* sanity */
+    }
+
+    while (--left) {
+	nr = read(fd, &c, 1);
+	if (nr != 1 || c == '\n' || c == '\r')
+	    break;
+	if (feedback) {
+	    if (c == term_kill) {
+		while (cp > buf) {
+		    (void) write(fd, "\b \b", 3);
+		    --cp;
+		}
+		left = bufsiz;
+		continue;
+	    } else if (c == term_erase) {
+		if (cp > buf) {
+		    (void) write(fd, "\b \b", 3);
+		    --cp;
+		    left++;
+		}
+		continue;
+	    }
+	    (void) write(fd, "*", 1);
+	}
+	*cp++ = c;
+    }
+    *cp = '\0';
+    if (feedback) {
+	/* erase stars */
+	while (cp > buf) {
+	    (void) write(fd, "\b \b", 3);
+	    --cp;
+	}
+    }
+
+    return(nr == 1 ? buf : NULL);
+}
+
+static void
+handler(s)
+    int s;
+{
+    if (s != SIGALRM)
+	signo[s] = 1;
+}
+
+int
+tty_present()
+{
+    int fd;
+
+    if ((fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) != -1)
+	close(fd);
+    return(fd != -1);
+}
diff --git a/sudo-1.7.4p4/timestr.c b/sudo-1.7.4p4/timestr.c
new file mode 100644
index 0000000..3b2a18d
--- /dev/null
+++ b/sudo-1.7.4p4/timestr.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 1999, 2009 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#include <time.h>
+
+#include "compat.h"
+
+char *get_timestr	__P((time_t, int));
+
+/*
+ * Return an ascii string with the current date + time
+ * Uses strftime() if available, else falls back to ctime().
+ */
+char *
+get_timestr(tstamp, log_year)
+    time_t tstamp;
+    int log_year;
+{
+    char *s;
+#ifdef HAVE_STRFTIME
+    static char buf[128];
+    struct tm *timeptr;
+
+    timeptr = localtime(&tstamp);
+    if (log_year)
+	s = "%h %e %T %Y";
+    else
+	s = "%h %e %T";
+
+    /* strftime() does not guarantee to NUL-terminate so we must check. */
+    buf[sizeof(buf) - 1] = '\0';
+    if (strftime(buf, sizeof(buf), s, timeptr) && buf[sizeof(buf) - 1] == '\0')
+	return(buf);
+
+#endif /* HAVE_STRFTIME */
+
+    s = ctime(&tstamp) + 4;		/* skip day of the week */
+    if (log_year)
+	s[20] = '\0';			/* avoid the newline */
+    else
+	s[15] = '\0';			/* don't care about year */
+
+    return(s);
+}
diff --git a/sudo-1.7.4p4/toke.c b/sudo-1.7.4p4/toke.c
new file mode 100644
index 0000000..e8b9243
--- /dev/null
+++ b/sudo-1.7.4p4/toke.c
@@ -0,0 +1,3658 @@
+/*	$OpenBSD: flex.skl,v 1.10 2007/01/26 14:38:19 tsi Exp $	*/
+
+/* A lexical scanner generated by flex */
+
+/* Scanner skeleton version:
+ * $Header: /home/cvs/openbsd/src/usr.bin/lex/flex.skl,v 1.10 2007/01/26 14:38:19 tsi Exp $
+ */
+
+#define FLEX_SCANNER
+#define YY_FLEX_MAJOR_VERSION 2
+#define YY_FLEX_MINOR_VERSION 5
+
+#include <stdio.h>
+#include <errno.h>
+
+
+/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */
+#ifdef c_plusplus
+#ifndef __cplusplus
+#define __cplusplus
+#endif
+#endif
+
+
+#ifdef __cplusplus
+
+#include <stdlib.h>
+#include <unistd.h>
+
+/* Use prototypes in function declarations. */
+#define YY_USE_PROTOS
+
+/* The "const" storage-class-modifier is valid. */
+#define YY_USE_CONST
+
+#else	/* ! __cplusplus */
+
+#ifdef __STDC__
+
+#define YY_USE_PROTOS
+#define YY_USE_CONST
+
+#endif	/* __STDC__ */
+#endif	/* ! __cplusplus */
+
+#ifdef __TURBOC__
+ #pragma warn -rch
+ #pragma warn -use
+#include <io.h>
+#include <stdlib.h>
+#define YY_USE_CONST
+#define YY_USE_PROTOS
+#endif
+
+#ifdef YY_USE_CONST
+#define yyconst const
+#else
+#define yyconst
+#endif
+
+
+#ifdef YY_USE_PROTOS
+#define YY_PROTO(proto) proto
+#else
+#define YY_PROTO(proto) ()
+#endif
+
+/* Returned upon end-of-file. */
+#define YY_NULL 0
+
+/* Promotes a possibly negative, possibly signed char to an unsigned
+ * integer for use as an array index.  If the signed char is negative,
+ * we want to instead treat it as an 8-bit unsigned char, hence the
+ * double cast.
+ */
+#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
+
+/* Enter a start condition.  This macro really ought to take a parameter,
+ * but we do it the disgusting crufty way forced on us by the ()-less
+ * definition of BEGIN.
+ */
+#define BEGIN yy_start = 1 + 2 *
+
+/* Translate the current start state into a value that can be later handed
+ * to BEGIN to return to the state.  The YYSTATE alias is for lex
+ * compatibility.
+ */
+#define YY_START ((yy_start - 1) / 2)
+#define YYSTATE YY_START
+
+/* Action number for EOF rule of a given start state. */
+#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
+
+/* Special action meaning "start processing a new file". */
+#define YY_NEW_FILE yyrestart( yyin )
+
+#define YY_END_OF_BUFFER_CHAR 0
+
+/* Size of default input buffer. */
+#define YY_BUF_SIZE 16384
+
+typedef struct yy_buffer_state *YY_BUFFER_STATE;
+
+extern int yyleng;
+extern FILE *yyin, *yyout;
+
+#define EOB_ACT_CONTINUE_SCAN 0
+#define EOB_ACT_END_OF_FILE 1
+#define EOB_ACT_LAST_MATCH 2
+
+/* The funky do-while in the following #define is used to turn the definition
+ * int a single C statement (which needs a semi-colon terminator).  This
+ * avoids problems with code like:
+ *
+ * 	if ( condition_holds )
+ *		yyless( 5 );
+ *	else
+ *		do_something_else();
+ *
+ * Prior to using the do-while the compiler would get upset at the
+ * "else" because it interpreted the "if" statement as being all
+ * done when it reached the ';' after the yyless() call.
+ */
+
+/* Return all but the first 'n' matched characters back to the input stream. */
+
+#define yyless(n) \
+	do \
+		{ \
+		/* Undo effects of setting up yytext. */ \
+		*yy_cp = yy_hold_char; \
+		YY_RESTORE_YY_MORE_OFFSET \
+		yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \
+		YY_DO_BEFORE_ACTION; /* set up yytext again */ \
+		} \
+	while ( 0 )
+
+#define unput(c) yyunput( c, yytext_ptr )
+
+/* The following is because we cannot portably get our hands on size_t
+ * (without autoconf's help, which isn't available because we want
+ * flex-generated scanners to compile on their own).
+ */
+typedef unsigned int yy_size_t;
+
+
+struct yy_buffer_state
+	{
+	FILE *yy_input_file;
+
+	char *yy_ch_buf;		/* input buffer */
+	char *yy_buf_pos;		/* current position in input buffer */
+
+	/* Size of input buffer in bytes, not including room for EOB
+	 * characters.
+	 */
+	yy_size_t yy_buf_size;
+
+	/* Number of characters read into yy_ch_buf, not including EOB
+	 * characters.
+	 */
+	int yy_n_chars;
+
+	/* Whether we "own" the buffer - i.e., we know we created it,
+	 * and can realloc() it to grow it, and should free() it to
+	 * delete it.
+	 */
+	int yy_is_our_buffer;
+
+	/* Whether this is an "interactive" input source; if so, and
+	 * if we're using stdio for input, then we want to use getc()
+	 * instead of fread(), to make sure we stop fetching input after
+	 * each newline.
+	 */
+	int yy_is_interactive;
+
+	/* Whether we're considered to be at the beginning of a line.
+	 * If so, '^' rules will be active on the next match, otherwise
+	 * not.
+	 */
+	int yy_at_bol;
+
+	/* Whether to try to fill the input buffer when we reach the
+	 * end of it.
+	 */
+	int yy_fill_buffer;
+
+	int yy_buffer_status;
+#define YY_BUFFER_NEW 0
+#define YY_BUFFER_NORMAL 1
+	/* When an EOF's been seen but there's still some text to process
+	 * then we mark the buffer as YY_EOF_PENDING, to indicate that we
+	 * shouldn't try reading from the input source any more.  We might
+	 * still have a bunch of tokens to match, though, because of
+	 * possible backing-up.
+	 *
+	 * When we actually see the EOF, we change the status to "new"
+	 * (via yyrestart()), so that the user can continue scanning by
+	 * just pointing yyin at a new input file.
+	 */
+#define YY_BUFFER_EOF_PENDING 2
+	};
+
+static YY_BUFFER_STATE yy_current_buffer = 0;
+
+/* We provide macros for accessing buffer states in case in the
+ * future we want to put the buffer states in a more general
+ * "scanner state".
+ */
+#define YY_CURRENT_BUFFER yy_current_buffer
+
+
+/* yy_hold_char holds the character lost when yytext is formed. */
+static char yy_hold_char;
+
+static int yy_n_chars;		/* number of characters read into yy_ch_buf */
+
+
+int yyleng;
+
+/* Points to current character in buffer. */
+static char *yy_c_buf_p = (char *) 0;
+static int yy_init = 1;		/* whether we need to initialize */
+static int yy_start = 0;	/* start state number */
+
+/* Flag which is used to allow yywrap()'s to do buffer switches
+ * instead of setting up a fresh yyin.  A bit of a hack ...
+ */
+static int yy_did_buffer_switch_on_eof;
+
+void yyrestart YY_PROTO(( FILE *input_file ));
+
+void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer ));
+void yy_load_buffer_state YY_PROTO(( void ));
+YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size ));
+void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b ));
+void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file ));
+void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b ));
+#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer )
+
+YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size ));
+YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str ));
+YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len ));
+
+static void *yy_flex_alloc YY_PROTO(( yy_size_t ));
+static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t ));
+static void yy_flex_free YY_PROTO(( void * ));
+
+#define yy_new_buffer yy_create_buffer
+
+#define yy_set_interactive(is_interactive) \
+	{ \
+	if ( ! yy_current_buffer ) \
+		yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \
+	yy_current_buffer->yy_is_interactive = is_interactive; \
+	}
+
+#define yy_set_bol(at_bol) \
+	{ \
+	if ( ! yy_current_buffer ) \
+		yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \
+	yy_current_buffer->yy_at_bol = at_bol; \
+	}
+
+#define YY_AT_BOL() (yy_current_buffer->yy_at_bol)
+
+
+#define yywrap() 1
+#define YY_SKIP_YYWRAP
+typedef unsigned char YY_CHAR;
+FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
+typedef int yy_state_type;
+extern char *yytext;
+#define yytext_ptr yytext
+
+static yy_state_type yy_get_previous_state YY_PROTO(( void ));
+static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state ));
+static int yy_get_next_buffer YY_PROTO(( void ));
+static void yy_fatal_error YY_PROTO(( yyconst char msg[] ));
+
+/* Done after the current pattern has been matched and before the
+ * corresponding action - sets up yytext.
+ */
+#define YY_DO_BEFORE_ACTION \
+	yytext_ptr = yy_bp; \
+	yyleng = (int) (yy_cp - yy_bp); \
+	yy_hold_char = *yy_cp; \
+	*yy_cp = '\0'; \
+	yy_c_buf_p = yy_cp;
+
+#define YY_NUM_RULES 50
+#define YY_END_OF_BUFFER 51
+static yyconst short int yy_accept[555] =
+    {   0,
+        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,   51,   38,   46,   45,   44,   38,   49,   38,
+       39,   40,   38,   41,   38,   38,   38,   38,   43,   42,
+       49,   33,   33,   33,   33,   33,   33,   49,   38,   38,
+       46,   49,   33,   33,   33,   33,   33,    1,   49,   38,
+       38,   16,   15,   16,   15,   15,   49,   49,   49,    2,
+        8,    7,    8,    3,    8,    4,   49,   12,   12,   12,
+       10,   11,   38,    0,   46,   44,   38,    0,    0,    0,
+       48,    0,   38,   28,    0,    0,   27,    0,   36,   36,
+        0,   38,   38,    0,   38,   38,   38,   38,    0,   31,
+
+       33,   33,   33,   33,   33,   33,   38,   47,   38,   46,
+        0,    0,    0,    0,    0,    0,   38,   38,   38,   38,
+       38,    1,    0,   34,   34,    0,   38,   16,   16,   14,
+       13,   14,    0,    0,    2,    8,    0,    5,    6,    8,
+        8,   12,    0,   12,   12,    0,    9,   37,   37,    0,
+        0,   28,    0,    0,   38,   38,   38,   38,   38,    0,
+        0,   31,   31,   33,   33,   33,   33,   33,   33,   33,
+       38,    0,    0,    0,    0,    0,    0,   38,   38,   38,
+       38,   38,    0,   38,    9,    0,   38,   38,   38,   38,
+       38,   38,    0,   32,   32,   32,    0,    0,   31,   31,
+
+       31,   31,   31,   31,   31,   33,   33,   33,   33,   33,
+       33,   33,   38,    0,    0,    0,    0,    0,    0,   38,
+       38,   38,   38,   38,   38,   38,    0,    0,   32,   32,
+       32,    0,   31,   31,    0,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,    0,   24,   33,   33,
+       33,   33,   33,   38,    0,    0,    0,    0,   38,   38,
+       38,   38,   38,   38,   38,   38,    0,   32,    0,   31,
+       31,   31,    0,    0,    0,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31,   33,   33,
+       33,   33,   33,   38,    0,    0,    0,   38,   38,   38,
+
+       29,   29,   29,    0,    0,   31,   31,   31,   31,   31,
+       31,   31,    0,    0,    0,    0,    0,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
+       31,    0,   23,   33,   33,    0,   22,    0,   25,   38,
+        0,    0,    0,   38,   38,   38,   38,   29,   29,   29,
+       29,    0,   31,    0,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,    0,    0,    0,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
+       31,   33,   33,   35,    0,    0,    0,   38,   19,   34,
+       38,   30,   30,   30,   31,    0,    0,    0,   31,   31,
+
+       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
+       31,    0,    0,    0,    0,    0,   31,   31,   31,   31,
+       31,   31,   31,   31,    0,   21,    0,   26,    0,   19,
+        0,    0,   38,    0,   38,   38,   38,   30,   30,   30,
+       30,   30,    0,    0,    0,    0,    0,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,    0,    0,    0,
+       20,   19,    0,    0,   19,    0,   38,   38,   38,   30,
+       30,    0,    0,    0,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   31,   31,   31,
+
+       31,   31,   20,    0,   17,    0,   38,   38,   38,   38,
+       38,    0,    0,    0,    0,    0,   31,   31,   31,   31,
+       31,   31,   31,   31,    0,   38,   38,   38,   31,   31,
+       31,   31,   31,   31,    0,   38,   38,   38,   38,   38,
+       31,   31,   31,   31,   31,    0,   18,   29,   29,   29,
+       29,   29,   29,    0
+    } ;
+
+static yyconst int yy_ec[256] =
+    {   0,
+        1,    1,    1,    1,    1,    1,    1,    1,    2,    3,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    2,    4,    5,    6,    1,    7,    1,    1,    8,
+        9,   10,   11,   12,   13,   14,   15,   16,   17,   18,
+       19,   20,   21,   22,   22,   22,   23,   24,    1,    1,
+       25,   26,   10,   27,   28,   29,   30,   31,   32,   29,
+       33,   34,   33,   33,   33,   33,   33,   35,   36,   37,
+       33,   38,   39,   40,   41,   42,   43,   44,   33,   33,
+       10,   45,   10,    1,   46,    1,   47,   48,   49,   50,
+
+       51,   52,   53,   53,   54,   53,   53,   55,   56,   57,
+       58,   53,   53,   59,   60,   61,   62,   53,   53,   53,
+       53,   53,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1
+    } ;
+
+static yyconst int yy_meta[63] =
+    {   0,
+        1,    2,    3,    4,    5,    2,    1,    6,    6,    1,
+        1,    2,    1,    7,    8,    9,    9,    9,    9,    9,
+        9,    9,    9,   10,   11,    6,    1,    9,    9,    9,
+        9,    9,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,   12,   13,   14,   14,   14,   14,
+       14,   14,   13,   13,   13,   13,   13,   13,   13,   13,
+       13,   13
+    } ;
+
+static yyconst short int yy_base[621] =
+    {   0,
+        0,   61,   62,   63,   69,   84,  128,  189,  250,  294,
+       80,  101, 2394, 2348, 2390, 3541, 2387,  338,  381,   52,
+     3541, 3541, 2345, 3541,  107,  391,  119,  137, 2351, 3541,
+     3541,  443, 2330,  490, 2337, 2335, 2320,  541,  145,   55,
+      167,  565, 2293, 2297, 2289, 2258, 2257, 2314,  193,  256,
+       56,    0, 3541, 2311, 3541,    0,  264,  617,   77,    0,
+     2261, 3541,   82, 3541,   99, 3541,  110, 2243,  126,  106,
+     3541,  145, 2240,  306, 2282, 2279,  639, 2277, 2276, 2263,
+     3541,  201,  209,   74, 2211,  347, 2208,  550,  276, 2199,
+      587,  410,  669, 2210, 2210,  306,  358,  317, 2163,  179,
+
+      706,    0, 2154,  240, 2111, 2109,  389, 3541,   76,  355,
+     2082, 2076, 2066, 2061, 2062,   63,  115,  219,   29,  212,
+       98, 2116,  507,  361, 2071,  598,  154,    0, 2111,  256,
+     3541, 3541,  636,  284,    0, 2069,  567, 3541, 3541, 2066,
+      532, 2050, 2087,  271,  300,  288, 2089, 2038, 3541, 2057,
+     2055, 1986,  669,  603,  745,  777,  809,  841, 2014, 2003,
+      878,  268,  916,  953, 1996, 1980, 1971, 1945, 1911, 1915,
+      236, 1862, 1866, 1856, 1843, 1848,  317,  157, 1851,  307,
+      266,  258,  777,  296, 1880, 1877,  686,  402,  992, 1024,
+      725,  337, 1839, 1838,  787,  499, 1782, 1781,  343,  755,
+
+     1056,  796,  694, 1094,  819, 1745,  393, 1736, 1728, 1711,
+     1707, 1697,  373, 1681, 1666, 1651, 1664, 1623,  543,  400,
+      556,  233,  506, 1133, 1165, 1197, 1657, 1655,  827, 1640,
+     1638, 1637, 1621,  540,  858,  546,  895,  602, 1229,    0,
+      935, 1240,  970,  731, 1278, 1002,  601, 3541, 1614, 1604,
+     1610, 1595, 1583,  486, 1565, 1548, 1548,  387,  343,  380,
+      616, 1010,  423, 1317, 1349, 1044, 1555, 1554, 1553, 1506,
+     1379,  645, 1076, 1113, 1143,  652,  983, 1035, 1151, 1042,
+     1418,    0, 1175, 1429, 1184,  866, 1467, 1207,  644, 1451,
+     1458,  648,  672,  625, 1447, 1419,  680,  576,  487,  715,
+
+     1505, 1536, 1567, 1449, 1447, 1432, 1215, 1599, 1257,  903,
+     1636, 1297, 1325, 1441, 1335, 1359, 1369,  841, 1024, 1067,
+     1124, 1396, 1308, 1675,    0, 1448, 1686, 1484, 1265, 1724,
+     1515,  955, 3541, 1423, 1364,  956, 3541,  975, 3541,  807,
+     1350, 1300,  591, 1074,  569,  917, 1523,  155, 1762, 1793,
+     1546, 1336, 1300, 1553,  768, 1576,  810, 1825,    0,  429,
+     1836, 1584, 1404, 1873, 1618, 1655, 1705, 1743, 1288, 1335,
+     1734, 1772, 1772, 1803, 1912,    0, 1805, 1923, 1781, 1492,
+     1814,  993, 1156, 1276, 1251, 1244,  730,  635, 1952, 1222,
+     1984, 2016, 2048, 2080, 1242, 1855, 1892, 1943, 1241, 1184,
+
+     1198, 1964, 1350, 2112,    0,  762, 2123, 1972, 1992, 2160,
+     2000, 2024, 1227, 2034, 2058, 2068, 1369, 1609, 1934,  772,
+      806, 2199,    0,  844, 1173, 3541, 1468, 3541, 1192, 2086,
+     1389,  142,  991,  604,  736, 2140, 1038, 2209, 2241, 2273,
+     2305, 2103, 2177, 1163, 2219, 2229, 2251, 1152, 1116, 1656,
+     1706, 2257, 1837, 2337,    0,  881, 2348, 2281, 2088, 2385,
+     2291, 2314, 2323, 2366, 1855, 1122,  927, 1042, 1031,  902,
+      951,  990, 1725, 2416, 1836, 2437, 2450, 2482, 2514, 2434,
+     1951, 2464, 2492, 2502,  936,  919, 1893, 2001, 2522, 2035,
+     2546,    0, 1031, 2557, 2530, 2148, 2576,  838, 2595, 2604,
+
+     2473,  773, 3541,  659, 3541, 1065, 2612, 1195, 2644, 2676,
+     2623, 2629,  618, 2655, 2665, 2686,  573,  566, 2049,  557,
+      549, 2694,    0, 1078, 1545, 2708, 2740, 2772, 2716, 2724,
+     2748,  509,    0,  455,  357, 2756, 1535, 2804, 2836, 2786,
+     3541, 2792, 2816, 2185, 3541,  345, 3541, 2824, 2844, 2854,
+       25, 2874, 2866, 3541, 2919, 2933, 2947, 2961, 2975, 2989,
+     3003, 3017, 3031, 3045, 3051, 3065, 3079, 1107, 3093, 3107,
+     3121, 3135, 3149, 3163, 3177, 3191, 3197, 3204, 3218, 3232,
+     3238, 3245, 3251, 3257, 3263, 3270, 3276, 3282, 3288, 3295,
+     3303, 3309, 3315, 3321, 3328, 3336, 3342, 3348, 3355, 3363,
+
+     3369, 3377, 3384, 3392, 3398, 3406, 3413, 3421, 3435, 3449,
+     3455, 3463, 3470, 3484, 3490, 3498, 3504, 3512, 1600, 3526
+    } ;
+
+static yyconst short int yy_def[621] =
+    {   0,
+      554,    1,    1,    1,  555,  555,  556,  556,  557,  557,
+      558,  558,  554,  559,  554,  554,  554,  560,  561,  562,
+      554,  554,  563,  554,  564,  559,   26,   26,  565,  554,
+      554,  554,   32,   32,   34,   34,   34,  559,   26,  559,
+      554,  561,   32,   32,   34,   34,   34,  554,  554,  566,
+      559,  567,  554,  567,  554,  567,  554,  561,  554,  568,
+      569,  554,  569,  554,  569,  554,  570,  571,  571,  571,
+      554,  554,  559,  559,  554,  554,  560,  572,  560,  573,
+      554,  574,  554,  562,  575,  562,  563,  563,  564,  576,
+      559,  559,   26,  565,   93,   93,   93,   93,  577,  578,
+
+       32,   34,   34,   34,   34,   34,  559,  554,  559,  554,
+      554,  554,  554,  554,  554,  573,  559,   93,  559,  559,
+      559,  554,  554,  566,  579,  559,  559,  567,  567,  554,
+      554,  554,  574,  554,  568,  569,  569,  554,  554,  569,
+      569,  571,  554,  571,  571,  554,  554,  559,  554,  573,
+      580,  575,  575,  554,  559,  559,  559,   93,  158,  581,
+      554,  582,  554,   32,   34,   34,   34,   34,   34,   34,
+      559,  554,  554,  554,  554,  554,  573,  559,  158,  559,
+      559,  559,  554,  559,  554,  580,  559,  559,  559,  559,
+      559,  559,  583,  584,  584,  195,  585,  584,  586,  163,
+
+      554,  201,  201,  554,  201,   34,   34,   34,   34,   34,
+       34,   34,  559,  554,  554,  554,  554,  554,  573,  559,
+      559,  559,  559,  559,  559,  559,  554,  587,  587,  229,
+      587,  588,  589,  590,  554,  591,  204,  591,  591,  239,
+      591,  554,  242,  242,  554,  242,  554,  554,   34,   34,
+       34,   34,   34,  559,  554,  554,  554,  573,  559,  559,
+      559,  559,  559,  559,  559,  559,  592,  592,  593,  594,
+      554,  554,  554,  554,  554,  595,  595,  596,  245,  596,
+      596,  281,  596,  554,  284,  284,  554,  284,   34,   34,
+       34,   34,   34,  559,  554,  554,  573,  559,  559,  559,
+
+      559,  559,  559,  554,  597,  598,  271,  554,  308,  308,
+      554,  308,  554,  554,  554,  554,  554,  554,  599,  599,
+      600,  287,  600,  600,  324,  600,  554,  327,  327,  554,
+      327,  554,  554,   34,   34,  554,  554,  554,  554,  559,
+      554,  554,  573,  559,  559,  559,  559,  559,  559,  559,
+      559,  554,  601,  554,  602,  311,  602,  602,  358,  358,
+      554,  361,  361,  554,  361,  554,  554,  554,  554,  603,
+      603,  604,  330,  604,  604,  375,  604,  554,  378,  378,
+      378,   34,   34,  559,  554,  554,  573,  559,  559,  559,
+      559,  559,  559,  559,  554,  554,  554,  554,  605,  605,
+
+      606,  364,  606,  606,  404,  404,  554,  407,  407,  554,
+      407,  554,  554,  554,  554,  554,  554,  607,  607,  608,
+      608,  608,  422,  422,  554,  554,  554,  554,  554,  554,
+      573,  573,  559,  609,  610,  559,  559,  559,  559,  559,
+      559,  559,  554,  554,  554,  554,  554,  554,  611,  611,
+      612,  410,  612,  612,  454,  454,  554,  457,  457,  554,
+      457,  554,  554,  554,  554,  613,  613,  554,  614,  573,
+      559,  609,  609,  609,  610,  610,  559,  559,  559,  559,
+      559,  554,  554,  554,  554,  615,  615,  616,  460,  616,
+      616,  491,  491,  554,  494,  494,  494,  554,  554,  554,
+
+      554,  554,  554,  614,  554,  573,  559,  559,  559,  559,
+      559,  554,  554,  554,  554,  554,  554,  617,  617,  618,
+      618,  618,  522,  522,  573,  559,  559,  559,  554,  554,
+      554,  554,  619,  619,  620,  559,  559,  559,  559,  559,
+      554,  554,  554,  554,  554,  620,  554,  559,  559,  559,
+      559,  559,  559,    0,  554,  554,  554,  554,  554,  554,
+      554,  554,  554,  554,  554,  554,  554,  554,  554,  554,
+      554,  554,  554,  554,  554,  554,  554,  554,  554,  554,
+      554,  554,  554,  554,  554,  554,  554,  554,  554,  554,
+      554,  554,  554,  554,  554,  554,  554,  554,  554,  554,
+
+      554,  554,  554,  554,  554,  554,  554,  554,  554,  554,
+      554,  554,  554,  554,  554,  554,  554,  554,  554,  554
+    } ;
+
+static yyconst short int yy_nxt[3604] =
+    {   0,
+       14,   15,   16,   17,   18,   19,   20,   21,   22,   14,
+       23,   24,   14,   14,   25,   26,   27,   28,   26,   26,
+       26,   26,   26,   29,   30,   31,   14,   32,   32,   32,
+       32,   33,   34,   34,   35,   34,   36,   34,   37,   34,
+       34,   34,   34,   34,   38,   14,   39,   39,   39,   39,
+       39,   39,   14,   14,   14,   14,   14,   14,   14,   40,
+       14,   14,   41,   48,   48,   81,   42,   49,   49,   74,
+       15,   53,   54,   74,   55,   85,   50,   50,  134,  108,
+       55,   69,   16,   70,   71,   15,   53,   54,  180,   55,
+       43,   44,   55,   56,   45,   55,   86,  554,   46,   74,
+
+       74,   47,   69,   16,   70,   71,  138,   55,   56,  145,
+       90,  141,  108,   57,   90,   90,  109,  127,   86,  177,
+       74,   51,   51,  139,   72,  171,  137,  144,   57,   15,
+       16,   17,   90,   58,   96,   96,   96,   96,   96,   96,
+       96,   96,   74,  137,   81,   72,  146,  147,  182,  142,
+      143,   91,   97,   97,   97,   97,   97,   98,   73,   74,
+       95,   95,   95,   95,   95,   95,   95,   95,  110,  347,
+      143,  178,   59,   60,   60,   60,   60,   60,   60,   60,
+       60,   60,   60,   60,   60,   60,   60,   60,   60,   60,
+       15,   16,   17,  161,   58,  470,  111,  112,   74,   74,
+
+      113,   74,  163,  184,  114,  123,  220,  115,   83,   83,
+       83,   83,   83,   83,   83,   83,   83,   83,   83,   83,
+       83,   83,   83,   83,   83,   83,   83,   83,   83,   83,
+       83,   83,   73,   59,   60,   60,   60,   60,   60,   60,
+       60,   60,   60,   60,   60,   60,   60,   60,   60,   60,
+       60,   15,   16,   17,   62,   58,   74,  134,  108,  125,
+       63,   64,   65,  125,  125,  130,  108,  131,  181,  132,
+      179,  166,  144,  131,   66,  132,  167,   74,  168,   90,
+       74,  125,  161,   90,   90,  134,  108,  132,  132,  146,
+      147,  200,  220,  213,   67,   15,   16,   17,   62,   58,
+
+      126,   90,   74,  145,   63,   64,   65,   73,  132,   73,
+       74,   73,  222,   73,   73,  143,  220,   73,   66,   81,
+       91,  159,  159,  159,  159,  159,  159,  159,  159,   73,
+       73,   73,  159,  159,  159,  159,  159,  159,   67,   78,
+       74,   78,   73,   78,  143,   78,   78,  547,   84,   78,
+       84,   74,   84,  223,   84,   84,  110,  161,   84,  547,
+       94,   78,   78,   78,  125,  219,  200,  220,  125,  125,
+      298,   84,   84,  159,  159,  159,  159,  159,  159,  159,
+      159,   74,   79,   81,  111,  112,  125,   74,  113,   81,
+      134,  108,  114,   82,  247,  115,   83,   83,   83,   83,
+
+       83,   83,   83,   83,   92,  126,   93,   93,   93,   93,
+       93,   93,   93,   93,   94,  187,  248,   74,   95,   95,
+       95,   95,   95,  254,   74,  155,  156,  157,  155,  155,
+      155,  155,  155,   74,  299,   74,  262,   95,   95,   95,
+       95,   95,   95,   73,   74,  259,   74,   73,  297,   73,
+      399,  399,   73,   73,   74,   73,   73,   73,  101,  101,
+      101,  101,  101,  101,  101,  101,   94,   74,  354,   73,
+      101,  101,  101,  101,  101,  102,  102,  102,  102,  102,
+      102,  102,  102,  102,  102,  102,  102,   74,  102,   95,
+       95,   95,   95,   95,   95,   73,   73,   73,   73,   73,
+
+       73,   73,   73,   73,   73,  102,  102,  102,  102,  102,
+      102,  102,  102,  554,  231,  231,  231,  102,  102,  102,
+      102,  102,   83,   83,   83,   83,   83,   83,   83,   83,
+       74,   74,  489,  134,  108,  294,   73,   73,   73,   73,
+       73,   73,  107,  108,   73,   81,   73,  345,   73,   73,
+       74,   87,   73,   87,  161,   87,  261,   87,   87,  235,
+      161,   87,  554,  200,   73,   73,   73,   81,  136,  237,
+      354,  136,  136,   87,   87,   87,  137,   82,  136,   94,
+       83,   83,   83,   83,   83,   83,   83,   83,   89,  489,
+       73,  136,   89,   81,   73,   73,  452,  258,   89,  124,
+
+       74,   73,  247,  124,   90,   73,   73,  473,   90,  124,
+       89,   89,   73,   74,   90,  554,  161,  260,  116,   81,
+       74,  124,  124,   73,  248,  237,   90,   90,  389,  133,
+      344,  512,  554,  554,  554,  554,  554,  554,  554,  554,
+       78,  387,   78,  148,   78,  332,   78,   78,  474,  336,
+       78,  554,  554,  554,  554,  554,  554,  554,  554,  161,
+       74,  505,   78,   78,   78,  300,  161,  333,  200,   74,
+      152,  337,  152,  338,  152,  237,  152,  152,  340,   74,
+      152,  433,   81,   79,  158,  158,  158,  158,  158,  158,
+      158,  158,  152,  152,  152,  339,  158,  158,  158,  158,
+
+      158,  224,  225,  226,  224,  224,  224,  224,  224,  240,
+      240,  240,  240,  240,  241,  158,  158,  158,  158,  158,
+      158,  164,  164,  164,  164,  164,  164,  164,  164,  343,
+       74,  431,   81,  164,  164,  164,  164,  164,  187,  473,
+      188,  188,  188,  188,  188,  188,  282,  282,  282,  282,
+      282,  283,  158,  158,  158,  158,  158,  158,  187,   74,
+      188,  188,  188,  188,  188,  188,  188,  188,  346,   74,
+      205,  205,  205,  205,  205,  205,  205,  205,  125,  432,
+      476,  354,  125,  449,  449,  235,  161,  161,  125,   74,
+      187,  356,  189,  189,  189,  189,  189,  189,  189,  189,
+
+      125,  125,  229,  229,  230,  231,  231,  231,  231,  231,
+      197,  239,  239,  239,  239,  239,  239,  239,  239,  554,
+      161,   74,  187,  554,  190,  190,  190,  190,  190,  191,
+      188,  188,  554,  356,  238,  238,  238,  238,  238,  238,
+      238,  238,  268,  268,  268,  268,  268,  268,  268,  268,
+      197,   74,  161,   74,   73,  161,  192,  192,  192,  192,
+      192,  192,  192,  192,  237,  466,  466,  384,  192,  192,
+      192,  192,  192,  273,  274,  275,  273,  273,  273,  273,
+      273,  325,  325,  325,  325,  325,  326,  192,  192,  192,
+      192,  192,  192,  194,  195,  196,  196,  196,  196,  196,
+
+      196,  197,  486,  486,   81,  198,  198,  198,  198,  198,
+      246,  246,  246,  246,  246,  246,  246,  246,  359,  359,
+      359,  359,  359,  360,  198,  198,  198,  198,  198,  198,
+      161,  201,  202,  203,  201,  201,  201,  201,  201,  204,
+      235,  161,  452,  205,  205,  205,  205,  205,  235,  161,
+      277,  277,  277,  277,  277,  277,  332,  336,  237,  402,
+      506,   74,  205,  205,  205,  205,  205,  205,  206,  206,
+      206,  206,  206,  206,  206,  206,  338,  390,  333,  337,
+      206,  206,  206,  206,  206,  281,  281,  281,  281,  281,
+      281,  281,  281,  554,  425,   74,  235,  161,  339,  192,
+
+      192,  192,  192,  192,  192,  187,  237,  188,  188,  188,
+      188,  188,  188,  188,  188,  554,  426,  280,  280,  280,
+      280,  280,  280,  280,  280,  301,  302,  303,  301,  301,
+      301,  301,  301,  505,  474,   74,   74,  187,  161,  188,
+      188,  188,  188,  188,  188,  188,  188,  279,  235,  161,
+      471,  436,  518,  518,   74,  554,  161,  262,  279,  263,
+      263,  263,  263,  263,  263,  279,  525,   81,   74,  235,
+      161,  236,  236,  236,  236,  236,  236,  236,  236,  237,
+      235,  161,   74,  238,  238,  238,  238,  238,   74,  313,
+      279,  314,  314,  314,  314,  314,  314,  314,  314,  533,
+
+      533,  503,  238,  238,  238,  238,  238,  238,  161,  242,
+      243,  244,  242,  242,  242,  242,  242,  245,   74,  135,
+      135,  246,  246,  246,  246,  246,  313,  388,  315,  315,
+      315,  315,  315,  315,  315,  315,  161,  235,  161,  402,
+      246,  246,  246,  246,  246,  246,  262,  322,  263,  263,
+      263,  263,  263,  263,  263,  263,  313,  427,  316,  316,
+      316,  316,  316,  317,  314,  314,  288,  288,  288,  288,
+      288,  288,  288,  288,  425,  356,  443,   74,  262,  428,
+      264,  264,  264,  264,  264,  264,  264,  264,  235,  161,
+      320,  320,  320,  320,  320,  320,  426,  354,  279,  324,
+
+      324,  324,  324,  324,  324,  324,  324,  356,  507,   74,
+      262,  354,  265,  265,  265,  265,  265,  266,  263,  263,
+      554,  402,  323,  323,  323,  323,  323,  323,  323,  323,
+      312,  312,  312,  312,  312,  312,  312,  312,  468,   74,
+      412,   74,  235,  161,  277,  277,  277,  277,  277,  277,
+      277,  277,  237,  235,  161,  278,  278,  278,  278,  278,
+      278,  278,  278,  279,  356,  307,   74,  280,  280,  280,
+      280,  280,  358,  358,  358,  358,  358,  358,  358,  358,
+      376,  376,  376,  376,  376,  377,  280,  280,  280,  280,
+      280,  280,  161,  284,  285,  286,  284,  284,  284,  284,
+
+      284,  287,  161,  430,  429,  288,  288,  288,  288,  288,
+      554,  279,  357,  357,  357,  357,  357,  357,  357,  357,
+       74,  554,  161,  307,  288,  288,  288,  288,  288,  288,
+      262,  322,  263,  263,  263,  263,  263,  263,  263,  263,
+      366,  367,  368,  366,  366,  366,  366,  366,  313,  161,
+      314,  314,  314,  314,  314,  314,  314,  314,  322,  233,
+      386,   74,  262,  554,  263,  263,  263,  263,  263,  263,
+      263,  263,  313,  402,  314,  314,  314,  314,  314,  314,
+      314,  314,  313,  161,  314,  314,  314,  314,  314,  314,
+      431,   81,  322,   74,  308,  309,  310,  308,  308,  308,
+
+      308,  308,  311,  469,  385,  383,  312,  312,  312,  312,
+      312,  331,  331,  331,  331,  331,  331,  331,  331,  405,
+      405,  405,  405,  405,  406,  312,  312,  312,  312,  312,
+      312,  235,  161,  320,  320,  320,  320,  320,  320,  320,
+      320,  279,  235,  161,  321,  321,  321,  321,  321,  321,
+      321,  321,  322,  382,  313,  307,  323,  323,  323,  323,
+      323,  235,  161,  371,  371,  371,  371,  371,  371,  427,
+      233,  322,  197,  342,  341,  323,  323,  323,  323,  323,
+      323,  161,  327,  328,  329,  327,  327,  327,  327,  327,
+      330,  428,  335,  334,  331,  331,  331,  331,  331,  375,
+
+      375,  375,  375,  375,  375,  375,  375,  423,  423,  423,
+      423,  423,  424,  331,  331,  331,  331,  331,  331,  347,
+      348,  348,  348,  348,  348,  348,  348,  348,  554,  307,
+      374,  374,  374,  374,  374,  374,  374,  374,  391,  392,
+      393,  394,  391,  391,  391,  391,  525,   81,  536,   74,
+      347,  349,  349,  349,  349,  349,  349,  349,  349,  535,
+      347,  348,  348,  348,  348,  348,  348,   74,  396,  397,
+      398,  396,  396,  396,  396,  396,  233,  197,  197,   74,
+       74,  347,  350,  350,  350,  350,  350,  351,  348,  348,
+       74,  365,  365,  365,  365,  365,  365,  365,  365,  404,
+
+      404,  404,  404,  404,  404,  404,  404,  255,  545,  296,
+      295,   74,  354,  545,  355,  355,  355,  355,  355,  355,
+      355,  355,  356,  161,  293,  292,  357,  357,  357,  357,
+      357,  554,  373,  403,  403,  403,  403,  403,  403,  403,
+      403,  291,  290,  289,  271,  357,  357,  357,  357,  357,
+      357,  361,  362,  363,  361,  361,  361,  361,  361,  364,
+      233,  197,  267,  365,  365,  365,  365,  365,  412,  354,
+      413,  413,  413,  413,  413,  413,  413,  413,  197,  402,
+      100,  255,  365,  365,  365,  365,  365,  365,  235,  161,
+      371,  371,  371,  371,  371,  371,  371,  371,  322,  235,
+
+      161,  372,  372,  372,  372,  372,  372,  372,  372,  373,
+      257,  255,  256,  374,  374,  374,  374,  374,  412,  354,
+      414,  414,  414,  414,  414,  414,  414,  414,  554,  452,
+      255,  253,  374,  374,  374,  374,  374,  374,  161,  378,
+      379,  380,  378,  378,  378,  378,  378,  235,  161,  252,
+      251,  381,  381,  381,  381,  381,  412,  322,  415,  415,
+      415,  415,  415,  416,  413,  413,  250,  249,   94,  474,
+      381,  381,  381,  381,  381,  381,  347,  348,  348,  348,
+      348,  348,  348,  348,  348,  235,  161,  381,  381,  381,
+      381,  381,  381,  381,  381,  373,  422,  422,  422,  422,
+
+      422,  422,  422,  422,  197,  233,   74,  347,  348,  348,
+      348,  348,  348,  348,  348,  348,  554,  161,  235,  161,
+      419,  419,  419,  419,  419,  419,  373,  554,  373,  421,
+      421,  421,  421,  421,  421,  421,  421,   74,  354,  554,
+      400,  400,  400,  400,  400,  400,  400,  400,  356,  354,
+      554,  401,  401,  401,  401,  401,  401,  401,  401,  402,
+      452,  197,  100,  403,  403,  403,  403,  403,  443,  161,
+      444,  444,  444,  444,  444,  444,  444,  444,  373,   81,
+      476,  185,  403,  403,  403,  403,  403,  403,  407,  408,
+      409,  407,  407,  407,  407,  407,  410,  221,  218,  217,
+
+      411,  411,  411,  411,  411,  443,  354,  445,  445,  445,
+      445,  445,  445,  445,  445,  216,  452,  215,  214,  411,
+      411,  411,  411,  411,  411,  235,  161,  419,  419,  419,
+      419,  419,  419,  419,  419,  373,  235,  161,  420,  420,
+      420,  420,  420,  420,  420,  420,  212,  235,  161,  211,
+      421,  421,  421,  421,  421,  434,  443,  373,  446,  446,
+      446,  446,  446,  447,  444,  444,  481,  481,  481,  421,
+      421,  421,  421,  421,  421,  434,  210,  434,  435,  411,
+      411,  411,  411,  411,  411,  411,  411,  454,  454,  454,
+      454,  454,  454,  454,  454,   74,   74,  436,  209,  437,
+
+      437,  437,  437,  437,  437,  437,  437,  455,  455,  455,
+      455,  455,  456,  554,  354,  453,  453,  453,  453,  453,
+      453,  453,  453,  208,  489,  207,  100,   92,   74,  436,
+      153,  438,  438,  438,  438,  438,  438,  438,  438,  462,
+      463,  464,  462,  462,  462,  462,  462,  412,  554,  413,
+      413,  413,  413,  413,  413,  413,  413,   81,  489,   81,
+       74,  436,  354,  439,  439,  439,  439,  439,  440,  441,
+      441,  412,  489,  413,  413,  413,  413,  413,  413,  413,
+      413,  412,   74,  413,  413,  413,  413,  413,  413,  434,
+      185,  142,   74,  436,  143,  442,  442,  442,  437,  437,
+
+      437,  437,  437,  492,  492,  492,  492,  492,  493,  434,
+      137,  434,  434,  137,  129,  183,  436,  122,  481,  481,
+      481,  176,  175,  174,   74,  354,  173,  450,  450,  450,
+      450,  450,  450,  450,  450,  402,  354,  172,  451,  451,
+      451,  451,  451,  451,  451,  451,  452,   74,  170,  169,
+      453,  453,  453,  453,  453,  477,  478,  479,  477,  477,
+      477,  477,  477,  523,  523,  523,  523,  523,  524,  453,
+      453,  453,  453,  453,  453,  457,  458,  459,  457,  457,
+      457,  457,  457,  460,   74,  165,  100,  461,  461,  461,
+      461,  461,  482,  483,  484,  482,  482,  482,  482,  482,
+
+      541,  541,  541,  541,  541,  541,  461,  461,  461,  461,
+      461,  461,  235,  161,  467,  467,  467,  467,  467,  467,
+      467,  467,  436,   73,  441,  441,  441,  441,  441,  441,
+      441,  441,  443,  100,  444,  444,  444,  444,  444,  444,
+      444,  444,  443,  154,  444,  444,  444,  444,  444,  444,
+      444,  444,   88,   74,  436,  153,  441,  441,  441,  441,
+      441,  441,  441,  441,  443,   81,  444,  444,  444,  444,
+      444,  444,  461,  461,  461,  461,  461,  461,  461,  461,
+      148,  149,   76,   75,   74,   74,  436,  143,  441,  441,
+      441,  441,  441,  441,  480,  480,  491,  491,  491,  491,
+
+      491,  491,  491,  491,  554,  137,  490,  490,  490,  490,
+      490,  490,  490,  490,  129,  122,  121,   74,  436,  120,
+      480,  480,  480,  480,  480,  480,  480,  480,  161,  498,
+      498,  498,  498,  498,  498,  498,  498,  161,  499,  499,
+      499,  499,  499,  499,  499,  499,  119,  118,  117,   74,
+      354,  106,  487,  487,  487,  487,  487,  487,  487,  487,
+      452,  354,  105,  488,  488,  488,  488,  488,  488,  488,
+      488,  489,  104,  103,  100,  490,  490,  490,  490,  490,
+      161,  500,  500,  500,  500,  500,  501,  498,  498,   88,
+       76,   75,   74,  554,  490,  490,  490,  490,  490,  490,
+
+      494,  495,  496,  494,  494,  494,  494,  494,  554,  554,
+      554,  554,  497,  497,  497,  497,  497,  472,  554,  554,
+      554,  472,  554,  472,  472,  554,  554,  472,  554,  554,
+      554,  497,  497,  497,  497,  497,  497,  554,  475,  472,
+      472,  472,  475,  554,  475,  475,  554,  554,  475,  480,
+      480,  480,  480,  480,  480,  480,  480,  554,  554,  554,
+      475,  475,  475,  507,  554,  508,  508,  508,  508,  508,
+      508,  508,  508,  554,  554,  554,  554,  512,   74,  513,
+      513,  513,  513,  513,  513,  513,  513,  161,  498,  498,
+      498,  498,  498,  498,   74,  507,  554,  509,  509,  509,
+
+      509,  509,  509,  509,  509,  512,  554,  514,  514,  514,
+      514,  514,  514,  514,  514,  512,  554,  515,  515,  515,
+      515,  515,  516,  513,  513,  554,   74,  507,  554,  510,
+      510,  510,  510,  510,  511,  508,  508,  497,  497,  497,
+      497,  497,  497,  497,  497,  522,  522,  522,  522,  522,
+      522,  522,  522,  554,  554,  554,  554,  554,   74,  354,
+      554,  519,  519,  519,  519,  519,  519,  519,  519,  489,
+      354,  554,  520,  520,  520,  520,  520,  520,  520,  520,
+      554,  554,  554,  554,  521,  521,  521,  521,  521,  554,
+      554,  521,  521,  521,  521,  521,  521,  521,  521,  554,
+
+      554,  554,  554,  521,  521,  521,  521,  521,  521,  161,
+      498,  498,  498,  498,  498,  498,  498,  498,  161,  498,
+      498,  498,  498,  498,  498,  498,  498,  526,  527,  528,
+      526,  526,  526,  526,  526,  554,  507,  554,  508,  508,
+      508,  508,  508,  508,  529,  530,  531,  529,  529,  529,
+      529,  529,  554,  554,  554,  554,   74,  507,  554,  508,
+      508,  508,  508,  508,  508,  508,  508,   74,  512,  554,
+      513,  513,  513,  513,  513,  513,  513,  513,  512,  554,
+      513,  513,  513,  513,  513,  513,  513,  513,   74,  507,
+      554,  508,  508,  508,  508,  508,  508,  508,  508,  512,
+
+      554,  513,  513,  513,  513,  513,  513,  354,  554,  534,
+      534,  534,  534,  534,  534,  534,  534,  554,  554,  554,
+       74,  536,  554,  537,  537,  537,  537,  537,  537,  537,
+      537,  541,  541,  541,  541,  541,  541,  541,  541,  542,
+      542,  542,  542,  542,  542,  542,  542,  554,  554,  554,
+      554,  554,   74,  536,  554,  538,  538,  538,  538,  538,
+      538,  538,  538,  543,  543,  543,  543,  543,  544,  541,
+      541,  548,  549,  550,  548,  548,  548,  548,  548,  554,
+      554,  554,  554,  554,   74,  536,  554,  539,  539,  539,
+      539,  539,  540,  537,  537,  554,  554,  554,  554,  536,
+
+       74,  537,  537,  537,  537,  537,  537,  541,  541,  541,
+      541,  541,  541,  541,  541,  554,   74,  536,  554,  537,
+      537,  537,  537,  537,  537,  537,  537,  554,  554,  554,
+       74,  541,  541,  541,  541,  541,  541,  541,  541,  551,
+      551,  551,  551,  551,  551,  551,  551,  554,   74,  536,
+      554,  537,  537,  537,  537,  537,  537,  537,  537,  548,
+      548,  548,  548,  548,  548,  548,  548,  554,   74,  552,
+      552,  552,  552,  552,  553,  551,  551,  554,  554,  554,
+       74,  551,  551,  551,  551,  551,  551,  554,   74,  551,
+      551,  551,  551,  551,  551,  551,  551,  554,   74,  554,
+
+      554,  554,  554,  554,  554,  554,  554,  554,  554,  554,
+       74,  554,  554,  554,  554,  554,  554,  554,   74,   52,
+       52,   52,   52,   52,   52,   52,   52,   52,   52,   52,
+       52,   52,   52,   31,   31,   31,   31,   31,   31,   31,
+       31,   31,   31,   31,   31,   31,   31,   61,   61,   61,
+       61,   61,   61,   61,   61,   61,   61,   61,   61,   61,
+       61,   68,   68,   68,   68,   68,   68,   68,   68,   68,
+       68,   68,   68,   68,   68,   73,  554,  554,  554,   73,
+      554,   73,   73,   73,  554,  554,   73,   73,   73,   77,
+       77,  554,   77,   77,   77,   77,   77,   77,   77,   77,
+
+       77,   77,   77,   80,   80,   80,   80,   80,   80,   80,
+       80,   80,   80,   80,   80,   80,   80,   84,  554,  554,
+      554,   84,  554,   84,   84,   84,   84,  554,   84,   84,
+       84,   87,  554,  554,  554,   87,  554,   87,   87,   87,
+      554,  554,   87,   87,   87,   89,  554,  554,   89,   89,
+       89,   89,   89,   89,  554,  554,   89,   89,   89,   99,
+       99,  554,  554,  554,   99,  124,  554,  554,  124,  124,
+      124,  124,  124,  124,  554,  554,  124,  124,  124,  128,
+      554,  554,  128,  128,  128,  128,  128,  128,  554,  128,
+      554,  128,  128,  136,  554,  554,  136,  554,  136,  136,
+
+      136,  136,  136,  554,  136,  136,  136,  140,  140,  140,
+      140,  140,  140,  140,  140,  140,  140,  140,  140,  140,
+      140,  142,  142,  554,  142,  554,  142,  142,  142,  142,
+      142,  142,  142,  142,  142,   78,   78,  554,   78,   78,
+       78,   78,   78,   78,   78,   78,   78,   78,   78,  150,
+      150,  150,  150,  150,  150,  150,  150,  150,  150,  150,
+      150,  150,  150,  151,  151,  554,  151,  151,  151,  151,
+      151,  151,  151,  151,  151,  151,  151,  152,  554,  554,
+      554,  152,  554,  152,  152,  152,  554,  554,  152,  152,
+      152,   90,  554,  554,   90,   90,   90,   90,   90,   90,
+
+      554,  554,   90,   90,   90,  160,  160,  554,  554,  554,
+      160,  162,  162,  162,  554,  554,  554,  162,  125,  554,
+      554,  125,  125,  125,  125,  125,  125,  554,  554,  125,
+      125,  125,  186,  186,  186,  186,  186,  186,  186,  186,
+      186,  186,  186,  186,  186,  186,  193,  193,  554,  554,
+      554,  193,  199,  199,  199,  554,  554,  554,  199,  227,
+      227,  554,  554,  554,  227,  228,  228,  554,  554,  554,
+      228,  232,  232,  554,  554,  554,  232,  234,  234,  234,
+      554,  554,  554,  234,  267,  267,  554,  554,  554,  267,
+      269,  269,  554,  554,  554,  269,  270,  270,  554,  554,
+
+      554,  270,  272,  272,  272,  554,  554,  554,  272,  276,
+      276,  276,  276,  554,  554,  554,  276,  304,  304,  554,
+      554,  554,  304,  305,  305,  554,  554,  554,  305,  306,
+      306,  554,  554,  554,  306,  318,  318,  318,  554,  554,
+      554,  318,  319,  319,  319,  319,  554,  554,  554,  319,
+      352,  352,  554,  554,  554,  352,  353,  353,  554,  554,
+      554,  353,  369,  369,  369,  554,  554,  554,  369,  370,
+      370,  370,  370,  554,  554,  554,  370,  395,  395,  554,
+      554,  554,  395,  399,  554,  399,  399,  554,  554,  554,
+      399,  417,  417,  417,  554,  554,  554,  417,  418,  418,
+
+      418,  418,  554,  554,  554,  418,  448,  448,  554,  554,
+      554,  448,  449,  554,  449,  449,  554,  554,  554,  449,
+      465,  465,  465,  554,  554,  554,  465,  466,  466,  466,
+      554,  554,  554,  554,  466,  472,  554,  554,  472,  472,
+      554,  472,  472,  472,  554,  554,  472,  472,  472,  475,
+      554,  554,  475,  475,  554,  475,  475,  475,  554,  554,
+      475,  475,  475,  485,  485,  554,  554,  554,  485,  486,
+      554,  486,  486,  554,  554,  554,  486,  502,  502,  554,
+      554,  554,  554,  502,  504,  504,  504,  504,  504,  504,
+      504,  504,  504,  504,  504,  504,  504,  504,  517,  517,
+
+      554,  554,  554,  517,  518,  554,  518,  518,  554,  554,
+      554,  518,  532,  532,  554,  554,  554,  532,  533,  554,
+      533,  554,  554,  554,  554,  533,  546,  546,  546,  546,
+      546,  546,  546,  546,  546,  546,  546,  546,  546,  546,
+       13,  554,  554,  554,  554,  554,  554,  554,  554,  554,
+      554,  554,  554,  554,  554,  554,  554,  554,  554,  554,
+      554,  554,  554,  554,  554,  554,  554,  554,  554,  554,
+      554,  554,  554,  554,  554,  554,  554,  554,  554,  554,
+      554,  554,  554,  554,  554,  554,  554,  554,  554,  554,
+      554,  554,  554,  554,  554,  554,  554,  554,  554,  554,
+
+      554,  554,  554
+    } ;
+
+static yyconst short int yy_chk[3604] =
+    {   0,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    2,    3,    4,  116,    2,    3,    4,  551,
+        5,    5,    5,  119,    5,   20,    3,    4,   59,   59,
+        5,   11,   11,   11,   11,    6,    6,    6,  119,    6,
+        2,    2,    5,    5,    2,    6,   20,   84,    2,   40,
+
+       51,    2,   12,   12,   12,   12,   63,    6,    6,   70,
+       25,   67,   67,    5,   25,   25,   40,   51,   84,  116,
+      109,    3,    4,   65,   11,  109,   63,   69,    6,    7,
+        7,    7,   25,    7,   27,   27,   27,   27,   27,   27,
+       27,   27,  121,   65,  432,   12,   72,   72,  121,   72,
+       70,   25,   28,   28,   28,   28,   28,   28,   39,  117,
+       39,   39,   39,   39,   39,   39,   39,   39,   41,  348,
+       69,  117,    7,    7,    7,    7,    7,    7,    7,    7,
+        7,    7,    7,    7,    7,    7,    7,    7,    7,    7,
+        8,    8,    8,  100,    8,  432,   41,   41,  127,  348,
+
+       41,  178,  100,  127,   41,   49,  178,   41,   49,   49,
+       49,   49,   49,   49,   49,   49,   82,   82,   82,   82,
+       82,   82,   82,   82,   83,   83,   83,   83,   83,   83,
+       83,   83,  118,    8,    8,    8,    8,    8,    8,    8,
+        8,    8,    8,    8,    8,    8,    8,    8,    8,    8,
+        8,    9,    9,    9,    9,    9,  120,  130,  130,   50,
+        9,    9,    9,   50,   50,   57,   57,   57,  120,   57,
+      118,  104,  144,   57,    9,   57,  104,  222,  104,   89,
+      171,   50,  162,   89,   89,  134,  134,   57,   57,  146,
+      146,  162,  222,  171,    9,   10,   10,   10,   10,   10,
+
+       50,   89,  182,  145,   10,   10,   10,   74,   57,   74,
+      181,   74,  181,   74,   74,  144,  182,   74,   10,  177,
+       89,   96,   96,   96,   96,   96,   96,   96,   96,   74,
+       74,   74,   98,   98,   98,   98,   98,   98,   10,   18,
+      184,   18,   18,   18,  145,   18,   18,  546,   86,   18,
+       86,  180,   86,  184,   86,   86,  110,  199,   86,  535,
+      192,   18,   18,   18,  124,  177,  199,  180,  124,  124,
+      259,   86,   86,   97,   97,   97,   97,   97,   97,   97,
+       97,  192,   18,   19,  110,  110,  124,  259,  110,  258,
+      107,  107,  110,   19,  207,  110,   19,   19,   19,   19,
+
+       19,   19,   19,   19,   26,  124,   26,   26,   26,   26,
+       26,   26,   26,   26,   26,  188,  207,  213,   26,   26,
+       26,   26,   26,  213,  260,   92,   92,   92,   92,   92,
+       92,   92,   92,  107,  260,   26,  263,   26,   26,   26,
+       26,   26,   26,   32,  220,  220,  188,   32,  258,   32,
+      360,  360,   32,   32,   92,   32,   32,   32,   32,   32,
+       32,   32,   32,   32,   32,   32,   32,  263,  534,   32,
+       32,   32,   32,   32,   32,   32,   32,   32,   32,   32,
+       32,   32,   32,   32,   32,   32,   32,   32,   32,   32,
+       32,   32,   32,   32,   32,   32,   32,   32,   32,   32,
+
+       32,   32,   32,   32,   32,   34,   34,   34,   34,   34,
+       34,   34,   34,   34,  196,  196,  196,   34,   34,   34,
+       34,   34,  123,  123,  123,  123,  123,  123,  123,  123,
+      254,  299,  532,  141,  141,  254,   34,   34,   34,   34,
+       34,   34,   38,   38,   38,  219,   38,  299,   38,   38,
+      223,   88,   38,   88,  234,   88,  223,   88,   88,  236,
+      236,   88,  521,  234,   38,   38,   38,   42,  137,  236,
+      520,  137,  137,   88,   88,   88,  141,   42,  137,  221,
+       42,   42,   42,   42,   42,   42,   42,   42,   91,  518,
+       91,  137,   91,  343,   91,   91,  517,  219,   91,  126,
+
+      221,  126,  247,  126,  154,  126,  126,  434,  154,  126,
+       91,   91,   91,  345,  154,  238,  238,  221,   42,   58,
+      298,  126,  126,  126,  247,  238,  154,  154,  345,   58,
+      298,  513,   58,   58,   58,   58,   58,   58,   58,   58,
+       77,  343,   77,   77,   77,  289,   77,   77,  434,  292,
+       77,  133,  133,  133,  133,  133,  133,  133,  133,  272,
+      261,  504,   77,   77,   77,  261,  276,  289,  272,  294,
+      153,  292,  153,  293,  153,  276,  153,  153,  294,  388,
+      153,  388,  297,   77,   93,   93,   93,   93,   93,   93,
+       93,   93,  153,  153,  153,  293,   93,   93,   93,   93,
+
+       93,  187,  187,  187,  187,  187,  187,  187,  187,  203,
+      203,  203,  203,  203,  203,   93,   93,   93,   93,   93,
+       93,  101,  101,  101,  101,  101,  101,  101,  101,  297,
+      187,  387,  387,  101,  101,  101,  101,  101,  191,  435,
+      191,  191,  191,  191,  191,  191,  244,  244,  244,  244,
+      244,  244,  101,  101,  101,  101,  101,  101,  155,  300,
+      155,  155,  155,  155,  155,  155,  155,  155,  300,  191,
+      200,  200,  200,  200,  200,  200,  200,  200,  183,  387,
+      435,  355,  183,  406,  406,  420,  420,  502,  183,  155,
+      156,  355,  156,  156,  156,  156,  156,  156,  156,  156,
+
+      183,  183,  195,  195,  195,  195,  195,  195,  195,  195,
+      195,  202,  202,  202,  202,  202,  202,  202,  202,  421,
+      421,  156,  157,  357,  157,  157,  157,  157,  157,  157,
+      157,  157,  205,  357,  205,  205,  205,  205,  205,  205,
+      205,  205,  229,  229,  229,  229,  229,  229,  229,  229,
+      229,  340,  498,  157,  158,  318,  158,  158,  158,  158,
+      158,  158,  158,  158,  318,  424,  424,  340,  158,  158,
+      158,  158,  158,  235,  235,  235,  235,  235,  235,  235,
+      235,  286,  286,  286,  286,  286,  286,  158,  158,  158,
+      158,  158,  158,  161,  161,  161,  161,  161,  161,  161,
+
+      161,  161,  456,  456,  470,  161,  161,  161,  161,  161,
+      237,  237,  237,  237,  237,  237,  237,  237,  310,  310,
+      310,  310,  310,  310,  161,  161,  161,  161,  161,  161,
+      163,  163,  163,  163,  163,  163,  163,  163,  163,  163,
+      467,  467,  486,  163,  163,  163,  163,  163,  241,  241,
+      241,  241,  241,  241,  241,  241,  332,  336,  241,  485,
+      470,  346,  163,  163,  163,  163,  163,  163,  164,  164,
+      164,  164,  164,  164,  164,  164,  338,  346,  332,  336,
+      164,  164,  164,  164,  164,  243,  243,  243,  243,  243,
+      243,  243,  243,  472,  382,  471,  277,  277,  338,  164,
+
+      164,  164,  164,  164,  164,  189,  277,  189,  189,  189,
+      189,  189,  189,  189,  189,  246,  382,  246,  246,  246,
+      246,  246,  246,  246,  246,  262,  262,  262,  262,  262,
+      262,  262,  262,  469,  472,  433,  189,  190,  319,  190,
+      190,  190,  190,  190,  190,  190,  190,  319,  278,  278,
+      433,  437,  493,  493,  262,  280,  280,  266,  278,  266,
+      266,  266,  266,  266,  266,  280,  506,  506,  190,  201,
+      201,  201,  201,  201,  201,  201,  201,  201,  201,  201,
+      320,  320,  437,  201,  201,  201,  201,  201,  266,  273,
+      320,  273,  273,  273,  273,  273,  273,  273,  273,  524,
+
+      524,  468,  201,  201,  201,  201,  201,  201,  204,  204,
+      204,  204,  204,  204,  204,  204,  204,  204,  344,  568,
+      568,  204,  204,  204,  204,  204,  274,  344,  274,  274,
+      274,  274,  274,  274,  274,  274,  466,  321,  321,  449,
+      204,  204,  204,  204,  204,  204,  224,  321,  224,  224,
+      224,  224,  224,  224,  224,  224,  275,  383,  275,  275,
+      275,  275,  275,  275,  275,  275,  279,  279,  279,  279,
+      279,  279,  279,  279,  425,  448,  444,  224,  225,  383,
+      225,  225,  225,  225,  225,  225,  225,  225,  283,  283,
+      283,  283,  283,  283,  283,  283,  425,  400,  283,  285,
+
+      285,  285,  285,  285,  285,  285,  285,  400,  508,  225,
+      226,  401,  226,  226,  226,  226,  226,  226,  226,  226,
+      288,  401,  288,  288,  288,  288,  288,  288,  288,  288,
+      307,  307,  307,  307,  307,  307,  307,  307,  429,  508,
+      413,  226,  239,  239,  239,  239,  239,  239,  239,  239,
+      239,  239,  239,  242,  242,  242,  242,  242,  242,  242,
+      242,  242,  242,  242,  399,  395,  390,  242,  242,  242,
+      242,  242,  309,  309,  309,  309,  309,  309,  309,  309,
+      329,  329,  329,  329,  329,  329,  242,  242,  242,  242,
+      242,  242,  245,  245,  245,  245,  245,  245,  245,  245,
+
+      245,  245,  369,  386,  385,  245,  245,  245,  245,  245,
+      312,  369,  312,  312,  312,  312,  312,  312,  312,  312,
+      384,  323,  323,  353,  245,  245,  245,  245,  245,  245,
+      264,  323,  264,  264,  264,  264,  264,  264,  264,  264,
+      313,  313,  313,  313,  313,  313,  313,  313,  315,  370,
+      315,  315,  315,  315,  315,  315,  315,  315,  370,  352,
+      342,  264,  265,  403,  265,  265,  265,  265,  265,  265,
+      265,  265,  316,  403,  316,  316,  316,  316,  316,  316,
+      316,  316,  317,  417,  317,  317,  317,  317,  317,  317,
+      431,  431,  417,  265,  271,  271,  271,  271,  271,  271,
+
+      271,  271,  271,  431,  341,  335,  271,  271,  271,  271,
+      271,  322,  322,  322,  322,  322,  322,  322,  322,  363,
+      363,  363,  363,  363,  363,  271,  271,  271,  271,  271,
+      271,  281,  281,  281,  281,  281,  281,  281,  281,  281,
+      281,  281,  284,  284,  284,  284,  284,  284,  284,  284,
+      284,  284,  284,  334,  314,  306,  284,  284,  284,  284,
+      284,  326,  326,  326,  326,  326,  326,  326,  326,  427,
+      305,  326,  304,  296,  295,  284,  284,  284,  284,  284,
+      284,  287,  287,  287,  287,  287,  287,  287,  287,  287,
+      287,  427,  291,  290,  287,  287,  287,  287,  287,  328,
+
+      328,  328,  328,  328,  328,  328,  328,  380,  380,  380,
+      380,  380,  380,  287,  287,  287,  287,  287,  287,  301,
+      301,  301,  301,  301,  301,  301,  301,  301,  331,  270,
+      331,  331,  331,  331,  331,  331,  331,  331,  347,  347,
+      347,  347,  347,  347,  347,  347,  525,  525,  537,  301,
+      302,  302,  302,  302,  302,  302,  302,  302,  302,  525,
+      351,  351,  351,  351,  351,  351,  351,  347,  354,  354,
+      354,  354,  354,  354,  354,  354,  269,  268,  267,  537,
+      302,  303,  303,  303,  303,  303,  303,  303,  303,  303,
+      351,  356,  356,  356,  356,  356,  356,  356,  356,  362,
+
+      362,  362,  362,  362,  362,  362,  362,  257,  619,  256,
+      255,  303,  308,  619,  308,  308,  308,  308,  308,  308,
+      308,  308,  308,  418,  253,  252,  308,  308,  308,  308,
+      308,  365,  418,  365,  365,  365,  365,  365,  365,  365,
+      365,  251,  250,  249,  233,  308,  308,  308,  308,  308,
+      308,  311,  311,  311,  311,  311,  311,  311,  311,  311,
+      232,  231,  230,  311,  311,  311,  311,  311,  366,  450,
+      366,  366,  366,  366,  366,  366,  366,  366,  228,  450,
+      227,  218,  311,  311,  311,  311,  311,  311,  324,  324,
+      324,  324,  324,  324,  324,  324,  324,  324,  324,  327,
+
+      327,  327,  327,  327,  327,  327,  327,  327,  327,  327,
+      217,  216,  215,  327,  327,  327,  327,  327,  367,  451,
+      367,  367,  367,  367,  367,  367,  367,  367,  473,  451,
+      214,  212,  327,  327,  327,  327,  327,  327,  330,  330,
+      330,  330,  330,  330,  330,  330,  330,  371,  371,  211,
+      210,  330,  330,  330,  330,  330,  368,  371,  368,  368,
+      368,  368,  368,  368,  368,  368,  209,  208,  206,  473,
+      330,  330,  330,  330,  330,  330,  349,  349,  349,  349,
+      349,  349,  349,  349,  349,  372,  372,  373,  373,  373,
+      373,  373,  373,  373,  373,  372,  379,  379,  379,  379,
+
+      379,  379,  379,  379,  198,  197,  349,  350,  350,  350,
+      350,  350,  350,  350,  350,  350,  374,  374,  377,  377,
+      377,  377,  377,  377,  377,  377,  374,  381,  377,  381,
+      381,  381,  381,  381,  381,  381,  381,  350,  358,  475,
+      358,  358,  358,  358,  358,  358,  358,  358,  358,  361,
+      453,  361,  361,  361,  361,  361,  361,  361,  361,  361,
+      453,  194,  193,  361,  361,  361,  361,  361,  396,  465,
+      396,  396,  396,  396,  396,  396,  396,  396,  465,  186,
+      475,  185,  361,  361,  361,  361,  361,  361,  364,  364,
+      364,  364,  364,  364,  364,  364,  364,  179,  176,  175,
+
+      364,  364,  364,  364,  364,  397,  487,  397,  397,  397,
+      397,  397,  397,  397,  397,  174,  487,  173,  172,  364,
+      364,  364,  364,  364,  364,  375,  375,  375,  375,  375,
+      375,  375,  375,  375,  375,  375,  378,  378,  378,  378,
+      378,  378,  378,  378,  378,  378,  170,  419,  419,  169,
+      378,  378,  378,  378,  378,  389,  398,  419,  398,  398,
+      398,  398,  398,  398,  398,  398,  481,  481,  481,  378,
+      378,  378,  378,  378,  378,  389,  168,  389,  389,  402,
+      402,  402,  402,  402,  402,  402,  402,  408,  408,  408,
+      408,  408,  408,  408,  408,  481,  389,  391,  167,  391,
+
+      391,  391,  391,  391,  391,  391,  391,  409,  409,  409,
+      409,  409,  409,  411,  488,  411,  411,  411,  411,  411,
+      411,  411,  411,  166,  488,  165,  160,  159,  391,  392,
+      152,  392,  392,  392,  392,  392,  392,  392,  392,  412,
+      412,  412,  412,  412,  412,  412,  412,  414,  490,  414,
+      414,  414,  414,  414,  414,  414,  414,  151,  490,  150,
+      392,  393,  519,  393,  393,  393,  393,  393,  393,  393,
+      393,  415,  519,  415,  415,  415,  415,  415,  415,  415,
+      415,  416,  148,  416,  416,  416,  416,  416,  416,  430,
+      147,  143,  393,  394,  142,  394,  394,  394,  394,  394,
+
+      394,  394,  394,  459,  459,  459,  459,  459,  459,  430,
+      140,  430,  430,  136,  129,  125,  442,  122,  442,  442,
+      442,  115,  114,  113,  394,  404,  112,  404,  404,  404,
+      404,  404,  404,  404,  404,  404,  407,  111,  407,  407,
+      407,  407,  407,  407,  407,  407,  407,  442,  106,  105,
+      407,  407,  407,  407,  407,  436,  436,  436,  436,  436,
+      436,  436,  436,  496,  496,  496,  496,  496,  496,  407,
+      407,  407,  407,  407,  407,  410,  410,  410,  410,  410,
+      410,  410,  410,  410,  436,  103,   99,  410,  410,  410,
+      410,  410,  443,  443,  443,  443,  443,  443,  443,  443,
+
+      544,  544,  544,  544,  544,  544,  410,  410,  410,  410,
+      410,  410,  422,  422,  422,  422,  422,  422,  422,  422,
+      422,  422,  438,   95,  438,  438,  438,  438,  438,  438,
+      438,  438,  445,   94,  445,  445,  445,  445,  445,  445,
+      445,  445,  446,   90,  446,  446,  446,  446,  446,  446,
+      446,  446,   87,  438,  439,   85,  439,  439,  439,  439,
+      439,  439,  439,  439,  447,   80,  447,  447,  447,  447,
+      447,  447,  452,  452,  452,  452,  452,  452,  452,  452,
+       79,   78,   76,   75,   73,  439,  440,   68,  440,  440,
+      440,  440,  440,  440,  440,  440,  458,  458,  458,  458,
+
+      458,  458,  458,  458,  461,   61,  461,  461,  461,  461,
+      461,  461,  461,  461,   54,   48,   47,  440,  441,   46,
+      441,  441,  441,  441,  441,  441,  441,  441,  462,  462,
+      462,  462,  462,  462,  462,  462,  462,  463,  463,  463,
+      463,  463,  463,  463,  463,  463,   45,   44,   43,  441,
+      454,   37,  454,  454,  454,  454,  454,  454,  454,  454,
+      454,  457,   36,  457,  457,  457,  457,  457,  457,  457,
+      457,  457,   35,   33,   29,  457,  457,  457,  457,  457,
+      464,  464,  464,  464,  464,  464,  464,  464,  464,   23,
+       17,   15,   14,   13,  457,  457,  457,  457,  457,  457,
+
+      460,  460,  460,  460,  460,  460,  460,  460,    0,    0,
+        0,    0,  460,  460,  460,  460,  460,  474,    0,    0,
+        0,  474,    0,  474,  474,    0,    0,  474,    0,    0,
+        0,  460,  460,  460,  460,  460,  460,    0,  476,  474,
+      474,  474,  476,    0,  476,  476,    0,    0,  476,  480,
+      480,  480,  480,  480,  480,  480,  480,    0,    0,    0,
+      476,  476,  476,  477,    0,  477,  477,  477,  477,  477,
+      477,  477,  477,    0,    0,    0,    0,  482,  480,  482,
+      482,  482,  482,  482,  482,  482,  482,  501,  501,  501,
+      501,  501,  501,  501,  477,  478,    0,  478,  478,  478,
+
+      478,  478,  478,  478,  478,  483,    0,  483,  483,  483,
+      483,  483,  483,  483,  483,  484,    0,  484,  484,  484,
+      484,  484,  484,  484,  484,    0,  478,  479,    0,  479,
+      479,  479,  479,  479,  479,  479,  479,  489,  489,  489,
+      489,  489,  489,  489,  489,  495,  495,  495,  495,  495,
+      495,  495,  495,    0,    0,    0,    0,    0,  479,  491,
+        0,  491,  491,  491,  491,  491,  491,  491,  491,  491,
+      494,    0,  494,  494,  494,  494,  494,  494,  494,  494,
+        0,    0,    0,    0,  494,  494,  494,  494,  494,  497,
+        0,  497,  497,  497,  497,  497,  497,  497,  497,    0,
+
+        0,    0,    0,  494,  494,  494,  494,  494,  494,  499,
+      499,  499,  499,  499,  499,  499,  499,  499,  500,  500,
+      500,  500,  500,  500,  500,  500,  500,  507,  507,  507,
+      507,  507,  507,  507,  507,    0,  511,    0,  511,  511,
+      511,  511,  511,  511,  512,  512,  512,  512,  512,  512,
+      512,  512,    0,    0,    0,    0,  507,  509,    0,  509,
+      509,  509,  509,  509,  509,  509,  509,  511,  514,    0,
+      514,  514,  514,  514,  514,  514,  514,  514,  515,    0,
+      515,  515,  515,  515,  515,  515,  515,  515,  509,  510,
+        0,  510,  510,  510,  510,  510,  510,  510,  510,  516,
+
+        0,  516,  516,  516,  516,  516,  516,  522,    0,  522,
+      522,  522,  522,  522,  522,  522,  522,    0,    0,    0,
+      510,  526,    0,  526,  526,  526,  526,  526,  526,  526,
+      526,  529,  529,  529,  529,  529,  529,  529,  529,  530,
+      530,  530,  530,  530,  530,  530,  530,    0,    0,    0,
+        0,    0,  526,  527,    0,  527,  527,  527,  527,  527,
+      527,  527,  527,  531,  531,  531,  531,  531,  531,  531,
+      531,  536,  536,  536,  536,  536,  536,  536,  536,    0,
+        0,    0,    0,    0,  527,  528,    0,  528,  528,  528,
+      528,  528,  528,  528,  528,    0,    0,    0,    0,  540,
+
+      536,  540,  540,  540,  540,  540,  540,  542,  542,  542,
+      542,  542,  542,  542,  542,    0,  528,  538,    0,  538,
+      538,  538,  538,  538,  538,  538,  538,    0,    0,    0,
+      540,  543,  543,  543,  543,  543,  543,  543,  543,  548,
+      548,  548,  548,  548,  548,  548,  548,    0,  538,  539,
+        0,  539,  539,  539,  539,  539,  539,  539,  539,  549,
+      549,  549,  549,  549,  549,  549,  549,    0,  548,  550,
+      550,  550,  550,  550,  550,  550,  550,    0,    0,    0,
+      539,  553,  553,  553,  553,  553,  553,    0,  549,  552,
+      552,  552,  552,  552,  552,  552,  552,    0,  550,    0,
+
+        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+      553,    0,    0,    0,    0,    0,    0,    0,  552,  555,
+      555,  555,  555,  555,  555,  555,  555,  555,  555,  555,
+      555,  555,  555,  556,  556,  556,  556,  556,  556,  556,
+      556,  556,  556,  556,  556,  556,  556,  557,  557,  557,
+      557,  557,  557,  557,  557,  557,  557,  557,  557,  557,
+      557,  558,  558,  558,  558,  558,  558,  558,  558,  558,
+      558,  558,  558,  558,  558,  559,    0,    0,    0,  559,
+        0,  559,  559,  559,    0,    0,  559,  559,  559,  560,
+      560,    0,  560,  560,  560,  560,  560,  560,  560,  560,
+
+      560,  560,  560,  561,  561,  561,  561,  561,  561,  561,
+      561,  561,  561,  561,  561,  561,  561,  562,    0,    0,
+        0,  562,    0,  562,  562,  562,  562,    0,  562,  562,
+      562,  563,    0,    0,    0,  563,    0,  563,  563,  563,
+        0,    0,  563,  563,  563,  564,    0,    0,  564,  564,
+      564,  564,  564,  564,    0,    0,  564,  564,  564,  565,
+      565,    0,    0,    0,  565,  566,    0,    0,  566,  566,
+      566,  566,  566,  566,    0,    0,  566,  566,  566,  567,
+        0,    0,  567,  567,  567,  567,  567,  567,    0,  567,
+        0,  567,  567,  569,    0,    0,  569,    0,  569,  569,
+
+      569,  569,  569,    0,  569,  569,  569,  570,  570,  570,
+      570,  570,  570,  570,  570,  570,  570,  570,  570,  570,
+      570,  571,  571,    0,  571,    0,  571,  571,  571,  571,
+      571,  571,  571,  571,  571,  572,  572,    0,  572,  572,
+      572,  572,  572,  572,  572,  572,  572,  572,  572,  573,
+      573,  573,  573,  573,  573,  573,  573,  573,  573,  573,
+      573,  573,  573,  574,  574,    0,  574,  574,  574,  574,
+      574,  574,  574,  574,  574,  574,  574,  575,    0,    0,
+        0,  575,    0,  575,  575,  575,    0,    0,  575,  575,
+      575,  576,    0,    0,  576,  576,  576,  576,  576,  576,
+
+        0,    0,  576,  576,  576,  577,  577,    0,    0,    0,
+      577,  578,  578,  578,    0,    0,    0,  578,  579,    0,
+        0,  579,  579,  579,  579,  579,  579,    0,    0,  579,
+      579,  579,  580,  580,  580,  580,  580,  580,  580,  580,
+      580,  580,  580,  580,  580,  580,  581,  581,    0,    0,
+        0,  581,  582,  582,  582,    0,    0,    0,  582,  583,
+      583,    0,    0,    0,  583,  584,  584,    0,    0,    0,
+      584,  585,  585,    0,    0,    0,  585,  586,  586,  586,
+        0,    0,    0,  586,  587,  587,    0,    0,    0,  587,
+      588,  588,    0,    0,    0,  588,  589,  589,    0,    0,
+
+        0,  589,  590,  590,  590,    0,    0,    0,  590,  591,
+      591,  591,  591,    0,    0,    0,  591,  592,  592,    0,
+        0,    0,  592,  593,  593,    0,    0,    0,  593,  594,
+      594,    0,    0,    0,  594,  595,  595,  595,    0,    0,
+        0,  595,  596,  596,  596,  596,    0,    0,    0,  596,
+      597,  597,    0,    0,    0,  597,  598,  598,    0,    0,
+        0,  598,  599,  599,  599,    0,    0,    0,  599,  600,
+      600,  600,  600,    0,    0,    0,  600,  601,  601,    0,
+        0,    0,  601,  602,    0,  602,  602,    0,    0,    0,
+      602,  603,  603,  603,    0,    0,    0,  603,  604,  604,
+
+      604,  604,    0,    0,    0,  604,  605,  605,    0,    0,
+        0,  605,  606,    0,  606,  606,    0,    0,    0,  606,
+      607,  607,  607,    0,    0,    0,  607,  608,  608,  608,
+        0,    0,    0,    0,  608,  609,    0,    0,  609,  609,
+        0,  609,  609,  609,    0,    0,  609,  609,  609,  610,
+        0,    0,  610,  610,    0,  610,  610,  610,    0,    0,
+      610,  610,  610,  611,  611,    0,    0,    0,  611,  612,
+        0,  612,  612,    0,    0,    0,  612,  613,  613,    0,
+        0,    0,    0,  613,  614,  614,  614,  614,  614,  614,
+      614,  614,  614,  614,  614,  614,  614,  614,  615,  615,
+
+        0,    0,    0,  615,  616,    0,  616,  616,    0,    0,
+        0,  616,  617,  617,    0,    0,    0,  617,  618,    0,
+      618,    0,    0,    0,    0,  618,  620,  620,  620,  620,
+      620,  620,  620,  620,  620,  620,  620,  620,  620,  620,
+      554,  554,  554,  554,  554,  554,  554,  554,  554,  554,
+      554,  554,  554,  554,  554,  554,  554,  554,  554,  554,
+      554,  554,  554,  554,  554,  554,  554,  554,  554,  554,
+      554,  554,  554,  554,  554,  554,  554,  554,  554,  554,
+      554,  554,  554,  554,  554,  554,  554,  554,  554,  554,
+      554,  554,  554,  554,  554,  554,  554,  554,  554,  554,
+
+      554,  554,  554
+    } ;
+
+static yy_state_type yy_last_accepting_state;
+static char *yy_last_accepting_cpos;
+
+/* The intent behind this definition is that it'll catch
+ * any uses of REJECT which flex missed.
+ */
+#define REJECT reject_used_but_not_detected
+#define yymore() yymore_used_but_not_detected
+#define YY_MORE_ADJ 0
+#define YY_RESTORE_YY_MORE_OFFSET
+char *yytext;
+#line 1 "toke.l"
+#define INITIAL 0
+#line 2 "toke.l"
+/*
+ * Copyright (c) 1996, 1998-2005, 2007-2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+# include <malloc.h>
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#ifdef HAVE_DIRENT_H
+# include <dirent.h>
+# define NAMLEN(dirent) strlen((dirent)->d_name)
+#else
+# define dirent direct
+# define NAMLEN(dirent) (dirent)->d_namlen
+# ifdef HAVE_SYS_NDIR_H
+#  include <sys/ndir.h>
+# endif
+# ifdef HAVE_SYS_DIR_H
+#  include <sys/dir.h>
+# endif
+# ifdef HAVE_NDIR_H
+#  include <ndir.h>
+# endif
+#endif
+#include <ctype.h>
+#include "sudo.h"
+#include "parse.h"
+#include <gram.h>
+
+extern YYSTYPE yylval;
+extern int parse_error;
+int sudolineno = 1;
+char *sudoers;
+static int sawspace = 0;
+static int arg_len = 0;
+static int arg_size = 0;
+
+static int append		__P((char *, int));
+static int _fill		__P((char *, int, int));
+static int fill_cmnd		__P((char *, int));
+static int fill_args		__P((char *, int, int));
+static int _push_include	__P((char *, int));
+static int pop_include		__P((void));
+static int ipv6_valid		__P((const char *s));
+static char *parse_include	__P((char *));
+extern void yyerror		__P((const char *));
+
+#define fill(a, b)		_fill(a, b, 0)
+
+#define	push_include(_p)	(_push_include((_p), FALSE))
+#define	push_includedir(_p)	(_push_include((_p), TRUE))
+
+/* realloc() to size + COMMANDARGINC to make room for command args */
+#define COMMANDARGINC	64
+
+#ifdef TRACELEXER
+#define LEXTRACE(msg)	fputs(msg, stderr)
+#else
+#define LEXTRACE(msg)
+#endif
+#define YY_NO_UNPUT 1
+#define GOTDEFS 1
+
+#define GOTCMND 2
+
+#define STARTDEFS 3
+
+#define INDEFS 4
+
+#define INSTR 5
+
+#line 1475 "lex.yy.c"
+
+/* Macros after this point can all be overridden by user definitions in
+ * section 1.
+ */
+
+#ifndef YY_SKIP_YYWRAP
+#ifdef __cplusplus
+extern "C" int yywrap YY_PROTO(( void ));
+#else
+extern int yywrap YY_PROTO(( void ));
+#endif
+#endif
+
+#ifndef YY_NO_UNPUT
+static void yyunput YY_PROTO(( int c, char *buf_ptr ));
+#endif
+
+#ifndef yytext_ptr
+static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int ));
+#endif
+
+#ifdef YY_NEED_STRLEN
+static int yy_flex_strlen YY_PROTO(( yyconst char * ));
+#endif
+
+#ifndef YY_NO_INPUT
+#ifdef __cplusplus
+static int yyinput YY_PROTO(( void ));
+#else
+static int input YY_PROTO(( void ));
+#endif
+#endif
+
+#if defined(YY_STACK_USED) && YY_STACK_USED
+static int yy_start_stack_ptr = 0;
+static int yy_start_stack_depth = 0;
+static int *yy_start_stack = 0;
+#ifndef YY_NO_PUSH_STATE
+static void yy_push_state YY_PROTO(( int new_state ));
+#endif
+#ifndef YY_NO_POP_STATE
+static void yy_pop_state YY_PROTO(( void ));
+#endif
+#ifndef YY_NO_TOP_STATE
+static int yy_top_state YY_PROTO(( void ));
+#endif
+
+#else
+#define YY_NO_PUSH_STATE 1
+#define YY_NO_POP_STATE 1
+#define YY_NO_TOP_STATE 1
+#endif
+
+#ifdef YY_MALLOC_DECL
+YY_MALLOC_DECL
+#else
+#ifdef __STDC__
+#ifndef __cplusplus
+#include <stdlib.h>
+#endif
+#else
+/* Just try to get by without declaring the routines.  This will fail
+ * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int)
+ * or sizeof(void*) != sizeof(int).
+ */
+#endif
+#endif
+
+/* Amount of stuff to slurp up with each read. */
+#ifndef YY_READ_BUF_SIZE
+#define YY_READ_BUF_SIZE 8192
+#endif
+
+/* Copy whatever the last rule matched to the standard output. */
+
+#ifndef ECHO
+/* This used to be an fputs(), but since the string might contain NUL's,
+ * we now use fwrite().
+ */
+#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
+#endif
+
+/* Gets input and stuffs it into "buf".  number of characters read, or YY_NULL,
+ * is returned in "result".
+ */
+#ifndef YY_INPUT
+#define YY_INPUT(buf,result,max_size) \
+	if ( yy_current_buffer->yy_is_interactive ) \
+		{ \
+		int c = '*', n; \
+		for ( n = 0; n < max_size && \
+			     (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
+			buf[n] = (char) c; \
+		if ( c == '\n' ) \
+			buf[n++] = (char) c; \
+		if ( c == EOF && ferror( yyin ) ) \
+			YY_FATAL_ERROR( "input in flex scanner failed" ); \
+		result = n; \
+		} \
+	else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \
+		  && ferror( yyin ) ) \
+		YY_FATAL_ERROR( "input in flex scanner failed" );
+#endif
+
+/* No semi-colon after return; correct usage is to write "yyterminate();" -
+ * we don't want an extra ';' after the "return" because that will cause
+ * some compilers to complain about unreachable statements.
+ */
+#ifndef yyterminate
+#define yyterminate() return YY_NULL
+#endif
+
+/* Number of entries by which start-condition stack grows. */
+#ifndef YY_START_STACK_INCR
+#define YY_START_STACK_INCR 25
+#endif
+
+/* Report a fatal error. */
+#ifndef YY_FATAL_ERROR
+#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
+#endif
+
+/* Default declaration of generated scanner - a define so the user can
+ * easily add parameters.
+ */
+#ifndef YY_DECL
+#define YY_DECL int yylex YY_PROTO(( void ))
+#endif
+
+/* Code executed at the beginning of each rule, after yytext and yyleng
+ * have been set up.
+ */
+#ifndef YY_USER_ACTION
+#define YY_USER_ACTION
+#endif
+
+/* Code executed at the end of each rule. */
+#ifndef YY_BREAK
+#define YY_BREAK break;
+#endif
+
+#define YY_RULE_SETUP \
+	if ( yyleng > 0 ) \
+		yy_current_buffer->yy_at_bol = \
+				(yytext[yyleng - 1] == '\n'); \
+	YY_USER_ACTION
+
+YY_DECL
+	{
+	register yy_state_type yy_current_state;
+	register char *yy_cp, *yy_bp;
+	register int yy_act;
+
+#line 127 "toke.l"
+
+#line 1631 "lex.yy.c"
+
+	if ( yy_init )
+		{
+		yy_init = 0;
+
+#ifdef YY_USER_INIT
+		YY_USER_INIT;
+#endif
+
+		if ( ! yy_start )
+			yy_start = 1;	/* first start state */
+
+		if ( ! yyin )
+			yyin = stdin;
+
+		if ( ! yyout )
+			yyout = stdout;
+
+		if ( ! yy_current_buffer )
+			yy_current_buffer =
+				yy_create_buffer( yyin, YY_BUF_SIZE );
+
+		yy_load_buffer_state();
+		}
+
+	while ( 1 )		/* loops until end-of-file is reached */
+		{
+		yy_cp = yy_c_buf_p;
+
+		/* Support of yytext. */
+		*yy_cp = yy_hold_char;
+
+		/* yy_bp points to the position in yy_ch_buf of the start of
+		 * the current run.
+		 */
+		yy_bp = yy_cp;
+
+		yy_current_state = yy_start;
+		yy_current_state += YY_AT_BOL();
+yy_match:
+		do
+			{
+			register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
+			if ( yy_accept[yy_current_state] )
+				{
+				yy_last_accepting_state = yy_current_state;
+				yy_last_accepting_cpos = yy_cp;
+				}
+			while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+				{
+				yy_current_state = (int) yy_def[yy_current_state];
+				if ( yy_current_state >= 555 )
+					yy_c = yy_meta[(unsigned int) yy_c];
+				}
+			yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+			++yy_cp;
+			}
+		while ( yy_base[yy_current_state] != 3541 );
+
+yy_find_action:
+		yy_act = yy_accept[yy_current_state];
+		if ( yy_act == 0 )
+			{ /* have to back up */
+			yy_cp = yy_last_accepting_cpos;
+			yy_current_state = yy_last_accepting_state;
+			yy_act = yy_accept[yy_current_state];
+			}
+
+		YY_DO_BEFORE_ACTION;
+
+
+do_action:	/* This label is used only to access EOF actions. */
+
+
+		switch ( yy_act )
+	{ /* beginning of action switch */
+			case 0: /* must back up */
+			/* undo the effects of YY_DO_BEFORE_ACTION */
+			*yy_cp = yy_hold_char;
+			yy_cp = yy_last_accepting_cpos;
+			yy_current_state = yy_last_accepting_state;
+			goto yy_find_action;
+
+case 1:
+YY_RULE_SETUP
+#line 128 "toke.l"
+BEGIN STARTDEFS;
+	YY_BREAK
+case 2:
+YY_RULE_SETUP
+#line 130 "toke.l"
+{
+			    BEGIN INDEFS;
+			    LEXTRACE("DEFVAR ");
+			    if (!fill(yytext, yyleng))
+				yyterminate();
+			    return(DEFVAR);
+			}
+	YY_BREAK
+
+case 3:
+YY_RULE_SETUP
+#line 139 "toke.l"
+{
+			    BEGIN STARTDEFS;
+			    LEXTRACE(", ");
+			    return(',');
+			}			/* return ',' */
+	YY_BREAK
+case 4:
+YY_RULE_SETUP
+#line 145 "toke.l"
+{
+			    LEXTRACE("= ");
+			    return('=');
+			}			/* return '=' */
+	YY_BREAK
+case 5:
+YY_RULE_SETUP
+#line 150 "toke.l"
+{
+			    LEXTRACE("+= ");
+			    return('+');
+			}			/* return '+' */
+	YY_BREAK
+case 6:
+YY_RULE_SETUP
+#line 155 "toke.l"
+{
+			    LEXTRACE("-= ");
+			    return('-');
+			}			/* return '-' */
+	YY_BREAK
+case 7:
+YY_RULE_SETUP
+#line 160 "toke.l"
+{
+			    LEXTRACE("BEGINSTR ");
+			    yylval.string = NULL;
+			    BEGIN INSTR;
+			}
+	YY_BREAK
+case 8:
+YY_RULE_SETUP
+#line 166 "toke.l"
+{
+			    LEXTRACE("WORD(2) ");
+			    if (!fill(yytext, yyleng))
+				yyterminate();
+			    return(WORD);
+			}
+	YY_BREAK
+
+
+case 9:
+YY_RULE_SETUP
+#line 175 "toke.l"
+{
+			    /* Line continuation char followed by newline. */
+			    ++sudolineno;
+			    LEXTRACE("\n");
+			}
+	YY_BREAK
+case 10:
+YY_RULE_SETUP
+#line 181 "toke.l"
+{
+			    LEXTRACE("ENDSTR ");
+			    BEGIN INDEFS;
+			    return(WORD);
+			}
+	YY_BREAK
+case 11:
+YY_RULE_SETUP
+#line 187 "toke.l"
+{
+			    LEXTRACE("BACKSLASH ");
+			    if (!append(yytext, yyleng))
+				yyterminate();
+			}
+	YY_BREAK
+case 12:
+YY_RULE_SETUP
+#line 193 "toke.l"
+{
+			    LEXTRACE("STRBODY ");
+			    if (!append(yytext, yyleng))
+				yyterminate();
+			}
+	YY_BREAK
+
+
+case 13:
+YY_RULE_SETUP
+#line 201 "toke.l"
+{
+			    /* quoted fnmatch glob char, pass verbatim */
+			    LEXTRACE("QUOTEDCHAR ");
+			    if (!fill_args(yytext, 2, sawspace))
+				yyterminate();
+			    sawspace = FALSE;
+			}
+	YY_BREAK
+case 14:
+YY_RULE_SETUP
+#line 209 "toke.l"
+{
+			    /* quoted sudoers special char, strip backslash */
+			    LEXTRACE("QUOTEDCHAR ");
+			    if (!fill_args(yytext + 1, 1, sawspace))
+				yyterminate();
+			    sawspace = FALSE;
+			}
+	YY_BREAK
+case 15:
+YY_RULE_SETUP
+#line 217 "toke.l"
+{
+			    BEGIN INITIAL;
+			    yyless(0);
+			    return(COMMAND);
+			}			/* end of command line args */
+	YY_BREAK
+case 16:
+YY_RULE_SETUP
+#line 223 "toke.l"
+{
+			    LEXTRACE("ARG ");
+			    if (!fill_args(yytext, yyleng, sawspace))
+				yyterminate();
+			    sawspace = FALSE;
+			}			/* a command line arg */
+	YY_BREAK
+
+case 17:
+YY_RULE_SETUP
+#line 231 "toke.l"
+{
+			    char *path;
+
+			    if ((path = parse_include(yytext)) == NULL)
+				yyterminate();
+
+			    LEXTRACE("INCLUDE\n");
+
+			    /* Push current buffer and switch to include file */
+			    if (!push_include(path))
+				yyterminate();
+			}
+	YY_BREAK
+case 18:
+YY_RULE_SETUP
+#line 244 "toke.l"
+{
+			    char *path;
+
+			    if ((path = parse_include(yytext)) == NULL)
+				yyterminate();
+
+			    LEXTRACE("INCLUDEDIR\n");
+
+			    /*
+			     * Push current buffer and switch to include file.
+			     * We simply ignore empty directories.
+			     */
+			    if (!push_includedir(path) && parse_error)
+				yyterminate();
+			}
+	YY_BREAK
+case 19:
+YY_RULE_SETUP
+#line 260 "toke.l"
+{
+			    int n;
+			    for (n = 0; isblank((unsigned char)yytext[n]); n++)
+				continue;
+			    n += 8;
+			    BEGIN GOTDEFS;
+			    switch (yytext[n++]) {
+				case ':':
+				    yyless(n);
+				    LEXTRACE("DEFAULTS_USER ");
+				    return(DEFAULTS_USER);
+				case '>':
+				    yyless(n);
+				    LEXTRACE("DEFAULTS_RUNAS ");
+				    return(DEFAULTS_RUNAS);
+				case '@':
+				    yyless(n);
+				    LEXTRACE("DEFAULTS_HOST ");
+				    return(DEFAULTS_HOST);
+				case '!':
+				    yyless(n);
+				    LEXTRACE("DEFAULTS_CMND ");
+				    return(DEFAULTS_CMND);
+				default:
+				    LEXTRACE("DEFAULTS ");
+				    return(DEFAULTS);
+			    }
+			}
+	YY_BREAK
+case 20:
+YY_RULE_SETUP
+#line 289 "toke.l"
+{
+			    int n;
+			    for (n = 0; isblank((unsigned char)yytext[n]); n++)
+				continue;
+			    switch (yytext[n]) {
+				case 'H':
+				    LEXTRACE("HOSTALIAS ");
+				    return(HOSTALIAS);
+				case 'C':
+				    LEXTRACE("CMNDALIAS ");
+				    return(CMNDALIAS);
+				case 'U':
+				    LEXTRACE("USERALIAS ");
+				    return(USERALIAS);
+				case 'R':
+				    LEXTRACE("RUNASALIAS ");
+				    return(RUNASALIAS);
+			    }
+			}
+	YY_BREAK
+case 21:
+YY_RULE_SETUP
+#line 309 "toke.l"
+{
+				/* cmnd does not require passwd for this user */
+			    	LEXTRACE("NOPASSWD ");
+			    	return(NOPASSWD);
+			}
+	YY_BREAK
+case 22:
+YY_RULE_SETUP
+#line 315 "toke.l"
+{
+				/* cmnd requires passwd for this user */
+			    	LEXTRACE("PASSWD ");
+			    	return(PASSWD);
+			}
+	YY_BREAK
+case 23:
+YY_RULE_SETUP
+#line 321 "toke.l"
+{
+			    	LEXTRACE("NOEXEC ");
+			    	return(NOEXEC);
+			}
+	YY_BREAK
+case 24:
+YY_RULE_SETUP
+#line 326 "toke.l"
+{
+			    	LEXTRACE("EXEC ");
+			    	return(EXEC);
+			}
+	YY_BREAK
+case 25:
+YY_RULE_SETUP
+#line 331 "toke.l"
+{
+			    	LEXTRACE("SETENV ");
+			    	return(SETENV);
+			}
+	YY_BREAK
+case 26:
+YY_RULE_SETUP
+#line 336 "toke.l"
+{
+			    	LEXTRACE("NOSETENV ");
+			    	return(NOSETENV);
+			}
+	YY_BREAK
+case 27:
+YY_RULE_SETUP
+#line 341 "toke.l"
+{
+			    /* netgroup */
+			    if (!fill(yytext, yyleng))
+				yyterminate();
+			    LEXTRACE("NETGROUP ");
+			    return(NETGROUP);
+			}
+	YY_BREAK
+case 28:
+YY_RULE_SETUP
+#line 349 "toke.l"
+{
+			    /* UN*X group */
+			    if (!fill(yytext, yyleng))
+				yyterminate();
+			    LEXTRACE("USERGROUP ");
+			    return(USERGROUP);
+			}
+	YY_BREAK
+case 29:
+YY_RULE_SETUP
+#line 357 "toke.l"
+{
+			    if (!fill(yytext, yyleng))
+				yyterminate();
+			    LEXTRACE("NTWKADDR ");
+			    return(NTWKADDR);
+			}
+	YY_BREAK
+case 30:
+YY_RULE_SETUP
+#line 364 "toke.l"
+{
+			    if (!fill(yytext, yyleng))
+				yyterminate();
+			    LEXTRACE("NTWKADDR ");
+			    return(NTWKADDR);
+			}
+	YY_BREAK
+case 31:
+YY_RULE_SETUP
+#line 371 "toke.l"
+{
+			    if (!ipv6_valid(yytext)) {
+				LEXTRACE("ERROR ");
+				return(ERROR);
+			    }
+			    if (!fill(yytext, yyleng))
+				yyterminate();
+			    LEXTRACE("NTWKADDR ");
+			    return(NTWKADDR);
+			}
+	YY_BREAK
+case 32:
+YY_RULE_SETUP
+#line 382 "toke.l"
+{
+			    if (!ipv6_valid(yytext)) {
+				LEXTRACE("ERROR ");
+				return(ERROR);
+			    }
+			    if (!fill(yytext, yyleng))
+				yyterminate();
+			    LEXTRACE("NTWKADDR ");
+			    return(NTWKADDR);
+			}
+	YY_BREAK
+case 33:
+YY_RULE_SETUP
+#line 393 "toke.l"
+{
+			    if (strcmp(yytext, "ALL") == 0) {
+				LEXTRACE("ALL ");
+				return(ALL);
+			    }
+#ifdef HAVE_SELINUX
+			    /* XXX - restrict type/role to initial state */
+			    if (strcmp(yytext, "TYPE") == 0) {
+				LEXTRACE("TYPE ");
+				return(TYPE);
+			    }
+			    if (strcmp(yytext, "ROLE") == 0) {
+				LEXTRACE("ROLE ");
+				return(ROLE);
+			    }
+#endif /* HAVE_SELINUX */
+			    if (!fill(yytext, yyleng))
+				yyterminate();
+			    LEXTRACE("ALIAS ");
+			    return(ALIAS);
+			}
+	YY_BREAK
+case 34:
+YY_RULE_SETUP
+#line 415 "toke.l"
+{
+			    /* no command args allowed for Defaults!/path */
+			    if (!fill_cmnd(yytext, yyleng))
+				yyterminate();
+			    LEXTRACE("COMMAND ");
+			    return(COMMAND);
+			}
+	YY_BREAK
+case 35:
+YY_RULE_SETUP
+#line 423 "toke.l"
+{
+			    BEGIN GOTCMND;
+			    LEXTRACE("COMMAND ");
+			    if (!fill_cmnd(yytext, yyleng))
+				yyterminate();
+			}			/* sudo -e */
+	YY_BREAK
+case 36:
+YY_RULE_SETUP
+#line 430 "toke.l"
+{
+			    /* directories can't have args... */
+			    if (yytext[yyleng - 1] == '/') {
+				LEXTRACE("COMMAND ");
+				if (!fill_cmnd(yytext, yyleng))
+				    yyterminate();
+				return(COMMAND);
+			    } else {
+				BEGIN GOTCMND;
+				LEXTRACE("COMMAND ");
+				if (!fill_cmnd(yytext, yyleng))
+				    yyterminate();
+			    }
+			}			/* a pathname */
+	YY_BREAK
+case 37:
+YY_RULE_SETUP
+#line 445 "toke.l"
+{
+			    /* a quoted user/group name */
+			    if (!fill(yytext + 1, yyleng - 2))
+				yyterminate();
+			    switch (yytext[1]) {
+			    case '%':
+				LEXTRACE("USERGROUP ");
+				return(USERGROUP);
+			    case '+':
+				LEXTRACE("NETGROUP ");
+				return(NETGROUP);
+			    default:
+				LEXTRACE("WORD(4) ");
+				return(WORD);
+			    }
+			}
+	YY_BREAK
+case 38:
+YY_RULE_SETUP
+#line 462 "toke.l"
+{
+			    /* a word */
+			    if (!fill(yytext, yyleng))
+				yyterminate();
+			    LEXTRACE("WORD(5) ");
+			    return(WORD);
+			}
+	YY_BREAK
+case 39:
+YY_RULE_SETUP
+#line 470 "toke.l"
+{
+			    LEXTRACE("( ");
+			    return ('(');
+			}
+	YY_BREAK
+case 40:
+YY_RULE_SETUP
+#line 475 "toke.l"
+{
+			    LEXTRACE(") ");
+			    return(')');
+			}
+	YY_BREAK
+case 41:
+YY_RULE_SETUP
+#line 480 "toke.l"
+{
+			    LEXTRACE(", ");
+			    return(',');
+			}			/* return ',' */
+	YY_BREAK
+case 42:
+YY_RULE_SETUP
+#line 485 "toke.l"
+{
+			    LEXTRACE("= ");
+			    return('=');
+			}			/* return '=' */
+	YY_BREAK
+case 43:
+YY_RULE_SETUP
+#line 490 "toke.l"
+{
+			    LEXTRACE(": ");
+			    return(':');
+			}			/* return ':' */
+	YY_BREAK
+case 44:
+YY_RULE_SETUP
+#line 495 "toke.l"
+{
+			    if (yyleng % 2 == 1)
+				return('!');	/* return '!' */
+			}
+	YY_BREAK
+case 45:
+YY_RULE_SETUP
+#line 500 "toke.l"
+{
+			    BEGIN INITIAL;
+			    ++sudolineno;
+			    LEXTRACE("\n");
+			    return(COMMENT);
+			}			/* return newline */
+	YY_BREAK
+case 46:
+YY_RULE_SETUP
+#line 507 "toke.l"
+{			/* throw away space/tabs */
+			    sawspace = TRUE;	/* but remember for fill_args */
+			}
+	YY_BREAK
+case 47:
+YY_RULE_SETUP
+#line 511 "toke.l"
+{
+			    sawspace = TRUE;	/* remember for fill_args */
+			    ++sudolineno;
+			    LEXTRACE("\n\t");
+			}			/* throw away EOL after \ */
+	YY_BREAK
+case 48:
+YY_RULE_SETUP
+#line 517 "toke.l"
+{
+			    BEGIN INITIAL;
+			    ++sudolineno;
+			    LEXTRACE("\n");
+			    return(COMMENT);
+			}			/* comment, not uid/gid */
+	YY_BREAK
+case 49:
+YY_RULE_SETUP
+#line 524 "toke.l"
+{
+			    LEXTRACE("ERROR ");
+			    return(ERROR);
+			}	/* parse error */
+	YY_BREAK
+case YY_STATE_EOF(INITIAL):
+case YY_STATE_EOF(GOTDEFS):
+case YY_STATE_EOF(GOTCMND):
+case YY_STATE_EOF(STARTDEFS):
+case YY_STATE_EOF(INDEFS):
+case YY_STATE_EOF(INSTR):
+#line 529 "toke.l"
+{
+			    if (YY_START != INITIAL) {
+			    	BEGIN INITIAL;
+				LEXTRACE("ERROR ");
+				return(ERROR);
+			    }
+			    if (!pop_include())
+				yyterminate();
+			}
+	YY_BREAK
+case 50:
+YY_RULE_SETUP
+#line 539 "toke.l"
+ECHO;
+	YY_BREAK
+#line 2285 "lex.yy.c"
+
+	case YY_END_OF_BUFFER:
+		{
+		/* Amount of text matched not including the EOB char. */
+		int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1;
+
+		/* Undo the effects of YY_DO_BEFORE_ACTION. */
+		*yy_cp = yy_hold_char;
+		YY_RESTORE_YY_MORE_OFFSET
+
+		if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW )
+			{
+			/* We're scanning a new file or input source.  It's
+			 * possible that this happened because the user
+			 * just pointed yyin at a new source and called
+			 * yylex().  If so, then we have to assure
+			 * consistency between yy_current_buffer and our
+			 * globals.  Here is the right place to do so, because
+			 * this is the first action (other than possibly a
+			 * back-up) that will match for the new input source.
+			 */
+			yy_n_chars = yy_current_buffer->yy_n_chars;
+			yy_current_buffer->yy_input_file = yyin;
+			yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL;
+			}
+
+		/* Note that here we test for yy_c_buf_p "<=" to the position
+		 * of the first EOB in the buffer, since yy_c_buf_p will
+		 * already have been incremented past the NUL character
+		 * (since all states make transitions on EOB to the
+		 * end-of-buffer state).  Contrast this with the test
+		 * in input().
+		 */
+		if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] )
+			{ /* This was really a NUL. */
+			yy_state_type yy_next_state;
+
+			yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text;
+
+			yy_current_state = yy_get_previous_state();
+
+			/* Okay, we're now positioned to make the NUL
+			 * transition.  We couldn't have
+			 * yy_get_previous_state() go ahead and do it
+			 * for us because it doesn't know how to deal
+			 * with the possibility of jamming (and we don't
+			 * want to build jamming into it because then it
+			 * will run more slowly).
+			 */
+
+			yy_next_state = yy_try_NUL_trans( yy_current_state );
+
+			yy_bp = yytext_ptr + YY_MORE_ADJ;
+
+			if ( yy_next_state )
+				{
+				/* Consume the NUL. */
+				yy_cp = ++yy_c_buf_p;
+				yy_current_state = yy_next_state;
+				goto yy_match;
+				}
+
+			else
+				{
+				yy_cp = yy_c_buf_p;
+				goto yy_find_action;
+				}
+			}
+
+		else switch ( yy_get_next_buffer() )
+			{
+			case EOB_ACT_END_OF_FILE:
+				{
+				yy_did_buffer_switch_on_eof = 0;
+
+				if ( yywrap() )
+					{
+					/* Note: because we've taken care in
+					 * yy_get_next_buffer() to have set up
+					 * yytext, we can now set up
+					 * yy_c_buf_p so that if some total
+					 * hoser (like flex itself) wants to
+					 * call the scanner after we return the
+					 * YY_NULL, it'll still work - another
+					 * YY_NULL will get returned.
+					 */
+					yy_c_buf_p = yytext_ptr + YY_MORE_ADJ;
+
+					yy_act = YY_STATE_EOF(YY_START);
+					goto do_action;
+					}
+
+				else
+					{
+					if ( ! yy_did_buffer_switch_on_eof )
+						YY_NEW_FILE;
+					}
+				break;
+				}
+
+			case EOB_ACT_CONTINUE_SCAN:
+				yy_c_buf_p =
+					yytext_ptr + yy_amount_of_matched_text;
+
+				yy_current_state = yy_get_previous_state();
+
+				yy_cp = yy_c_buf_p;
+				yy_bp = yytext_ptr + YY_MORE_ADJ;
+				goto yy_match;
+
+			case EOB_ACT_LAST_MATCH:
+				yy_c_buf_p =
+				&yy_current_buffer->yy_ch_buf[yy_n_chars];
+
+				yy_current_state = yy_get_previous_state();
+
+				yy_cp = yy_c_buf_p;
+				yy_bp = yytext_ptr + YY_MORE_ADJ;
+				goto yy_find_action;
+			}
+		break;
+		}
+
+	default:
+		YY_FATAL_ERROR(
+			"fatal flex scanner internal error--no action found" );
+	} /* end of action switch */
+		} /* end of scanning one token */
+	} /* end of yylex */
+
+
+/* yy_get_next_buffer - try to read in a new buffer
+ *
+ * Returns a code representing an action:
+ *	EOB_ACT_LAST_MATCH -
+ *	EOB_ACT_CONTINUE_SCAN - continue scanning from current position
+ *	EOB_ACT_END_OF_FILE - end of file
+ */
+
+static int yy_get_next_buffer()
+	{
+	register char *dest = yy_current_buffer->yy_ch_buf;
+	register char *source = yytext_ptr;
+	register int number_to_move, i;
+	int ret_val;
+
+	if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] )
+		YY_FATAL_ERROR(
+		"fatal flex scanner internal error--end of buffer missed" );
+
+	if ( yy_current_buffer->yy_fill_buffer == 0 )
+		{ /* Don't try to fill the buffer, so this is an EOF. */
+		if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 )
+			{
+			/* We matched a single character, the EOB, so
+			 * treat this as a final EOF.
+			 */
+			return EOB_ACT_END_OF_FILE;
+			}
+
+		else
+			{
+			/* We matched some text prior to the EOB, first
+			 * process it.
+			 */
+			return EOB_ACT_LAST_MATCH;
+			}
+		}
+
+	/* Try to read more data. */
+
+	/* First move last chars to start of buffer. */
+	number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1;
+
+	for ( i = 0; i < number_to_move; ++i )
+		*(dest++) = *(source++);
+
+	if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING )
+		/* don't do the read, it's not guaranteed to return an EOF,
+		 * just force an EOF
+		 */
+		yy_current_buffer->yy_n_chars = yy_n_chars = 0;
+
+	else
+		{
+		int num_to_read =
+			yy_current_buffer->yy_buf_size - number_to_move - 1;
+
+		while ( num_to_read <= 0 )
+			{ /* Not enough room in the buffer - grow it. */
+#ifdef YY_USES_REJECT
+			YY_FATAL_ERROR(
+"input buffer overflow, can't enlarge buffer because scanner uses REJECT" );
+#else
+
+			/* just a shorter name for the current buffer */
+			YY_BUFFER_STATE b = yy_current_buffer;
+
+			int yy_c_buf_p_offset =
+				(int) (yy_c_buf_p - b->yy_ch_buf);
+
+			if ( b->yy_is_our_buffer )
+				{
+				int new_size = b->yy_buf_size * 2;
+
+				if ( new_size <= 0 )
+					b->yy_buf_size += b->yy_buf_size / 8;
+				else
+					b->yy_buf_size *= 2;
+
+				b->yy_ch_buf = (char *)
+					/* Include room in for 2 EOB chars. */
+					yy_flex_realloc( (void *) b->yy_ch_buf,
+							 b->yy_buf_size + 2 );
+				}
+			else
+				/* Can't grow it, we don't own it. */
+				b->yy_ch_buf = 0;
+
+			if ( ! b->yy_ch_buf )
+				YY_FATAL_ERROR(
+				"fatal error - scanner input buffer overflow" );
+
+			yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset];
+
+			num_to_read = yy_current_buffer->yy_buf_size -
+						number_to_move - 1;
+#endif
+			}
+
+		if ( num_to_read > YY_READ_BUF_SIZE )
+			num_to_read = YY_READ_BUF_SIZE;
+
+		/* Read in more data. */
+		YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]),
+			yy_n_chars, num_to_read );
+
+		yy_current_buffer->yy_n_chars = yy_n_chars;
+		}
+
+	if ( yy_n_chars == 0 )
+		{
+		if ( number_to_move == YY_MORE_ADJ )
+			{
+			ret_val = EOB_ACT_END_OF_FILE;
+			yyrestart( yyin );
+			}
+
+		else
+			{
+			ret_val = EOB_ACT_LAST_MATCH;
+			yy_current_buffer->yy_buffer_status =
+				YY_BUFFER_EOF_PENDING;
+			}
+		}
+
+	else
+		ret_val = EOB_ACT_CONTINUE_SCAN;
+
+	yy_n_chars += number_to_move;
+	yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR;
+	yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR;
+
+	yytext_ptr = &yy_current_buffer->yy_ch_buf[0];
+
+	return ret_val;
+	}
+
+
+/* yy_get_previous_state - get the state just before the EOB char was reached */
+
+static yy_state_type yy_get_previous_state()
+	{
+	register yy_state_type yy_current_state;
+	register char *yy_cp;
+
+	yy_current_state = yy_start;
+	yy_current_state += YY_AT_BOL();
+
+	for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp )
+		{
+		register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
+		if ( yy_accept[yy_current_state] )
+			{
+			yy_last_accepting_state = yy_current_state;
+			yy_last_accepting_cpos = yy_cp;
+			}
+		while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+			{
+			yy_current_state = (int) yy_def[yy_current_state];
+			if ( yy_current_state >= 555 )
+				yy_c = yy_meta[(unsigned int) yy_c];
+			}
+		yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+		}
+
+	return yy_current_state;
+	}
+
+
+/* yy_try_NUL_trans - try to make a transition on the NUL character
+ *
+ * synopsis
+ *	next_state = yy_try_NUL_trans( current_state );
+ */
+
+#ifdef YY_USE_PROTOS
+static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state )
+#else
+static yy_state_type yy_try_NUL_trans( yy_current_state )
+yy_state_type yy_current_state;
+#endif
+	{
+	register int yy_is_jam;
+	register char *yy_cp = yy_c_buf_p;
+
+	register YY_CHAR yy_c = 1;
+	if ( yy_accept[yy_current_state] )
+		{
+		yy_last_accepting_state = yy_current_state;
+		yy_last_accepting_cpos = yy_cp;
+		}
+	while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
+		{
+		yy_current_state = (int) yy_def[yy_current_state];
+		if ( yy_current_state >= 555 )
+			yy_c = yy_meta[(unsigned int) yy_c];
+		}
+	yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
+	yy_is_jam = (yy_current_state == 554);
+
+	return yy_is_jam ? 0 : yy_current_state;
+	}
+
+
+#ifndef YY_NO_UNPUT
+#ifdef YY_USE_PROTOS
+static void yyunput( int c, register char *yy_bp )
+#else
+static void yyunput( c, yy_bp )
+int c;
+register char *yy_bp;
+#endif
+	{
+	register char *yy_cp = yy_c_buf_p;
+
+	/* undo effects of setting up yytext */
+	*yy_cp = yy_hold_char;
+
+	if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 )
+		{ /* need to shift things up to make room */
+		/* +2 for EOB chars. */
+		register int number_to_move = yy_n_chars + 2;
+		register char *dest = &yy_current_buffer->yy_ch_buf[
+					yy_current_buffer->yy_buf_size + 2];
+		register char *source =
+				&yy_current_buffer->yy_ch_buf[number_to_move];
+
+		while ( source > yy_current_buffer->yy_ch_buf )
+			*--dest = *--source;
+
+		yy_cp += (int) (dest - source);
+		yy_bp += (int) (dest - source);
+		yy_current_buffer->yy_n_chars =
+			yy_n_chars = yy_current_buffer->yy_buf_size;
+
+		if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 )
+			YY_FATAL_ERROR( "flex scanner push-back overflow" );
+		}
+
+	*--yy_cp = (char) c;
+
+
+	yytext_ptr = yy_bp;
+	yy_hold_char = *yy_cp;
+	yy_c_buf_p = yy_cp;
+	}
+#endif	/* ifndef YY_NO_UNPUT */
+
+
+#ifdef __cplusplus
+static int yyinput()
+#else
+static int input()
+#endif
+	{
+	int c;
+
+	*yy_c_buf_p = yy_hold_char;
+
+	if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR )
+		{
+		/* yy_c_buf_p now points to the character we want to return.
+		 * If this occurs *before* the EOB characters, then it's a
+		 * valid NUL; if not, then we've hit the end of the buffer.
+		 */
+		if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] )
+			/* This was really a NUL. */
+			*yy_c_buf_p = '\0';
+
+		else
+			{ /* need more input */
+			int offset = yy_c_buf_p - yytext_ptr;
+			++yy_c_buf_p;
+
+			switch ( yy_get_next_buffer() )
+				{
+				case EOB_ACT_LAST_MATCH:
+					/* This happens because yy_g_n_b()
+					 * sees that we've accumulated a
+					 * token and flags that we need to
+					 * try matching the token before
+					 * proceeding.  But for input(),
+					 * there's no matching to consider.
+					 * So convert the EOB_ACT_LAST_MATCH
+					 * to EOB_ACT_END_OF_FILE.
+					 */
+
+					/* Reset buffer status. */
+					yyrestart( yyin );
+
+					/* fall through */
+
+				case EOB_ACT_END_OF_FILE:
+					{
+					if ( yywrap() )
+						return EOF;
+
+					if ( ! yy_did_buffer_switch_on_eof )
+						YY_NEW_FILE;
+#ifdef __cplusplus
+					return yyinput();
+#else
+					return input();
+#endif
+					}
+
+				case EOB_ACT_CONTINUE_SCAN:
+					yy_c_buf_p = yytext_ptr + offset;
+					break;
+				}
+			}
+		}
+
+	c = *(unsigned char *) yy_c_buf_p;	/* cast for 8-bit char's */
+	*yy_c_buf_p = '\0';	/* preserve yytext */
+	yy_hold_char = *++yy_c_buf_p;
+
+	yy_current_buffer->yy_at_bol = (c == '\n');
+
+	return c;
+	}
+
+
+#ifdef YY_USE_PROTOS
+void yyrestart( FILE *input_file )
+#else
+void yyrestart( input_file )
+FILE *input_file;
+#endif
+	{
+	if ( ! yy_current_buffer )
+		yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE );
+
+	yy_init_buffer( yy_current_buffer, input_file );
+	yy_load_buffer_state();
+	}
+
+
+#ifdef YY_USE_PROTOS
+void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer )
+#else
+void yy_switch_to_buffer( new_buffer )
+YY_BUFFER_STATE new_buffer;
+#endif
+	{
+	if ( yy_current_buffer == new_buffer )
+		return;
+
+	if ( yy_current_buffer )
+		{
+		/* Flush out information for old buffer. */
+		*yy_c_buf_p = yy_hold_char;
+		yy_current_buffer->yy_buf_pos = yy_c_buf_p;
+		yy_current_buffer->yy_n_chars = yy_n_chars;
+		}
+
+	yy_current_buffer = new_buffer;
+	yy_load_buffer_state();
+
+	/* We don't actually know whether we did this switch during
+	 * EOF (yywrap()) processing, but the only time this flag
+	 * is looked at is after yywrap() is called, so it's safe
+	 * to go ahead and always set it.
+	 */
+	yy_did_buffer_switch_on_eof = 1;
+	}
+
+
+#ifdef YY_USE_PROTOS
+void yy_load_buffer_state( void )
+#else
+void yy_load_buffer_state()
+#endif
+	{
+	yy_n_chars = yy_current_buffer->yy_n_chars;
+	yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos;
+	yyin = yy_current_buffer->yy_input_file;
+	yy_hold_char = *yy_c_buf_p;
+	}
+
+
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE yy_create_buffer( FILE *file, int size )
+#else
+YY_BUFFER_STATE yy_create_buffer( file, size )
+FILE *file;
+int size;
+#endif
+	{
+	YY_BUFFER_STATE b;
+
+	b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) );
+	if ( ! b )
+		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+
+	b->yy_buf_size = size;
+
+	/* yy_ch_buf has to be 2 characters longer than the size given because
+	 * we need to put in 2 end-of-buffer characters.
+	 */
+	b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 );
+	if ( ! b->yy_ch_buf )
+		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
+
+	b->yy_is_our_buffer = 1;
+
+	yy_init_buffer( b, file );
+
+	return b;
+	}
+
+
+#ifdef YY_USE_PROTOS
+void yy_delete_buffer( YY_BUFFER_STATE b )
+#else
+void yy_delete_buffer( b )
+YY_BUFFER_STATE b;
+#endif
+	{
+	if ( ! b )
+		return;
+
+	if ( b == yy_current_buffer )
+		yy_current_buffer = (YY_BUFFER_STATE) 0;
+
+	if ( b->yy_is_our_buffer )
+		yy_flex_free( (void *) b->yy_ch_buf );
+
+	yy_flex_free( (void *) b );
+	}
+
+
+#ifndef YY_ALWAYS_INTERACTIVE
+#ifndef YY_NEVER_INTERACTIVE
+#include <unistd.h>
+#endif
+#endif
+
+#ifdef YY_USE_PROTOS
+void yy_init_buffer( YY_BUFFER_STATE b, FILE *file )
+#else
+void yy_init_buffer( b, file )
+YY_BUFFER_STATE b;
+FILE *file;
+#endif
+
+
+	{
+	int oerrno = errno;
+
+	yy_flush_buffer( b );
+
+	b->yy_input_file = file;
+	b->yy_fill_buffer = 1;
+
+#if defined(YY_ALWAYS_INTERACTIVE) && YY_ALWAYS_INTERACTIVE
+	b->yy_is_interactive = 1;
+#else
+#if defined(YY_NEVER_INTERACTIVE) && YY_NEVER_INTERACTIVE
+	b->yy_is_interactive = 0;
+#else
+	b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
+#endif
+#endif
+	errno = oerrno;
+	}
+
+
+#ifdef YY_USE_PROTOS
+void yy_flush_buffer( YY_BUFFER_STATE b )
+#else
+void yy_flush_buffer( b )
+YY_BUFFER_STATE b;
+#endif
+
+	{
+	if ( ! b )
+		return;
+
+	b->yy_n_chars = 0;
+
+	/* We always need two end-of-buffer characters.  The first causes
+	 * a transition to the end-of-buffer state.  The second causes
+	 * a jam in that state.
+	 */
+	b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
+	b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
+
+	b->yy_buf_pos = &b->yy_ch_buf[0];
+
+	b->yy_at_bol = 1;
+	b->yy_buffer_status = YY_BUFFER_NEW;
+
+	if ( b == yy_current_buffer )
+		yy_load_buffer_state();
+	}
+
+
+#ifndef YY_NO_SCAN_BUFFER
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size )
+#else
+YY_BUFFER_STATE yy_scan_buffer( base, size )
+char *base;
+yy_size_t size;
+#endif
+	{
+	YY_BUFFER_STATE b;
+
+	if ( size < 2 ||
+	     base[size-2] != YY_END_OF_BUFFER_CHAR ||
+	     base[size-1] != YY_END_OF_BUFFER_CHAR )
+		/* They forgot to leave room for the EOB's. */
+		return 0;
+
+	b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) );
+	if ( ! b )
+		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
+
+	b->yy_buf_size = size - 2;	/* "- 2" to take care of EOB's */
+	b->yy_buf_pos = b->yy_ch_buf = base;
+	b->yy_is_our_buffer = 0;
+	b->yy_input_file = 0;
+	b->yy_n_chars = b->yy_buf_size;
+	b->yy_is_interactive = 0;
+	b->yy_at_bol = 1;
+	b->yy_fill_buffer = 0;
+	b->yy_buffer_status = YY_BUFFER_NEW;
+
+	yy_switch_to_buffer( b );
+
+	return b;
+	}
+#endif
+
+
+#ifndef YY_NO_SCAN_STRING
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str )
+#else
+YY_BUFFER_STATE yy_scan_string( yy_str )
+yyconst char *yy_str;
+#endif
+	{
+	int len;
+	for ( len = 0; yy_str[len]; ++len )
+		;
+
+	return yy_scan_bytes( yy_str, len );
+	}
+#endif
+
+
+#ifndef YY_NO_SCAN_BYTES
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len )
+#else
+YY_BUFFER_STATE yy_scan_bytes( bytes, len )
+yyconst char *bytes;
+int len;
+#endif
+	{
+	YY_BUFFER_STATE b;
+	char *buf;
+	yy_size_t n;
+	int i;
+
+	/* Get memory for full buffer, including space for trailing EOB's. */
+	n = len + 2;
+	buf = (char *) yy_flex_alloc( n );
+	if ( ! buf )
+		YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
+
+	for ( i = 0; i < len; ++i )
+		buf[i] = bytes[i];
+
+	buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR;
+
+	b = yy_scan_buffer( buf, n );
+	if ( ! b )
+		YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
+
+	/* It's okay to grow etc. this buffer, and we should throw it
+	 * away when we're done.
+	 */
+	b->yy_is_our_buffer = 1;
+
+	return b;
+	}
+#endif
+
+
+#ifndef YY_NO_PUSH_STATE
+#ifdef YY_USE_PROTOS
+static void yy_push_state( int new_state )
+#else
+static void yy_push_state( new_state )
+int new_state;
+#endif
+	{
+	if ( yy_start_stack_ptr >= yy_start_stack_depth )
+		{
+		yy_size_t new_size;
+
+		yy_start_stack_depth += YY_START_STACK_INCR;
+		new_size = yy_start_stack_depth * sizeof( int );
+
+		if ( ! yy_start_stack )
+			yy_start_stack = (int *) yy_flex_alloc( new_size );
+
+		else
+			yy_start_stack = (int *) yy_flex_realloc(
+					(void *) yy_start_stack, new_size );
+
+		if ( ! yy_start_stack )
+			YY_FATAL_ERROR(
+			"out of memory expanding start-condition stack" );
+		}
+
+	yy_start_stack[yy_start_stack_ptr++] = YY_START;
+
+	BEGIN(new_state);
+	}
+#endif
+
+
+#ifndef YY_NO_POP_STATE
+static void yy_pop_state()
+	{
+	if ( --yy_start_stack_ptr < 0 )
+		YY_FATAL_ERROR( "start-condition stack underflow" );
+
+	BEGIN(yy_start_stack[yy_start_stack_ptr]);
+	}
+#endif
+
+
+#ifndef YY_NO_TOP_STATE
+static int yy_top_state()
+	{
+	return yy_start_stack[yy_start_stack_ptr - 1];
+	}
+#endif
+
+#ifndef YY_EXIT_FAILURE
+#define YY_EXIT_FAILURE 2
+#endif
+
+#ifdef YY_USE_PROTOS
+static void yy_fatal_error( yyconst char msg[] )
+#else
+static void yy_fatal_error( msg )
+char msg[];
+#endif
+	{
+	(void) fprintf( stderr, "%s\n", msg );
+	exit( YY_EXIT_FAILURE );
+	}
+
+
+
+/* Redefine yyless() so it works in section 3 code. */
+
+#undef yyless
+#define yyless(n) \
+	do \
+		{ \
+		/* Undo effects of setting up yytext. */ \
+		yytext[yyleng] = yy_hold_char; \
+		yy_c_buf_p = yytext + n; \
+		yy_hold_char = *yy_c_buf_p; \
+		*yy_c_buf_p = '\0'; \
+		yyleng = n; \
+		} \
+	while ( 0 )
+
+
+/* Internal utility routines. */
+
+#ifndef yytext_ptr
+#ifdef YY_USE_PROTOS
+static void yy_flex_strncpy( char *s1, yyconst char *s2, int n )
+#else
+static void yy_flex_strncpy( s1, s2, n )
+char *s1;
+yyconst char *s2;
+int n;
+#endif
+	{
+	register int i;
+	for ( i = 0; i < n; ++i )
+		s1[i] = s2[i];
+	}
+#endif
+
+#ifdef YY_NEED_STRLEN
+#ifdef YY_USE_PROTOS
+static int yy_flex_strlen( yyconst char *s )
+#else
+static int yy_flex_strlen( s )
+yyconst char *s;
+#endif
+	{
+	register int n;
+	for ( n = 0; s[n]; ++n )
+		;
+
+	return n;
+	}
+#endif
+
+
+#ifdef YY_USE_PROTOS
+static void *yy_flex_alloc( yy_size_t size )
+#else
+static void *yy_flex_alloc( size )
+yy_size_t size;
+#endif
+	{
+	return (void *) malloc( size );
+	}
+
+#ifdef YY_USE_PROTOS
+static void *yy_flex_realloc( void *ptr, yy_size_t size )
+#else
+static void *yy_flex_realloc( ptr, size )
+void *ptr;
+yy_size_t size;
+#endif
+	{
+	/* The cast to (char *) in the following accommodates both
+	 * implementations that use char* generic pointers, and those
+	 * that use void* generic pointers.  It works with the latter
+	 * because both ANSI C and C++ allow castless assignment from
+	 * any pointer type to void*, and deal with argument conversions
+	 * as though doing an assignment.
+	 */
+	return (void *) realloc( (char *) ptr, size );
+	}
+
+#ifdef YY_USE_PROTOS
+static void yy_flex_free( void *ptr )
+#else
+static void yy_flex_free( ptr )
+void *ptr;
+#endif
+	{
+	free( ptr );
+	}
+
+#if defined(YY_MAIN) && YY_MAIN
+int main()
+	{
+	yylex();
+	return 0;
+	}
+#endif
+#line 539 "toke.l"
+
+static unsigned char
+hexchar(s)
+    const char *s;
+{
+    int i;
+    int result = 0;
+
+    s += 2; /* skip \\x */
+    for (i = 0; i < 2; i++) {
+	switch (*s) {
+	case 'A':
+	case 'a':
+	    result += 10;
+	    break;
+	case 'B':
+	case 'b':
+	    result += 11;
+	    break;
+	case 'C':
+	case 'c':
+	    result += 12;
+	    break;
+	case 'D':
+	case 'd':
+	    result += 13;
+	    break;
+	case 'E':
+	case 'e':
+	    result += 14;
+	    break;
+	case 'F':
+	case 'f':
+	    result += 15;
+	    break;
+	default:
+	    result += *s - '0';
+	    break;
+	}
+	if (i == 0) {
+	    result *= 16;
+	    s++;
+	}
+    }
+    return((unsigned char)result);
+}
+
+static int
+_fill(src, len, olen)
+    char *src;
+    int len, olen;
+{
+    char *dst;
+
+    dst = olen ? realloc(yylval.string, olen + len + 1) : malloc(len + 1);
+    if (dst == NULL) {
+	yyerror("unable to allocate memory");
+	return(FALSE);
+    }
+    yylval.string = dst;
+
+    /* Copy the string and collapse any escaped characters. */
+    dst += olen;
+    while (len--) {
+	if (*src == '\\' && len) {
+	    if (src[1] == 'x' && len >= 3 && 
+		isxdigit((unsigned char) src[2]) &&
+		isxdigit((unsigned char) src[3])) {
+		*dst++ = hexchar(src);
+		src += 4;
+		len -= 3;
+	    } else {
+		src++;
+		len--;
+		*dst++ = *src++;
+	    }
+	} else {
+	    *dst++ = *src++;
+	}
+    }
+    *dst = '\0';
+    return(TRUE);
+}
+
+static int
+append(src, len)
+    char *src;
+    int len;
+{
+    int olen = 0;
+
+    if (yylval.string != NULL)
+	olen = strlen(yylval.string);
+
+    return(_fill(src, len, olen));
+}
+
+#define SPECIAL(c) \
+    ((c) == ',' || (c) == ':' || (c) == '=' || (c) == ' ' || (c) == '\t' || (c) == '#')
+
+static int
+fill_cmnd(src, len)
+    char *src;
+    int len;
+{
+    char *dst;
+    int i;
+
+    arg_len = arg_size = 0;
+
+    dst = yylval.command.cmnd = (char *) malloc(len + 1);
+    if (yylval.command.cmnd == NULL) {
+	yyerror("unable to allocate memory");
+	return(FALSE);
+    }
+
+    /* Copy the string and collapse any escaped sudo-specific characters. */
+    for (i = 0; i < len; i++) {
+	if (src[i] == '\\' && i != len - 1 && SPECIAL(src[i + 1]))
+	    *dst++ = src[++i];
+	else
+	    *dst++ = src[i];
+    }
+    *dst = '\0';
+
+    yylval.command.args = NULL;
+    return(TRUE);
+}
+
+static int
+fill_args(s, len, addspace)
+    char *s;
+    int len;
+    int addspace;
+{
+    int new_len;
+    char *p;
+
+    if (yylval.command.args == NULL) {
+	addspace = 0;
+	new_len = len;
+    } else
+	new_len = arg_len + len + addspace;
+
+    if (new_len >= arg_size) {
+	/* Allocate more space than we need for subsequent args */
+	while (new_len >= (arg_size += COMMANDARGINC))
+	    ;
+
+	p = yylval.command.args ?
+	    (char *) realloc(yylval.command.args, arg_size) :
+	    (char *) malloc(arg_size);
+	if (p == NULL) {
+	    efree(yylval.command.args);
+	    yyerror("unable to allocate memory");
+	    return(FALSE);
+	} else
+	    yylval.command.args = p;
+    }
+
+    /* Efficiently append the arg (with a leading space if needed). */
+    p = yylval.command.args + arg_len;
+    if (addspace)
+	*p++ = ' ';
+    if (strlcpy(p, s, arg_size - (p - yylval.command.args)) != len) {
+	yyerror("fill_args: buffer overflow");	/* paranoia */
+	return(FALSE);
+    }
+    arg_len = new_len;
+    return(TRUE);
+}
+
+struct path_list {
+    char *path;
+    struct path_list *next;
+};
+
+struct include_stack {
+    YY_BUFFER_STATE bs;
+    char *path;
+    struct path_list *more; /* more files in case of includedir */
+    int lineno;
+    int keepopen;
+};
+
+static int
+pl_compare(v1, v2)
+    const void *v1;
+    const void *v2;
+{
+    const struct path_list * const *p1 = v1;
+    const struct path_list * const *p2 = v2;
+
+    return(strcmp((*p1)->path, (*p2)->path));
+}
+
+static char *
+switch_dir(stack, dirpath)
+    struct include_stack *stack;
+    char *dirpath;
+{
+    DIR *dir;
+    int i, count = 0;
+    char *path = NULL;
+    struct dirent *dent;
+    struct stat sb;
+    struct path_list *pl, *first = NULL;
+    struct path_list **sorted = NULL;
+
+    if (!(dir = opendir(dirpath))) {
+	yyerror(dirpath);
+	return(NULL);
+    }
+    while ((dent = readdir(dir))) {
+	/* Ignore files that end in '~' or have a '.' in them. */
+	if (dent->d_name[0] == '\0' || dent->d_name[NAMLEN(dent) - 1] == '~'
+	    || strchr(dent->d_name, '.') != NULL) {
+	    continue;
+	}
+	if (asprintf(&path, "%s/%s", dirpath, dent->d_name) == -1) {
+	    closedir(dir);
+	    goto bad;
+	}
+	if (stat(path, &sb) != 0 || !S_ISREG(sb.st_mode)) {
+	    efree(path);
+	    continue;
+	}
+	pl = malloc(sizeof(*pl));
+	if (pl == NULL)
+	    goto bad;
+	pl->path = path;
+	pl->next = first;
+	first = pl;
+	count++;
+    }
+    closedir(dir);
+
+    if (count == 0)
+	goto done;
+
+    /* Sort the list as an array. */
+    sorted = malloc(sizeof(*sorted) * count);
+    if (sorted == NULL)
+	goto bad;
+    pl = first;
+    for (i = 0; i < count; i++) {
+	sorted[i] = pl;
+	pl = pl->next;
+    }
+    qsort(sorted, count, sizeof(*sorted), pl_compare);
+
+    /* Apply sorting to the list. */
+    first = sorted[0];
+    sorted[count - 1]->next = NULL;
+    for (i = 1; i < count; i++)
+	sorted[i - 1]->next = sorted[i];
+    efree(sorted);
+
+    /* Pull out the first element for parsing, leave the rest for later. */
+    if (count) {
+	path = first->path;
+	pl = first->next;
+	efree(first);
+	stack->more = pl;
+    } else {
+	path = NULL;
+    }
+done:
+    efree(dirpath);
+    return(path);
+bad:
+    while (first != NULL) {
+	pl = first;
+	first = pl->next;
+	free(pl->path);
+	free(pl);
+    }
+    efree(sorted);
+    efree(dirpath);
+    efree(path);
+    return(NULL);
+}
+
+#define MAX_SUDOERS_DEPTH	128
+#define SUDOERS_STACK_INCREMENT	16
+
+static size_t istacksize, idepth;
+static struct include_stack *istack;
+static int keepopen;
+
+void
+init_lexer()
+{
+    struct path_list *pl;
+
+    while (idepth) {
+	idepth--;
+	while ((pl = istack[idepth].more) != NULL) {
+	    istack[idepth].more = pl->next;
+	    efree(pl->path);
+	    efree(pl);
+	}
+	efree(istack[idepth].path);
+	if (idepth && !istack[idepth].keepopen)
+	    fclose(istack[idepth].bs->yy_input_file);
+	yy_delete_buffer(istack[idepth].bs);
+    }
+    efree(istack);
+    istack = NULL;
+    istacksize = idepth = 0;
+    keepopen = FALSE;
+}
+
+static int
+_push_include(path, isdir)
+    char *path;
+    int isdir;
+{
+    struct path_list *pl;
+    FILE *fp;
+
+    /* push current state onto stack */
+    if (idepth >= istacksize) {
+	if (idepth > MAX_SUDOERS_DEPTH) {
+	    yyerror("too many levels of includes");
+	    return(FALSE);
+	}
+	istacksize += SUDOERS_STACK_INCREMENT;
+	istack = (struct include_stack *) realloc(istack,
+	    sizeof(*istack) * istacksize);
+	if (istack == NULL) {
+	    yyerror("unable to allocate memory");
+	    return(FALSE);
+	}
+    }
+    if (isdir) {
+	if (!(path = switch_dir(&istack[idepth], path))) {
+	    /* switch_dir() called yyerror() for us */
+	    return(FALSE);
+	}
+	while ((fp = open_sudoers(path, FALSE, &keepopen)) == NULL) {
+	    /* Unable to open path in includedir, go to next one, if any. */
+	    efree(path);
+	    if ((pl = istack[idepth].more) == NULL)
+		return(FALSE);
+	    path = pl->path;
+	    istack[idepth].more = pl->next;
+	    efree(pl);
+	}
+    } else {
+	if ((fp = open_sudoers(path, TRUE, &keepopen)) == NULL) {
+	    yyerror(path);
+	    return(FALSE);
+	}
+	istack[idepth].more = NULL;
+    }
+    /* Push the old (current) file and open the new one. */
+    istack[idepth].path = sudoers; /* push old path */
+    istack[idepth].bs = YY_CURRENT_BUFFER;
+    istack[idepth].lineno = sudolineno;
+    istack[idepth].keepopen = keepopen;
+    idepth++;
+    sudolineno = 1;
+    sudoers = path;
+    yy_switch_to_buffer(yy_create_buffer(fp, YY_BUF_SIZE));
+
+    return(TRUE);
+}
+
+static int
+pop_include()
+{
+    struct path_list *pl;
+    FILE *fp;
+
+    if (idepth == 0)
+	return(FALSE);
+
+    if (!keepopen)
+	fclose(YY_CURRENT_BUFFER->yy_input_file);
+    yy_delete_buffer(YY_CURRENT_BUFFER);
+    /* If we are in an include dir, move to the next file. */
+    while ((pl = istack[idepth - 1].more) != NULL) {
+	fp = open_sudoers(pl->path, FALSE, &keepopen);
+	if (fp != NULL) {
+	    istack[idepth - 1].more = pl->next;
+	    efree(sudoers);
+	    sudoers = pl->path;
+	    sudolineno = 1;
+	    yy_switch_to_buffer(yy_create_buffer(fp, YY_BUF_SIZE));
+	    efree(pl);
+	    break;
+	}
+	/* Unable to open path in include dir, go to next one. */
+	istack[idepth - 1].more = pl->next;
+	efree(pl->path);
+	efree(pl);
+    }
+    /* If no path list, just pop the last dir on the stack. */
+    if (pl == NULL) {
+	idepth--;
+	yy_switch_to_buffer(istack[idepth].bs);
+	efree(sudoers);
+	sudoers = istack[idepth].path;
+	sudolineno = istack[idepth].lineno;
+	keepopen = istack[idepth].keepopen;
+    }
+    return(TRUE);
+}
+
+static char *
+parse_include(base)
+    char *base;
+{
+    char *cp, *ep, *path;
+    int len = 0, subst = 0;
+    size_t shost_len = 0;
+
+    /* Pull out path from #include line. */
+    cp = base + sizeof("#include");
+    if (*cp == 'i')
+	cp += 3; /* includedir */
+    while (isblank((unsigned char) *cp))
+	cp++;
+    ep = cp;
+    while (*ep != '\0' && !isspace((unsigned char) *ep)) {
+	if (ep[0] == '%' && ep[1] == 'h') {
+	    shost_len = strlen(user_shost);
+	    len += shost_len - 2;
+	    subst = 1;
+	}
+	ep++;
+    }
+
+    /* Make a copy of path and return it. */
+    len += (int)(ep - cp);
+    if ((path = malloc(len + 1)) == NULL)
+	yyerror("unable to allocate memory");
+    if (subst) {
+	/* substitute for %h */
+	char *pp = path;
+	while (cp < ep) {
+	    if (cp[0] == '%' && cp[1] == 'h') {
+		memcpy(pp, user_shost, shost_len);
+		pp += shost_len;
+		cp += 2;
+		continue;
+	    }
+	    *pp++ = *cp++;
+	}
+	*pp = '\0';
+    } else {
+	memcpy(path, cp, len);
+	path[len] = '\0';
+    }
+
+    /* Push any excess characters (e.g. comment, newline) back to the lexer */
+    if (*ep != '\0')
+	yyless((int)(ep - base));
+
+    return(path);
+}
+
+/*
+ * Check to make sure an IPv6 address does not contain multiple instances
+ * of the string "::".  Assumes strlen(s) >= 1.
+ * Returns TRUE if address is valid else FALSE.
+ */
+static int
+ipv6_valid(s)
+    const char *s;
+{
+    int nmatch = 0;
+
+    for (; *s != '\0'; s++) {
+	if (s[0] == ':' && s[1] == ':') {
+	    if (++nmatch > 1)
+		break;
+	}
+	if (s[0] == '/')
+	    nmatch = 0;			/* reset if we hit netmask */
+    }
+
+    return (nmatch <= 1);
+}
diff --git a/sudo-1.7.4p4/toke.l b/sudo-1.7.4p4/toke.l
new file mode 100644
index 0000000..ce1fd4c
--- /dev/null
+++ b/sudo-1.7.4p4/toke.l
@@ -0,0 +1,1023 @@
+%{
+/*
+ * Copyright (c) 1996, 1998-2005, 2007-2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#if defined(HAVE_MALLOC_H) && !defined(STDC_HEADERS)
+# include <malloc.h>
+#endif /* HAVE_MALLOC_H && !STDC_HEADERS */
+#ifdef HAVE_DIRENT_H
+# include <dirent.h>
+# define NAMLEN(dirent) strlen((dirent)->d_name)
+#else
+# define dirent direct
+# define NAMLEN(dirent) (dirent)->d_namlen
+# ifdef HAVE_SYS_NDIR_H
+#  include <sys/ndir.h>
+# endif
+# ifdef HAVE_SYS_DIR_H
+#  include <sys/dir.h>
+# endif
+# ifdef HAVE_NDIR_H
+#  include <ndir.h>
+# endif
+#endif
+#include <ctype.h>
+#include "sudo.h"
+#include "parse.h"
+#include <gram.h>
+
+extern YYSTYPE yylval;
+extern int parse_error;
+int sudolineno = 1;
+char *sudoers;
+static int sawspace = 0;
+static int arg_len = 0;
+static int arg_size = 0;
+
+static int append		__P((char *, int));
+static int _fill		__P((char *, int, int));
+static int fill_cmnd		__P((char *, int));
+static int fill_args		__P((char *, int, int));
+static int _push_include	__P((char *, int));
+static int pop_include		__P((void));
+static int ipv6_valid		__P((const char *s));
+static char *parse_include	__P((char *));
+extern void yyerror		__P((const char *));
+
+#define fill(a, b)		_fill(a, b, 0)
+
+#define	push_include(_p)	(_push_include((_p), FALSE))
+#define	push_includedir(_p)	(_push_include((_p), TRUE))
+
+/* realloc() to size + COMMANDARGINC to make room for command args */
+#define COMMANDARGINC	64
+
+#ifdef TRACELEXER
+#define LEXTRACE(msg)	fputs(msg, stderr)
+#else
+#define LEXTRACE(msg)
+#endif
+%}
+
+HEX16			[0-9A-Fa-f]{1,4}
+OCTET			(1?[0-9]{1,2})|(2[0-4][0-9])|(25[0-5])
+IPV4ADDR		{OCTET}(\.{OCTET}){3}
+IPV6ADDR		({HEX16}?:){2,7}{HEX16}?|({HEX16}?:){2,6}:{IPV4ADDR}
+
+HOSTNAME		[[:alnum:]_-]+
+WORD			([^#>!=:,\(\) \t\n\\]|\\[^\n])+
+ID			#-?[0-9]+
+PATH			\/(\\[\,:= \t#]|[^\,:=\\ \t\n#])+
+ENVAR			([^#!=, \t\n\\\"]|\\[^\n])([^#=, \t\n\\\"]|\\[^\n])*
+DEFVAR			[a-z_]+
+
+%option nounput
+%option noyywrap
+
+%s	GOTDEFS
+%x	GOTCMND
+%x	STARTDEFS
+%x	INDEFS
+%x	INSTR
+
+%%
+<GOTDEFS>[[:blank:]]+	BEGIN STARTDEFS;
+
+<STARTDEFS>{DEFVAR}	{
+			    BEGIN INDEFS;
+			    LEXTRACE("DEFVAR ");
+			    if (!fill(yytext, yyleng))
+				yyterminate();
+			    return(DEFVAR);
+			}
+
+<INDEFS>{
+    ,			{
+			    BEGIN STARTDEFS;
+			    LEXTRACE(", ");
+			    return(',');
+			}			/* return ',' */
+
+    =			{
+			    LEXTRACE("= ");
+			    return('=');
+			}			/* return '=' */
+
+    \+=			{
+			    LEXTRACE("+= ");
+			    return('+');
+			}			/* return '+' */
+
+    -=			{
+			    LEXTRACE("-= ");
+			    return('-');
+			}			/* return '-' */
+
+    \"			{
+			    LEXTRACE("BEGINSTR ");
+			    yylval.string = NULL;
+			    BEGIN INSTR;
+			}
+
+    {ENVAR}		{
+			    LEXTRACE("WORD(2) ");
+			    if (!fill(yytext, yyleng))
+				yyterminate();
+			    return(WORD);
+			}
+}
+
+<INSTR>{
+    \\[[:blank:]]*\n[[:blank:]]*	{
+			    /* Line continuation char followed by newline. */
+			    ++sudolineno;
+			    LEXTRACE("\n");
+			}
+
+    \"			{
+			    LEXTRACE("ENDSTR ");
+			    BEGIN INDEFS;
+			    return(WORD);
+			}
+
+    \\			{
+			    LEXTRACE("BACKSLASH ");
+			    if (!append(yytext, yyleng))
+				yyterminate();
+			}
+
+    ([^\"\n\\]|\\\")+	{
+			    LEXTRACE("STRBODY ");
+			    if (!append(yytext, yyleng))
+				yyterminate();
+			}
+}
+
+<GOTCMND>{
+    \\[\*\?\[\]\!]	{
+			    /* quoted fnmatch glob char, pass verbatim */
+			    LEXTRACE("QUOTEDCHAR ");
+			    if (!fill_args(yytext, 2, sawspace))
+				yyterminate();
+			    sawspace = FALSE;
+			}
+
+    \\[:\\,= \t#]	{
+			    /* quoted sudoers special char, strip backslash */
+			    LEXTRACE("QUOTEDCHAR ");
+			    if (!fill_args(yytext + 1, 1, sawspace))
+				yyterminate();
+			    sawspace = FALSE;
+			}
+
+    [#:\,=\n]		{
+			    BEGIN INITIAL;
+			    yyless(0);
+			    return(COMMAND);
+			}			/* end of command line args */
+
+    [^#\\:, \t\n]+ 	{
+			    LEXTRACE("ARG ");
+			    if (!fill_args(yytext, yyleng, sawspace))
+				yyterminate();
+			    sawspace = FALSE;
+			}			/* a command line arg */
+}
+
+<INITIAL>^#include[[:blank:]]+\/.*\n {
+			    char *path;
+
+			    if ((path = parse_include(yytext)) == NULL)
+				yyterminate();
+
+			    LEXTRACE("INCLUDE\n");
+
+			    /* Push current buffer and switch to include file */
+			    if (!push_include(path))
+				yyterminate();
+			}
+
+<INITIAL>^#includedir[[:blank:]]+\/.*\n {
+			    char *path;
+
+			    if ((path = parse_include(yytext)) == NULL)
+				yyterminate();
+
+			    LEXTRACE("INCLUDEDIR\n");
+
+			    /*
+			     * Push current buffer and switch to include file.
+			     * We simply ignore empty directories.
+			     */
+			    if (!push_includedir(path) && parse_error)
+				yyterminate();
+			}
+
+<INITIAL>^[[:blank:]]*Defaults([:@>\!]\!?{WORD})? {
+			    int n;
+			    for (n = 0; isblank((unsigned char)yytext[n]); n++)
+				continue;
+			    n += 8;
+			    BEGIN GOTDEFS;
+			    switch (yytext[n++]) {
+				case ':':
+				    yyless(n);
+				    LEXTRACE("DEFAULTS_USER ");
+				    return(DEFAULTS_USER);
+				case '>':
+				    yyless(n);
+				    LEXTRACE("DEFAULTS_RUNAS ");
+				    return(DEFAULTS_RUNAS);
+				case '@':
+				    yyless(n);
+				    LEXTRACE("DEFAULTS_HOST ");
+				    return(DEFAULTS_HOST);
+				case '!':
+				    yyless(n);
+				    LEXTRACE("DEFAULTS_CMND ");
+				    return(DEFAULTS_CMND);
+				default:
+				    LEXTRACE("DEFAULTS ");
+				    return(DEFAULTS);
+			    }
+			}
+
+<INITIAL>^[[:blank:]]*(Host|Cmnd|User|Runas)_Alias	{
+			    int n;
+			    for (n = 0; isblank((unsigned char)yytext[n]); n++)
+				continue;
+			    switch (yytext[n]) {
+				case 'H':
+				    LEXTRACE("HOSTALIAS ");
+				    return(HOSTALIAS);
+				case 'C':
+				    LEXTRACE("CMNDALIAS ");
+				    return(CMNDALIAS);
+				case 'U':
+				    LEXTRACE("USERALIAS ");
+				    return(USERALIAS);
+				case 'R':
+				    LEXTRACE("RUNASALIAS ");
+				    return(RUNASALIAS);
+			    }
+			}
+
+NOPASSWD[[:blank:]]*:	{
+				/* cmnd does not require passwd for this user */
+			    	LEXTRACE("NOPASSWD ");
+			    	return(NOPASSWD);
+			}
+
+PASSWD[[:blank:]]*:	{
+				/* cmnd requires passwd for this user */
+			    	LEXTRACE("PASSWD ");
+			    	return(PASSWD);
+			}
+
+NOEXEC[[:blank:]]*:	{
+			    	LEXTRACE("NOEXEC ");
+			    	return(NOEXEC);
+			}
+
+EXEC[[:blank:]]*:	{
+			    	LEXTRACE("EXEC ");
+			    	return(EXEC);
+			}
+
+SETENV[[:blank:]]*:	{
+			    	LEXTRACE("SETENV ");
+			    	return(SETENV);
+			}
+
+NOSETENV[[:blank:]]*:	{
+			    	LEXTRACE("NOSETENV ");
+			    	return(NOSETENV);
+			}
+
+\+{WORD}		{
+			    /* netgroup */
+			    if (!fill(yytext, yyleng))
+				yyterminate();
+			    LEXTRACE("NETGROUP ");
+			    return(NETGROUP);
+			}
+
+\%:?{WORD}		{
+			    /* UN*X group */
+			    if (!fill(yytext, yyleng))
+				yyterminate();
+			    LEXTRACE("USERGROUP ");
+			    return(USERGROUP);
+			}
+
+{IPV4ADDR}(\/{IPV4ADDR})? {
+			    if (!fill(yytext, yyleng))
+				yyterminate();
+			    LEXTRACE("NTWKADDR ");
+			    return(NTWKADDR);
+			}
+
+{IPV4ADDR}\/([12][0-9]*|3[0-2]*) {
+			    if (!fill(yytext, yyleng))
+				yyterminate();
+			    LEXTRACE("NTWKADDR ");
+			    return(NTWKADDR);
+			}
+
+{IPV6ADDR}(\/{IPV6ADDR})? {
+			    if (!ipv6_valid(yytext)) {
+				LEXTRACE("ERROR ");
+				return(ERROR);
+			    }
+			    if (!fill(yytext, yyleng))
+				yyterminate();
+			    LEXTRACE("NTWKADDR ");
+			    return(NTWKADDR);
+			}
+
+{IPV6ADDR}\/([0-9]|[1-9][0-9]|1[01][0-9]|12[0-8]) {
+			    if (!ipv6_valid(yytext)) {
+				LEXTRACE("ERROR ");
+				return(ERROR);
+			    }
+			    if (!fill(yytext, yyleng))
+				yyterminate();
+			    LEXTRACE("NTWKADDR ");
+			    return(NTWKADDR);
+			}
+
+[[:upper:]][[:upper:][:digit:]_]* {
+			    if (strcmp(yytext, "ALL") == 0) {
+				LEXTRACE("ALL ");
+				return(ALL);
+			    }
+#ifdef HAVE_SELINUX
+			    /* XXX - restrict type/role to initial state */
+			    if (strcmp(yytext, "TYPE") == 0) {
+				LEXTRACE("TYPE ");
+				return(TYPE);
+			    }
+			    if (strcmp(yytext, "ROLE") == 0) {
+				LEXTRACE("ROLE ");
+				return(ROLE);
+			    }
+#endif /* HAVE_SELINUX */
+			    if (!fill(yytext, yyleng))
+				yyterminate();
+			    LEXTRACE("ALIAS ");
+			    return(ALIAS);
+			}
+
+<GOTDEFS>({PATH}|sudoedit) {
+			    /* no command args allowed for Defaults!/path */
+			    if (!fill_cmnd(yytext, yyleng))
+				yyterminate();
+			    LEXTRACE("COMMAND ");
+			    return(COMMAND);
+			}
+
+sudoedit		{
+			    BEGIN GOTCMND;
+			    LEXTRACE("COMMAND ");
+			    if (!fill_cmnd(yytext, yyleng))
+				yyterminate();
+			}			/* sudo -e */
+
+{PATH}			{
+			    /* directories can't have args... */
+			    if (yytext[yyleng - 1] == '/') {
+				LEXTRACE("COMMAND ");
+				if (!fill_cmnd(yytext, yyleng))
+				    yyterminate();
+				return(COMMAND);
+			    } else {
+				BEGIN GOTCMND;
+				LEXTRACE("COMMAND ");
+				if (!fill_cmnd(yytext, yyleng))
+				    yyterminate();
+			    }
+			}			/* a pathname */
+
+<INITIAL,GOTDEFS>\"[^"\n]+\" {
+			    /* a quoted user/group name */
+			    if (!fill(yytext + 1, yyleng - 2))
+				yyterminate();
+			    switch (yytext[1]) {
+			    case '%':
+				LEXTRACE("USERGROUP ");
+				return(USERGROUP);
+			    case '+':
+				LEXTRACE("NETGROUP ");
+				return(NETGROUP);
+			    default:
+				LEXTRACE("WORD(4) ");
+				return(WORD);
+			    }
+			}
+
+<INITIAL,GOTDEFS>({ID}|{WORD}) {
+			    /* a word */
+			    if (!fill(yytext, yyleng))
+				yyterminate();
+			    LEXTRACE("WORD(5) ");
+			    return(WORD);
+			}
+
+\(			{
+			    LEXTRACE("( ");
+			    return ('(');
+			}
+
+\)			{
+			    LEXTRACE(") ");
+			    return(')');
+			}
+
+,			{
+			    LEXTRACE(", ");
+			    return(',');
+			}			/* return ',' */
+
+=			{
+			    LEXTRACE("= ");
+			    return('=');
+			}			/* return '=' */
+
+:			{
+			    LEXTRACE(": ");
+			    return(':');
+			}			/* return ':' */
+
+<*>!+			{
+			    if (yyleng % 2 == 1)
+				return('!');	/* return '!' */
+			}
+
+<*>\n			{
+			    BEGIN INITIAL;
+			    ++sudolineno;
+			    LEXTRACE("\n");
+			    return(COMMENT);
+			}			/* return newline */
+
+<*>[[:blank:]]+		{			/* throw away space/tabs */
+			    sawspace = TRUE;	/* but remember for fill_args */
+			}
+
+<*>\\[[:blank:]]*\n	{
+			    sawspace = TRUE;	/* remember for fill_args */
+			    ++sudolineno;
+			    LEXTRACE("\n\t");
+			}			/* throw away EOL after \ */
+
+<INITIAL,STARTDEFS,INDEFS>#(-[^\n0-9].*|[^\n0-9-].*)?\n	{
+			    BEGIN INITIAL;
+			    ++sudolineno;
+			    LEXTRACE("\n");
+			    return(COMMENT);
+			}			/* comment, not uid/gid */
+
+<*>.			{
+			    LEXTRACE("ERROR ");
+			    return(ERROR);
+			}	/* parse error */
+
+<*><<EOF>>		{
+			    if (YY_START != INITIAL) {
+			    	BEGIN INITIAL;
+				LEXTRACE("ERROR ");
+				return(ERROR);
+			    }
+			    if (!pop_include())
+				yyterminate();
+			}
+
+%%
+static unsigned char
+hexchar(s)
+    const char *s;
+{
+    int i;
+    int result = 0;
+
+    s += 2; /* skip \\x */
+    for (i = 0; i < 2; i++) {
+	switch (*s) {
+	case 'A':
+	case 'a':
+	    result += 10;
+	    break;
+	case 'B':
+	case 'b':
+	    result += 11;
+	    break;
+	case 'C':
+	case 'c':
+	    result += 12;
+	    break;
+	case 'D':
+	case 'd':
+	    result += 13;
+	    break;
+	case 'E':
+	case 'e':
+	    result += 14;
+	    break;
+	case 'F':
+	case 'f':
+	    result += 15;
+	    break;
+	default:
+	    result += *s - '0';
+	    break;
+	}
+	if (i == 0) {
+	    result *= 16;
+	    s++;
+	}
+    }
+    return((unsigned char)result);
+}
+
+static int
+_fill(src, len, olen)
+    char *src;
+    int len, olen;
+{
+    char *dst;
+
+    dst = olen ? realloc(yylval.string, olen + len + 1) : malloc(len + 1);
+    if (dst == NULL) {
+	yyerror("unable to allocate memory");
+	return(FALSE);
+    }
+    yylval.string = dst;
+
+    /* Copy the string and collapse any escaped characters. */
+    dst += olen;
+    while (len--) {
+	if (*src == '\\' && len) {
+	    if (src[1] == 'x' && len >= 3 && 
+		isxdigit((unsigned char) src[2]) &&
+		isxdigit((unsigned char) src[3])) {
+		*dst++ = hexchar(src);
+		src += 4;
+		len -= 3;
+	    } else {
+		src++;
+		len--;
+		*dst++ = *src++;
+	    }
+	} else {
+	    *dst++ = *src++;
+	}
+    }
+    *dst = '\0';
+    return(TRUE);
+}
+
+static int
+append(src, len)
+    char *src;
+    int len;
+{
+    int olen = 0;
+
+    if (yylval.string != NULL)
+	olen = strlen(yylval.string);
+
+    return(_fill(src, len, olen));
+}
+
+#define SPECIAL(c) \
+    ((c) == ',' || (c) == ':' || (c) == '=' || (c) == ' ' || (c) == '\t' || (c) == '#')
+
+static int
+fill_cmnd(src, len)
+    char *src;
+    int len;
+{
+    char *dst;
+    int i;
+
+    arg_len = arg_size = 0;
+
+    dst = yylval.command.cmnd = (char *) malloc(len + 1);
+    if (yylval.command.cmnd == NULL) {
+	yyerror("unable to allocate memory");
+	return(FALSE);
+    }
+
+    /* Copy the string and collapse any escaped sudo-specific characters. */
+    for (i = 0; i < len; i++) {
+	if (src[i] == '\\' && i != len - 1 && SPECIAL(src[i + 1]))
+	    *dst++ = src[++i];
+	else
+	    *dst++ = src[i];
+    }
+    *dst = '\0';
+
+    yylval.command.args = NULL;
+    return(TRUE);
+}
+
+static int
+fill_args(s, len, addspace)
+    char *s;
+    int len;
+    int addspace;
+{
+    int new_len;
+    char *p;
+
+    if (yylval.command.args == NULL) {
+	addspace = 0;
+	new_len = len;
+    } else
+	new_len = arg_len + len + addspace;
+
+    if (new_len >= arg_size) {
+	/* Allocate more space than we need for subsequent args */
+	while (new_len >= (arg_size += COMMANDARGINC))
+	    ;
+
+	p = yylval.command.args ?
+	    (char *) realloc(yylval.command.args, arg_size) :
+	    (char *) malloc(arg_size);
+	if (p == NULL) {
+	    efree(yylval.command.args);
+	    yyerror("unable to allocate memory");
+	    return(FALSE);
+	} else
+	    yylval.command.args = p;
+    }
+
+    /* Efficiently append the arg (with a leading space if needed). */
+    p = yylval.command.args + arg_len;
+    if (addspace)
+	*p++ = ' ';
+    if (strlcpy(p, s, arg_size - (p - yylval.command.args)) != len) {
+	yyerror("fill_args: buffer overflow");	/* paranoia */
+	return(FALSE);
+    }
+    arg_len = new_len;
+    return(TRUE);
+}
+
+struct path_list {
+    char *path;
+    struct path_list *next;
+};
+
+struct include_stack {
+    YY_BUFFER_STATE bs;
+    char *path;
+    struct path_list *more; /* more files in case of includedir */
+    int lineno;
+    int keepopen;
+};
+
+static int
+pl_compare(v1, v2)
+    const void *v1;
+    const void *v2;
+{
+    const struct path_list * const *p1 = v1;
+    const struct path_list * const *p2 = v2;
+
+    return(strcmp((*p1)->path, (*p2)->path));
+}
+
+static char *
+switch_dir(stack, dirpath)
+    struct include_stack *stack;
+    char *dirpath;
+{
+    DIR *dir;
+    int i, count = 0;
+    char *path = NULL;
+    struct dirent *dent;
+    struct stat sb;
+    struct path_list *pl, *first = NULL;
+    struct path_list **sorted = NULL;
+
+    if (!(dir = opendir(dirpath))) {
+	yyerror(dirpath);
+	return(NULL);
+    }
+    while ((dent = readdir(dir))) {
+	/* Ignore files that end in '~' or have a '.' in them. */
+	if (dent->d_name[0] == '\0' || dent->d_name[NAMLEN(dent) - 1] == '~'
+	    || strchr(dent->d_name, '.') != NULL) {
+	    continue;
+	}
+	if (asprintf(&path, "%s/%s", dirpath, dent->d_name) == -1) {
+	    closedir(dir);
+	    goto bad;
+	}
+	if (stat(path, &sb) != 0 || !S_ISREG(sb.st_mode)) {
+	    efree(path);
+	    continue;
+	}
+	pl = malloc(sizeof(*pl));
+	if (pl == NULL)
+	    goto bad;
+	pl->path = path;
+	pl->next = first;
+	first = pl;
+	count++;
+    }
+    closedir(dir);
+
+    if (count == 0)
+	goto done;
+
+    /* Sort the list as an array. */
+    sorted = malloc(sizeof(*sorted) * count);
+    if (sorted == NULL)
+	goto bad;
+    pl = first;
+    for (i = 0; i < count; i++) {
+	sorted[i] = pl;
+	pl = pl->next;
+    }
+    qsort(sorted, count, sizeof(*sorted), pl_compare);
+
+    /* Apply sorting to the list. */
+    first = sorted[0];
+    sorted[count - 1]->next = NULL;
+    for (i = 1; i < count; i++)
+	sorted[i - 1]->next = sorted[i];
+    efree(sorted);
+
+    /* Pull out the first element for parsing, leave the rest for later. */
+    if (count) {
+	path = first->path;
+	pl = first->next;
+	efree(first);
+	stack->more = pl;
+    } else {
+	path = NULL;
+    }
+done:
+    efree(dirpath);
+    return(path);
+bad:
+    while (first != NULL) {
+	pl = first;
+	first = pl->next;
+	free(pl->path);
+	free(pl);
+    }
+    efree(sorted);
+    efree(dirpath);
+    efree(path);
+    return(NULL);
+}
+
+#define MAX_SUDOERS_DEPTH	128
+#define SUDOERS_STACK_INCREMENT	16
+
+static size_t istacksize, idepth;
+static struct include_stack *istack;
+static int keepopen;
+
+void
+init_lexer()
+{
+    struct path_list *pl;
+
+    while (idepth) {
+	idepth--;
+	while ((pl = istack[idepth].more) != NULL) {
+	    istack[idepth].more = pl->next;
+	    efree(pl->path);
+	    efree(pl);
+	}
+	efree(istack[idepth].path);
+	if (idepth && !istack[idepth].keepopen)
+	    fclose(istack[idepth].bs->yy_input_file);
+	yy_delete_buffer(istack[idepth].bs);
+    }
+    efree(istack);
+    istack = NULL;
+    istacksize = idepth = 0;
+    keepopen = FALSE;
+}
+
+static int
+_push_include(path, isdir)
+    char *path;
+    int isdir;
+{
+    struct path_list *pl;
+    FILE *fp;
+
+    /* push current state onto stack */
+    if (idepth >= istacksize) {
+	if (idepth > MAX_SUDOERS_DEPTH) {
+	    yyerror("too many levels of includes");
+	    return(FALSE);
+	}
+	istacksize += SUDOERS_STACK_INCREMENT;
+	istack = (struct include_stack *) realloc(istack,
+	    sizeof(*istack) * istacksize);
+	if (istack == NULL) {
+	    yyerror("unable to allocate memory");
+	    return(FALSE);
+	}
+    }
+    if (isdir) {
+	if (!(path = switch_dir(&istack[idepth], path))) {
+	    /* switch_dir() called yyerror() for us */
+	    return(FALSE);
+	}
+	while ((fp = open_sudoers(path, FALSE, &keepopen)) == NULL) {
+	    /* Unable to open path in includedir, go to next one, if any. */
+	    efree(path);
+	    if ((pl = istack[idepth].more) == NULL)
+		return(FALSE);
+	    path = pl->path;
+	    istack[idepth].more = pl->next;
+	    efree(pl);
+	}
+    } else {
+	if ((fp = open_sudoers(path, TRUE, &keepopen)) == NULL) {
+	    yyerror(path);
+	    return(FALSE);
+	}
+	istack[idepth].more = NULL;
+    }
+    /* Push the old (current) file and open the new one. */
+    istack[idepth].path = sudoers; /* push old path */
+    istack[idepth].bs = YY_CURRENT_BUFFER;
+    istack[idepth].lineno = sudolineno;
+    istack[idepth].keepopen = keepopen;
+    idepth++;
+    sudolineno = 1;
+    sudoers = path;
+    yy_switch_to_buffer(yy_create_buffer(fp, YY_BUF_SIZE));
+
+    return(TRUE);
+}
+
+static int
+pop_include()
+{
+    struct path_list *pl;
+    FILE *fp;
+
+    if (idepth == 0)
+	return(FALSE);
+
+    if (!keepopen)
+	fclose(YY_CURRENT_BUFFER->yy_input_file);
+    yy_delete_buffer(YY_CURRENT_BUFFER);
+    /* If we are in an include dir, move to the next file. */
+    while ((pl = istack[idepth - 1].more) != NULL) {
+	fp = open_sudoers(pl->path, FALSE, &keepopen);
+	if (fp != NULL) {
+	    istack[idepth - 1].more = pl->next;
+	    efree(sudoers);
+	    sudoers = pl->path;
+	    sudolineno = 1;
+	    yy_switch_to_buffer(yy_create_buffer(fp, YY_BUF_SIZE));
+	    efree(pl);
+	    break;
+	}
+	/* Unable to open path in include dir, go to next one. */
+	istack[idepth - 1].more = pl->next;
+	efree(pl->path);
+	efree(pl);
+    }
+    /* If no path list, just pop the last dir on the stack. */
+    if (pl == NULL) {
+	idepth--;
+	yy_switch_to_buffer(istack[idepth].bs);
+	efree(sudoers);
+	sudoers = istack[idepth].path;
+	sudolineno = istack[idepth].lineno;
+	keepopen = istack[idepth].keepopen;
+    }
+    return(TRUE);
+}
+
+static char *
+parse_include(base)
+    char *base;
+{
+    char *cp, *ep, *path;
+    int len = 0, subst = 0;
+    size_t shost_len = 0;
+
+    /* Pull out path from #include line. */
+    cp = base + sizeof("#include");
+    if (*cp == 'i')
+	cp += 3; /* includedir */
+    while (isblank((unsigned char) *cp))
+	cp++;
+    ep = cp;
+    while (*ep != '\0' && !isspace((unsigned char) *ep)) {
+	if (ep[0] == '%' && ep[1] == 'h') {
+	    shost_len = strlen(user_shost);
+	    len += shost_len - 2;
+	    subst = 1;
+	}
+	ep++;
+    }
+
+    /* Make a copy of path and return it. */
+    len += (int)(ep - cp);
+    if ((path = malloc(len + 1)) == NULL)
+	yyerror("unable to allocate memory");
+    if (subst) {
+	/* substitute for %h */
+	char *pp = path;
+	while (cp < ep) {
+	    if (cp[0] == '%' && cp[1] == 'h') {
+		memcpy(pp, user_shost, shost_len);
+		pp += shost_len;
+		cp += 2;
+		continue;
+	    }
+	    *pp++ = *cp++;
+	}
+	*pp = '\0';
+    } else {
+	memcpy(path, cp, len);
+	path[len] = '\0';
+    }
+
+    /* Push any excess characters (e.g. comment, newline) back to the lexer */
+    if (*ep != '\0')
+	yyless((int)(ep - base));
+
+    return(path);
+}
+
+/*
+ * Check to make sure an IPv6 address does not contain multiple instances
+ * of the string "::".  Assumes strlen(s) >= 1.
+ * Returns TRUE if address is valid else FALSE.
+ */
+static int
+ipv6_valid(s)
+    const char *s;
+{
+    int nmatch = 0;
+
+    for (; *s != '\0'; s++) {
+	if (s[0] == ':' && s[1] == ':') {
+	    if (++nmatch > 1)
+		break;
+	}
+	if (s[0] == '/')
+	    nmatch = 0;			/* reset if we hit netmask */
+    }
+
+    return (nmatch <= 1);
+}
diff --git a/sudo-1.7.4p4/tsgetgrpw.c b/sudo-1.7.4p4/tsgetgrpw.c
new file mode 100644
index 0000000..6f14d3f
--- /dev/null
+++ b/sudo-1.7.4p4/tsgetgrpw.c
@@ -0,0 +1,323 @@
+/*
+ * Copyright (c) 2005, 2008, 2010 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Trivial replacements for the libc get{gr,pw}{uid,nam}() routines
+ * for use by testsudoers in the sudo test harness.
+ * We need our own since many platforms don't provide set{pw,gr}file().
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
+#  include <memory.h>
+# endif
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#include <fcntl.h>
+#include <limits.h>
+#include <pwd.h>
+#include <grp.h>
+
+#include "sudo.h"
+
+#ifndef LINE_MAX
+# define LINE_MAX 2048
+#endif
+
+#undef GRMEM_MAX
+#define GRMEM_MAX 200
+
+static FILE *pwf;
+static const char *pwfile = "/etc/passwd";
+static int pw_stayopen;
+
+static FILE *grf;
+static const char *grfile = "/etc/group";
+static int gr_stayopen;
+
+void setgrfile __P((const char *));
+void setgrent __P((void));
+void endgrent __P((void));
+struct group *getgrent __P((void));
+struct group *getgrnam __P((const char *));
+struct group *getgrgid __P((gid_t));
+
+void setpwfile __P((const char *));
+void setpwent __P((void));
+void endpwent __P((void));
+struct passwd *getpwent __P((void));
+struct passwd *getpwnam __P((const char *));
+struct passwd *getpwuid __P((uid_t));
+
+void
+setpwfile(file)
+    const char *file;
+{
+    pwfile = file;
+    if (pwf != NULL)
+	endpwent();
+}
+
+void
+setpwent()
+{
+    if (pwf == NULL) {
+	pwf = fopen(pwfile, "r");
+	if (pwf != NULL)
+	    fcntl(fileno(pwf), F_SETFD, FD_CLOEXEC);
+    } else {
+	rewind(pwf);
+    }
+    pw_stayopen = 1;
+}
+
+void
+endpwent()
+{
+    if (pwf != NULL) {
+	fclose(pwf);
+	pwf = NULL;
+    }
+    pw_stayopen = 0;
+}
+
+struct passwd *
+getpwent()
+{
+    static struct passwd pw;
+    static char pwbuf[LINE_MAX];
+    size_t len;
+    char *cp, *colon;
+
+    if ((colon = fgets(pwbuf, sizeof(pwbuf), pwf)) == NULL)
+	return(NULL);
+
+    zero_bytes(&pw, sizeof(pw));
+    if ((colon = strchr(cp = colon, ':')) == NULL)
+	return(NULL);
+    *colon++ = '\0';
+    pw.pw_name = cp;
+    if ((colon = strchr(cp = colon, ':')) == NULL)
+	return(NULL);
+    *colon++ = '\0';
+    pw.pw_passwd = cp;
+    if ((colon = strchr(cp = colon, ':')) == NULL)
+	return(NULL);
+    *colon++ = '\0';
+    pw.pw_uid = atoi(cp);
+    if ((colon = strchr(cp = colon, ':')) == NULL)
+	return(NULL);
+    *colon++ = '\0';
+    pw.pw_gid = atoi(cp);
+    if ((colon = strchr(cp = colon, ':')) == NULL)
+	return(NULL);
+    *colon++ = '\0';
+    pw.pw_gecos = cp;
+    if ((colon = strchr(cp = colon, ':')) == NULL)
+	return(NULL);
+    *colon++ = '\0';
+    pw.pw_dir = cp;
+    pw.pw_shell = colon;
+    len = strlen(colon);
+    if (len > 0 && colon[len - 1] == '\n')
+	colon[len - 1] = '\0';
+    return(&pw);
+}
+
+struct passwd *
+getpwnam(name)
+    const char *name;
+{
+    struct passwd *pw;
+
+    if (pwf == NULL) {
+	if ((pwf = fopen(pwfile, "r")) == NULL)
+	    return(NULL);
+	fcntl(fileno(pwf), F_SETFD, FD_CLOEXEC);
+    } else {
+	rewind(pwf);
+    }
+    while ((pw = getpwent()) != NULL) {
+	if (strcmp(pw->pw_name, name) == 0)
+	    break;
+    }
+    if (!pw_stayopen) {
+	fclose(pwf);
+	pwf = NULL;
+    }
+    return(pw);
+}
+
+struct passwd *
+getpwuid(uid)
+    uid_t uid;
+{
+    struct passwd *pw;
+
+    if (pwf == NULL) {
+	if ((pwf = fopen(pwfile, "r")) == NULL)
+	    return(NULL);
+	fcntl(fileno(pwf), F_SETFD, FD_CLOEXEC);
+    } else {
+	rewind(pwf);
+    }
+    while ((pw = getpwent()) != NULL) {
+	if (pw->pw_uid == uid)
+	    break;
+    }
+    if (!pw_stayopen) {
+	fclose(pwf);
+	pwf = NULL;
+    }
+    return(pw);
+}
+
+void
+setgrfile(file)
+    const char *file;
+{
+    grfile = file;
+    if (grf != NULL)
+	endgrent();
+}
+
+void
+setgrent()
+{
+    if (grf == NULL) {
+	grf = fopen(grfile, "r");
+	if (grf != NULL)
+	    fcntl(fileno(grf), F_SETFD, FD_CLOEXEC);
+    } else {
+	rewind(grf);
+    }
+    gr_stayopen = 1;
+}
+
+void
+endgrent()
+{
+    if (grf != NULL) {
+	fclose(grf);
+	grf = NULL;
+    }
+    gr_stayopen = 0;
+}
+
+struct group *
+getgrent()
+{
+    static struct group gr;
+    static char grbuf[LINE_MAX], *gr_mem[GRMEM_MAX+1];
+    size_t len;
+    char *cp, *colon;
+    int n;
+
+    if ((colon = fgets(grbuf, sizeof(grbuf), grf)) == NULL)
+	return(NULL);
+
+    zero_bytes(&gr, sizeof(gr));
+    if ((colon = strchr(cp = colon, ':')) == NULL)
+	return(NULL);
+    *colon++ = '\0';
+    gr.gr_name = cp;
+    if ((colon = strchr(cp = colon, ':')) == NULL)
+	return(NULL);
+    *colon++ = '\0';
+    gr.gr_passwd = cp;
+    if ((colon = strchr(cp = colon, ':')) == NULL)
+	return(NULL);
+    *colon++ = '\0';
+    gr.gr_gid = atoi(cp);
+    len = strlen(colon);
+    if (len > 0 && colon[len - 1] == '\n')
+	colon[len - 1] = '\0';
+    if (*colon != '\0') {
+	gr.gr_mem = gr_mem;
+	cp = strtok(colon, ",");
+	for (n = 0; cp != NULL && n < GRMEM_MAX; n++) {
+	    gr.gr_mem[n] = cp;
+	    cp = strtok(NULL, ",");
+	}
+	gr.gr_mem[n++] = NULL;
+    } else
+	gr.gr_mem = NULL;
+    return(&gr);
+}
+
+struct group *
+getgrnam(name)
+    const char *name;
+{
+    struct group *gr;
+
+    if (grf == NULL) {
+	if ((grf = fopen(grfile, "r")) == NULL)
+	    return(NULL);
+	fcntl(fileno(grf), F_SETFD, FD_CLOEXEC);
+    } else {
+	rewind(grf);
+    }
+    while ((gr = getgrent()) != NULL) {
+	if (strcmp(gr->gr_name, name) == 0)
+	    break;
+    }
+    if (!gr_stayopen) {
+	fclose(grf);
+	grf = NULL;
+    }
+    return(gr);
+}
+
+struct group *
+getgrgid(gid)
+    gid_t gid;
+{
+    struct group *gr;
+
+    if (grf == NULL) {
+	if ((grf = fopen(grfile, "r")) == NULL)
+	    return(NULL);
+	fcntl(fileno(grf), F_SETFD, FD_CLOEXEC);
+    } else {
+	rewind(grf);
+    }
+    while ((gr = getgrent()) != NULL) {
+	if (gr->gr_gid == gid)
+	    break;
+    }
+    if (!gr_stayopen) {
+	fclose(grf);
+	grf = NULL;
+    }
+    return(gr);
+}
diff --git a/sudo-1.7.4p4/utimes.c b/sudo-1.7.4p4/utimes.c
new file mode 100644
index 0000000..84f4c43
--- /dev/null
+++ b/sudo-1.7.4p4/utimes.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2004-2005, 2007 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <stdio.h>
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+
+#ifdef HAVE_UTIME_H
+# include <utime.h>
+#else
+# include <emul/utime.h>
+#endif
+
+#include <compat.h>
+
+#ifndef HAVE_UTIMES
+/*
+ * Emulate utimes() via utime()
+ */
+int
+utimes(file, times)
+    const char *file;
+    const struct timeval *times;
+{
+    if (times != NULL) {
+	struct utimbuf utb;
+
+	utb.actime = (time_t)(times[0].tv_sec + times[0].tv_usec / 1000000);
+	utb.modtime = (time_t)(times[1].tv_sec + times[1].tv_usec / 1000000);
+	return(utime(file, &utb));
+    } else
+	return(utime(file, NULL));
+}
+#endif /* !HAVE_UTIMES */
+
+#ifdef HAVE_FUTIME
+/*
+ * Emulate futimes() via futime()
+ */
+int
+futimes(fd, times)
+    int fd;
+    const struct timeval *times;
+{
+    if (times != NULL) {
+	struct utimbuf utb;
+
+	utb.actime = (time_t)(times[0].tv_sec + times[0].tv_usec / 1000000);
+	utb.modtime = (time_t)(times[1].tv_sec + times[1].tv_usec / 1000000);
+	return(futime(fd, &utb));
+    } else
+	return(futime(fd, NULL));
+}
+#endif /* HAVE_FUTIME */
diff --git a/sudo-1.7.4p4/vasgroups.c b/sudo-1.7.4p4/vasgroups.c
new file mode 100644
index 0000000..a7c6c34
--- /dev/null
+++ b/sudo-1.7.4p4/vasgroups.c
@@ -0,0 +1,321 @@
+/*
+ * (c) 2006 Quest Software, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   1. Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ *
+ *   2. Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ *   3. Neither the name of Quest Software, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived from this
+ *   software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+
+#include <stdlib.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <string.h>
+#include <errno.h>
+#include <stdio.h>
+#include <dlfcn.h>
+
+#include <vas.h>
+
+#include "compat.h"
+#include "logging.h"
+#include "nonunix.h"
+#include "sudo.h"
+#include "parse.h"
+
+
+/* Pseudo-boolean types */
+#undef TRUE
+#undef FALSE
+#define FALSE 0
+#define TRUE  1
+
+
+static vas_ctx_t *sudo_vas_ctx;
+static vas_id_t  *sudo_vas_id;
+/* Don't use VAS_NAME_FLAG_NO_CACHE or lookups just won't work.
+ * -tedp, 2006-08-29 */
+static const int update_flags = 0;
+static int sudo_vas_available = 0;
+static char *err_msg = NULL;
+static void *libvas_handle = NULL;
+
+/* libvas functions */
+static vas_err_t	(*v_ctx_alloc) (vas_ctx_t **ctx);
+static void		(*v_ctx_free) (vas_ctx_t *ctx);
+static vas_err_t	(*v_id_alloc) (vas_ctx_t *ctx, const char *name, vas_id_t **id);
+static void		(*v_id_free) (vas_ctx_t *ctx, vas_id_t *id);
+static vas_err_t	(*v_id_establish_cred_keytab) (vas_ctx_t *ctx, vas_id_t *id, int credflags, const char *keytab);
+static vas_err_t	(*v_user_init) (vas_ctx_t *ctx, vas_id_t *id, const char *name, int flags, vas_user_t **user);
+static void		(*v_user_free) (vas_ctx_t *ctx, vas_user_t *user);
+static vas_err_t	(*v_group_init) (vas_ctx_t *ctx, vas_id_t *id, const char *name, int flags, vas_group_t **group);
+static void		(*v_group_free) (vas_ctx_t *ctx, vas_group_t *group);
+static vas_err_t	(*v_user_is_member) (vas_ctx_t *ctx, vas_id_t *id, vas_user_t *user, vas_group_t *group);
+static const char*	(*v_err_get_string) (vas_ctx_t *ctx, int with_cause);
+
+
+static int	resolve_vas_funcs(void);
+
+
+/**
+ * Whether nonunix group lookups are available.
+ * @return 1 if available, 0 if not.
+ */
+int
+sudo_nonunix_groupcheck_available(void)
+{
+    return sudo_vas_available;
+}
+
+
+/**
+ * Check if the user is in the group
+ * @param group group name which can be in DOMAIN\sam format or just the group
+ *              name
+ * @param user user name
+ * @param pwd (unused)
+ * @return 1 if user is a member of the group, 0 if not (or error occurred)
+ */
+int
+sudo_nonunix_groupcheck( const char* group, const char* user, const struct passwd* pwd )
+{
+    static int          error_cause_shown = FALSE;
+    int                 rval = FALSE;
+    vas_err_t           vaserr;
+    vas_user_t*         vas_user = NULL;
+    vas_group_t*        vas_group = NULL;
+
+    if (!sudo_vas_available) {
+	if (error_cause_shown == FALSE) {
+	    /* Produce the saved error reason */
+	    warningx("Non-unix group checking unavailable: %s",
+		    err_msg ? err_msg
+		    : "(unknown cause)");
+	    error_cause_shown = TRUE;
+	}
+	return 0;
+    }
+
+    /* resolve the user and group. The user will be a real Unix account name,
+     * while the group may be a unix name, or any group name accepted by
+     * vas_name_to_dn, which means any of:
+     * - Group Name
+     * - Group Name@FULLY.QUALIFIED.DOMAIN
+     * - CN=sudoers,CN=Users,DC=rcdev,DC=vintela,DC=com
+     * - S-1-2-34-5678901234-5678901234-5678901234-567
+     *
+     * XXX - we may get non-VAS user accounts here. You can add local users to an
+     * Active Directory group through override files. Should we handle that case?
+     * */
+    if( (vaserr = v_user_init( sudo_vas_ctx, sudo_vas_id, user, update_flags, &vas_user )) != VAS_ERR_SUCCESS ) {
+	if (vaserr == VAS_ERR_NOT_FOUND) {
+	     /* No such user in AD. Probably a local user. */
+	    vaserr = VAS_ERR_SUCCESS;
+	}
+        goto FINISHED;
+    }
+        
+    if( (vaserr = v_group_init( sudo_vas_ctx, sudo_vas_id, group, update_flags, &vas_group )) != VAS_ERR_SUCCESS ) {
+        goto FINISHED;
+    }
+
+    /* do the membership check */
+    if( (vaserr = v_user_is_member( sudo_vas_ctx, sudo_vas_id, vas_user, vas_group )) == VAS_ERR_SUCCESS ) {
+        rval = TRUE;
+    }
+    else if (vaserr == VAS_ERR_NOT_FOUND) {
+	/* fake the vaserr code so no error is triggered */
+	vaserr = VAS_ERR_SUCCESS;
+    }
+
+
+FINISHED: /* cleanups */
+    if (vaserr != VAS_ERR_SUCCESS && vaserr != VAS_ERR_NOT_FOUND ) {
+	warningx("Error while checking group membership "
+		"for user \"%s\", group \"%s\", error: %s%s.", user, group,
+		v_err_get_string(sudo_vas_ctx, 1),
+		/* A helpful hint if there seems to be a non-FQDN as the domain */
+		(strchr(group, '@') && !strchr(group, '.'))
+		 ? "\nMake sure the fully qualified domain name is specified"
+		 : "");
+    }
+    if( vas_group )              v_group_free( sudo_vas_ctx, vas_group );
+    if( vas_user )              v_user_free( sudo_vas_ctx, vas_user );
+
+    return(rval);
+}
+
+
+static void
+set_err_msg(const char *msg, ...) {
+    va_list ap;
+
+    if (!msg) /* assert */
+	return;
+
+    if (err_msg)
+	free(err_msg);
+
+    va_start(ap, msg);
+
+    if (vasprintf(&err_msg, msg, ap) == -1)
+	err_msg = NULL;
+	
+    va_end(ap);
+}
+
+
+/**
+ * Initialise nonunix_groupcheck state.
+ */
+void
+sudo_nonunix_groupcheck_init(void)
+{
+    vas_err_t vaserr;
+    void *libvas;
+
+    if (err_msg) {
+	free(err_msg);
+	err_msg = NULL;
+    }
+
+    libvas = dlopen(LIBVAS_SO, RTLD_LAZY);
+    if (!libvas) {
+	set_err_msg("dlopen() failed: %s", dlerror());
+	return;
+    }
+
+    libvas_handle = libvas;
+
+    if (resolve_vas_funcs() != 0)
+	return;
+
+    if (VAS_ERR_SUCCESS == (vaserr = v_ctx_alloc(&sudo_vas_ctx))) {
+
+	if (VAS_ERR_SUCCESS == (vaserr = v_id_alloc(sudo_vas_ctx, "host/", &sudo_vas_id))) {
+	
+	    if (update_flags & VAS_NAME_FLAG_NO_LDAP) {
+		sudo_vas_available = 1;
+		return; /* OK */
+	    } else { /* Get a keytab */
+		if ((vaserr = v_id_establish_cred_keytab( sudo_vas_ctx,
+						    sudo_vas_id,
+						      VAS_ID_FLAG_USE_MEMORY_CCACHE
+						    | VAS_ID_FLAG_KEEP_COPY_OF_CRED
+						    | VAS_ID_FLAG_NO_INITIAL_TGT,
+						    NULL )) == VAS_ERR_SUCCESS) {
+		    sudo_vas_available = 1;
+		    return; /* OK */
+		}
+
+		if (!err_msg)
+		    set_err_msg("unable to establish creds: %s",
+			    v_err_get_string(sudo_vas_ctx, 1));
+	    }
+
+	    v_id_free(sudo_vas_ctx, sudo_vas_id);
+	    sudo_vas_id = NULL;
+	}
+
+	/* This is the last opportunity to get an error message from libvas */
+	if (!err_msg)
+	    set_err_msg("Error initializing non-unix group checking: %s",
+		    v_err_get_string(sudo_vas_ctx, 1));
+
+	v_ctx_free(sudo_vas_ctx);
+	sudo_vas_ctx = NULL;
+    }
+
+    if (!err_msg)
+	set_err_msg("Failed to get a libvas handle for non-unix group checking (unknown cause)");
+
+    sudo_vas_available = 0;
+}
+
+
+/**
+ * Clean up nonunix_groupcheck state.
+ */
+void
+sudo_nonunix_groupcheck_cleanup()
+{
+    if (err_msg) {
+	free(err_msg);
+	err_msg = NULL;
+    }
+
+    if (sudo_vas_available) {
+	v_id_free(sudo_vas_ctx, sudo_vas_id);
+	sudo_vas_id = NULL;
+
+	v_ctx_free(sudo_vas_ctx);
+	sudo_vas_ctx = NULL;
+
+	sudo_vas_available = FALSE;
+    }
+
+    if (libvas_handle) {
+	if (dlclose(libvas_handle) != 0)
+	    warningx("dlclose() failed: %s", dlerror());
+	libvas_handle = NULL;
+    }
+}
+
+#define RESOLVE_OR_ERR(fptr, sym) \
+    do { \
+	void *_fptr = dlsym(libvas_handle, (sym)); \
+	if (!_fptr) { \
+	    set_err_msg("dlsym() failed: %s", dlerror()); \
+	    return -1; \
+	} \
+	fptr = _fptr; \
+    } while (0)
+
+
+/**
+ * Resolve all the libvas functions.
+ * Returns -1 and sets err_msg if something went wrong, or 0 on success.
+ */
+int
+resolve_vas_funcs(void)
+{
+    if (!libvas_handle) /* assert */
+	return -1;
+
+    RESOLVE_OR_ERR(v_ctx_alloc,	"vas_ctx_alloc");
+    RESOLVE_OR_ERR(v_ctx_free,	"vas_ctx_free");
+    RESOLVE_OR_ERR(v_id_alloc,	"vas_id_alloc");
+    RESOLVE_OR_ERR(v_id_free,	"vas_id_free");
+    RESOLVE_OR_ERR(v_id_establish_cred_keytab,	"vas_id_establish_cred_keytab");
+    RESOLVE_OR_ERR(v_user_init,	"vas_user_init");
+    RESOLVE_OR_ERR(v_user_free,	"vas_user_free");
+    RESOLVE_OR_ERR(v_group_init,	"vas_group_init");
+    RESOLVE_OR_ERR(v_group_free,	"vas_group_free");
+    RESOLVE_OR_ERR(v_user_is_member,	"vas_user_is_member");
+    RESOLVE_OR_ERR(v_err_get_string,	"vas_err_get_string");
+
+    return 0;
+}
diff --git a/sudo-1.7.4p4/visudo.c b/sudo-1.7.4p4/visudo.c
new file mode 100644
index 0000000..ab8d587
--- /dev/null
+++ b/sudo-1.7.4p4/visudo.c
@@ -0,0 +1,1182 @@
+/*
+ * Copyright (c) 1996, 1998-2005, 2007-2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+/*
+ * Lock the sudoers file for safe editing (ala vipw) and check for parse errors.
+ */
+
+#define _SUDO_MAIN
+
+#ifdef __TANDEM
+# include <floss.h>
+#endif
+
+#include <config.h>
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#ifndef __TANDEM
+# include <sys/file.h>
+#endif
+#include <sys/wait.h>
+#include <stdio.h>
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif /* STDC_HEADERS */
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif /* HAVE_UNISTD_H */
+#include <ctype.h>
+#include <pwd.h>
+#include <grp.h>
+#include <signal.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#if TIME_WITH_SYS_TIME
+# include <time.h>
+#endif
+#ifdef __STDC__
+# include <stdarg.h>
+#else
+# include <varargs.h>
+#endif
+
+#include "sudo.h"
+#include "interfaces.h"
+#include "parse.h"
+#include "redblack.h"
+#include <gram.h>
+
+struct sudoersfile {
+    struct sudoersfile *prev, *next;
+    char *path;
+    char *tpath;
+    int fd;
+    int modified;
+    int doedit;
+};
+TQ_DECLARE(sudoersfile);
+
+/*
+ * Function prototypes
+ */
+static RETSIGTYPE quit		__P((int));
+static char *get_args		__P((char *));
+static char *get_editor		__P((char **));
+static void get_hostname	__P((void));
+static char whatnow		__P((void));
+static int check_aliases	__P((int, int));
+static int check_syntax		__P((char *, int, int));
+static int edit_sudoers		__P((struct sudoersfile *, char *, char *, int));
+static int install_sudoers	__P((struct sudoersfile *, int));
+static int print_unused		__P((void *, void *));
+static int reparse_sudoers	__P((char *, char *, int, int));
+static int run_command		__P((char *, char **));
+static void print_selfref	__P((char *, int, int, int));
+static void print_undefined	__P((char *, int, int, int));
+static void setup_signals	__P((void));
+static void usage		__P((void)) __attribute__((__noreturn__));
+
+extern void yyerror		__P((const char *));
+extern void yyrestart		__P((FILE *));
+
+/*
+ * External globals exported by the parser
+ */
+extern struct rbtree *aliases;
+extern FILE *yyin;
+extern char *sudoers, *errorfile;
+extern int errorlineno, parse_error;
+/* For getopt(3) */
+extern char *optarg;
+extern int optind;
+
+/*
+ * Globals
+ */
+int Argc;
+char **Argv;
+int num_interfaces;
+struct interface *interfaces;
+struct sudo_user sudo_user;
+struct passwd *list_pw;
+static struct sudoersfile_list sudoerslist;
+static struct rbtree *alias_freelist;
+
+int
+main(argc, argv)
+    int argc;
+    char **argv;
+{
+    struct sudoersfile *sp;
+    char *args, *editor, *sudoers_path;
+    int ch, checkonly, quiet, strict, oldperms;
+#if defined(SUDO_DEVEL) && defined(__OpenBSD__)
+    extern char *malloc_options;
+    malloc_options = "AFGJPR";
+#endif
+
+    Argv = argv;
+    if ((Argc = argc) < 1)
+	usage();
+
+    /*
+     * Arg handling.
+     */
+    checkonly = oldperms = quiet = strict = FALSE;
+    sudoers_path = _PATH_SUDOERS;
+    while ((ch = getopt(argc, argv, "Vcf:sq")) != -1) {
+	switch (ch) {
+	    case 'V':
+		(void) printf("%s version %s\n", getprogname(), PACKAGE_VERSION);
+		exit(0);
+	    case 'c':
+		checkonly++;		/* check mode */
+		break;
+	    case 'f':
+		sudoers_path = optarg;	/* sudoers file path */
+		oldperms = TRUE;
+		break;
+	    case 's':
+		strict++;		/* strict mode */
+		break;
+	    case 'q':
+		quiet++;		/* quiet mode */
+		break;
+	    default:
+		usage();
+	}
+    }
+    argc -= optind;
+    argv += optind;
+    if (argc)
+	usage();
+
+    sudo_setpwent();
+    sudo_setgrent();
+
+    /* Mock up a fake sudo_user struct. */
+    user_cmnd = "";
+    if ((sudo_user.pw = sudo_getpwuid(getuid())) == NULL)
+	errorx(1, "you don't exist in the passwd database");
+    get_hostname();
+
+    /* Setup defaults data structures. */
+    init_defaults();
+
+    if (checkonly)
+	exit(check_syntax(sudoers_path, quiet, strict));
+
+    /*
+     * Parse the existing sudoers file(s) in quiet mode to highlight any
+     * existing errors and to pull in editor and env_editor conf values.
+     */
+    if ((yyin = open_sudoers(sudoers_path, TRUE, NULL)) == NULL) {
+	error(1, "%s", sudoers_path);
+    }
+    init_parser(sudoers_path, 0);
+    yyparse();
+    (void) update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER);
+
+    editor = get_editor(&args);
+
+    /* Install signal handlers to clean up temp files if we are killed. */
+    setup_signals();
+
+    /* Edit the sudoers file(s) */
+    tq_foreach_fwd(&sudoerslist, sp) {
+	if (!sp->doedit)
+	    continue;
+	if (sp != tq_first(&sudoerslist)) {
+	    printf("press return to edit %s: ", sp->path);
+	    while ((ch = getchar()) != EOF && ch != '\n')
+		    continue;
+	}
+	edit_sudoers(sp, editor, args, -1);
+    }
+
+    /* Check edited files for a parse error and re-edit any that fail. */
+    reparse_sudoers(editor, args, strict, quiet);
+
+    /* Install the sudoers temp files. */
+    tq_foreach_fwd(&sudoerslist, sp) {
+	if (!sp->modified)
+	    (void) unlink(sp->tpath);
+	else
+	    (void) install_sudoers(sp, oldperms);
+    }
+
+    exit(0);
+}
+
+/*
+ * Edit each sudoers file.
+ * Returns TRUE on success, else FALSE.
+ */
+static int
+edit_sudoers(sp, editor, args, lineno)
+    struct sudoersfile *sp;
+    char *editor, *args;
+    int lineno;
+{
+    int tfd;				/* sudoers temp file descriptor */
+    int modified;			/* was the file modified? */
+    int ac;				/* argument count */
+    char **av;				/* argument vector for run_command */
+    char *cp;				/* scratch char pointer */
+    char buf[PATH_MAX*2];		/* buffer used for copying files */
+    char linestr[64];			/* string version of lineno */
+    struct timeval tv, tv1, tv2;	/* time before and after edit */
+    struct timeval orig_mtim;		/* starting mtime of sudoers file */
+    off_t orig_size;			/* starting size of sudoers file */
+    ssize_t nread;			/* number of bytes read */
+    struct stat sb;			/* stat buffer */
+
+#ifdef HAVE_FSTAT
+    if (fstat(sp->fd, &sb) == -1)
+#else
+    if (stat(sp->path, &sb) == -1)
+#endif
+	error(1, "can't stat %s", sp->path);
+    orig_size = sb.st_size;
+    mtim_get(&sb, &orig_mtim);
+
+    /* Create the temp file if needed and set timestamp. */
+    if (sp->tpath == NULL) {
+	easprintf(&sp->tpath, "%s.tmp", sp->path);
+	tfd = open(sp->tpath, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+	if (tfd < 0)
+	    error(1, "%s", sp->tpath);
+
+	/* Copy sp->path -> sp->tpath and reset the mtime. */
+	if (orig_size != 0) {
+	    (void) lseek(sp->fd, (off_t)0, SEEK_SET);
+	    while ((nread = read(sp->fd, buf, sizeof(buf))) > 0)
+		if (write(tfd, buf, nread) != nread)
+		    error(1, "write error");
+
+	    /* Add missing newline at EOF if needed. */
+	    if (nread > 0 && buf[nread - 1] != '\n') {
+		buf[0] = '\n';
+		write(tfd, buf, 1);
+	    }
+	}
+	(void) close(tfd);
+    }
+    (void) touch(-1, sp->tpath, &orig_mtim);
+
+    /* Find the length of the argument vector */
+    ac = 3 + (lineno > 0);
+    if (args) {
+        int wasblank;
+
+        ac++;
+        for (wasblank = FALSE, cp = args; *cp; cp++) {
+            if (isblank((unsigned char) *cp))
+                wasblank = TRUE;
+            else if (wasblank) {
+                wasblank = FALSE;
+                ac++;
+            }
+        }
+    }
+
+    /* Build up argument vector for the command */
+    av = emalloc2(ac, sizeof(char *));
+    if ((av[0] = strrchr(editor, '/')) != NULL)
+	av[0]++;
+    else
+	av[0] = editor;
+    ac = 1;
+    if (lineno > 0) {
+	(void) snprintf(linestr, sizeof(linestr), "+%d", lineno);
+	av[ac++] = linestr;
+    }
+    if (args) {
+	for ((cp = strtok(args, " \t")); cp; (cp = strtok(NULL, " \t")))
+	    av[ac++] = cp;
+    }
+    av[ac++] = sp->tpath;
+    av[ac++] = NULL;
+
+    /*
+     * Do the edit:
+     *  We cannot check the editor's exit value against 0 since
+     *  XPG4 specifies that vi's exit value is a function of the
+     *  number of errors during editing (?!?!).
+     */
+    gettime(&tv1);
+    if (run_command(editor, av) != -1) {
+	gettime(&tv2);
+	/*
+	 * Sanity checks.
+	 */
+	if (stat(sp->tpath, &sb) < 0) {
+	    warningx("cannot stat temporary file (%s), %s unchanged",
+		sp->tpath, sp->path);
+	    return(FALSE);
+	}
+	if (sb.st_size == 0 && orig_size != 0) {
+	    warningx("zero length temporary file (%s), %s unchanged",
+		sp->tpath, sp->path);
+	    sp->modified = TRUE;
+	    return(FALSE);
+	}
+    } else {
+	warningx("editor (%s) failed, %s unchanged", editor, sp->path);
+	return(FALSE);
+    }
+
+    /* Set modified bit if use changed the file. */
+    modified = TRUE;
+    mtim_get(&sb, &tv);
+    if (orig_size == sb.st_size && timevalcmp(&orig_mtim, &tv, ==)) {
+	/*
+	 * If mtime and size match but the user spent no measurable
+	 * time in the editor we can't tell if the file was changed.
+	 */
+	timevalsub(&tv1, &tv2);
+	if (timevalisset(&tv2))
+	    modified = FALSE;
+    }
+
+    /*
+     * If modified in this edit session, mark as modified.
+     */
+    if (modified)
+	sp->modified = modified;
+    else
+	warningx("%s unchanged", sp->tpath);
+
+    return(TRUE);
+}
+
+/*
+ * Parse sudoers after editing and re-edit any ones that caused a parse error.
+ * Returns TRUE on success, else FALSE.
+ */
+static int
+reparse_sudoers(editor, args, strict, quiet)
+    char *editor, *args;
+    int strict, quiet;
+{
+    struct sudoersfile *sp, *last;
+    FILE *fp;
+    int ch;
+
+    /*
+     * Parse the edited sudoers files and do sanity checking
+     */
+    do {
+	sp = tq_first(&sudoerslist);
+	last = tq_last(&sudoerslist);
+	fp = fopen(sp->tpath, "r+");
+	if (fp == NULL)
+	    errorx(1, "can't re-open temporary file (%s), %s unchanged.",
+		sp->tpath, sp->path);
+
+	/* Clean slate for each parse */
+	init_defaults();
+	init_parser(sp->path, quiet);
+
+	/* Parse the sudoers temp file */
+	yyrestart(fp);
+	if (yyparse() && !parse_error) {
+	    warningx("unabled to parse temporary file (%s), unknown error",
+		sp->tpath);
+	    parse_error = TRUE;
+	    errorfile = sp->path;
+	}
+	fclose(yyin);
+	if (!parse_error) {
+	    if (!update_defaults(SETDEF_GENERIC|SETDEF_HOST|SETDEF_USER) ||
+		check_aliases(strict, quiet) != 0) {
+		parse_error = TRUE;
+		errorfile = sp->path;
+	    }
+	}
+
+	/*
+	 * Got an error, prompt the user for what to do now
+	 */
+	if (parse_error) {
+	    switch (whatnow()) {
+		case 'Q' :	parse_error = FALSE;	/* ignore parse error */
+				break;
+		case 'x' :	cleanup(0);
+				exit(0);
+				break;
+	    }
+	}
+	if (parse_error) {
+	    /* Edit file with the parse error */
+	    tq_foreach_fwd(&sudoerslist, sp) {
+		if (errorfile == NULL || strcmp(sp->path, errorfile) == 0) {
+		    edit_sudoers(sp, editor, args, errorlineno);
+		    break;
+		}
+	    }
+	    if (sp == NULL)
+		errorx(1, "internal error, can't find %s in list!", sudoers);
+	}
+
+	/* If any new #include directives were added, edit them too. */
+	for (sp = last->next; sp != NULL; sp = sp->next) {
+	    printf("press return to edit %s: ", sp->path);
+	    while ((ch = getchar()) != EOF && ch != '\n')
+		    continue;
+	    edit_sudoers(sp, editor, args, errorlineno);
+	}
+    } while (parse_error);
+
+    return(TRUE);
+}
+
+/*
+ * Set the owner and mode on a sudoers temp file and
+ * move it into place.  Returns TRUE on success, else FALSE.
+ */
+static int
+install_sudoers(sp, oldperms)
+    struct sudoersfile *sp;
+    int oldperms;
+{
+    struct stat sb;
+
+    /*
+     * Change mode and ownership of temp file so when
+     * we move it to sp->path things are kosher.
+     */
+    if (oldperms) {
+	/* Use perms of the existing file.  */
+#ifdef HAVE_FSTAT
+	if (fstat(sp->fd, &sb) == -1)
+#else
+	if (stat(sp->path, &sb) == -1)
+#endif
+	    error(1, "can't stat %s", sp->path);
+	(void) chown(sp->tpath, sb.st_uid, sb.st_gid);
+	(void) chmod(sp->tpath, sb.st_mode & 0777);
+    } else {
+	if (chown(sp->tpath, SUDOERS_UID, SUDOERS_GID) != 0) {
+	    warning("unable to set (uid, gid) of %s to (%d, %d)",
+		sp->tpath, SUDOERS_UID, SUDOERS_GID);
+	    return(FALSE);
+	}
+	if (chmod(sp->tpath, SUDOERS_MODE) != 0) {
+	    warning("unable to change mode of %s to 0%o", sp->tpath,
+		SUDOERS_MODE);
+	    return(FALSE);
+	}
+    }
+
+    /*
+     * Now that sp->tpath is sane (parses ok) it needs to be
+     * rename(2)'d to sp->path.  If the rename(2) fails we try using
+     * mv(1) in case sp->tpath and sp->path are on different file systems.
+     */
+    if (rename(sp->tpath, sp->path) == 0) {
+	efree(sp->tpath);
+	sp->tpath = NULL;
+    } else {
+	if (errno == EXDEV) {
+	    char *av[4];
+	    warningx("%s and %s not on the same file system, using mv to rename",
+	      sp->tpath, sp->path);
+
+	    /* Build up argument vector for the command */
+	    if ((av[0] = strrchr(_PATH_MV, '/')) != NULL)
+		av[0]++;
+	    else
+		av[0] = _PATH_MV;
+	    av[1] = sp->tpath;
+	    av[2] = sp->path;
+	    av[3] = NULL;
+
+	    /* And run it... */
+	    if (run_command(_PATH_MV, av)) {
+		warningx("command failed: '%s %s %s', %s unchanged",
+		    _PATH_MV, sp->tpath, sp->path, sp->path);
+		(void) unlink(sp->tpath);
+		efree(sp->tpath);
+		sp->tpath = NULL;
+		return(FALSE);
+	    }
+	    efree(sp->tpath);
+	    sp->tpath = NULL;
+	} else {
+	    warning("error renaming %s, %s unchanged", sp->tpath, sp->path);
+	    (void) unlink(sp->tpath);
+	    return(FALSE);
+	}
+    }
+    return(TRUE);
+}
+
+/* STUB */
+void
+set_fqdn()
+{
+    return;
+}
+
+/* STUB */
+void
+init_envtables()
+{
+    return;
+}
+
+/* STUB */
+int
+user_is_exempt()
+{
+    return(FALSE);
+}
+
+/* STUB */
+void
+sudo_setspent()
+{
+    return;
+}
+
+/* STUB */
+void
+sudo_endspent()
+{
+    return;
+}
+
+char *
+sudo_getepw(pw)
+    const struct passwd *pw;
+{
+    return (pw->pw_passwd);
+}
+
+/*
+ * Assuming a parse error occurred, prompt the user for what they want
+ * to do now.  Returns the first letter of their choice.
+ */
+static char
+whatnow()
+{
+    int choice, c;
+
+    for (;;) {
+	(void) fputs("What now? ", stdout);
+	choice = getchar();
+	for (c = choice; c != '\n' && c != EOF;)
+	    c = getchar();
+
+	switch (choice) {
+	    case EOF:
+		choice = 'x';
+		/* FALLTHROUGH */
+	    case 'e':
+	    case 'x':
+	    case 'Q':
+		return(choice);
+	    default:
+		(void) puts("Options are:");
+		(void) puts("  (e)dit sudoers file again");
+		(void) puts("  e(x)it without saving changes to sudoers file");
+		(void) puts("  (Q)uit and save changes to sudoers file (DANGER!)\n");
+	}
+    }
+}
+
+/*
+ * Install signal handlers for visudo.
+ */
+static void
+setup_signals()
+{
+	sigaction_t sa;
+
+	/*
+	 * Setup signal handlers to cleanup nicely.
+	 */
+	zero_bytes(&sa, sizeof(sa));
+	sigemptyset(&sa.sa_mask);
+	sa.sa_flags = SA_RESTART;
+	sa.sa_handler = quit;
+	(void) sigaction(SIGTERM, &sa, NULL);
+	(void) sigaction(SIGHUP, &sa, NULL);
+	(void) sigaction(SIGINT, &sa, NULL);
+	(void) sigaction(SIGQUIT, &sa, NULL);
+}
+
+static int
+run_command(path, argv)
+    char *path;
+    char **argv;
+{
+    int status;
+    pid_t pid, rv;
+
+    switch (pid = fork()) {
+	case -1:
+	    error(1, "unable to run %s", path);
+	    break;	/* NOTREACHED */
+	case 0:
+	    sudo_endpwent();
+	    sudo_endgrent();
+	    closefrom(STDERR_FILENO + 1);
+	    execv(path, argv);
+	    warning("unable to run %s", path);
+	    _exit(127);
+	    break;	/* NOTREACHED */
+    }
+
+    do {
+#ifdef sudo_waitpid
+	rv = sudo_waitpid(pid, &status, 0);
+#else
+	rv = wait(&status);
+#endif
+    } while (rv == -1 && errno == EINTR);
+
+    if (rv == -1 || !WIFEXITED(status))
+	return(-1);
+    return(WEXITSTATUS(status));
+}
+
+static int
+check_syntax(sudoers_path, quiet, strict)
+    char *sudoers_path;
+    int quiet;
+    int strict;
+{
+    struct stat sb;
+    int error;
+
+    if ((yyin = fopen(sudoers_path, "r")) == NULL) {
+	if (!quiet)
+	    warning("unable to open %s", sudoers_path);
+	exit(1);
+    }
+    init_parser(sudoers_path, quiet);
+    if (yyparse() && !parse_error) {
+	if (!quiet)
+	    warningx("failed to parse %s file, unknown error", sudoers_path);
+	parse_error = TRUE;
+	errorfile = sudoers_path;
+    }
+    if (!parse_error && check_aliases(strict, quiet) != 0) {
+	parse_error = TRUE;
+	errorfile = sudoers_path;
+    }
+    error = parse_error;
+    if (!quiet) {
+	if (parse_error) {
+	    if (errorlineno != -1)
+		(void) printf("parse error in %s near line %d\n", errorfile,
+		    errorlineno);
+	    else
+		(void) printf("parse error in %s\n", errorfile);
+	} else {
+	    (void) printf("%s: parsed OK\n", sudoers_path);
+	}
+    }
+    /* Check mode and owner in strict mode. */
+#ifdef HAVE_FSTAT
+    if (strict && fstat(fileno(yyin), &sb) == 0)
+#else
+    if (strict && stat(sudoers_path, &sb) == 0)
+#endif
+    {
+	if (sb.st_uid != SUDOERS_UID || sb.st_gid != SUDOERS_GID) {
+	    error = TRUE;
+	    if (!quiet) {
+		fprintf(stderr, "%s: wrong owner (uid, gid) should be (%d, %d)\n",
+		    sudoers_path, SUDOERS_UID, SUDOERS_GID);
+		}
+	}
+	if ((sb.st_mode & 07777) != SUDOERS_MODE) {
+	    error = TRUE;
+	    if (!quiet) {
+		fprintf(stderr, "%s: bad permissions, should be mode 0%o\n",
+		    sudoers_path, SUDOERS_MODE);
+	    }
+	}
+    }
+
+    return(error);
+}
+
+/*
+ * Used to open (and lock) the initial sudoers file and to also open
+ * any subsequent files #included via a callback from the parser.
+ */
+FILE *
+open_sudoers(path, doedit, keepopen)
+    const char *path;
+    int doedit;
+    int *keepopen;
+{
+    struct sudoersfile *entry;
+    FILE *fp;
+
+    /* Check for existing entry */
+    tq_foreach_fwd(&sudoerslist, entry) {
+	if (strcmp(path, entry->path) == 0)
+	    break;
+    }
+    if (entry == NULL) {
+	entry = emalloc(sizeof(*entry));
+	entry->path = estrdup(path);
+	entry->modified = 0;
+	entry->prev = entry;
+	entry->next = NULL;
+	entry->fd = open(entry->path, O_RDWR | O_CREAT, SUDOERS_MODE);
+	entry->tpath = NULL;
+	entry->doedit = doedit;
+	if (entry->fd == -1) {
+	    warning("%s", entry->path);
+	    efree(entry);
+	    return(NULL);
+	}
+	if (!lock_file(entry->fd, SUDO_TLOCK))
+	    errorx(1, "%s busy, try again later", entry->path);
+	if ((fp = fdopen(entry->fd, "r")) == NULL)
+	    error(1, "%s", entry->path);
+	tq_append(&sudoerslist, entry);
+    } else {
+	/* Already exists, open .tmp version if there is one. */
+	if (entry->tpath != NULL) {
+	    if ((fp = fopen(entry->tpath, "r")) == NULL)
+		error(1, "%s", entry->tpath);
+	} else {
+	    if ((fp = fdopen(entry->fd, "r")) == NULL)
+		error(1, "%s", entry->path);
+	    rewind(fp);
+	}
+    }
+    if (keepopen != NULL)
+	*keepopen = TRUE;
+    return(fp);
+}
+
+static char *
+get_editor(args)
+    char **args;
+{
+    char *Editor, *EditorArgs, *EditorPath, *UserEditor, *UserEditorArgs;
+
+    /*
+     * Check VISUAL and EDITOR environment variables to see which editor
+     * the user wants to use (we may not end up using it though).
+     * If the path is not fully-qualified, make it so and check that
+     * the specified executable actually exists.
+     */
+    UserEditorArgs = NULL;
+    if ((UserEditor = getenv("VISUAL")) == NULL || *UserEditor == '\0')
+	UserEditor = getenv("EDITOR");
+    if (UserEditor && *UserEditor == '\0')
+	UserEditor = NULL;
+    else if (UserEditor) {
+	UserEditorArgs = get_args(UserEditor);
+	if (find_path(UserEditor, &Editor, NULL, getenv("PATH"), 0) == FOUND) {
+	    UserEditor = Editor;
+	} else {
+	    if (def_env_editor) {
+		/* If we are honoring $EDITOR this is a fatal error. */
+		errorx(1, "specified editor (%s) doesn't exist!", UserEditor);
+	    } else {
+		/* Otherwise, just ignore $EDITOR. */
+		UserEditor = NULL;
+	    }
+	}
+    }
+
+    /*
+     * See if we can use the user's choice of editors either because
+     * we allow any $EDITOR or because $EDITOR is in the allowable list.
+     */
+    Editor = EditorArgs = EditorPath = NULL;
+    if (def_env_editor && UserEditor) {
+	Editor = UserEditor;
+	EditorArgs = UserEditorArgs;
+    } else if (UserEditor) {
+	struct stat editor_sb;
+	struct stat user_editor_sb;
+	char *base, *userbase;
+
+	if (stat(UserEditor, &user_editor_sb) != 0) {
+	    /* Should never happen since we already checked above. */
+	    error(1, "unable to stat editor (%s)", UserEditor);
+	}
+	EditorPath = estrdup(def_editor);
+	Editor = strtok(EditorPath, ":");
+	do {
+	    EditorArgs = get_args(Editor);
+	    /*
+	     * Both Editor and UserEditor should be fully qualified but
+	     * check anyway...
+	     */
+	    if ((base = strrchr(Editor, '/')) == NULL)
+		continue;
+	    if ((userbase = strrchr(UserEditor, '/')) == NULL) {
+		Editor = NULL;
+		break;
+	    }
+	    base++, userbase++;
+
+	    /*
+	     * We compare the basenames first and then use stat to match
+	     * for sure.
+	     */
+	    if (strcmp(base, userbase) == 0) {
+		if (stat(Editor, &editor_sb) == 0 && S_ISREG(editor_sb.st_mode)
+		    && (editor_sb.st_mode & 0000111) &&
+		    editor_sb.st_dev == user_editor_sb.st_dev &&
+		    editor_sb.st_ino == user_editor_sb.st_ino)
+		    break;
+	    }
+	} while ((Editor = strtok(NULL, ":")));
+    }
+
+    /*
+     * Can't use $EDITOR, try each element of def_editor until we
+     * find one that exists, is regular, and is executable.
+     */
+    if (Editor == NULL || *Editor == '\0') {
+	efree(EditorPath);
+	EditorPath = estrdup(def_editor);
+	Editor = strtok(EditorPath, ":");
+	do {
+	    EditorArgs = get_args(Editor);
+	    if (sudo_goodpath(Editor, NULL))
+		break;
+	} while ((Editor = strtok(NULL, ":")));
+
+	/* Bleah, none of the editors existed! */
+	if (Editor == NULL || *Editor == '\0')
+	    errorx(1, "no editor found (editor path = %s)", def_editor);
+    }
+    *args = EditorArgs;
+    return(Editor);
+}
+
+/*
+ * Split out any command line arguments and return them.
+ */
+static char *
+get_args(cmnd)
+    char *cmnd;
+{
+    char *args;
+
+    args = cmnd;
+    while (*args && !isblank((unsigned char) *args))
+	args++;
+    if (*args) {
+	*args++ = '\0';
+	while (*args && isblank((unsigned char) *args))
+	    args++;
+    }
+    return(*args ? args : NULL);
+}
+
+/*
+ * Look up the hostname and set user_host and user_shost.
+ */
+static void
+get_hostname()
+{
+    char *p, thost[MAXHOSTNAMELEN + 1];
+
+    if (gethostname(thost, sizeof(thost)) != 0) {
+	user_host = user_shost = "localhost";
+	return;
+    }
+    thost[sizeof(thost) - 1] = '\0';
+    user_host = estrdup(thost);
+
+    if ((p = strchr(user_host, '.'))) {
+	*p = '\0';
+	user_shost = estrdup(user_host);
+	*p = '.';
+    } else {
+	user_shost = user_host;
+    }
+}
+
+static int
+alias_remove_recursive(name, type, strict, quiet)
+    char *name;
+    int type;
+    int strict;
+    int quiet;
+{
+    struct member *m;
+    struct alias *a;
+    int error = 0;
+
+    if ((a = alias_find(name, type)) != NULL) {
+	tq_foreach_fwd(&a->members, m) {
+	    if (m->type == ALIAS) {
+		if (strcmp(name, m->name) == 0) {
+		    print_selfref(m->name, type, strict, quiet);
+		    error = 1;
+		} else {
+		    if (!alias_remove_recursive(m->name, type, strict, quiet))
+			error = 1;
+		}
+	    }
+	}
+    }
+    alias_seqno++;
+    a = alias_remove(name, type);
+    if (a)
+	rbinsert(alias_freelist, a);
+    return(error);
+}
+
+/*
+ * Iterate through the sudoers datastructures looking for undefined
+ * aliases or unused aliases.
+ */
+static int
+check_aliases(strict, quiet)
+    int strict;
+    int quiet;
+{
+    struct cmndspec *cs;
+    struct member *m, *binding;
+    struct privilege *priv;
+    struct userspec *us;
+    struct defaults *d;
+    int atype, error = 0;
+
+    alias_freelist = rbcreate(alias_compare);
+
+    /* Forward check. */
+    tq_foreach_fwd(&userspecs, us) {
+	tq_foreach_fwd(&us->users, m) {
+	    if (m->type == ALIAS) {
+		alias_seqno++;
+		if (alias_find(m->name, USERALIAS) == NULL) {
+		    print_undefined(m->name, USERALIAS, strict, quiet);
+		    error++;
+		}
+	    }
+	}
+	tq_foreach_fwd(&us->privileges, priv) {
+	    tq_foreach_fwd(&priv->hostlist, m) {
+		if (m->type == ALIAS) {
+		    alias_seqno++;
+		    if (alias_find(m->name, HOSTALIAS) == NULL) {
+			print_undefined(m->name, HOSTALIAS, strict, quiet);
+			error++;
+		    }
+		}
+	    }
+	    tq_foreach_fwd(&priv->cmndlist, cs) {
+		tq_foreach_fwd(&cs->runasuserlist, m) {
+		    if (m->type == ALIAS) {
+			alias_seqno++;
+			if (alias_find(m->name, RUNASALIAS) == NULL) {
+			    print_undefined(m->name, RUNASALIAS, strict, quiet);
+			    error++;
+			}
+		    }
+		}
+		if ((m = cs->cmnd)->type == ALIAS) {
+		    alias_seqno++;
+		    if (alias_find(m->name, CMNDALIAS) == NULL) {
+			print_undefined(m->name, CMNDALIAS, strict, quiet);
+			error++;
+		    }
+		}
+	    }
+	}
+    }
+
+    /* Reverse check (destructive) */
+    tq_foreach_fwd(&userspecs, us) {
+	tq_foreach_fwd(&us->users, m) {
+	    if (m->type == ALIAS) {
+		if (!alias_remove_recursive(m->name, USERALIAS, strict, quiet))
+		    error++;
+	    }
+	}
+	tq_foreach_fwd(&us->privileges, priv) {
+	    tq_foreach_fwd(&priv->hostlist, m) {
+		if (m->type == ALIAS)
+		    if (!alias_remove_recursive(m->name, HOSTALIAS, strict, 
+			quiet))
+			error++;
+	    }
+	    tq_foreach_fwd(&priv->cmndlist, cs) {
+		tq_foreach_fwd(&cs->runasuserlist, m) {
+		    if (m->type == ALIAS)
+			if (!alias_remove_recursive(m->name, RUNASALIAS,
+			    strict, quiet))
+			    error++;
+		}
+		if ((m = cs->cmnd)->type == ALIAS)
+		    if (!alias_remove_recursive(m->name, CMNDALIAS, strict,
+			quiet))
+			error++;
+	    }
+	}
+    }
+    tq_foreach_fwd(&defaults, d) {
+	switch (d->type) {
+	    case DEFAULTS_HOST:
+		atype = HOSTALIAS;
+		break;
+	    case DEFAULTS_USER:
+		atype = USERALIAS;
+		break;
+	    case DEFAULTS_RUNAS:
+		atype = RUNASALIAS;
+		break;
+	    case DEFAULTS_CMND:
+		atype = CMNDALIAS;
+		break;
+	    default:
+		continue; /* not an alias */
+	}
+	tq_foreach_fwd(&d->binding, binding) {
+	    for (m = binding; m != NULL; m = m->next) {
+		if (m->type == ALIAS)
+		    if (!alias_remove_recursive(m->name, atype, strict, quiet))
+			error++;
+	    }
+	}
+    }
+    rbdestroy(alias_freelist, alias_free);
+
+    /* If all aliases were referenced we will have an empty tree. */
+    if (!no_aliases() && !quiet)
+	alias_apply(print_unused, strict ? "Error" : "Warning");
+
+    return (strict ? error : 0);
+}
+
+static void
+print_undefined(name, type, strict, quiet)
+    char *name;
+    int type;
+    int strict;
+    int quiet;
+{
+    if (!quiet) {
+	warningx("%s: %s_Alias `%s' referenced but not defined",
+	    strict ? "Error" : "Warning",
+	    type == HOSTALIAS ? "Host" : type == CMNDALIAS ? "Cmnd" :
+	    type == USERALIAS ? "User" : type == RUNASALIAS ? "Runas" :
+	    "Unknown", name);
+    }
+}
+
+static void
+print_selfref(name, type, strict, quiet)
+    char *name;
+    int type;
+    int strict;
+    int quiet;
+{
+    if (!quiet) {
+	warningx("%s: %s_Alias `%s' references self",
+	    strict ? "Error" : "Warning",
+	    type == HOSTALIAS ? "Host" : type == CMNDALIAS ? "Cmnd" :
+	    type == USERALIAS ? "User" : type == RUNASALIAS ? "Runas" :
+	    "Unknown", name);
+    }
+}
+
+static int
+print_unused(v1, v2)
+    void *v1;
+    void *v2;
+{
+    struct alias *a = (struct alias *)v1;
+    char *prefix = (char *)v2;
+
+    warningx("%s: unused %s_Alias %s", prefix,
+	a->type == HOSTALIAS ? "Host" : a->type == CMNDALIAS ? "Cmnd" :
+	a->type == USERALIAS ? "User" : a->type == RUNASALIAS ? "Runas" :
+	"Unknown", a->name);
+    return(0);
+}
+
+/*
+ * Unlink any sudoers temp files that remain.
+ */
+void
+cleanup(gotsignal)
+    int gotsignal;
+{
+    struct sudoersfile *sp;
+
+    tq_foreach_fwd(&sudoerslist, sp) {
+	if (sp->tpath != NULL)
+	    (void) unlink(sp->tpath);
+    }
+    if (!gotsignal) {
+	sudo_endpwent();
+	sudo_endgrent();
+    }
+}
+
+/*
+ * Unlink sudoers temp files (if any) and exit.
+ */
+static RETSIGTYPE
+quit(signo)
+    int signo;
+{
+    cleanup(signo);
+#define	emsg	 " exiting due to signal.\n"
+    write(STDERR_FILENO, getprogname(), strlen(getprogname()));
+    write(STDERR_FILENO, emsg, sizeof(emsg) - 1);
+    _exit(signo);
+}
+
+static void
+usage()
+{
+    (void) fprintf(stderr, "usage: %s [-c] [-q] [-s] [-V] [-f sudoers]\n",
+	getprogname());
+    exit(1);
+}
diff --git a/sudo-1.7.4p4/visudo.cat b/sudo-1.7.4p4/visudo.cat
new file mode 100644
index 0000000..c99374f
--- /dev/null
+++ b/sudo-1.7.4p4/visudo.cat
@@ -0,0 +1,198 @@
+
+
+
+VISUDO(1m)             MAINTENANCE COMMANDS            VISUDO(1m)
+
+
+NNAAMMEE
+       visudo - edit the sudoers file
+
+SSYYNNOOPPSSIISS
+       vviissuuddoo [--cc] [--qq] [--ss] [--VV] [--ff _s_u_d_o_e_r_s]
+
+DDEESSCCRRIIPPTTIIOONN
+       vviissuuddoo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous to _v_i_p_w(1m).
+       vviissuuddoo locks the _s_u_d_o_e_r_s file against multiple simultaneous edits,
+       provides basic sanity checks, and checks for parse errors.  If the
+       _s_u_d_o_e_r_s file is currently being edited you will receive a message to
+       try again later.
+
+       There is a hard-coded list of one or more editors that vviissuuddoo will use
+       set at compile-time that may be overridden via the _e_d_i_t_o_r _s_u_d_o_e_r_s
+       Default variable.  This list defaults to "vi".  Normally, vviissuuddoo does
+       not honor the VISUAL or EDITOR environment variables unless they
+       contain an editor in the aforementioned editors list.  However, if
+       vviissuuddoo is configured with the _-_-_w_i_t_h_-_e_n_v_-_e_d_i_t_o_r option or the
+       _e_n_v___e_d_i_t_o_r Default variable is set in _s_u_d_o_e_r_s, vviissuuddoo will use any the
+       editor defines by VISUAL or EDITOR.  Note that this can be a security
+       hole since it allows the user to execute any program they wish simply
+       by setting VISUAL or EDITOR.
+
+       vviissuuddoo parses the _s_u_d_o_e_r_s file after the edit and will not save the
+       changes if there is a syntax error.  Upon finding an error, vviissuuddoo will
+       print a message stating the line number(s) where the error occurred and
+       the user will receive the "What now?" prompt.  At this point the user
+       may enter "e" to re-edit the _s_u_d_o_e_r_s file, "x" to exit without saving
+       the changes, or "Q" to quit and save changes.  The "Q" option should be
+       used with extreme care because if vviissuuddoo believes there to be a parse
+       error, so will ssuuddoo and no one will be able to ssuuddoo again until the
+       error is fixed.  If "e" is typed to edit the  _s_u_d_o_e_r_s file after a
+       parse error has been detected, the cursor will be placed on the line
+       where the error occurred (if the editor supports this feature).
+
+OOPPTTIIOONNSS
+       vviissuuddoo accepts the following command line options:
+
+       -c          Enable cchheecckk--oonnllyy mode.  The existing _s_u_d_o_e_r_s file will be
+                   checked for syntax and a message will be printed to the
+                   standard output detailing the status of _s_u_d_o_e_r_s.  If the
+                   syntax check completes successfully, vviissuuddoo will exit with
+                   a value of 0.  If a syntax error is encountered, vviissuuddoo
+                   will exit with a value of 1.
+
+       -f _s_u_d_o_e_r_s  Specify and alternate _s_u_d_o_e_r_s file location.  With this
+                   option vviissuuddoo will edit (or check) the _s_u_d_o_e_r_s file of your
+                   choice, instead of the default, _/_e_t_c_/_s_u_d_o_e_r_s.  The lock
+                   file used is the specified _s_u_d_o_e_r_s file with ".tmp"
+                   appended to it.
+
+       -q          Enable qquuiieett mode.  In this mode details about syntax
+                   errors are not printed.  This option is only useful when
+
+
+
+1.7.4                     July 14, 2010                         1
+
+
+
+
+
+VISUDO(1m)             MAINTENANCE COMMANDS            VISUDO(1m)
+
+
+                   combined with the --cc option.
+
+       -s          Enable ssttrriicctt checking of the _s_u_d_o_e_r_s file.  If an alias is
+                   used before it is defined, vviissuuddoo will consider this a
+                   parse error.  Note that it is not possible to differentiate
+                   between an alias and a host name or user name that consists
+                   solely of uppercase letters, digits, and the underscore
+                   ('_') character.
+
+       -V          The --VV (version) option causes vviissuuddoo to print its version
+                   number and exit.
+
+EENNVVIIRROONNMMEENNTT
+       The following environment variables may be consulted depending on the
+       value of the _e_d_i_t_o_r and _e_n_v___e_d_i_t_o_r _s_u_d_o_e_r_s variables:
+
+       VISUAL          Invoked by visudo as the editor to use
+
+       EDITOR          Used by visudo if VISUAL is not set
+
+FFIILLEESS
+       _/_e_t_c_/_s_u_d_o_e_r_s            List of who can run what
+
+       _/_e_t_c_/_s_u_d_o_e_r_s_._t_m_p        Lock file for visudo
+
+DDIIAAGGNNOOSSTTIICCSS
+       sudoers file busy, try again later.
+           Someone else is currently editing the _s_u_d_o_e_r_s file.
+
+       /etc/sudoers.tmp: Permission denied
+           You didn't run vviissuuddoo as root.
+
+       Can't find you in the passwd database
+           Your userid does not appear in the system passwd file.
+
+       Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
+           Either you are trying to use an undeclare
+           {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed
+           that consists solely of uppercase letters, digits, and the
+           underscore ('_') character.  In the latter case, you can ignore the
+           warnings (ssuuddoo will not complain).  In --ss (strict) mode these are
+           errors, not warnings.
+
+       Warning: unused {User,Runas,Host,Cmnd}_Alias
+           The specified {User,Runas,Host,Cmnd}_Alias was defined but never
+           used.  You may wish to comment out or remove the unused alias.  In
+           --ss (strict) mode this is an error, not a warning.
+
+SSEEEE AALLSSOO
+       _v_i(1), _s_u_d_o_e_r_s(4), _s_u_d_o(1m), _v_i_p_w(8)
+
+AAUUTTHHOORR
+       Many people have worked on _s_u_d_o over the years; this version of vviissuuddoo
+       was written by:
+
+
+
+1.7.4                     July 14, 2010                         2
+
+
+
+
+
+VISUDO(1m)             MAINTENANCE COMMANDS            VISUDO(1m)
+
+
+        Todd Miller
+
+       See the HISTORY file in the sudo distribution or visit
+       http://www.sudo.ws/sudo/history.html for more details.
+
+CCAAVVEEAATTSS
+       There is no easy way to prevent a user from gaining a root shell if the
+       editor used by vviissuuddoo allows shell escapes.
+
+BBUUGGSS
+       If you feel you have found a bug in vviissuuddoo, please submit a bug report
+       at http://www.sudo.ws/sudo/bugs/
+
+SSUUPPPPOORRTT
+       Limited free support is available via the sudo-users mailing list, see
+       http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
+       the archives.
+
+DDIISSCCLLAAIIMMEERR
+       vviissuuddoo is provided ``AS IS'' and any express or implied warranties,
+       including, but not limited to, the implied warranties of
+       merchantability and fitness for a particular purpose are disclaimed.
+       See the LICENSE file distributed with ssuuddoo or
+       http://www.sudo.ws/sudo/license.html for complete details.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+1.7.4                     July 14, 2010                         3
+
+
diff --git a/sudo-1.7.4p4/visudo.man.in b/sudo-1.7.4p4/visudo.man.in
new file mode 100644
index 0000000..563fd3b
--- /dev/null
+++ b/sudo-1.7.4p4/visudo.man.in
@@ -0,0 +1,301 @@
+.\" Copyright (c) 1996,1998-2005, 2007-2010
+.\" 	Todd C. Miller <Todd.Miller@courtesan.com>
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\" 
+.\" Sponsored in part by the Defense Advanced Research Projects
+.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
+.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
+.\" 
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings.  \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+.    ds -- \(*W-
+.    ds PI pi
+.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
+.    ds L" ""
+.    ds R" ""
+.    ds C` 
+.    ds C' 
+'br\}
+.el\{\
+.    ds -- \|\(em\|
+.    ds PI \(*p
+.    ds L" ``
+.    ds R" ''
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.ie \nF \{\
+.    de IX
+.    tm Index:\\$1\t\\n%\t"\\$2"
+..
+.    nr % 0
+.    rr F
+.\}
+.el \{\
+.    de IX
+..
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
+.    \" fudge factors for nroff and troff
+.if n \{\
+.    ds #H 0
+.    ds #V .8m
+.    ds #F .3m
+.    ds #[ \f1
+.    ds #] \fP
+.\}
+.if t \{\
+.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.    ds #V .6m
+.    ds #F 0
+.    ds #[ \&
+.    ds #] \&
+.\}
+.    \" simple accents for nroff and troff
+.if n \{\
+.    ds ' \&
+.    ds ` \&
+.    ds ^ \&
+.    ds , \&
+.    ds ~ ~
+.    ds /
+.\}
+.if t \{\
+.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+.    \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.    \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.    \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.    ds : e
+.    ds 8 ss
+.    ds o a
+.    ds d- d\h'-1'\(ga
+.    ds D- D\h'-1'\(hy
+.    ds th \o'bp'
+.    ds Th \o'LP'
+.    ds ae ae
+.    ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "VISUDO @mansectsu@"
+.TH VISUDO @mansectsu@ "July 14, 2010" "1.7.4" "MAINTENANCE COMMANDS"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+visudo \- edit the sudoers file
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBvisudo\fR [\fB\-c\fR] [\fB\-q\fR] [\fB\-s\fR] [\fB\-V\fR] [\fB\-f\fR \fIsudoers\fR]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fBvisudo\fR edits the \fIsudoers\fR file in a safe fashion, analogous to
+\&\fIvipw\fR\|(@mansectsu@).  \fBvisudo\fR locks the \fIsudoers\fR file against multiple
+simultaneous edits, provides basic sanity checks, and checks
+for parse errors.  If the \fIsudoers\fR file is currently being
+edited you will receive a message to try again later.
+.PP
+There is a hard-coded list of one or more editors that \fBvisudo\fR will
+use set at compile-time that may be overridden via the \fIeditor\fR \fIsudoers\fR
+\&\f(CW\*(C`Default\*(C'\fR variable.  This list defaults to \f(CW"@editor@"\fR.  Normally,
+\&\fBvisudo\fR does not honor the \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR environment
+variables unless they contain an editor in the aforementioned editors
+list.  However, if \fBvisudo\fR is configured with the \fI\-\-with\-env\-editor\fR
+option or the \fIenv_editor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR,
+\&\fBvisudo\fR will use any the editor defines by \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR.
+Note that this can be a security hole since it allows the user to
+execute any program they wish simply by setting \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR.
+.PP
+\&\fBvisudo\fR parses the \fIsudoers\fR file after the edit and will
+not save the changes if there is a syntax error.  Upon finding
+an error, \fBvisudo\fR will print a message stating the line number(s)
+where the error occurred and the user will receive the
+\&\*(L"What now?\*(R" prompt.  At this point the user may enter \*(L"e\*(R"
+to re-edit the \fIsudoers\fR file, \*(L"x\*(R" to exit without
+saving the changes, or \*(L"Q\*(R" to quit and save changes.  The
+\&\*(L"Q\*(R" option should be used with extreme care because if \fBvisudo\fR
+believes there to be a parse error, so will \fBsudo\fR and no one
+will be able to \fBsudo\fR again until the error is fixed.
+If \*(L"e\*(R" is typed to edit the  \fIsudoers\fR file after a parse error
+has been detected, the cursor will be placed on the line where the
+error occurred (if the editor supports this feature).
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+\&\fBvisudo\fR accepts the following command line options:
+.IP "\-c" 12
+.IX Item "-c"
+Enable \fBcheck-only\fR mode.  The existing \fIsudoers\fR file will be
+checked for syntax and a message will be printed to the
+standard output detailing the status of \fIsudoers\fR.
+If the syntax check completes successfully, \fBvisudo\fR will
+exit with a value of 0.  If a syntax error is encountered,
+\&\fBvisudo\fR will exit with a value of 1.
+.IP "\-f \fIsudoers\fR" 12
+.IX Item "-f sudoers"
+Specify and alternate \fIsudoers\fR file location.  With this option
+\&\fBvisudo\fR will edit (or check) the \fIsudoers\fR file of your choice,
+instead of the default, \fI@sysconfdir@/sudoers\fR.  The lock file used
+is the specified \fIsudoers\fR file with \*(L".tmp\*(R" appended to it.
+.IP "\-q" 12
+.IX Item "-q"
+Enable \fBquiet\fR mode.  In this mode details about syntax errors
+are not printed.  This option is only useful when combined with
+the \fB\-c\fR option.
+.IP "\-s" 12
+.IX Item "-s"
+Enable \fBstrict\fR checking of the \fIsudoers\fR file.  If an alias is
+used before it is defined, \fBvisudo\fR will consider this a parse
+error.  Note that it is not possible to differentiate between an
+alias and a host name or user name that consists solely of uppercase
+letters, digits, and the underscore ('_') character.
+.IP "\-V" 12
+.IX Item "-V"
+The \fB\-V\fR (version) option causes \fBvisudo\fR to print its version number
+and exit.
+.SH "ENVIRONMENT"
+.IX Header "ENVIRONMENT"
+The following environment variables may be consulted depending on
+the value of the \fIeditor\fR and \fIenv_editor\fR \fIsudoers\fR variables:
+.ie n .IP "\*(C`VISUAL\*(C'" 16
+.el .IP "\f(CW\*(C`VISUAL\*(C'\fR" 16
+.IX Item "VISUAL"
+Invoked by visudo as the editor to use
+.ie n .IP "\*(C`EDITOR\*(C'" 16
+.el .IP "\f(CW\*(C`EDITOR\*(C'\fR" 16
+.IX Item "EDITOR"
+Used by visudo if \s-1VISUAL\s0 is not set
+.SH "FILES"
+.IX Header "FILES"
+.ie n .IP "\fI@sysconfdir@/sudoers\fR" 24
+.el .IP "\fI@sysconfdir@/sudoers\fR" 24
+.IX Item "@sysconfdir@/sudoers"
+List of who can run what
+.ie n .IP "\fI@sysconfdir@/sudoers.tmp\fR" 24
+.el .IP "\fI@sysconfdir@/sudoers.tmp\fR" 24
+.IX Item "@sysconfdir@/sudoers.tmp"
+Lock file for visudo
+.SH "DIAGNOSTICS"
+.IX Header "DIAGNOSTICS"
+.IP "sudoers file busy, try again later." 4
+.IX Item "sudoers file busy, try again later."
+Someone else is currently editing the \fIsudoers\fR file.
+.ie n .IP "@sysconfdir@/sudoers.tmp: Permission denied" 4
+.el .IP "\f(CW@sysconfdir\fR@/sudoers.tmp: Permission denied" 4
+.IX Item "@sysconfdir@/sudoers.tmp: Permission denied"
+You didn't run \fBvisudo\fR as root.
+.IP "Can't find you in the passwd database" 4
+.IX Item "Can't find you in the passwd database"
+Your userid does not appear in the system passwd file.
+.IP "Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined" 4
+.IX Item "Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined"
+Either you are trying to use an undeclare {User,Runas,Host,Cmnd}_Alias
+or you have a user or host name listed that consists solely of
+uppercase letters, digits, and the underscore ('_') character.  In
+the latter case, you can ignore the warnings (\fBsudo\fR will not
+complain).  In \fB\-s\fR (strict) mode these are errors, not warnings.
+.IP "Warning: unused {User,Runas,Host,Cmnd}_Alias" 4
+.IX Item "Warning: unused {User,Runas,Host,Cmnd}_Alias"
+The specified {User,Runas,Host,Cmnd}_Alias was defined but never
+used.  You may wish to comment out or remove the unused alias.  In
+\&\fB\-s\fR (strict) mode this is an error, not a warning.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIvi\fR\|(1), \fIsudoers\fR\|(@mansectform@), \fIsudo\fR\|(@mansectsu@), \fIvipw\fR\|(8)
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Many people have worked on \fIsudo\fR over the years; this version of
+\&\fBvisudo\fR was written by:
+.PP
+.Vb 1
+\& Todd Miller
+.Ve
+.PP
+See the \s-1HISTORY\s0 file in the sudo distribution or visit
+http://www.sudo.ws/sudo/history.html for more details.
+.SH "CAVEATS"
+.IX Header "CAVEATS"
+There is no easy way to prevent a user from gaining a root shell if 
+the editor used by \fBvisudo\fR allows shell escapes.
+.SH "BUGS"
+.IX Header "BUGS"
+If you feel you have found a bug in \fBvisudo\fR, please submit a bug report
+at http://www.sudo.ws/sudo/bugs/
+.SH "SUPPORT"
+.IX Header "SUPPORT"
+Limited free support is available via the sudo-users mailing list,
+see http://www.sudo.ws/mailman/listinfo/sudo\-users to subscribe or
+search the archives.
+.SH "DISCLAIMER"
+.IX Header "DISCLAIMER"
+\&\fBvisudo\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties,
+including, but not limited to, the implied warranties of merchantability
+and fitness for a particular purpose are disclaimed.  See the \s-1LICENSE\s0
+file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html
+for complete details.
diff --git a/sudo-1.7.4p4/visudo.pod b/sudo-1.7.4p4/visudo.pod
new file mode 100644
index 0000000..ccc5c00
--- /dev/null
+++ b/sudo-1.7.4p4/visudo.pod
@@ -0,0 +1,206 @@
+Copyright (c) 1996,1998-2005, 2007-2010
+	Todd C. Miller <Todd.Miller@courtesan.com>
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Sponsored in part by the Defense Advanced Research Projects
+Agency (DARPA) and Air Force Research Laboratory, Air Force
+Materiel Command, USAF, under agreement number F39502-99-1-0512.
+
+=pod
+
+=head1 NAME
+
+visudo - edit the sudoers file
+
+=head1 SYNOPSIS
+
+B<visudo> [B<-c>] [B<-q>] [B<-s>] [B<-V>] [B<-f> I<sudoers>]
+
+=head1 DESCRIPTION
+
+B<visudo> edits the I<sudoers> file in a safe fashion, analogous to
+L<vipw(8)>.  B<visudo> locks the I<sudoers> file against multiple
+simultaneous edits, provides basic sanity checks, and checks
+for parse errors.  If the I<sudoers> file is currently being
+edited you will receive a message to try again later.
+
+There is a hard-coded list of one or more editors that B<visudo> will
+use set at compile-time that may be overridden via the I<editor> I<sudoers>
+C<Default> variable.  This list defaults to C<"@editor@">.  Normally,
+B<visudo> does not honor the C<VISUAL> or C<EDITOR> environment
+variables unless they contain an editor in the aforementioned editors
+list.  However, if B<visudo> is configured with the I<--with-env-editor>
+option or the I<env_editor> C<Default> variable is set in I<sudoers>,
+B<visudo> will use any the editor defines by C<VISUAL> or C<EDITOR>.
+Note that this can be a security hole since it allows the user to
+execute any program they wish simply by setting C<VISUAL> or C<EDITOR>.
+
+B<visudo> parses the I<sudoers> file after the edit and will
+not save the changes if there is a syntax error.  Upon finding
+an error, B<visudo> will print a message stating the line number(s)
+where the error occurred and the user will receive the
+"What now?" prompt.  At this point the user may enter "e"
+to re-edit the I<sudoers> file, "x" to exit without
+saving the changes, or "Q" to quit and save changes.  The
+"Q" option should be used with extreme care because if B<visudo>
+believes there to be a parse error, so will B<sudo> and no one
+will be able to B<sudo> again until the error is fixed.
+If "e" is typed to edit the  I<sudoers> file after a parse error
+has been detected, the cursor will be placed on the line where the
+error occurred (if the editor supports this feature).
+
+=head1 OPTIONS
+
+B<visudo> accepts the following command line options:
+
+=over 12
+
+=item -c
+
+Enable B<check-only> mode.  The existing I<sudoers> file will be
+checked for syntax and a message will be printed to the
+standard output detailing the status of I<sudoers>.
+If the syntax check completes successfully, B<visudo> will
+exit with a value of 0.  If a syntax error is encountered,
+B<visudo> will exit with a value of 1.
+
+=item -f I<sudoers>
+
+Specify and alternate I<sudoers> file location.  With this option
+B<visudo> will edit (or check) the I<sudoers> file of your choice,
+instead of the default, F<@sysconfdir@/sudoers>.  The lock file used
+is the specified I<sudoers> file with ".tmp" appended to it.
+
+=item -q
+
+Enable B<quiet> mode.  In this mode details about syntax errors
+are not printed.  This option is only useful when combined with
+the B<-c> option.
+
+=item -s
+
+Enable B<strict> checking of the I<sudoers> file.  If an alias is
+used before it is defined, B<visudo> will consider this a parse
+error.  Note that it is not possible to differentiate between an
+alias and a host name or user name that consists solely of uppercase
+letters, digits, and the underscore ('_') character.
+
+=item -V
+
+The B<-V> (version) option causes B<visudo> to print its version number
+and exit.
+
+=back
+
+=head1 ENVIRONMENT
+
+The following environment variables may be consulted depending on
+the value of the I<editor> and I<env_editor> I<sudoers> variables:
+
+=over 16
+
+=item C<VISUAL>
+
+Invoked by visudo as the editor to use
+
+=item C<EDITOR>
+
+Used by visudo if VISUAL is not set
+
+=back
+
+=head1 FILES
+
+=over 24
+
+=item F<@sysconfdir@/sudoers>
+
+List of who can run what
+
+=item F<@sysconfdir@/sudoers.tmp>
+
+Lock file for visudo
+
+=back
+
+=head1 DIAGNOSTICS
+
+=over 4
+
+=item sudoers file busy, try again later.
+
+Someone else is currently editing the I<sudoers> file.
+
+=item @sysconfdir@/sudoers.tmp: Permission denied
+
+You didn't run B<visudo> as root.
+
+=item Can't find you in the passwd database
+
+Your userid does not appear in the system passwd file.
+
+=item Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
+
+Either you are trying to use an undeclare {User,Runas,Host,Cmnd}_Alias
+or you have a user or host name listed that consists solely of
+uppercase letters, digits, and the underscore ('_') character.  In
+the latter case, you can ignore the warnings (B<sudo> will not
+complain).  In B<-s> (strict) mode these are errors, not warnings.
+
+=item Warning: unused {User,Runas,Host,Cmnd}_Alias
+
+The specified {User,Runas,Host,Cmnd}_Alias was defined but never
+used.  You may wish to comment out or remove the unused alias.  In
+B<-s> (strict) mode this is an error, not a warning.
+
+=back
+
+=head1 SEE ALSO
+
+L<vi(1)>, L<sudoers(5)>, L<sudo(8)>, L<vipw(8)>
+
+=head1 AUTHOR
+
+Many people have worked on I<sudo> over the years; this version of
+B<visudo> was written by:
+
+ Todd Miller
+
+See the HISTORY file in the sudo distribution or visit
+http://www.sudo.ws/sudo/history.html for more details.
+
+=head1 CAVEATS
+
+There is no easy way to prevent a user from gaining a root shell if 
+the editor used by B<visudo> allows shell escapes.
+
+=head1 BUGS
+
+If you feel you have found a bug in B<visudo>, please submit a bug report
+at http://www.sudo.ws/sudo/bugs/
+
+=head1 SUPPORT
+
+Limited free support is available via the sudo-users mailing list,
+see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
+search the archives.
+
+=head1 DISCLAIMER
+
+B<visudo> is provided ``AS IS'' and any express or implied warranties,
+including, but not limited to, the implied warranties of merchantability
+and fitness for a particular purpose are disclaimed.  See the LICENSE
+file distributed with B<sudo> or http://www.sudo.ws/sudo/license.html
+for complete details.
diff --git a/sudo-1.7.4p4/zero_bytes.c b/sudo-1.7.4p4/zero_bytes.c
new file mode 100644
index 0000000..7391780
--- /dev/null
+++ b/sudo-1.7.4p4/zero_bytes.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2003-2005, 2007 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+
+#include <config.h>
+#include <compat.h>
+
+/*
+ * Like bzero(3) but with a volatile pointer.  The hope is that
+ * the compiler will not be able to optimize away this function.
+ */
+void
+zero_bytes(v, n)
+    volatile void *v;
+    size_t n;
+{
+    volatile char *p, *ep;
+
+    for (p = v, ep = p + n; p < ep; p++)
+	*p = 0;
+    return;
+}
diff --git a/sudo.tar.gz b/sudo.tar.gz
new file mode 100644
index 0000000..79a0bf8
--- /dev/null
+++ b/sudo.tar.gz
Binary files differ
diff --git a/sudo.url b/sudo.url
new file mode 100644
index 0000000..eee6b88
--- /dev/null
+++ b/sudo.url
@@ -0,0 +1 @@
+http://www.sudo.ws/sudo/dist/sudo-1.7.4p4.tar.gz
diff --git a/sudo.version b/sudo.version
new file mode 100644
index 0000000..d7f62a6
--- /dev/null
+++ b/sudo.version
@@ -0,0 +1 @@
+1.7.4p4