diff options
| author |   millert <millert@openbsd.org> | 2010-06-02 19:30:10 +0000 |
|---|---|---|
| committer | millert <millert@openbsd.org> | 2010-06-02 19:30:10 +0000 |
| commit | efa9ad63f293bd89a30acd5fd9872ea32a22376d (patch) | |
| tree | 4c8a908f411e1c5bba2cfdf641685f7ceda3b4a5 | |
| parent | check event_dispatch() return value (diff) | |
| download | wireguard-openbsd-efa9ad63f293bd89a30acd5fd9872ea32a22376d.tar.xz wireguard-openbsd-efa9ad63f293bd89a30acd5fd9872ea32a22376d.zip | |
Update to sudo 1.7.2p7
| -rw-r--r-- | usr.bin/sudo/ChangeLog | 73 | ||||
| -rw-r--r-- | usr.bin/sudo/Makefile.in | 2 | ||||
| -rw-r--r-- | usr.bin/sudo/README.LDAP | 4 | ||||
| -rw-r--r-- | usr.bin/sudo/aclocal.m4 | 7 | ||||
| -rw-r--r-- | usr.bin/sudo/alias.c | 2 | ||||
| -rw-r--r-- | usr.bin/sudo/auth/pam.c | 3 | ||||
| -rw-r--r-- | usr.bin/sudo/config.h | 6 | ||||
| -rw-r--r-- | usr.bin/sudo/configure | 1030 | ||||
| -rw-r--r-- | usr.bin/sudo/configure.in | 28 | ||||
| -rw-r--r-- | usr.bin/sudo/env.c | 43 | ||||
| -rw-r--r-- | usr.bin/sudo/sudoers.pod | 14 | ||||
| -rw-r--r-- | usr.bin/sudo/vasgroups.c | 6 | ||||
| -rw-r--r-- | usr.bin/sudo/visudo.c | 89 |
13 files changed, 791 insertions, 516 deletions
diff --git a/usr.bin/sudo/ChangeLog b/usr.bin/sudo/ChangeLog index a8d71a2dfe0..6ff582fad1d 100644 --- a/usr.bin/sudo/ChangeLog +++ b/usr.bin/sudo/ChangeLog @@ -1,38 +1,79 @@ +2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com> + + * auth/pam.c: Fix OpenPAM detection for newer versions. + + * vasgroups.c: Sync with Quest sudo git repo + + * aclocal.m4, configure, configure.in: Adapted from Quest sudo. + HP-UX ld uses +b instead of -R or -rpath. + Fix typo in libvas check. + libvas may need libdl for dlopen(). + Add missing template for ENV_DEBUG. + + * README.LDAP: + Fix typos; from Quest Sudo + + * Makefile.in, configure.in: + Use value of SHELL from configure in Makefile + +2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com> + + * env.c: Handle duplicate variables in the environment. + For unsetenv(), keep looking even after remove the first instance. + For sudo_putenv(), check for and remove dupes after we replace an + existing value. + +2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: Fix a crash when checking a sudoers file that has aliases + that reference themselves. Based on a diff from David Wood. + +2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com> + + * alias.c: Fix use after free in error message when a duplicate + alias exists. + +2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com> + + * visudo.c: Set errorfile to the sudoers path if we set parse_error + manually. This prevents a NULL dereference in printf() when + checking a sudoers file in strict mode when alias errors are present. + 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com> - * configure, configure.in: Fix installation of sudoers.ldap - in "make install" when --with-ldap was specified without a - directory. From Prof. Dr. Andreas Mueller + * configure, configure.in: Fix installation of sudoers.ldap + in "make install" when --with-ldap was specified without a + directory. From Prof. Dr. Andreas Mueller 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com> - * find_path.c: Qualify the command even if it is in the - current working directory, e.g. "./foo" instead of just - returning "foo". This removes an ambiguity between real - commands and possible pseudo-commands in command matching. + * find_path.c: Qualify the command even if it is in the + current working directory, e.g. "./foo" instead of just + returning "foo". This removes an ambiguity between real + commands and possible pseudo-commands in command matching. 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com> - * sudoers.cat, sudoers.man.in, sudoers.pod: Add a note about - the security implications of the fast_glob option. + * sudoers.cat, sudoers.man.in, sudoers.pod: Add a note about + the security implications of the fast_glob option. * memrchr.c: Remove duplicate includes 2010-03-10 Todd C. Miller <Todd.Miller@courtesan.com> - * sudo.c: Fix a bug introduced with def_closefrom. The value - of def_closefrom already includes the +1. + * sudo.c: Fix a bug introduced with def_closefrom. The value + of def_closefrom already includes the +1. 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com> - * match.c: When doing a glob match, short circuit if - gl.gl_pathc is 0. From Mark Kettenis. + * match.c: When doing a glob match, short circuit if + gl.gl_pathc is 0. From Mark Kettenis. 2010-02-22 Todd C. Miller <Todd.Miller@courtesan.com> - * match.c: Check for pseudo-command by looking at the first - character of the command in sudoers instead of checking the - user-supplied command for a slash. + * match.c: Check for pseudo-command by looking at the first + character of the command in sudoers instead of checking the + user-supplied command for a slash. 2010-02-09 Todd C. Miller <Todd.Miller@courtesan.com> diff --git a/usr.bin/sudo/Makefile.in b/usr.bin/sudo/Makefile.in index 8d69f819074..ac65fa70980 100644 --- a/usr.bin/sudo/Makefile.in +++ b/usr.bin/sudo/Makefile.in @@ -96,7 +96,7 @@ DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -DSUDOERS_UID=$(sudoer #### End of system configuration section. #### -SHELL = /bin/sh +SHELL = @SHELL@ PROGS = @PROGS@ diff --git a/usr.bin/sudo/README.LDAP b/usr.bin/sudo/README.LDAP index 85f05f54994..113b0f150ee 100644 --- a/usr.bin/sudo/README.LDAP +++ b/usr.bin/sudo/README.LDAP @@ -35,7 +35,7 @@ They are one and the same. Build instructions ================== -The most simplest way to build sudo with LDAP support is to include the +The simplest way to build sudo with LDAP support is to include the '--with-ldap' option. $ ./configure --with-ldap @@ -48,7 +48,7 @@ to specify them at configure time. E.g. Sudo is developed using OpenLDAP but Netscape-based LDAP libraries (such as those present in Solaris) are also known to work. -Your Mileage may vary. Please let the sudo workers mailing list +Your mileage may vary. Please let the sudo workers mailing list <sudo-workers@sudo.ws> know if special configuration was required to build an LDAP-enabled sudo so we can improve sudo. diff --git a/usr.bin/sudo/aclocal.m4 b/usr.bin/sudo/aclocal.m4 index 1a6d9904931..d8b55c0467b 100644 --- a/usr.bin/sudo/aclocal.m4 +++ b/usr.bin/sudo/aclocal.m4 @@ -349,7 +349,12 @@ dnl append a libpath to an LDFLAGS style variable dnl AC_DEFUN(SUDO_APPEND_LIBPATH, [ if test X"$with_rpath" = X"yes"; then - $1="${$1} -L$2 -R$2" + case "$host" in + *-*-hpux*) $1="${$1} -L$2 -Wl,+b,$2" + ;; + *) $1="${$1} -L$2 -Wl,-R$2" + ;; + esac else $1="${$1} -L$2" fi diff --git a/usr.bin/sudo/alias.c b/usr.bin/sudo/alias.c index e389c711393..0478e5ab8d0 100644 --- a/usr.bin/sudo/alias.c +++ b/usr.bin/sudo/alias.c @@ -121,8 +121,8 @@ alias_add(name, type, members) a->seqno = 0; list2tq(&a->members, members); if (rbinsert(aliases, a)) { - alias_free(a); snprintf(errbuf, sizeof(errbuf), "Alias `%s' already defined", name); + alias_free(a); return(errbuf); } return(NULL); diff --git a/usr.bin/sudo/auth/pam.c b/usr.bin/sudo/auth/pam.c index f4269b841bf..f9fa26d3438 100644 --- a/usr.bin/sudo/auth/pam.c +++ b/usr.bin/sudo/auth/pam.c @@ -66,7 +66,8 @@ #include "sudo_auth.h" /* Only OpenPAM and Linux PAM use const qualifiers. */ -#if defined(_OPENPAM) || defined(__LIBPAM_VERSION) || defined(__LINUX_PAM__) +#if defined(_OPENPAM) || defined(OPENPAM_VERSION) || \ + defined(__LIBPAM_VERSION) || defined(__LINUX_PAM__) # define PAM_CONST const #else # define PAM_CONST diff --git a/usr.bin/sudo/config.h b/usr.bin/sudo/config.h index 90325266d8f..7bf54b73e27 100644 --- a/usr.bin/sudo/config.h +++ b/usr.bin/sudo/config.h @@ -1,4 +1,4 @@ -/* $OpenBSD: config.h,v 1.18 2010/04/13 23:22:01 millert Exp $ */ +/* $OpenBSD: config.h,v 1.19 2010/06/02 19:30:10 millert Exp $ */ #ifndef _SUDO_CONFIG_H #define _SUDO_CONFIG_H @@ -10,9 +10,9 @@ #define PACKAGE_BUGREPORT "http://www.sudo.ws/bugs/" #define PACKAGE_NAME "sudo" -#define PACKAGE_STRING "sudo 1.7.2p6" +#define PACKAGE_STRING "sudo 1.7.2p7" #define PACKAGE_TARNAME "sudo" -#define PACKAGE_VERSION "1.7.2p6" +#define PACKAGE_VERSION "1.7.2p7" #define HAVE_ASPRINTF 1 #define HAVE_BSD_AUTH_H 1 diff --git a/usr.bin/sudo/configure b/usr.bin/sudo/configure index 95f96c44095..fefb328043b 100644 --- a/usr.bin/sudo/configure +++ b/usr.bin/sudo/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.61 for sudo 1.7.2p6. +# Generated by GNU Autoconf 2.61 for sudo 1.7.2p7. # # Report bugs to <http://www.sudo.ws/bugs/>. # @@ -724,8 +724,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.7.2p6' -PACKAGE_STRING='sudo 1.7.2p6' +PACKAGE_VERSION='1.7.2p7' +PACKAGE_STRING='sudo 1.7.2p7' PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/' # Factoring default headers for most tests. @@ -870,11 +870,11 @@ ldap_secret nsswitch_conf netsvc_conf secure_path -EGREPPROG CC ac_ct_CC EXEEXT OBJEXT +EGREPPROG CPP build build_cpu @@ -1417,7 +1417,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.7.2p6 to adapt to many kinds of systems. +\`configure' configures sudo 1.7.2p7 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1482,7 +1482,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.7.2p6:";; + short | recursive ) echo "Configuration of sudo 1.7.2p7:";; esac cat <<\_ACEOF @@ -1684,7 +1684,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.7.2p6 +sudo configure 1.7.2p7 generated by GNU Autoconf 2.61 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -1698,7 +1698,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.7.2p6, which was +It was created by sudo $as_me 1.7.2p7, which was generated by GNU Autoconf 2.61. Invocation command line was $ $0 $@ @@ -2124,6 +2124,7 @@ echo "$as_me: Configuring Sudo version $PACKAGE_VERSION" >&6;} + timeout=5 password_timeout=5 sudo_umask=0022 @@ -3803,396 +3804,6 @@ echo "${ECHO_T}no" >&6; } fi - -# Check whether --with-libvas was given. -if test "${with_libvas+set}" = set; then - withval=$with_libvas; case $with_libvas in - yes) with_libvas=libvas.so - ;; - no) ;; - *) -cat >>confdefs.h <<_ACEOF -#define LIBVAS_SO "$with_with_libvas" -_ACEOF - - ;; -esac -if test X"$with_libvas" != X"no"; then - -cat >>confdefs.h <<_ACEOF -#define LIBVAS_SO "$with_libvas" -_ACEOF - - cat >>confdefs.h <<\_ACEOF -#define USING_NONUNIX_GROUPS 1 -_ACEOF - - NONUNIX_GROUPS_IMPL="vasgroups.o" - -# Check whether --with-libvas-rpath was given. -if test "${with_libvas_rpath+set}" = set; then - withval=$with_libvas_rpath; LIBVAS_RPATH=$withval -else - LIBVAS_RPATH=/opt/quest/lib -fi - -fi - -fi - - - -{ echo "$as_me:$LINENO: checking whether to do user authentication by default" >&5 -echo $ECHO_N "checking whether to do user authentication by default... $ECHO_C" >&6; } -# Check whether --enable-authentication was given. -if test "${enable_authentication+set}" = set; then - enableval=$enable_authentication; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - ;; - no) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - cat >>confdefs.h <<\_ACEOF -#define NO_AUTHENTICATION 1 -_ACEOF - - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&2;} - ;; - esac - -else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -fi - - -{ echo "$as_me:$LINENO: checking whether to disable running the mailer as root" >&5 -echo $ECHO_N "checking whether to disable running the mailer as root... $ECHO_C" >&6; } -# Check whether --enable-root-mailer was given. -if test "${enable_root_mailer+set}" = set; then - enableval=$enable_root_mailer; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - no) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - cat >>confdefs.h <<\_ACEOF -#define NO_ROOT_MAILER 1 -_ACEOF - - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&2;} - ;; - esac - -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -# Check whether --enable-setreuid was given. -if test "${enable_setreuid+set}" = set; then - enableval=$enable_setreuid; case "$enableval" in - no) SKIP_SETREUID=yes - ;; - *) ;; - esac - -fi - - -# Check whether --enable-setresuid was given. -if test "${enable_setresuid+set}" = set; then - enableval=$enable_setresuid; case "$enableval" in - no) SKIP_SETRESUID=yes - ;; - *) ;; - esac - -fi - - -{ echo "$as_me:$LINENO: checking whether to disable shadow password support" >&5 -echo $ECHO_N "checking whether to disable shadow password support... $ECHO_C" >&6; } -# Check whether --enable-shadow was given. -if test "${enable_shadow+set}" = set; then - enableval=$enable_shadow; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - no) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - CHECKSHADOW="false" - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&2;} - ;; - esac - -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -{ echo "$as_me:$LINENO: checking whether root should be allowed to use sudo" >&5 -echo $ECHO_N "checking whether root should be allowed to use sudo... $ECHO_C" >&6; } -# Check whether --enable-root-sudo was given. -if test "${enable_root_sudo+set}" = set; then - enableval=$enable_root_sudo; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - ;; - no) cat >>confdefs.h <<\_ACEOF -#define NO_ROOT_SUDO 1 -_ACEOF - - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - root_sudo=off - ;; - *) { { echo "$as_me:$LINENO: error: \"--enable-root-sudo does not take an argument.\"" >&5 -echo "$as_me: error: \"--enable-root-sudo does not take an argument.\"" >&2;} - { (exit 1); exit 1; }; } - ;; - esac - -else - { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } -fi - - -{ echo "$as_me:$LINENO: checking whether to log the hostname in the log file" >&5 -echo $ECHO_N "checking whether to log the hostname in the log file... $ECHO_C" >&6; } -# Check whether --enable-log-host was given. -if test "${enable_log_host+set}" = set; then - enableval=$enable_log_host; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - cat >>confdefs.h <<\_ACEOF -#define HOST_IN_LOG 1 -_ACEOF - - ;; - no) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&2;} - ;; - esac - -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -{ echo "$as_me:$LINENO: checking whether to invoke a shell if sudo is given no arguments" >&5 -echo $ECHO_N "checking whether to invoke a shell if sudo is given no arguments... $ECHO_C" >&6; } -# Check whether --enable-noargs-shell was given. -if test "${enable_noargs_shell+set}" = set; then - enableval=$enable_noargs_shell; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - cat >>confdefs.h <<\_ACEOF -#define SHELL_IF_NO_ARGS 1 -_ACEOF - - ;; - no) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&2;} - ;; - esac - -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -{ echo "$as_me:$LINENO: checking whether to set \$HOME to target user in shell mode" >&5 -echo $ECHO_N "checking whether to set \$HOME to target user in shell mode... $ECHO_C" >&6; } -# Check whether --enable-shell-sets-home was given. -if test "${enable_shell_sets_home+set}" = set; then - enableval=$enable_shell_sets_home; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - cat >>confdefs.h <<\_ACEOF -#define SHELL_SETS_HOME 1 -_ACEOF - - ;; - no) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&2;} - ;; - esac - -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -{ echo "$as_me:$LINENO: checking whether to disable 'command not found' messages" >&5 -echo $ECHO_N "checking whether to disable 'command not found' messages... $ECHO_C" >&6; } -# Check whether --enable-path_info was given. -if test "${enable_path_info+set}" = set; then - enableval=$enable_path_info; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - no) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - cat >>confdefs.h <<\_ACEOF -#define DONT_LEAK_PATH_INFO 1 -_ACEOF - - path_info=off - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&2;} - ;; - esac - -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -{ echo "$as_me:$LINENO: checking whether to enable environment debugging" >&5 -echo $ECHO_N "checking whether to enable environment debugging... $ECHO_C" >&6; } -# Check whether --enable-env_debug was given. -if test "${enable_env_debug+set}" = set; then - enableval=$enable_env_debug; case "$enableval" in - yes) { echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6; } - cat >>confdefs.h <<\_ACEOF -#define ENV_DEBUG 1 -_ACEOF - - ;; - no) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - ;; - *) { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } - { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&5 -echo "$as_me: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&2;} - ;; - esac - -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - - -# Check whether --with-selinux was given. -if test "${with_selinux+set}" = set; then - withval=$with_selinux; case $with_selinux in - yes) SELINUX_USAGE="[-r role] [-t type] " - cat >>confdefs.h <<\_ACEOF -#define HAVE_SELINUX 1 -_ACEOF - - SUDO_LIBS="${SUDO_LIBS} -lselinux" - SUDO_OBJS="${SUDO_OBJS} selinux.o" - PROGS="${PROGS} sesh" - SELINUX="" - SEMAN="" - ;; - no) ;; - *) { { echo "$as_me:$LINENO: error: \"--with-selinux does not take an argument.\"" >&5 -echo "$as_me: error: \"--with-selinux does not take an argument.\"" >&2;} - { (exit 1); exit 1; }; } - ;; -esac -fi - - -# Check whether --enable-gss_krb5_ccache_name was given. -if test "${enable_gss_krb5_ccache_name+set}" = set; then - enableval=$enable_gss_krb5_ccache_name; check_gss_krb5_ccache_name=$enableval -else - check_gss_krb5_ccache_name=no -fi - - -# Extract the first word of "egrep", so it can be a program name with args. -set dummy egrep; ac_word=$2 -{ echo "$as_me:$LINENO: checking for $ac_word" >&5 -echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } -if test "${ac_cv_prog_EGREPPROG+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - if test -n "$EGREPPROG"; then - ac_cv_prog_EGREPPROG="$EGREPPROG" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then - ac_cv_prog_EGREPPROG="egrep" - echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done -done -IFS=$as_save_IFS - -fi -fi -EGREPPROG=$ac_cv_prog_EGREPPROG -if test -n "$EGREPPROG"; then - { echo "$as_me:$LINENO: result: $EGREPPROG" >&5 -echo "${ECHO_T}$EGREPPROG" >&6; } -else - { echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6; } -fi - - -if test -z "$EGREPPROG"; then - { { echo "$as_me:$LINENO: error: Sorry, configure requires egrep to run." >&5 -echo "$as_me: error: Sorry, configure requires egrep to run." >&2;} - { (exit 1); exit 1; }; } -fi - -if test "$with_devel" != "yes"; then - ac_cv_prog_cc_g=no -fi - ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -5113,6 +4724,461 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ ac_compiler_gnu=$ac_cv_c_compiler_gnu + +# Check whether --with-libvas was given. +if test "${with_libvas+set}" = set; then + withval=$with_libvas; case $with_libvas in + yes) with_libvas=libvas.so + ;; + no) ;; + *) +cat >>confdefs.h <<_ACEOF +#define LIBVAS_SO "$with_libvas" +_ACEOF + + ;; +esac +if test X"$with_libvas" != X"no"; then + +cat >>confdefs.h <<_ACEOF +#define LIBVAS_SO "$with_libvas" +_ACEOF + + cat >>confdefs.h <<\_ACEOF +#define USING_NONUNIX_GROUPS 1 +_ACEOF + + NONUNIX_GROUPS_IMPL="vasgroups.o" + +# Check whether --with-libvas-rpath was given. +if test "${with_libvas_rpath+set}" = set; then + withval=$with_libvas_rpath; LIBVAS_RPATH=$withval +else + LIBVAS_RPATH=/opt/quest/lib +fi + + +{ echo "$as_me:$LINENO: checking for main in -ldl" >&5 +echo $ECHO_N "checking for main in -ldl... $ECHO_C" >&6; } +if test "${ac_cv_lib_dl_main+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + + +int +main () +{ +return main (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 + (eval "$ac_link") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && + $as_test_x conftest$ac_exeext; then + ac_cv_lib_dl_main=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_cv_lib_dl_main=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ echo "$as_me:$LINENO: result: $ac_cv_lib_dl_main" >&5 +echo "${ECHO_T}$ac_cv_lib_dl_main" >&6; } +if test $ac_cv_lib_dl_main = yes; then + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBDL 1 +_ACEOF + + LIBS="-ldl $LIBS" + +fi + +fi + +fi + + + +{ echo "$as_me:$LINENO: checking whether to do user authentication by default" >&5 +echo $ECHO_N "checking whether to do user authentication by default... $ECHO_C" >&6; } +# Check whether --enable-authentication was given. +if test "${enable_authentication+set}" = set; then + enableval=$enable_authentication; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + ;; + no) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + cat >>confdefs.h <<\_ACEOF +#define NO_AUTHENTICATION 1 +_ACEOF + + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } +fi + + +{ echo "$as_me:$LINENO: checking whether to disable running the mailer as root" >&5 +echo $ECHO_N "checking whether to disable running the mailer as root... $ECHO_C" >&6; } +# Check whether --enable-root-mailer was given. +if test "${enable_root_mailer+set}" = set; then + enableval=$enable_root_mailer; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + no) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + cat >>confdefs.h <<\_ACEOF +#define NO_ROOT_MAILER 1 +_ACEOF + + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +# Check whether --enable-setreuid was given. +if test "${enable_setreuid+set}" = set; then + enableval=$enable_setreuid; case "$enableval" in + no) SKIP_SETREUID=yes + ;; + *) ;; + esac + +fi + + +# Check whether --enable-setresuid was given. +if test "${enable_setresuid+set}" = set; then + enableval=$enable_setresuid; case "$enableval" in + no) SKIP_SETRESUID=yes + ;; + *) ;; + esac + +fi + + +{ echo "$as_me:$LINENO: checking whether to disable shadow password support" >&5 +echo $ECHO_N "checking whether to disable shadow password support... $ECHO_C" >&6; } +# Check whether --enable-shadow was given. +if test "${enable_shadow+set}" = set; then + enableval=$enable_shadow; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + no) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + CHECKSHADOW="false" + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +{ echo "$as_me:$LINENO: checking whether root should be allowed to use sudo" >&5 +echo $ECHO_N "checking whether root should be allowed to use sudo... $ECHO_C" >&6; } +# Check whether --enable-root-sudo was given. +if test "${enable_root_sudo+set}" = set; then + enableval=$enable_root_sudo; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + ;; + no) cat >>confdefs.h <<\_ACEOF +#define NO_ROOT_SUDO 1 +_ACEOF + + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + root_sudo=off + ;; + *) { { echo "$as_me:$LINENO: error: \"--enable-root-sudo does not take an argument.\"" >&5 +echo "$as_me: error: \"--enable-root-sudo does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } + ;; + esac + +else + { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } +fi + + +{ echo "$as_me:$LINENO: checking whether to log the hostname in the log file" >&5 +echo $ECHO_N "checking whether to log the hostname in the log file... $ECHO_C" >&6; } +# Check whether --enable-log-host was given. +if test "${enable_log_host+set}" = set; then + enableval=$enable_log_host; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + cat >>confdefs.h <<\_ACEOF +#define HOST_IN_LOG 1 +_ACEOF + + ;; + no) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +{ echo "$as_me:$LINENO: checking whether to invoke a shell if sudo is given no arguments" >&5 +echo $ECHO_N "checking whether to invoke a shell if sudo is given no arguments... $ECHO_C" >&6; } +# Check whether --enable-noargs-shell was given. +if test "${enable_noargs_shell+set}" = set; then + enableval=$enable_noargs_shell; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + cat >>confdefs.h <<\_ACEOF +#define SHELL_IF_NO_ARGS 1 +_ACEOF + + ;; + no) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +{ echo "$as_me:$LINENO: checking whether to set \$HOME to target user in shell mode" >&5 +echo $ECHO_N "checking whether to set \$HOME to target user in shell mode... $ECHO_C" >&6; } +# Check whether --enable-shell-sets-home was given. +if test "${enable_shell_sets_home+set}" = set; then + enableval=$enable_shell_sets_home; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + cat >>confdefs.h <<\_ACEOF +#define SHELL_SETS_HOME 1 +_ACEOF + + ;; + no) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +{ echo "$as_me:$LINENO: checking whether to disable 'command not found' messages" >&5 +echo $ECHO_N "checking whether to disable 'command not found' messages... $ECHO_C" >&6; } +# Check whether --enable-path_info was given. +if test "${enable_path_info+set}" = set; then + enableval=$enable_path_info; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + no) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + cat >>confdefs.h <<\_ACEOF +#define DONT_LEAK_PATH_INFO 1 +_ACEOF + + path_info=off + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +{ echo "$as_me:$LINENO: checking whether to enable environment debugging" >&5 +echo $ECHO_N "checking whether to enable environment debugging... $ECHO_C" >&6; } +# Check whether --enable-env_debug was given. +if test "${enable_env_debug+set}" = set; then + enableval=$enable_env_debug; case "$enableval" in + yes) { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + cat >>confdefs.h <<\_ACEOF +#define ENV_DEBUG 1 +_ACEOF + + ;; + no) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + ;; + *) { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-env-debug: $enableval" >&2;} + ;; + esac + +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + + +# Check whether --with-selinux was given. +if test "${with_selinux+set}" = set; then + withval=$with_selinux; case $with_selinux in + yes) SELINUX_USAGE="[-r role] [-t type] " + cat >>confdefs.h <<\_ACEOF +#define HAVE_SELINUX 1 +_ACEOF + + SUDO_LIBS="${SUDO_LIBS} -lselinux" + SUDO_OBJS="${SUDO_OBJS} selinux.o" + PROGS="${PROGS} sesh" + SELINUX="" + SEMAN="" + ;; + no) ;; + *) { { echo "$as_me:$LINENO: error: \"--with-selinux does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-selinux does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } + ;; +esac +fi + + +# Check whether --enable-gss_krb5_ccache_name was given. +if test "${enable_gss_krb5_ccache_name+set}" = set; then + enableval=$enable_gss_krb5_ccache_name; check_gss_krb5_ccache_name=$enableval +else + check_gss_krb5_ccache_name=no +fi + + +# Extract the first word of "egrep", so it can be a program name with args. +set dummy egrep; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_prog_EGREPPROG+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$EGREPPROG"; then + ac_cv_prog_EGREPPROG="$EGREPPROG" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_EGREPPROG="egrep" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + +fi +fi +EGREPPROG=$ac_cv_prog_EGREPPROG +if test -n "$EGREPPROG"; then + { echo "$as_me:$LINENO: result: $EGREPPROG" >&5 +echo "${ECHO_T}$EGREPPROG" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +if test -z "$EGREPPROG"; then + { { echo "$as_me:$LINENO: error: Sorry, configure requires egrep to run." >&5 +echo "$as_me: error: Sorry, configure requires egrep to run." >&2;} + { (exit 1); exit 1; }; } +fi + +if test "$with_devel" != "yes"; then + ac_cv_prog_cc_g=no +fi + { echo "$as_me:$LINENO: checking for library containing strerror" >&5 echo $ECHO_N "checking for library containing strerror... $ECHO_C" >&6; } if test "${ac_cv_search_strerror+set}" = set; then @@ -6268,7 +6334,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 6271 "configure"' > conftest.$ac_ext + echo '#line 6337 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -8132,11 +8198,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8135: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8201: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8139: \$? = $ac_status" >&5 + echo "$as_me:8205: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8422,11 +8488,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8425: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8491: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8429: \$? = $ac_status" >&5 + echo "$as_me:8495: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8526,11 +8592,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8529: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8595: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:8533: \$? = $ac_status" >&5 + echo "$as_me:8599: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -10886,7 +10952,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 10889 "configure" +#line 10955 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -10986,7 +11052,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<EOF -#line 10989 "configure" +#line 11055 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -12792,7 +12858,12 @@ if test -n "$with_libpath"; then for i in ${with_libpath}; do if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L$i -R$i" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L$i -Wl,+b,$i" + ;; + *) LDFLAGS="${LDFLAGS} -L$i -Wl,-R$i" + ;; + esac else LDFLAGS="${LDFLAGS} -L$i" fi @@ -19842,7 +19913,10 @@ if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then fi if test ${with_pam-"no"} != "no"; then - { echo "$as_me:$LINENO: checking for main in -ldl" >&5 + case "$LIBS" in + *-ldl*) SUDO_LIBS="${SUDO_LIBS} -lpam" + ;; + *) { echo "$as_me:$LINENO: checking for main in -ldl" >&5 echo $ECHO_N "checking for main in -ldl... $ECHO_C" >&6; } if test "${ac_cv_lib_dl_main+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -19903,7 +19977,9 @@ else SUDO_LIBS="${SUDO_LIBS} -lpam" fi - ac_cv_lib_dl=ac_cv_lib_dl_main + ac_cv_lib_dl=ac_cv_lib_dl_main + ;; + esac @@ -20478,7 +20554,12 @@ if test ${with_fwtk-'no'} != "no"; then if test "$with_fwtk" != "yes"; then if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk} -R${with_fwtk}" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk} -Wl,+b,${with_fwtk}" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk} -Wl,-R${with_fwtk}" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk}" fi @@ -20505,7 +20586,12 @@ if test ${with_SecurID-'no'} != "no"; then _LDFLAGS="${LDFLAGS}" if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L${with_SecurID} -R${with_SecurID}" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_SecurID} -Wl,+b,${with_SecurID}" + ;; + *) LDFLAGS="${LDFLAGS} -L${with_SecurID} -Wl,-R${with_SecurID}" + ;; + esac else LDFLAGS="${LDFLAGS} -L${with_SecurID}" fi @@ -20588,7 +20674,12 @@ if test $ac_cv_lib_aceclnt_SD_Init_______lpthread_______ = yes; then if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID} -R${with_SecurID}" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID} -Wl,+b,${with_SecurID}" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID} -Wl,-R${with_SecurID}" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID}" fi @@ -20660,7 +20751,12 @@ rm -f conftest.err conftest.$ac_ext else if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib -R${with_kerb4}/lib" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib -Wl,+b,${with_kerb4}/lib" + ;; + *) LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib -Wl,-R${with_kerb4}/lib" + ;; + esac else LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib" fi @@ -20670,7 +20766,12 @@ rm -f conftest.err conftest.$ac_ext if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb4}/lib -R${with_kerb4}/lib" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb4}/lib -Wl,+b,${with_kerb4}/lib" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb4}/lib -Wl,-R${with_kerb4}/lib" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb4}/lib" fi @@ -21352,7 +21453,12 @@ echo "$as_me: WARNING: Unable to locate Kerberos V include files, you will have else if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb5}/lib -R${with_kerb5}/lib" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb5}/lib -Wl,+b,${with_kerb5}/lib" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb5}/lib -Wl,-R${with_kerb5}/lib" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb5}/lib" fi @@ -21800,7 +21906,12 @@ if test ${with_AFS-'no'} = "yes"; then if test -d ${i}; then if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L$i -R$i" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L$i -Wl,+b,$i" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L$i -Wl,-R$i" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L$i" fi @@ -21859,7 +21970,12 @@ if test ${with_skey-'no'} = "yes"; then CPPFLAGS="${CPPFLAGS} -I${with_skey}/include" if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L${with_skey}/lib -R${with_skey}/lib" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_skey}/lib -Wl,+b,${with_skey}/lib" + ;; + *) LDFLAGS="${LDFLAGS} -L${with_skey}/lib -Wl,-R${with_skey}/lib" + ;; + esac else LDFLAGS="${LDFLAGS} -L${with_skey}/lib" fi @@ -21869,7 +21985,12 @@ if test ${with_skey-'no'} = "yes"; then if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_skey}/lib -R${with_skey}/lib" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_skey}/lib -Wl,+b,${with_skey}/lib" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_skey}/lib -Wl,-R${with_skey}/lib" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_skey}/lib" fi @@ -21944,7 +22065,12 @@ rm -f conftest.err conftest.$ac_ext else if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L${dir}/lib -R${dir}/lib" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib" + ;; + *) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib" + ;; + esac else LDFLAGS="${LDFLAGS} -L${dir}/lib" fi @@ -21954,7 +22080,12 @@ rm -f conftest.err conftest.$ac_ext if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -R${dir}/lib" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib" fi @@ -22109,7 +22240,12 @@ if test ${with_opie-'no'} = "yes"; then CPPFLAGS="${CPPFLAGS} -I${with_opie}/include" if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L${with_opie}/lib -R${with_opie}/lib" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_opie}/lib -Wl,+b,${with_opie}/lib" + ;; + *) LDFLAGS="${LDFLAGS} -L${with_opie}/lib -Wl,-R${with_opie}/lib" + ;; + esac else LDFLAGS="${LDFLAGS} -L${with_opie}/lib" fi @@ -22119,7 +22255,12 @@ if test ${with_opie-'no'} = "yes"; then if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_opie}/lib -R${with_opie}/lib" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_opie}/lib -Wl,+b,${with_opie}/lib" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_opie}/lib -Wl,-R${with_opie}/lib" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_opie}/lib" fi @@ -22194,7 +22335,12 @@ rm -f conftest.err conftest.$ac_ext else if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L${dir}/lib -R${dir}/lib" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib" + ;; + *) LDFLAGS="${LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib" + ;; + esac else LDFLAGS="${LDFLAGS} -L${dir}/lib" fi @@ -22204,7 +22350,12 @@ rm -f conftest.err conftest.$ac_ext if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -R${dir}/lib" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -Wl,+b,${dir}/lib" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -Wl,-R${dir}/lib" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib" fi @@ -22864,7 +23015,12 @@ if test ${with_ldap-'no'} != "no"; then if test "$with_ldap" != "yes"; then if test X"$with_rpath" = X"yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_ldap}/lib -R${with_ldap}/lib" + case "$host" in + *-*-hpux*) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_ldap}/lib -Wl,+b,${with_ldap}/lib" + ;; + *) SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_ldap}/lib -Wl,-R${with_ldap}/lib" + ;; + esac else SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_ldap}/lib" fi @@ -22874,7 +23030,12 @@ if test ${with_ldap-'no'} != "no"; then if test X"$with_rpath" = X"yes"; then - LDFLAGS="${LDFLAGS} -L${with_ldap}/lib -R${with_ldap}/lib" + case "$host" in + *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_ldap}/lib -Wl,+b,${with_ldap}/lib" + ;; + *) LDFLAGS="${LDFLAGS} -L${with_ldap}/lib -Wl,-R${with_ldap}/lib" + ;; + esac else LDFLAGS="${LDFLAGS} -L${with_ldap}/lib" fi @@ -24011,7 +24172,12 @@ if test X"$LIBVAS_RPATH" != X""; then if test -n "$blibpath"; then blibpath_add="${blibpath_add}:$LIBVAS_RPATH" else - LDFLAGS="$LDFLAGS -R$LIBVAS_RPATH" + case "$host" in + *-*-hpux*) LDFLAGS="$LDFLAGS -Wl,+b,$LIBVAS_RPATH" + ;; + *) LDFLAGS="$LDFLAGS -Wl,-R$LIBVAS_RPATH" + ;; + esac fi fi @@ -24559,7 +24725,7 @@ exec 6>&1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.7.2p6, which was +This file was extended by sudo $as_me 1.7.2p7, which was generated by GNU Autoconf 2.61. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -24608,7 +24774,7 @@ Report bugs to <bug-autoconf@gnu.org>." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -sudo config.status 1.7.2p6 +sudo config.status 1.7.2p7 configured by $0, generated by GNU Autoconf 2.61, with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" @@ -24931,11 +25097,11 @@ ldap_secret!$ldap_secret$ac_delim nsswitch_conf!$nsswitch_conf$ac_delim netsvc_conf!$netsvc_conf$ac_delim secure_path!$secure_path$ac_delim -EGREPPROG!$EGREPPROG$ac_delim CC!$CC$ac_delim ac_ct_CC!$ac_ct_CC$ac_delim EXEEXT!$EXEEXT$ac_delim OBJEXT!$OBJEXT$ac_delim +EGREPPROG!$EGREPPROG$ac_delim CPP!$CPP$ac_delim build!$build$ac_delim build_cpu!$build_cpu$ac_delim @@ -25594,3 +25760,5 @@ fi + + diff --git a/usr.bin/sudo/configure.in b/usr.bin/sudo/configure.in index 0c08180d552..2790530e2d6 100644 --- a/usr.bin/sudo/configure.in +++ b/usr.bin/sudo/configure.in @@ -3,7 +3,7 @@ dnl Process this file with GNU autoconf to produce a configure script. dnl dnl Copyright (c) 1994-1996,1998-2010 Todd C. Miller <Todd.Miller@courtesan.com> dnl -AC_INIT([sudo], [1.7.2p6], [http://www.sudo.ws/bugs/], [sudo]) +AC_INIT([sudo], [1.7.2p7], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER(config.h pathnames.h) dnl dnl This won't work before AC_INIT @@ -13,6 +13,7 @@ dnl dnl Variables that get substituted in the Makefile and man pages dnl AC_SUBST(HAVE_BSM_AUDIT) +AC_SUBST(SHELL) AC_SUBST(LIBTOOL) AC_SUBST(CFLAGS) AC_SUBST(PROGS) @@ -1044,7 +1045,7 @@ AC_ARG_WITH(libvas, [AS_HELP_STRING([--with-libvas=NAME], [Name of the libvas sh yes) with_libvas=libvas.so ;; no) ;; - *) AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_with_libvas"], [The name of libvas.so]) + *) AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_libvas"], [The name of libvas.so]) ;; esac if test X"$with_libvas" != X"no"; then @@ -1056,6 +1057,10 @@ if test X"$with_libvas" != X"no"; then [Path to look for libvas in [default=/opt/quest/lib]])], [LIBVAS_RPATH=$withval], [LIBVAS_RPATH=/opt/quest/lib]) + dnl + dnl Some platforms require libdl for dlopen() + dnl + AC_CHECK_LIB([dl], [main]) fi ]) @@ -1976,10 +1981,15 @@ dnl and we do the actual tests here. dnl if test ${with_pam-"no"} != "no"; then dnl - dnl Linux may need this + dnl Some platforms need libdl for dlopen dnl - AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"]) - ac_cv_lib_dl=ac_cv_lib_dl_main + case "$LIBS" in + *-ldl*) SUDO_LIBS="${SUDO_LIBS} -lpam" + ;; + *) AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"]) + ac_cv_lib_dl=ac_cv_lib_dl_main + ;; + esac dnl dnl Some PAM implementations (MacOS X for example) put the PAM headers @@ -2524,7 +2534,12 @@ if test X"$LIBVAS_RPATH" != X""; then if test -n "$blibpath"; then blibpath_add="${blibpath_add}:$LIBVAS_RPATH" else - LDFLAGS="$LDFLAGS -R$LIBVAS_RPATH" + case "$host" in + *-*-hpux*) LDFLAGS="$LDFLAGS -Wl,+b,$LIBVAS_RPATH" + ;; + *) LDFLAGS="$LDFLAGS -Wl,-R$LIBVAS_RPATH" + ;; + esac fi fi @@ -2636,6 +2651,7 @@ AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "clas AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.]) AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.]) AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.]) +AH_TEMPLATE(ENV_DEBUG, [Whether to enable environment debugging.]) AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.]) AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".]) AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.]) diff --git a/usr.bin/sudo/env.c b/usr.bin/sudo/env.c index 88e6553ea66..f6dd8f4b695 100644 --- a/usr.bin/sudo/env.c +++ b/usr.bin/sudo/env.c @@ -317,7 +317,7 @@ int unsetenv(var) const char *var; { - char **ep; + char **ep = env.envp; size_t len; if (strchr(var, '=') != NULL) { @@ -355,13 +355,15 @@ unsetenv(var) } len = strlen(var); - for (ep = env.envp; *ep; ep++) { + while (*ep != NULL) { if (strncmp(var, *ep, len) == 0 && (*ep)[len] == '=') { /* Found it; shift remainder + NULL over by one and update len. */ memmove(ep, ep + 1, (env.env_len - (ep - env.envp)) * sizeof(char *)); env.env_len--; - break; + /* Keep going, could be multiple instances of the var. */ + } else { + ep++; } } #ifndef UNSETENV_VOID @@ -429,6 +431,7 @@ sudo_putenv(str, dupcheck, overwrite) { char **ep; size_t len; + int found = FALSE; /* Make sure there is room for the new entry plus a NULL. */ if (env.env_len + 2 > env.env_size) { @@ -447,20 +450,34 @@ sudo_putenv(str, dupcheck, overwrite) #endif if (dupcheck) { - len = (strchr(str, '=') - str) + 1; - for (ep = env.envp; *ep; ep++) { + len = (strchr(str, '=') - str) + 1; + for (ep = env.envp; !found && *ep != NULL; ep++) { + if (strncmp(str, *ep, len) == 0) { + if (overwrite) + *ep = str; + found = TRUE; + } + } + /* Prune out duplicate variables. */ + if (found && overwrite) { + while (*ep != NULL) { if (strncmp(str, *ep, len) == 0) { - if (overwrite) - *ep = str; - return; + memmove(ep, ep + 1, + (env.env_len - (ep - env.envp)) * sizeof(char *)); + env.env_len--; + } else { + ep++; } } - } else - ep = env.envp + env.env_len; + } + } - env.env_len++; - *ep++ = str; - *ep = NULL; + if (!found) { + ep = env.envp + env.env_len; + env.env_len++; + *ep++ = str; + *ep = NULL; + } } /* diff --git a/usr.bin/sudo/sudoers.pod b/usr.bin/sudo/sudoers.pod index 4cf77aaea52..4c1f1428f9b 100644 --- a/usr.bin/sudo/sudoers.pod +++ b/usr.bin/sudo/sudoers.pod @@ -994,13 +994,6 @@ two consecutive C<%> characters are collapsed into a single C<%> character The default value is C<@passprompt@>. -=item role - -The default SELinux role to use when constructing a new security -context to run the command. The default role may be overridden on -a per-command basis in I<sudoers> or via command line options. -This option is only available whe B<sudo> is built with SELinux support. - =item runas_default The default user to run commands as if the B<-u> option is not specified @@ -1034,13 +1027,6 @@ The default is F<@timedir@>. The owner of the timestamp directory and the timestamps stored therein. The default is C<root>. -=item type - -The default SELinux type to use when constructing a new security -context to run the command. The default type may be overridden on -a per-command basis in I<sudoers> or via command line options. -This option is only available whe B<sudo> is built with SELinux support. - =back B<Strings that can be used in a boolean context>: diff --git a/usr.bin/sudo/vasgroups.c b/usr.bin/sudo/vasgroups.c index 33a333d7728..906a66904e0 100644 --- a/usr.bin/sudo/vasgroups.c +++ b/usr.bin/sudo/vasgroups.c @@ -43,8 +43,8 @@ #include "compat.h" #include "logging.h" #include "nonunix.h" -#include "parse.h" #include "sudo.h" +#include "parse.h" /* Pseudo-boolean types */ @@ -153,8 +153,8 @@ sudo_nonunix_groupcheck( const char* group, const char* user, const struct passw FINISHED: /* cleanups */ - if (vaserr != VAS_ERR_SUCCESS) { - int error_flags = NO_MAIL | MSG_ONLY | (uses_inversion ? 0 : NO_EXIT); + if (vaserr != VAS_ERR_SUCCESS && vaserr != VAS_ERR_NOT_FOUND ) { + int error_flags = NO_MAIL | MSG_ONLY | NO_EXIT; log_error(error_flags, "Error while checking group membership " "for user \"%s\", group \"%s\", error: %s%s.", user, group, diff --git a/usr.bin/sudo/visudo.c b/usr.bin/sudo/visudo.c index ae2028aec60..c6a0838bf7f 100644 --- a/usr.bin/sudo/visudo.c +++ b/usr.bin/sudo/visudo.c @@ -111,7 +111,8 @@ static int install_sudoers __P((struct sudoersfile *, int)); static int print_unused __P((void *, void *)); static int reparse_sudoers __P((char *, char *, int, int)); static int run_command __P((char *, char **)); -static void print_undefined __P((char *name, int, int, int)); +static void print_selfref __P((char *, int, int, int)); +static void print_undefined __P((char *, int, int, int)); static void setup_signals __P((void)); static void usage __P((void)) __attribute__((__noreturn__)); @@ -427,14 +428,17 @@ reparse_sudoers(editor, args, strict, quiet) /* Parse the sudoers temp file */ yyrestart(fp); - if (yyparse() && parse_error != TRUE) { + if (yyparse() && !parse_error) { warningx("unabled to parse temporary file (%s), unknown error", sp->tpath); parse_error = TRUE; + errorfile = sp->path; } fclose(yyin); - if (check_aliases(strict, quiet) != 0) + if (!parse_error && check_aliases(strict, quiet) != 0) { parse_error = TRUE; + errorfile = sp->path; + } /* * Got an error, prompt the user for what to do now @@ -698,22 +702,27 @@ check_syntax(sudoers_path, quiet, strict) exit(1); } init_parser(sudoers_path, quiet); - if (yyparse() && parse_error != TRUE) { + if (yyparse() && !parse_error) { if (!quiet) warningx("failed to parse %s file, unknown error", sudoers_path); parse_error = TRUE; + errorfile = sudoers_path; } - if (!parse_error) { - if (check_aliases(strict, quiet) != 0) - parse_error = TRUE; + if (!parse_error && check_aliases(strict, quiet) != 0) { + parse_error = TRUE; + errorfile = sudoers_path; } error = parse_error; if (!quiet) { - if (parse_error) - (void) printf("parse error in %s near line %d\n", errorfile, - errorlineno); - else + if (parse_error) { + if (errorlineno != -1) + (void) printf("parse error in %s near line %d\n", errorfile, + errorlineno); + else + (void) printf("parse error in %s\n", errorfile); + } else { (void) printf("%s: parsed OK\n", sudoers_path); + } } /* Check mode and owner in strict mode. */ #ifdef HAVE_FSTAT @@ -945,18 +954,27 @@ get_hostname() } } -static void -alias_remove_recursive(name, type) +static int +alias_remove_recursive(name, type, strict, quiet) char *name; int type; + int strict; + int quiet; { struct member *m; struct alias *a; + int error = 0; if ((a = alias_find(name, type)) != NULL) { tq_foreach_fwd(&a->members, m) { if (m->type == ALIAS) { - alias_remove_recursive(m->name, type); + if (strcmp(name, m->name) == 0) { + print_selfref(m->name, type, strict, quiet); + error = 1; + } else { + if (!alias_remove_recursive(m->name, type, strict, quiet)) + error = 1; + } } } } @@ -964,6 +982,7 @@ alias_remove_recursive(name, type) a = alias_remove(name, type); if (a) rbinsert(alias_freelist, a); + return(error); } /* @@ -1030,21 +1049,28 @@ check_aliases(strict, quiet) tq_foreach_fwd(&userspecs, us) { tq_foreach_fwd(&us->users, m) { if (m->type == ALIAS) { - (void) alias_remove_recursive(m->name, USERALIAS); + if (!alias_remove_recursive(m->name, USERALIAS, strict, quiet)) + error++; } } tq_foreach_fwd(&us->privileges, priv) { tq_foreach_fwd(&priv->hostlist, m) { if (m->type == ALIAS) - (void) alias_remove_recursive(m->name, HOSTALIAS); + if (!alias_remove_recursive(m->name, HOSTALIAS, strict, + quiet)) + error++; } tq_foreach_fwd(&priv->cmndlist, cs) { tq_foreach_fwd(&cs->runasuserlist, m) { if (m->type == ALIAS) - (void) alias_remove_recursive(m->name, RUNASALIAS); + if (!alias_remove_recursive(m->name, RUNASALIAS, + strict, quiet)) + error++; } if ((m = cs->cmnd)->type == ALIAS) - (void) alias_remove_recursive(m->name, CMNDALIAS); + if (!alias_remove_recursive(m->name, CMNDALIAS, strict, + quiet)) + error++; } } } @@ -1068,19 +1094,18 @@ check_aliases(strict, quiet) tq_foreach_fwd(&d->binding, binding) { for (m = binding; m != NULL; m = m->next) { if (m->type == ALIAS) - (void) alias_remove_recursive(m->name, atype); + if (!alias_remove_recursive(m->name, atype, strict, quiet)) + error++; } } } rbdestroy(alias_freelist, alias_free); /* If all aliases were referenced we will have an empty tree. */ - if (no_aliases()) - return(0); - if (!quiet) { + if (!no_aliases() && !quiet) alias_apply(print_unused, strict ? "Error" : "Warning"); - } - return (strict ? 1 : 0); + + return (strict ? error : 0); } static void @@ -1099,6 +1124,22 @@ print_undefined(name, type, strict, quiet) } } +static void +print_selfref(name, type, strict, quiet) + char *name; + int type; + int strict; + int quiet; +{ + if (!quiet) { + warningx("%s: %s_Alias `%s' references self", + strict ? "Error" : "Warning", + type == HOSTALIAS ? "Host" : type == CMNDALIAS ? "Cmnd" : + type == USERALIAS ? "User" : type == RUNASALIAS ? "Runas" : + "Unknown", name); + } +} + static int print_unused(v1, v2) void *v1; |