diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 2003-04-01 15:47:52 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 2003-04-01 15:47:52 +0000 |
commit | 0f0320977668a926234f5cc958ed172f06a079cc (patch) | |
tree | 7366c9cfc43f81af9d30981b724c526a1e33cc38 | |
parent | b23d0a6ace6e60935c0cec247e465c2e4bbd0527 (diff) |
Update to sudo 1.6.7p1; fixes false positives in the oflow detection
of expand_prompt() introduced in sudo 1.6.7.
-rw-r--r-- | usr.bin/sudo/CHANGES | 26 | ||||
-rw-r--r-- | usr.bin/sudo/INSTALL | 55 | ||||
-rw-r--r-- | usr.bin/sudo/Makefile.in | 2 | ||||
-rw-r--r-- | usr.bin/sudo/RUNSON | 29 | ||||
-rw-r--r-- | usr.bin/sudo/TODO | 62 | ||||
-rw-r--r-- | usr.bin/sudo/aclocal.m4 | 14 | ||||
-rw-r--r-- | usr.bin/sudo/auth/kerb4.c | 4 | ||||
-rw-r--r-- | usr.bin/sudo/check.c | 19 | ||||
-rw-r--r-- | usr.bin/sudo/configure | 1454 | ||||
-rw-r--r-- | usr.bin/sudo/configure.in | 445 | ||||
-rw-r--r-- | usr.bin/sudo/sudo.c | 4 | ||||
-rw-r--r-- | usr.bin/sudo/testsudoers.c | 4 | ||||
-rw-r--r-- | usr.bin/sudo/version.h | 2 |
13 files changed, 1695 insertions, 425 deletions
diff --git a/usr.bin/sudo/CHANGES b/usr.bin/sudo/CHANGES index 77449fe35c7..cb2257009f8 100644 --- a/usr.bin/sudo/CHANGES +++ b/usr.bin/sudo/CHANGES @@ -1530,7 +1530,7 @@ Sudo 1.6.5p2 released. Sudo 1.6.6 released. -478) Wildcards now work correctly in the env_keep Defaults directive> +478) Wildcards now work correctly in the env_keep Defaults directive. 479) Added support for non-root timestamp dirs. This allows the timestamp dir to be shared via NFS (though this is not recommended). @@ -1574,7 +1574,8 @@ Sudo 1.6.6 released. 494) Sudo is now careful to avoid interger overflow when allocating memory. This is one of those "should not happen" situations. -495) A new option, --with-stow can be used to package sudo with GNU stow. +495) Added a configure option (--with-stow) to make sudo compatible + with GNU stow. 496) auth/kerb5.c now compiles under Heimdal. @@ -1582,4 +1583,25 @@ Sudo 1.6.6 released. from optimizing away memory zeroing. Unfortunately, this results in some warnings from gcc. +498) Better Kerberos IV/V support in the configure script. + +499) Fixed a logic thinko in the SIGCHLD handler that caused problems + with rlogin on HP-UX. + +500) configure now adds -R to LDFLAGS when it adds -L for Solaris and + SVR4. There is a configure option, --with-rpath, to control this. + +501) On AIX, configure will pass extra directory paths to the linker + via the -blibpath ld option. This is only active when additional + library paths are used. It may be disabled via the + --without-blibpath configure option. + +502) The --with-skey and --with-opie configure options now take + an optional directory argument that should have an include and + lib dir for the skey/opie include file and library respectively. + Sudo 1.6.7 released. + +503) Fixed false positives in the overflow detection of expand_prompt(). + +Sudo 1.6.7p1 released. diff --git a/usr.bin/sudo/INSTALL b/usr.bin/sudo/INSTALL index 6834462e0d8..bac66a5084a 100644 --- a/usr.bin/sudo/INSTALL +++ b/usr.bin/sudo/INSTALL @@ -116,10 +116,22 @@ Special features/options: Eg: --with-incpath="/usr/local/include /opt/include" --with-libpath=DIR - Adds the specified directory (or directories_ to SUDO_LDFLAGS - and VISUDO_LDFLAGS so configure and the compiler will look - there for libraries. Multiple directories may be specified - as with --with-incpath. + Adds the specified directory (or directories) to LDFLAGS + so configure and the compiler will look there for libraries. + Multiple directories may be specified as with --with-incpath. + + --with-rpath + Tells configure to use -Rpath in addition to -Lpath when + passing library paths to the loader. This option is on + by default for Solaris and SVR4. + + --with-blibpath[=PATH] + Tells configure to construct a -blibpath argument to the + loader. If a PATH is specified, it will be used as the + base. Otherwise, "/usr/lib:/lib:/usr/local/lib" will be + used for gcc and "/usr/lib:/lib" for non-gcc. Additional + library paths will be appended as needed by configure. + This option is only valid for AIX where it is on by default. --with-libraries=LIBRARY Adds the specified library (or libaries) to SUDO_LIBS and @@ -131,11 +143,15 @@ Special features/options: --with-csops Add CSOps standard options. You probably aren't interested in this. - --with-skey - Enable S/Key OTP (One Time Password) support. + --with-skey[=DIR] + Enable S/Key OTP (One Time Password) support. If specified, + DIR should contain include and lib directories with skey.h + and libskey.a respectively. - --with-opie - Enable NRL OPIE OTP (One Time Password) support. + --with-opie[=DIR] + Enable NRL OPIE OTP (One Time Password) support. If specified, + DIR should contain include and lib directories with opie.h + and libopie.a respectively. --with-SecurID[=DIR] Enable SecurID support. If specified, DIR is directory containing @@ -146,17 +162,18 @@ Special features/options: DIR is the base directory containing the compiled FWTK package (or at least the library and header files). - --with-kerb4 - Enable Kerberos IV support. Tested only with the Cygnus Network - Security package (CNS). This uses Kerberos passphrases for - authentication but does not use the Kerberos cookie scheme. - - --with-kerb5 - Enable Kerberos V support. Tested against MIT Kerberos V, - release 1.1, although also expected to work against CNS. This - This uses Kerberos passphrases for authentication but does not - use the Kerberos cookie scheme. Will not work for Kerberos V - older than version 1.1. + --with-kerb4[=DIR] + Enable Kerberos IV support. If specified, DIR is the base + directory containing the Kerberos IV include and lib dirs. + This uses Kerberos passphrases for authentication but does + not use the Kerberos cookie scheme. + + --with-kerb5[=DIR] + Enable Kerberos V support. If specified, DIR is the base + directory containing the Kerberos V include and lib dirs. + This This uses Kerberos passphrases for authentication but + does not use the Kerberos cookie scheme. Will not work for + Kerberos V older than version 1.1. --with-authenticate Enable support for the AIX 4.x general authentication function. diff --git a/usr.bin/sudo/Makefile.in b/usr.bin/sudo/Makefile.in index 3eea84b89dc..3ac76699489 100644 --- a/usr.bin/sudo/Makefile.in +++ b/usr.bin/sudo/Makefile.in @@ -139,7 +139,7 @@ TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS) LIBOBJS = @LIBOBJS@ @ALLOCA@ -VERSION = 1.6.7 +VERSION = 1.6.7p1 DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \ LICENSE Makefile.in PORTING README RUNSON TODO TROUBLESHOOTING \ diff --git a/usr.bin/sudo/RUNSON b/usr.bin/sudo/RUNSON index 5747fc228c7..648653dc489 100644 --- a/usr.bin/sudo/RUNSON +++ b/usr.bin/sudo/RUNSON @@ -1,6 +1,9 @@ -Systems that Sudo is known to run on. -Just because a specific version of your OS is not listed with -the current version of sudo does not mean it won't work... +Systems that Sudo has been reported to run on. + +Just because a specific version of your OS is not listed with the +current version of Sudo does not mean it won't work. If an older +version of Sudo ran on your OS, chances are that the latest version +does as well. Op. System CPU Compilers Sudo Reported Special Name Rev Arch Used Version By Options @@ -26,8 +29,8 @@ Solaris 7 sparc SC4.2 1.6.6 Todd Miller none Solaris 7 sun4u Workshop 6.2 1.6.3p7 Donna Dickerson none Solaris 7 sparc gcc2.95.2 1.6.6 Todd Miller --with-skey Solaris 2.6 sun4u egcs 1.1.2 1.5.9p4 Scott Kinnane none -Solaris 8 sparc gcc2.95.2 1.6.6 Todd Miller --with-skey -Solaris 8 sparc SC4.2 1.6.6 Todd Miller none +Solaris 8 sparc gcc2.95.2 1.6.7 Todd Miller --with-skey +Solaris 8 sparc SC4.2 1.6.7 Todd Miller none Solaris 8 sun4u Workshop 6.2 1.6.3p7 Donna Dickerson none Solaris 8 sun4u gcc2.95.3 1.6.6 Banu Yobas none ISC 4.0 i386 bundled cc 1.4 Andy Smith none @@ -41,9 +44,9 @@ HP-UX 9.05 hp700 gcc2.7.2.1 1.5.3 Todd Miller none HP-UX 9.05 hp700 gcc2.7.2.1 1.5.3 Todd Miller --with-kerb4 HP-UX 9.07 hp700 unbundled cc 1.5 Alek Komarnitsky --with-C2 HP-UX 9.05 hp700 unbundled cc 1.4 Todd Miller none -HP-UX 10.10 hp700 unbundled cc 1.6.6 Todd Miller --with-skey -HP-UX 10.20 hp700 gcc2.9.5.2 1.6.6 Todd Miller --with-skey -HP-UX 10.20 hp700 bundled cc 1.6.6 Todd Miller none +HP-UX 10.10 hp700 unbundled cc 1.6.7 Todd Miller --with-skey +HP-UX 10.20 hp700 gcc2.9.5.2 1.6.7 Todd Miller --with-skey +HP-UX 10.20 hp700 bundled cc 1.6.7 Todd Miller none HP-UX 10.20 hp700 gcc 2.95.2 1.6.2 Jeff Earickson --with-DCE HP-UX 11.00 hp700 ansi-c 1.5.5b1 Alek Komarnitsky --with-C2 HP-UX 11.00 hp700 bundled cc 1.6.7 Todd Miller none @@ -80,11 +83,11 @@ NEXTSTEP 3.2 i386 bundled cc 1.3.2 Jonathan Adams none NEXTSTEP 3.3 i386 bundled cc 1.4 Jonathan Adams none NEXTSTEP 3.3 sparc bundled cc 1.5.3 Mike Kienenberger none DEC UNIX 3.2c alpha bundled cc 1.5.3 Todd Miller none -DEC UNIX 4.0D alpha bundled cc 1.6.6 Todd Miller --with-skey +DEC UNIX 4.0D alpha bundled cc 1.6.7 Todd Miller --with-skey DEC UNIX 4.0 alpha gcc-2.7.2.1 1.5.3 Todd Miller --with-kerb4 DEC UNIX 4.0D alpha bundled cc 1.5.3 Randall R. Cable --with-C2 DEC UNIX 4.0E alpha bundled cc 1.5.9p2 Vangelis Haniotakis none -Tru64 5.1 alpha bundled cc 1.6.6 Todd Miller none +Tru64 5.1 alpha bundled cc 1.6.7 Todd Miller none AIX 3.2.X rs6000 bundled cc 1.4 Todd Miller none AIX 4.1.3 PowerPC gcc-2.7.0 1.4 Bob Shair none AIX 4.1.4 rs6000 gcc-2.8.1 1.6.2p2 Todd Miller none @@ -101,8 +104,8 @@ AIX 5.1 PowerPC gcc-3.2.1 1.6.6 Neil MacGregor none ConvexOS 9.1 convex bundled cc 1.3.6 Todd Miller none ConvexOS 9.1 convex gcc2.4.5 1.3.6 Todd Miller none BSD/OS 4.1 i386 cc 1.6.3 Todd Miller --with-skey -OpenBSD 2.X all gcc-2.95.2 1.6.6 Todd Miller none -OpenBSD 3.0 all gcc-2.95.3 1.6.6 Todd Miller none +OpenBSD 3.X all gcc-2.95.3 1.6.7 Todd Miller none +OpenBSD 3.X all gcc-2.95.3 1.6.7 Todd Miller --with-bsdauth FreeBSD 1.1 i386 gcc 1.3.2 Dworkin Muller none FreeBSD 2.0.5 i386 gcc 1.3.4 Dworkin Muller none FreeBSD 3.2 i386 gcc 2.7.2.1 1.6 Brian Jackson none @@ -150,7 +153,7 @@ Dynix/ptx 4.4.6 Sequent bundled cc 1.6 Larry Mascarenhase none Dynix/ptx 4.4.7 Sequent bundled cc 1.6.2p1 Dana Kaempen --with-CC=cc DC-OSx 1.1-9x mips PyrC 4.0A20 1.5.6p2 Brian Jackson none HI-UX/MPP 02-03 sr2201 bundled cc 1.5.4 Ben Edgington none -SVR4 4.4 m88k bundled gcc 1.6rc1 Gerry Belanger CFLAGS= +SVR4 4.4 m88k bundled gcc 1.6.7 Gerry Belanger none NonStop-UX B32 CO-1475 cc 1.5.9p3 Andrei Panfilenko none MacOS X ppc bundled cc 1.6.3p7 Gary Danko none diff --git a/usr.bin/sudo/TODO b/usr.bin/sudo/TODO index c72e3abea3d..857edc9313a 100644 --- a/usr.bin/sudo/TODO +++ b/usr.bin/sudo/TODO @@ -41,88 +41,86 @@ TODO list (most will be addressed in sudo 2.0) 15) Add test for how to read ether interfaces in configure script -16) Add configure check for $(CC) -R and use it in addition to -L - -17) An option to make "sudo -s" use the target user's shell might be nice +16) An option to make "sudo -s" use the target user's shell might be nice (and more like su). Overlaps with the upcoming -i option. -18) Add configure option to enable old behavior of visudo (O_EXCL)? +17) Add configure option to enable old behavior of visudo (O_EXCL)? --without-sudoers-lock? -19) Profile sudo again (is the yacc grammar optimal?) +18) Profile sudo again (is the yacc grammar optimal?) -20) Zero out encrypted passwords after use. Use an Exit function or +19) Zero out encrypted passwords after use. Use an Exit function or some such (have to hook in to emalloc() and friends). Hard (impossible?) to be thorough w/ atexit/on_exit. -21) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified +20) Make 'sudo -l user' if run as root do a "sudo -l" output for the specified user. -22) Use strtol() and strtoul(), not atoi() +21) Use strtol() and strtoul(), not atoi() -24) Look into %e, %p, %k in parse.lex +23) Look into %e, %p, %k in parse.lex -24) Make syslog stuff work on vanilla ultrix +23) Make syslog stuff work on vanilla ultrix -25) Implement date_format and log_format options. +24) Implement date_format and log_format options. -26) Add support for: Default:user@host +25) Add support for: Default:user@host -27) Do login-style -sh hack for sudo -s? (new option or do it always?) +26) Do login-style -sh hack for sudo -s? (new option or do it always?) -28) Make visudo rcs-aware +27) Make visudo rcs-aware -29) Add support for parsing multiple sudoers files. Basically make +28) Add support for parsing multiple sudoers files. Basically make _PATH_SUDOERS be a colon-separated list of pathname like EDITOR. Requires _PATH_SUDOERS_TMP chages (perhaps "%s.tmp"). -30) Add -i (simulate initial login) option as per 946 +sudo +29) Add -i (simulate initial login) option as per 946 +sudo (requires two-pass parser). Also add "default_path" Defaults option to go with it. (See MINUS_I.patch) -31) Some people want to be able to specify a special password in sudoers +30) Some people want to be able to specify a special password in sudoers in addition or instead of the normal one. The best argument for this so far is to be able to use separate passwords for the target users that are not the passwd file ones. -32) Add support for trusted users. E.g. allow user to run a certain +31) Add support for trusted users. E.g. allow user to run a certain command regardless of what dir it is in if it is owned by the trusted user. -33) Add mechanism to choose logfile based on RunasUser +32) Add mechanism to choose logfile based on RunasUser -34) Split the parser into two stages. The first parse checks for +33) Split the parser into two stages. The first parse checks for syntax and sets the Defaults options and sets up the data structures to check a user. The second stage does the actual user check. -35) Add a flag similar to '-l' but that spits out sudo commands in +34) Add a flag similar to '-l' but that spits out sudo commands in a format suitable for cut & paste (requires parser overhaul first). -36) Someone wants a recursive version of the dir specifier. Ie: +35) Someone wants a recursive version of the dir specifier. Ie: SOME_MODIFIER:/usr/local/ to allow anything under /usr/local to be run. -37) An option to set the shell to the target user would make sense. +36) An option to set the shell to the target user would make sense. See other target user-related issues above. -38) Add an option (-D) to dump the defaults after the sudoers file +37) Add an option (-D) to dump the defaults after the sudoers file has been parsed. Should only be available to root and should allow a -u user modifier. -39) For sudo 1.7 wipe out the environment by default. +38) For sudo 1.7 wipe out the environment by default. -40) Allow /etc/sudoers to be a symlink but require the parent dir to +39) Allow /etc/sudoers to be a symlink but require the parent dir to be root-owned and not writable by anything else. Should really traverse the tree to the root doing this. -41) Improve interfaces.c STREAMS code (see ntpd's ntp_io.c for hints) +40) Improve interfaces.c STREAMS code (see ntpd's ntp_io.c for hints) -42) Wildcard support for user and group names? (netgroup too?) +41) Wildcard support for user and group names? (netgroup too?) -43) If root_sudo is off, still allow sudo -u to non-root users? +42) If root_sudo is off, still allow sudo -u to non-root users? -44) Add configure option to id user based on euid not ruid? +43) Add configure option to id user based on euid not ruid? -45) Split $EDITOR/$VISUAL in visudo into an argument vector based on whitespace +44) Split $EDITOR/$VISUAL in visudo into an argument vector based on whitespace -46) Make Kerberos paths and libs situation as sane as possible +45) Use proper links in .pod files diff --git a/usr.bin/sudo/aclocal.m4 b/usr.bin/sudo/aclocal.m4 index 38e1fb93173..a6363b6aad2 100644 --- a/usr.bin/sudo/aclocal.m4 +++ b/usr.bin/sudo/aclocal.m4 @@ -329,6 +329,20 @@ AC_TRY_LINK(, [long long foo = 1000; foo /= 10;], AC_DEFINE(HAVE_LONG_LONG, 1, [ AC_MSG_RESULT(yes), AC_MSG_RESULT(no))]) dnl +dnl append a libpath to an LDFLAGS style variable +dnl +AC_DEFUN(SUDO_APPEND_LIBPATH, [ + if test X"$with_rpath" = X"yes"; then + $1="${$1} -L$2 -R$2" + else + $1="${$1} -L$2" + fi + if test X"$blibpath" != X"" -a "$1" = "SUDO_LDFLAGS"; then + blibpath_add="${blibpath_add}:$2" + fi +]) + +dnl dnl private versions of AC_DEFINE and AC_DEFINE_UNQUOTED that don't support dnl tracing that we use to define paths for pathnames.h so autoheader doesn't dnl put them in config.h.in. An awful hack. diff --git a/usr.bin/sudo/auth/kerb4.c b/usr.bin/sudo/auth/kerb4.c index 94228a5f0a7..2217708ddbd 100644 --- a/usr.bin/sudo/auth/kerb4.c +++ b/usr.bin/sudo/auth/kerb4.c @@ -62,7 +62,7 @@ #include "sudo_auth.h" #ifndef lint -static const char rcsid[] = "$Sudo: kerb4.c,v 1.8 2003/03/16 02:18:57 millert Exp $"; +static const char rcsid[] = "$Sudo: kerb4.c,v 1.9 2003/03/20 04:49:58 millert Exp $"; #endif /* lint */ int @@ -101,7 +101,7 @@ kerb4_verify(pw, pass, auth) * Set the ticket file to be in sudo sudo timedir so we don't * wipe out other (real) kerberos tickets. */ - (void) snprintf(tkfile, sizoef(tkfile), "%s/tkt%lu", + (void) snprintf(tkfile, sizeof(tkfile), "%s/tkt%lu", _PATH_SUDO_TIMEDIR, (unsigned long) pw->pw_uid); (void) krb_set_tkt_string(tkfile); diff --git a/usr.bin/sudo/check.c b/usr.bin/sudo/check.c index fb3f182d49e..53a2360684b 100644 --- a/usr.bin/sudo/check.c +++ b/usr.bin/sudo/check.c @@ -67,7 +67,7 @@ #include "sudo.h" #ifndef lint -static const char rcsid[] = "$Sudo: check.c,v 1.210 2003/03/15 20:31:01 millert Exp $"; +static const char rcsid[] = "$Sudo: check.c,v 1.211 2003/04/01 14:58:55 millert Exp $"; #endif /* lint */ /* Status codes for timestamp_status() */ @@ -216,32 +216,35 @@ expand_prompt(old_prompt, user, host) if (subst) { new_prompt = (char *) emalloc(++len); - *new_prompt = '\0'; - endp = new_prompt + len - 1; + endp = new_prompt + len; for (p = old_prompt, np = new_prompt; *p; p++) { if (p[0] =='%') { switch (p[1]) { case 'h': p++; - if ((n = strlcat(new_prompt, user_shost, len)) >= len) + n = strlcpy(np, user_shost, np - endp); + if (n >= np - endp) goto oflow; np += n; continue; case 'H': p++; - if ((n = strlcat(new_prompt, user_host, len)) >= len) + n = strlcpy(np, user_host, np - endp); + if (n >= np - endp) goto oflow; np += n; continue; case 'u': p++; - if ((n = strlcat(new_prompt, user_name, len)) >= len) + n = strlcpy(np, user_name, np - endp); + if (n >= np - endp) goto oflow; np += n; continue; case 'U': p++; - if ((n = strlcat(new_prompt, *user_runas, len)) >= len) + n = strlcpy(np, *user_runas, np - endp); + if (n >= np - endp) goto oflow; np += n; continue; @@ -254,9 +257,9 @@ expand_prompt(old_prompt, user, host) break; } } + *np++ = *p; if (np >= endp) goto oflow; - *np++ = *p; } *np = '\0'; } else diff --git a/usr.bin/sudo/configure b/usr.bin/sudo/configure index c73456469a4..d165e2929b4 100644 --- a/usr.bin/sudo/configure +++ b/usr.bin/sudo/configure @@ -865,6 +865,8 @@ Optional Packages: --with-otp-only deprecated --with-alertmail deprecated --with-CC C compiler to use + --with-rpath pass -R flag in addition to -L for lib paths + --with-blibpath=PATH pass -blibpath flag to ld for additional lib paths --with-incpath additional places to look for include files --with-libpath additional places to look for libraries --with-libraries additional libraries to link with @@ -872,13 +874,13 @@ Optional Packages: --with-efence link with -lefence for malloc() debugging --with-csops add CSOps standard options --without-passwd don't use passwd/shadow file for authentication - --with-skey enable S/Key support - --with-opie enable OPIE support + --with-skey=DIR enable S/Key support + --with-opie=DIR enable OPIE support --with-long-otp-prompt use a two line OTP (skey/opie) prompt - --with-SecurID enable SecurID support - --with-fwtk enable FWTK AuthSRV support - --with-kerb4 enable kerberos v4 support - --with-kerb5 enable kerberos v5 support + --with-SecurID[=DIR] enable SecurID support + --with-fwtk[=DIR] enable FWTK AuthSRV support + --with-kerb4[=DIR] enable Kerberos IV support + --with-kerb5[=DIR] enable Kerberos V support --with-authenticate enable AIX general authentication support --with-pam enable PAM support --with-AFS enable AFS support @@ -1355,7 +1357,8 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_config_headers="$ac_config_headers config.h pathnames.h" -echo "Configuring Sudo version 1.6.7" +{ echo "$as_me:$LINENO: Configuring Sudo version 1.6.7" >&5 +echo "$as_me: Configuring Sudo version 1.6.7" >&6;} @@ -1434,8 +1437,8 @@ cat >>confdefs.h <<\_ACEOF #define WITHOUT_PASSWD 1 _ACEOF - { echo "$as_me:$LINENO: WARNING: --with-otp-only option deprecated, treating as --without-passwd" >&5 -echo "$as_me: WARNING: --with-otp-only option deprecated, treating as --without-passwd" >&2;} + { echo "$as_me:$LINENO: --with-otp-only option deprecated, treating as --without-passwd" >&5 +echo "$as_me: --with-otp-only option deprecated, treating as --without-passwd" >&6;} ;; esac fi; @@ -1446,8 +1449,8 @@ if test "${with_alertmail+set}" = set; then withval="$with_alertmail" case $with_alertmail in *) with_mailto="$with_alertmail" - { echo "$as_me:$LINENO: WARNING: --with-alertmail option deprecated, treating as --mailto" >&5 -echo "$as_me: WARNING: --with-alertmail option deprecated, treating as --mailto" >&2;} + { echo "$as_me:$LINENO: --with-alertmail option deprecated, treating as --mailto" >&5 +echo "$as_me: --with-alertmail option deprecated, treating as --mailto" >&6;} ;; esac fi; @@ -1472,6 +1475,33 @@ esac fi; +# Check whether --with-rpath or --without-rpath was given. +if test "${with_rpath+set}" = set; then + withval="$with_rpath" + case $with_rpath in + yes) ;; + no) ;; + *) { { echo "$as_me:$LINENO: error: \"--with-rpath does not take an argument.\"" >&5 +echo "$as_me: error: \"--with-rpath does not take an argument.\"" >&2;} + { (exit 1); exit 1; }; } + ;; +esac +fi; + + +# Check whether --with-blibpath or --without-blibpath was given. +if test "${with_blibpath+set}" = set; then + withval="$with_blibpath" + case $with_blibpath in + yes) ;; + no) ;; + *) { echo "$as_me:$LINENO: will pass -blibpath:${with_blibpath} to the loader." >&5 +echo "$as_me: will pass -blibpath:${with_blibpath} to the loader." >&6;} + ;; +esac +fi; + + # Check whether --with-incpath or --without-incpath was given. if test "${with_incpath+set}" = set; then withval="$with_incpath" @@ -1484,7 +1514,8 @@ echo "$as_me: error: \"must give --with-incpath an argument.\"" >&2;} echo "$as_me: error: \"--without-incpath not supported.\"" >&2;} { (exit 1); exit 1; }; } ;; - *) echo "Adding ${with_incpath} to CPPFLAGS" + *) { echo "$as_me:$LINENO: Adding ${with_incpath} to CPPFLAGS" >&5 +echo "$as_me: Adding ${with_incpath} to CPPFLAGS" >&6;} for i in ${with_incpath}; do CPPFLAGS="${CPPFLAGS} -I${i}" done @@ -1505,10 +1536,8 @@ echo "$as_me: error: \"must give --with-libpath an argument.\"" >&2;} echo "$as_me: error: \"--without-libpath not supported.\"" >&2;} { (exit 1); exit 1; }; } ;; - *) echo "Adding ${with_libpath} to LDFLAGS" - for i in ${with_libpath}; do - LDFLAGS="${LDFLAGS} -L${i}" - done + *) { echo "$as_me:$LINENO: Adding ${with_libpath} to LDFLAGS" >&5 +echo "$as_me: Adding ${with_libpath} to LDFLAGS" >&6;} ;; esac fi; @@ -1526,16 +1555,8 @@ echo "$as_me: error: \"must give --with-libraries an argument.\"" >&2;} echo "$as_me: error: \"--without-libraries not supported.\"" >&2;} { (exit 1); exit 1; }; } ;; - *) echo "Adding ${with_libraries} to LIBS" - for i in ${with_libraries}; do - case $i in - -l*) ;; - *.a) ;; - *.o) ;; - *) i="-l${i}";; - esac - LIBS="${LIBS} ${i}" - done + *) { echo "$as_me:$LINENO: Adding ${with_libraries} to LIBS" >&5 +echo "$as_me: Adding ${with_libraries} to LIBS" >&6;} ;; esac fi; @@ -1545,13 +1566,15 @@ fi; if test "${with_devel+set}" = set; then withval="$with_devel" case $with_devel in - yes) echo 'Setting up for development: -Wall, flex, yacc' + yes) { echo "$as_me:$LINENO: Setting up for development: -Wall, flex, yacc" >&5 +echo "$as_me: Setting up for development: -Wall, flex, yacc" >&6;} PROGS="${PROGS} testsudoers" OSDEFS="${OSDEFS} -DSUDO_DEVEL" DEV="" ;; no) ;; - *) echo "Ignoring unknown argument to --with-devel: $with_devel" + *) { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --with-devel: $with_devel" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --with-devel: $with_devel" >&2;} ;; esac fi; @@ -1561,14 +1584,16 @@ fi; if test "${with_efence+set}" = set; then withval="$with_efence" case $with_efence in - yes) echo 'Sudo will link with -lefence (Electric Fence)' + yes) { echo "$as_me:$LINENO: Sudo will link with -lefence (Electric Fence)" >&5 +echo "$as_me: Sudo will link with -lefence (Electric Fence)" >&6;} LIBS="${LIBS} -lefence" if test -f /usr/local/lib/libefence.a; then - LDFLAGS="${LDFLAGS} -L/usr/local/lib" + with_libpath="${with_libpath} /usr/local/lib" fi ;; no) ;; - *) echo "Ignoring unknown argument to --with-efence: $with_efence" + *) { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --with-efence: $with_efence" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --with-efence: $with_efence" >&2;} ;; esac fi; @@ -1578,16 +1603,20 @@ fi; if test "${with_csops+set}" = set; then withval="$with_csops" case $with_csops in - yes) echo 'Adding CSOps standard options' + yes) { echo "$as_me:$LINENO: Adding CSOps standard options" >&5 +echo "$as_me: Adding CSOps standard options" >&6;} CHECKSIA=false with_ignore_dot=yes insults=on with_classic_insults=yes with_csops_insults=yes with_env_editor=yes + test -n "$mansectsu" || mansectsu=8 + test -n "$mansectform" || mansectform=5 ;; no) ;; - *) echo "Ignoring unknown argument to --with-csops: $with_csops" + *) { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --with-csops: $with_csops" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --with-csops: $with_csops" >&2;} ;; esac fi; @@ -1619,7 +1648,8 @@ fi; if test "${with_skey+set}" = set; then withval="$with_skey" case $with_skey in - yes) if test -n "$with_opie"; then + no) with_skey="";; + *) if test -n "$with_opie"; then { { echo "$as_me:$LINENO: error: \"cannot use both S/Key and OPIE\"" >&5 echo "$as_me: error: \"cannot use both S/Key and OPIE\"" >&2;} { (exit 1); exit 1; }; } @@ -1635,9 +1665,6 @@ echo $ECHO_N "checking whether to try S/Key authentication... $ECHO_C" >&6 echo "${ECHO_T}yes" >&6 AUTH_OBJS="${AUTH_OBJS} rfc1938.o" ;; - no) ;; - *) echo "Ignoring unknown argument to --with-skey: $with_skey" - ;; esac fi; @@ -1646,7 +1673,8 @@ fi; if test "${with_opie+set}" = set; then withval="$with_opie" case $with_opie in - yes) if test -n "$with_skey"; then + no) with_opie="";; + *) if test -n "$with_skey"; then { { echo "$as_me:$LINENO: error: \"cannot use both S/Key and OPIE\"" >&5 echo "$as_me: error: \"cannot use both S/Key and OPIE\"" >&2;} { (exit 1); exit 1; }; } @@ -1662,9 +1690,6 @@ echo $ECHO_N "checking whether to try NRL OPIE authentication... $ECHO_C" >&6 echo "${ECHO_T}yes" >&6 AUTH_OBJS="${AUTH_OBJS} rfc1938.o" ;; - no) ;; - *) echo "Ignoring unknown argument to --with-opie: $with_opie" - ;; esac fi; @@ -1698,7 +1723,7 @@ fi; if test "${with_SecurID+set}" = set; then withval="$with_SecurID" case $with_SecurID in - no) ;; + no) with_SecurID="";; *) cat >>confdefs.h <<\_ACEOF #define HAVE_SECURID 1 @@ -1718,7 +1743,7 @@ fi; if test "${with_fwtk+set}" = set; then withval="$with_fwtk" case $with_fwtk in - no) ;; + no) with_fwtk="";; *) cat >>confdefs.h <<\_ACEOF #define HAVE_FWTK 1 @@ -1730,11 +1755,6 @@ echo $ECHO_N "checking whether to use FWTK AuthSRV for authentication... $ECHO_C echo "${ECHO_T}yes" >&6 with_passwd=no AUTH_OBJS="fwtk.o" - if test "$with_fwtk" != "yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk}" - CPPFLAGS="${CPPFLAGS} -I${with_fwtk}" - with_fwtk=yes - fi ;; esac fi; @@ -1744,16 +1764,12 @@ fi; if test "${with_kerb4+set}" = set; then withval="$with_kerb4" case $with_kerb4 in - yes) echo "$as_me:$LINENO: checking whether to try Kerberos 4 authentication" >&5 -echo $ECHO_N "checking whether to try Kerberos 4 authentication... $ECHO_C" >&6 + no) with_kerb4="";; + *) echo "$as_me:$LINENO: checking whether to try kerberos IV authentication" >&5 +echo $ECHO_N "checking whether to try kerberos IV authentication... $ECHO_C" >&6 echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 ;; - no) ;; - *) { { echo "$as_me:$LINENO: error: \"--with-kerb4 does not take an argument.\"" >&5 -echo "$as_me: error: \"--with-kerb4 does not take an argument.\"" >&2;} - { (exit 1); exit 1; }; } - ;; esac fi; @@ -1762,16 +1778,12 @@ fi; if test "${with_kerb5+set}" = set; then withval="$with_kerb5" case $with_kerb5 in - yes) echo "$as_me:$LINENO: checking whether to try Kerberos 5 authentication" >&5 -echo $ECHO_N "checking whether to try Kerberos 5 authentication... $ECHO_C" >&6 + no) with_kerb5="";; + *) echo "$as_me:$LINENO: checking whether to try Kerberos V authentication" >&5 +echo $ECHO_N "checking whether to try Kerberos V authentication... $ECHO_C" >&6 echo "$as_me:$LINENO: result: yes" >&5 echo "${ECHO_T}yes" >&6 ;; - no) ;; - *) { { echo "$as_me:$LINENO: error: \"--with-kerb5 does not take an argument.\"" >&5 -echo "$as_me: error: \"--with-kerb5 does not take an argument.\"" >&2;} - { (exit 1); exit 1; }; } - ;; esac fi; @@ -2279,7 +2291,8 @@ if test "${with_mailsubject+set}" = set; then echo "$as_me: error: \"must give --with-mailsubject an argument.\"" >&2;} { (exit 1); exit 1; }; } ;; - no) echo "Sorry, --without-mailsubject not supported." + no) { echo "$as_me:$LINENO: WARNING: Sorry, --without-mailsubject not supported." >&5 +echo "$as_me: WARNING: Sorry, --without-mailsubject not supported." >&2;} ;; *) mailsub="$with_mailsubject" echo "$as_me:$LINENO: checking sudo mail subject" >&5 @@ -2306,7 +2319,8 @@ if test "${with_passprompt+set}" = set; then echo "$as_me: error: \"must give --with-passprompt an argument.\"" >&2;} { (exit 1); exit 1; }; } ;; - no) echo "Sorry, --without-passprompt not supported." + no) { echo "$as_me:$LINENO: WARNING: Sorry, --without-passprompt not supported." >&5 +echo "$as_me: WARNING: Sorry, --without-passprompt not supported." >&2;} ;; *) passprompt="$with_passprompt" esac @@ -2330,7 +2344,8 @@ if test "${with_badpass_message+set}" = set; then echo "$as_me: error: \"Must give --with-badpass-message an argument.\"" >&2;} { (exit 1); exit 1; }; } ;; - no) echo "Sorry, --without-badpass-message not supported." + no) { echo "$as_me:$LINENO: WARNING: Sorry, --without-badpass-message not supported." >&5 +echo "$as_me: WARNING: Sorry, --without-badpass-message not supported." >&2;} ;; *) badpass_message="$with_badpass_message" ;; @@ -3001,7 +3016,8 @@ _ACEOF ;; *) echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 - echo "Ignoring unknown argument to --enable-authentication: $enableval" + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-authentication: $enableval" >&2;} ;; esac @@ -3029,7 +3045,8 @@ _ACEOF ;; *) echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 - echo "Ignoring unknown argument to --enable-root-mailer: $enableval" + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-root-mailer: $enableval" >&2;} ;; esac @@ -3079,7 +3096,8 @@ _ACEOF ;; *) echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 - echo "Ignoring unknown argument to --enable-saved-ids: $enableval" + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-saved-ids: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-saved-ids: $enableval" >&2;} ;; esac @@ -3103,7 +3121,8 @@ echo "${ECHO_T}yes" >&6 ;; *) echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 - echo "Ignoring unknown argument to --enable-shadow: $enableval" + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-shadow: $enableval" >&2;} ;; esac @@ -3159,7 +3178,8 @@ echo "${ECHO_T}no" >&6 ;; *) echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 - echo "Ignoring unknown argument to --enable-log-host: $enableval" + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-log-host: $enableval" >&2;} ;; esac @@ -3187,7 +3207,8 @@ echo "${ECHO_T}no" >&6 ;; *) echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 - echo "Ignoring unknown argument to --enable-noargs-shell: $enableval" + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-noargs-shell: $enableval" >&2;} ;; esac @@ -3215,7 +3236,8 @@ echo "${ECHO_T}no" >&6 ;; *) echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 - echo "Ignoring unknown argument to --enable-shell-sets-home: $enableval" + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-shell-sets-home: $enableval" >&2;} ;; esac @@ -3243,7 +3265,8 @@ _ACEOF ;; *) echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 - echo "Ignoring unknown argument to --enable-path-info: $enableval" + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-path-info: $enableval" >&2;} ;; esac @@ -3288,8 +3311,9 @@ echo "${ECHO_T}no" >&6 fi if test -z "$EGREPPROG"; then - echo "Sorry, configure requires egrep to run." - exit + { { echo "$as_me:$LINENO: error: Sorry, configure requires egrep to run." >&5 +echo "$as_me: error: Sorry, configure requires egrep to run." >&2;} + { (exit 1); exit 1; }; } fi if test "$with_devel" != "yes"; then @@ -4741,11 +4765,9 @@ host_os=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` if test -n "$sudo_cv_prev_host"; then if test "$sudo_cv_prev_host" != "$host"; then - echo "" - echo "Fatal Error: config.cache exists from another platform!" - echo "Please remove it and re-run configure." - echo "" - exit 1 + { { echo "$as_me:$LINENO: error: config.cache was created on a different host; remove it and re-run configure." >&5 +echo "$as_me: error: config.cache was created on a different host; remove it and re-run configure." >&2;} + { (exit 1); exit 1; }; } else echo "$as_me:$LINENO: checking previous host type" >&5 echo $ECHO_N "checking previous host type... $ECHO_C" >&6 @@ -4755,7 +4777,8 @@ else sudo_cv_prev_host="$host" fi - echo $sudo_cv_prev_host + echo "$as_me:$LINENO: result: $sudo_cv_prev_host" >&5 +echo "${ECHO_T}$sudo_cv_prev_host" >&6 fi else # this will produce no output since there is no cached value @@ -4890,6 +4913,7 @@ done fi test -n "$mansectsu" || mansectsu=1m test -n "$mansectform" || mansectform=4 + test -n "$with_rpath" || with_rpath=yes ;; *-*-aix*) # To get all prototypes (so we pass -Wall) @@ -4899,6 +4923,60 @@ done EOF SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp" + if test X"$with_blibpath" != X"no"; then + echo "$as_me:$LINENO: checking if linker accepts -Wl,-blibpath" >&5 +echo $ECHO_N "checking if linker accepts -Wl,-blibpath... $ECHO_C" >&6 + O_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -Wl,-blibpath:/usr/lib:/lib" + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + + if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then + blibpath="$with_blibpath" + elif test -n "$GCC"; then + blibpath="/usr/lib:/lib:/usr/local/lib" + else + blibpath="/usr/lib:/lib" + fi + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext + fi + LDFLAGS="$O_LDFLAGS" ;; *-*-hiuxmpp*) if test "$CHECKSHADOW" = "true"; then @@ -5315,7 +5393,8 @@ echo "${ECHO_T}yes" >&6 ;; *) echo "$as_me:$LINENO: result: no" >&5 echo "${ECHO_T}no" >&6 - echo "Ignoring unknown argument to --enable-sia: $enableval" + { echo "$as_me:$LINENO: WARNING: Ignoring unknown argument to --enable-sia: $enableval" >&5 +echo "$as_me: WARNING: Ignoring unknown argument to --enable-sia: $enableval" >&2;} ;; esac @@ -6512,6 +6591,7 @@ fi fi test -n "$mansectsu" || mansectsu=1m test -n "$mansectform" || mansectform=4 + test -n "$with_rpath" || with_rpath=yes ;; *-ncr-sysv4*|*-ncr-sysvr4*) echo "$as_me:$LINENO: checking for strcasecmp in -lc89" >&5 @@ -6577,19 +6657,22 @@ fi test -n "$mansectsu" || mansectsu=1m test -n "$mansectform" || mansectform=4 + test -n "$with_rpath" || with_rpath=yes ;; *-ccur-sysv4*|*-ccur-sysvr4*) LIBS="${LIBS} -lgen" SUDO_LIBS="${SUDO_LIBS} -lgen" test -n "$mansectsu" || mansectsu=1m test -n "$mansectform" || mansectform=4 + test -n "$with_rpath" || with_rpath=yes ;; *-*-bsdi*) SKIP_SETREUID=yes # Use shlicc for BSD/OS [23].x unless asked to do otherwise if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then case "$OSREV" in - 2|3) echo 'using shlicc as CC' + 2|3) { echo "$as_me:$LINENO: using shlicc as CC" >&5 +echo "$as_me: using shlicc as CC" >&6;} ac_cv_prog_CC=shlicc CC="$ac_cv_prog_CC" ;; @@ -6641,6 +6724,11 @@ fi ac_cv_func_lockf=no ac_cv_func_flock=yes ;; + *-*-*sysv4*) + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 + test -n "$with_rpath" || with_rpath=yes + ;; *-*-sysv*) test -n "$mansectsu" || mansectsu=1m test -n "$mansectform" || mansectform=4 @@ -6650,6 +6738,32 @@ esac test -n "$mansectsu" || mansectsu=8 test -n "$mansectform" || mansectform=5 +if test -n "$with_libpath"; then + for i in ${with_libpath}; do + + if test X"$with_rpath" = X"yes"; then + LDFLAGS="${LDFLAGS} -L$i -R$i" + else + LDFLAGS="${LDFLAGS} -L$i" + fi + if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then + blibpath_add="${blibpath_add}:$i" + fi + + done +fi +if test -n "$with_libraries"; then + for i in ${with_libraries}; do + case $i in + -l*) ;; + *.a) ;; + *.o) ;; + *) i="-l${i}";; + esac + LIBS="${LIBS} ${i}" + done +fi + if test "$CHECKSHADOW" = "true"; then for ac_func in getspnam @@ -12374,48 +12488,374 @@ fi fi -if test "$with_kerb5" = "yes"; then +if test -n "$with_kerb4"; then cat >>confdefs.h <<\_ACEOF -#define HAVE_KERB5 1 +#define HAVE_KERB4 1 _ACEOF - if test -f "/usr/local/include/krb5.h"; then - CPPFLAGS="$CPPFLAGS -I/usr/local/include" - elif test -f "/usr/local/kerberos/include/krb5.h"; then - CPPFLAGS="$CPPFLAGS -I/usr/local/kerberos/include" - elif test -f "/usr/krb5/include/krb5.h"; then - CPPFLAGS="$CPPFLAGS -I/usr/krb5/include" - elif test -f "/usr/local/krb5/include/krb5.h"; then - CPPFLAGS="$CPPFLAGS -I/usr/local/krb5/include" + O_LDFLAGS="$LDFLAGS" + if test "$with_kerb4" = "yes"; then + found=no + O_CPPFLAGS="$CPPFLAGS" + for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do + CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" + cat >conftest.$ac_ext <<_ACEOF +#include <krb.h> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + found=yes; break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi +rm -f conftest.err conftest.$ac_ext + done + test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS" + else + + if test X"$with_rpath" = X"yes"; then + LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib -R${with_kerb4}/lib" else - echo 'Unable to locate kerberos 5 include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS' + LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib" + fi + if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then + blibpath_add="${blibpath_add}:${with_kerb4}/lib" fi - if test -f "/usr/local/lib/libkrb5.a"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/lib" - elif test -f "/usr/local/kerberos/lib/libkrb5.a"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/kerberos/lib" - elif test -f "/usr/krb5/lib/libkrb5.a"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/krb5/lib" - elif test -f "/usr/local/krb5/lib/libkrb5.a"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/krb5/lib" + + if test X"$with_rpath" = X"yes"; then + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb4}/lib -R${with_kerb4}/lib" else - echo 'Unable to locate kerberos 5 libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS' + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb4}/lib" + fi + if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then + blibpath_add="${blibpath_add}:${with_kerb4}/lib" fi - SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err" - AUTH_OBJS="${AUTH_OBJS} kerb5.o" + CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include" + if test "${ac_cv_header_krb_h+set}" = set; then + echo "$as_me:$LINENO: checking for krb.h" >&5 +echo $ECHO_N "checking for krb.h... $ECHO_C" >&6 +if test "${ac_cv_header_krb_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: $ac_cv_header_krb_h" >&5 +echo "${ECHO_T}$ac_cv_header_krb_h" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking krb.h usability" >&5 +echo $ECHO_N "checking krb.h usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <krb.h> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no fi +rm -f conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 -if test "$with_pam" = "yes"; then - echo "$as_me:$LINENO: checking for main in -ldl" >&5 -echo $ECHO_N "checking for main in -ldl... $ECHO_C" >&6 -if test "${ac_cv_lib_dl_main+set}" = set; then +# Is the header present? +echo "$as_me:$LINENO: checking krb.h presence" >&5 +echo $ECHO_N "checking krb.h presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <krb.h> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc in + yes:no ) + { echo "$as_me:$LINENO: WARNING: krb.h: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: krb.h: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: krb.h: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: krb.h: proceeding with the preprocessor's result" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------ ## +## Report this to bug-autoconf@gnu.org. ## +## ------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; + no:yes ) + { echo "$as_me:$LINENO: WARNING: krb.h: present but cannot be compiled" >&5 +echo "$as_me: WARNING: krb.h: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: krb.h: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: krb.h: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: krb.h: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: krb.h: proceeding with the preprocessor's result" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------ ## +## Report this to bug-autoconf@gnu.org. ## +## ------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for krb.h" >&5 +echo $ECHO_N "checking for krb.h... $ECHO_C" >&6 +if test "${ac_cv_header_krb_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_header_krb_h=$ac_header_preproc +fi +echo "$as_me:$LINENO: result: $ac_cv_header_krb_h" >&5 +echo "${ECHO_T}$ac_cv_header_krb_h" >&6 + +fi +if test $ac_cv_header_krb_h = yes; then + found=yes +else + found=no +fi + + + fi + if test X"$found" = X"no"; then + { echo "$as_me:$LINENO: WARNING: Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS" >&5 +echo "$as_me: WARNING: Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS" >&2;} + fi + + echo "$as_me:$LINENO: checking for des_cbc_encrypt in -ldes" >&5 +echo $ECHO_N "checking for des_cbc_encrypt in -ldes... $ECHO_C" >&6 +if test "${ac_cv_lib_des_des_cbc_encrypt+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-ldl $LIBS" +LIBS="-ldes $LIBS" +cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char des_cbc_encrypt (); +int +main () +{ +des_cbc_encrypt (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_des_des_cbc_encrypt=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_des_des_cbc_encrypt=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_des_des_cbc_encrypt" >&5 +echo "${ECHO_T}$ac_cv_lib_des_des_cbc_encrypt" >&6 +if test $ac_cv_lib_des_des_cbc_encrypt = yes; then + K4LIBS="-ldes" +else + + echo "$as_me:$LINENO: checking for des_cbc_encrypt in -ldes425" >&5 +echo $ECHO_N "checking for des_cbc_encrypt in -ldes425... $ECHO_C" >&6 +if test "${ac_cv_lib_des425_des_cbc_encrypt+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldes425 $LIBS" +cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char des_cbc_encrypt (); +int +main () +{ +des_cbc_encrypt (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_des425_des_cbc_encrypt=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_des425_des_cbc_encrypt=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_des425_des_cbc_encrypt" >&5 +echo "${ECHO_T}$ac_cv_lib_des425_des_cbc_encrypt" >&6 +if test $ac_cv_lib_des425_des_cbc_encrypt = yes; then + K4LIBS="-ldes425" +else + K4LIBS="" +fi + + +fi + + echo "$as_me:$LINENO: checking whether we are using KTH Kerberos IV" >&5 +echo $ECHO_N "checking whether we are using KTH Kerberos IV... $ECHO_C" >&6 + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <krb.h> +int +main () +{ +const char *tmp = krb4_version; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + K4LIBS="${K4LIBS} -lcom_err" + echo "$as_me:$LINENO: checking for main in -lroken" >&5 +echo $ECHO_N "checking for main in -lroken... $ECHO_C" >&6 +if test "${ac_cv_lib_roken_main+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lroken $LIBS" cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ @@ -12445,62 +12885,253 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - ac_cv_lib_dl_main=yes + ac_cv_lib_roken_main=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -ac_cv_lib_dl_main=no +ac_cv_lib_roken_main=no fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:$LINENO: result: $ac_cv_lib_dl_main" >&5 -echo "${ECHO_T}$ac_cv_lib_dl_main" >&6 -if test $ac_cv_lib_dl_main = yes; then - SUDO_LIBS="${SUDO_LIBS} -lpam -ldl" +echo "$as_me:$LINENO: result: $ac_cv_lib_roken_main" >&5 +echo "${ECHO_T}$ac_cv_lib_roken_main" >&6 +if test $ac_cv_lib_roken_main = yes; then + K4LIBS="${K4LIBS} -lroken" +fi + + else - SUDO_LIBS="${SUDO_LIBS} -lpam" + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 + + fi -ac_cv_lib_dl=ac_cv_lib_dl_main +rm -f conftest.$ac_objext conftest.$ac_ext + as_ac_Lib=`echo "ac_cv_lib_krb_main$K4LIBS" | $as_tr_sh` +echo "$as_me:$LINENO: checking for main in -lkrb" >&5 +echo $ECHO_N "checking for main in -lkrb... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Lib+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lkrb $K4LIBS $LIBS" +cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + + +int +main () +{ +main (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_Lib=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +eval "$as_ac_Lib=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Lib'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Lib'}'`" >&6 +if test `eval echo '${'$as_ac_Lib'}'` = yes; then + K4LIBS="-lkrb $K4LIBS" +else + + as_ac_Lib=`echo "ac_cv_lib_krb4_main$K4LIBS" | $as_tr_sh` +echo "$as_me:$LINENO: checking for main in -lkrb4" >&5 +echo $ECHO_N "checking for main in -lkrb4... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Lib+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lkrb4 $K4LIBS $LIBS" +cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + + +int +main () +{ +main (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_Lib=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +eval "$as_ac_Lib=no" +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Lib'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Lib'}'`" >&6 +if test `eval echo '${'$as_ac_Lib'}'` = yes; then + K4LIBS="-lkrb4 $K4LIBS" +else + K4LIBS="-lkrb $K4LIBS" + { echo "$as_me:$LINENO: WARNING: Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS" >&5 +echo "$as_me: WARNING: Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS" >&2;} fi -if test "$with_kerb4" = "yes"; then + +fi + + LDFLAGS="$O_LDFLAGS" + SUDO_LIBS="${SUDO_LIBS} $K4LIBS" + AUTH_OBJS="${AUTH_OBJS} kerb4.o" +fi + +if test -n "$with_kerb5"; then cat >>confdefs.h <<\_ACEOF -#define HAVE_KERB4 1 +#define HAVE_KERB5 1 _ACEOF - if test -f "/usr/include/kerberosIV/krb.h"; then - CPPFLAGS="${CPPFLAGS} -I/usr/include/kerberosIV" - elif test -f "/usr/local/include/kerberosIV/krb.h"; then - CPPFLAGS="${CPPFLAGS} -I/usr/local/include/kerberosIV" - elif test -f "/usr/kerberos/include/krb.h"; then - CPPFLAGS="${CPPFLAGS} -I/usr/kerberos/include" - elif test -f "/usr/local/kerberos/include/krb.h"; then - CPPFLAGS="${CPPFLAGS} -I/usr/local/kerberos/include" + if test "$with_kerb5" = "yes"; then + found=no + O_CPPFLAGS="$CPPFLAGS" + for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do + CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" + cat >conftest.$ac_ext <<_ACEOF +#include <krb5.h> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + found=yes; break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi +rm -f conftest.err conftest.$ac_ext + done + if test X"$found" = X"no"; then + CPPFLAGS="$O_CPPFLAGS" + { echo "$as_me:$LINENO: WARNING: Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS" >&5 +echo "$as_me: WARNING: Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS" >&2;} + fi + else + + if test X"$with_rpath" = X"yes"; then + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb5}/lib -R${with_kerb5}/lib" else - echo 'Unable to locate kerberos 4 include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS' + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_kerb5}/lib" + fi + if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then + blibpath_add="${blibpath_add}:${with_kerb5}/lib" fi - if test -d "/usr/kerberos/lib"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/kerberos/lib" - elif test -d "/usr/lib/kerberos"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/lib/kerberos" - elif test -f "/usr/local/lib/libkrb.a"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/lib" - elif test ! -f "/usr/lib/libkrb.a"; then - echo 'Unable to locate kerberos 4 libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS' + CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include" fi - echo "$as_me:$LINENO: checking for main in -ldes" >&5 -echo $ECHO_N "checking for main in -ldes... $ECHO_C" >&6 -if test "${ac_cv_lib_des_main+set}" = set; then + echo "$as_me:$LINENO: checking whether we are using Heimdal" >&5 +echo $ECHO_N "checking whether we are using Heimdal... $ECHO_C" >&6 + cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <krb5.h> +int +main () +{ +const char *tmp = heimdal_version; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + SUDO_LIBS="${SUDO_LIBS} -lkrb5 -ldes -lcom_err -lasn1" + echo "$as_me:$LINENO: checking for main in -lroken" >&5 +echo $ECHO_N "checking for main in -lroken... $ECHO_C" >&6 +if test "${ac_cv_lib_roken_main+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-ldes $LIBS" +LIBS="-lroken $LIBS" cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ @@ -12530,26 +13161,94 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - ac_cv_lib_des_main=yes + ac_cv_lib_roken_main=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -ac_cv_lib_des_main=no +ac_cv_lib_roken_main=no fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:$LINENO: result: $ac_cv_lib_des_main" >&5 -echo "${ECHO_T}$ac_cv_lib_des_main" >&6 -if test $ac_cv_lib_des_main = yes; then - SUDO_LIBS="${SUDO_LIBS} -lkrb -ldes" +echo "$as_me:$LINENO: result: $ac_cv_lib_roken_main" >&5 +echo "${ECHO_T}$ac_cv_lib_roken_main" >&6 +if test $ac_cv_lib_roken_main = yes; then + SUDO_LIBS="${SUDO_LIBS} -lroken" +fi + + else - SUDO_LIBS="${SUDO_LIBS} -lkrb" + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 + SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err" + + +fi +rm -f conftest.$ac_objext conftest.$ac_ext + AUTH_OBJS="${AUTH_OBJS} kerb5.o" fi -ac_cv_lib_des=ac_cv_lib_des_main - AUTH_OBJS="${AUTH_OBJS} kerb4.o" +if test "$with_pam" = "yes"; then + echo "$as_me:$LINENO: checking for main in -ldl" >&5 +echo $ECHO_N "checking for main in -ldl... $ECHO_C" >&6 +if test "${ac_cv_lib_dl_main+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + + +int +main () +{ +main (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_dl_main=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_dl_main=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_dl_main" >&5 +echo "${ECHO_T}$ac_cv_lib_dl_main" >&6 +if test $ac_cv_lib_dl_main = yes; then + SUDO_LIBS="${SUDO_LIBS} -lpam -ldl" +else + SUDO_LIBS="${SUDO_LIBS} -lpam" +fi +ac_cv_lib_dl=ac_cv_lib_dl_main + fi if test "$with_AFS" = "yes"; then @@ -12558,12 +13257,22 @@ if test "$with_AFS" = "yes"; then AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs" for i in $AFSLIBDIRS; do if test -d ${i}; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${i}" + + if test X"$with_rpath" = X"yes"; then + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L$i -R$i" + else + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L$i" + fi + if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then + blibpath_add="${blibpath_add}:$i" + fi + FOUND_AFSLIBDIR=true fi done if test -z "$FOUND_AFSLIBDIR"; then - echo 'Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.' + { echo "$as_me:$LINENO: WARNING: Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options." >&5 +echo "$as_me: WARNING: Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options." >&2;} fi # Order is important here. Note that we build AFS_LIBS from right to left @@ -12590,7 +13299,8 @@ if test "$with_AFS" = "yes"; then done if test -z "$FOUND_AFSLIBDIR"; then - echo 'Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.' + { echo "$as_me:$LINENO: WARNING: Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options." >&5 +echo "$as_me: WARNING: Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options." >&2;} fi fi @@ -12599,19 +13309,176 @@ if test "$with_DCE" = "yes"; then SUDO_LIBS="${SUDO_LIBS} -ldce" fi -if test "$with_skey" = "yes"; then - SUDO_LIBS="${SUDO_LIBS} -lskey" - if test -f /usr/include/skey.h -a -f /usr/lib/libskey.a; then - : - elif test -f /usr/local/include/skey.h; then - CPPFLAGS="${CPPFLAGS} -I/usr/local/include" - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/lib" - elif test "$with_csops" = "yes" -a -f /tools/cs/skey/include/skey.h -a -f /tools/cs/skey/lib/libskey.a; then - CPPFLAGS="${CPPFLAGS} -I/tools/cs/skey/include" - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/tools/cs/skey/lib" +if test -n "$with_skey"; then + O_LDFLAGS="$LDFLAGS" + if test "$with_skey" != "yes"; then + CPPFLAGS="${CPPFLAGS} -I${with_skey}/include" + + if test X"$with_rpath" = X"yes"; then + LDFLAGS="${LDFLAGS} -L${with_skey}/lib -R${with_skey}/lib" else - echo 'Unable to locate libskey.a and/or skey.h, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS and/or -I/path/to/skey.h to CPPFLAGS' + LDFLAGS="${LDFLAGS} -L${with_skey}/lib" + fi + if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then + blibpath_add="${blibpath_add}:${with_skey}/lib" fi + + + if test X"$with_rpath" = X"yes"; then + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_skey}/lib -R${with_skey}/lib" + else + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_skey}/lib" + fi + if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then + blibpath_add="${blibpath_add}:${with_skey}/lib" + fi + + cat >conftest.$ac_ext <<_ACEOF +#include <skey.h> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + found=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + found=no +fi +rm -f conftest.err conftest.$ac_ext + else + found=no + O_CPPFLAGS="$CPPFLAGS" + for dir in "" "/usr/local" "/usr/contrib"; do + test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" + cat >conftest.$ac_ext <<_ACEOF +#include <skey.h> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + found=yes; break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi +rm -f conftest.err conftest.$ac_ext + done + if test "$found" = "no" -o -z "$dir"; then + CPPFLAGS="$O_CPPFLAGS" + else + + if test X"$with_rpath" = X"yes"; then + LDFLAGS="${LDFLAGS} -L${dir}/lib -R${dir}/lib" + else + LDFLAGS="${LDFLAGS} -L${dir}/lib" + fi + if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then + blibpath_add="${blibpath_add}:${dir}/lib" + fi + + + if test X"$with_rpath" = X"yes"; then + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -R${dir}/lib" + else + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib" + fi + if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then + blibpath_add="${blibpath_add}:${dir}/lib" + fi + + fi + fi + if test "$found" = "no"; then + { echo "$as_me:$LINENO: WARNING: Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS" >&5 +echo "$as_me: WARNING: Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS" >&2;} + fi + echo "$as_me:$LINENO: checking for main in -lskey" >&5 +echo $ECHO_N "checking for main in -lskey... $ECHO_C" >&6 +if test "${ac_cv_lib_skey_main+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lskey $LIBS" +cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + + +int +main () +{ +main (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_skey_main=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_skey_main=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_skey_main" >&5 +echo "${ECHO_T}$ac_cv_lib_skey_main" >&6 +if test $ac_cv_lib_skey_main = yes; then + found=yes +else + { echo "$as_me:$LINENO: WARNING: Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS" >&5 +echo "$as_me: WARNING: Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS" >&2;} +fi + echo "$as_me:$LINENO: checking for skeyaccess in -lskey" >&5 echo $ECHO_N "checking for skeyaccess in -lskey... $ECHO_C" >&6 if test "${ac_cv_lib_skey_skeyaccess+set}" = set; then @@ -12674,18 +13541,182 @@ _ACEOF fi + LDFLAGS="$O_LDFLAGS" + SUDO_LIBS="${SUDO_LIBS} -lskey" fi -if test "$with_opie" = "yes"; then - SUDO_LIBS="${SUDO_LIBS} -lopie" - if test -f /usr/include/opie.h -a -f /usr/lib/libopie.a; then - : - elif test -f /usr/local/include/opie.h; then - CPPFLAGS="${CPPFLAGS} -I/usr/local/include" - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/lib" +if test -n "$with_opie"; then + O_LDFLAGS="$LDFLAGS" + if test "$with_opie" != "yes"; then + CPPFLAGS="${CPPFLAGS} -I${with_opie}/include" + + if test X"$with_rpath" = X"yes"; then + LDFLAGS="${LDFLAGS} -L${with_opie}/lib -R${with_opie}/lib" + else + LDFLAGS="${LDFLAGS} -L${with_opie}/lib" + fi + if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then + blibpath_add="${blibpath_add}:${with_opie}/lib" + fi + + + if test X"$with_rpath" = X"yes"; then + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_opie}/lib -R${with_opie}/lib" + else + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_opie}/lib" + fi + if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then + blibpath_add="${blibpath_add}:${with_opie}/lib" + fi + + cat >conftest.$ac_ext <<_ACEOF +#include <opie.h> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + found=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + found=no +fi +rm -f conftest.err conftest.$ac_ext else - echo 'Unable to locate libopie.a and/or opie.h, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS and/or -I/path/to/opie.h to CPPFLAGS' + found=no + O_CPPFLAGS="$CPPFLAGS" + for dir in "" "/usr/local" "/usr/contrib"; do + test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" + cat >conftest.$ac_ext <<_ACEOF +#include <opie.h> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + found=yes; break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +fi +rm -f conftest.err conftest.$ac_ext + done + if test "$found" = "no" -o -z "$dir"; then + CPPFLAGS="$O_CPPFLAGS" + else + + if test X"$with_rpath" = X"yes"; then + LDFLAGS="${LDFLAGS} -L${dir}/lib -R${dir}/lib" + else + LDFLAGS="${LDFLAGS} -L${dir}/lib" + fi + if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then + blibpath_add="${blibpath_add}:${dir}/lib" + fi + + + if test X"$with_rpath" = X"yes"; then + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib -R${dir}/lib" + else + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${dir}/lib" + fi + if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then + blibpath_add="${blibpath_add}:${dir}/lib" fi + + fi + fi + if test "$found" = "no"; then + { echo "$as_me:$LINENO: WARNING: Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS" >&5 +echo "$as_me: WARNING: Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS" >&2;} + fi + echo "$as_me:$LINENO: checking for main in -lopie" >&5 +echo $ECHO_N "checking for main in -lopie... $ECHO_C" >&6 +if test "${ac_cv_lib_opie_main+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lopie $LIBS" +cat >conftest.$ac_ext <<_ACEOF +#line $LINENO "configure" +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + + +int +main () +{ +main (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_opie_main=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_opie_main=no +fi +rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_opie_main" >&5 +echo "${ECHO_T}$ac_cv_lib_opie_main" >&6 +if test $ac_cv_lib_opie_main = yes; then + found=yes +else + { echo "$as_me:$LINENO: WARNING: Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS" >&5 +echo "$as_me: WARNING: Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS" >&2;} +fi + + LDFLAGS="$O_LDFLAGS" + SUDO_LIBS="${SUDO_LIBS} -lopie" fi if test -n "$with_SecurID" -a "$with_SecurID" != "no"; then @@ -12698,17 +13729,29 @@ if test -n "$with_SecurID" -a "$with_SecurID" != "no"; then fi CPPFLAGS="${CPPFLAGS} -I${with_SecurID}" _LDFLAGS="${LDFLAGS}" - LDFLAGS="${LDFLAGS} -L${with_SecurID}" + + if test X"$with_rpath" = X"yes"; then + LDFLAGS="${LDFLAGS} -L${with_SecurID} -R${with_SecurID}" + else + LDFLAGS="${LDFLAGS} -L${with_SecurID}" + fi + if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then + blibpath_add="${blibpath_add}:${with_SecurID}" + fi + # # Determine whether to use the new or old SecurID API # echo "$as_me:$LINENO: checking for SD_Init in -laceclnt" >&5 echo $ECHO_N "checking for SD_Init in -laceclnt... $ECHO_C" >&6 -if test "${ac_cv_lib_aceclnt_SD_Init_lpthread+set}" = set; then +if test "${ac_cv_lib_aceclnt_SD_Init_______lpthread_______+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-laceclnt -lpthread $LIBS" +LIBS="-laceclnt + -lpthread + + $LIBS" cat >conftest.$ac_ext <<_ACEOF #line $LINENO "configure" /* confdefs.h. */ @@ -12744,28 +13787,60 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - ac_cv_lib_aceclnt_SD_Init_lpthread=yes + ac_cv_lib_aceclnt_SD_Init_______lpthread_______=yes else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -ac_cv_lib_aceclnt_SD_Init_lpthread=no +ac_cv_lib_aceclnt_SD_Init_______lpthread_______=no fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:$LINENO: result: $ac_cv_lib_aceclnt_SD_Init_lpthread" >&5 -echo "${ECHO_T}$ac_cv_lib_aceclnt_SD_Init_lpthread" >&6 -if test $ac_cv_lib_aceclnt_SD_Init_lpthread = yes; then - AUTH_OBJS="securid5.o"; SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"; SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID}" +echo "$as_me:$LINENO: result: $ac_cv_lib_aceclnt_SD_Init_______lpthread_______" >&5 +echo "${ECHO_T}$ac_cv_lib_aceclnt_SD_Init_______lpthread_______" >&6 +if test $ac_cv_lib_aceclnt_SD_Init_______lpthread_______ = yes; then + + AUTH_OBJS="securid5.o" + SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread" + + + + if test X"$with_rpath" = X"yes"; then + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID} -R${with_SecurID}" + else + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID}" + fi + if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then + blibpath_add="${blibpath_add}:${with_SecurID}" + fi + + else - AUTH_OBJS="securid.o"; SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a" + + AUTH_OBJS="securid.o" + SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a" + fi LDFLAGS="${_LDFLAGS}" fi -if test "$with_fwtk" = "yes"; then +if test -n "$with_fwtk"; then + if test "$with_fwtk" != "yes"; then + + if test X"$with_rpath" = X"yes"; then + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk} -R${with_fwtk}" + else + SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk}" + fi + if test X"$blibpath" != X"" -a "SUDO_LDFLAGS" = "SUDO_LDFLAGS"; then + blibpath_add="${blibpath_add}:${with_fwtk}" + fi + + CPPFLAGS="${CPPFLAGS} -I${with_fwtk}" + with_fwtk=yes + fi SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall" fi @@ -12773,6 +13848,14 @@ if test "$with_authenticate" = "yes"; then SUDO_LIBS="${SUDO_LIBS} -ls" fi +if test -n "$blibpath"; then + if test -n "$blibpath_add"; then + SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}" + elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then + SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}" + fi +fi + echo "$as_me:$LINENO: checking for log file location" >&5 echo $ECHO_N "checking for log file location... $ECHO_C" >&6 if test -n "$with_logpath"; then @@ -14003,13 +15086,12 @@ fi if test "$with_pam" = "yes"; then - echo "" case $host in *-*-linux*) - echo "You will need to customize sample.pam and install it as /etc/pam.d/sudo" + { echo "$as_me:$LINENO: You will need to customize sample.pam and install it as /etc/pam.d/sudo" >&5 +echo "$as_me: You will need to customize sample.pam and install it as /etc/pam.d/sudo" >&6;} ;; esac - echo "" fi diff --git a/usr.bin/sudo/configure.in b/usr.bin/sudo/configure.in index e8bc7c6eec9..d3229733538 100644 --- a/usr.bin/sudo/configure.in +++ b/usr.bin/sudo/configure.in @@ -1,6 +1,6 @@ dnl dnl Process this file with GNU autoconf to produce a configure script. -dnl $Sudo: configure.in,v 1.367 2003/03/15 20:31:01 millert Exp $ +dnl $Sudo: configure.in,v 1.378 2003/03/24 16:05:59 millert Exp $ dnl dnl Copyright (c) 1994-1996,1998-2003 Todd C. Miller <Todd.Miller@courtesan.com> dnl @@ -9,7 +9,7 @@ AC_CONFIG_HEADER(config.h pathnames.h) dnl dnl This won't work before AC_INIT() dnl -echo "Configuring Sudo version 1.6.7" +AC_MSG_NOTICE([Configuring Sudo version 1.6.7]) dnl dnl Variables that get substituted in the Makefile and man pages dnl @@ -120,14 +120,14 @@ AC_ARG_WITH(otp-only, [ --with-otp-only deprecated], [case $with_otp_only in yes) with_passwd=no AC_DEFINE(WITHOUT_PASSWD, 1, [Define to avoid using the passwd/shadow file for authentication.]) - AC_MSG_WARN([--with-otp-only option deprecated, treating as --without-passwd]) + AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd]) ;; esac]) AC_ARG_WITH(alertmail, [ --with-alertmail deprecated], [case $with_alertmail in *) with_mailto="$with_alertmail" - AC_MSG_WARN([--with-alertmail option deprecated, treating as --mailto]) + AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto]) ;; esac]) @@ -145,13 +145,29 @@ AC_ARG_WITH(CC, [ --with-CC C compiler to use], ;; esac]) +AC_ARG_WITH(rpath, [ --with-rpath pass -R flag in addition to -L for lib paths], +[case $with_rpath in + yes) ;; + no) ;; + *) AC_MSG_ERROR(["--with-rpath does not take an argument."]) + ;; +esac]) + +AC_ARG_WITH(blibpath, [ --with-blibpath[=PATH] pass -blibpath flag to ld for additional lib paths], +[case $with_blibpath in + yes) ;; + no) ;; + *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.]) + ;; +esac]) + AC_ARG_WITH(incpath, [ --with-incpath additional places to look for include files], [case $with_incpath in yes) AC_MSG_ERROR(["must give --with-incpath an argument."]) ;; no) AC_MSG_ERROR(["--without-incpath not supported."]) ;; - *) echo "Adding ${with_incpath} to CPPFLAGS" + *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS]) for i in ${with_incpath}; do CPPFLAGS="${CPPFLAGS} -I${i}" done @@ -164,10 +180,7 @@ AC_ARG_WITH(libpath, [ --with-libpath additional places to look for li ;; no) AC_MSG_ERROR(["--without-libpath not supported."]) ;; - *) echo "Adding ${with_libpath} to LDFLAGS" - for i in ${with_libpath}; do - LDFLAGS="${LDFLAGS} -L${i}" - done + *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS]) ;; esac]) @@ -177,56 +190,49 @@ AC_ARG_WITH(libraries, [ --with-libraries additional libraries to link w ;; no) AC_MSG_ERROR(["--without-libraries not supported."]) ;; - *) echo "Adding ${with_libraries} to LIBS" - for i in ${with_libraries}; do - case $i in - -l*) ;; - *.a) ;; - *.o) ;; - *) i="-l${i}";; - esac - LIBS="${LIBS} ${i}" - done + *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS]) ;; esac]) AC_ARG_WITH(devel, [ --with-devel add development options], [case $with_devel in - yes) echo 'Setting up for development: -Wall, flex, yacc' + yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc]) PROGS="${PROGS} testsudoers" OSDEFS="${OSDEFS} -DSUDO_DEVEL" DEV="" ;; no) ;; - *) echo "Ignoring unknown argument to --with-devel: $with_devel" + *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel]) ;; esac]) AC_ARG_WITH(efence, [ --with-efence link with -lefence for malloc() debugging], [case $with_efence in - yes) echo 'Sudo will link with -lefence (Electric Fence)' + yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)]) LIBS="${LIBS} -lefence" if test -f /usr/local/lib/libefence.a; then - LDFLAGS="${LDFLAGS} -L/usr/local/lib" + with_libpath="${with_libpath} /usr/local/lib" fi ;; no) ;; - *) echo "Ignoring unknown argument to --with-efence: $with_efence" + *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence]) ;; esac]) AC_ARG_WITH(csops, [ --with-csops add CSOps standard options], [case $with_csops in - yes) echo 'Adding CSOps standard options' + yes) AC_MSG_NOTICE([Adding CSOps standard options]) CHECKSIA=false with_ignore_dot=yes insults=on with_classic_insults=yes with_csops_insults=yes with_env_editor=yes + test -n "$mansectsu" || mansectsu=8 + test -n "$mansectform" || mansectform=5 ;; no) ;; - *) echo "Ignoring unknown argument to --with-csops: $with_csops" + *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops]) ;; esac]) @@ -241,9 +247,10 @@ AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for ;; esac]) -AC_ARG_WITH(skey, [ --with-skey enable S/Key support ], +AC_ARG_WITH(skey, [ --with-skey[=DIR] enable S/Key support ], [case $with_skey in - yes) if test -n "$with_opie"; then + no) with_skey="";; + *) if test -n "$with_opie"; then AC_MSG_ERROR(["cannot use both S/Key and OPIE"]) fi AC_DEFINE(HAVE_SKEY, 1, [Define if you use S/Key.]) @@ -251,14 +258,12 @@ AC_ARG_WITH(skey, [ --with-skey enable S/Key support ], AC_MSG_RESULT(yes) AUTH_OBJS="${AUTH_OBJS} rfc1938.o" ;; - no) ;; - *) echo "Ignoring unknown argument to --with-skey: $with_skey" - ;; esac]) -AC_ARG_WITH(opie, [ --with-opie enable OPIE support ], +AC_ARG_WITH(opie, [ --with-opie[=DIR] enable OPIE support ], [case $with_opie in - yes) if test -n "$with_skey"; then + no) with_opie="";; + *) if test -n "$with_skey"; then AC_MSG_ERROR(["cannot use both S/Key and OPIE"]) fi AC_DEFINE(HAVE_OPIE, 1, [Define if you use NRL OPIE.]) @@ -266,9 +271,6 @@ AC_ARG_WITH(opie, [ --with-opie enable OPIE support ], AC_MSG_RESULT(yes) AUTH_OBJS="${AUTH_OBJS} rfc1938.o" ;; - no) ;; - *) echo "Ignoring unknown argument to --with-opie: $with_opie" - ;; esac]) AC_ARG_WITH(long-otp-prompt, [ --with-long-otp-prompt use a two line OTP (skey/opie) prompt], @@ -284,9 +286,9 @@ AC_ARG_WITH(long-otp-prompt, [ --with-long-otp-prompt use a two line OTP (skey ;; esac]) -AC_ARG_WITH(SecurID, [ --with-SecurID enable SecurID support], +AC_ARG_WITH(SecurID, [ --with-SecurID[[=DIR]] enable SecurID support], [case $with_SecurID in - no) ;; + no) with_SecurID="";; *) AC_DEFINE(HAVE_SECURID, 1, [Define if you use SecurID.]) AC_MSG_CHECKING(whether to use SecurID for authentication) AC_MSG_RESULT(yes) @@ -294,40 +296,31 @@ AC_ARG_WITH(SecurID, [ --with-SecurID enable SecurID support], ;; esac]) -AC_ARG_WITH(fwtk, [ --with-fwtk enable FWTK AuthSRV support], +AC_ARG_WITH(fwtk, [ --with-fwtk[[=DIR]] enable FWTK AuthSRV support], [case $with_fwtk in - no) ;; + no) with_fwtk="";; *) AC_DEFINE(HAVE_FWTK, 1, [Define if you use the FWTK authsrv daemon.]) AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication) AC_MSG_RESULT(yes) with_passwd=no AUTH_OBJS="fwtk.o" - if test "$with_fwtk" != "yes"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_fwtk}" - CPPFLAGS="${CPPFLAGS} -I${with_fwtk}" - with_fwtk=yes - fi ;; esac]) -AC_ARG_WITH(kerb4, [ --with-kerb4 enable kerberos v4 support], +AC_ARG_WITH(kerb4, [ --with-kerb4[[=DIR]] enable Kerberos IV support], [case $with_kerb4 in - yes) AC_MSG_CHECKING(whether to try Kerberos 4 authentication) + no) with_kerb4="";; + *) AC_MSG_CHECKING(whether to try kerberos IV authentication) AC_MSG_RESULT(yes) ;; - no) ;; - *) AC_MSG_ERROR(["--with-kerb4 does not take an argument."]) - ;; esac]) -AC_ARG_WITH(kerb5, [ --with-kerb5 enable kerberos v5 support], +AC_ARG_WITH(kerb5, [ --with-kerb5[[=DIR]] enable Kerberos V support], [case $with_kerb5 in - yes) AC_MSG_CHECKING(whether to try Kerberos 5 authentication) + no) with_kerb5="";; + *) AC_MSG_CHECKING(whether to try Kerberos V authentication) AC_MSG_RESULT(yes) ;; - no) ;; - *) AC_MSG_ERROR(["--with-kerb5 does not take an argument."]) - ;; esac]) AC_ARG_WITH(authenticate, [ --with-authenticate enable AIX general authentication support], @@ -588,7 +581,7 @@ AC_ARG_WITH(mailsubject, [ --with-mailsubject subject of sudo mail], [case $with_mailsubject in yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."]) ;; - no) echo "Sorry, --without-mailsubject not supported." + no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.]) ;; *) mailsub="$with_mailsubject" AC_MSG_CHECKING(sudo mail subject) @@ -602,7 +595,7 @@ AC_ARG_WITH(passprompt, [ --with-passprompt default password prompt], [case $with_passprompt in yes) AC_MSG_ERROR(["must give --with-passprompt an argument."]) ;; - no) echo "Sorry, --without-passprompt not supported." + no) AC_MSG_WARN([Sorry, --without-passprompt not supported.]) ;; *) passprompt="$with_passprompt" esac]) @@ -614,7 +607,7 @@ AC_ARG_WITH(badpass-message, [ --with-badpass-message message the user sees wh [case $with_badpass_message in yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."]) ;; - no) echo "Sorry, --without-badpass-message not supported." + no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.]) ;; *) badpass_message="$with_badpass_message" ;; @@ -969,7 +962,7 @@ AC_ARG_ENABLE(authentication, AC_DEFINE(NO_AUTHENTICATION, 1, [Define if you don't want sudo to prompt for a password by default.]) ;; *) AC_MSG_RESULT(no) - echo "Ignoring unknown argument to --enable-authentication: $enableval" + AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval]) ;; esac ], AC_MSG_RESULT(yes)) @@ -984,7 +977,7 @@ AC_ARG_ENABLE(root-mailer, AC_DEFINE(NO_ROOT_MAILER, 1, [Define to avoid runing the mailer as root.]) ;; *) AC_MSG_RESULT(no) - echo "Ignoring unknown argument to --enable-root-mailer: $enableval" + AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval]) ;; esac ], AC_MSG_RESULT(no)) @@ -1017,7 +1010,7 @@ AC_ARG_ENABLE(saved-ids, AC_DEFINE(NO_SAVED_IDS, 1, [Define to avoid using POSIX saved ids.]) ;; *) AC_MSG_RESULT(no) - echo "Ignoring unknown argument to --enable-saved-ids: $enableval" + AC_MSG_WARN([Ignoring unknown argument to --enable-saved-ids: $enableval]) ;; esac ], AC_MSG_RESULT(no)) @@ -1032,7 +1025,7 @@ AC_ARG_ENABLE(shadow, CHECKSHADOW="false" ;; *) AC_MSG_RESULT(no) - echo "Ignoring unknown argument to --enable-shadow: $enableval" + AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval]) ;; esac ], AC_MSG_RESULT(no)) @@ -1061,7 +1054,7 @@ AC_ARG_ENABLE(log-host, no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(no) - echo "Ignoring unknown argument to --enable-log-host: $enableval" + AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval]) ;; esac ], AC_MSG_RESULT(no)) @@ -1076,7 +1069,7 @@ AC_ARG_ENABLE(noargs-shell, no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(no) - echo "Ignoring unknown argument to --enable-noargs-shell: $enableval" + AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval]) ;; esac ], AC_MSG_RESULT(no)) @@ -1092,7 +1085,7 @@ AC_ARG_ENABLE(shell-sets-home, no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(no) - echo "Ignoring unknown argument to --enable-shell-sets-home: $enableval" + AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval]) ;; esac ], AC_MSG_RESULT(no)) @@ -1107,7 +1100,7 @@ AC_ARG_ENABLE(path_info, AC_DEFINE(DONT_LEAK_PATH_INFO, 1, [Define if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.]) ;; *) AC_MSG_RESULT(no) - echo "Ignoring unknown argument to --enable-path-info: $enableval" + AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval]) ;; esac ], AC_MSG_RESULT(no)) @@ -1117,8 +1110,7 @@ dnl If we don't have egrep we can't do anything... dnl AC_CHECK_PROG(EGREPPROG, egrep, egrep, ) if test -z "$EGREPPROG"; then - echo "Sorry, configure requires egrep to run." - exit + AC_MSG_ERROR([Sorry, configure requires egrep to run.]) fi dnl @@ -1166,15 +1158,11 @@ dnl AC_CANONICAL_HOST if test -n "$sudo_cv_prev_host"; then if test "$sudo_cv_prev_host" != "$host"; then - echo "" - echo "Fatal Error: config.cache exists from another platform!" - echo "Please remove it and re-run configure." - echo "" - exit 1 + AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.]) else AC_MSG_CHECKING(previous host type) AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host") - echo $sudo_cv_prev_host + AC_MSG_RESULT([$sudo_cv_prev_host]) fi else # this will produce no output since there is no cached value @@ -1219,12 +1207,29 @@ case "$host" in fi test -n "$mansectsu" || mansectsu=1m test -n "$mansectform" || mansectform=4 + test -n "$with_rpath" || with_rpath=yes ;; *-*-aix*) # To get all prototypes (so we pass -Wall) CPPFLAGS="${CPPFLAGS} -D_XOPEN_EXTENDED_SOURCE" SUDO_DEFINE(_ALL_SOURCE) SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp" + if test X"$with_blibpath" != X"no"; then + AC_MSG_CHECKING([if linker accepts -Wl,-blibpath]) + O_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -Wl,-blibpath:/usr/lib:/lib" + AC_TRY_LINK([], [], [ + if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then + blibpath="$with_blibpath" + elif test -n "$GCC"; then + blibpath="/usr/lib:/lib:/usr/local/lib" + else + blibpath="/usr/lib:/lib" + fi + AC_MSG_RESULT(yes) + ], [AC_MSG_RESULT(no)]) + fi + LDFLAGS="$O_LDFLAGS" ;; *-*-hiuxmpp*) if test "$CHECKSHADOW" = "true"; then @@ -1302,7 +1307,7 @@ case "$host" in CHECKSIA=false ;; *) AC_MSG_RESULT(no) - echo "Ignoring unknown argument to --enable-sia: $enableval" + AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval]) ;; esac ], AC_MSG_RESULT(no)) @@ -1438,24 +1443,27 @@ case "$host" in fi test -n "$mansectsu" || mansectsu=1m test -n "$mansectform" || mansectform=4 + test -n "$with_rpath" || with_rpath=yes ;; *-ncr-sysv4*|*-ncr-sysvr4*) AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes]) test -n "$mansectsu" || mansectsu=1m test -n "$mansectform" || mansectform=4 + test -n "$with_rpath" || with_rpath=yes ;; *-ccur-sysv4*|*-ccur-sysvr4*) LIBS="${LIBS} -lgen" SUDO_LIBS="${SUDO_LIBS} -lgen" test -n "$mansectsu" || mansectsu=1m test -n "$mansectform" || mansectform=4 + test -n "$with_rpath" || with_rpath=yes ;; *-*-bsdi*) SKIP_SETREUID=yes # Use shlicc for BSD/OS [23].x unless asked to do otherwise if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then case "$OSREV" in - 2|3) echo 'using shlicc as CC' + 2|3) AC_MSG_NOTICE([using shlicc as CC]) ac_cv_prog_CC=shlicc CC="$ac_cv_prog_CC" ;; @@ -1507,6 +1515,11 @@ case "$host" in ac_cv_func_lockf=no ac_cv_func_flock=yes ;; + *-*-*sysv4*) + test -n "$mansectsu" || mansectsu=1m + test -n "$mansectform" || mansectform=4 + test -n "$with_rpath" || with_rpath=yes + ;; *-*-sysv*) test -n "$mansectsu" || mansectsu=1m test -n "$mansectform" || mansectform=4 @@ -1520,6 +1533,26 @@ test -n "$mansectsu" || mansectsu=8 test -n "$mansectform" || mansectform=5 dnl +dnl Add in any libpaths or libraries specified via configure +dnl +if test -n "$with_libpath"; then + for i in ${with_libpath}; do + SUDO_APPEND_LIBPATH(LDFLAGS, [$i]) + done +fi +if test -n "$with_libraries"; then + for i in ${with_libraries}; do + case $i in + -l*) ;; + *.a) ;; + *.o) ;; + *) i="-l${i}";; + esac + LIBS="${LIBS} ${i}" + done +fi + +dnl dnl Check for shadow password routines if we have not already done so. dnl We check for SVR4-style first and then SecureWare-style. dnl @@ -1661,35 +1694,104 @@ if test "$with_DCE" = "yes" -o "$ac_cv_prog_YACC" = "bison -y"; then fi dnl -dnl Kerberos 5 +dnl Kerberos IV dnl -if test "$with_kerb5" = "yes"; then - AC_DEFINE(HAVE_KERB5, 1, [Define if you use Kerberos V.]) - if test -f "/usr/local/include/krb5.h"; then - CPPFLAGS="$CPPFLAGS -I/usr/local/include" - elif test -f "/usr/local/kerberos/include/krb5.h"; then - CPPFLAGS="$CPPFLAGS -I/usr/local/kerberos/include" - elif test -f "/usr/krb5/include/krb5.h"; then - CPPFLAGS="$CPPFLAGS -I/usr/krb5/include" - elif test -f "/usr/local/krb5/include/krb5.h"; then - CPPFLAGS="$CPPFLAGS -I/usr/local/krb5/include" +if test -n "$with_kerb4"; then + AC_DEFINE(HAVE_KERB4, 1, [Define if you use Kerberos IV.]) + dnl + dnl Use the specified directory, if any, else search for correct inc dir + dnl + O_LDFLAGS="$LDFLAGS" + if test "$with_kerb4" = "yes"; then + found=no + O_CPPFLAGS="$CPPFLAGS" + for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do + CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" + AC_PREPROC_IFELSE([#include <krb.h>], [found=yes; break], ) + done + test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS" else - echo 'Unable to locate kerberos 5 include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS' + SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib]) + SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib]) + CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include" + AC_CHECK_HEADER([krb.h], [found=yes], [found=no]) + fi + if test X"$found" = X"no"; then + AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS]) fi - if test -f "/usr/local/lib/libkrb5.a"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/lib" - elif test -f "/usr/local/kerberos/lib/libkrb5.a"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/kerberos/lib" - elif test -f "/usr/krb5/lib/libkrb5.a"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/krb5/lib" - elif test -f "/usr/local/krb5/lib/libkrb5.a"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/krb5/lib" + dnl + dnl Check for -ldes vs. -ldes425 + dnl + AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [ + AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""]) + ]) + dnl + dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV + dnl + AC_MSG_CHECKING(whether we are using KTH Kerberos IV) + AC_TRY_COMPILE([#include <krb.h>], [const char *tmp = krb4_version;], + [ + AC_MSG_RESULT(yes) + K4LIBS="${K4LIBS} -lcom_err" + AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"]) + ], [ + AC_MSG_RESULT(no) + ] + ) + dnl + dnl The actual Kerberos IV lib might be -lkrb or -lkrb4 + dnl + AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [ + AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"], + [K4LIBS="-lkrb $K4LIBS"] + [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])] + , [$K4LIBS]) + ], [$K4LIBS]) + LDFLAGS="$O_LDFLAGS" + SUDO_LIBS="${SUDO_LIBS} $K4LIBS" + AUTH_OBJS="${AUTH_OBJS} kerb4.o" +fi + +dnl +dnl Kerberos V +dnl +if test -n "$with_kerb5"; then + AC_DEFINE(HAVE_KERB5, 1, [Define if you use Kerberos V.]) + dnl + dnl Use the specified directory, if any, else search for correct inc dir + dnl + if test "$with_kerb5" = "yes"; then + found=no + O_CPPFLAGS="$CPPFLAGS" + for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do + CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" + AC_PREPROC_IFELSE([#include <krb5.h>], [found=yes; break], ) + done + if test X"$found" = X"no"; then + CPPFLAGS="$O_CPPFLAGS" + AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS]) + fi else - echo 'Unable to locate kerberos 5 libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS' + dnl XXX - try to include krb5.h here too + SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib]) + CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include" fi - SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err" + dnl + dnl Try to determine whether we have Heimdal or MIT Kerberos + dnl + AC_MSG_CHECKING(whether we are using Heimdal) + AC_TRY_COMPILE([#include <krb5.h>], [const char *tmp = heimdal_version;], + [ + AC_MSG_RESULT(yes) + SUDO_LIBS="${SUDO_LIBS} -lkrb5 -ldes -lcom_err -lasn1" + AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"]) + ], [ + AC_MSG_RESULT(no) + SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err" + ] + ) AUTH_OBJS="${AUTH_OBJS} kerb5.o" fi @@ -1701,37 +1803,6 @@ if test "$with_pam" = "yes"; then fi dnl -dnl Find kerberos 4 includes and libs or complain -dnl -if test "$with_kerb4" = "yes"; then - AC_DEFINE(HAVE_KERB4, 1, [Define if you use Kerberos IV.]) - if test -f "/usr/include/kerberosIV/krb.h"; then - CPPFLAGS="${CPPFLAGS} -I/usr/include/kerberosIV" - elif test -f "/usr/local/include/kerberosIV/krb.h"; then - CPPFLAGS="${CPPFLAGS} -I/usr/local/include/kerberosIV" - elif test -f "/usr/kerberos/include/krb.h"; then - CPPFLAGS="${CPPFLAGS} -I/usr/kerberos/include" - elif test -f "/usr/local/kerberos/include/krb.h"; then - CPPFLAGS="${CPPFLAGS} -I/usr/local/kerberos/include" - else - echo 'Unable to locate kerberos 4 include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS' - fi - - if test -d "/usr/kerberos/lib"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/kerberos/lib" - elif test -d "/usr/lib/kerberos"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/lib/kerberos" - elif test -f "/usr/local/lib/libkrb.a"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/lib" - elif test ! -f "/usr/lib/libkrb.a"; then - echo 'Unable to locate kerberos 4 libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS' - fi - - AC_HAVE_LIBRARY(des, SUDO_LIBS="${SUDO_LIBS} -lkrb -ldes", SUDO_LIBS="${SUDO_LIBS} -lkrb") - AUTH_OBJS="${AUTH_OBJS} kerb4.o" -fi - -dnl dnl extra AFS libs and includes dnl if test "$with_AFS" = "yes"; then @@ -1740,12 +1811,12 @@ if test "$with_AFS" = "yes"; then AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs" for i in $AFSLIBDIRS; do if test -d ${i}; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${i}" + SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i]) FOUND_AFSLIBDIR=true fi done if test -z "$FOUND_AFSLIBDIR"; then - echo 'Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.' + AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.]) fi # Order is important here. Note that we build AFS_LIBS from right to left @@ -1772,7 +1843,7 @@ if test "$with_AFS" = "yes"; then done if test -z "$FOUND_AFSLIBDIR"; then - echo 'Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.' + AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.]) fi fi @@ -1788,35 +1859,66 @@ fi dnl dnl extra S/Key lib and includes dnl -if test "$with_skey" = "yes"; then - SUDO_LIBS="${SUDO_LIBS} -lskey" - if test -f /usr/include/skey.h -a -f /usr/lib/libskey.a; then - : - elif test -f /usr/local/include/skey.h; then - CPPFLAGS="${CPPFLAGS} -I/usr/local/include" - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/lib" - elif test "$with_csops" = "yes" -a -f /tools/cs/skey/include/skey.h -a -f /tools/cs/skey/lib/libskey.a; then - CPPFLAGS="${CPPFLAGS} -I/tools/cs/skey/include" - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/tools/cs/skey/lib" +if test -n "$with_skey"; then + O_LDFLAGS="$LDFLAGS" + if test "$with_skey" != "yes"; then + CPPFLAGS="${CPPFLAGS} -I${with_skey}/include" + SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib]) + SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib]) + AC_PREPROC_IFELSE([#include <skey.h>], [found=yes], [found=no]) else - echo 'Unable to locate libskey.a and/or skey.h, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS and/or -I/path/to/skey.h to CPPFLAGS' + found=no + O_CPPFLAGS="$CPPFLAGS" + for dir in "" "/usr/local" "/usr/contrib"; do + test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" + AC_PREPROC_IFELSE([#include <skey.h>], [found=yes; break], ) + done + if test "$found" = "no" -o -z "$dir"; then + CPPFLAGS="$O_CPPFLAGS" + else + SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib]) + SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib]) + fi fi + if test "$found" = "no"; then + AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS]) + fi + AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])]) AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS, 1, [Define if your S/Key library has skeyaccess().])) + LDFLAGS="$O_LDFLAGS" + SUDO_LIBS="${SUDO_LIBS} -lskey" fi dnl dnl extra OPIE lib and includes dnl -if test "$with_opie" = "yes"; then - SUDO_LIBS="${SUDO_LIBS} -lopie" - if test -f /usr/include/opie.h -a -f /usr/lib/libopie.a; then - : - elif test -f /usr/local/include/opie.h; then - CPPFLAGS="${CPPFLAGS} -I/usr/local/include" - SUDO_LDFLAGS="${SUDO_LDFLAGS} -L/usr/local/lib" +if test -n "$with_opie"; then + O_LDFLAGS="$LDFLAGS" + if test "$with_opie" != "yes"; then + CPPFLAGS="${CPPFLAGS} -I${with_opie}/include" + SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib]) + SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib]) + AC_PREPROC_IFELSE([#include <opie.h>], [found=yes], [found=no]) else - echo 'Unable to locate libopie.a and/or opie.h, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS and/or -I/path/to/opie.h to CPPFLAGS' + found=no + O_CPPFLAGS="$CPPFLAGS" + for dir in "" "/usr/local" "/usr/contrib"; do + test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" + AC_PREPROC_IFELSE([#include <opie.h>], [found=yes; break], ) + done + if test "$found" = "no" -o -z "$dir"; then + CPPFLAGS="$O_CPPFLAGS" + else + SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib]) + SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib]) + fi + fi + if test "$found" = "no"; then + AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS]) fi + AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])]) + LDFLAGS="$O_LDFLAGS" + SUDO_LIBS="${SUDO_LIBS} -lopie" fi dnl @@ -1832,18 +1934,37 @@ if test -n "$with_SecurID" -a "$with_SecurID" != "no"; then fi CPPFLAGS="${CPPFLAGS} -I${with_SecurID}" _LDFLAGS="${LDFLAGS}" - LDFLAGS="${LDFLAGS} -L${with_SecurID}" + SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}]) # # Determine whether to use the new or old SecurID API # - AC_CHECK_LIB(aceclnt, SD_Init, [AUTH_OBJS="securid5.o"; SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"; SUDO_LDFLAGS="${SUDO_LDFLAGS} -L${with_SecurID}"], [AUTH_OBJS="securid.o"; SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a"], [-lpthread]) + AC_CHECK_LIB(aceclnt, SD_Init, + [ + AUTH_OBJS="securid5.o" + SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread" + ] + [ + SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}]) + ], [ + AUTH_OBJS="securid.o" + SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a" + ], + [ + -lpthread + ] + ) LDFLAGS="${_LDFLAGS}" fi dnl dnl extra FWTK libs + includes dnl -if test "$with_fwtk" = "yes"; then +if test -n "$with_fwtk"; then + if test "$with_fwtk" != "yes"; then + SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}]) + CPPFLAGS="${CPPFLAGS} -I${with_fwtk}" + with_fwtk=yes + fi SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall" fi @@ -1855,6 +1976,18 @@ if test "$with_authenticate" = "yes"; then fi dnl +dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we +dnl added -L dirpaths to SUDO_LDFLAGS. +dnl +if test -n "$blibpath"; then + if test -n "$blibpath_add"; then + SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}" + elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then + SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}" + fi +fi + +dnl dnl Check for log file and timestamp locations dnl SUDO_LOGFILE @@ -1905,13 +2038,11 @@ dnl dnl Spew any text the user needs to know about dnl if test "$with_pam" = "yes"; then - echo "" case $host in *-*-linux*) - echo "You will need to customize sample.pam and install it as /etc/pam.d/sudo" + AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo]) ;; esac - echo "" fi dnl diff --git a/usr.bin/sudo/sudo.c b/usr.bin/sudo/sudo.c index eb0b8a83c5c..d053eabadb6 100644 --- a/usr.bin/sudo/sudo.c +++ b/usr.bin/sudo/sudo.c @@ -98,7 +98,7 @@ #include "version.h" #ifndef lint -static const char rcsid[] = "$Sudo: sudo.c,v 1.333 2003/03/15 20:31:01 millert Exp $"; +static const char rcsid[] = "$Sudo: sudo.c,v 1.334 2003/04/01 15:02:49 millert Exp $"; #endif /* lint */ /* @@ -613,7 +613,7 @@ init_vars(sudo_mode) user_args = (char *) emalloc(size); for (to = user_args, from = NewArgv + 1; *from; from++) { n = strlcpy(to, *from, size - (to - user_args)); - if (n >= size) { + if (n >= size - (to - user_args)) { (void) fprintf(stderr, "%s: internal error, init_vars() overflow\n", Argv[0]); exit(1); diff --git a/usr.bin/sudo/testsudoers.c b/usr.bin/sudo/testsudoers.c index d50c15b8432..4d6be8ea9f6 100644 --- a/usr.bin/sudo/testsudoers.c +++ b/usr.bin/sudo/testsudoers.c @@ -82,7 +82,7 @@ #endif /* HAVE_FNMATCH */ #ifndef lint -static const char rcsid[] = "$Sudo: testsudoers.c,v 1.79 2003/03/15 20:31:02 millert Exp $"; +static const char rcsid[] = "$Sudo: testsudoers.c,v 1.80 2003/04/01 15:02:49 millert Exp $"; #endif /* lint */ @@ -385,7 +385,7 @@ main(argc, argv) user_args = (char *) emalloc(size); for (to = user_args, from = NewArgv + 1; *from; from++) { n = strlcpy(to, *from, size - (to - user_args)); - if (n >= size) { + if (n >= size - (to - user_args)) { (void) fprintf(stderr, "%s: internal error, init_vars() overflow\n", Argv[0]); exit(1); diff --git a/usr.bin/sudo/version.h b/usr.bin/sudo/version.h index 7321bc0d433..a5b80a5d031 100644 --- a/usr.bin/sudo/version.h +++ b/usr.bin/sudo/version.h @@ -37,6 +37,6 @@ #ifndef _SUDO_VERSION_H #define _SUDO_VERSION_H -static const char version[] = "1.6.7"; +static const char version[] = "1.6.7p1"; #endif /* _SUDO_VERSION_H */ |