Commit Graph

454 Commits

Author SHA1 Message Date
Todd C. Miller
cf6bca4b07 Substitute in comment characters for lines partaining to login.conf,
BSD auth and SELinux and only enable them if pertinent.
2008-02-18 15:53:33 +00:00
Todd C. Miller
279ee07ee0 comment out SELinux manual bits unless --with-selinux was specified 2008-02-17 13:11:38 +00:00
Todd C. Miller
506285209d Treat k*bsd*-gnu like Linux, not BSD.
Fixes compilation problems on Debian GNU/kFreeBSD.
2008-02-15 20:23:54 +00:00
Todd C. Miller
9635907f29 regen 2008-02-09 14:48:21 +00:00
Todd C. Miller
f0dc1caa45 Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
ldap.conf and ldap.secret paths from going into config.h.
Avoid single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
since in some versions of bash they will end up literally in the resulting
define.
2008-01-23 11:33:27 +00:00
Todd C. Miller
48df9c481b ldap_ssl.h depends on ldap.h being included first 2008-01-21 16:43:10 +00:00
Todd C. Miller
a3e6610e01 Include ldap_ssl.h if we can find it. Needed for the ldapssl_set_strength
defines on HP-UX at least.
2008-01-21 16:07:42 +00:00
Todd C. Miller
c268627f90 Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
sudoers.ldap.man.
2008-01-20 15:15:47 +00:00
Todd C. Miller
49f2264ad6 substitute for sudoers.ldap.man 2008-01-20 01:35:54 +00:00
Todd C. Miller
0f6101bb26 include <mps/ldap_ssl.h> in ldap.c if available 2008-01-17 20:44:28 +00:00
Todd C. Miller
63f224f045 Don't add -llber twice. 2008-01-15 12:28:33 +00:00
Todd C. Miller
dde5143f08 Fix check that determines whether -llber is required. 2008-01-13 19:57:34 +00:00
Todd C. Miller
9a07c1a7f1 For netscape-based LDAP, use ldapssl_set_strength() to implement
the checkpeer ldap.conf option.
2008-01-13 19:22:11 +00:00
Todd C. Miller
1df9ca2dc1 Add check for ber_set_option() in -llber 2008-01-09 17:08:30 +00:00
Todd C. Miller
f1377429a1 Add check for ldap_sasl_bind_s()
Remove -DLDAP_DEPRECATED from CFLAGS
2008-01-05 12:56:39 +00:00
Todd C. Miller
b564d51861 add check for ldap_create 2008-01-04 14:56:10 +00:00
Todd C. Miller
86bd55fc6d Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's dn
using the mechanism appropriate for the LDAP SDK in use.
Use ldap_unbind_ext_s() instead of deprecated ldap_unbind_s().
Emulate ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
2008-01-03 21:11:33 +00:00
Todd C. Miller
32e4a98a69 add check for st__tim in struct stat as used by SCO 2008-01-02 20:29:48 +00:00
Todd C. Miller
6f2cd1b184 Rename read_nss -> sudo_read_nss
Add --with-nsswitch to allow users to specify nsswitch.conf path or disable it.
If --with-nsswitch=no but --with-ldap, order is LDAP, then sudoers.
Fix --with-ldap-conf-file and --with-ldap-secret-file
2008-01-01 18:22:03 +00:00
Todd C. Miller
56729b9a63 Use ldapssl_init() for ldaps support instead of trying
to do it manually with ldap_init() + ldapssl_install_routines().
Use tls_cert and tls_key for cert7.db and key3.db respectively.
Don't print debugging info for options that are not set.
Add warning if start_tls specified when not supported.
2007-12-19 19:28:57 +00:00
Todd C. Miller
72e1a2b54e fix typo 2007-12-17 15:14:46 +00:00
Todd C. Miller
b409499304 Add support for "ssl on" in both netscape and openldap flavors.
Only the OpenLDAP flavor has been tested.
2007-12-17 12:31:40 +00:00
Todd C. Miller
400309aa9f some operating systems need to link with -lkrb5support when using krb5 2007-12-13 14:13:44 +00:00
Todd C. Miller
c148eb52d6 Move the dgettext check. 2007-12-02 00:34:54 +00:00
Todd C. Miller
8694c73146 Add basic support for looking up the string "Password: " in the PAM
localized text db.  This allows us to determine whether the PAM
prompt is the default "Password: " one even if it has been localized.

TODO: concatenate non-std PAM prompts and user-specified sudo prompts.
2007-12-01 16:22:25 +00:00
Todd C. Miller
908b8f64e6 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was insufficient. 2007-11-27 23:40:50 +00:00
Todd C. Miller
a85dd4b861 Fix typos; Martynas Venckus 2007-11-27 17:13:03 +00:00
Todd C. Miller
bfd781ff65 fix setting of mandir 2007-11-21 20:02:39 +00:00
Todd C. Miller
0d22c2f98d Add configure check for struct in6_addr instead of relying on AF_INET6
since some systems define AF_INET6 but do not include IPv6 support.
2007-10-24 16:41:19 +00:00
Todd C. Miller
c50e7d4c06 Fix block to add -lutil for FreeBSD and NetBSD when logincap is in use. 2007-10-21 13:29:18 +00:00
Todd C. Miller
8ef458b594 POSIX states that struct timespec be declared in time.h so check
there regardless of the value of TIME_WITH_SYS_TIME.
2007-10-20 02:28:40 +00:00
Todd C. Miller
c3f2818416 regen 2007-10-09 00:07:25 +00:00
Todd C. Miller
6cbee775b7 regen 2007-09-06 16:22:23 +00:00
Todd C. Miller
638d039ae9 regen 2007-09-06 11:18:13 +00:00
Todd C. Miller
32e97c5dc1 regen 2007-09-05 22:16:46 +00:00
Todd C. Miller
2bff032c9f regen 2007-09-02 21:05:58 +00:00
Todd C. Miller
a7bfc59097 regen 2007-08-31 23:30:35 +00:00
Todd C. Miller
2315b317e2 Add new linebuf code to do appends of dynamically allocated strings
and word-wrapped output.  Currently used for sudo's usage() and
sudo -l output.  Sudo usage strings are now in sudo_usage.h which
is generated at configure time.
2007-08-19 20:48:09 +00:00
Todd C. Miller
72b36ddf50 use getaddrinfo() instead of gethostbyname() if it is available 2007-08-15 13:22:06 +00:00
Todd C. Miller
f90beb2b2b fix sudo_noexec extension which got broken in the libtool update 2007-08-12 22:55:37 +00:00
Todd C. Miller
4da4964239 Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
-lgssapi_krb5 case.
2007-07-30 14:45:28 +00:00
Todd C. Miller
e81f9efd14 Fix link tests such that new gcc doesn't optimize away the test. 2007-07-30 13:29:06 +00:00
Todd C. Miller
5c6880f1ef Substitute value of path_info into sudoers man page. 2007-07-22 22:43:28 +00:00
Todd C. Miller
1f30bd4248 Add configure hooks for gss_krb5_ccache_name() and the gssapi headers. 2007-07-19 23:53:21 +00:00
Todd C. Miller
5fdb0649b0 Add support for SASL auth when connecting to an LDAP server.
Adapted from a diff by Tom McLaughlin.
2007-07-15 13:23:20 +00:00
Todd C. Miller
38b2dd0a5f Only enable AIX or BSD auth if no other exclusive auth method has
been chosen.  Allows people to e.g., use PAM on AIX without adding
--without-aixauth.  A better solution is needed to deal with default
authentication since if a non-exclusive method is chosen we will
still get an error.
2007-07-14 20:32:11 +00:00
Todd C. Miller
0d4fe735aa regen 2007-06-23 23:55:55 +00:00
Todd C. Miller
e0ae6e100b regen 2007-06-19 21:22:16 +00:00
Todd C. Miller
7f21fc74cc regen 2007-06-19 19:37:45 +00:00
Todd C. Miller
c22096ac33 Redo the long syslog line splitting based on a patch from Eygene Ryabinkin.
Include memrchr() for systems without it.
2007-06-14 16:03:53 +00:00