statically compiling in the sudoers plugin but still allow other
plugins to be loaded. The new --enable-static-sudoers configure
option will cause the sudoers plugin to be compiled statically into
the sudo binary. This does not prevent other plugins from being
loaded as per sudo.conf.
Add an autogen.sh script that rebuilds the autoconf world.
Move old aclocal.m4 contents to m4/sudo.m4.
New (generayed) aclocal.m4 contains the m4_include directives.
Some tests had #include directives where the '#' was not in column 1.
Updated obsolete macro usage via autoupdate.
is currently O(n). The only consumer of timed events is sudoreplay
which only used a singled one so O(n) == O(1) for now. This also
allows us to remove the nanosleep compat function as we now use a
timeout event instead.
simplied subset of libevent2. Currently only fd events are supported
(since that's all we need). The poll() backend is used by default,
except on Mac OS X where poll() is broken for devices (including
/dev/tty and ptys).
resemble GNU usage wrt long options. Sync usage and man page
SYNOPSYS sections and improve long options in the manual pages.
Now that we have long options we don't need to give the mnemonic
for the single-character options in the description.
pid). We have to be careful to choose() either strtol() or strtoul()
depending on whether the string appears to be signed or unsigned.
Always using strtoul() is unsafe on 64-bit platforms since the
uid might be represented as a negative number and (unsigned long)-1
on a 64-bit system is 0xffffffffffffffff not 0xffffffff.
Fixes a problem with uids larger than 0x7fffffff on 32-bit platforms.
A new constant, SUDO_CONV_REPL_MAX, is defined by the plugin
API as the max conversation reply length. This constant can be
used as a max value for memset_s() when clearing passwords
filled in by the conversation function.
OpenBSD also supports PIE but enables it by default so we don't
need to do anything. This fixes problems on systems with a version
of GNU ld that accepts -pie but where the run-time linker doesn't
actually support PIE. Also verify that a trivial PIE binary works
unless PIE is explicitly enabled.
Currently supports SHA-224, SHA-256, SHA-384, SHA-512.
TODO: checksum format validation in parser and base64 support.
checksum support for ldap sudoers
since we can only count on libtool to accept -R, the compiler front
end may not.
Also unify the libldap and libibmldap tests using AC_SEARCH_LIBS
and check for -lCsup on HP-UX which is needed by libibmldap (but
is not an explicit dependency).
