Configuration paths in sudo are now a colon-separated list of files
with the adminconfdir instance first (if enabled), followed by a
sysconfdir instance.
Implementations of _FORTIFY_SOURCE require the header file to be
included. Also remove the useless test of an empty program with
_FORTIFY_SOURCE defined. Pointed out by Florian Weimer.
The ldap_init() function is marked as deprecated and not defined
by default on some systems. This can cause an error for compilers
that do not support implicit function declarations.
From Florian Weimer.
Wheh netgroup_base is set we now do out own netgroup lookups using
LDAP. Previously, LDAP was queried directly to get a list of the
netgroups the user belongs to but other netgroups queries went
through innetgr(3). This makes it possible to use netgroups
in LDAP sudoers on systems that don't have an innetgr() function.
GitHub issue #251.
Do not use AX_APPEND_FLAG as it will break static builds by removing
duplicates such as -lz or -latomic which are needed by -lssl and
-lcrypto. This will fix the following build failure with sparc which
needs -latomic:
Checking for X509_STORE_CTX_get0_cert
configure:21215: /home/thomas/autobuild/instance-3/output-1/host/bin/sparc-buildroot-linux-uclibc-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g0 -static -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DZLIB_CONST -static conftest.c -L/home/thomas/autobuild/instance-3/output-1/host/bin/../sparc-buildroot-linux-uclibc/sysroot/usr/lib -lssl -lz -pthread -latomic -lcrypto >&5
/home/thomas/autobuild/instance-3/output-1/host/lib/gcc/sparc-buildroot-linux-uclibc/10.4.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: /home/thomas/autobuild/instance-3/output-1/host/bin/../sparc-buildroot-linux-uclibc/sysroot/usr/lib/libcrypto.a(x509cset.o): in function `X509_CRL_up_ref':
x509cset.c:(.text+0x108): undefined reference to `__atomic_fetch_add_4'
[...]
In file included from ./hostcheck.c:38:
../../include/sudo_compat.h:342:41: error: conflicting types for 'ASN1_STRING_data'
342 | # define ASN1_STRING_get0_data(x) ASN1_STRING_data(x)
| ^~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/8be59dd94e4916f9457cb435104e36e62a28373b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
This will find missing symbols at build-time instead of run-time.
Don't use it on FreeBSD where environ is filled in by the dynamic loader.
We also need to pull in -llber with -lldap where possible (instead
of relying on DT_NEEDED) to avoid undefined symbol errors when
building with LDAP support.
If a function is not found, check again with "-lsocket", "-linet",
"-lsocket -lnsl", or "-lresolv".
Also display network libs in final summary as well as the different
linker flags.
Adds "relay_dir" and "store_first" settings to sudo_logsrvd.conf
in the [relay] section. Also adds a --with-relaydir configure
argument to change the default value (usually /var/log/logsrvd-relay.
runstatedir was added in yet-to-be released autoconf 2.70. Some distros
are shipping this addition in their autoconf packages, but others, such as Fedora,
are not. This causes the rundir variable to be set incorrectly if the configure script
is regenerated with an unpatched autoconf since the runstatedir variable set is deleted
after regeneration. This change works around that problem by checking that runstatedir
is non-empty before potentially using it to set the rundir variable
If the user specifies --runstatedir but not --with-rundir, use
runstatdir as the parent directory of the sudo rundir.
In the future we may deprecate --with-rundir in favor of --runstatedir
but that will require changes for systems with no /var/run directory.
