dnl
dnl Process this file with GNU autoconf to produce a configure script.
dnl $Sudo: configure.in,v 1.538 2008/12/09 21:13:01 millert Exp $
dnl
dnl Copyright (c) 1994-1996,1998-2008 Todd C. Miller <Todd.Miller@courtesan.com>
dnl
AC_INIT([sudo], [1.7])
AC_CONFIG_HEADER(config.h pathnames.h)
dnl
dnl This won't work before AC_INIT
dnl
AC_MSG_NOTICE([Configuring Sudo version 1.7])
dnl
dnl Variables that get substituted in the Makefile and man pages
dnl
AC_SUBST(LIBTOOL)
AC_SUBST(CFLAGS)
AC_SUBST(PROGS)
AC_SUBST(CPPFLAGS)
AC_SUBST(LDFLAGS)
AC_SUBST(SUDO_LDFLAGS)
AC_SUBST(SUDO_OBJS)
AC_SUBST(LIBS)
AC_SUBST(SUDO_LIBS)
AC_SUBST(NET_LIBS)
AC_SUBST(AFS_LIBS)
AC_SUBST(GETGROUPS_LIB)
AC_SUBST(OSDEFS)
AC_SUBST(AUTH_OBJS)
AC_SUBST(MANTYPE)
AC_SUBST(MAN_POSTINSTALL)
AC_SUBST(SUDOERS_MODE)
AC_SUBST(SUDOERS_UID)
AC_SUBST(SUDOERS_GID)
AC_SUBST(DEV)
AC_SUBST(SELINUX)
AC_SUBST(BAMAN)
AC_SUBST(LCMAN)
AC_SUBST(SEMAN)
AC_SUBST(devdir)
AC_SUBST(mansectsu)
AC_SUBST(mansectform)
AC_SUBST(mansrcdir)
AC_SUBST(NOEXECFILE)
AC_SUBST(NOEXECDIR)
AC_SUBST(noexec_file)
AC_SUBST(INSTALL_NOEXEC)
AC_SUBST(DONT_LEAK_PATH_INFO)
AC_SUBST(BSDAUTH_USAGE)
AC_SUBST(SELINUX_USAGE)
AC_SUBST(LDAP)
AC_SUBST(LOGINCAP_USAGE)
dnl
dnl Variables that get substituted in docs (not overridden by environment)
dnl
AC_SUBST(timedir)dnl initial value from SUDO_TIMEDIR
AC_SUBST(timeout)
AC_SUBST(password_timeout)
AC_SUBST(sudo_umask)
AC_SUBST(passprompt)
AC_SUBST(long_otp_prompt)
AC_SUBST(lecture)
AC_SUBST(logfac)
AC_SUBST(goodpri)
AC_SUBST(badpri)
AC_SUBST(loglen)
AC_SUBST(ignore_dot)
AC_SUBST(mail_no_user)
AC_SUBST(mail_no_host)
AC_SUBST(mail_no_perms)
AC_SUBST(mailto)
AC_SUBST(mailsub)
AC_SUBST(badpass_message)
AC_SUBST(fqdn)
AC_SUBST(runas_default)
AC_SUBST(env_editor)
AC_SUBST(passwd_tries)
AC_SUBST(tty_tickets)
AC_SUBST(insults)
AC_SUBST(root_sudo)
AC_SUBST(path_info)
AC_SUBST(ldap_conf)
AC_SUBST(ldap_secret)
AC_SUBST(nsswitch_conf)
dnl
dnl Initial values for above
dnl
timeout=5
password_timeout=5
sudo_umask=0022
passprompt="Password:"
long_otp_prompt=off
lecture=once
logfac=local2
goodpri=notice
badpri=alert
loglen=80
ignore_dot=off
mail_no_user=on
mail_no_host=off
mail_no_perms=off
mailto=root
mailsub='*** SECURITY information for %h ***'
badpass_message='Sorry, try again.'
fqdn=off
runas_default=root
env_editor=off
passwd_tries=3
tty_tickets=off
insults=off
root_sudo=on
path_info=on
INSTALL_NOEXEC=
devdir='$(srcdir)'
dnl
dnl Initial values for Makefile variables listed above
dnl May be overridden by environment variables..
dnl
PROGS="sudo visudo"
: ${MANTYPE='man'}
: ${mansrcdir='.'}
: ${SUDOERS_MODE='0440'}
: ${SUDOERS_UID='0'}
: ${SUDOERS_GID='0'}
DEV="#"
LDAP="#"
SELINUX="#"
BAMAN='.\" '
LCMAN='.\" '
SEMAN='.\" '
AUTH_OBJS=
AUTH_REG=
AUTH_EXCL=
AUTH_EXCL_DEF=
AUTH_DEF=passwd
dnl
dnl Other vaiables
dnl
CHECKSHADOW=true
shadow_defs=
shadow_funcs=
shadow_libs=
shadow_libs_optional=
dnl
dnl Override default configure dirs...
dnl
if test X"$prefix" = X"NONE"; then
test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
else
test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man'
fi
test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
dnl
dnl Deprecated --with options (these all warn or generate an error)
dnl
AC_ARG_WITH(otp-only, [ --with-otp-only deprecated],
[case $with_otp_only in
yes) with_passwd="no"
AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
;;
esac])
AC_ARG_WITH(alertmail, [ --with-alertmail deprecated],
[case $with_alertmail in
*) with_mailto="$with_alertmail"
AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
;;
esac])
dnl
dnl Options for --with
dnl
AC_ARG_WITH(CC, [ --with-CC C compiler to use],
[case $with_CC in
yes) AC_MSG_ERROR(["must give --with-CC an argument."])
;;
no) AC_MSG_ERROR(["illegal argument: --without-CC."])
;;
*) CC=$with_CC
;;
esac])
AC_ARG_WITH(rpath, [ --with-rpath pass -R flag in addition to -L for lib paths],
[case $with_rpath in
yes|no) ;;
*) AC_MSG_ERROR(["--with-rpath does not take an argument."])
;;
esac])
AC_ARG_WITH(blibpath, [ --with-blibpath[=PATH] pass -blibpath flag to ld for additional lib paths],
[case $with_blibpath in
yes|no) ;;
*) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
;;
esac])
AC_ARG_WITH(incpath, [ --with-incpath additional places to look for include files],
[case $with_incpath in
yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
;;
no) AC_MSG_ERROR(["--without-incpath not supported."])
;;
*) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
for i in ${with_incpath}; do
CPPFLAGS="${CPPFLAGS} -I${i}"
done
;;
esac])
AC_ARG_WITH(libpath, [ --with-libpath additional places to look for libraries],
[case $with_libpath in
yes) AC_MSG_ERROR(["must give --with-libpath an argument."])
;;
no) AC_MSG_ERROR(["--without-libpath not supported."])
;;
*) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS])
;;
esac])
AC_ARG_WITH(libraries, [ --with-libraries additional libraries to link with],
[case $with_libraries in
yes) AC_MSG_ERROR(["must give --with-libraries an argument."])
;;
no) AC_MSG_ERROR(["--without-libraries not supported."])
;;
*) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS])
;;
esac])
AC_ARG_WITH(devel, [ --with-devel add development options],
[case $with_devel in
yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
PROGS="${PROGS} testsudoers"
OSDEFS="${OSDEFS} -DSUDO_DEVEL"
DEV=""
devdir=.
;;
no) ;;
*) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
;;
esac])
AC_ARG_WITH(efence, [ --with-efence link with -lefence for malloc() debugging],
[case $with_efence in
yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
LIBS="${LIBS} -lefence"
if test -f /usr/local/lib/libefence.a; then
with_libpath="${with_libpath} /usr/local/lib"
fi
;;
no) ;;
*) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence])
;;
esac])
AC_ARG_WITH(csops, [ --with-csops add CSOps standard options],
[case $with_csops in
yes) AC_MSG_NOTICE([Adding CSOps standard options])
CHECKSIA=false
with_ignore_dot=yes
insults=on
with_classic_insults=yes
with_csops_insults=yes
with_env_editor=yes
: ${mansectsu='8'}
: ${mansectform='5'}
;;
no) ;;
*) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
;;
esac])
AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for authentication],
[case $with_passwd in
yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
AC_MSG_RESULT($with_passwd)
AUTH_DEF=""
test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
;;
*) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
;;
esac])
AC_ARG_WITH(skey, [ --with-skey[=DIR] enable S/Key support ],
[case $with_skey in
no) with_skey=""
;;
*) AC_DEFINE(HAVE_SKEY)
AC_MSG_CHECKING(whether to try S/Key authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG S/Key"
;;
esac])
AC_ARG_WITH(opie, [ --with-opie[=DIR] enable OPIE support ],
[case $with_opie in
no) with_opie=""
;;
*) AC_DEFINE(HAVE_OPIE)
AC_MSG_CHECKING(whether to try NRL OPIE authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG NRL_OPIE"
;;
esac])
AC_ARG_WITH(long-otp-prompt, [ --with-long-otp-prompt use a two line OTP (skey/opie) prompt],
[case $with_long_otp_prompt in
yes) AC_DEFINE(LONG_OTP_PROMPT)
AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
AC_MSG_RESULT(yes)
long_otp_prompt=on
;;
no) long_otp_prompt=off
;;
*) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."])
;;
esac])
AC_ARG_WITH(SecurID, [ --with-SecurID[[=DIR]] enable SecurID support],
[case $with_SecurID in
no) with_SecurID="";;
*) AC_DEFINE(HAVE_SECURID)
AC_MSG_CHECKING(whether to use SecurID for authentication)
AC_MSG_RESULT(yes)
AUTH_EXCL="$AUTH_EXCL SecurID"
;;
esac])
AC_ARG_WITH(fwtk, [ --with-fwtk[[=DIR]] enable FWTK AuthSRV support],
[case $with_fwtk in
no) with_fwtk="";;
*) AC_DEFINE(HAVE_FWTK)
AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
AC_MSG_RESULT(yes)
AUTH_EXCL="$AUTH_EXCL FWTK"
;;
esac])
AC_ARG_WITH(kerb4, [ --with-kerb4[[=DIR]] enable Kerberos IV support],
[case $with_kerb4 in
no) with_kerb4="";;
*) AC_MSG_CHECKING(whether to try kerberos IV authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG kerb4"
;;
esac])
AC_ARG_WITH(kerb5, [ --with-kerb5[[=DIR]] enable Kerberos V support],
[case $with_kerb5 in
no) with_kerb5="";;
*) AC_MSG_CHECKING(whether to try Kerberos V authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG kerb5"
;;
esac])
AC_ARG_WITH(aixauth, [ --with-aixauth enable AIX general authentication support],
[case $with_aixauth in
yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
no) ;;
*) AC_MSG_ERROR(["--with-aixauth does not take an argument."])
;;
esac])
AC_ARG_WITH(pam, [ --with-pam enable PAM support],
[case $with_pam in
yes) AUTH_EXCL="$AUTH_EXCL PAM";;
no) ;;
*) AC_MSG_ERROR(["--with-pam does not take an argument."])
;;
esac])
AC_ARG_WITH(AFS, [ --with-AFS enable AFS support],
[case $with_AFS in
yes) AC_DEFINE(HAVE_AFS)
AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG AFS"
;;
no) ;;
*) AC_MSG_ERROR(["--with-AFS does not take an argument."])
;;
esac])
AC_ARG_WITH(DCE, [ --with-DCE enable DCE support],
[case $with_DCE in
yes) AC_DEFINE(HAVE_DCE)
AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG DCE"
;;
no) ;;
*) AC_MSG_ERROR(["--with-DCE does not take an argument."])
;;
esac])
AC_ARG_WITH(logincap, [ --with-logincap enable BSD login class support],
[case $with_logincap in
yes|no) ;;
*) AC_MSG_ERROR(["--with-logincap does not take an argument."])
;;
esac])
AC_ARG_WITH(bsdauth, [ --with-bsdauth enable BSD authentication support],
[case $with_bsdauth in
yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
no) ;;
*) AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
;;
esac])
AC_ARG_WITH(project, [ --with-project enable Solaris project support],
[case $with_project in
yes|no) ;;
no) ;;
*) AC_MSG_ERROR(["--with-project does not take an argument."])
;;
esac])
AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
AC_ARG_WITH(lecture, [ --without-lecture don't print lecture for first-time sudoer],
[case $with_lecture in
yes|short|always) lecture=once
;;
no|none|never) lecture=never
;;
*) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"])
;;
esac])
if test "$lecture" = "once"; then
AC_MSG_RESULT(yes)
else
AC_DEFINE(NO_LECTURE)
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
AC_ARG_WITH(logging, [ --with-logging log via syslog, file, or both],
[case $with_logging in
yes) AC_MSG_ERROR(["must give --with-logging an argument."])
;;
no) AC_MSG_ERROR(["--without-logging not supported."])
;;
syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG)
AC_MSG_RESULT(syslog)
;;
file) AC_DEFINE(LOGGING, SLOG_FILE)
AC_MSG_RESULT(file)
;;
both) AC_DEFINE(LOGGING, SLOG_BOTH)
AC_MSG_RESULT(both)
;;
*) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"])
;;
esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
AC_MSG_CHECKING(which syslog facility sudo should log with)
AC_ARG_WITH(logfac, [ --with-logfac syslog facility to log with (default is "local2")],
[case $with_logfac in
yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
;;
no) AC_MSG_ERROR(["--without-logfac not supported."])
;;
authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac
;;
*) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
;;
esac])
AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
AC_MSG_RESULT($logfac)
AC_MSG_CHECKING(at which syslog priority to log commands)
AC_ARG_WITH(goodpri, [ --with-goodpri syslog priority for commands (def is "notice")],
[case $with_goodpri in
yes) AC_MSG_ERROR(["must give --with-goodpri an argument."])
;;
no) AC_MSG_ERROR(["--without-goodpri not supported."])
;;
alert|crit|debug|emerg|err|info|notice|warning)
goodpri=$with_goodpri
;;
*) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."])
;;
esac])
AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
AC_MSG_RESULT($goodpri)
AC_MSG_CHECKING(at which syslog priority to log failures)
AC_ARG_WITH(badpri, [ --with-badpri syslog priority for failures (def is "alert")],
[case $with_badpri in
yes) AC_MSG_ERROR(["must give --with-badpri an argument."])
;;
no) AC_MSG_ERROR(["--without-badpri not supported."])
;;
alert|crit|debug|emerg|err|info|notice|warning)
badpri=$with_badpri
;;
*) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
;;
esac])
AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
AC_MSG_RESULT($badpri)
AC_ARG_WITH(logpath, [ --with-logpath path to the sudo log file],
[case $with_logpath in
yes) AC_MSG_ERROR(["must give --with-logpath an argument."])
;;
no) AC_MSG_ERROR(["--without-logpath not supported."])
;;
esac])
AC_MSG_CHECKING(how long a line in the log file should be)
AC_ARG_WITH(loglen, [ --with-loglen maximum length of a log file line (default is 80)],
[case $with_loglen in
yes) AC_MSG_ERROR(["must give --with-loglen an argument."])
;;
no) AC_MSG_ERROR(["--without-loglen not supported."])
;;
[[0-9]]*) loglen=$with_loglen
;;
*) AC_MSG_ERROR(["you must enter a number, not $with_loglen"])
;;
esac])
AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
AC_MSG_RESULT($loglen)
AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
AC_ARG_WITH(ignore-dot, [ --with-ignore-dot ignore '.' in the PATH],
[case $with_ignore_dot in
yes) ignore_dot=on
;;
no) ignore_dot=off
;;
*) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."])
;;
esac])
if test "$ignore_dot" = "on"; then
AC_DEFINE(IGNORE_DOT_PATH)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
AC_ARG_WITH(mail-if-no-user, [ --without-mail-if-no-user do not send mail if user not in sudoers],
[case $with_mail_if_no_user in
yes) mail_no_user=on
;;
no) mail_no_user=off
;;
*) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."])
;;
esac])
if test "$mail_no_user" = "on"; then
AC_DEFINE(SEND_MAIL_WHEN_NO_USER)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
AC_ARG_WITH(mail-if-no-host, [ --with-mail-if-no-host send mail if user in sudoers but not for this host],
[case $with_mail_if_no_host in
yes) mail_no_host=on
;;
no) mail_no_host=off
;;
*) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."])
;;
esac])
if test "$mail_no_host" = "on"; then
AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
AC_ARG_WITH(mail-if-noperms, [ --with-mail-if-noperms send mail if user not allowed to run command],
[case $with_mail_if_noperms in
yes) mail_noperms=on
;;
no) mail_noperms=off
;;
*) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."])
;;
esac])
if test "$mail_noperms" = "on"; then
AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(who should get the mail that sudo sends)
AC_ARG_WITH(mailto, [ --with-mailto who should get sudo mail (default is "root")],
[case $with_mailto in
yes) AC_MSG_ERROR(["must give --with-mailto an argument."])
;;
no) AC_MSG_ERROR(["--without-mailto not supported."])
;;
*) mailto=$with_mailto
;;
esac])
AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
AC_MSG_RESULT([$mailto])
AC_ARG_WITH(mailsubject, [ --with-mailsubject subject of sudo mail],
[case $with_mailsubject in
yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."])
;;
no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.])
;;
*) mailsub="$with_mailsubject"
AC_MSG_CHECKING(sudo mail subject)
AC_MSG_RESULT([Using alert mail subject: $mailsub])
;;
esac])
AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
AC_MSG_CHECKING(for bad password prompt)
AC_ARG_WITH(passprompt, [ --with-passprompt default password prompt],
[case $with_passprompt in
yes) AC_MSG_ERROR(["must give --with-passprompt an argument."])
;;
no) AC_MSG_WARN([Sorry, --without-passprompt not supported.])
;;
*) passprompt="$with_passprompt"
esac])
AC_MSG_RESULT($passprompt)
AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
AC_MSG_CHECKING(for bad password message)
AC_ARG_WITH(badpass-message, [ --with-badpass-message message the user sees when the password is wrong],
[case $with_badpass_message in
yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
;;
no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.])
;;
*) badpass_message="$with_badpass_message"
;;
esac])
AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
AC_MSG_RESULT([$badpass_message])
AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
AC_ARG_WITH(fqdn, [ --with-fqdn expect fully qualified hosts in sudoers],
[case $with_fqdn in
yes) fqdn=on
;;
no) fqdn=off
;;
*) AC_MSG_ERROR(["--with-fqdn does not take an argument."])
;;
esac])
if test "$fqdn" = "on"; then
AC_DEFINE(FQDN)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_ARG_WITH(timedir, [ --with-timedir path to the sudo timestamp dir],
[case $with_timedir in
yes) AC_MSG_ERROR(["must give --with-timedir an argument."])
;;
no) AC_MSG_ERROR(["--without-timedir not supported."])
;;
esac])
AC_ARG_WITH(sendmail, [ --with-sendmail=path set path to sendmail
--without-sendmail do not send mail at all],
[case $with_sendmail in
yes) with_sendmail=""
;;
no) ;;
*) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
;;
esac])
AC_ARG_WITH(sudoers-mode, [ --with-sudoers-mode mode of sudoers file (defaults to 0440)],
[case $with_sudoers_mode in
yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
;;
no) AC_MSG_ERROR(["--without-sudoers-mode not supported."])
;;
[[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode}
;;
0*) SUDOERS_MODE=$with_sudoers_mode
;;
*) AC_MSG_ERROR(["you must use an octal mode, not a name."])
;;
esac])
AC_ARG_WITH(sudoers-uid, [ --with-sudoers-uid uid that owns sudoers file (defaults to 0)],
[case $with_sudoers_uid in
yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
;;
no) AC_MSG_ERROR(["--without-sudoers-uid not supported."])
;;
[[0-9]]*) SUDOERS_UID=$with_sudoers_uid
;;
*) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."])
;;
esac])
AC_ARG_WITH(sudoers-gid, [ --with-sudoers-gid gid that owns sudoers file (defaults to 0)],
[case $with_sudoers_gid in
yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
;;
no) AC_MSG_ERROR(["--without-sudoers-gid not supported."])
;;
[[0-9]]*) SUDOERS_GID=$with_sudoers_gid
;;
*) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."])
;;
esac])
AC_MSG_CHECKING(for umask programs should be run with)
AC_ARG_WITH(umask, [ --with-umask umask with which the prog should run (default is 022)
--without-umask Preserves the umask of the user invoking sudo.],
[case $with_umask in
yes) AC_MSG_ERROR(["must give --with-umask an argument."])
;;
no) sudo_umask=0777
;;
[[0-9]]*) sudo_umask=$with_umask
;;
*) AC_MSG_ERROR(["you must enter a numeric mask."])
;;
esac])
AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.])
if test "$sudo_umask" = "0777"; then
AC_MSG_RESULT(user)
else
AC_MSG_RESULT($sudo_umask)
fi
AC_MSG_CHECKING(for default user to run commands as)
AC_ARG_WITH(runas-default, [ --with-runas-default User to run commands as (default is "root")],
[case $with_runas_default in
yes) AC_MSG_ERROR(["must give --with-runas-default an argument."])
;;
no) AC_MSG_ERROR(["--without-runas-default not supported."])
;;
*) runas_default="$with_runas_default"
;;
esac])
AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
AC_MSG_RESULT([$runas_default])
AC_ARG_WITH(exempt, [ --with-exempt=group no passwd needed for users in this group],
[case $with_exempt in
yes) AC_MSG_ERROR(["must give --with-exempt an argument."])
;;
no) AC_MSG_ERROR(["--without-exempt not supported."])
;;
*) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
AC_MSG_CHECKING(for group to be exempt from password)
AC_MSG_RESULT([$with_exempt])
;;
esac])
AC_MSG_CHECKING(for editor that visudo should use)
AC_ARG_WITH(editor, [ --with-editor=path Default editor for visudo (defaults to vi)],
[case $with_editor in
yes) AC_MSG_ERROR(["must give --with-editor an argument."])
;;
no) AC_MSG_ERROR(["--without-editor not supported."])
;;
*) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
AC_MSG_RESULT([$with_editor])
;;
esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
AC_ARG_WITH(env-editor, [ --with-env-editor Use the environment variable EDITOR for visudo],
[case $with_env_editor in
yes) env_editor=on
;;
no) env_editor=off
;;
*) AC_MSG_ERROR(["--with-env-editor does not take an argument."])
;;
esac])
if test "$env_editor" = "on"; then
AC_DEFINE(ENV_EDITOR)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(number of tries a user gets to enter their password)
AC_ARG_WITH(passwd-tries, [ --with-passwd-tries number of tries to enter password (default is 3)],
[case $with_passwd_tries in
yes) ;;
no) AC_MSG_ERROR(["--without-editor not supported."])
;;
[[1-9]]*) passwd_tries=$with_passwd_tries
;;
*) AC_MSG_ERROR(["you must enter the numer of tries, > 0"])
;;
esac])
AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
AC_MSG_RESULT($passwd_tries)
AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
AC_ARG_WITH(timeout, [ --with-timeout minutes before sudo asks for passwd again (def is 5 minutes)],
[case $with_timeout in
yes) ;;
no) timeout=0
;;
[[0-9]]*) timeout=$with_timeout
;;
*) AC_MSG_ERROR(["you must enter the numer of minutes."])
;;
esac])
AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
AC_MSG_RESULT($timeout)
AC_MSG_CHECKING(time in minutes after the password prompt will time out)
AC_ARG_WITH(password-timeout, [ --with-password-timeout passwd prompt timeout in minutes (default is 5 minutes)],
[case $with_password_timeout in
yes) ;;
no) password_timeout=0
;;
[[0-9]]*) password_timeout=$with_password_timeout
;;
*) AC_MSG_ERROR(["you must enter the numer of minutes."])
;;
esac])
AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
AC_MSG_RESULT($password_timeout)
AC_MSG_CHECKING(whether to use per-tty ticket files)
AC_ARG_WITH(tty-tickets, [ --with-tty-tickets use a different ticket file for each tty],
[case $with_tty_tickets in
yes) tty_tickets=on
;;
no) tty_tickets=off
;;
*) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
;;
esac])
if test "$tty_tickets" = "on"; then
AC_DEFINE(USE_TTY_TICKETS)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(whether to include insults)
AC_ARG_WITH(insults, [ --with-insults insult the user for entering an incorrect password],
[case $with_insults in
yes) insults=on
with_classic_insults=yes
with_csops_insults=yes
;;
no) insults=off
;;
*) AC_MSG_ERROR(["--with-insults does not take an argument."])
;;
esac])
if test "$insults" = "on"; then
AC_DEFINE(USE_INSULTS)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_ARG_WITH(all-insults, [ --with-all-insults include all the sudo insult sets],
[case $with_all_insults in
yes) with_classic_insults=yes
with_csops_insults=yes
with_hal_insults=yes
with_goons_insults=yes
;;
no) ;;
*) AC_MSG_ERROR(["--with-all-insults does not take an argument."])
;;
esac])
AC_ARG_WITH(classic-insults, [ --with-classic-insults include the insults from the "classic" sudo],
[case $with_classic_insults in
yes) AC_DEFINE(CLASSIC_INSULTS)
;;
no) ;;
*) AC_MSG_ERROR(["--with-classic-insults does not take an argument."])
;;
esac])
AC_ARG_WITH(csops-insults, [ --with-csops-insults include CSOps insults],
[case $with_csops_insults in
yes) AC_DEFINE(CSOPS_INSULTS)
;;
no) ;;
*) AC_MSG_ERROR(["--with-csops-insults does not take an argument."])
;;
esac])
AC_ARG_WITH(hal-insults, [ --with-hal-insults include 2001-like insults],
[case $with_hal_insults in
yes) AC_DEFINE(HAL_INSULTS)
;;
no) ;;
*) AC_MSG_ERROR(["--with-hal-insults does not take an argument."])
;;
esac])
AC_ARG_WITH(goons-insults, [ --with-goons-insults include the insults from the "Goon Show"],
[case $with_goons_insults in
yes) AC_DEFINE(GOONS_INSULTS)
;;
no) ;;
*) AC_MSG_ERROR(["--with-goons-insults does not take an argument."])
;;
esac])
AC_ARG_WITH(nsswitch, [ --with-nsswitch[[=PATH]] path to nsswitch.conf],
[case $with_nsswitch in
no) ;;
yes) with_nsswitch="/etc/nsswitch.conf"
;;
*) ;;
esac])
if test ${with_nsswitch-"yes"} != "no"; then
SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}")
nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf}
else
nsswitch_conf='/etc/nsswitch.conf'
fi
AC_ARG_WITH(ldap, [ --with-ldap[[=DIR]] enable LDAP support],
[case $with_ldap in
no) with_ldap="";;
*) AC_DEFINE(HAVE_LDAP)
AC_MSG_CHECKING(whether to use sudoers from LDAP)
AC_MSG_RESULT(yes)
;;
esac])
AC_ARG_WITH(ldap-conf-file, [ --with-ldap-conf-file path to LDAP configuration file])
SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "${with_ldap_conf_file-/etc/ldap.conf}", [Path to the ldap.conf file])
ldap_conf=${with_ldap_conf_file-'/etc/ldap.conf'}
AC_ARG_WITH(ldap-secret-file, [ --with-ldap-secret-file path to LDAP secret password file])
SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "${with_ldap_secret_file-/etc/ldap.secret}", [Path to the ldap.secret file])
ldap_secret=${with_ldap_secret_file-'/etc/ldap.secret'}
AC_ARG_WITH(pc-insults, [ --with-pc-insults replace politically incorrect insults with less offensive ones],
[case $with_pc_insults in
yes) AC_DEFINE(PC_INSULTS)
;;
no) ;;
*) AC_MSG_ERROR(["--with-pc-insults does not take an argument."])
;;
esac])
dnl include all insult sets on one line
if test "$insults" = "on"; then
AC_MSG_CHECKING(which insult sets to include)
i=""
test "$with_goons_insults" = "yes" && i="goons ${i}"
test "$with_hal_insults" = "yes" && i="hal ${i}"
test "$with_csops_insults" = "yes" && i="csops ${i}"
test "$with_classic_insults" = "yes" && i="classic ${i}"
AC_MSG_RESULT([$i])
fi
AC_MSG_CHECKING(whether to override the user's path)
AC_ARG_WITH(secure-path, [ --with-secure-path override the user's path with a built-in one],
[case $with_secure_path in
yes) AC_DEFINE_UNQUOTED(SECURE_PATH, "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc")
AC_MSG_RESULT([:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc])
;;
no) AC_MSG_RESULT(no)
;;
*) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
AC_MSG_RESULT([$with_secure_path])
;;
esac], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
AC_ARG_WITH(interfaces, [ --without-interfaces don't try to read the ip addr of ether interfaces],
[case $with_interfaces in
yes) AC_MSG_RESULT(yes)
;;
no) AC_DEFINE(STUB_LOAD_INTERFACES)
AC_MSG_RESULT(no)
;;
*) AC_MSG_ERROR(["--with-interfaces does not take an argument."])
;;
esac], AC_MSG_RESULT(yes))
AC_MSG_CHECKING(whether stow should be used)
AC_ARG_WITH(stow, [ --with-stow properly handle GNU stow packaging],
[case $with_stow in
yes) AC_MSG_RESULT(yes)
AC_DEFINE(USE_STOW)
;;
no) AC_MSG_RESULT(no)
;;
*) AC_MSG_ERROR(["--with-stow does not take an argument."])
;;
esac], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether to use an askpass helper)
AC_ARG_WITH(askpass, [ --with-askpass=PATH Fully qualified pathname of askpass helper],
[case $with_askpass in
yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."])
;;
no) ;;
*) AC_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass])
;;
esac], AC_MSG_RESULT(no))
dnl
dnl Options for --enable
dnl
AC_MSG_CHECKING(whether to do user authentication by default)
AC_ARG_ENABLE(authentication,
[ --disable-authentication
Do not require authentication by default],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
;;
no) AC_MSG_RESULT(no)
AC_DEFINE(NO_AUTHENTICATION)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval])
;;
esac
], AC_MSG_RESULT(yes))
AC_MSG_CHECKING(whether to disable running the mailer as root)
AC_ARG_ENABLE(root-mailer,
[ --disable-root-mailer Don't run the mailer as root, run as the user],
[ case "$enableval" in
yes) AC_MSG_RESULT(no)
;;
no) AC_MSG_RESULT(yes)
AC_DEFINE(NO_ROOT_MAILER)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_ARG_ENABLE(setreuid,
[ --disable-setreuid Don't try to use the setreuid() function],
[ case "$enableval" in
no) SKIP_SETREUID=yes
;;
*) ;;
esac
])
AC_ARG_ENABLE(setresuid,
[ --disable-setresuid Don't try to use the setresuid() function],
[ case "$enableval" in
no) SKIP_SETRESUID=yes
;;
*) ;;
esac
])
AC_MSG_CHECKING(whether to disable shadow password support)
AC_ARG_ENABLE(shadow,
[ --disable-shadow Never use shadow passwords],
[ case "$enableval" in
yes) AC_MSG_RESULT(no)
;;
no) AC_MSG_RESULT(yes)
CHECKSHADOW="false"
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether root should be allowed to use sudo)
AC_ARG_ENABLE(root-sudo,
[ --disable-root-sudo Don't allow root to run sudo],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
;;
no) AC_DEFINE(NO_ROOT_SUDO)
AC_MSG_RESULT(no)
root_sudo=off
;;
*) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."])
;;
esac
], AC_MSG_RESULT(yes))
AC_MSG_CHECKING(whether to log the hostname in the log file)
AC_ARG_ENABLE(log-host,
[ --enable-log-host Log the hostname in the log file],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
AC_DEFINE(HOST_IN_LOG)
;;
no) AC_MSG_RESULT(no)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
AC_ARG_ENABLE(noargs-shell,
[ --enable-noargs-shell If sudo is given no arguments run a shell],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
AC_DEFINE(SHELL_IF_NO_ARGS)
;;
no) AC_MSG_RESULT(no)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
AC_ARG_ENABLE(shell-sets-home,
[ --enable-shell-sets-home
Set $HOME to target user in shell mode],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
AC_DEFINE(SHELL_SETS_HOME)
;;
no) AC_MSG_RESULT(no)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether to disable 'command not found' messages)
AC_ARG_ENABLE(path_info,
[ --disable-path-info Print 'command not allowed' not 'command not found'],
[ case "$enableval" in
yes) AC_MSG_RESULT(no)
;;
no) AC_MSG_RESULT(yes)
AC_DEFINE(DONT_LEAK_PATH_INFO)
path_info=off
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_ARG_WITH(selinux, [ --with-selinux enable SELinux support],
[case $with_selinux in
yes) SELINUX_USAGE="[[-r role]] [[-t type]] "
AC_DEFINE(HAVE_SELINUX)
SUDO_LIBS="${SUDO_LIBS} -lselinux"
SUDO_OBJS="${SUDO_OBJS} selinux.o"
PROGS="${PROGS} sesh"
SELINUX=""
SEMAN=""
;;
no) ;;
*) AC_MSG_ERROR(["--with-selinux does not take an argument."])
;;
esac])
dnl
dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default
dnl
AC_ARG_ENABLE(gss_krb5_ccache_name, [ --enable-gss-krb5-ccache-name
Use GSS-API to set the Kerberos V cred cache name], [check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no])
dnl
dnl If we don't have egrep we can't do anything...
dnl
AC_CHECK_PROG(EGREPPROG, egrep, egrep)
if test -z "$EGREPPROG"; then
AC_MSG_ERROR([Sorry, configure requires egrep to run.])
fi
dnl
dnl Prevent configure from adding the -g flag unless in devel mode
dnl
if test "$with_devel" != "yes"; then
ac_cv_prog_cc_g=no
fi
dnl
dnl C compiler checks
dnl
AC_ISC_POSIX
AC_PROG_CPP
dnl
dnl Libtool magic; enable shared libs and disable static libs
dnl
AC_CANONICAL_HOST
AC_CANONICAL_TARGET([])
AC_DISABLE_STATIC
AC_PROG_LIBTOOL
dnl
dnl Defer with_noexec until after libtool magic runs
dnl
if test "$enable_shared" = "no"; then
with_noexec=no
else
eval _shrext="$shrext_cmds"
fi
AC_MSG_CHECKING(path to sudo_noexec.so)
AC_ARG_WITH(noexec, [ --with-noexec[=PATH] fully qualified pathname of sudo_noexec.so],
[case $with_noexec in
yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
;;
no) ;;
*) ;;
esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
AC_MSG_RESULT($with_noexec)
NOEXECFILE="sudo_noexec$_shrext"
NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
dnl
dnl It is now safe to modify CFLAGS and CPPFLAGS
dnl
if test "$with_devel" = "yes" -a -n "$GCC"; then
CFLAGS="${CFLAGS} -Wall"
fi
dnl
dnl Find programs we use
dnl
AC_CHECK_PROG(UNAMEPROG, uname, uname)
AC_CHECK_PROG(TRPROG, tr, tr)
AC_CHECK_PROG(NROFFPROG, nroff, nroff)
if test -z "$NROFFPROG"; then
MANTYPE="cat"
mansrcdir='$(srcdir)'
fi
dnl
dnl What kind of beastie are we being run on?
dnl Barf if config.cache was generated on another host.
dnl
if test -n "$sudo_cv_prev_host"; then
if test "$sudo_cv_prev_host" != "$host"; then
AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
else
AC_MSG_CHECKING(previous host type)
AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
AC_MSG_RESULT([$sudo_cv_prev_host])
fi
else
# this will produce no output since there is no cached value
AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
fi
dnl
dnl We want to be able to differentiate between different rev's
dnl
if test -n "$host_os"; then
OS=`echo $host_os | sed 's/[[0-9]].*//'`
OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'`
OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
else
OS="unknown"
OSREV=0
OSMAJOR=0
fi
case "$host" in
*-*-sunos4*)
# getcwd(3) opens a pipe to getpwd(1)!?!
BROKEN_GETCWD=1
# system headers lack prototypes but gcc helps...
if test -n "$GCC"; then
OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
fi
shadow_funcs="getpwanam issecure"
;;
*-*-solaris2*)
# To get the crypt(3) prototype (so we pass -Wall)
OSDEFS="${OSDEFS} -D__EXTENSIONS__"
# AFS support needs -lucb
if test "$with_AFS" = "yes"; then
AFS_LIBS="-lc -lucb"
fi
: ${mansectsu='1m'}
: ${mansectform='4'}
: ${with_rpath='yes'}
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
;;
*-*-aix*)
# To get all prototypes (so we pass -Wall)
OSDEFS="${OSDEFS} -D_XOPEN_EXTENDED_SOURCE -D_ALL_SOURCE"
SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
if test X"$with_blibpath" != X"no"; then
AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
O_LDFLAGS="$LDFLAGS"
LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [
if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
blibpath="$with_blibpath"
elif test -n "$GCC"; then
blibpath="/usr/lib:/lib:/usr/local/lib"
else
blibpath="/usr/lib:/lib"
fi
AC_MSG_RESULT(yes)
], [AC_MSG_RESULT(no)])
fi
LDFLAGS="$O_LDFLAGS"
# Use authenticate(3) as the default authentication method
if test X"$with_aixauth" = X""; then
AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
fi
# AIX-specific functions
AC_CHECK_FUNCS(getuserattr)
SUDO_OBJS="$SUDO_OBJS aix.o"
;;
*-*-hiuxmpp*)
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-*-hpux*)
# AFS support needs -lBSD
if test "$with_AFS" = "yes"; then
AFS_LIBS="-lc -lBSD"
fi
: ${mansectsu='1m'}
: ${mansectform='4'}
# HP-UX bundled compiler can't generate shared objects
if test "x$ac_cv_prog_cc_c89" = "xno"; then
with_noexec=no
fi
case "$host" in
*-*-hpux[1-8].*)
AC_DEFINE(BROKEN_SYSLOG)
# Not sure if setuid binaries are safe in < 9.x
if test -n "$GCC"; then
SUDO_LDFLAGS="${SUDO_LDFLAGS} -static"
else
SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive"
fi
;;
*-*-hpux9.*)
AC_DEFINE(BROKEN_SYSLOG)
shadow_funcs="getspwuid"
# DCE support (requires ANSI C compiler)
if test "$with_DCE" = "yes"; then
# order of libs in 9.X is important. -lc_r must be last
SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r"
LIBS="${LIBS} -ldce -lM -lc_r"
CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
fi
;;
*-*-hpux10.*)
shadow_funcs="getprpwnam iscomsec"
shadow_libs="-lsec"
;;
*)
shadow_funcs="getspnam iscomsec"
shadow_libs="-lsec"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
;;
esac
;;
*-dec-osf*)
# ignore envariables wrt dynamic lib path
SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement"
: ${CHECKSIA='true'}
AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
AC_ARG_ENABLE(sia,
[ --disable-sia Disable SIA on Digital UNIX],
[ case "$enableval" in
yes) AC_MSG_RESULT(no)
CHECKSIA=true
;;
no) AC_MSG_RESULT(yes)
CHECKSIA=false
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval])
;;
esac
], AC_MSG_RESULT(no))
shadow_funcs="getprpwnam dispcrypt"
# OSF/1 4.x and higher need -ldb too
if test $OSMAJOR -lt 4; then
shadow_libs="-lsecurity -laud -lm"
else
shadow_libs="-lsecurity -ldb -laud -lm"
fi
# use SIA by default, if we have it
test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
#
# Some versions of Digital Unix ship with a broken
# copy of prot.h, which we need for shadow passwords.
# XXX - make should remove this as part of distclean
#
AC_MSG_CHECKING([for broken prot.h])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <sys/security.h>
#include <prot.h>
]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
])
: ${mansectsu='8'}
: ${mansectform='4'}
;;
*-*-irix*)
OSDEFS="${OSDEFS} -D_BSD_TYPES"
if test -z "$NROFFPROG"; then
MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
if test -d /usr/share/catman/local; then
mandir="/usr/share/catman/local"
else
mandir="/usr/catman/local"
fi
fi
else
if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
if test -d "/usr/share/man/local"; then
mandir="/usr/share/man/local"
else
mandir="/usr/man/local"
fi
fi
fi
# IRIX <= 4 needs -lsun
if test "$OSMAJOR" -le 4; then
AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
fi
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-*-linux*|*-*-k*bsd*-gnu)
OSDEFS="${OSDEFS} -D_GNU_SOURCE"
# Some Linux versions need to link with -lshadow
shadow_funcs="getspnam"
shadow_libs_optional="-lshadow"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
;;
*-convex-bsd*)
OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
if test -z "$GCC"; then
CFLAGS="${CFLAGS} -D__STDC__"
fi
shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
shadow_funcs="getprpwnam"
shadow_libs="-lprot"
;;
*-*-ultrix*)
OS="ultrix"
shadow_funcs="getauthuid"
shadow_libs="-lauth"
;;
*-*-riscos*)
LIBS="${LIBS} -lsun -lbsd"
CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
OSDEFS="${OSDEFS} -D_MIPS"
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-*-isc*)
OSDEFS="${OSDEFS} -D_ISC"
LIB_CRYPT=1
SUDO_LIBS="${SUDO_LIBS} -lcrypt"
LIBS="${LIBS} -lcrypt"
shadow_funcs="getspnam"
shadow_libs="-lsec"
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-*-sco*|*-sco-*)
shadow_funcs="getprpwnam"
shadow_libs="-lprot -lx"
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
m88k-motorola-sysv*)
# motorolla's cc (a variant of gcc) does -O but not -O2
CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-sequent-sysv*)
shadow_funcs="getspnam"
shadow_libs="-lsec"
: ${mansectsu='1m'}
: ${mansectform='4'}
: ${with_rpath='yes'}
;;
*-ncr-sysv4*|*-ncr-sysvr4*)
AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes])
: ${mansectsu='1m'}
: ${mansectform='4'}
: ${with_rpath='yes'}
;;
*-ccur-sysv4*|*-ccur-sysvr4*)
LIBS="${LIBS} -lgen"
SUDO_LIBS="${SUDO_LIBS} -lgen"
: ${mansectsu='1m'}
: ${mansectform='4'}
: ${with_rpath='yes'}
;;
*-*-bsdi*)
SKIP_SETREUID=yes
# Use shlicc for BSD/OS [23].x unless asked to do otherwise
if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then
case "$OSMAJOR" in
2|3) AC_MSG_NOTICE([using shlicc as CC])
ac_cv_prog_CC=shlicc
CC="$ac_cv_prog_CC"
;;
esac
fi
# Check for newer BSD auth API (just check for >= 3.0?)
if test -z "$with_bsdauth"; then
AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
fi
;;
*-*-freebsd*)
# FreeBSD has a real setreuid(2) starting with 2.1 and
# backported to 2.0.5. We just take 2.1 and above...
case "$OSREV" in
0.*|1.*|2.0*)
SKIP_SETREUID=yes
;;
esac
if test "$with_skey" = "yes"; then
SUDO_LIBS="${SUDO_LIBS} -lmd"
fi
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='maybe'}
;;
*-*-*openbsd*)
# OpenBSD has a real setreuid(2) starting with 3.3 but
# we will use setreuid(2) instead.
SKIP_SETREUID=yes
CHECKSHADOW="false"
# OpenBSD >= 3.0 supports BSD auth
if test -z "$with_bsdauth"; then
case "$OSREV" in
[0-2].*)
;;
*)
AUTH_EXCL_DEF="BSD_AUTH"
;;
esac
fi
: ${with_logincap='maybe'}
;;
*-*-*netbsd*)
# NetBSD has a real setreuid(2) starting with 1.3.2
case "$OSREV" in
0.9*|1.[012]*|1.3|1.3.1)
SKIP_SETREUID=yes
;;
esac
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='maybe'}
;;
*-*-dragonfly*)
if test "$with_skey" = "yes"; then
SUDO_LIBS="${SUDO_LIBS} -lmd"
fi
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='yes'}
;;
*-*-*bsd*)
CHECKSHADOW="false"
;;
*-*-darwin*)
SKIP_SETREUID=yes
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='yes'}
;;
*-*-nextstep*)
# lockf() on is broken on the NeXT -- use flock instead
ac_cv_func_lockf=no
ac_cv_func_flock=yes
;;
*-*-*sysv4*)
: ${mansectsu='1m'}
: ${mansectform='4'}
: ${with_rpath='yes'}
;;
*-*-sysv*)
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-gnu*)
OSDEFS="${OSDEFS} -D_GNU_SOURCE"
;;
esac
dnl
dnl Check for mixing mutually exclusive and regular auth methods
dnl
AUTH_REG=${AUTH_REG# }
AUTH_EXCL=${AUTH_EXCL# }
if test -n "$AUTH_EXCL"; then
set -- $AUTH_EXCL
if test $# != 1; then
AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL])
fi
if test -n "$AUTH_REG"; then
AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
fi
fi
dnl
dnl Only one of S/Key and OPIE may be specified
dnl
if test X"${with_skey}${with_opie}" = X"yesyes"; then
AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
fi
dnl
dnl Use BSD-style man sections by default
dnl
: ${mansectsu='8'}
: ${mansectform='5'}
dnl
dnl Add in any libpaths or libraries specified via configure
dnl
if test -n "$with_libpath"; then
for i in ${with_libpath}; do
SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
done
fi
if test -n "$with_libraries"; then
for i in ${with_libraries}; do
case $i in
-l*) ;;
*.a) ;;
*.o) ;;
*) i="-l${i}";;
esac
LIBS="${LIBS} ${i}"
done
fi
dnl
dnl C compiler checks (to be done after os checks)
dnl
AC_PROG_GCC_TRADITIONAL
AC_C_CONST
AC_C_VOLATILE
dnl
dnl Program checks
dnl
AC_PROG_YACC
SUDO_PROG_MV
SUDO_PROG_BSHELL
if test -z "$with_sendmail"; then
SUDO_PROG_SENDMAIL
fi
if test -z "$with_editor"; then
SUDO_PROG_VI
fi
dnl
dnl Header file checks
dnl
AC_HEADER_STDC
AC_HEADER_DIRENT
AC_HEADER_TIME
AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h)
dnl ultrix termio/termios are broken
if test "$OS" != "ultrix"; then
AC_SYS_POSIX_TERMIOS
if test "$ac_cv_sys_posix_termios" = "yes"; then
AC_DEFINE(HAVE_TERMIOS_H)
else
AC_CHECK_HEADERS(termio.h)
fi
fi
if test ${with_logincap-'no'} != "no"; then
AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=""
case "$OS" in
freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
;;
esac
])
fi
if test ${with_project-'no'} != "no"; then
AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H)
[SUDO_LIBS="${SUDO_LIBS} -lproject"], -)
fi
dnl
dnl typedef checks
dnl
AC_TYPE_MODE_T
AC_TYPE_UID_T
AC_CHECK_TYPE([__signed char], [], [AC_CHECK_TYPE([signed char], [AC_DEFINE(__signed, signed)], [AC_DEFINE(__signed, [])])])
AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
#include <signal.h>])
AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include <sys/types.h>
#include <signal.h>])
AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include <sys/types.h>
#if TIME_WITH_SYS_TIME
# include <sys/time.h>
#endif
#include <time.h>])
AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include <sys/types.h>
#include <netinet/in.h>])
SUDO_TYPE_SIZE_T
SUDO_TYPE_SSIZE_T
SUDO_TYPE_DEV_T
SUDO_TYPE_INO_T
SUDO_UID_T_LEN
SUDO_TYPE_LONG_LONG
SUDO_SOCK_SA_LEN
dnl
dnl only set RETSIGTYPE if it is not set already
dnl
case "$DEFS" in
*"RETSIGTYPE"*) ;;
*) AC_TYPE_SIGNAL;;
esac
dnl
dnl Function checks
dnl
AC_FUNC_GETGROUPS
AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
strftime setrlimit initgroups getgroups fstat gettimeofday \
setlocale getaddrinfo setsid)
if test -z "$SKIP_SETRESUID"; then
AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
fi
if test -z "$SKIP_SETREUID"; then
AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
fi
if test -z "$SKIP_SETEUID"; then
AC_CHECK_FUNCS(seteuid)
fi
if test X"$with_interfaces" != X"no"; then
AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
fi
if test -z "$BROKEN_GETCWD"; then
AC_REPLACE_FUNCS(getcwd)
fi
AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h)
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <glob.h>]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB)
AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob)
AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)])
AC_CHECK_FUNCS(lockf flock, [break])
AC_CHECK_FUNCS(waitpid wait3, [break])
AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)])
SUDO_FUNC_ISBLANK
AC_REPLACE_FUNCS(memrchr strerror strcasecmp sigaction strlcpy strlcat)
AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom)
AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [],
[ #include <limits.h>
#include <fcntl.h> ])
])
AC_CHECK_FUNCS(mkstemp, [], [SUDO_OBJS="${SUDO_OBJS} mkstemp.o"
AC_CHECK_FUNCS(random lrand48, [break])
])
AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
if test X"$ac_cv_type_struct_timespec" != X"no"; then
AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)]
[AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))],
[AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
AC_MSG_CHECKING([for two-parameter timespecsub])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
#include <sys/time.h>]], [[struct timespec ts1, ts2;
ts1.tv_sec = 1; ts1.tv_nsec = 0; ts2.tv_sec = 0; ts2.tv_nsec = 0;
#ifndef timespecsub
#error missing timespecsub
#endif
timespecsub(&ts1, &ts2);]])], [AC_DEFINE(HAVE_TIMESPECSUB2)
AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)])
fi
dnl
dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
dnl
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
#include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_TRY_LINK([#include <sys/types.h>
#include <$ac_header_dirent>], [DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);], [AC_DEFINE(HAVE_DD_FD)])])
dnl
dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
dnl
if test -n "$NEED_SNPRINTF"; then
AC_LIBOBJ(snprintf)
fi
dnl
dnl If socket(2) not in libc, check -lsocket and -linet
dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
dnl In this case we look for main(), not socket() to avoid using a cached value
dnl
AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl)
AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))])
dnl
dnl If inet_addr(3) not in libc, check -lnsl and -linet
dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
dnl
AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl)
AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))])
dnl
dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
dnl
AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))])
dnl
dnl Check for getprogname() or __progname
dnl
AC_CHECK_FUNCS(getprogname, , [
AC_MSG_CHECKING([for __progname])
AC_CACHE_VAL(sudo_cv___progname, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
if test "$sudo_cv___progname" = "yes"; then
AC_DEFINE(HAVE___PROGNAME)
else
AC_LIBOBJ(getprogname)
fi
AC_MSG_RESULT($sudo_cv___progname)
])
dnl
dnl Mutually exclusive auth checks come first, followed by
dnl non-exclusive ones. Note: passwd must be last of all!
dnl
dnl
dnl Convert default authentication methods to with_* if
dnl no explicit authentication scheme was specified.
dnl
if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
for auth in $AUTH_EXCL_DEF; do
case $auth in
AIX_AUTH) with_aixauth=maybe;;
BSD_AUTH) with_bsdauth=maybe;;
PAM) with_pam=maybe;;
SIA) CHECKSIA=true;;
esac
done
fi
dnl
dnl PAM support. Systems that use PAM by default set with_pam=default
dnl and we do the actual tests here.
dnl
if test ${with_pam-"no"} != "no"; then
dnl
dnl Linux may need this
dnl
AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"])
ac_cv_lib_dl=ac_cv_lib_dl_main
dnl
dnl Some PAM implementations (MacOS X for example) put the PAM headers
dnl in /usr/include/pam instead of /usr/include/security...
dnl
AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break])
if test "$with_pam" = "yes"; then
AC_DEFINE(HAVE_PAM)
AUTH_OBJS="$AUTH_OBJS pam.o";
AUTH_EXCL=PAM
AC_MSG_CHECKING(whether to use PAM session support)
AC_ARG_ENABLE(pam_session,
[ --disable-pam-session Disable PAM session support],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
;;
no) AC_MSG_RESULT(no)
AC_DEFINE([NO_PAM_SESSION], [], [PAM session support disabled])
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
;;
esac], AC_MSG_RESULT(yes))
case $host in
*-*-linux*|*-*-solaris*)
# dgettext() may be defined to dgettext_libintl in the
# header file, so first check that it links w/ additional
# libs, then try with -lintl
AC_LINK_IFELSE([AC_LANG_PROGRAM(
[[#include <libintl.h>]], [(void)dgettext((char *)0, (char *)0);])],
[AC_DEFINE(HAVE_DGETTEXT)],
[AC_CHECK_LIB(intl, dgettext, [LIBS="${LIBS} -lintl"]
[AC_DEFINE(HAVE_DGETTEXT)])])
;;
esac
fi
fi
dnl
dnl AIX general authentication
dnl If set to "maybe" only enable if no other exclusive method in use.
dnl
if test ${with_aixauth-'no'} != "no"; then
if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
AC_MSG_NOTICE([using AIX general authentication])
AC_DEFINE(HAVE_AIXAUTH)
AUTH_OBJS="$AUTH_OBJS aix_auth.o";
SUDO_LIBS="${SUDO_LIBS} -ls"
AUTH_EXCL=AIX_AUTH
fi
fi
dnl
dnl BSD authentication
dnl If set to "maybe" only enable if no other exclusive method in use.
dnl
if test ${with_bsdauth-'no'} != "no"; then
AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
[AUTH_OBJS="$AUTH_OBJS bsdauth.o"]
[BSDAUTH_USAGE='[[-a auth_type]] ']
[AUTH_EXCL=BSD_AUTH; BAMAN=""],
[AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
fi
dnl
dnl SIA authentication for Tru64 Unix
dnl
if test ${CHECKSIA-'false'} = "true"; then
AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
if test "$found" = "true"; then
AUTH_EXCL=SIA
AUTH_OBJS="$AUTH_OBJS sia.o"
fi
fi
dnl
dnl extra FWTK libs + includes
dnl
if test ${with_fwtk-'no'} != "no"; then
if test "$with_fwtk" != "yes"; then
SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}])
CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
with_fwtk=yes
fi
SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall"
AUTH_OBJS="$AUTH_OBJS fwtk.o"
fi
dnl
dnl extra SecurID lib + includes
dnl
if test ${with_SecurID-'no'} != "no"; then
if test "$with_SecurID" != "yes"; then
:
elif test -d /usr/ace/examples; then
with_SecurID=/usr/ace/examples
else
with_SecurID=/usr/ace
fi
CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
_LDFLAGS="${LDFLAGS}"
SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
#
# Determine whether to use the new or old SecurID API
#
AC_CHECK_LIB(aceclnt, SD_Init,
[
AUTH_OBJS="$AUTH_OBJS securid5.o";
SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"
]
[
SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}])
], [
AUTH_OBJS="$AUTH_OBJS securid.o";
SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a"
],
[
-lpthread
]
)
LDFLAGS="${_LDFLAGS}"
fi
dnl
dnl Non-mutually exclusive auth checks come next.
dnl Note: passwd must be last of all!
dnl
dnl
dnl Convert default authentication methods to with_* if
dnl no explicit authentication scheme was specified.
dnl
if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
for auth in $AUTH_DEF; do
case $auth in
passwd) : ${with_passwd='maybe'};;
esac
done
fi
dnl
dnl Kerberos IV
dnl
if test ${with_kerb4-'no'} != "no"; then
AC_DEFINE(HAVE_KERB4)
dnl
dnl Use the specified directory, if any, else search for correct inc dir
dnl
O_LDFLAGS="$LDFLAGS"
if test "$with_kerb4" = "yes"; then
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
AC_PREPROC_IFELSE([#include <krb.h>], [found=yes; break])
done
test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
else
SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib])
SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib])
CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
AC_CHECK_HEADER([krb.h], [found=yes], [found=no])
fi
if test X"$found" = X"no"; then
AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
fi
dnl
dnl Check for -ldes vs. -ldes425
dnl
AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [
AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""])
])
dnl
dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV
dnl
AC_MSG_CHECKING(whether we are using KTH Kerberos IV)
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]], [[const char *tmp = krb4_version;]])], [
AC_MSG_RESULT(yes)
K4LIBS="${K4LIBS} -lcom_err"
AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"])
], [
AC_MSG_RESULT(no)
]
)
dnl
dnl The actual Kerberos IV lib might be -lkrb or -lkrb4
dnl
AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [
AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"],
[K4LIBS="-lkrb $K4LIBS"]
[AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])]
, [$K4LIBS])
], [$K4LIBS])
LDFLAGS="$O_LDFLAGS"
SUDO_LIBS="${SUDO_LIBS} $K4LIBS"
AUTH_OBJS="$AUTH_OBJS kerb4.o"
fi
dnl
dnl Kerberos V
dnl There is an easy way and a hard way...
dnl
if test ${with_kerb5-'no'} != "no"; then
AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
if test -n "$KRB5CONFIG"; then
AC_DEFINE(HAVE_KERB5)
AUTH_OBJS="$AUTH_OBJS kerb5.o"
CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`"
dnl
dnl Try to determine whether we have Heimdal or MIT Kerberos
dnl
AC_MSG_CHECKING(whether we are using Heimdal)
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_HEIMDAL)
], [
AC_MSG_RESULT(no)
]
)
fi
fi
if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then
AC_DEFINE(HAVE_KERB5)
dnl
dnl Use the specified directory, if any, else search for correct inc dir
dnl
if test "$with_kerb5" = "yes"; then
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
AC_PREPROC_IFELSE([#include <krb5.h>], [found=yes; break])
done
if test X"$found" = X"no"; then
CPPFLAGS="$O_CPPFLAGS"
AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
fi
else
dnl XXX - try to include krb5.h here too
SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib])
CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
fi
dnl
dnl Try to determine whether we have Heimdal or MIT Kerberos
dnl
AC_MSG_CHECKING(whether we are using Heimdal)
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_HEIMDAL)
# XXX - need to check whether -lcrypo is needed!
SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"])
], [
AC_MSG_RESULT(no)
SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
AC_CHECK_LIB(krb5support, main, [SUDO_LIBS="${SUDO_LIBS} -lkrb5support,"])
])
AUTH_OBJS="$AUTH_OBJS kerb5.o"
_LIBS="$LIBS"
LIBS="${LIBS} ${SUDO_LIBS}"
AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context krb5_get_init_creds_opt_alloc)
AC_CACHE_CHECK(whether krb5_get_init_creds_opt_free takes a two argument2,
sudo_cv_krb5_get_init_creds_opt_free_two_args, [
AC_TRY_COMPILE([#include <krb5.h>],
[
krb5_context context = NULL;
krb5_get_init_creds_opt *opts = NULL;
krb5_get_init_creds_opt_free(context, opts);
],
[sudo_cv_krb5_get_init_creds_opt_free_two_args=yes],
[sudo_cv_krb5_get_init_creds_opt_free_two_args=no]
)
]
)
if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then
AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS)
fi
LIBS="$_LIBS"
fi
dnl
dnl extra AFS libs and includes
dnl
if test ${with_AFS-'no'} = "yes"; then
# looks like the "standard" place for AFS libs is /usr/afsws/lib
AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
for i in $AFSLIBDIRS; do
if test -d ${i}; then
SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i])
FOUND_AFSLIBDIR=true
fi
done
if test -z "$FOUND_AFSLIBDIR"; then
AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.])
fi
# Order is important here. Note that we build AFS_LIBS from right to left
# since AFS_LIBS may be initialized with BSD compat libs that must go last
AFS_LIBS="-laudit ${AFS_LIBS}"
for i in $AFSLIBDIRS; do
if test -f ${i}/util.a; then
AFS_LIBS="${i}/util.a ${AFS_LIBS}"
FOUND_UTIL_A=true
break;
fi
done
if test -z "$FOUND_UTIL_A"; then
AFS_LIBS="-lutil ${AFS_LIBS}"
fi
AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
# AFS includes may live in /usr/include on some machines...
for i in /usr/afsws/include; do
if test -d ${i}; then
CPPFLAGS="${CPPFLAGS} -I${i}"
FOUND_AFSINCDIR=true
fi
done
if test -z "$FOUND_AFSLIBDIR"; then
AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
fi
AUTH_OBJS="$AUTH_OBJS afs.o"
fi
dnl
dnl extra DCE obj + lib
dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
dnl
if test ${with_DCE-'no'} = "yes"; then
DCE_OBJS="${DCE_OBJS} dce_pwent.o"
SUDO_LIBS="${SUDO_LIBS} -ldce"
AUTH_OBJS="$AUTH_OBJS dce.o"
fi
dnl
dnl extra S/Key lib and includes
dnl
if test ${with_skey-'no'} = "yes"; then
O_LDFLAGS="$LDFLAGS"
if test "$with_skey" != "yes"; then
CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib])
AC_PREPROC_IFELSE([#include <skey.h>], [found=yes], [found=no])
else
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "/usr/local" "/usr/contrib"; do
test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
AC_PREPROC_IFELSE([#include <skey.h>], [found=yes; break])
done
if test "$found" = "no" -o -z "$dir"; then
CPPFLAGS="$O_CPPFLAGS"
else
SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
fi
fi
if test "$found" = "no"; then
AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
fi
AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])])
AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
LDFLAGS="$O_LDFLAGS"
SUDO_LIBS="${SUDO_LIBS} -lskey"
AUTH_OBJS="$AUTH_OBJS rfc1938.o"
fi
dnl
dnl extra OPIE lib and includes
dnl
if test ${with_opie-'no'} = "yes"; then
O_LDFLAGS="$LDFLAGS"
if test "$with_opie" != "yes"; then
CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib])
AC_PREPROC_IFELSE([#include <opie.h>], [found=yes], [found=no])
else
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "/usr/local" "/usr/contrib"; do
test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
AC_PREPROC_IFELSE([#include <opie.h>], [found=yes; break])
done
if test "$found" = "no" -o -z "$dir"; then
CPPFLAGS="$O_CPPFLAGS"
else
SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
fi
fi
if test "$found" = "no"; then
AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
fi
AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])])
LDFLAGS="$O_LDFLAGS"
SUDO_LIBS="${SUDO_LIBS} -lopie"
AUTH_OBJS="$AUTH_OBJS rfc1938.o"
fi
dnl
dnl Check for shadow password routines if we have not already done so.
dnl If there is a specific list of functions to check we do that first.
dnl Otherwise, we check for SVR4-style and then SecureWare-style.
dnl
if test ${with_passwd-'no'} != "no"; then
dnl
dnl if crypt(3) not in libc, look elsewhere
dnl
if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then
AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
fi
if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
_LIBS="$LIBS"
LIBS="$LIBS $shadow_libs"
found=no
AC_CHECK_FUNCS($shadow_funcs, [found=yes])
if test "$found" = "yes"; then
SUDO_LIBS="$SUDO_LIBS $shadow_libs"
elif test -n "$shadow_libs_optional"; then
LIBS="$LIBS $shadow_libs_optional"
AC_CHECK_FUNCS($shadow_funcs, [found=yes])
if test "$found" = "yes"; then
SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional"
fi
fi
if test "$found" = "yes"; then
case "$shadow_funcs" in
*getprpwnam*) SECUREWARE=1;;
esac
test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
else
LIBS="$_LIBS"
fi
CHECKSHADOW=false
fi
if test "$CHECKSHADOW" = "true"; then
AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
fi
if test "$CHECKSHADOW" = "true"; then
AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
fi
if test -n "$SECUREWARE"; then
AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
AUTH_OBJS="$AUTH_OBJS secureware.o"
fi
fi
dnl
dnl extra lib and .o file for LDAP support
dnl
if test ${with_ldap-'no'} != "no"; then
_LDFLAGS="$LDFLAGS"
if test "$with_ldap" != "yes"; then
SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib])
SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
with_ldap=yes
LDAP=""
fi
SUDO_OBJS="${SUDO_OBJS} ldap.o"
AC_MSG_CHECKING([for LDAP libraries])
LDAP_LIBS=""
_LIBS="$LIBS"
found=no
for l in -lldap -llber '-lssl -lcrypto'; do
LIBS="${LIBS} $l"
LDAP_LIBS="${LDAP_LIBS} $l"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
#include <lber.h>
#include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
done
dnl if nothing linked just try with -lldap
if test "$found" = "no"; then
LIBS="${_LIBS} -lldap"
LDAP_LIBS="-lldap"
AC_MSG_RESULT([not found, using -lldap])
else
AC_MSG_RESULT([$LDAP_LIBS])
fi
dnl check if we need to link with -llber for ber_set_option
OLIBS="$LIBS"
AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
LDAP_LIBS="$LDAP_LIBS -llber"
fi
dnl check if ldap.h includes lber.h for us
AC_MSG_CHECKING([whether lber.h is needed])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
#include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
AC_MSG_RESULT([yes])
AC_DEFINE(HAVE_LBER_H)])
AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldap_sasl_interactive_bind_s ldapssl_init ldapssl_set_strength ldap_search_ext_s ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s)
AC_CHECK_HEADERS([sasl/sasl.h])
AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
if test X"$check_gss_krb5_ccache_name" = X"yes"; then
AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,
AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
[LDAP_LIBS="${LDAP_LIBS} -lgssapi"],
AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,
AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
[LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"])
)
# gssapi headers may be separate or part of Kerberos V
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do
test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
AC_PREPROC_IFELSE([#include <gssapi/gssapi.h>], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([#include <gssapi.h>], [found="gssapi.h"; break])])
done
if test X"$found" != X"no"; then
AC_CHECK_HEADERS([$found])
if test X"$found" = X"gssapi/gssapi.h"; then
AC_CHECK_HEADERS([gssapi/gssapi_krb5.h])
fi
else
CPPFLAGS="$O_CPPFLAGS"
AC_MSG_WARN([Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS])
fi
fi
SUDO_LIBS="${SUDO_LIBS} ${LDAP_LIBS}"
LIBS="$_LIBS"
LDFLAGS="$_LDFLAGS"
fi
dnl
dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we
dnl added -L dirpaths to SUDO_LDFLAGS.
dnl
if test -n "$blibpath"; then
if test -n "$blibpath_add"; then
SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}"
fi
fi
dnl
dnl Check for log file and timestamp locations
dnl
SUDO_LOGFILE
SUDO_TIMEDIR
dnl
dnl Use passwd (and secureware) auth modules?
dnl
case "$with_passwd" in
yes|maybe)
AUTH_OBJS="$AUTH_OBJS passwd.o"
;;
*)
AC_DEFINE(WITHOUT_PASSWD)
if test -z "$AUTH_OBJS"; then
AC_MSG_ERROR([no authentication methods defined.])
fi
;;
esac
AUTH_OBJS=${AUTH_OBJS# }
_AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'`
AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
dnl
dnl LIBS may contain duplicates from SUDO_LIBS or NET_LIBS so prune it.
dnl
if test -n "$LIBS"; then
L="$LIBS"
LIBS=
for l in ${L}; do
dupe=0
for sl in ${SUDO_LIBS} ${NET_LIBS}; do
test $l = $sl && dupe=1
done
test $dupe = 0 && LIBS="${LIBS} $l"
done
fi
dnl
dnl Set exec_prefix
dnl
test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
dnl
dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
dnl XXX - this is gross!
dnl
if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
oexec_prefix="$exec_prefix"
if test "$exec_prefix" = '$(prefix)'; then
if test "$prefix" = "NONE"; then
exec_prefix="$ac_default_prefix"
else
exec_prefix="$prefix"
fi
fi
if test X"$with_noexec" != X"no"; then
PROGS="${PROGS} sudo_noexec.la"
INSTALL_NOEXEC="install-noexec"
eval noexec_file="$with_noexec"
AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
fi
if test X"$with_selinux" != X"no"; then
eval sesh_file="$libexecdir/sesh"
AC_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
fi
exec_prefix="$oexec_prefix"
fi
dnl
dnl Substitute into the Makefile and man pages
dnl
AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudo_usage.h])
AC_OUTPUT
dnl
dnl Spew any text the user needs to know about
dnl
if test "$with_pam" = "yes"; then
case $host in
*-*-linux*)
AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
;;
esac
fi
dnl
dnl Autoheader templates
dnl
AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
AH_TEMPLATE(HAVE_DGETTEXT, [Define to 1 if you have the `dgettext' function.])
AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.])
AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)])
AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)])
AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.])
AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if <netinet/in.h> contains struct in6_addr.])
AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.])
AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.])
AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_alloc' function takes two arguments.])
AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.])
AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.])
AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.])
AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union])
AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.])
AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h])
AH_TEMPLATE(HAVE_TIMESPECSUB2, [Define to 1 if you have a timespecsub macro or function that takes two arguments (not three)])
AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
AH_TEMPLATE(USE_TTY_TICKETS, [Define to 1 if you want a different ticket file for each tty.])
AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.])
dnl
dnl Bits to copy verbatim into config.h.in
dnl
AH_TOP([#ifndef _SUDO_CONFIG_H
#define _SUDO_CONFIG_H])
AH_BOTTOM([/*
* Macros to pull sec and nsec parts of mtime from struct stat.
* We need to be able to convert between timeval and timespec
* so the last 3 digits of tv_nsec are not significant.
*/
#ifdef HAVE_ST_MTIM
# ifdef HAVE_ST__TIM
# define mtim_getsec(_x) ((_x).st_mtim.st__tim.tv_sec)
# define mtim_getnsec(_x) (((_x).st_mtim.st__tim.tv_nsec / 1000) * 1000)
# else
# define mtim_getsec(_x) ((_x).st_mtim.tv_sec)
# define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000)
# endif
#else
# ifdef HAVE_ST_MTIMESPEC
# define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec)
# define mtim_getnsec(_x) (((_x).st_mtimespec.tv_nsec / 1000) * 1000)
# else
# define mtim_getsec(_x) ((_x).st_mtime)
# define mtim_getnsec(_x) (0)
# endif /* HAVE_ST_MTIMESPEC */
#endif /* HAVE_ST_MTIM */
/*
* Emulate a subset of waitpid() if we don't have it.
*/
#ifdef HAVE_WAITPID
# define sudo_waitpid(p, s, o) waitpid(p, s, o)
#else
# ifdef HAVE_WAIT3
# define sudo_waitpid(p, s, o) wait3(s, o, NULL)
# endif
#endif
/* GNU stow needs /etc/sudoers to be a symlink. */
#ifdef USE_STOW
# define stat_sudoers stat
#else
# define stat_sudoers lstat
#endif
/* Macros to set/clear/test flags. */
#undef SET
#define SET(t, f) ((t) |= (f))
#undef CLR
#define CLR(t, f) ((t) &= ~(f))
#undef ISSET
#define ISSET(t, f) ((t) & (f))
/* New ANSI-style OS defs for HP-UX and ConvexOS. */
#if defined(hpux) && !defined(__hpux)
# define __hpux 1
#endif /* hpux */
#if defined(convex) && !defined(__convex__)
# define __convex__ 1
#endif /* convex */
/* BSD compatibility on some SVR4 systems. */
#ifdef __svr4__
# define BSD_COMP
#endif /* __svr4__ */
#endif /* _SUDO_CONFIG_H */])