1dnl 2dnl Process this file with GNU autoconf to produce a configure script. 3dnl 4dnl Copyright (c) 1994-1996,1998-2012 Todd C. Miller <Todd.Miller@courtesan.com> 5dnl 6AC_INIT([sudo], [1.7.10p7], [http://www.sudo.ws/bugs/], [sudo]) 7AC_CONFIG_HEADER(config.h pathnames.h zlib/zconf.h) 8dnl 9dnl Note: this must come after AC_INIT 10dnl 11AC_MSG_NOTICE([Configuring Sudo version $PACKAGE_VERSION]) 12dnl 13dnl Variables that get substituted in the Makefile and man pages 14dnl 15AC_SUBST([HAVE_BSM_AUDIT]) 16AC_SUBST([SHELL]) 17AC_SUBST([LIBTOOL]) 18AC_SUBST([CFLAGS]) 19AC_SUBST([PROGS]) 20AC_SUBST([CPPFLAGS]) 21AC_SUBST([LDFLAGS]) 22AC_SUBST([COMMON_OBJS]) 23AC_SUBST([SUDO_LDFLAGS]) 24AC_SUBST([SUDO_OBJS]) 25AC_SUBST([LIBS]) 26AC_SUBST([SUDO_LIBS]) 27AC_SUBST([NET_LIBS]) 28AC_SUBST([AFS_LIBS]) 29AC_SUBST([GETGROUPS_LIB]) 30AC_SUBST([OSDEFS]) 31AC_SUBST([AUTH_OBJS]) 32AC_SUBST([MANTYPE]) 33AC_SUBST([MANDIRTYPE]) 34AC_SUBST([MANCOMPRESS]) 35AC_SUBST([MANCOMPRESSEXT]) 36AC_SUBST([SHLIB_MODE]) 37AC_SUBST([SUDOERS_MODE]) 38AC_SUBST([SUDOERS_UID]) 39AC_SUBST([SUDOERS_GID]) 40AC_SUBST([DEVEL]) 41AC_SUBST([BAMAN]) 42AC_SUBST([LCMAN]) 43AC_SUBST([SEMAN]) 44AC_SUBST([devdir]) 45AC_SUBST([mansectsu]) 46AC_SUBST([mansectform]) 47AC_SUBST([mansrcdir]) 48AC_SUBST([NOEXECFILE]) 49AC_SUBST([NOEXECDIR]) 50AC_SUBST([noexec_file]) 51AC_SUBST([INSTALL_NOEXEC]) 52AC_SUBST([DONT_LEAK_PATH_INFO]) 53AC_SUBST([BSDAUTH_USAGE]) 54AC_SUBST([SELINUX_USAGE]) 55AC_SUBST([LDAP]) 56AC_SUBST([REPLAY]) 57AC_SUBST([LOGINCAP_USAGE]) 58AC_SUBST([ZLIB]) 59AC_SUBST([ZLIB_DEP]) 60AC_SUBST([CONFIGURE_ARGS]) 61AC_SUBST([PIE_LDFLAGS]) 62AC_SUBST([PIE_CFLAGS]) 63AC_SUBST([SSP_LDFLAGS]) 64AC_SUBST([SSP_CFLAGS]) 65dnl 66dnl Variables that get substituted in docs (not overridden by environment) 67dnl 68AC_SUBST([iolog_dir])dnl real initial value from SUDO_IO_LOGDIR 69AC_SUBST([timedir])dnl real initial value from SUDO_TIMEDIR 70AC_SUBST([timeout]) 71AC_SUBST([password_timeout]) 72AC_SUBST([sudo_umask]) 73AC_SUBST([umask_override]) 74AC_SUBST([passprompt]) 75AC_SUBST([long_otp_prompt]) 76AC_SUBST([lecture]) 77AC_SUBST([logfac]) 78AC_SUBST([goodpri]) 79AC_SUBST([badpri]) 80AC_SUBST([loglen]) 81AC_SUBST([ignore_dot]) 82AC_SUBST([mail_no_user]) 83AC_SUBST([mail_no_host]) 84AC_SUBST([mail_no_perms]) 85AC_SUBST([mailto]) 86AC_SUBST([mailsub]) 87AC_SUBST([badpass_message]) 88AC_SUBST([fqdn]) 89AC_SUBST([runas_default]) 90AC_SUBST([env_editor]) 91AC_SUBST([env_reset]) 92AC_SUBST([passwd_tries]) 93AC_SUBST([tty_tickets]) 94AC_SUBST([insults]) 95AC_SUBST([root_sudo]) 96AC_SUBST([path_info]) 97AC_SUBST([ldap_conf]) 98AC_SUBST([ldap_secret]) 99AC_SUBST([nsswitch_conf]) 100AC_SUBST([netsvc_conf]) 101AC_SUBST([secure_path]) 102AC_SUBST([editor]) 103# 104# Begin initial values for man page substitution 105# 106iolog_dir=/var/log/sudo-io 107timedir=/var/adm/sudo 108timeout=5 109password_timeout=5 110sudo_umask=0022 111umask_override=off 112passprompt="Password:" 113long_otp_prompt=off 114lecture=once 115logfac=auth 116goodpri=notice 117badpri=alert 118loglen=80 119ignore_dot=off 120mail_no_user=on 121mail_no_host=off 122mail_no_perms=off 123mailto=root 124mailsub="*** SECURITY information for %h ***" 125badpass_message="Sorry, try again." 126fqdn=off 127runas_default=root 128env_editor=off 129env_reset=on 130editor=vi 131passwd_tries=3 132tty_tickets=on 133insults=off 134root_sudo=on 135path_info=on 136ldap_conf=/etc/ldap.conf 137ldap_secret=/etc/ldap.secret 138netsvc_conf=/etc/netsvc.conf 139noexec_file=/usr/local/libexec/sudo_noexec.so 140nsswitch_conf=/etc/nsswitch.conf 141secure_path="not set" 142# 143# End initial values for man page substitution 144# 145dnl 146dnl Initial values for Makefile variables listed above 147dnl May be overridden by environment variables.. 148dnl 149INSTALL_NOEXEC= 150devdir='$(srcdir)' 151PROGS="sudo visudo" 152: ${MANDIRTYPE='man'} 153: ${mansrcdir='.'} 154: ${SHLIB_MODE='0644'} 155: ${SUDOERS_MODE='0440'} 156: ${SUDOERS_UID='0'} 157: ${SUDOERS_GID='0'} 158DEVEL= 159LDAP="#" 160REPLAY="#" 161BAMAN=0 162LCMAN=0 163SEMAN=0 164ZLIB= 165ZLIB_DEP= 166AUTH_OBJS= 167AUTH_REG= 168AUTH_EXCL= 169AUTH_EXCL_DEF= 170AUTH_DEF=passwd 171 172dnl 173dnl Other vaiables 174dnl 175CHECKSHADOW=true 176shadow_defs= 177shadow_funcs= 178shadow_libs= 179shadow_libs_optional= 180 181CONFIGURE_ARGS="$@" 182 183dnl 184dnl Deprecated --with options (these all warn or generate an error) 185dnl 186 187AC_ARG_WITH(otp-only, [AS_HELP_STRING([--with-otp-only], [deprecated])], 188[case $with_otp_only in 189 yes) with_passwd="no" 190 AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd]) 191 ;; 192esac]) 193 194AC_ARG_WITH(alertmail, [AS_HELP_STRING([--with-alertmail], [deprecated])], 195[case $with_alertmail in 196 *) with_mailto="$with_alertmail" 197 AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto]) 198 ;; 199esac]) 200 201dnl 202dnl Options for --with 203dnl 204 205AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])], 206[case $with_devel in 207 yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc]) 208 PROGS="${PROGS} testsudoers" 209 OSDEFS="${OSDEFS} -DSUDO_DEVEL" 210 DEVEL="true" 211 devdir=. 212 ;; 213 no) ;; 214 *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel]) 215 ;; 216esac]) 217 218AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])], 219[case $with_CC in 220 *) AC_MSG_ERROR([the --with-CC option is no longer supported, please set the CC environment variable instead.]) 221 ;; 222esac]) 223 224AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [pass -R flag in addition to -L for lib paths])], 225[case $with_rpath in 226 yes|no) ;; 227 *) AC_MSG_ERROR(["--with-rpath does not take an argument."]) 228 ;; 229esac]) 230 231AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [pass -blibpath flag to ld for additional lib paths])], 232[case $with_blibpath in 233 yes|no) ;; 234 *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.]) 235 ;; 236esac]) 237 238dnl 239dnl Handle BSM auditing support. 240dnl 241AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit support])], 242[case $with_bsm_audit in 243 yes) AC_DEFINE(HAVE_BSM_AUDIT) 244 SUDO_LIBS="${SUDO_LIBS} -lbsm" 245 SUDO_OBJS="${SUDO_OBJS} bsm_audit.o" 246 ;; 247 no) ;; 248 *) AC_MSG_ERROR(["--with-bsm-audit does not take an argument."]) 249 ;; 250esac]) 251 252dnl 253dnl Handle Linux auditing support. 254dnl 255AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux-audit], [enable Linux audit support])], 256[case $with_linux_audit in 257 yes) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <libaudit.h>]], [[int i = AUDIT_USER_CMD; (void)i;]])], [ 258 AC_DEFINE(HAVE_LINUX_AUDIT) 259 SUDO_LIBS="${SUDO_LIBS} -laudit" 260 SUDO_OBJS="${SUDO_OBJS} linux_audit.o" 261 ], [ 262 AC_MSG_ERROR([unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit]) 263 ]) 264 ;; 265 no) ;; 266 *) AC_MSG_ERROR(["--with-linux-audit does not take an argument."]) 267 ;; 268esac]) 269 270AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])], 271[case $with_incpath in 272 yes) AC_MSG_ERROR(["must give --with-incpath an argument."]) 273 ;; 274 no) AC_MSG_ERROR(["--without-incpath not supported."]) 275 ;; 276 *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS]) 277 for i in ${with_incpath}; do 278 CPPFLAGS="${CPPFLAGS} -I${i}" 279 done 280 ;; 281esac]) 282 283AC_ARG_WITH(libpath, [AS_HELP_STRING([--with-libpath], [additional places to look for libraries])], 284[case $with_libpath in 285 yes) AC_MSG_ERROR(["must give --with-libpath an argument."]) 286 ;; 287 no) AC_MSG_ERROR(["--without-libpath not supported."]) 288 ;; 289 *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS]) 290 ;; 291esac]) 292 293AC_ARG_WITH(libraries, [AS_HELP_STRING([--with-libraries], [additional libraries to link with])], 294[case $with_libraries in 295 yes) AC_MSG_ERROR(["must give --with-libraries an argument."]) 296 ;; 297 no) AC_MSG_ERROR(["--without-libraries not supported."]) 298 ;; 299 *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS]) 300 ;; 301esac]) 302 303AC_ARG_WITH(efence, [AS_HELP_STRING([--with-efence], [link with -lefence for malloc() debugging])], 304[case $with_efence in 305 yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)]) 306 LIBS="${LIBS} -lefence" 307 if test -f /usr/local/lib/libefence.a; then 308 with_libpath="${with_libpath} /usr/local/lib" 309 fi 310 ;; 311 no) ;; 312 *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence]) 313 ;; 314esac]) 315 316AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])], 317[case $with_csops in 318 yes) AC_MSG_NOTICE([Adding CSOps standard options]) 319 CHECKSIA=false 320 with_ignore_dot=yes 321 insults=on 322 with_classic_insults=yes 323 with_csops_insults=yes 324 with_env_editor=yes 325 : ${mansectsu='8'} 326 : ${mansectform='5'} 327 ;; 328 no) ;; 329 *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops]) 330 ;; 331esac]) 332 333AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])], 334[case $with_passwd in 335 yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication) 336 AC_MSG_RESULT($with_passwd) 337 AUTH_DEF="" 338 test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd" 339 ;; 340 *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."]) 341 ;; 342esac]) 343 344AC_ARG_WITH(skey, [AS_HELP_STRING([--with-skey[=DIR]], [enable S/Key support ])], 345[case $with_skey in 346 no) ;; 347 *) AC_DEFINE(HAVE_SKEY) 348 AC_MSG_CHECKING(whether to try S/Key authentication) 349 AC_MSG_RESULT(yes) 350 AUTH_REG="$AUTH_REG S/Key" 351 ;; 352esac]) 353 354AC_ARG_WITH(opie, [AS_HELP_STRING([--with-opie[=DIR]], [enable OPIE support ])], 355[case $with_opie in 356 no) ;; 357 *) AC_DEFINE(HAVE_OPIE) 358 AC_MSG_CHECKING(whether to try NRL OPIE authentication) 359 AC_MSG_RESULT(yes) 360 AUTH_REG="$AUTH_REG NRL_OPIE" 361 ;; 362esac]) 363 364AC_ARG_WITH(long-otp-prompt, [AS_HELP_STRING([--with-long-otp-prompt], [use a two line OTP (skey/opie) prompt])], 365[case $with_long_otp_prompt in 366 yes) AC_DEFINE(LONG_OTP_PROMPT) 367 AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication) 368 AC_MSG_RESULT(yes) 369 long_otp_prompt=on 370 ;; 371 no) long_otp_prompt=off 372 ;; 373 *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."]) 374 ;; 375esac]) 376 377AC_ARG_WITH(SecurID, [AS_HELP_STRING([--with-SecurID[[=DIR]]], [enable SecurID support])], 378[case $with_SecurID in 379 no) ;; 380 *) AC_DEFINE(HAVE_SECURID) 381 AC_MSG_CHECKING(whether to use SecurID for authentication) 382 AC_MSG_RESULT(yes) 383 AUTH_EXCL="$AUTH_EXCL SecurID" 384 ;; 385esac]) 386 387AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]]], [enable FWTK AuthSRV support])], 388[case $with_fwtk in 389 no) ;; 390 *) AC_DEFINE(HAVE_FWTK) 391 AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication) 392 AC_MSG_RESULT(yes) 393 AUTH_EXCL="$AUTH_EXCL FWTK" 394 ;; 395esac]) 396 397AC_ARG_WITH(kerb4, [AS_HELP_STRING([--with-kerb4[[=DIR]]], [enable Kerberos IV support])], 398[case $with_kerb4 in 399 no) ;; 400 *) AC_MSG_CHECKING(whether to try kerberos IV authentication) 401 AC_MSG_RESULT(yes) 402 AUTH_REG="$AUTH_REG kerb4" 403 ;; 404esac]) 405 406AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])], 407[case $with_kerb5 in 408 no) ;; 409 *) AC_MSG_CHECKING(whether to try Kerberos V authentication) 410 AC_MSG_RESULT(yes) 411 AUTH_REG="$AUTH_REG kerb5" 412 ;; 413esac]) 414 415AC_ARG_WITH(aixauth, [AS_HELP_STRING([--with-aixauth], [enable AIX general authentication support])], 416[case $with_aixauth in 417 yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";; 418 no) ;; 419 *) AC_MSG_ERROR(["--with-aixauth does not take an argument."]) 420 ;; 421esac]) 422 423AC_ARG_WITH(pam, [AS_HELP_STRING([--with-pam], [enable PAM support])], 424[case $with_pam in 425 yes) AUTH_EXCL="$AUTH_EXCL PAM";; 426 no) ;; 427 *) AC_MSG_ERROR(["--with-pam does not take an argument."]) 428 ;; 429esac]) 430 431AC_ARG_WITH(AFS, [AS_HELP_STRING([--with-AFS], [enable AFS support])], 432[case $with_AFS in 433 yes) AC_DEFINE(HAVE_AFS) 434 AC_MSG_CHECKING(whether to try AFS (kerberos) authentication) 435 AC_MSG_RESULT(yes) 436 AUTH_REG="$AUTH_REG AFS" 437 ;; 438 no) ;; 439 *) AC_MSG_ERROR(["--with-AFS does not take an argument."]) 440 ;; 441esac]) 442 443AC_ARG_WITH(DCE, [AS_HELP_STRING([--with-DCE], [enable DCE support])], 444[case $with_DCE in 445 yes) AC_DEFINE(HAVE_DCE) 446 AC_MSG_CHECKING(whether to try DCE (kerberos) authentication) 447 AC_MSG_RESULT(yes) 448 AUTH_REG="$AUTH_REG DCE" 449 ;; 450 no) ;; 451 *) AC_MSG_ERROR(["--with-DCE does not take an argument."]) 452 ;; 453esac]) 454 455AC_ARG_WITH(logincap, [AS_HELP_STRING([--with-logincap], [enable BSD login class support])], 456[case $with_logincap in 457 yes|no) ;; 458 *) AC_MSG_ERROR(["--with-logincap does not take an argument."]) 459 ;; 460esac]) 461 462AC_ARG_WITH(bsdauth, [AS_HELP_STRING([--with-bsdauth], [enable BSD authentication support])], 463[case $with_bsdauth in 464 yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";; 465 no) ;; 466 *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."]) 467 ;; 468esac]) 469 470AC_ARG_WITH(project, [AS_HELP_STRING([--with-project], [enable Solaris project support])], 471[case $with_project in 472 yes|no) ;; 473 no) ;; 474 *) AC_MSG_ERROR(["--with-project does not take an argument."]) 475 ;; 476esac]) 477 478AC_MSG_CHECKING(whether to lecture users the first time they run sudo) 479AC_ARG_WITH(lecture, [AS_HELP_STRING([--without-lecture], [don't print lecture for first-time sudoer])], 480[case $with_lecture in 481 yes|short|always) lecture=once 482 ;; 483 no|none|never) lecture=never 484 ;; 485 *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"]) 486 ;; 487esac]) 488if test "$lecture" = "once"; then 489 AC_MSG_RESULT(yes) 490else 491 AC_DEFINE(NO_LECTURE) 492 AC_MSG_RESULT(no) 493fi 494 495AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default) 496AC_ARG_WITH(logging, [AS_HELP_STRING([--with-logging], [log via syslog, file, or both])], 497[case $with_logging in 498 yes) AC_MSG_ERROR(["must give --with-logging an argument."]) 499 ;; 500 no) AC_MSG_ERROR(["--without-logging not supported."]) 501 ;; 502 syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG) 503 AC_MSG_RESULT(syslog) 504 ;; 505 file) AC_DEFINE(LOGGING, SLOG_FILE) 506 AC_MSG_RESULT(file) 507 ;; 508 both) AC_DEFINE(LOGGING, SLOG_BOTH) 509 AC_MSG_RESULT(both) 510 ;; 511 *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"]) 512 ;; 513esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)]) 514 515AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "auth")])], 516[case $with_logfac in 517 yes) AC_MSG_ERROR(["must give --with-logfac an argument."]) 518 ;; 519 no) AC_MSG_ERROR(["--without-logfac not supported."]) 520 ;; 521 authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac 522 ;; 523 *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."]) 524 ;; 525esac]) 526 527AC_MSG_CHECKING(at which syslog priority to log commands) 528AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])], 529[case $with_goodpri in 530 yes) AC_MSG_ERROR(["must give --with-goodpri an argument."]) 531 ;; 532 no) AC_MSG_ERROR(["--without-goodpri not supported."]) 533 ;; 534 alert|crit|debug|emerg|err|info|notice|warning) 535 goodpri=$with_goodpri 536 ;; 537 *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."]) 538 ;; 539esac]) 540AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.]) 541AC_MSG_RESULT($goodpri) 542 543AC_MSG_CHECKING(at which syslog priority to log failures) 544AC_ARG_WITH(badpri, [AS_HELP_STRING([--with-badpri], [syslog priority for failures (def is "alert")])], 545[case $with_badpri in 546 yes) AC_MSG_ERROR(["must give --with-badpri an argument."]) 547 ;; 548 no) AC_MSG_ERROR(["--without-badpri not supported."]) 549 ;; 550 alert|crit|debug|emerg|err|info|notice|warning) 551 badpri=$with_badpri 552 ;; 553 *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.]) 554 ;; 555esac]) 556AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.]) 557AC_MSG_RESULT($badpri) 558 559AC_ARG_WITH(logpath, [AS_HELP_STRING([--with-logpath], [path to the sudo log file])], 560[case $with_logpath in 561 yes) AC_MSG_ERROR(["must give --with-logpath an argument."]) 562 ;; 563 no) AC_MSG_ERROR(["--without-logpath not supported."]) 564 ;; 565esac]) 566 567AC_MSG_CHECKING(how long a line in the log file should be) 568AC_ARG_WITH(loglen, [AS_HELP_STRING([--with-loglen], [maximum length of a log file line (default is 80)])], 569[case $with_loglen in 570 yes) AC_MSG_ERROR(["must give --with-loglen an argument."]) 571 ;; 572 no) AC_MSG_ERROR(["--without-loglen not supported."]) 573 ;; 574 [[0-9]]*) loglen=$with_loglen 575 ;; 576 *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"]) 577 ;; 578esac]) 579AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).]) 580AC_MSG_RESULT($loglen) 581 582AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH) 583AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [ignore '.' in the PATH])], 584[case $with_ignore_dot in 585 yes) ignore_dot=on 586 ;; 587 no) ignore_dot=off 588 ;; 589 *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."]) 590 ;; 591esac]) 592if test "$ignore_dot" = "on"; then 593 AC_DEFINE(IGNORE_DOT_PATH) 594 AC_MSG_RESULT(yes) 595else 596 AC_MSG_RESULT(no) 597fi 598 599AC_MSG_CHECKING(whether to send mail when a user is not in sudoers) 600AC_ARG_WITH(mail-if-no-user, [AS_HELP_STRING([--without-mail-if-no-user], [do not send mail if user not in sudoers])], 601[case $with_mail_if_no_user in 602 yes) mail_no_user=on 603 ;; 604 no) mail_no_user=off 605 ;; 606 *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."]) 607 ;; 608esac]) 609if test "$mail_no_user" = "on"; then 610 AC_DEFINE(SEND_MAIL_WHEN_NO_USER) 611 AC_MSG_RESULT(yes) 612else 613 AC_MSG_RESULT(no) 614fi 615 616AC_MSG_CHECKING(whether to send mail when user listed but not for this host) 617AC_ARG_WITH(mail-if-no-host, [AS_HELP_STRING([--with-mail-if-no-host], [send mail if user in sudoers but not for this host])], 618[case $with_mail_if_no_host in 619 yes) mail_no_host=on 620 ;; 621 no) mail_no_host=off 622 ;; 623 *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."]) 624 ;; 625esac]) 626if test "$mail_no_host" = "on"; then 627 AC_DEFINE(SEND_MAIL_WHEN_NO_HOST) 628 AC_MSG_RESULT(yes) 629else 630 AC_MSG_RESULT(no) 631fi 632 633AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command) 634AC_ARG_WITH(mail-if-noperms, [AS_HELP_STRING([--with-mail-if-noperms], [send mail if user not allowed to run command])], 635[case $with_mail_if_noperms in 636 yes) mail_noperms=on 637 ;; 638 no) mail_noperms=off 639 ;; 640 *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."]) 641 ;; 642esac]) 643if test "$mail_noperms" = "on"; then 644 AC_DEFINE(SEND_MAIL_WHEN_NOT_OK) 645 AC_MSG_RESULT(yes) 646else 647 AC_MSG_RESULT(no) 648fi 649 650AC_MSG_CHECKING(who should get the mail that sudo sends) 651AC_ARG_WITH(mailto, [AS_HELP_STRING([--with-mailto], [who should get sudo mail (default is "root")])], 652[case $with_mailto in 653 yes) AC_MSG_ERROR(["must give --with-mailto an argument."]) 654 ;; 655 no) AC_MSG_ERROR(["--without-mailto not supported."]) 656 ;; 657 *) mailto=$with_mailto 658 ;; 659esac]) 660AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.]) 661AC_MSG_RESULT([$mailto]) 662 663AC_ARG_WITH(mailsubject, [AS_HELP_STRING([--with-mailsubject], [subject of sudo mail])], 664[case $with_mailsubject in 665 yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."]) 666 ;; 667 no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.]) 668 ;; 669 *) mailsub="$with_mailsubject" 670 AC_MSG_CHECKING(sudo mail subject) 671 AC_MSG_RESULT([Using alert mail subject: $mailsub]) 672 ;; 673esac]) 674AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.]) 675 676AC_MSG_CHECKING(for bad password prompt) 677AC_ARG_WITH(passprompt, [AS_HELP_STRING([--with-passprompt], [default password prompt])], 678[case $with_passprompt in 679 yes) AC_MSG_ERROR(["must give --with-passprompt an argument."]) 680 ;; 681 no) AC_MSG_WARN([Sorry, --without-passprompt not supported.]) 682 ;; 683 *) passprompt="$with_passprompt" 684esac]) 685AC_MSG_RESULT($passprompt) 686AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.]) 687 688AC_MSG_CHECKING(for bad password message) 689AC_ARG_WITH(badpass-message, [AS_HELP_STRING([--with-badpass-message], [message the user sees when the password is wrong])], 690[case $with_badpass_message in 691 yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."]) 692 ;; 693 no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.]) 694 ;; 695 *) badpass_message="$with_badpass_message" 696 ;; 697esac]) 698AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.]) 699AC_MSG_RESULT([$badpass_message]) 700 701AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers) 702AC_ARG_WITH(fqdn, [AS_HELP_STRING([--with-fqdn], [expect fully qualified hosts in sudoers])], 703[case $with_fqdn in 704 yes) fqdn=on 705 ;; 706 no) fqdn=off 707 ;; 708 *) AC_MSG_ERROR(["--with-fqdn does not take an argument."]) 709 ;; 710esac]) 711if test "$fqdn" = "on"; then 712 AC_DEFINE(FQDN) 713 AC_MSG_RESULT(yes) 714else 715 AC_MSG_RESULT(no) 716fi 717 718AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir], [path to the sudo timestamp dir])], 719[case $with_timedir in 720 yes) AC_MSG_ERROR(["must give --with-timedir an argument."]) 721 ;; 722 no) AC_MSG_ERROR(["--without-timedir not supported."]) 723 ;; 724esac]) 725 726AC_ARG_WITH(iologdir, [AS_HELP_STRING([--with-iologdir=DIR], [directory to store sudo I/O log files in])], 727[case $with_iologdir in 728 yes) ;; 729 no) ;; 730esac]) 731 732AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail]) 733AS_HELP_STRING([--without-sendmail], [do not send mail at all])], 734[case $with_sendmail in 735 yes) with_sendmail="" 736 ;; 737 no) ;; 738 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail") 739 ;; 740esac]) 741 742AC_ARG_WITH(sudoers-mode, [AS_HELP_STRING([--with-sudoers-mode], [mode of sudoers file (defaults to 0440)])], 743[case $with_sudoers_mode in 744 yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."]) 745 ;; 746 no) AC_MSG_ERROR(["--without-sudoers-mode not supported."]) 747 ;; 748 [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode} 749 ;; 750 0*) SUDOERS_MODE=$with_sudoers_mode 751 ;; 752 *) AC_MSG_ERROR(["you must use an octal mode, not a name."]) 753 ;; 754esac]) 755 756AC_ARG_WITH(sudoers-uid, [AS_HELP_STRING([--with-sudoers-uid], [uid that owns sudoers file (defaults to 0)])], 757[case $with_sudoers_uid in 758 yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."]) 759 ;; 760 no) AC_MSG_ERROR(["--without-sudoers-uid not supported."]) 761 ;; 762 [[0-9]]*) SUDOERS_UID=$with_sudoers_uid 763 ;; 764 *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."]) 765 ;; 766esac]) 767 768AC_ARG_WITH(sudoers-gid, [AS_HELP_STRING([--with-sudoers-gid], [gid that owns sudoers file (defaults to 0)])], 769[case $with_sudoers_gid in 770 yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."]) 771 ;; 772 no) AC_MSG_ERROR(["--without-sudoers-gid not supported."]) 773 ;; 774 [[0-9]]*) SUDOERS_GID=$with_sudoers_gid 775 ;; 776 *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."]) 777 ;; 778esac]) 779 780AC_MSG_CHECKING(for umask programs should be run with) 781AC_ARG_WITH(umask, [AS_HELP_STRING([--with-umask], [umask with which the prog should run (default is 022)]) 782AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo.])], 783[case $with_umask in 784 yes) AC_MSG_ERROR(["must give --with-umask an argument."]) 785 ;; 786 no) sudo_umask=0777 787 ;; 788 [[0-9]]*) sudo_umask=$with_umask 789 ;; 790 *) AC_MSG_ERROR(["you must enter a numeric mask."]) 791 ;; 792esac]) 793AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the sudo-run prog should use.]) 794if test "$sudo_umask" = "0777"; then 795 AC_MSG_RESULT(user) 796else 797 AC_MSG_RESULT($sudo_umask) 798fi 799 800AC_ARG_WITH(umask-override, [AS_HELP_STRING([--with-umask-override], [Use the umask specified in sudoers even if it is less restrictive than the user's.])], 801[case $with_umask_override in 802 yes) AC_DEFINE(UMASK_OVERRIDE) 803 umask_override=on 804 ;; 805 no) umask_override=off 806 ;; 807 *) AC_MSG_ERROR(["--with-umask-override does not take an argument."]) 808 ;; 809esac]) 810 811AC_MSG_CHECKING(for default user to run commands as) 812AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])], 813[case $with_runas_default in 814 yes) AC_MSG_ERROR(["must give --with-runas-default an argument."]) 815 ;; 816 no) AC_MSG_ERROR(["--without-runas-default not supported."]) 817 ;; 818 *) runas_default="$with_runas_default" 819 ;; 820esac]) 821AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.]) 822AC_MSG_RESULT([$runas_default]) 823 824AC_ARG_WITH(exempt, [AS_HELP_STRING([--with-exempt=group], [no passwd needed for users in this group])], 825[case $with_exempt in 826 yes) AC_MSG_ERROR(["must give --with-exempt an argument."]) 827 ;; 828 no) AC_MSG_ERROR(["--without-exempt not supported."]) 829 ;; 830 *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").]) 831 AC_MSG_CHECKING(for group to be exempt from password) 832 AC_MSG_RESULT([$with_exempt]) 833 ;; 834esac]) 835 836AC_MSG_CHECKING(for editor that visudo should use) 837AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for visudo (defaults to vi)])], 838[case $with_editor in 839 yes) AC_MSG_ERROR(["must give --with-editor an argument."]) 840 ;; 841 no) AC_MSG_ERROR(["--without-editor not supported."]) 842 ;; 843 *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.]) 844 AC_MSG_RESULT([$with_editor]) 845 editor="$with_editor" 846 ;; 847esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)]) 848 849AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables) 850AC_ARG_WITH(env-editor, [AS_HELP_STRING([--with-env-editor], [Use the environment variable EDITOR for visudo])], 851[case $with_env_editor in 852 yes) env_editor=on 853 ;; 854 no) env_editor=off 855 ;; 856 *) AC_MSG_ERROR(["--with-env-editor does not take an argument."]) 857 ;; 858esac]) 859if test "$env_editor" = "on"; then 860 AC_DEFINE(ENV_EDITOR) 861 AC_MSG_RESULT(yes) 862else 863 AC_MSG_RESULT(no) 864fi 865 866AC_MSG_CHECKING(number of tries a user gets to enter their password) 867AC_ARG_WITH(passwd-tries, [AS_HELP_STRING([--with-passwd-tries], [number of tries to enter password (default is 3)])], 868[case $with_passwd_tries in 869 yes) ;; 870 no) AC_MSG_ERROR(["--without-editor not supported."]) 871 ;; 872 [[1-9]]*) passwd_tries=$with_passwd_tries 873 ;; 874 *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"]) 875 ;; 876esac]) 877AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.]) 878AC_MSG_RESULT($passwd_tries) 879 880AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again) 881AC_ARG_WITH(timeout, [AS_HELP_STRING([--with-timeout], [minutes before sudo asks for passwd again (def is 5 minutes)])], 882[case $with_timeout in 883 yes) ;; 884 no) timeout=0 885 ;; 886 [[0-9]]*) timeout=$with_timeout 887 ;; 888 *) AC_MSG_ERROR(["you must enter the numer of minutes."]) 889 ;; 890esac]) 891AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.]) 892AC_MSG_RESULT($timeout) 893 894AC_MSG_CHECKING(time in minutes after the password prompt will time out) 895AC_ARG_WITH(password-timeout, [AS_HELP_STRING([--with-password-timeout], [passwd prompt timeout in minutes (default is 5 minutes)])], 896[case $with_password_timeout in 897 yes) ;; 898 no) password_timeout=0 899 ;; 900 [[0-9]]*) password_timeout=$with_password_timeout 901 ;; 902 *) AC_MSG_ERROR(["you must enter the numer of minutes."]) 903 ;; 904esac]) 905AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).]) 906AC_MSG_RESULT($password_timeout) 907 908AC_MSG_CHECKING(whether to use per-tty ticket files) 909AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different ticket file for each tty])], 910[case $with_tty_tickets in 911 yes) tty_tickets=on 912 ;; 913 no) tty_tickets=off 914 ;; 915 *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."]) 916 ;; 917esac]) 918if test "$tty_tickets" = "off"; then 919 AC_DEFINE(NO_TTY_TICKETS) 920 AC_MSG_RESULT(no) 921else 922 AC_MSG_RESULT(yes) 923fi 924 925AC_MSG_CHECKING(whether to include insults) 926AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for entering an incorrect password])], 927[case $with_insults in 928 yes) insults=on 929 with_classic_insults=yes 930 with_csops_insults=yes 931 ;; 932 disabled) insults=off 933 with_classic_insults=yes 934 with_csops_insults=yes 935 ;; 936 no) insults=off 937 ;; 938 *) AC_MSG_ERROR(["--with-insults does not take an argument."]) 939 ;; 940esac]) 941if test "$insults" = "on"; then 942 AC_DEFINE(USE_INSULTS) 943 AC_MSG_RESULT(yes) 944else 945 AC_MSG_RESULT(no) 946fi 947 948AC_ARG_WITH(all-insults, [AS_HELP_STRING([--with-all-insults], [include all the sudo insult sets])], 949[case $with_all_insults in 950 yes) with_classic_insults=yes 951 with_csops_insults=yes 952 with_hal_insults=yes 953 with_goons_insults=yes 954 ;; 955 no) ;; 956 *) AC_MSG_ERROR(["--with-all-insults does not take an argument."]) 957 ;; 958esac]) 959 960AC_ARG_WITH(classic-insults, [AS_HELP_STRING([--with-classic-insults], [include the insults from the "classic" sudo])], 961[case $with_classic_insults in 962 yes) AC_DEFINE(CLASSIC_INSULTS) 963 ;; 964 no) ;; 965 *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."]) 966 ;; 967esac]) 968 969AC_ARG_WITH(csops-insults, [AS_HELP_STRING([--with-csops-insults], [include CSOps insults])], 970[case $with_csops_insults in 971 yes) AC_DEFINE(CSOPS_INSULTS) 972 ;; 973 no) ;; 974 *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."]) 975 ;; 976esac]) 977 978AC_ARG_WITH(hal-insults, [AS_HELP_STRING([--with-hal-insults], [include 2001-like insults])], 979[case $with_hal_insults in 980 yes) AC_DEFINE(HAL_INSULTS) 981 ;; 982 no) ;; 983 *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."]) 984 ;; 985esac]) 986 987AC_ARG_WITH(goons-insults, [AS_HELP_STRING([--with-goons-insults], [include the insults from the "Goon Show"])], 988[case $with_goons_insults in 989 yes) AC_DEFINE(GOONS_INSULTS) 990 ;; 991 no) ;; 992 *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."]) 993 ;; 994esac]) 995 996AC_ARG_WITH(nsswitch, [AS_HELP_STRING([--with-nsswitch[[=PATH]]], [path to nsswitch.conf])], 997[case $with_nsswitch in 998 no) ;; 999 yes) with_nsswitch="/etc/nsswitch.conf" 1000 ;; 1001 *) ;; 1002esac]) 1003 1004AC_ARG_WITH(ldap, [AS_HELP_STRING([--with-ldap[[=DIR]]], [enable LDAP support])], 1005[case $with_ldap in 1006 no) ;; 1007 *) AC_DEFINE(HAVE_LDAP) 1008 AC_MSG_CHECKING(whether to use sudoers from LDAP) 1009 AC_MSG_RESULT(yes) 1010 ;; 1011esac]) 1012 1013AC_ARG_WITH(ldap-conf-file, [AS_HELP_STRING([--with-ldap-conf-file], [path to LDAP configuration file])]) 1014test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file" 1015SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$ldap_conf", [Path to the ldap.conf file]) 1016 1017AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path to LDAP secret password file])]) 1018test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file" 1019SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file]) 1020 1021AC_ARG_WITH(pc-insults, [AS_HELP_STRING([--with-pc-insults], [replace politically incorrect insults with less offensive ones])], 1022[case $with_pc_insults in 1023 yes) AC_DEFINE(PC_INSULTS) 1024 ;; 1025 no) ;; 1026 *) AC_MSG_ERROR(["--with-pc-insults does not take an argument."]) 1027 ;; 1028esac]) 1029 1030dnl include all insult sets on one line 1031if test "$insults" = "on"; then 1032 AC_MSG_CHECKING(which insult sets to include) 1033 i="" 1034 test "$with_goons_insults" = "yes" && i="goons ${i}" 1035 test "$with_hal_insults" = "yes" && i="hal ${i}" 1036 test "$with_csops_insults" = "yes" && i="csops ${i}" 1037 test "$with_classic_insults" = "yes" && i="classic ${i}" 1038 AC_MSG_RESULT([$i]) 1039fi 1040 1041AC_MSG_CHECKING(whether to override the user's path) 1042AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])], 1043[case $with_secure_path in 1044 yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" 1045 AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path") 1046 AC_MSG_RESULT([$with_secure_path]) 1047 secure_path="set to $with_secure_path" 1048 ;; 1049 no) AC_MSG_RESULT(no) 1050 ;; 1051 *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path") 1052 AC_MSG_RESULT([$with_secure_path]) 1053 secure_path="set to F<$with_secure_path>" 1054 ;; 1055esac], AC_MSG_RESULT(no)) 1056 1057AC_MSG_CHECKING(whether to get ip addresses from the network interfaces) 1058AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-interfaces], [don't try to read the ip addr of ether interfaces])], 1059[case $with_interfaces in 1060 yes) AC_MSG_RESULT(yes) 1061 ;; 1062 no) AC_DEFINE(STUB_LOAD_INTERFACES) 1063 AC_MSG_RESULT(no) 1064 ;; 1065 *) AC_MSG_ERROR(["--with-interfaces does not take an argument."]) 1066 ;; 1067esac], AC_MSG_RESULT(yes)) 1068 1069AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [deprecated])], 1070[case $with_stow in 1071 *) AC_MSG_NOTICE([--with-stow option deprecated, now is defalt behavior]) 1072 ;; 1073esac]) 1074 1075AC_MSG_CHECKING(whether to use an askpass helper) 1076AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])], 1077[case $with_askpass in 1078 yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."]) 1079 ;; 1080 no) ;; 1081 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass]) 1082 ;; 1083esac], AC_MSG_RESULT(no)) 1084 1085dnl 1086dnl If enabled, set LIBVAS_SO, LIBVAS_RPATH and USING_NONUNIX_GROUPS 1087dnl 1088AC_ARG_WITH(libvas, [AS_HELP_STRING([--with-libvas=NAME], [Name of the libvas shared library (default=libvas.so)])], 1089[case $with_libvas in 1090 yes) with_libvas=libvas.so 1091 ;; 1092 no) ;; 1093 *) AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_libvas"], [The name of libvas.so]) 1094 ;; 1095esac 1096if test X"$with_libvas" != X"no"; then 1097 AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_libvas"], [The name of libvas.so]) 1098 AC_DEFINE(USING_NONUNIX_GROUPS) 1099 COMMON_OBJS="$COMMON_OBJS vasgroups.o" 1100 AC_ARG_WITH([libvas-rpath], 1101 [AS_HELP_STRING([--with-libvas-rpath=PATH], 1102 [Path to look for libvas in [default=/opt/quest/lib]])], 1103 [LIBVAS_RPATH=$withval], 1104 [LIBVAS_RPATH=/opt/quest/lib]) 1105 dnl 1106 dnl Some platforms require libdl for dlopen() 1107 dnl 1108 AC_CHECK_LIB([dl], [main]) 1109fi 1110]) 1111 1112AC_ARG_WITH(man, [AS_HELP_STRING([--with-man], [manual pages use man macros])], 1113[case $with_man in 1114 yes) MANTYPE=man 1115 ;; 1116 no) AC_MSG_ERROR(["--without-man not supported."]) 1117 ;; 1118 *) AC_MSG_ERROR(["ignoring unknown argument to --with-man: $with_man."]) 1119 ;; 1120esac]) 1121 1122AC_ARG_WITH(mdoc, [AS_HELP_STRING([--with-mdoc], [manual pages use mdoc macros])], 1123[case $with_mdoc in 1124 yes) MANTYPE=mdoc 1125 ;; 1126 no) AC_MSG_ERROR(["--without-mdoc not supported."]) 1127 ;; 1128 *) AC_MSG_ERROR(["ignoring unknown argument to --with-mdoc: $with_mdoc."]) 1129 ;; 1130esac]) 1131 1132dnl 1133dnl Options for --enable 1134dnl 1135 1136AC_MSG_CHECKING(whether to do user authentication by default) 1137AC_ARG_ENABLE(authentication, 1138[AS_HELP_STRING([--disable-authentication], [Do not require authentication by default])], 1139[ case "$enableval" in 1140 yes) AC_MSG_RESULT(yes) 1141 ;; 1142 no) AC_MSG_RESULT(no) 1143 AC_DEFINE(NO_AUTHENTICATION) 1144 ;; 1145 *) AC_MSG_RESULT(no) 1146 AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval]) 1147 ;; 1148 esac 1149], AC_MSG_RESULT(yes)) 1150 1151AC_MSG_CHECKING(whether to disable running the mailer as root) 1152AC_ARG_ENABLE(root-mailer, 1153[AS_HELP_STRING([--disable-root-mailer], [Don't run the mailer as root, run as the user])], 1154[ case "$enableval" in 1155 yes) AC_MSG_RESULT(no) 1156 ;; 1157 no) AC_MSG_RESULT(yes) 1158 AC_DEFINE(NO_ROOT_MAILER) 1159 ;; 1160 *) AC_MSG_RESULT(no) 1161 AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval]) 1162 ;; 1163 esac 1164], AC_MSG_RESULT(no)) 1165 1166AC_ARG_ENABLE(setreuid, 1167[AS_HELP_STRING([--disable-setreuid], [Don't try to use the setreuid() function])], 1168[ case "$enableval" in 1169 no) SKIP_SETREUID=yes 1170 ;; 1171 *) ;; 1172 esac 1173]) 1174 1175AC_ARG_ENABLE(setresuid, 1176[AS_HELP_STRING([--disable-setresuid], [Don't try to use the setresuid() function])], 1177[ case "$enableval" in 1178 no) SKIP_SETRESUID=yes 1179 ;; 1180 *) ;; 1181 esac 1182]) 1183 1184AC_MSG_CHECKING(whether to disable shadow password support) 1185AC_ARG_ENABLE(shadow, 1186[AS_HELP_STRING([--disable-shadow], [Never use shadow passwords])], 1187[ case "$enableval" in 1188 yes) AC_MSG_RESULT(no) 1189 ;; 1190 no) AC_MSG_RESULT(yes) 1191 CHECKSHADOW="false" 1192 ;; 1193 *) AC_MSG_RESULT(no) 1194 AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval]) 1195 ;; 1196 esac 1197], AC_MSG_RESULT(no)) 1198 1199AC_MSG_CHECKING(whether root should be allowed to use sudo) 1200AC_ARG_ENABLE(root-sudo, 1201[AS_HELP_STRING([--disable-root-sudo], [Don't allow root to run sudo])], 1202[ case "$enableval" in 1203 yes) AC_MSG_RESULT(yes) 1204 ;; 1205 no) AC_DEFINE(NO_ROOT_SUDO) 1206 AC_MSG_RESULT(no) 1207 root_sudo=off 1208 ;; 1209 *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."]) 1210 ;; 1211 esac 1212], AC_MSG_RESULT(yes)) 1213 1214AC_MSG_CHECKING(whether to log the hostname in the log file) 1215AC_ARG_ENABLE(log-host, 1216[AS_HELP_STRING([--enable-log-host], [Log the hostname in the log file])], 1217[ case "$enableval" in 1218 yes) AC_MSG_RESULT(yes) 1219 AC_DEFINE(HOST_IN_LOG) 1220 ;; 1221 no) AC_MSG_RESULT(no) 1222 ;; 1223 *) AC_MSG_RESULT(no) 1224 AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval]) 1225 ;; 1226 esac 1227], AC_MSG_RESULT(no)) 1228 1229AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments) 1230AC_ARG_ENABLE(noargs-shell, 1231[AS_HELP_STRING([--enable-noargs-shell], [If sudo is given no arguments run a shell])], 1232[ case "$enableval" in 1233 yes) AC_MSG_RESULT(yes) 1234 AC_DEFINE(SHELL_IF_NO_ARGS) 1235 ;; 1236 no) AC_MSG_RESULT(no) 1237 ;; 1238 *) AC_MSG_RESULT(no) 1239 AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval]) 1240 ;; 1241 esac 1242], AC_MSG_RESULT(no)) 1243 1244AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode) 1245AC_ARG_ENABLE(shell-sets-home, 1246[AS_HELP_STRING([--enable-shell-sets-home], [Set $HOME to target user in shell mode])], 1247[ case "$enableval" in 1248 yes) AC_MSG_RESULT(yes) 1249 AC_DEFINE(SHELL_SETS_HOME) 1250 ;; 1251 no) AC_MSG_RESULT(no) 1252 ;; 1253 *) AC_MSG_RESULT(no) 1254 AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval]) 1255 ;; 1256 esac 1257], AC_MSG_RESULT(no)) 1258 1259AC_MSG_CHECKING(whether to disable 'command not found' messages) 1260AC_ARG_ENABLE(path_info, 1261[AS_HELP_STRING([--disable-path-info], [Print 'command not allowed' not 'command not found'])], 1262[ case "$enableval" in 1263 yes) AC_MSG_RESULT(no) 1264 ;; 1265 no) AC_MSG_RESULT(yes) 1266 AC_DEFINE(DONT_LEAK_PATH_INFO) 1267 path_info=off 1268 ;; 1269 *) AC_MSG_RESULT(no) 1270 AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval]) 1271 ;; 1272 esac 1273], AC_MSG_RESULT(no)) 1274 1275AC_MSG_CHECKING(whether to enable environment debugging) 1276AC_ARG_ENABLE(env_debug, 1277[AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])], 1278[ case "$enableval" in 1279 yes) AC_MSG_RESULT(yes) 1280 AC_DEFINE(ENV_DEBUG) 1281 ;; 1282 no) AC_MSG_RESULT(no) 1283 ;; 1284 *) AC_MSG_RESULT(no) 1285 AC_MSG_WARN([Ignoring unknown argument to --enable-env-debug: $enableval]) 1286 ;; 1287 esac 1288], AC_MSG_RESULT(no)) 1289 1290AC_MSG_CHECKING(whether to enable environment resetting by default) 1291AC_ARG_ENABLE(env_reset, 1292[AS_HELP_STRING([--enable-env-reset], [Whether to enable environment resetting by default.])], 1293[ case "$enableval" in 1294 yes) env_reset=on 1295 ;; 1296 no) env_reset=off 1297 ;; 1298 *) env_reset=on 1299 AC_MSG_WARN([Ignoring unknown argument to --enable-env-reset: $enableval]) 1300 ;; 1301 esac 1302]) 1303if test "$env_reset" = "on"; then 1304 AC_MSG_RESULT(yes) 1305 AC_DEFINE(ENV_RESET, TRUE) 1306else 1307 AC_MSG_RESULT(no) 1308 AC_DEFINE(ENV_RESET, FALSE) 1309fi 1310 1311AC_ARG_ENABLE(warnings, 1312[AS_HELP_STRING([--enable-warnings], [Whether to enable compiler warnings])], 1313[ case "$enableval" in 1314 yes) ;; 1315 no) ;; 1316 *) AC_MSG_WARN([Ignoring unknown argument to --enable-warnings: $enableval]) 1317 ;; 1318 esac 1319]) 1320 1321AC_ARG_ENABLE(werror, 1322[AS_HELP_STRING([--enable-werror], [Whether to enable the -Werror compiler option])], 1323[ case "$enableval" in 1324 yes) ;; 1325 no) ;; 1326 *) AC_MSG_WARN([Ignoring unknown argument to --enable-werror: $enableval]) 1327 ;; 1328 esac 1329]) 1330 1331AC_ARG_ENABLE(hardening, 1332[AS_HELP_STRING([--disable-hardening], [Do not use compiler/linker exploit mitigation options])], 1333[], [enable_hardening=yes]) 1334 1335AC_ARG_ENABLE(pie, 1336[AS_HELP_STRING([--disable-pie], [Do not build position independent executables, even if the compiler/linker supports them])], 1337[], [enable_pie=yes]) 1338 1339AC_ARG_ENABLE(admin-flag, 1340[AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])], 1341[ case "$enableval" in 1342 yes) AC_DEFINE(USE_ADMIN_FLAG) 1343 ;; 1344 no) ;; 1345 *) AC_MSG_WARN([Ignoring unknown argument to --enable-admin-flag: $enableval]) 1346 ;; 1347 esac 1348]) 1349 1350AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])], 1351[case $with_selinux in 1352 yes) SELINUX_USAGE="[[-r role]] [[-t type]] " 1353 AC_DEFINE(HAVE_SELINUX) 1354 SUDO_LIBS="${SUDO_LIBS} -lselinux" 1355 SUDO_OBJS="${SUDO_OBJS} selinux.o" 1356 PROGS="${PROGS} sesh" 1357 SEMAN=1 1358 AC_CHECK_LIB([selinux], [setkeycreatecon], 1359 [AC_DEFINE(HAVE_SETKEYCREATECON)]) 1360 ;; 1361 no) ;; 1362 *) AC_MSG_ERROR(["--with-selinux does not take an argument."]) 1363 ;; 1364esac]) 1365 1366dnl 1367dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default 1368dnl 1369AC_ARG_ENABLE(gss_krb5_ccache_name, 1370[AS_HELP_STRING([--enable-gss-krb5-ccache-name], [Use GSS-API to set the Kerberos V cred cache name])], 1371[check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no]) 1372 1373dnl 1374dnl C compiler checks 1375dnl 1376AC_SEARCH_LIBS([strerror], [cposix]) 1377AC_PROG_CPP 1378AC_CHECK_TOOL(AR, ar, false) 1379AC_CHECK_TOOL(RANLIB, ranlib, :) 1380if test X"$AR" = X"false"; then 1381 AC_MSG_ERROR([the "ar" utility is required to build sudo]) 1382fi 1383 1384dnl 1385dnl Libtool setup, we require libtool 2.2.6b or higher 1386dnl 1387AC_CANONICAL_HOST 1388AC_CONFIG_MACRO_DIR([m4]) 1389LT_PREREQ([2.2.6b]) 1390LT_INIT 1391 1392dnl 1393dnl Defer with_noexec until after libtool magic runs 1394dnl 1395if test "$enable_shared" = "no"; then 1396 with_noexec=no 1397else 1398 eval _shrext="$shrext_cmds" 1399fi 1400AC_MSG_CHECKING(path to sudo_noexec.so) 1401AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])], 1402[case $with_noexec in 1403 yes) with_noexec="$libexecdir/sudo_noexec$_shrext" 1404 ;; 1405 no) ;; 1406 *) ;; 1407esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"]) 1408AC_MSG_RESULT($with_noexec) 1409NOEXECFILE="sudo_noexec$_shrext" 1410NOEXECDIR="`echo $with_noexec|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`" 1411 1412dnl 1413dnl Find programs we use 1414dnl 1415AC_PATH_PROG(UNAMEPROG, [uname], [uname]) 1416AC_PATH_PROG(TRPROG, [tr], [tr]) 1417AC_PATH_PROG(MANDOCPROG, [mandoc], [mandoc]) 1418if test "$MANDOCPROG" != "mandoc"; then 1419 : ${MANTYPE='mdoc'} 1420else 1421 AC_PATH_PROG(NROFFPROG, [nroff]) 1422 if test -n "$NROFFPROG"; then 1423 test -n "$MANTYPE" && sudo_cv_var_mantype="$MANTYPE" 1424 AC_CACHE_CHECK([which macro set to use for manual pages], 1425 [sudo_cv_var_mantype], 1426 [ 1427 sudo_cv_var_mantype="man" 1428 echo ".Sh NAME" > conftest 1429 echo ".Nm sudo" >> conftest 1430 echo ".Nd sudo" >> conftest 1431 echo ".Sh DESCRIPTION" >> conftest 1432 echo "sudo" >> conftest 1433 if $NROFFPROG -mdoc conftest >/dev/null 2>&1; then 1434 sudo_cv_var_mantype="mdoc" 1435 fi 1436 rm -f conftest 1437 ] 1438 ) 1439 MANTYPE="$sudo_cv_var_mantype" 1440 else 1441 MANTYPE=cat 1442 MANDIRTYPE=cat 1443 mansrcdir='$(srcdir)' 1444 fi 1445fi 1446 1447dnl 1448dnl What kind of beastie are we being run on? 1449dnl Barf if config.cache was generated on another host. 1450dnl 1451if test -n "$sudo_cv_prev_host"; then 1452 if test "$sudo_cv_prev_host" != "$host"; then 1453 AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.]) 1454 else 1455 AC_MSG_CHECKING(previous host type) 1456 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host") 1457 AC_MSG_RESULT([$sudo_cv_prev_host]) 1458 fi 1459else 1460 # this will produce no output since there is no cached value 1461 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host") 1462fi 1463 1464dnl 1465dnl We want to be able to differentiate between different rev's 1466dnl 1467if test -n "$host_os"; then 1468 OS=`echo $host_os | sed 's/[[0-9]].*//'` 1469 OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'` 1470 OSMAJOR=`echo $OSREV | sed 's/\..*$//'` 1471else 1472 OS="unknown" 1473 OSREV=0 1474 OSMAJOR=0 1475fi 1476 1477case "$host" in 1478 *-*-sunos4*) 1479 # getcwd(3) opens a pipe to getpwd(1)!?! 1480 BROKEN_GETCWD=1 1481 1482 # system headers lack prototypes but gcc helps... 1483 if test -n "$GCC"; then 1484 OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__" 1485 fi 1486 1487 shadow_funcs="getpwanam issecure" 1488 ;; 1489 *-*-solaris2*) 1490 # To get the crypt(3) prototype (so we pass -Wall) 1491 OSDEFS="${OSDEFS} -D__EXTENSIONS__" 1492 # AFS support needs -lucb 1493 if test "$with_AFS" = "yes"; then 1494 AFS_LIBS="-lc -lucb" 1495 fi 1496 : ${mansectsu='1m'} 1497 : ${mansectform='4'} 1498 : ${with_rpath='yes'} 1499 test -z "$with_pam" && AUTH_EXCL_DEF="PAM" 1500 ;; 1501 *-*-aix*) 1502 # To get all prototypes (so we pass -Wall) 1503 OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT" 1504 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp" 1505 if test X"$with_blibpath" != X"no"; then 1506 AC_MSG_CHECKING([if linker accepts -Wl,-blibpath]) 1507 O_LDFLAGS="$LDFLAGS" 1508 LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib" 1509 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [ 1510 if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then 1511 blibpath="$with_blibpath" 1512 elif test -n "$GCC"; then 1513 blibpath="/usr/lib:/lib:/usr/local/lib" 1514 else 1515 blibpath="/usr/lib:/lib" 1516 fi 1517 AC_MSG_RESULT(yes) 1518 ], [AC_MSG_RESULT(no)]) 1519 fi 1520 LDFLAGS="$O_LDFLAGS" 1521 1522 # On AIX 6 and higher default to PAM, else default to LAM 1523 if test $OSMAJOR -ge 6; then 1524 if test X"$with_pam" = X""; then 1525 AUTH_EXCL_DEF="PAM" 1526 fi 1527 else 1528 if test X"$with_aixauth" = X""; then 1529 AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"]) 1530 fi 1531 fi 1532 1533 # AIX analog of nsswitch.conf, enabled by default 1534 AC_ARG_WITH(netsvc, [AS_HELP_STRING([--with-netsvc[[=PATH]]], [path to netsvc.conf])], 1535 [case $with_netsvc in 1536 no) ;; 1537 yes) with_netsvc="/etc/netsvc.conf" 1538 ;; 1539 *) ;; 1540 esac]) 1541 if test -z "$with_nsswitch" -a -z "$with_netsvc"; then 1542 with_netsvc="/etc/netsvc.conf" 1543 fi 1544 1545 # LDR_PRELOAD is only supported in AIX 5.3 and later 1546 if test $OSMAJOR -lt 5; then 1547 with_noexec=no 1548 fi 1549 1550 # AIX-specific functions 1551 AC_CHECK_FUNCS(getuserattr setauthdb) 1552 COMMON_OBJS="$COMMON_OBJS aix.o" 1553 ;; 1554 *-*-hiuxmpp*) 1555 : ${mansectsu='1m'} 1556 : ${mansectform='4'} 1557 1558 # HP-UX shared libs must be executable 1559 SHLIB_MODE=0755 1560 ;; 1561 *-*-hpux*) 1562 # AFS support needs -lBSD 1563 if test "$with_AFS" = "yes"; then 1564 AFS_LIBS="-lc -lBSD" 1565 fi 1566 : ${mansectsu='1m'} 1567 : ${mansectform='4'} 1568 1569 # HP-UX shared libs must be executable 1570 SHLIB_MODE=0755 1571 1572 if test -z "$GCC"; then 1573 AC_CACHE_CHECK([for HP bundled C compiler], 1574 [sudo_cv_var_hpccbundled], 1575 [if test "x$ac_cv_prog_cc_c89" = "xno"; then 1576 sudo_cv_var_hpccbundled=yes 1577 elif $CC -V 2>&1 | grep '^(Bundled)' >/dev/null 2>&1; then 1578 sudo_cv_var_hpccbundled=yes 1579 else 1580 sudo_cv_var_hpccbundled=no 1581 fi] 1582 ) 1583 # The HP bundled compiler can't generate shared objects 1584 if test "$sudo_cv_var_hpccbundled" = "yes"; then 1585 with_noexec=no 1586 fi 1587 fi 1588 1589 # Build PA-RISC1.1 objects for better portability 1590 case "$host_cpu" in 1591 hppa[[2-9]]*) 1592 _CFLAGS="$CFLAGS" 1593 if test -n "$GCC"; then 1594 portable_flag="-march=1.1" 1595 else 1596 portable_flag="+DAportable" 1597 fi 1598 CFLAGS="$CFLAGS $portable_flag" 1599 AC_CACHE_CHECK([whether $CC understands $portable_flag], 1600 [sudo_cv_var_daportable], 1601 [AC_LINK_IFELSE( 1602 [AC_LANG_PROGRAM([[]], [[]])], 1603 [sudo_cv_var_daportable=yes], 1604 [sudo_cv_var_daportable=no] 1605 ) 1606 ] 1607 ) 1608 if test X"$sudo_cv_var_daportable" != X"yes"; then 1609 CFLAGS="$_CFLAGS" 1610 fi 1611 ;; 1612 esac 1613 1614 case "$host" in 1615 *-*-hpux[[1-8]].*) 1616 AC_DEFINE(BROKEN_SYSLOG) 1617 1618 # Not sure if setuid binaries are safe in < 9.x 1619 if test -n "$GCC"; then 1620 SUDO_LDFLAGS="${SUDO_LDFLAGS} -static" 1621 else 1622 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive" 1623 fi 1624 ;; 1625 *-*-hpux9.*) 1626 AC_DEFINE(BROKEN_SYSLOG) 1627 1628 shadow_funcs="getspwuid" 1629 1630 # DCE support (requires ANSI C compiler) 1631 if test "$with_DCE" = "yes"; then 1632 # order of libs in 9.X is important. -lc_r must be last 1633 SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r" 1634 LIBS="${LIBS} -ldce -lM -lc_r" 1635 CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant" 1636 fi 1637 ;; 1638 *-*-hpux10.*) 1639 shadow_funcs="getprpwnam iscomsec" 1640 shadow_libs="-lsec" 1641 # HP-UX 10.20 libc has an incompatible getline 1642 ac_cv_func_getline="no" 1643 ;; 1644 *) 1645 shadow_funcs="getspnam iscomsec" 1646 shadow_libs="-lsec" 1647 test -z "$with_pam" && AUTH_EXCL_DEF="PAM" 1648 ;; 1649 esac 1650 ;; 1651 *-dec-osf*) 1652 # ignore envariables wrt dynamic lib path 1653 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement" 1654 1655 : ${CHECKSIA='true'} 1656 AC_MSG_CHECKING(whether to disable sia support on Digital UNIX) 1657 AC_ARG_ENABLE(sia, 1658 [AS_HELP_STRING([--disable-sia], [Disable SIA on Digital UNIX])], 1659 [ case "$enableval" in 1660 yes) AC_MSG_RESULT(no) 1661 CHECKSIA=true 1662 ;; 1663 no) AC_MSG_RESULT(yes) 1664 CHECKSIA=false 1665 ;; 1666 *) AC_MSG_RESULT(no) 1667 AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval]) 1668 ;; 1669 esac 1670 ], AC_MSG_RESULT(no)) 1671 1672 shadow_funcs="getprpwnam dispcrypt" 1673 # OSF/1 4.x and higher need -ldb too 1674 if test $OSMAJOR -lt 4; then 1675 shadow_libs="-lsecurity -laud -lm" 1676 else 1677 shadow_libs="-lsecurity -ldb -laud -lm" 1678 fi 1679 1680 # use SIA by default, if we have it 1681 test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA" 1682 1683 # 1684 # Some versions of Digital Unix ship with a broken 1685 # copy of prot.h, which we need for shadow passwords. 1686 # XXX - make should remove this as part of distclean 1687 # 1688 AC_MSG_CHECKING([for broken prot.h]) 1689 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1690#include <sys/types.h> 1691#include <sys/security.h> 1692#include <prot.h> 1693 ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally]) 1694 sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h 1695 ]) 1696 : ${mansectsu='8'} 1697 : ${mansectform='4'} 1698 ;; 1699 *-*-irix*) 1700 OSDEFS="${OSDEFS} -D_BSD_TYPES" 1701 if test -z "$NROFFPROG"; then 1702 if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then 1703 if test -d /usr/share/catman/local; then 1704 mandir="/usr/share/catman/local" 1705 else 1706 mandir="/usr/catman/local" 1707 fi 1708 fi 1709 # Compress cat pages with pack 1710 MANCOMPRESS='pack' 1711 MANCOMPRESSEXT='.z' 1712 else 1713 if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then 1714 if test -d "/usr/share/man/local"; then 1715 mandir="/usr/share/man/local" 1716 else 1717 mandir="/usr/man/local" 1718 fi 1719 fi 1720 fi 1721 # IRIX <= 4 needs -lsun 1722 if test "$OSMAJOR" -le 4; then 1723 AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"]) 1724 fi 1725 : ${mansectsu='1m'} 1726 : ${mansectform='4'} 1727 ;; 1728 *-*-linux*|*-*-k*bsd*-gnu) 1729 OSDEFS="${OSDEFS} -D_GNU_SOURCE" 1730 # Some Linux versions need to link with -lshadow 1731 shadow_funcs="getspnam" 1732 shadow_libs_optional="-lshadow" 1733 test -z "$with_pam" && AUTH_EXCL_DEF="PAM" 1734 ;; 1735 *-convex-bsd*) 1736 OSDEFS="${OSDEFS} -D_CONVEX_SOURCE" 1737 if test -z "$GCC"; then 1738 CFLAGS="${CFLAGS} -D__STDC__" 1739 fi 1740 1741 shadow_defs="-D_AUDIT -D_ACL -DSecureWare" 1742 shadow_funcs="getprpwnam" 1743 shadow_libs="-lprot" 1744 ;; 1745 *-*-ultrix*) 1746 OS="ultrix" 1747 shadow_funcs="getauthuid" 1748 shadow_libs="-lauth" 1749 ;; 1750 *-*-riscos*) 1751 LIBS="${LIBS} -lsun -lbsd" 1752 CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd" 1753 OSDEFS="${OSDEFS} -D_MIPS" 1754 : ${mansectsu='1m'} 1755 : ${mansectform='4'} 1756 ;; 1757 *-*-isc*) 1758 OSDEFS="${OSDEFS} -D_ISC" 1759 LIB_CRYPT=1 1760 SUDO_LIBS="${SUDO_LIBS} -lcrypt" 1761 LIBS="${LIBS} -lcrypt" 1762 1763 shadow_funcs="getspnam" 1764 shadow_libs="-lsec" 1765 1766 : ${mansectsu='1m'} 1767 : ${mansectform='4'} 1768 ;; 1769 *-*-sco*|*-sco-*) 1770 shadow_funcs="getprpwnam" 1771 shadow_libs="-lprot -lx" 1772 : ${mansectsu='1m'} 1773 : ${mansectform='4'} 1774 ;; 1775 m88k-motorola-sysv*) 1776 # motorolla's cc (a variant of gcc) does -O but not -O2 1777 CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'` 1778 : ${mansectsu='1m'} 1779 : ${mansectform='4'} 1780 ;; 1781 *-sequent-sysv*) 1782 shadow_funcs="getspnam" 1783 shadow_libs="-lsec" 1784 : ${mansectsu='1m'} 1785 : ${mansectform='4'} 1786 : ${with_rpath='yes'} 1787 ;; 1788 *-ncr-sysv4*|*-ncr-sysvr4*) 1789 AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes]) 1790 : ${mansectsu='1m'} 1791 : ${mansectform='4'} 1792 : ${with_rpath='yes'} 1793 ;; 1794 *-ccur-sysv4*|*-ccur-sysvr4*) 1795 LIBS="${LIBS} -lgen" 1796 SUDO_LIBS="${SUDO_LIBS} -lgen" 1797 : ${mansectsu='1m'} 1798 : ${mansectform='4'} 1799 : ${with_rpath='yes'} 1800 ;; 1801 *-*-bsdi*) 1802 SKIP_SETREUID=yes 1803 # Check for newer BSD auth API 1804 if test -z "$with_bsdauth"; then 1805 AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"]) 1806 fi 1807 ;; 1808 *-*-freebsd*) 1809 # FreeBSD has a real setreuid(2) starting with 2.1 and 1810 # backported to 2.0.5. We just take 2.1 and above... 1811 case "$OSREV" in 1812 0.*|1.*|2.0*) 1813 SKIP_SETREUID=yes 1814 ;; 1815 esac 1816 OSDEFS="${OSDEFS} -D_BSD_SOURCE" 1817 if test "${with_skey-'no'}" = "yes"; then 1818 SUDO_LIBS="${SUDO_LIBS} -lmd" 1819 fi 1820 CHECKSHADOW="false" 1821 test -z "$with_pam" && AUTH_EXCL_DEF="PAM" 1822 : ${with_logincap='maybe'} 1823 # PIE is broken on FreeBSD/ia64 1824 case "$host_cpu" in 1825 ia64*) 1826 enable_pie=no;; 1827 esac 1828 ;; 1829 *-*-*openbsd*) 1830 # OpenBSD has a real setreuid(2) starting with 3.3 but 1831 # we will use setresuid(2) instead. 1832 SKIP_SETREUID=yes 1833 OSDEFS="${OSDEFS} -D_BSD_SOURCE" 1834 CHECKSHADOW="false" 1835 # OpenBSD >= 3.0 supports BSD auth 1836 if test -z "$with_bsdauth"; then 1837 if test "$OSMAJOR" -ge 3; then 1838 AUTH_EXCL_DEF="BSD_AUTH" 1839 fi 1840 fi 1841 : ${with_logincap='maybe'} 1842 ;; 1843 *-*-*netbsd*) 1844 # NetBSD has a real setreuid(2) starting with 1.3.2 1845 case "$OSREV" in 1846 0.9*|1.[[012]]*|1.3|1.3.1) 1847 SKIP_SETREUID=yes 1848 ;; 1849 esac 1850 CHECKSHADOW="false" 1851 test -z "$with_pam" && AUTH_EXCL_DEF="PAM" 1852 : ${with_logincap='maybe'} 1853 ;; 1854 *-*-dragonfly*) 1855 OSDEFS="${OSDEFS} -D_BSD_SOURCE" 1856 if test "${with_skey-'no'}" = "yes"; then 1857 SUDO_LIBS="${SUDO_LIBS} -lmd" 1858 fi 1859 CHECKSHADOW="false" 1860 test -z "$with_pam" && AUTH_EXCL_DEF="PAM" 1861 : ${with_logincap='yes'} 1862 ;; 1863 *-*-*bsd*) 1864 CHECKSHADOW="false" 1865 ;; 1866 *-*-darwin*) 1867 # Darwin has a real setreuid(2) starting with 9.0 1868 if test $OSMAJOR -lt 9; then 1869 SKIP_SETREUID=yes 1870 fi 1871 CHECKSHADOW="false" 1872 test -z "$with_pam" && AUTH_EXCL_DEF="PAM" 1873 : ${with_logincap='yes'} 1874 ;; 1875 *-*-nextstep*) 1876 # lockf() on is broken on the NeXT -- use flock instead 1877 ac_cv_func_lockf=no 1878 ac_cv_func_flock=yes 1879 ;; 1880 *-*-*sysv4*) 1881 : ${mansectsu='1m'} 1882 : ${mansectform='4'} 1883 : ${with_rpath='yes'} 1884 ;; 1885 *-*-sysv*) 1886 : ${mansectsu='1m'} 1887 : ${mansectform='4'} 1888 ;; 1889 *-gnu*) 1890 OSDEFS="${OSDEFS} -D_GNU_SOURCE" 1891 ;; 1892esac 1893 1894dnl 1895dnl Check for mixing mutually exclusive and regular auth methods 1896dnl 1897AUTH_REG=${AUTH_REG# } 1898AUTH_EXCL=${AUTH_EXCL# } 1899if test -n "$AUTH_EXCL"; then 1900 set -- $AUTH_EXCL 1901 if test $# != 1; then 1902 AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL]) 1903 fi 1904 if test -n "$AUTH_REG"; then 1905 AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods]) 1906 fi 1907fi 1908dnl 1909dnl Only one of S/Key and OPIE may be specified 1910dnl 1911if test X"${with_skey}${with_opie}" = X"yesyes"; then 1912 AC_MSG_ERROR(["cannot use both S/Key and OPIE"]) 1913fi 1914 1915dnl 1916dnl Use BSD-style man sections by default 1917dnl 1918: ${mansectsu='8'} 1919: ${mansectform='5'} 1920 1921dnl 1922dnl Add in any libpaths or libraries specified via configure 1923dnl 1924if test -n "$with_libpath"; then 1925 for i in ${with_libpath}; do 1926 SUDO_APPEND_LIBPATH(LDFLAGS, [$i]) 1927 done 1928fi 1929if test -n "$with_libraries"; then 1930 for i in ${with_libraries}; do 1931 case $i in 1932 -l*) ;; 1933 *.a) ;; 1934 *.o) ;; 1935 *) i="-l${i}";; 1936 esac 1937 LIBS="${LIBS} ${i}" 1938 done 1939fi 1940 1941dnl 1942dnl C compiler checks (to be done after os checks) 1943dnl 1944AC_PROG_GCC_TRADITIONAL 1945AC_C_CONST 1946AC_C_VOLATILE 1947 1948dnl 1949dnl Program checks 1950dnl 1951AC_PROG_YACC 1952AC_PATH_PROG([FLEX], [flex], [flex]) 1953SUDO_PROG_MV 1954SUDO_PROG_BSHELL 1955if test -z "$with_sendmail"; then 1956 SUDO_PROG_SENDMAIL 1957fi 1958if test -z "$with_editor"; then 1959 SUDO_PROG_VI 1960fi 1961dnl 1962dnl Check for authpriv support in syslog 1963dnl 1964AC_MSG_CHECKING(which syslog facility sudo should log with) 1965if test X"$with_logfac" = X""; then 1966 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <syslog.h>]], [[int i = LOG_AUTHPRIV; (void)i;]])], [logfac=authpriv]) 1967fi 1968AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.]) 1969AC_MSG_RESULT($logfac) 1970dnl 1971dnl Header file checks 1972dnl 1973AC_HEADER_STDC 1974AC_HEADER_DIRENT 1975AC_HEADER_TIME 1976AC_HEADER_MAJOR 1977AC_CHECK_HEADERS(malloc.h netgroup.h paths.h spawn.h utime.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h) 1978AC_CHECK_HEADERS([procfs.h] [sys/procfs.h], [AC_CHECK_MEMBERS(struct psinfo.pr_ttydev, [AC_CHECK_FUNCS(_ttyname_dev)], [], [AC_INCLUDES_DEFAULT 1979#ifdef HAVE_PROCFS_H 1980#include <procfs.h> 1981#endif 1982#ifdef HAVE_SYS_PROCFS_H 1983#include <sys/procfs.h> 1984#endif 1985])] 1986break) 1987dnl 1988dnl Check for large file support. HP-UX 11.23 has a broken sys/type.h 1989dnl when large files support is enabled so work around it. 1990dnl 1991AC_SYS_LARGEFILE 1992case "$host" in 1993 *-*-hpux11.*) 1994 AC_CACHE_CHECK([whether sys/types.h needs _XOPEN_SOURCE_EXTENDED], [sudo_cv_xopen_source_extended], 1995 [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT 1996 #include <sys/socket.h>], [])], [sudo_cv_xopen_source_extended=no], [ 1997 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#define _XOPEN_SOURCE_EXTENDED 1998 AC_INCLUDES_DEFAULT 1999 #include <sys/socket.h>], [])], [sudo_cv_xopen_source_extended=yes], 2000 [sudo_cv_xopen_source_extended=error]) 2001 ])]) 2002 if test "$sudo_cv_xopen_source_extended" = "yes"; then 2003 OSDEFS="${OSDEFS} -D_XOPEN_SOURCE_EXTENDED" 2004 SUDO_DEFINE(_XOPEN_SOURCE_EXTENDED) 2005 fi 2006 ;; 2007esac 2008AC_SYS_POSIX_TERMIOS 2009if test "$ac_cv_sys_posix_termios" = "yes"; then 2010 AC_DEFINE(HAVE_TERMIOS_H) 2011else 2012 AC_CHECK_HEADERS(termio.h) 2013fi 2014SUDO_MAILDIR 2015if test ${with_logincap-'no'} != "no"; then 2016 AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1 2017 case "$OS" in 2018 freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" 2019 ;; 2020 esac 2021 ]) 2022fi 2023if test ${with_project-'no'} != "no"; then 2024 AC_CHECK_HEADER(project.h, [ 2025 AC_CHECK_LIB(project, setproject, [ 2026 AC_DEFINE(HAVE_PROJECT_H) 2027 SUDO_LIBS="${SUDO_LIBS} -lproject" 2028 ]) 2029 ], []) 2030fi 2031dnl 2032dnl typedef checks 2033dnl 2034AC_TYPE_MODE_T 2035AC_TYPE_UID_T 2036AC_CHECK_TYPE([__signed char], [], [AC_CHECK_TYPE([signed char], [AC_DEFINE(__signed, signed)], [AC_DEFINE(__signed, [])])]) 2037AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h> 2038#include <signal.h>]) 2039AC_CHECK_TYPES([sigaction_t], [], [], [#include <sys/types.h> 2040#include <signal.h>]) 2041AC_CHECK_TYPES([struct timespec], [], [], [#include <sys/types.h> 2042#if TIME_WITH_SYS_TIME 2043# include <sys/time.h> 2044#endif 2045#include <time.h>]) 2046AC_CHECK_TYPES([struct in6_addr], [], [], [#include <sys/types.h> 2047#include <netinet/in.h>]) 2048AC_TYPE_LONG_LONG_INT 2049AC_CHECK_SIZEOF([long int]) 2050AC_CHECK_TYPE(size_t, unsigned int) 2051AC_CHECK_TYPE(ssize_t, int) 2052AC_CHECK_TYPE(dev_t, int) 2053AC_CHECK_TYPE(ino_t, unsigned int) 2054SUDO_UID_T_LEN 2055SUDO_SOCK_SA_LEN 2056dnl 2057dnl only set RETSIGTYPE if it is not set already 2058dnl 2059case "$DEFS" in 2060 *"RETSIGTYPE"*) ;; 2061 *) AC_TYPE_SIGNAL;; 2062esac 2063dnl 2064dnl Function checks 2065dnl 2066AC_FUNC_GETGROUPS 2067AC_CHECK_FUNCS(glob strchr strrchr memchr memcpy memset sysconf tzset \ 2068 strftime setrlimit initgroups getgroups fstat gettimeofday \ 2069 regcomp setlocale nl_langinfo getaddrinfo getsid setenv \ 2070 mbr_check_membership setrlimit64) 2071AC_CHECK_FUNCS(getline, [], [ 2072 AC_LIBOBJ(getline) 2073 AC_CHECK_FUNCS(fgetln) 2074]) 2075AC_CHECK_FUNCS(setsid, [], [ 2076 AC_LIBOBJ(setsid) 2077 AC_FUNC_SETPGRP 2078]) 2079dnl 2080dnl If libc supports _FORTIFY_SOURCE check functions, use it. 2081dnl 2082if test "$enable_hardening" != "no"; then 2083 O_CPPFLAGS="$CPPFLAGS" 2084 CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2" 2085 AC_CHECK_FUNC(__sprintf_chk, [ 2086 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]])], [OSDEFS="${OSDEFS} -D_FORTIFY_SOURCE=2"], []) 2087 ], []) 2088 CPPFLAGS="$O_CPPFLAGS" 2089fi 2090 2091AC_CHECK_FUNCS(getutxid getutid, [break]) 2092 2093AC_CHECK_FUNCS(sysctl, [AC_CHECK_MEMBERS([struct kinfo_proc.ki_tdev], [], 2094 [ 2095 AC_CHECK_MEMBERS([struct kinfo_proc2.p_tdev], [], [ 2096 AC_CHECK_MEMBERS([struct kinfo_proc.p_tdev], [], [ 2097 AC_CHECK_MEMBERS([struct kinfo_proc.kp_eproc.e_tdev], [], [], [ 2098 #include <sys/param.h> 2099 #include <sys/sysctl.h> 2100 ]) 2101 ], [ 2102 #include <sys/param.h> 2103 #include <sys/sysctl.h> 2104 ]) 2105 ], 2106 [ 2107 #include <sys/param.h> 2108 #include <sys/sysctl.h> 2109 ]) 2110 ], 2111 [ 2112 #include <sys/param.h> 2113 #include <sys/sysctl.h> 2114 #include <sys/user.h> 2115 ]) 2116]) 2117 2118AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(libutil.h util.h pty.h, [break])], [ 2119 AC_CHECK_LIB(util, openpty, [ 2120 AC_CHECK_HEADERS(libutil.h util.h pty.h, [break]) 2121 SUDO_LIBS="${SUDO_LIBS} -lutil" 2122 AC_DEFINE(HAVE_OPENPTY) 2123 ], [ 2124 AC_CHECK_FUNCS(_getpty, [], [ 2125 AC_CHECK_FUNCS(grantpt, [ 2126 AC_CHECK_FUNCS(posix_openpt) 2127 ], [ 2128 AC_CHECK_FUNCS(revoke) 2129 ]) 2130 ]) 2131 ]) 2132]) 2133AC_CHECK_FUNCS(unsetenv, SUDO_FUNC_UNSETENV_VOID) 2134SUDO_FUNC_PUTENV_CONST 2135if test -z "$SKIP_SETRESUID"; then 2136 AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes]) 2137fi 2138if test -z "$SKIP_SETREUID"; then 2139 AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes]) 2140fi 2141if test -z "$SKIP_SETEUID"; then 2142 AC_CHECK_FUNCS(seteuid) 2143fi 2144if test X"$with_interfaces" != X"no"; then 2145 AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)]) 2146fi 2147if test -z "$BROKEN_GETCWD"; then 2148 AC_REPLACE_FUNCS(getcwd) 2149fi 2150AC_CHECK_FUNCS(lockf flock, [break]) 2151AC_CHECK_FUNCS(waitpid wait3, [break]) 2152AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]]) 2153AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)]) 2154AC_CHECK_FUNCS(killpg, [], [AC_LIBOBJ(killpg)]) 2155SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)]) 2156SUDO_FUNC_ISBLANK 2157AC_REPLACE_FUNCS(memrchr strerror strcasecmp sigaction strlcpy strlcat) 2158AC_CHECK_FUNCS(nanosleep, [], [ 2159 # On Solaris, nanosleep is in librt 2160 AC_CHECK_LIB(rt, nanosleep, [LIBS="${LIBS} -lrt"], [AC_LIBOBJ(nanosleep)]) 2161]) 2162AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom) 2163 AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [], 2164 [ #include <limits.h> 2165 #include <fcntl.h> ]) 2166]) 2167AC_CHECK_FUNCS(mkstemps, [], [SUDO_OBJS="${SUDO_OBJS} mkstemps.o" 2168 AC_CHECK_FUNCS(random lrand48, [break]) 2169]) 2170AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1]) 2171if test X"$ac_cv_type_struct_timespec" != X"no"; then 2172 AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)] 2173 [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))], 2174 [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))]) 2175fi 2176dnl 2177dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR. 2178dnl 2179AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h> 2180#include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h> 2181#include <$ac_header_dirent>]], [[DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);]])], [AC_DEFINE(HAVE_DD_FD)], [])]) 2182AC_CHECK_MEMBERS([struct dirent.d_type], [], [], [ 2183AC_INCLUDES_DEFAULT 2184#include <$ac_header_dirent> 2185]) 2186dnl 2187dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS 2188dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf) 2189dnl 2190if test -n "$NEED_SNPRINTF"; then 2191 AC_LIBOBJ(snprintf) 2192fi 2193dnl 2194dnl If socket(2) not in libc, check -lsocket and -linet 2195dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols 2196dnl 2197AC_CHECK_FUNC(socket, [], [ 2198 for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do 2199 _libs= 2200 for lib in $libs; do 2201 case "$NET_LIBS" in 2202 *"$lib"*) ;; 2203 *) _libs="$_libs $lib";; 2204 esac 2205 done 2206 libs="${_libs# }" 2207 test -z "$libs" && continue 2208 lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" 2209 extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" 2210 SUDO_CHECK_LIB($lib, socket, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs]) 2211 done 2212]) 2213dnl 2214dnl If inet_addr(3) not in libc, check -lnsl and -linet 2215dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols 2216dnl 2217AC_CHECK_FUNC(inet_addr, [], [ 2218 AC_CHECK_FUNC(__inet_addr, [], [ 2219 for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do 2220 _libs= 2221 for lib in $libs; do 2222 case "$NET_LIBS" in 2223 *"$lib"*) ;; 2224 *) _libs="$_libs $lib";; 2225 esac 2226 done 2227 libs="${_libs# }" 2228 test -z "$libs" && continue 2229 lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" 2230 extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" 2231 SUDO_CHECK_LIB($lib, inet_addr, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs]) 2232 done 2233 ]) 2234]) 2235dnl 2236dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet 2237dnl 2238AC_CHECK_FUNC(syslog, [], [ 2239 for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do 2240 _libs= 2241 for lib in $libs; do 2242 case "$NET_LIBS" in 2243 *"$lib"*) ;; 2244 *) _libs="$_libs $lib";; 2245 esac 2246 done 2247 libs="${_libs# }" 2248 test -z "$libs" && continue 2249 lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" 2250 extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" 2251 SUDO_CHECK_LIB($lib, syslog, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs]) 2252 done 2253]) 2254dnl 2255dnl Check for getprogname() or __progname 2256dnl 2257AC_CHECK_FUNCS(getprogname, , [ 2258 AC_MSG_CHECKING([for __progname]) 2259 AC_CACHE_VAL(sudo_cv___progname, [ 2260 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])]) 2261 if test "$sudo_cv___progname" = "yes"; then 2262 AC_DEFINE(HAVE___PROGNAME) 2263 else 2264 AC_LIBOBJ(getprogname) 2265 fi 2266 AC_MSG_RESULT($sudo_cv___progname) 2267]) 2268 2269dnl 2270dnl Check for errno declaration in errno.h 2271dnl 2272AC_CHECK_DECLS([errno], [], [], [ 2273AC_INCLUDES_DEFAULT 2274#include <errno.h> 2275]) 2276 2277dnl 2278dnl Check for strsignal() or sys_siglist 2279dnl 2280AC_CHECK_FUNCS(strsignal, [], [ 2281 AC_LIBOBJ(strsignal) 2282 HAVE_SIGLIST="false" 2283 AC_CHECK_DECLS([sys_siglist, _sys_siglist, __sys_siglist], [ 2284 HAVE_SIGLIST="true" 2285 break 2286 ], [ ], [ 2287AC_INCLUDES_DEFAULT 2288#include <signal.h> 2289 ]) 2290 if test "$HAVE_SIGLIST" != "true"; then 2291 AC_LIBOBJ(siglist) 2292 fi 2293]) 2294 2295dnl 2296dnl nsswitch.conf and its equivalents 2297dnl 2298if test ${with_netsvc-"no"} != "no"; then 2299 SUDO_DEFINE_UNQUOTED(_PATH_NETSVC_CONF, "${with_netsvc-/etc/netsvc.conf}") 2300 netsvc_conf=${with_netsvc-/etc/netsvc.conf} 2301elif test ${with_nsswitch-"yes"} != "no"; then 2302 SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}") 2303 nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf} 2304fi 2305 2306dnl 2307dnl Mutually exclusive auth checks come first, followed by 2308dnl non-exclusive ones. Note: passwd must be last of all! 2309dnl 2310 2311dnl 2312dnl Convert default authentication methods to with_* if 2313dnl no explicit authentication scheme was specified. 2314dnl 2315if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then 2316 for auth in $AUTH_EXCL_DEF; do 2317 case $auth in 2318 AIX_AUTH) with_aixauth=maybe;; 2319 BSD_AUTH) with_bsdauth=maybe;; 2320 PAM) with_pam=maybe;; 2321 SIA) CHECKSIA=true;; 2322 esac 2323 done 2324fi 2325 2326dnl 2327dnl PAM support. Systems that use PAM by default set with_pam=default 2328dnl and we do the actual tests here. 2329dnl 2330if test ${with_pam-"no"} != "no"; then 2331 # 2332 # Check for pam_start() in libpam first, then for pam_appl.h. 2333 # 2334 found_pam_lib=no 2335 AC_CHECK_LIB(pam, pam_start, [found_pam_lib=yes], [], [$lt_cv_dlopen_libs]) 2336 # 2337 # Some PAM implementations (MacOS X for example) put the PAM headers 2338 # in /usr/include/pam instead of /usr/include/security... 2339 # 2340 found_pam_hdrs=no 2341 AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [found_pam_hdrs=yes; break]) 2342 if test "$found_pam_lib" = "yes" -a "$found_pam_hdrs" = "yes"; then 2343 # Found both PAM libs and headers 2344 with_pam=yes 2345 elif test "$with_pam" = "yes"; then 2346 if test "$found_pam_lib" = "no"; then 2347 AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development library."]) 2348 fi 2349 if test "$found_pam_hdrs" = "no"; then 2350 AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development headers."]) 2351 fi 2352 elif test "$found_pam_lib" != "$found_pam_hdrs"; then 2353 if test "$found_pam_lib" = "no"; then 2354 AC_MSG_ERROR(["found PAM headers but no PAM development library; specify --without-pam to build without PAM"]) 2355 fi 2356 if test "$found_pam_hdrs" = "no"; then 2357 AC_MSG_ERROR(["found PAM library but no PAM development headers; specify --without-pam to build without PAM"]) 2358 fi 2359 fi 2360 2361 if test "$with_pam" = "yes"; then 2362 # Older PAM implementations lack pam_getenvlist 2363 OLIBS="$LIBS" 2364 LIBS="$LIBS -lpam $lt_cv_dlopen_libs" 2365 AC_CHECK_FUNCS(pam_getenvlist) 2366 LIBS="$OLIBS" 2367 dnl 2368 dnl Some platforms need libdl for dlopen 2369 dnl 2370 SUDO_LIBS="${SUDO_LIBS} -lpam $lt_cv_dlopen_libs" 2371 AC_DEFINE(HAVE_PAM) 2372 AUTH_OBJS="$AUTH_OBJS pam.o"; 2373 AUTH_EXCL=PAM 2374 2375 AC_ARG_WITH(pam-login, [AS_HELP_STRING([--with-pam-login], [enable specific PAM session for sudo -i])], 2376 [case $with_pam_login in 2377 yes) AC_DEFINE([HAVE_PAM_LOGIN]) 2378 AC_MSG_CHECKING(whether to use PAM login) 2379 AC_MSG_RESULT(yes) 2380 ;; 2381 no) ;; 2382 *) AC_MSG_ERROR(["--with-pam-login does not take an argument."]) 2383 ;; 2384 esac]) 2385 2386 AC_MSG_CHECKING(whether to use PAM session support) 2387 AC_ARG_ENABLE(pam_session, 2388 [AS_HELP_STRING([--disable-pam-session], [Disable PAM session support])], 2389 [ case "$enableval" in 2390 yes) AC_MSG_RESULT(yes) 2391 ;; 2392 no) AC_MSG_RESULT(no) 2393 AC_DEFINE([NO_PAM_SESSION], [], [PAM session support disabled]) 2394 ;; 2395 *) AC_MSG_RESULT(no) 2396 AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval]) 2397 ;; 2398 esac], AC_MSG_RESULT(yes)) 2399 2400 case $host in 2401 *-*-linux*|*-*-solaris*) 2402 # dgettext() may be defined to dgettext_libintl in the 2403 # header file, so first check that it links w/ additional 2404 # libs, then try with -lintl 2405 AC_LINK_IFELSE([AC_LANG_PROGRAM( 2406 [[#include <libintl.h>]], [(void)dgettext((char *)0, (char *)0);])], 2407 [AC_DEFINE(HAVE_DGETTEXT)], 2408 [AC_CHECK_LIB(intl, dgettext, [LIBS="${LIBS} -lintl"] 2409 [AC_DEFINE(HAVE_DGETTEXT)])]) 2410 ;; 2411 esac 2412 fi 2413fi 2414 2415dnl 2416dnl AIX general authentication 2417dnl If set to "maybe" only enable if no other exclusive method in use. 2418dnl 2419if test ${with_aixauth-'no'} != "no"; then 2420 if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then 2421 AC_MSG_NOTICE([using AIX general authentication]) 2422 AC_DEFINE(HAVE_AIXAUTH) 2423 AUTH_OBJS="$AUTH_OBJS aix_auth.o"; 2424 SUDO_LIBS="${SUDO_LIBS} -ls" 2425 AUTH_EXCL=AIX_AUTH 2426 fi 2427fi 2428 2429dnl 2430dnl BSD authentication 2431dnl If set to "maybe" only enable if no other exclusive method in use. 2432dnl 2433if test ${with_bsdauth-'no'} != "no"; then 2434 AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H) 2435 [AUTH_OBJS="$AUTH_OBJS bsdauth.o"] 2436 [BSDAUTH_USAGE='[[-a auth_type]] '] 2437 [AUTH_EXCL=BSD_AUTH; BAMAN=1], 2438 [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])]) 2439fi 2440 2441dnl 2442dnl SIA authentication for Tru64 Unix 2443dnl 2444if test ${CHECKSIA-'false'} = "true"; then 2445 AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false]) 2446 if test "$found" = "true"; then 2447 AUTH_EXCL=SIA 2448 AUTH_OBJS="$AUTH_OBJS sia.o" 2449 fi 2450fi 2451 2452dnl 2453dnl extra FWTK libs + includes 2454dnl 2455if test ${with_fwtk-'no'} != "no"; then 2456 if test "$with_fwtk" != "yes"; then 2457 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}]) 2458 CPPFLAGS="${CPPFLAGS} -I${with_fwtk}" 2459 with_fwtk=yes 2460 fi 2461 SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall" 2462 AUTH_OBJS="$AUTH_OBJS fwtk.o" 2463fi 2464 2465dnl 2466dnl extra SecurID lib + includes 2467dnl 2468if test ${with_SecurID-'no'} != "no"; then 2469 if test "$with_SecurID" != "yes"; then 2470 : 2471 elif test -d /usr/ace/examples; then 2472 with_SecurID=/usr/ace/examples 2473 else 2474 with_SecurID=/usr/ace 2475 fi 2476 CPPFLAGS="${CPPFLAGS} -I${with_SecurID}" 2477 _LDFLAGS="${LDFLAGS}" 2478 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}]) 2479 # 2480 # Determine whether to use the new or old SecurID API 2481 # 2482 AC_CHECK_LIB(aceclnt, SD_Init, 2483 [ 2484 AUTH_OBJS="$AUTH_OBJS securid5.o"; 2485 SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread" 2486 ] 2487 [ 2488 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}]) 2489 ], [ 2490 AUTH_OBJS="$AUTH_OBJS securid.o"; 2491 SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a" 2492 ], 2493 [ 2494 -lpthread 2495 ] 2496 ) 2497 LDFLAGS="${_LDFLAGS}" 2498fi 2499 2500dnl 2501dnl Non-mutually exclusive auth checks come next. 2502dnl Note: passwd must be last of all! 2503dnl 2504 2505dnl 2506dnl Convert default authentication methods to with_* if 2507dnl no explicit authentication scheme was specified. 2508dnl 2509if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then 2510 for auth in $AUTH_DEF; do 2511 case $auth in 2512 passwd) : ${with_passwd='maybe'};; 2513 esac 2514 done 2515fi 2516 2517dnl 2518dnl Kerberos IV 2519dnl 2520if test ${with_kerb4-'no'} != "no"; then 2521 AC_DEFINE(HAVE_KERB4) 2522 dnl 2523 dnl Use the specified directory, if any, else search for correct inc dir 2524 dnl 2525 O_LDFLAGS="$LDFLAGS" 2526 if test "$with_kerb4" = "yes"; then 2527 found=no 2528 O_CPPFLAGS="$CPPFLAGS" 2529 for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do 2530 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" 2531 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]])], [found=yes; break]) 2532 done 2533 test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS" 2534 else 2535 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib]) 2536 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib]) 2537 CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include" 2538 AC_CHECK_HEADER([krb.h], [found=yes], [found=no]) 2539 fi 2540 if test X"$found" = X"no"; then 2541 AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS]) 2542 fi 2543 2544 dnl 2545 dnl Check for -ldes vs. -ldes425 2546 dnl 2547 AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [ 2548 AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""]) 2549 ]) 2550 dnl 2551 dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV 2552 dnl 2553 AC_MSG_CHECKING(whether we are using KTH Kerberos IV) 2554 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]], [[const char *tmp = krb4_version;]])], [ 2555 AC_MSG_RESULT(yes) 2556 K4LIBS="${K4LIBS} -lcom_err" 2557 AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"]) 2558 ], [ 2559 AC_MSG_RESULT(no) 2560 ] 2561 ) 2562 dnl 2563 dnl The actual Kerberos IV lib might be -lkrb or -lkrb4 2564 dnl 2565 AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [ 2566 AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"], 2567 [K4LIBS="-lkrb $K4LIBS"] 2568 [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])] 2569 , [$K4LIBS]) 2570 ], [$K4LIBS]) 2571 LDFLAGS="$O_LDFLAGS" 2572 SUDO_LIBS="${SUDO_LIBS} $K4LIBS" 2573 AUTH_OBJS="$AUTH_OBJS kerb4.o" 2574fi 2575 2576dnl 2577dnl Kerberos V 2578dnl There is an easy way and a hard way... 2579dnl 2580if test ${with_kerb5-'no'} != "no"; then 2581 AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "") 2582 if test -n "$KRB5CONFIG"; then 2583 AC_DEFINE(HAVE_KERB5) 2584 AUTH_OBJS="$AUTH_OBJS kerb5.o" 2585 CPPFLAGS="$CPPFLAGS `krb5-config --cflags`" 2586 SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`" 2587 dnl 2588 dnl Try to determine whether we have Heimdal or MIT Kerberos 2589 dnl 2590 AC_MSG_CHECKING(whether we are using Heimdal) 2591 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [ 2592 AC_MSG_RESULT(yes) 2593 AC_DEFINE(HAVE_HEIMDAL) 2594 ], [ 2595 AC_MSG_RESULT(no) 2596 ] 2597 ) 2598 else 2599 AC_DEFINE(HAVE_KERB5) 2600 dnl 2601 dnl Use the specified directory, if any, else search for correct inc dir 2602 dnl 2603 if test "$with_kerb5" = "yes"; then 2604 found=no 2605 O_CPPFLAGS="$CPPFLAGS" 2606 for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do 2607 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" 2608 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]])], [found=yes; break]) 2609 done 2610 if test X"$found" = X"no"; then 2611 CPPFLAGS="$O_CPPFLAGS" 2612 AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS]) 2613 fi 2614 else 2615 dnl XXX - try to include krb5.h here too 2616 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib]) 2617 CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include" 2618 fi 2619 2620 dnl 2621 dnl Try to determine whether we have Heimdal or MIT Kerberos 2622 dnl 2623 AC_MSG_CHECKING(whether we are using Heimdal) 2624 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [ 2625 AC_MSG_RESULT(yes) 2626 AC_DEFINE(HAVE_HEIMDAL) 2627 # XXX - need to check whether -lcrypo is needed! 2628 SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1" 2629 AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"]) 2630 ], [ 2631 AC_MSG_RESULT(no) 2632 SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err" 2633 AC_CHECK_LIB(krb5support, main, [SUDO_LIBS="${SUDO_LIBS} -lkrb5support"]) 2634 ]) 2635 AUTH_OBJS="$AUTH_OBJS kerb5.o" 2636 fi 2637 _LIBS="$LIBS" 2638 LIBS="${LIBS} ${SUDO_LIBS}" 2639 AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context) 2640 AC_CHECK_FUNCS(krb5_get_init_creds_opt_alloc, [ 2641 AC_CACHE_CHECK([whether krb5_get_init_creds_opt_free takes a context], 2642 sudo_cv_krb5_get_init_creds_opt_free_two_args, [ 2643 AC_COMPILE_IFELSE( 2644 [AC_LANG_PROGRAM( 2645 [[#include <krb5.h>]], 2646 [[krb5_get_init_creds_opt_free(NULL, NULL);]] 2647 )], 2648 [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes], 2649 [sudo_cv_krb5_get_init_creds_opt_free_two_args=no] 2650 ) 2651 ] 2652 ) 2653 ]) 2654 if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then 2655 AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS) 2656 fi 2657 LIBS="$_LIBS" 2658fi 2659 2660dnl 2661dnl extra AFS libs and includes 2662dnl 2663if test ${with_AFS-'no'} = "yes"; then 2664 2665 # looks like the "standard" place for AFS libs is /usr/afsws/lib 2666 AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs" 2667 for i in $AFSLIBDIRS; do 2668 if test -d ${i}; then 2669 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i]) 2670 FOUND_AFSLIBDIR=true 2671 fi 2672 done 2673 if test -z "$FOUND_AFSLIBDIR"; then 2674 AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.]) 2675 fi 2676 2677 # Order is important here. Note that we build AFS_LIBS from right to left 2678 # since AFS_LIBS may be initialized with BSD compat libs that must go last 2679 AFS_LIBS="-laudit ${AFS_LIBS}" 2680 for i in $AFSLIBDIRS; do 2681 if test -f ${i}/util.a; then 2682 AFS_LIBS="${i}/util.a ${AFS_LIBS}" 2683 FOUND_UTIL_A=true 2684 break; 2685 fi 2686 done 2687 if test -z "$FOUND_UTIL_A"; then 2688 AFS_LIBS="-lutil ${AFS_LIBS}" 2689 fi 2690 AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}" 2691 2692 # AFS includes may live in /usr/include on some machines... 2693 for i in /usr/afsws/include; do 2694 if test -d ${i}; then 2695 CPPFLAGS="${CPPFLAGS} -I${i}" 2696 FOUND_AFSINCDIR=true 2697 fi 2698 done 2699 2700 if test -z "$FOUND_AFSLIBDIR"; then 2701 AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.]) 2702 fi 2703 2704 AUTH_OBJS="$AUTH_OBJS afs.o" 2705fi 2706 2707dnl 2708dnl extra DCE obj + lib 2709dnl Order of libs in HP-UX 10.x is important, -ldce must be last. 2710dnl 2711if test ${with_DCE-'no'} = "yes"; then 2712 DCE_OBJS="${DCE_OBJS} dce_pwent.o" 2713 SUDO_LIBS="${SUDO_LIBS} -ldce" 2714 AUTH_OBJS="$AUTH_OBJS dce.o" 2715fi 2716 2717dnl 2718dnl extra S/Key lib and includes 2719dnl 2720if test "${with_skey-'no'}" = "yes"; then 2721 O_LDFLAGS="$LDFLAGS" 2722 if test "$with_skey" != "yes"; then 2723 CPPFLAGS="${CPPFLAGS} -I${with_skey}/include" 2724 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib]) 2725 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib]) 2726 AC_CHECK_HEADER([skey.h], [found=yes], [found=no], [#include <stdio.h>]) 2727 else 2728 found=no 2729 O_CPPFLAGS="$CPPFLAGS" 2730 for dir in "" "/usr/local" "/usr/contrib"; do 2731 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" 2732 AC_CHECK_HEADER([skey.h], [found=yes; break], [], 2733 [#include <stdio.h>]) 2734 done 2735 if test "$found" = "no" -o -z "$dir"; then 2736 CPPFLAGS="$O_CPPFLAGS" 2737 else 2738 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib]) 2739 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib]) 2740 fi 2741 fi 2742 if test "$found" = "no"; then 2743 AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS]) 2744 fi 2745 AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])]) 2746 AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS)) 2747 2748 AC_MSG_CHECKING([for RFC1938-compliant skeychallenge]) 2749 AC_COMPILE_IFELSE( 2750 [AC_LANG_PROGRAM( 2751 [[#include <stdio.h> 2752 #include <skey.h>]], 2753 [[skeychallenge(NULL, NULL, NULL, 0);]] 2754 )], [ 2755 AC_DEFINE(HAVE_RFC1938_SKEYCHALLENGE) 2756 AC_MSG_RESULT([yes]) 2757 ], [ 2758 AC_MSG_RESULT([no]) 2759 ] 2760 ) 2761 2762 LDFLAGS="$O_LDFLAGS" 2763 SUDO_LIBS="${SUDO_LIBS} -lskey" 2764 AUTH_OBJS="$AUTH_OBJS rfc1938.o" 2765fi 2766 2767dnl 2768dnl extra OPIE lib and includes 2769dnl 2770if test "${with_opie-'no'}" = "yes"; then 2771 O_LDFLAGS="$LDFLAGS" 2772 if test "$with_opie" != "yes"; then 2773 CPPFLAGS="${CPPFLAGS} -I${with_opie}/include" 2774 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib]) 2775 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib]) 2776 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes], [found=no]) 2777 else 2778 found=no 2779 O_CPPFLAGS="$CPPFLAGS" 2780 for dir in "" "/usr/local" "/usr/contrib"; do 2781 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" 2782 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes; break]) 2783 done 2784 if test "$found" = "no" -o -z "$dir"; then 2785 CPPFLAGS="$O_CPPFLAGS" 2786 else 2787 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib]) 2788 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib]) 2789 fi 2790 fi 2791 if test "$found" = "no"; then 2792 AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS]) 2793 fi 2794 AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])]) 2795 LDFLAGS="$O_LDFLAGS" 2796 SUDO_LIBS="${SUDO_LIBS} -lopie" 2797 AUTH_OBJS="$AUTH_OBJS rfc1938.o" 2798fi 2799 2800dnl 2801dnl Check for shadow password routines if we have not already done so. 2802dnl If there is a specific list of functions to check we do that first. 2803dnl Otherwise, we check for SVR4-style and then SecureWare-style. 2804dnl 2805if test ${with_passwd-'no'} != "no"; then 2806 dnl 2807 dnl if crypt(3) not in libc, look elsewhere 2808 dnl 2809 if test -z "$LIB_CRYPT"; then 2810 AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"]) 2811 fi 2812 2813 if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then 2814 _LIBS="$LIBS" 2815 LIBS="$LIBS $shadow_libs" 2816 found=no 2817 AC_CHECK_FUNCS($shadow_funcs, [found=yes]) 2818 if test "$found" = "yes"; then 2819 SUDO_LIBS="$SUDO_LIBS $shadow_libs" 2820 elif test -n "$shadow_libs_optional"; then 2821 LIBS="$LIBS $shadow_libs_optional" 2822 AC_CHECK_FUNCS($shadow_funcs, [found=yes]) 2823 if test "$found" = "yes"; then 2824 SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional" 2825 fi 2826 fi 2827 if test "$found" = "yes"; then 2828 case "$shadow_funcs" in 2829 *getprpwnam*) SECUREWARE=1;; 2830 esac 2831 test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs" 2832 else 2833 LIBS="$_LIBS" 2834 fi 2835 CHECKSHADOW=false 2836 fi 2837 if test "$CHECKSHADOW" = "true"; then 2838 AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"]) 2839 fi 2840 if test "$CHECKSHADOW" = "true"; then 2841 AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"]) 2842 fi 2843 if test -n "$SECUREWARE"; then 2844 AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs) 2845 AUTH_OBJS="$AUTH_OBJS secureware.o" 2846 fi 2847fi 2848 2849dnl 2850dnl extra lib and .o file for LDAP support 2851dnl 2852if test ${with_ldap-'no'} != "no"; then 2853 _LDFLAGS="$LDFLAGS" 2854 if test "$with_ldap" != "yes"; then 2855 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib]) 2856 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib]) 2857 CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include" 2858 with_ldap=yes 2859 fi 2860 SUDO_OBJS="${SUDO_OBJS} ldap.o" 2861 LDAP="" 2862 2863 AC_MSG_CHECKING([for LDAP libraries]) 2864 LDAP_LIBS="" 2865 _LIBS="$LIBS" 2866 found=no 2867 for l in -lldap -llber '-lssl -lcrypto'; do 2868 LIBS="${LIBS} $l" 2869 LDAP_LIBS="${LDAP_LIBS} $l" 2870 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h> 2871 #include <lber.h> 2872 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break]) 2873 done 2874 if test "$found" = "no"; then 2875 LDAP_LIBS="" 2876 LIBS="$_LIBS" 2877 for l in -libmldap -lidsldif; do 2878 LIBS="${LIBS} $l" 2879 LDAP_LIBS="${LDAP_LIBS} $l" 2880 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h> 2881 #include <lber.h> 2882 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break]) 2883 done 2884 fi 2885 dnl if nothing linked just try with -lldap 2886 if test "$found" = "no"; then 2887 LIBS="${_LIBS} -lldap" 2888 LDAP_LIBS="-lldap" 2889 AC_MSG_RESULT([not found, using -lldap]) 2890 else 2891 AC_MSG_RESULT([$LDAP_LIBS]) 2892 fi 2893 dnl check if we need to link with -llber for ber_set_option 2894 OLIBS="$LIBS" 2895 AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no]) 2896 if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then 2897 LDAP_LIBS="$LDAP_LIBS -llber" 2898 fi 2899 dnl check if ldap.h includes lber.h for us 2900 AC_MSG_CHECKING([whether lber.h is needed]) 2901 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h> 2902 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [ 2903 AC_MSG_RESULT([yes]) 2904 AC_DEFINE(HAVE_LBER_H)]) 2905 2906 AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)], [break]) 2907 AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>]) 2908 AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_init ldap_ssl_client_init ldap_start_tls_s_np) 2909 AC_CHECK_FUNCS(ldap_search_ext_s ldap_search_st, [break]) 2910 2911 if test X"$check_gss_krb5_ccache_name" = X"yes"; then 2912 AC_CHECK_LIB(gssapi, gss_krb5_ccache_name, 2913 AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME) 2914 [LDAP_LIBS="${LDAP_LIBS} -lgssapi"], 2915 AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name, 2916 AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME) 2917 [LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"]) 2918 ) 2919 2920 # gssapi headers may be separate or part of Kerberos V 2921 found=no 2922 O_CPPFLAGS="$CPPFLAGS" 2923 for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do 2924 test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" 2925 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <gssapi/gssapi.h>]])], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <gssapi.h>]])], [found="gssapi.h"; break])]) 2926 done 2927 if test X"$found" != X"no"; then 2928 AC_CHECK_HEADERS([$found]) 2929 if test X"$found" = X"gssapi/gssapi.h"; then 2930 AC_CHECK_HEADERS([gssapi/gssapi_krb5.h]) 2931 fi 2932 else 2933 CPPFLAGS="$O_CPPFLAGS" 2934 AC_MSG_WARN([Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS]) 2935 fi 2936 fi 2937 2938 SUDO_LIBS="${SUDO_LIBS} ${LDAP_LIBS}" 2939 LIBS="$_LIBS" 2940 LDFLAGS="$_LDFLAGS" 2941fi 2942 2943dnl 2944dnl Add LIBVAS_RPATH to LDFLAGS 2945dnl GNU ld accepts -R/path/ as an alias for -rpath /path/ 2946dnl 2947if test X"$LIBVAS_RPATH" != X""; then 2948 if test -n "$blibpath"; then 2949 blibpath_add="${blibpath_add}:$LIBVAS_RPATH" 2950 else 2951 case "$host" in 2952 *-*-hpux*) LDFLAGS="$LDFLAGS -Wl,+b,$LIBVAS_RPATH" 2953 ;; 2954 *) LDFLAGS="$LDFLAGS -Wl,-R$LIBVAS_RPATH" 2955 ;; 2956 esac 2957 fi 2958fi 2959 2960dnl 2961dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we 2962dnl added -L dirpaths to SUDO_LDFLAGS. 2963dnl 2964if test -n "$blibpath"; then 2965 if test -n "$blibpath_add"; then 2966 SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}" 2967 elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then 2968 SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}" 2969 fi 2970fi 2971 2972dnl 2973dnl Check for log file, timestamp and iolog locations 2974dnl 2975SUDO_LOGFILE 2976SUDO_TIMEDIR 2977SUDO_IO_LOGDIR 2978 2979dnl 2980dnl If I/O logging is enabled, build sudoreplay and exec_pty get_pty.o iolog.o 2981dnl 2982if test "${with_iologdir-yes}" != "no"; then 2983 # Require POSIX job control for I/O log support 2984 AC_CHECK_FUNCS(tcsetpgrp, [ 2985 SUDO_OBJS="${SUDO_OBJS} exec_pty.o get_pty.o iolog.o" 2986 PROGS="$PROGS sudoreplay" 2987 REPLAY="" 2988 2989 AC_ARG_ENABLE(zlib, 2990 [AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])], []) 2991 case ${enable_zlib-"yes"} in 2992 yes) 2993 AC_CHECK_LIB(z, gzdopen, [ 2994 AC_CHECK_HEADERS(zlib.h, [ZLIB="-lz"], [enable_zlib=builtin]) 2995 ]) 2996 ;; 2997 no) 2998 ;; 2999 system) 3000 AC_DEFINE(HAVE_ZLIB_H) 3001 ZLIB="-lz" 3002 ;; 3003 builtin) 3004 # handled below 3005 ;; 3006 *) 3007 AC_DEFINE(HAVE_ZLIB_H) 3008 CPPFLAGS="${CPPFLAGS} -I${enable_zlib}/include" 3009 SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib]) 3010 ZLIB="${ZLIB} -lz" 3011 ;; 3012 esac 3013 if test X"$enable_zlib" = X"builtin"; then 3014 AC_DEFINE(HAVE_ZLIB_H) 3015 CPPFLAGS="${CPPFLAGS}"' -I$(srcdir)/zlib' 3016 ZLIB="${ZLIB} libz.a" 3017 ZLIB_DEP=libz.a 3018 fi 3019 ], [ 3020 AC_MSG_WARN([Disabling I/O log support due to lack of tcsetpgrp function]) 3021 with_iologdir=no 3022 ]) 3023fi 3024 3025dnl 3026dnl Check for PIE executable support if using gcc. 3027dnl This test relies on AC_LANG_WERROR 3028dnl 3029if test "$enable_pie" != "no" -a -n "$GCC"; then 3030 AX_CHECK_COMPILE_FLAG([-fPIE], [ 3031 _CFLAGS="$CFLAGS" 3032 CFLAGS="$CFLAGS -fPIE" 3033 AX_CHECK_LINK_FLAG([-pie], [ 3034 PIE_CFLAGS="-fPIE" 3035 PIE_LDFLAGS="-pie" 3036 ]) 3037 CFLAGS="$_CFLAGS" 3038 ]) 3039fi 3040 3041dnl 3042dnl Check for -fstack-protector and -z relro support 3043dnl This must be towards the end as it turns warnings 3044dnl into fatal errors (and there is no way to undo that) 3045dnl 3046if test "$enable_hardening" != "no"; then 3047 AC_LANG_WERROR 3048 if test -n "$GCC"; then 3049 AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [ 3050 AX_CHECK_LINK_FLAG([-fstack-protector-all], [ 3051 SSP_CFLAGS="-fstack-protector-all" 3052 SSP_LDFLAGS="-fstack-protector-all" 3053 ]) 3054 ]) 3055 if test -z "$SSP_CFLAGS"; then 3056 AX_CHECK_COMPILE_FLAG([-fstack-protector], [ 3057 AX_CHECK_LINK_FLAG([-fstack-protector], [ 3058 SSP_CFLAGS="-fstack-protector" 3059 SSP_LDFLAGS="-fstack-protector" 3060 ]) 3061 ]) 3062 fi 3063 fi 3064 AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="${LDFLAGS} -Wl,-z,relro"]) 3065fi 3066 3067dnl 3068dnl Use passwd auth module? 3069dnl 3070case "$with_passwd" in 3071yes|maybe) 3072 AUTH_OBJS="$AUTH_OBJS getspwuid.o passwd.o" 3073 ;; 3074*) 3075 AC_DEFINE(WITHOUT_PASSWD) 3076 if test -z "$AUTH_OBJS"; then 3077 AC_MSG_ERROR([no authentication methods defined.]) 3078 fi 3079 ;; 3080esac 3081AUTH_OBJS=${AUTH_OBJS# } 3082_AUTH=`echo "$AUTH_OBJS" | sed -e 's/\.o//g' -e 's/getspwuid *//'` 3083AC_MSG_NOTICE([using the following authentication methods: $_AUTH]) 3084 3085dnl 3086dnl LIBS may contain duplicates from SUDO_LIBS or NET_LIBS so prune it. 3087dnl 3088if test -n "$LIBS"; then 3089 L="$LIBS" 3090 LIBS= 3091 for l in ${L}; do 3092 dupe=0 3093 for sl in ${SUDO_LIBS} ${NET_LIBS}; do 3094 test $l = $sl && dupe=1 3095 done 3096 test $dupe = 0 && LIBS="${LIBS} $l" 3097 done 3098fi 3099 3100dnl 3101dnl We add -Wall and -Werror after all tests so they don't cause failures 3102dnl 3103if test -n "$GCC"; then 3104 if test X"$enable_warnings" = X"yes" -o X"$with_devel" = X"yes"; then 3105 CFLAGS="${CFLAGS} -Wall" 3106 fi 3107 if test X"$enable_werror" = X"yes"; then 3108 CFLAGS="${CFLAGS} -Werror" 3109 fi 3110fi 3111 3112dnl 3113dnl Set exec_prefix 3114dnl 3115test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)' 3116 3117dnl 3118dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set 3119dnl XXX - this is gross! 3120dnl 3121if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then 3122 oexec_prefix="$exec_prefix" 3123 if test "$exec_prefix" = '$(prefix)'; then 3124 if test "$prefix" = "NONE"; then 3125 exec_prefix="$ac_default_prefix" 3126 else 3127 exec_prefix="$prefix" 3128 fi 3129 fi 3130 if test X"$with_noexec" != X"no"; then 3131 PROGS="${PROGS} libsudo_noexec.la" 3132 INSTALL_NOEXEC="install-noexec" 3133 3134 noexec_file="$with_noexec" 3135 _noexec_file= 3136 while test X"$noexec_file" != X"$_noexec_file"; do 3137 _noexec_file="$noexec_file" 3138 eval noexec_file="$_noexec_file" 3139 done 3140 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so]) 3141 fi 3142 if test X"$with_selinux" != X"no"; then 3143 sesh_file="$libexecdir/sesh" 3144 _sesh_file= 3145 while test X"$sesh_file" != X"$_sesh_file"; do 3146 _sesh_file="$sesh_file" 3147 eval sesh_file="$_sesh_file" 3148 done 3149 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh]) 3150 fi 3151 exec_prefix="$oexec_prefix" 3152fi 3153 3154dnl 3155dnl Override default configure dirs for the Makefile 3156dnl 3157if test X"$prefix" = X"NONE"; then 3158 test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man' 3159else 3160 test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man' 3161fi 3162test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' 3163test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' 3164test "$libexecdir" = '${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec' 3165test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include' 3166test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share' 3167test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' 3168test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale' 3169test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var' 3170test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' 3171 3172dnl 3173dnl Substitute into the Makefile, sudo_usage.h and example sudoers 3174dnl 3175AC_CONFIG_FILES([Makefile sudo_usage.h sudoers]) 3176AC_OUTPUT 3177 3178dnl 3179dnl Spew any text the user needs to know about 3180dnl 3181if test "$with_pam" = "yes"; then 3182 case $host in 3183 *-*-hpux*) 3184 if test -f /usr/lib/security/libpam_hpsec.so.1; then 3185 AC_MSG_NOTICE([You may wish to add the following line to /etc/pam.conf]) 3186 AC_MSG_NOTICE([sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login]) 3187 fi 3188 ;; 3189 *-*-linux*) 3190 AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo]) 3191 ;; 3192 esac 3193fi 3194 3195dnl 3196dnl Autoheader templates 3197dnl 3198AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.]) 3199AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.]) 3200AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.]) 3201AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.]) 3202AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.]) 3203AH_TEMPLATE(ENV_DEBUG, [Define to 1 to enable environment function debugging.]) 3204AH_TEMPLATE(ENV_RESET, [Define to 1 to enable environment resetting by default.]) 3205AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.]) 3206AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".]) 3207AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.]) 3208AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.]) 3209AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.]) 3210AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.]) 3211AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM audit support.]) 3212AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.]) 3213AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.]) 3214AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.]) 3215AH_TEMPLATE(HAVE_DGETTEXT, [Define to 1 if you have the `dgettext' function.]) 3216AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.]) 3217AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.]) 3218AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.]) 3219AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.]) 3220AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)]) 3221AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)]) 3222AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)]) 3223AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)]) 3224AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)]) 3225AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.]) 3226AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.]) 3227AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)]) 3228AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)]) 3229AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.]) 3230AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.]) 3231AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.]) 3232AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.]) 3233AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.]) 3234AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.]) 3235AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)]) 3236AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.]) 3237AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.]) 3238AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.]) 3239AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.]) 3240AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.]) 3241AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.]) 3242AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.]) 3243AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.]) 3244AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.]) 3245AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.]) 3246AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().]) 3247AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments]) 3248AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union]) 3249AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member]) 3250AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member]) 3251AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.]) 3252AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.]) 3253AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.]) 3254AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements]) 3255AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.]) 3256AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.]) 3257AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.]) 3258AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.]) 3259AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support]) 3260AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.]) 3261AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.]) 3262AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.]) 3263AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.]) 3264AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.]) 3265AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.]) 3266AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.]) 3267AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.]) 3268AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.]) 3269AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.]) 3270AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.]) 3271AH_TEMPLATE(UMASK_OVERRIDE, [Define to 1 to use the umask specified in sudoers even when it is less restrictive than the invoking user's.]) 3272AH_TEMPLATE(USE_ADMIN_FLAG, [Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo.]) 3273AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.]) 3274AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.]) 3275AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.]) 3276AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.]) 3277AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.]) 3278AH_TEMPLATE(USING_NONUNIX_GROUPS, [Define to 1 if using a non-Unix group lookup implementation.]) 3279 3280dnl 3281dnl Bits to copy verbatim into config.h.in 3282dnl 3283AH_TOP([#ifndef _SUDO_CONFIG_H 3284#define _SUDO_CONFIG_H]) 3285 3286AH_BOTTOM([/* 3287 * Macros to convert ctime and mtime into timevals. 3288 */ 3289#define timespec2timeval(_ts, _tv) do { \ 3290 (_tv)->tv_sec = (_ts)->tv_sec; \ 3291 (_tv)->tv_usec = (_ts)->tv_nsec / 1000; \ 3292} while (0) 3293 3294#ifdef HAVE_ST_MTIM 3295# ifdef HAVE_ST__TIM 3296# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim.st__tim, (_y)) 3297# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim.st__tim, (_y)) 3298# else 3299# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim, (_y)) 3300# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim, (_y)) 3301# endif 3302#else 3303# ifdef HAVE_ST_MTIMESPEC 3304# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctimespec, (_y)) 3305# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtimespec, (_y)) 3306# else 3307# define ctim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_ctime; (_y)->tv_usec = 0; } while (0) 3308# define mtim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_mtime; (_y)->tv_usec = 0; } while (0) 3309# endif /* HAVE_ST_MTIMESPEC */ 3310#endif /* HAVE_ST_MTIM */ 3311 3312/* 3313 * Emulate a subset of waitpid() if we don't have it. 3314 */ 3315#ifdef HAVE_WAITPID 3316# define sudo_waitpid(p, s, o) waitpid(p, s, o) 3317#else 3318# ifdef HAVE_WAIT3 3319# define sudo_waitpid(p, s, o) wait3(s, o, NULL) 3320# endif 3321#endif 3322 3323#ifdef __GNUC__ 3324# define ignore_result(x) do { \ 3325 __typeof__(x) y = (x); \ 3326 (void)y; \ 3327} while(0) 3328#else 3329# define ignore_result(x) (void)(x) 3330#endif 3331 3332/* Macros to set/clear/test flags. */ 3333#undef SET 3334#define SET(t, f) ((t) |= (f)) 3335#undef CLR 3336#define CLR(t, f) ((t) &= ~(f)) 3337#undef ISSET 3338#define ISSET(t, f) ((t) & (f)) 3339 3340/* New ANSI-style OS defs for HP-UX and ConvexOS. */ 3341#if defined(hpux) && !defined(__hpux) 3342# define __hpux 1 3343#endif /* hpux */ 3344 3345#if defined(convex) && !defined(__convex__) 3346# define __convex__ 1 3347#endif /* convex */ 3348 3349/* BSD compatibility on some SVR4 systems. */ 3350#ifdef __svr4__ 3351# define BSD_COMP 3352#endif /* __svr4__ */ 3353 3354#endif /* _SUDO_CONFIG_H */]) 3355