| dnl |
| dnl Process this file with GNU autoconf to produce a configure script. |
| dnl |
| dnl Copyright (c) 1994-1996,1998-2010 Todd C. Miller <Todd.Miller@courtesan.com> |
| dnl |
| AC_INIT([sudo], [1.7.4p4], [http://www.sudo.ws/bugs/], [sudo]) |
| AC_CONFIG_HEADER(config.h pathnames.h) |
| dnl |
| dnl This won't work before AC_INIT |
| dnl |
| AC_MSG_NOTICE([Configuring Sudo version $PACKAGE_VERSION]) |
| dnl |
| dnl Variables that get substituted in the Makefile and man pages |
| dnl |
| AC_SUBST([HAVE_BSM_AUDIT]) |
| AC_SUBST([SHELL]) |
| AC_SUBST([LIBTOOL]) |
| AC_SUBST([CFLAGS]) |
| AC_SUBST([PROGS]) |
| AC_SUBST([CPPFLAGS]) |
| AC_SUBST([LDFLAGS]) |
| AC_SUBST([COMMON_OBJS]) |
| AC_SUBST([SUDO_LDFLAGS]) |
| AC_SUBST([SUDO_OBJS]) |
| AC_SUBST([LIBS]) |
| AC_SUBST([SUDO_LIBS]) |
| AC_SUBST([NET_LIBS]) |
| AC_SUBST([AFS_LIBS]) |
| AC_SUBST([GETGROUPS_LIB]) |
| AC_SUBST([OSDEFS]) |
| AC_SUBST([AUTH_OBJS]) |
| AC_SUBST([MANTYPE]) |
| AC_SUBST([MAN_POSTINSTALL]) |
| AC_SUBST([SUDOERS_MODE]) |
| AC_SUBST([SUDOERS_UID]) |
| AC_SUBST([SUDOERS_GID]) |
| AC_SUBST([DEV]) |
| AC_SUBST([BAMAN]) |
| AC_SUBST([LCMAN]) |
| AC_SUBST([SEMAN]) |
| AC_SUBST([devdir]) |
| AC_SUBST([mansectsu]) |
| AC_SUBST([mansectform]) |
| AC_SUBST([mansrcdir]) |
| AC_SUBST([NOEXECFILE]) |
| AC_SUBST([NOEXECDIR]) |
| AC_SUBST([noexec_file]) |
| AC_SUBST([INSTALL_NOEXEC]) |
| AC_SUBST([DONT_LEAK_PATH_INFO]) |
| AC_SUBST([BSDAUTH_USAGE]) |
| AC_SUBST([SELINUX_USAGE]) |
| AC_SUBST([LDAP]) |
| AC_SUBST([REPLAY]) |
| AC_SUBST([LOGINCAP_USAGE]) |
| AC_SUBST([ZLIB]) |
| AC_SUBST([CONFIGURE_ARGS]) |
| dnl |
| dnl Variables that get substituted in docs (not overridden by environment) |
| dnl |
| AC_SUBST([timedir])dnl real initial value from SUDO_TIMEDIR |
| AC_SUBST([timeout]) |
| AC_SUBST([password_timeout]) |
| AC_SUBST([sudo_umask]) |
| AC_SUBST([passprompt]) |
| AC_SUBST([long_otp_prompt]) |
| AC_SUBST([lecture]) |
| AC_SUBST([logfac]) |
| AC_SUBST([goodpri]) |
| AC_SUBST([badpri]) |
| AC_SUBST([loglen]) |
| AC_SUBST([ignore_dot]) |
| AC_SUBST([mail_no_user]) |
| AC_SUBST([mail_no_host]) |
| AC_SUBST([mail_no_perms]) |
| AC_SUBST([mailto]) |
| AC_SUBST([mailsub]) |
| AC_SUBST([badpass_message]) |
| AC_SUBST([fqdn]) |
| AC_SUBST([runas_default]) |
| AC_SUBST([env_editor]) |
| AC_SUBST([passwd_tries]) |
| AC_SUBST([tty_tickets]) |
| AC_SUBST([insults]) |
| AC_SUBST([root_sudo]) |
| AC_SUBST([path_info]) |
| AC_SUBST([ldap_conf]) |
| AC_SUBST([ldap_secret]) |
| AC_SUBST([nsswitch_conf]) |
| AC_SUBST([netsvc_conf]) |
| AC_SUBST([secure_path]) |
| AC_SUBST([editor]) |
| # |
| # Begin initial values for man page substitution |
| # |
| timedir=/var/adm/sudo |
| timeout=5 |
| password_timeout=5 |
| sudo_umask=0022 |
| passprompt="Password:" |
| long_otp_prompt=off |
| lecture=once |
| logfac=auth |
| goodpri=notice |
| badpri=alert |
| loglen=80 |
| ignore_dot=off |
| mail_no_user=on |
| mail_no_host=off |
| mail_no_perms=off |
| mailto=root |
| mailsub="*** SECURITY information for %h ***" |
| badpass_message="Sorry, try again." |
| fqdn=off |
| runas_default=root |
| env_editor=off |
| editor=vi |
| passwd_tries=3 |
| tty_tickets=on |
| insults=off |
| root_sudo=on |
| path_info=on |
| ldap_conf=/etc/ldap.conf |
| ldap_secret=/etc/ldap.secret |
| netsvc_conf=/etc/netsvc.conf |
| noexec_file=/usr/local/libexec/sudo_noexec.so |
| nsswitch_conf=/etc/nsswitch.conf |
| secure_path="not set" |
| # |
| # End initial values for man page substitution |
| # |
| dnl |
| dnl Initial values for Makefile variables listed above |
| dnl May be overridden by environment variables.. |
| dnl |
| INSTALL_NOEXEC= |
| devdir='$(srcdir)' |
| PROGS="sudo visudo" |
| : ${MANTYPE='man'} |
| : ${mansrcdir='.'} |
| : ${SUDOERS_MODE='0440'} |
| : ${SUDOERS_UID='0'} |
| : ${SUDOERS_GID='0'} |
| DEV="#" |
| LDAP="#" |
| REPLAY="#" |
| BAMAN=0 |
| LCMAN=0 |
| SEMAN=0 |
| ZLIB= |
| AUTH_OBJS= |
| AUTH_REG= |
| AUTH_EXCL= |
| AUTH_EXCL_DEF= |
| AUTH_DEF=passwd |
| |
| dnl |
| dnl Other vaiables |
| dnl |
| CHECKSHADOW=true |
| shadow_defs= |
| shadow_funcs= |
| shadow_libs= |
| shadow_libs_optional= |
| |
| CONFIGURE_ARGS="$@" |
| |
| dnl |
| dnl Deprecated --with options (these all warn or generate an error) |
| dnl |
| |
| AC_ARG_WITH(otp-only, [AS_HELP_STRING([--with-otp-only], [deprecated])], |
| [case $with_otp_only in |
| yes) with_passwd="no" |
| AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(alertmail, [AS_HELP_STRING([--with-alertmail], [deprecated])], |
| [case $with_alertmail in |
| *) with_mailto="$with_alertmail" |
| AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto]) |
| ;; |
| esac]) |
| |
| dnl |
| dnl Options for --with |
| dnl |
| |
| AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])], |
| [case $with_devel in |
| yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc]) |
| PROGS="${PROGS} testsudoers" |
| OSDEFS="${OSDEFS} -DSUDO_DEVEL" |
| DEV="" |
| devdir=. |
| ;; |
| no) ;; |
| *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel]) |
| ;; |
| esac]) |
| if test X"$with_devel" != X"yes"; then |
| ac_cv_prog_cc_g=no |
| fi |
| |
| AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])], |
| [case $with_CC in |
| yes) AC_MSG_ERROR(["must give --with-CC an argument."]) |
| ;; |
| no) AC_MSG_ERROR(["illegal argument: --without-CC."]) |
| ;; |
| *) CC=$with_CC |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [pass -R flag in addition to -L for lib paths])], |
| [case $with_rpath in |
| yes|no) ;; |
| *) AC_MSG_ERROR(["--with-rpath does not take an argument."]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [pass -blibpath flag to ld for additional lib paths])], |
| [case $with_blibpath in |
| yes|no) ;; |
| *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.]) |
| ;; |
| esac]) |
| |
| dnl |
| dnl Handle BSM auditing support. |
| dnl |
| AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit support])], |
| [case $with_bsm_audit in |
| yes) AC_DEFINE(HAVE_BSM_AUDIT) |
| SUDO_LIBS="${SUDO_LIBS} -lbsm" |
| SUDO_OBJS="${SUDO_OBJS} bsm_audit.o" |
| ;; |
| no) ;; |
| *) AC_MSG_ERROR(["--with-bsm-audit does not take an argument."]) |
| ;; |
| esac]) |
| |
| dnl |
| dnl Handle Linux auditing support. |
| dnl |
| AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux-audit], [enable Linux audit support])], |
| [case $with_linux_audit in |
| yes) |
| AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <libaudit.h>]], [[int i = AUDIT_USER_CMD; (void)i;]])], [ |
| AC_DEFINE(HAVE_LINUX_AUDIT) |
| SUDO_LIBS="${SUDO_LIBS} -laudit" |
| SUDO_OBJS="${SUDO_OBJS} linux_audit.o" |
| ], [ |
| AC_MSG_ERROR([unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit]) |
| ]) |
| ;; |
| no) ;; |
| *) AC_MSG_ERROR(["--with-linux-audit does not take an argument."]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])], |
| [case $with_incpath in |
| yes) AC_MSG_ERROR(["must give --with-incpath an argument."]) |
| ;; |
| no) AC_MSG_ERROR(["--without-incpath not supported."]) |
| ;; |
| *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS]) |
| for i in ${with_incpath}; do |
| CPPFLAGS="${CPPFLAGS} -I${i}" |
| done |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(libpath, [AS_HELP_STRING([--with-libpath], [additional places to look for libraries])], |
| [case $with_libpath in |
| yes) AC_MSG_ERROR(["must give --with-libpath an argument."]) |
| ;; |
| no) AC_MSG_ERROR(["--without-libpath not supported."]) |
| ;; |
| *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(libraries, [AS_HELP_STRING([--with-libraries], [additional libraries to link with])], |
| [case $with_libraries in |
| yes) AC_MSG_ERROR(["must give --with-libraries an argument."]) |
| ;; |
| no) AC_MSG_ERROR(["--without-libraries not supported."]) |
| ;; |
| *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(efence, [AS_HELP_STRING([--with-efence], [link with -lefence for malloc() debugging])], |
| [case $with_efence in |
| yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)]) |
| LIBS="${LIBS} -lefence" |
| if test -f /usr/local/lib/libefence.a; then |
| with_libpath="${with_libpath} /usr/local/lib" |
| fi |
| ;; |
| no) ;; |
| *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])], |
| [case $with_csops in |
| yes) AC_MSG_NOTICE([Adding CSOps standard options]) |
| CHECKSIA=false |
| with_ignore_dot=yes |
| insults=on |
| with_classic_insults=yes |
| with_csops_insults=yes |
| with_env_editor=yes |
| : ${mansectsu='8'} |
| : ${mansectform='5'} |
| ;; |
| no) ;; |
| *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])], |
| [case $with_passwd in |
| yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication) |
| AC_MSG_RESULT($with_passwd) |
| AUTH_DEF="" |
| test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd" |
| ;; |
| *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(skey, [AS_HELP_STRING([--with-skey[=DIR]], [enable S/Key support ])], |
| [case $with_skey in |
| no) with_skey="" |
| ;; |
| *) AC_DEFINE(HAVE_SKEY) |
| AC_MSG_CHECKING(whether to try S/Key authentication) |
| AC_MSG_RESULT(yes) |
| AUTH_REG="$AUTH_REG S/Key" |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(opie, [AS_HELP_STRING([--with-opie[=DIR]], [enable OPIE support ])], |
| [case $with_opie in |
| no) with_opie="" |
| ;; |
| *) AC_DEFINE(HAVE_OPIE) |
| AC_MSG_CHECKING(whether to try NRL OPIE authentication) |
| AC_MSG_RESULT(yes) |
| AUTH_REG="$AUTH_REG NRL_OPIE" |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(long-otp-prompt, [AS_HELP_STRING([--with-long-otp-prompt], [use a two line OTP (skey/opie) prompt])], |
| [case $with_long_otp_prompt in |
| yes) AC_DEFINE(LONG_OTP_PROMPT) |
| AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication) |
| AC_MSG_RESULT(yes) |
| long_otp_prompt=on |
| ;; |
| no) long_otp_prompt=off |
| ;; |
| *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(SecurID, [AS_HELP_STRING([--with-SecurID[[=DIR]]], [enable SecurID support])], |
| [case $with_SecurID in |
| no) with_SecurID="";; |
| *) AC_DEFINE(HAVE_SECURID) |
| AC_MSG_CHECKING(whether to use SecurID for authentication) |
| AC_MSG_RESULT(yes) |
| AUTH_EXCL="$AUTH_EXCL SecurID" |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]]], [enable FWTK AuthSRV support])], |
| [case $with_fwtk in |
| no) with_fwtk="";; |
| *) AC_DEFINE(HAVE_FWTK) |
| AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication) |
| AC_MSG_RESULT(yes) |
| AUTH_EXCL="$AUTH_EXCL FWTK" |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(kerb4, [AS_HELP_STRING([--with-kerb4[[=DIR]]], [enable Kerberos IV support])], |
| [case $with_kerb4 in |
| no) with_kerb4="";; |
| *) AC_MSG_CHECKING(whether to try kerberos IV authentication) |
| AC_MSG_RESULT(yes) |
| AUTH_REG="$AUTH_REG kerb4" |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])], |
| [case $with_kerb5 in |
| no) with_kerb5="";; |
| *) AC_MSG_CHECKING(whether to try Kerberos V authentication) |
| AC_MSG_RESULT(yes) |
| AUTH_REG="$AUTH_REG kerb5" |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(aixauth, [AS_HELP_STRING([--with-aixauth], [enable AIX general authentication support])], |
| [case $with_aixauth in |
| yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";; |
| no) ;; |
| *) AC_MSG_ERROR(["--with-aixauth does not take an argument."]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(pam, [AS_HELP_STRING([--with-pam], [enable PAM support])], |
| [case $with_pam in |
| yes) AUTH_EXCL="$AUTH_EXCL PAM";; |
| no) ;; |
| *) AC_MSG_ERROR(["--with-pam does not take an argument."]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(AFS, [AS_HELP_STRING([--with-AFS], [enable AFS support])], |
| [case $with_AFS in |
| yes) AC_DEFINE(HAVE_AFS) |
| AC_MSG_CHECKING(whether to try AFS (kerberos) authentication) |
| AC_MSG_RESULT(yes) |
| AUTH_REG="$AUTH_REG AFS" |
| ;; |
| no) ;; |
| *) AC_MSG_ERROR(["--with-AFS does not take an argument."]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(DCE, [AS_HELP_STRING([--with-DCE], [enable DCE support])], |
| [case $with_DCE in |
| yes) AC_DEFINE(HAVE_DCE) |
| AC_MSG_CHECKING(whether to try DCE (kerberos) authentication) |
| AC_MSG_RESULT(yes) |
| AUTH_REG="$AUTH_REG DCE" |
| ;; |
| no) ;; |
| *) AC_MSG_ERROR(["--with-DCE does not take an argument."]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(logincap, [AS_HELP_STRING([--with-logincap], [enable BSD login class support])], |
| [case $with_logincap in |
| yes|no) ;; |
| *) AC_MSG_ERROR(["--with-logincap does not take an argument."]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(bsdauth, [AS_HELP_STRING([--with-bsdauth], [enable BSD authentication support])], |
| [case $with_bsdauth in |
| yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";; |
| no) ;; |
| *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(project, [AS_HELP_STRING([--with-project], [enable Solaris project support])], |
| [case $with_project in |
| yes|no) ;; |
| no) ;; |
| *) AC_MSG_ERROR(["--with-project does not take an argument."]) |
| ;; |
| esac]) |
| |
| AC_MSG_CHECKING(whether to lecture users the first time they run sudo) |
| AC_ARG_WITH(lecture, [AS_HELP_STRING([--without-lecture], [don't print lecture for first-time sudoer])], |
| [case $with_lecture in |
| yes|short|always) lecture=once |
| ;; |
| no|none|never) lecture=never |
| ;; |
| *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"]) |
| ;; |
| esac]) |
| if test "$lecture" = "once"; then |
| AC_MSG_RESULT(yes) |
| else |
| AC_DEFINE(NO_LECTURE) |
| AC_MSG_RESULT(no) |
| fi |
| |
| AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default) |
| AC_ARG_WITH(logging, [AS_HELP_STRING([--with-logging], [log via syslog, file, or both])], |
| [case $with_logging in |
| yes) AC_MSG_ERROR(["must give --with-logging an argument."]) |
| ;; |
| no) AC_MSG_ERROR(["--without-logging not supported."]) |
| ;; |
| syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG) |
| AC_MSG_RESULT(syslog) |
| ;; |
| file) AC_DEFINE(LOGGING, SLOG_FILE) |
| AC_MSG_RESULT(file) |
| ;; |
| both) AC_DEFINE(LOGGING, SLOG_BOTH) |
| AC_MSG_RESULT(both) |
| ;; |
| *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"]) |
| ;; |
| esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)]) |
| |
| AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "auth")])], |
| [case $with_logfac in |
| yes) AC_MSG_ERROR(["must give --with-logfac an argument."]) |
| ;; |
| no) AC_MSG_ERROR(["--without-logfac not supported."]) |
| ;; |
| authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac |
| ;; |
| *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."]) |
| ;; |
| esac]) |
| |
| AC_MSG_CHECKING(at which syslog priority to log commands) |
| AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])], |
| [case $with_goodpri in |
| yes) AC_MSG_ERROR(["must give --with-goodpri an argument."]) |
| ;; |
| no) AC_MSG_ERROR(["--without-goodpri not supported."]) |
| ;; |
| alert|crit|debug|emerg|err|info|notice|warning) |
| goodpri=$with_goodpri |
| ;; |
| *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."]) |
| ;; |
| esac]) |
| AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.]) |
| AC_MSG_RESULT($goodpri) |
| |
| AC_MSG_CHECKING(at which syslog priority to log failures) |
| AC_ARG_WITH(badpri, [AS_HELP_STRING([--with-badpri], [syslog priority for failures (def is "alert")])], |
| [case $with_badpri in |
| yes) AC_MSG_ERROR(["must give --with-badpri an argument."]) |
| ;; |
| no) AC_MSG_ERROR(["--without-badpri not supported."]) |
| ;; |
| alert|crit|debug|emerg|err|info|notice|warning) |
| badpri=$with_badpri |
| ;; |
| *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.]) |
| ;; |
| esac]) |
| AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.]) |
| AC_MSG_RESULT($badpri) |
| |
| AC_ARG_WITH(logpath, [AS_HELP_STRING([--with-logpath], [path to the sudo log file])], |
| [case $with_logpath in |
| yes) AC_MSG_ERROR(["must give --with-logpath an argument."]) |
| ;; |
| no) AC_MSG_ERROR(["--without-logpath not supported."]) |
| ;; |
| esac]) |
| |
| AC_MSG_CHECKING(how long a line in the log file should be) |
| AC_ARG_WITH(loglen, [AS_HELP_STRING([--with-loglen], [maximum length of a log file line (default is 80)])], |
| [case $with_loglen in |
| yes) AC_MSG_ERROR(["must give --with-loglen an argument."]) |
| ;; |
| no) AC_MSG_ERROR(["--without-loglen not supported."]) |
| ;; |
| [[0-9]]*) loglen=$with_loglen |
| ;; |
| *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"]) |
| ;; |
| esac]) |
| AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).]) |
| AC_MSG_RESULT($loglen) |
| |
| AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH) |
| AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [ignore '.' in the PATH])], |
| [case $with_ignore_dot in |
| yes) ignore_dot=on |
| ;; |
| no) ignore_dot=off |
| ;; |
| *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."]) |
| ;; |
| esac]) |
| if test "$ignore_dot" = "on"; then |
| AC_DEFINE(IGNORE_DOT_PATH) |
| AC_MSG_RESULT(yes) |
| else |
| AC_MSG_RESULT(no) |
| fi |
| |
| AC_MSG_CHECKING(whether to send mail when a user is not in sudoers) |
| AC_ARG_WITH(mail-if-no-user, [AS_HELP_STRING([--without-mail-if-no-user], [do not send mail if user not in sudoers])], |
| [case $with_mail_if_no_user in |
| yes) mail_no_user=on |
| ;; |
| no) mail_no_user=off |
| ;; |
| *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."]) |
| ;; |
| esac]) |
| if test "$mail_no_user" = "on"; then |
| AC_DEFINE(SEND_MAIL_WHEN_NO_USER) |
| AC_MSG_RESULT(yes) |
| else |
| AC_MSG_RESULT(no) |
| fi |
| |
| AC_MSG_CHECKING(whether to send mail when user listed but not for this host) |
| AC_ARG_WITH(mail-if-no-host, [AS_HELP_STRING([--with-mail-if-no-host], [send mail if user in sudoers but not for this host])], |
| [case $with_mail_if_no_host in |
| yes) mail_no_host=on |
| ;; |
| no) mail_no_host=off |
| ;; |
| *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."]) |
| ;; |
| esac]) |
| if test "$mail_no_host" = "on"; then |
| AC_DEFINE(SEND_MAIL_WHEN_NO_HOST) |
| AC_MSG_RESULT(yes) |
| else |
| AC_MSG_RESULT(no) |
| fi |
| |
| AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command) |
| AC_ARG_WITH(mail-if-noperms, [AS_HELP_STRING([--with-mail-if-noperms], [send mail if user not allowed to run command])], |
| [case $with_mail_if_noperms in |
| yes) mail_noperms=on |
| ;; |
| no) mail_noperms=off |
| ;; |
| *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."]) |
| ;; |
| esac]) |
| if test "$mail_noperms" = "on"; then |
| AC_DEFINE(SEND_MAIL_WHEN_NOT_OK) |
| AC_MSG_RESULT(yes) |
| else |
| AC_MSG_RESULT(no) |
| fi |
| |
| AC_MSG_CHECKING(who should get the mail that sudo sends) |
| AC_ARG_WITH(mailto, [AS_HELP_STRING([--with-mailto], [who should get sudo mail (default is "root")])], |
| [case $with_mailto in |
| yes) AC_MSG_ERROR(["must give --with-mailto an argument."]) |
| ;; |
| no) AC_MSG_ERROR(["--without-mailto not supported."]) |
| ;; |
| *) mailto=$with_mailto |
| ;; |
| esac]) |
| AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.]) |
| AC_MSG_RESULT([$mailto]) |
| |
| AC_ARG_WITH(mailsubject, [AS_HELP_STRING([--with-mailsubject], [subject of sudo mail])], |
| [case $with_mailsubject in |
| yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."]) |
| ;; |
| no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.]) |
| ;; |
| *) mailsub="$with_mailsubject" |
| AC_MSG_CHECKING(sudo mail subject) |
| AC_MSG_RESULT([Using alert mail subject: $mailsub]) |
| ;; |
| esac]) |
| AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.]) |
| |
| AC_MSG_CHECKING(for bad password prompt) |
| AC_ARG_WITH(passprompt, [AS_HELP_STRING([--with-passprompt], [default password prompt])], |
| [case $with_passprompt in |
| yes) AC_MSG_ERROR(["must give --with-passprompt an argument."]) |
| ;; |
| no) AC_MSG_WARN([Sorry, --without-passprompt not supported.]) |
| ;; |
| *) passprompt="$with_passprompt" |
| esac]) |
| AC_MSG_RESULT($passprompt) |
| AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.]) |
| |
| AC_MSG_CHECKING(for bad password message) |
| AC_ARG_WITH(badpass-message, [AS_HELP_STRING([--with-badpass-message], [message the user sees when the password is wrong])], |
| [case $with_badpass_message in |
| yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."]) |
| ;; |
| no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.]) |
| ;; |
| *) badpass_message="$with_badpass_message" |
| ;; |
| esac]) |
| AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.]) |
| AC_MSG_RESULT([$badpass_message]) |
| |
| AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers) |
| AC_ARG_WITH(fqdn, [AS_HELP_STRING([--with-fqdn], [expect fully qualified hosts in sudoers])], |
| [case $with_fqdn in |
| yes) fqdn=on |
| ;; |
| no) fqdn=off |
| ;; |
| *) AC_MSG_ERROR(["--with-fqdn does not take an argument."]) |
| ;; |
| esac]) |
| if test "$fqdn" = "on"; then |
| AC_DEFINE(FQDN) |
| AC_MSG_RESULT(yes) |
| else |
| AC_MSG_RESULT(no) |
| fi |
| |
| AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir], [path to the sudo timestamp dir])], |
| [case $with_timedir in |
| yes) AC_MSG_ERROR(["must give --with-timedir an argument."]) |
| ;; |
| no) AC_MSG_ERROR(["--without-timedir not supported."]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(iologdir, [AS_HELP_STRING([--with-iologdir=DIR], [directory to store sudo I/O log files in])], |
| [case $with_iologdir in |
| yes) ;; |
| no) ;; |
| esac]) |
| |
| AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail]) |
| AS_HELP_STRING([--without-sendmail], [do not send mail at all])], |
| [case $with_sendmail in |
| yes) with_sendmail="" |
| ;; |
| no) ;; |
| *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail") |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(sudoers-mode, [AS_HELP_STRING([--with-sudoers-mode], [mode of sudoers file (defaults to 0440)])], |
| [case $with_sudoers_mode in |
| yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."]) |
| ;; |
| no) AC_MSG_ERROR(["--without-sudoers-mode not supported."]) |
| ;; |
| [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode} |
| ;; |
| 0*) SUDOERS_MODE=$with_sudoers_mode |
| ;; |
| *) AC_MSG_ERROR(["you must use an octal mode, not a name."]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(sudoers-uid, [AS_HELP_STRING([--with-sudoers-uid], [uid that owns sudoers file (defaults to 0)])], |
| [case $with_sudoers_uid in |
| yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."]) |
| ;; |
| no) AC_MSG_ERROR(["--without-sudoers-uid not supported."]) |
| ;; |
| [[0-9]]*) SUDOERS_UID=$with_sudoers_uid |
| ;; |
| *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(sudoers-gid, [AS_HELP_STRING([--with-sudoers-gid], [gid that owns sudoers file (defaults to 0)])], |
| [case $with_sudoers_gid in |
| yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."]) |
| ;; |
| no) AC_MSG_ERROR(["--without-sudoers-gid not supported."]) |
| ;; |
| [[0-9]]*) SUDOERS_GID=$with_sudoers_gid |
| ;; |
| *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."]) |
| ;; |
| esac]) |
| |
| AC_MSG_CHECKING(for umask programs should be run with) |
| AC_ARG_WITH(umask, [AS_HELP_STRING([--with-umask], [umask with which the prog should run (default is 022)]) |
| AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo.])], |
| [case $with_umask in |
| yes) AC_MSG_ERROR(["must give --with-umask an argument."]) |
| ;; |
| no) sudo_umask=0777 |
| ;; |
| [[0-9]]*) sudo_umask=$with_umask |
| ;; |
| *) AC_MSG_ERROR(["you must enter a numeric mask."]) |
| ;; |
| esac]) |
| AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.]) |
| if test "$sudo_umask" = "0777"; then |
| AC_MSG_RESULT(user) |
| else |
| AC_MSG_RESULT($sudo_umask) |
| fi |
| |
| AC_MSG_CHECKING(for default user to run commands as) |
| AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])], |
| [case $with_runas_default in |
| yes) AC_MSG_ERROR(["must give --with-runas-default an argument."]) |
| ;; |
| no) AC_MSG_ERROR(["--without-runas-default not supported."]) |
| ;; |
| *) runas_default="$with_runas_default" |
| ;; |
| esac]) |
| AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.]) |
| AC_MSG_RESULT([$runas_default]) |
| |
| AC_ARG_WITH(exempt, [AS_HELP_STRING([--with-exempt=group], [no passwd needed for users in this group])], |
| [case $with_exempt in |
| yes) AC_MSG_ERROR(["must give --with-exempt an argument."]) |
| ;; |
| no) AC_MSG_ERROR(["--without-exempt not supported."]) |
| ;; |
| *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").]) |
| AC_MSG_CHECKING(for group to be exempt from password) |
| AC_MSG_RESULT([$with_exempt]) |
| ;; |
| esac]) |
| |
| AC_MSG_CHECKING(for editor that visudo should use) |
| AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for visudo (defaults to vi)])], |
| [case $with_editor in |
| yes) AC_MSG_ERROR(["must give --with-editor an argument."]) |
| ;; |
| no) AC_MSG_ERROR(["--without-editor not supported."]) |
| ;; |
| *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.]) |
| AC_MSG_RESULT([$with_editor]) |
| editor="$with_editor" |
| ;; |
| esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)]) |
| |
| AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables) |
| AC_ARG_WITH(env-editor, [AS_HELP_STRING([--with-env-editor], [Use the environment variable EDITOR for visudo])], |
| [case $with_env_editor in |
| yes) env_editor=on |
| ;; |
| no) env_editor=off |
| ;; |
| *) AC_MSG_ERROR(["--with-env-editor does not take an argument."]) |
| ;; |
| esac]) |
| if test "$env_editor" = "on"; then |
| AC_DEFINE(ENV_EDITOR) |
| AC_MSG_RESULT(yes) |
| else |
| AC_MSG_RESULT(no) |
| fi |
| |
| AC_MSG_CHECKING(number of tries a user gets to enter their password) |
| AC_ARG_WITH(passwd-tries, [AS_HELP_STRING([--with-passwd-tries], [number of tries to enter password (default is 3)])], |
| [case $with_passwd_tries in |
| yes) ;; |
| no) AC_MSG_ERROR(["--without-editor not supported."]) |
| ;; |
| [[1-9]]*) passwd_tries=$with_passwd_tries |
| ;; |
| *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"]) |
| ;; |
| esac]) |
| AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.]) |
| AC_MSG_RESULT($passwd_tries) |
| |
| AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again) |
| AC_ARG_WITH(timeout, [AS_HELP_STRING([--with-timeout], [minutes before sudo asks for passwd again (def is 5 minutes)])], |
| [case $with_timeout in |
| yes) ;; |
| no) timeout=0 |
| ;; |
| [[0-9]]*) timeout=$with_timeout |
| ;; |
| *) AC_MSG_ERROR(["you must enter the numer of minutes."]) |
| ;; |
| esac]) |
| AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.]) |
| AC_MSG_RESULT($timeout) |
| |
| AC_MSG_CHECKING(time in minutes after the password prompt will time out) |
| AC_ARG_WITH(password-timeout, [AS_HELP_STRING([--with-password-timeout], [passwd prompt timeout in minutes (default is 5 minutes)])], |
| [case $with_password_timeout in |
| yes) ;; |
| no) password_timeout=0 |
| ;; |
| [[0-9]]*) password_timeout=$with_password_timeout |
| ;; |
| *) AC_MSG_ERROR(["you must enter the numer of minutes."]) |
| ;; |
| esac]) |
| AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).]) |
| AC_MSG_RESULT($password_timeout) |
| |
| AC_MSG_CHECKING(whether to use per-tty ticket files) |
| AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different ticket file for each tty])], |
| [case $with_tty_tickets in |
| yes) tty_tickets=on |
| ;; |
| no) tty_tickets=off |
| ;; |
| *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."]) |
| ;; |
| esac]) |
| if test "$tty_tickets" = "off"; then |
| AC_DEFINE(NO_TTY_TICKETS) |
| AC_MSG_RESULT(no) |
| else |
| AC_MSG_RESULT(yes) |
| fi |
| |
| AC_MSG_CHECKING(whether to include insults) |
| AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for entering an incorrect password])], |
| [case $with_insults in |
| yes) insults=on |
| with_classic_insults=yes |
| with_csops_insults=yes |
| ;; |
| disabled) insults=off |
| with_classic_insults=yes |
| with_csops_insults=yes |
| ;; |
| no) insults=off |
| ;; |
| *) AC_MSG_ERROR(["--with-insults does not take an argument."]) |
| ;; |
| esac]) |
| if test "$insults" = "on"; then |
| AC_DEFINE(USE_INSULTS) |
| AC_MSG_RESULT(yes) |
| else |
| AC_MSG_RESULT(no) |
| fi |
| |
| AC_ARG_WITH(all-insults, [AS_HELP_STRING([--with-all-insults], [include all the sudo insult sets])], |
| [case $with_all_insults in |
| yes) with_classic_insults=yes |
| with_csops_insults=yes |
| with_hal_insults=yes |
| with_goons_insults=yes |
| ;; |
| no) ;; |
| *) AC_MSG_ERROR(["--with-all-insults does not take an argument."]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(classic-insults, [AS_HELP_STRING([--with-classic-insults], [include the insults from the "classic" sudo])], |
| [case $with_classic_insults in |
| yes) AC_DEFINE(CLASSIC_INSULTS) |
| ;; |
| no) ;; |
| *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(csops-insults, [AS_HELP_STRING([--with-csops-insults], [include CSOps insults])], |
| [case $with_csops_insults in |
| yes) AC_DEFINE(CSOPS_INSULTS) |
| ;; |
| no) ;; |
| *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(hal-insults, [AS_HELP_STRING([--with-hal-insults], [include 2001-like insults])], |
| [case $with_hal_insults in |
| yes) AC_DEFINE(HAL_INSULTS) |
| ;; |
| no) ;; |
| *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(goons-insults, [AS_HELP_STRING([--with-goons-insults], [include the insults from the "Goon Show"])], |
| [case $with_goons_insults in |
| yes) AC_DEFINE(GOONS_INSULTS) |
| ;; |
| no) ;; |
| *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."]) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(nsswitch, [AS_HELP_STRING([--with-nsswitch[[=PATH]]], [path to nsswitch.conf])], |
| [case $with_nsswitch in |
| no) ;; |
| yes) with_nsswitch="/etc/nsswitch.conf" |
| ;; |
| *) ;; |
| esac]) |
| |
| AC_ARG_WITH(ldap, [AS_HELP_STRING([--with-ldap[[=DIR]]], [enable LDAP support])], |
| [case $with_ldap in |
| no) ;; |
| *) AC_DEFINE(HAVE_LDAP) |
| AC_MSG_CHECKING(whether to use sudoers from LDAP) |
| AC_MSG_RESULT(yes) |
| ;; |
| esac]) |
| |
| AC_ARG_WITH(ldap-conf-file, [AS_HELP_STRING([--with-ldap-conf-file], [path to LDAP configuration file])]) |
| test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file" |
| SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$ldap_conf", [Path to the ldap.conf file]) |
| |
| AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path to LDAP secret password file])]) |
| test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file" |
| SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file]) |
| |
| AC_ARG_WITH(pc-insults, [AS_HELP_STRING([--with-pc-insults], [replace politically incorrect insults with less offensive ones])], |
| [case $with_pc_insults in |
| yes) AC_DEFINE(PC_INSULTS) |
| ;; |
| no) ;; |
| *) AC_MSG_ERROR(["--with-pc-insults does not take an argument."]) |
| ;; |
| esac]) |
| |
| dnl include all insult sets on one line |
| if test "$insults" = "on"; then |
| AC_MSG_CHECKING(which insult sets to include) |
| i="" |
| test "$with_goons_insults" = "yes" && i="goons ${i}" |
| test "$with_hal_insults" = "yes" && i="hal ${i}" |
| test "$with_csops_insults" = "yes" && i="csops ${i}" |
| test "$with_classic_insults" = "yes" && i="classic ${i}" |
| AC_MSG_RESULT([$i]) |
| fi |
| |
| AC_MSG_CHECKING(whether to override the user's path) |
| AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])], |
| [case $with_secure_path in |
| yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" |
| AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path") |
| AC_MSG_RESULT([$with_secure_path]) |
| secure_path="set to $with_secure_path" |
| ;; |
| no) AC_MSG_RESULT(no) |
| ;; |
| *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path") |
| AC_MSG_RESULT([$with_secure_path]) |
| secure_path="set to F<$with_secure_path>" |
| ;; |
| esac], AC_MSG_RESULT(no)) |
| |
| AC_MSG_CHECKING(whether to get ip addresses from the network interfaces) |
| AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-interfaces], [don't try to read the ip addr of ether interfaces])], |
| [case $with_interfaces in |
| yes) AC_MSG_RESULT(yes) |
| ;; |
| no) AC_DEFINE(STUB_LOAD_INTERFACES) |
| AC_MSG_RESULT(no) |
| ;; |
| *) AC_MSG_ERROR(["--with-interfaces does not take an argument."]) |
| ;; |
| esac], AC_MSG_RESULT(yes)) |
| |
| AC_MSG_CHECKING(whether stow should be used) |
| AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [properly handle GNU stow packaging])], |
| [case $with_stow in |
| yes) AC_MSG_RESULT(yes) |
| AC_DEFINE(USE_STOW) |
| ;; |
| no) AC_MSG_RESULT(no) |
| ;; |
| *) AC_MSG_ERROR(["--with-stow does not take an argument."]) |
| ;; |
| esac], AC_MSG_RESULT(no)) |
| |
| AC_MSG_CHECKING(whether to use an askpass helper) |
| AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])], |
| [case $with_askpass in |
| yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."]) |
| ;; |
| no) ;; |
| *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass]) |
| ;; |
| esac], AC_MSG_RESULT(no)) |
| |
| dnl |
| dnl If enabled, set LIBVAS_SO, LIBVAS_RPATH and USING_NONUNIX_GROUPS |
| dnl |
| AC_ARG_WITH(libvas, [AS_HELP_STRING([--with-libvas=NAME], [Name of the libvas shared library (default=libvas.so)])], |
| [case $with_libvas in |
| yes) with_libvas=libvas.so |
| ;; |
| no) ;; |
| *) AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_libvas"], [The name of libvas.so]) |
| ;; |
| esac |
| if test X"$with_libvas" != X"no"; then |
| AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_libvas"], [The name of libvas.so]) |
| AC_DEFINE(USING_NONUNIX_GROUPS) |
| COMMON_OBJS="$COMMON_OBJS vasgroups.o" |
| AC_ARG_WITH([libvas-rpath], |
| [AS_HELP_STRING([--with-libvas-rpath=PATH], |
| [Path to look for libvas in [default=/opt/quest/lib]])], |
| [LIBVAS_RPATH=$withval], |
| [LIBVAS_RPATH=/opt/quest/lib]) |
| dnl |
| dnl Some platforms require libdl for dlopen() |
| dnl |
| AC_CHECK_LIB([dl], [main]) |
| fi |
| ]) |
| |
| dnl |
| dnl Options for --enable |
| dnl |
| |
| AC_MSG_CHECKING(whether to do user authentication by default) |
| AC_ARG_ENABLE(authentication, |
| [AS_HELP_STRING([--disable-authentication], [Do not require authentication by default])], |
| [ case "$enableval" in |
| yes) AC_MSG_RESULT(yes) |
| ;; |
| no) AC_MSG_RESULT(no) |
| AC_DEFINE(NO_AUTHENTICATION) |
| ;; |
| *) AC_MSG_RESULT(no) |
| AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval]) |
| ;; |
| esac |
| ], AC_MSG_RESULT(yes)) |
| |
| AC_MSG_CHECKING(whether to disable running the mailer as root) |
| AC_ARG_ENABLE(root-mailer, |
| [AS_HELP_STRING([--disable-root-mailer], [Don't run the mailer as root, run as the user])], |
| [ case "$enableval" in |
| yes) AC_MSG_RESULT(no) |
| ;; |
| no) AC_MSG_RESULT(yes) |
| AC_DEFINE(NO_ROOT_MAILER) |
| ;; |
| *) AC_MSG_RESULT(no) |
| AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval]) |
| ;; |
| esac |
| ], AC_MSG_RESULT(no)) |
| |
| AC_ARG_ENABLE(setreuid, |
| [AS_HELP_STRING([--disable-setreuid], [Don't try to use the setreuid() function])], |
| [ case "$enableval" in |
| no) SKIP_SETREUID=yes |
| ;; |
| *) ;; |
| esac |
| ]) |
| |
| AC_ARG_ENABLE(setresuid, |
| [AS_HELP_STRING([--disable-setresuid], [Don't try to use the setresuid() function])], |
| [ case "$enableval" in |
| no) SKIP_SETRESUID=yes |
| ;; |
| *) ;; |
| esac |
| ]) |
| |
| AC_MSG_CHECKING(whether to disable shadow password support) |
| AC_ARG_ENABLE(shadow, |
| [AS_HELP_STRING([--disable-shadow], [Never use shadow passwords])], |
| [ case "$enableval" in |
| yes) AC_MSG_RESULT(no) |
| ;; |
| no) AC_MSG_RESULT(yes) |
| CHECKSHADOW="false" |
| ;; |
| *) AC_MSG_RESULT(no) |
| AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval]) |
| ;; |
| esac |
| ], AC_MSG_RESULT(no)) |
| |
| AC_MSG_CHECKING(whether root should be allowed to use sudo) |
| AC_ARG_ENABLE(root-sudo, |
| [AS_HELP_STRING([--disable-root-sudo], [Don't allow root to run sudo])], |
| [ case "$enableval" in |
| yes) AC_MSG_RESULT(yes) |
| ;; |
| no) AC_DEFINE(NO_ROOT_SUDO) |
| AC_MSG_RESULT(no) |
| root_sudo=off |
| ;; |
| *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."]) |
| ;; |
| esac |
| ], AC_MSG_RESULT(yes)) |
| |
| AC_MSG_CHECKING(whether to log the hostname in the log file) |
| AC_ARG_ENABLE(log-host, |
| [AS_HELP_STRING([--enable-log-host], [Log the hostname in the log file])], |
| [ case "$enableval" in |
| yes) AC_MSG_RESULT(yes) |
| AC_DEFINE(HOST_IN_LOG) |
| ;; |
| no) AC_MSG_RESULT(no) |
| ;; |
| *) AC_MSG_RESULT(no) |
| AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval]) |
| ;; |
| esac |
| ], AC_MSG_RESULT(no)) |
| |
| AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments) |
| AC_ARG_ENABLE(noargs-shell, |
| [AS_HELP_STRING([--enable-noargs-shell], [If sudo is given no arguments run a shell])], |
| [ case "$enableval" in |
| yes) AC_MSG_RESULT(yes) |
| AC_DEFINE(SHELL_IF_NO_ARGS) |
| ;; |
| no) AC_MSG_RESULT(no) |
| ;; |
| *) AC_MSG_RESULT(no) |
| AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval]) |
| ;; |
| esac |
| ], AC_MSG_RESULT(no)) |
| |
| AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode) |
| AC_ARG_ENABLE(shell-sets-home, |
| [AS_HELP_STRING([--enable-shell-sets-home], [Set $HOME to target user in shell mode])], |
| [ case "$enableval" in |
| yes) AC_MSG_RESULT(yes) |
| AC_DEFINE(SHELL_SETS_HOME) |
| ;; |
| no) AC_MSG_RESULT(no) |
| ;; |
| *) AC_MSG_RESULT(no) |
| AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval]) |
| ;; |
| esac |
| ], AC_MSG_RESULT(no)) |
| |
| AC_MSG_CHECKING(whether to disable 'command not found' messages) |
| AC_ARG_ENABLE(path_info, |
| [AS_HELP_STRING([--disable-path-info], [Print 'command not allowed' not 'command not found'])], |
| [ case "$enableval" in |
| yes) AC_MSG_RESULT(no) |
| ;; |
| no) AC_MSG_RESULT(yes) |
| AC_DEFINE(DONT_LEAK_PATH_INFO) |
| path_info=off |
| ;; |
| *) AC_MSG_RESULT(no) |
| AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval]) |
| ;; |
| esac |
| ], AC_MSG_RESULT(no)) |
| |
| AC_MSG_CHECKING(whether to enable environment debugging) |
| AC_ARG_ENABLE(env_debug, |
| [AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])], |
| [ case "$enableval" in |
| yes) AC_MSG_RESULT(yes) |
| AC_DEFINE(ENV_DEBUG) |
| ;; |
| no) AC_MSG_RESULT(no) |
| ;; |
| *) AC_MSG_RESULT(no) |
| AC_MSG_WARN([Ignoring unknown argument to --enable-env-debug: $enableval]) |
| ;; |
| esac |
| ], AC_MSG_RESULT(no)) |
| |
| AC_ARG_ENABLE(warnings, |
| [AS_HELP_STRING([--enable-warnings], [Whether to enable compiler warnings])], |
| [ case "$enableval" in |
| yes) if test X"$with_devel" != X"yes" -a -n "$GCC"; then |
| CFLAGS="${CFLAGS} -Wall" |
| fi |
| ;; |
| no) ;; |
| *) AC_MSG_WARN([Ignoring unknown argument to --enable-warnings: $enableval]) |
| ;; |
| esac |
| ]) |
| |
| AC_ARG_ENABLE(admin-flag, |
| [AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])], |
| [ case "$enableval" in |
| yes) AC_DEFINE(USE_ADMIN_FLAG) |
| ;; |
| no) ;; |
| *) AC_MSG_WARN([Ignoring unknown argument to --enable-admin-flag: $enableval]) |
| ;; |
| esac |
| ]) |
| |
| AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])], |
| [case $with_selinux in |
| yes) SELINUX_USAGE="[[-r role]] [[-t type]] " |
| AC_DEFINE(HAVE_SELINUX) |
| SUDO_LIBS="${SUDO_LIBS} -lselinux" |
| SUDO_OBJS="${SUDO_OBJS} selinux.o" |
| PROGS="${PROGS} sesh" |
| SEMAN=1 |
| AC_CHECK_LIB([selinux], [setkeycreatecon], |
| [AC_DEFINE(HAVE_SETKEYCREATECON)]) |
| ;; |
| no) ;; |
| *) AC_MSG_ERROR(["--with-selinux does not take an argument."]) |
| ;; |
| esac]) |
| |
| dnl |
| dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default |
| dnl |
| AC_ARG_ENABLE(gss_krb5_ccache_name, |
| [AS_HELP_STRING([--enable-gss-krb5-ccache-name], [Use GSS-API to set the Kerberos V cred cache name])], |
| [check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no]) |
| |
| dnl |
| dnl C compiler checks |
| dnl |
| AC_SEARCH_LIBS([strerror], [cposix]) |
| AC_PROG_CPP |
| AC_CHECK_TOOL(AR, ar, false) |
| AC_CHECK_TOOL(RANLIB, ranlib, :) |
| |
| dnl |
| dnl Libtool setup, we require libtool 2.2.6b or higher |
| dnl |
| AC_CANONICAL_HOST |
| AC_CONFIG_MACRO_DIR([m4]) |
| LT_PREREQ([2.2.6b]) |
| LT_INIT |
| |
| dnl |
| dnl Defer with_noexec until after libtool magic runs |
| dnl |
| if test "$enable_shared" = "no"; then |
| with_noexec=no |
| else |
| eval _shrext="$shrext_cmds" |
| fi |
| AC_MSG_CHECKING(path to sudo_noexec.so) |
| AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])], |
| [case $with_noexec in |
| yes) with_noexec="$libexecdir/sudo_noexec$_shrext" |
| ;; |
| no) ;; |
| *) ;; |
| esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"]) |
| AC_MSG_RESULT($with_noexec) |
| NOEXECFILE="sudo_noexec$_shrext" |
| NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`" |
| |
| dnl |
| dnl It is now safe to modify CFLAGS and CPPFLAGS |
| dnl |
| if test X"$with_devel" = X"yes" -a -n "$GCC"; then |
| CFLAGS="${CFLAGS} -Wall" |
| fi |
| |
| dnl |
| dnl Find programs we use |
| dnl |
| AC_CHECK_PROG(UNAMEPROG, [uname], [uname]) |
| AC_CHECK_PROG(TRPROG, [tr], [tr]) |
| AC_CHECK_PROGS(NROFFPROG, [nroff mandoc]) |
| if test -z "$NROFFPROG"; then |
| MANTYPE="cat" |
| mansrcdir='$(srcdir)' |
| fi |
| |
| dnl |
| dnl What kind of beastie are we being run on? |
| dnl Barf if config.cache was generated on another host. |
| dnl |
| if test -n "$sudo_cv_prev_host"; then |
| if test "$sudo_cv_prev_host" != "$host"; then |
| AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.]) |
| else |
| AC_MSG_CHECKING(previous host type) |
| AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host") |
| AC_MSG_RESULT([$sudo_cv_prev_host]) |
| fi |
| else |
| # this will produce no output since there is no cached value |
| AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host") |
| fi |
| |
| dnl |
| dnl We want to be able to differentiate between different rev's |
| dnl |
| if test -n "$host_os"; then |
| OS=`echo $host_os | sed 's/[[0-9]].*//'` |
| OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'` |
| OSMAJOR=`echo $OSREV | sed 's/\..*$//'` |
| else |
| OS="unknown" |
| OSREV=0 |
| OSMAJOR=0 |
| fi |
| |
| case "$host" in |
| *-*-sunos4*) |
| # getcwd(3) opens a pipe to getpwd(1)!?! |
| BROKEN_GETCWD=1 |
| |
| # system headers lack prototypes but gcc helps... |
| if test -n "$GCC"; then |
| OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__" |
| fi |
| |
| shadow_funcs="getpwanam issecure" |
| ;; |
| *-*-solaris2*) |
| # To get the crypt(3) prototype (so we pass -Wall) |
| OSDEFS="${OSDEFS} -D__EXTENSIONS__" |
| # AFS support needs -lucb |
| if test "$with_AFS" = "yes"; then |
| AFS_LIBS="-lc -lucb" |
| fi |
| : ${mansectsu='1m'} |
| : ${mansectform='4'} |
| : ${with_rpath='yes'} |
| test -z "$with_pam" && AUTH_EXCL_DEF="PAM" |
| ;; |
| *-*-aix*) |
| # To get all prototypes (so we pass -Wall) |
| OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT" |
| SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp" |
| if test X"$with_blibpath" != X"no"; then |
| AC_MSG_CHECKING([if linker accepts -Wl,-blibpath]) |
| O_LDFLAGS="$LDFLAGS" |
| LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib" |
| AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [ |
| if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then |
| blibpath="$with_blibpath" |
| elif test -n "$GCC"; then |
| blibpath="/usr/lib:/lib:/usr/local/lib" |
| else |
| blibpath="/usr/lib:/lib" |
| fi |
| AC_MSG_RESULT(yes) |
| ], [AC_MSG_RESULT(no)]) |
| fi |
| LDFLAGS="$O_LDFLAGS" |
| |
| # Use authenticate(3) as the default authentication method |
| if test X"$with_aixauth" = X""; then |
| AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"]) |
| fi |
| |
| # AIX analog of nsswitch.conf, enabled by default |
| AC_ARG_WITH(netsvc, [AS_HELP_STRING([--with-netsvc[[=PATH]]], [path to netsvc.conf])], |
| [case $with_netsvc in |
| no) ;; |
| yes) with_netsvc="/etc/netsvc.conf" |
| ;; |
| *) ;; |
| esac]) |
| if test -z "$with_nsswitch" -a -z "$with_netsvc"; then |
| with_netsvc="/etc/netsvc.conf" |
| fi |
| |
| # AIX-specific functions |
| AC_CHECK_FUNCS(getuserattr setauthdb) |
| COMMON_OBJS="$COMMON_OBJS aix.o" |
| ;; |
| *-*-hiuxmpp*) |
| : ${mansectsu='1m'} |
| : ${mansectform='4'} |
| ;; |
| *-*-hpux*) |
| # AFS support needs -lBSD |
| if test "$with_AFS" = "yes"; then |
| AFS_LIBS="-lc -lBSD" |
| fi |
| : ${mansectsu='1m'} |
| : ${mansectform='4'} |
| |
| if test -z "$GCC"; then |
| # HP-UX bundled compiler can't generate shared objects |
| if -z "$pic_flag"; then |
| with_noexec=no |
| fi |
| |
| # Use the +DAportable flag on hppa if it is supported |
| case "$host_cpu" in |
| hppa*) |
| _CFLAGS="$CFLAGS" |
| CFLAGS="$CFLAGS +DAportable" |
| AC_CACHE_CHECK([whether $CC understands +DAportable], |
| [sudo_cv_var_daportable], |
| [AC_LINK_IFELSE( |
| [AC_LANG_PROGRAM([[]], [[]])], |
| [sudo_cv_var_daportable=yes], |
| [sudo_cv_var_daportable=no] |
| ) |
| ] |
| ) |
| if test X"$sudo_cv_var_daportable" != X"yes"; then |
| CFLAGS="$_CFLAGS" |
| fi |
| ;; |
| esac |
| fi |
| |
| case "$host" in |
| *-*-hpux[1-8].*) |
| AC_DEFINE(BROKEN_SYSLOG) |
| |
| # Not sure if setuid binaries are safe in < 9.x |
| if test -n "$GCC"; then |
| SUDO_LDFLAGS="${SUDO_LDFLAGS} -static" |
| else |
| SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive" |
| fi |
| ;; |
| *-*-hpux9.*) |
| AC_DEFINE(BROKEN_SYSLOG) |
| |
| shadow_funcs="getspwuid" |
| |
| # DCE support (requires ANSI C compiler) |
| if test "$with_DCE" = "yes"; then |
| # order of libs in 9.X is important. -lc_r must be last |
| SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r" |
| LIBS="${LIBS} -ldce -lM -lc_r" |
| CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant" |
| fi |
| ;; |
| *-*-hpux10.*) |
| shadow_funcs="getprpwnam iscomsec" |
| shadow_libs="-lsec" |
| ;; |
| *) |
| shadow_funcs="getspnam iscomsec" |
| shadow_libs="-lsec" |
| test -z "$with_pam" && AUTH_EXCL_DEF="PAM" |
| ;; |
| esac |
| ;; |
| *-dec-osf*) |
| # ignore envariables wrt dynamic lib path |
| SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement" |
| |
| : ${CHECKSIA='true'} |
| AC_MSG_CHECKING(whether to disable sia support on Digital UNIX) |
| AC_ARG_ENABLE(sia, |
| [AS_HELP_STRING([--disable-sia], [Disable SIA on Digital UNIX])], |
| [ case "$enableval" in |
| yes) AC_MSG_RESULT(no) |
| CHECKSIA=true |
| ;; |
| no) AC_MSG_RESULT(yes) |
| CHECKSIA=false |
| ;; |
| *) AC_MSG_RESULT(no) |
| AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval]) |
| ;; |
| esac |
| ], AC_MSG_RESULT(no)) |
| |
| shadow_funcs="getprpwnam dispcrypt" |
| # OSF/1 4.x and higher need -ldb too |
| if test $OSMAJOR -lt 4; then |
| shadow_libs="-lsecurity -laud -lm" |
| else |
| shadow_libs="-lsecurity -ldb -laud -lm" |
| fi |
| |
| # use SIA by default, if we have it |
| test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA" |
| |
| # |
| # Some versions of Digital Unix ship with a broken |
| # copy of prot.h, which we need for shadow passwords. |
| # XXX - make should remove this as part of distclean |
| # |
| AC_MSG_CHECKING([for broken prot.h]) |
| AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ |
| #include <sys/types.h> |
| #include <sys/security.h> |
| #include <prot.h> |
| ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally]) |
| sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h |
| ]) |
| : ${mansectsu='8'} |
| : ${mansectform='4'} |
| ;; |
| *-*-irix*) |
| OSDEFS="${OSDEFS} -D_BSD_TYPES" |
| if test -z "$NROFFPROG"; then |
| MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)' |
| if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then |
| if test -d /usr/share/catman/local; then |
| mandir="/usr/share/catman/local" |
| else |
| mandir="/usr/catman/local" |
| fi |
| fi |
| else |
| if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then |
| if test -d "/usr/share/man/local"; then |
| mandir="/usr/share/man/local" |
| else |
| mandir="/usr/man/local" |
| fi |
| fi |
| fi |
| # IRIX <= 4 needs -lsun |
| if test "$OSMAJOR" -le 4; then |
| AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"]) |
| fi |
| : ${mansectsu='1m'} |
| : ${mansectform='4'} |
| ;; |
| *-*-linux*|*-*-k*bsd*-gnu) |
| OSDEFS="${OSDEFS} -D_GNU_SOURCE" |
| # Some Linux versions need to link with -lshadow |
| shadow_funcs="getspnam" |
| shadow_libs_optional="-lshadow" |
| test -z "$with_pam" && AUTH_EXCL_DEF="PAM" |
| ;; |
| *-convex-bsd*) |
| OSDEFS="${OSDEFS} -D_CONVEX_SOURCE" |
| if test -z "$GCC"; then |
| CFLAGS="${CFLAGS} -D__STDC__" |
| fi |
| |
| shadow_defs="-D_AUDIT -D_ACL -DSecureWare" |
| shadow_funcs="getprpwnam" |
| shadow_libs="-lprot" |
| ;; |
| *-*-ultrix*) |
| OS="ultrix" |
| shadow_funcs="getauthuid" |
| shadow_libs="-lauth" |
| ;; |
| *-*-riscos*) |
| LIBS="${LIBS} -lsun -lbsd" |
| CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd" |
| OSDEFS="${OSDEFS} -D_MIPS" |
| : ${mansectsu='1m'} |
| : ${mansectform='4'} |
| ;; |
| *-*-isc*) |
| OSDEFS="${OSDEFS} -D_ISC" |
| LIB_CRYPT=1 |
| SUDO_LIBS="${SUDO_LIBS} -lcrypt" |
| LIBS="${LIBS} -lcrypt" |
| |
| shadow_funcs="getspnam" |
| shadow_libs="-lsec" |
| |
| : ${mansectsu='1m'} |
| : ${mansectform='4'} |
| ;; |
| *-*-sco*|*-sco-*) |
| shadow_funcs="getprpwnam" |
| shadow_libs="-lprot -lx" |
| : ${mansectsu='1m'} |
| : ${mansectform='4'} |
| ;; |
| m88k-motorola-sysv*) |
| # motorolla's cc (a variant of gcc) does -O but not -O2 |
| CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'` |
| : ${mansectsu='1m'} |
| : ${mansectform='4'} |
| ;; |
| *-sequent-sysv*) |
| shadow_funcs="getspnam" |
| shadow_libs="-lsec" |
| : ${mansectsu='1m'} |
| : ${mansectform='4'} |
| : ${with_rpath='yes'} |
| ;; |
| *-ncr-sysv4*|*-ncr-sysvr4*) |
| AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes]) |
| : ${mansectsu='1m'} |
| : ${mansectform='4'} |
| : ${with_rpath='yes'} |
| ;; |
| *-ccur-sysv4*|*-ccur-sysvr4*) |
| LIBS="${LIBS} -lgen" |
| SUDO_LIBS="${SUDO_LIBS} -lgen" |
| : ${mansectsu='1m'} |
| : ${mansectform='4'} |
| : ${with_rpath='yes'} |
| ;; |
| *-*-bsdi*) |
| SKIP_SETREUID=yes |
| # Use shlicc for BSD/OS [23].x unless asked to do otherwise |
| if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then |
| case "$OSMAJOR" in |
| 2|3) AC_MSG_NOTICE([using shlicc as CC]) |
| ac_cv_prog_CC=shlicc |
| CC="$ac_cv_prog_CC" |
| ;; |
| esac |
| fi |
| # Check for newer BSD auth API (just check for >= 3.0?) |
| if test -z "$with_bsdauth"; then |
| AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"]) |
| fi |
| ;; |
| *-*-freebsd*) |
| # FreeBSD has a real setreuid(2) starting with 2.1 and |
| # backported to 2.0.5. We just take 2.1 and above... |
| case "$OSREV" in |
| 0.*|1.*|2.0*) |
| SKIP_SETREUID=yes |
| ;; |
| esac |
| if test "$with_skey" = "yes"; then |
| SUDO_LIBS="${SUDO_LIBS} -lmd" |
| fi |
| CHECKSHADOW="false" |
| test -z "$with_pam" && AUTH_EXCL_DEF="PAM" |
| : ${with_logincap='maybe'} |
| ;; |
| *-*-*openbsd*) |
| # OpenBSD has a real setreuid(2) starting with 3.3 but |
| # we will use setreuid(2) instead. |
| SKIP_SETREUID=yes |
| CHECKSHADOW="false" |
| # OpenBSD >= 3.0 supports BSD auth |
| if test -z "$with_bsdauth"; then |
| case "$OSREV" in |
| [0-2].*) |
| ;; |
| *) |
| AUTH_EXCL_DEF="BSD_AUTH" |
| ;; |
| esac |
| fi |
| : ${with_logincap='maybe'} |
| ;; |
| *-*-*netbsd*) |
| # NetBSD has a real setreuid(2) starting with 1.3.2 |
| case "$OSREV" in |
| 0.9*|1.[012]*|1.3|1.3.1) |
| SKIP_SETREUID=yes |
| ;; |
| esac |
| CHECKSHADOW="false" |
| test -z "$with_pam" && AUTH_EXCL_DEF="PAM" |
| : ${with_logincap='maybe'} |
| ;; |
| *-*-dragonfly*) |
| if test "$with_skey" = "yes"; then |
| SUDO_LIBS="${SUDO_LIBS} -lmd" |
| fi |
| CHECKSHADOW="false" |
| test -z "$with_pam" && AUTH_EXCL_DEF="PAM" |
| : ${with_logincap='yes'} |
| ;; |
| *-*-*bsd*) |
| CHECKSHADOW="false" |
| ;; |
| *-*-darwin*) |
| # Darwin has a real setreuid(2) starting with 9.0 |
| if test $OSMAJOR -lt 9; then |
| SKIP_SETREUID=yes |
| fi |
| CHECKSHADOW="false" |
| test -z "$with_pam" && AUTH_EXCL_DEF="PAM" |
| : ${with_logincap='yes'} |
| ;; |
| *-*-nextstep*) |
| # lockf() on is broken on the NeXT -- use flock instead |
| ac_cv_func_lockf=no |
| ac_cv_func_flock=yes |
| ;; |
| *-*-*sysv4*) |
| : ${mansectsu='1m'} |
| : ${mansectform='4'} |
| : ${with_rpath='yes'} |
| ;; |
| *-*-sysv*) |
| : ${mansectsu='1m'} |
| : ${mansectform='4'} |
| ;; |
| *-gnu*) |
| OSDEFS="${OSDEFS} -D_GNU_SOURCE" |
| ;; |
| esac |
| |
| dnl |
| dnl Check for mixing mutually exclusive and regular auth methods |
| dnl |
| AUTH_REG=${AUTH_REG# } |
| AUTH_EXCL=${AUTH_EXCL# } |
| if test -n "$AUTH_EXCL"; then |
| set -- $AUTH_EXCL |
| if test $# != 1; then |
| AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL]) |
| fi |
| if test -n "$AUTH_REG"; then |
| AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods]) |
| fi |
| fi |
| dnl |
| dnl Only one of S/Key and OPIE may be specified |
| dnl |
| if test X"${with_skey}${with_opie}" = X"yesyes"; then |
| AC_MSG_ERROR(["cannot use both S/Key and OPIE"]) |
| fi |
| |
| dnl |
| dnl Use BSD-style man sections by default |
| dnl |
| : ${mansectsu='8'} |
| : ${mansectform='5'} |
| |
| dnl |
| dnl Add in any libpaths or libraries specified via configure |
| dnl |
| if test -n "$with_libpath"; then |
| for i in ${with_libpath}; do |
| SUDO_APPEND_LIBPATH(LDFLAGS, [$i]) |
| done |
| fi |
| if test -n "$with_libraries"; then |
| for i in ${with_libraries}; do |
| case $i in |
| -l*) ;; |
| *.a) ;; |
| *.o) ;; |
| *) i="-l${i}";; |
| esac |
| LIBS="${LIBS} ${i}" |
| done |
| fi |
| |
| dnl |
| dnl C compiler checks (to be done after os checks) |
| dnl |
| AC_PROG_GCC_TRADITIONAL |
| AC_C_CONST |
| AC_C_VOLATILE |
| dnl |
| dnl Program checks |
| dnl |
| AC_PROG_YACC |
| AC_PATH_PROG([FLEX], [flex], [flex]) |
| SUDO_PROG_MV |
| SUDO_PROG_BSHELL |
| if test -z "$with_sendmail"; then |
| SUDO_PROG_SENDMAIL |
| fi |
| if test -z "$with_editor"; then |
| SUDO_PROG_VI |
| fi |
| dnl |
| dnl Check for authpriv support in syslog |
| dnl |
| AC_MSG_CHECKING(which syslog facility sudo should log with) |
| if test X"$with_logfac" = X""; then |
| AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <syslog.h>]], [[int i = LOG_AUTHPRIV; (void)i;]])], [logfac=authpriv]) |
| fi |
| AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.]) |
| AC_MSG_RESULT($logfac) |
| dnl |
| dnl Header file checks |
| dnl |
| AC_HEADER_STDC |
| AC_HEADER_DIRENT |
| AC_HEADER_TIME |
| AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h) |
| AC_SYS_POSIX_TERMIOS |
| if test "$ac_cv_sys_posix_termios" = "yes"; then |
| AC_DEFINE(HAVE_TERMIOS_H) |
| else |
| AC_CHECK_HEADERS(termio.h) |
| fi |
| SUDO_MAILDIR |
| if test ${with_logincap-'no'} != "no"; then |
| AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1 |
| case "$OS" in |
| freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" |
| ;; |
| esac |
| ]) |
| fi |
| if test ${with_project-'no'} != "no"; then |
| AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H) |
| [SUDO_LIBS="${SUDO_LIBS} -lproject"], -) |
| fi |
| dnl |
| dnl typedef checks |
| dnl |
| AC_TYPE_MODE_T |
| AC_TYPE_UID_T |
| AC_CHECK_TYPE([__signed char], [], [AC_CHECK_TYPE([signed char], [AC_DEFINE(__signed, signed)], [AC_DEFINE(__signed, [])])]) |
| AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h> |
| #include <signal.h>]) |
| AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include <sys/types.h> |
| #include <signal.h>]) |
| AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include <sys/types.h> |
| #if TIME_WITH_SYS_TIME |
| # include <sys/time.h> |
| #endif |
| #include <time.h>]) |
| AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include <sys/types.h> |
| #include <netinet/in.h>]) |
| AC_TYPE_LONG_LONG_INT |
| AC_CHECK_SIZEOF([long int]) |
| SUDO_TYPE_SIZE_T |
| SUDO_TYPE_SSIZE_T |
| SUDO_TYPE_DEV_T |
| SUDO_TYPE_INO_T |
| SUDO_UID_T_LEN |
| SUDO_SOCK_SA_LEN |
| dnl |
| dnl only set RETSIGTYPE if it is not set already |
| dnl |
| case "$DEFS" in |
| *"RETSIGTYPE"*) ;; |
| *) AC_TYPE_SIGNAL;; |
| esac |
| dnl |
| dnl Function checks |
| dnl |
| AC_FUNC_GETGROUPS |
| AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \ |
| strftime setrlimit initgroups getgroups fstat gettimeofday \ |
| regcomp setlocale getaddrinfo setenv vhangup \ |
| mbr_check_membership setrlimit64) |
| AC_CHECK_FUNCS(getline, [], [ |
| AC_LIBOBJ(getline) |
| AC_CHECK_FUNCS(fgetln) |
| ]) |
| AC_CHECK_FUNCS(setsid, [], [ |
| AC_LIBOBJ(setsid) |
| AC_FUNC_SETPGRP |
| ]) |
| |
| AC_CHECK_FUNCS(sysctl getutid getutxid, [break]) |
| |
| AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(util.h pty.h, [break])], [ |
| AC_CHECK_LIB(util, openpty, [ |
| AC_CHECK_HEADERS(util.h pty.h, [break]) |
| SUDO_LIBS="${SUDO_LIBS} -lutil" |
| AC_DEFINE(HAVE_OPENPTY) |
| ], [ |
| AC_CHECK_FUNCS(_getpty, [], [ |
| AC_CHECK_FUNCS(grantpt, [ |
| AC_CHECK_FUNCS(posix_openpt) |
| ], [ |
| AC_CHECK_FUNCS(revoke) |
| ]) |
| ]) |
| ]) |
| ]) |
| AC_CHECK_FUNCS(unsetenv, SUDO_FUNC_UNSETENV_VOID) |
| SUDO_FUNC_PUTENV_CONST |
| if test -z "$SKIP_SETRESUID"; then |
| AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes]) |
| fi |
| if test -z "$SKIP_SETREUID"; then |
| AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes]) |
| fi |
| if test -z "$SKIP_SETEUID"; then |
| AC_CHECK_FUNCS(seteuid) |
| fi |
| if test X"$with_interfaces" != X"no"; then |
| AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)]) |
| fi |
| if test -z "$BROKEN_GETCWD"; then |
| AC_REPLACE_FUNCS(getcwd) |
| fi |
| AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h) |
| AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <glob.h>]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB) |
| AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob) |
| AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)]) |
| AC_CHECK_FUNCS(lockf flock, [break]) |
| AC_CHECK_FUNCS(waitpid wait3, [break]) |
| AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]]) |
| AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)]) |
| AC_CHECK_FUNCS(killpg, [], [AC_LIBOBJ(killpg)]) |
| SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)]) |
| SUDO_FUNC_ISBLANK |
| AC_REPLACE_FUNCS(memrchr strerror strcasecmp sigaction strlcpy strlcat) |
| AC_CHECK_FUNCS(nanosleep, [], [ |
| # On Solaris, nanosleep is in librt |
| AC_CHECK_LIB(rt, nanosleep, [LIBS="${LIBS} -lrt"], [AC_LIBOBJ(nanosleep)]) |
| ]) |
| AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom) |
| AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [], |
| [ #include <limits.h> |
| #include <fcntl.h> ]) |
| ]) |
| AC_CHECK_FUNCS(mkstemps, [], [SUDO_OBJS="${SUDO_OBJS} mkstemps.o" |
| AC_CHECK_FUNCS(random lrand48, [break]) |
| ]) |
| AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1]) |
| if test X"$ac_cv_type_struct_timespec" != X"no"; then |
| AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)] |
| [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))], |
| [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))]) |
| fi |
| dnl |
| dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR. |
| dnl |
| AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h> |
| #include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h> |
| #include <$ac_header_dirent>]], [[DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);]])], [AC_DEFINE(HAVE_DD_FD)], [])]) |
| dnl |
| dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS |
| dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf) |
| dnl |
| if test -n "$NEED_SNPRINTF"; then |
| AC_LIBOBJ(snprintf) |
| fi |
| dnl |
| dnl If socket(2) not in libc, check -lsocket and -linet |
| dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols |
| dnl In this case we look for main(), not socket() to avoid using a cached value |
| dnl |
| AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl) |
| AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))]) |
| dnl |
| dnl If inet_addr(3) not in libc, check -lnsl and -linet |
| dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols |
| dnl |
| AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl) |
| AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))]) |
| dnl |
| dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet |
| dnl |
| AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))]) |
| dnl |
| dnl Check for getprogname() or __progname |
| dnl |
| AC_CHECK_FUNCS(getprogname, , [ |
| AC_MSG_CHECKING([for __progname]) |
| AC_CACHE_VAL(sudo_cv___progname, [ |
| AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])]) |
| if test "$sudo_cv___progname" = "yes"; then |
| AC_DEFINE(HAVE___PROGNAME) |
| else |
| AC_LIBOBJ(getprogname) |
| fi |
| AC_MSG_RESULT($sudo_cv___progname) |
| ]) |
| |
| dnl |
| dnl Check for strsignal() or sys_siglist |
| dnl |
| AC_CHECK_FUNCS(strsignal, [], [ |
| AC_LIBOBJ(strsignal) |
| HAVE_SIGLIST="false" |
| AC_CHECK_DECLS([sys_siglist, _sys_siglist, __sys_siglist], [ |
| HAVE_SIGLIST="true" |
| break |
| ], [ ], [ |
| AC_INCLUDES_DEFAULT |
| #include <signal.h> |
| ]) |
| if test "$HAVE_SIGLIST" != "true"; then |
| AC_LIBOBJ(siglist) |
| fi |
| ]) |
| |
| dnl |
| dnl nsswitch.conf and its equivalents |
| dnl |
| if test ${with_netsvc-"no"} != "no"; then |
| SUDO_DEFINE_UNQUOTED(_PATH_NETSVC_CONF, "${with_netsvc-/etc/netsvc.conf}") |
| netsvc_conf=${with_netsvc-/etc/netsvc.conf} |
| elif test ${with_nsswitch-"yes"} != "no"; then |
| SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}") |
| nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf} |
| fi |
| |
| dnl |
| dnl Mutually exclusive auth checks come first, followed by |
| dnl non-exclusive ones. Note: passwd must be last of all! |
| dnl |
| |
| dnl |
| dnl Convert default authentication methods to with_* if |
| dnl no explicit authentication scheme was specified. |
| dnl |
| if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then |
| for auth in $AUTH_EXCL_DEF; do |
| case $auth in |
| AIX_AUTH) with_aixauth=maybe;; |
| BSD_AUTH) with_bsdauth=maybe;; |
| PAM) with_pam=maybe;; |
| SIA) CHECKSIA=true;; |
| esac |
| done |
| fi |
| |
| dnl |
| dnl PAM support. Systems that use PAM by default set with_pam=default |
| dnl and we do the actual tests here. |
| dnl |
| if test ${with_pam-"no"} != "no"; then |
| dnl |
| dnl Some platforms need libdl for dlopen |
| dnl |
| case "$LIBS" in |
| *-ldl*) SUDO_LIBS="${SUDO_LIBS} -lpam" |
| ;; |
| *) AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"]) |
| ac_cv_lib_dl=ac_cv_lib_dl_main |
| ;; |
| esac |
| |
| dnl |
| dnl Some PAM implementations (MacOS X for example) put the PAM headers |
| dnl in /usr/include/pam instead of /usr/include/security... |
| dnl |
| AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break]) |
| if test "$with_pam" = "yes"; then |
| AC_DEFINE(HAVE_PAM) |
| AUTH_OBJS="$AUTH_OBJS pam.o"; |
| AUTH_EXCL=PAM |
| |
| AC_ARG_WITH(pam-login, [AS_HELP_STRING([--with-pam-login], [enable specific PAM session for sudo -i])], |
| [case $with_pam_login in |
| yes) AC_DEFINE([HAVE_PAM_LOGIN]) |
| AC_MSG_CHECKING(whether to use PAM login) |
| AC_MSG_RESULT(yes) |
| ;; |
| no) ;; |
| *) AC_MSG_ERROR(["--with-pam-login does not take an argument."]) |
| ;; |
| esac]) |
| |
| AC_MSG_CHECKING(whether to use PAM session support) |
| AC_ARG_ENABLE(pam_session, |
| [AS_HELP_STRING([--disable-pam-session], [Disable PAM session support])], |
| [ case "$enableval" in |
| yes) AC_MSG_RESULT(yes) |
| ;; |
| no) AC_MSG_RESULT(no) |
| AC_DEFINE([NO_PAM_SESSION], [], [PAM session support disabled]) |
| ;; |
| *) AC_MSG_RESULT(no) |
| AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval]) |
| ;; |
| esac], AC_MSG_RESULT(yes)) |
| |
| case $host in |
| *-*-linux*|*-*-solaris*) |
| # dgettext() may be defined to dgettext_libintl in the |
| # header file, so first check that it links w/ additional |
| # libs, then try with -lintl |
| AC_LINK_IFELSE([AC_LANG_PROGRAM( |
| [[#include <libintl.h>]], [(void)dgettext((char *)0, (char *)0);])], |
| [AC_DEFINE(HAVE_DGETTEXT)], |
| [AC_CHECK_LIB(intl, dgettext, [LIBS="${LIBS} -lintl"] |
| [AC_DEFINE(HAVE_DGETTEXT)])]) |
| ;; |
| esac |
| fi |
| fi |
| |
| dnl |
| dnl AIX general authentication |
| dnl If set to "maybe" only enable if no other exclusive method in use. |
| dnl |
| if test ${with_aixauth-'no'} != "no"; then |
| if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then |
| AC_MSG_NOTICE([using AIX general authentication]) |
| AC_DEFINE(HAVE_AIXAUTH) |
| AUTH_OBJS="$AUTH_OBJS aix_auth.o"; |
| SUDO_LIBS="${SUDO_LIBS} -ls" |
| AUTH_EXCL=AIX_AUTH |
| fi |
| fi |
| |
| dnl |
| dnl BSD authentication |
| dnl If set to "maybe" only enable if no other exclusive method in use. |
| dnl |
| if test ${with_bsdauth-'no'} != "no"; then |
| AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H) |
| [AUTH_OBJS="$AUTH_OBJS bsdauth.o"] |
| [BSDAUTH_USAGE='[[-a auth_type]] '] |
| [AUTH_EXCL=BSD_AUTH; BAMAN=1], |
| [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])]) |
| fi |
| |
| dnl |
| dnl SIA authentication for Tru64 Unix |
| dnl |
| if test ${CHECKSIA-'false'} = "true"; then |
| AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false]) |
| if test "$found" = "true"; then |
| AUTH_EXCL=SIA |
| AUTH_OBJS="$AUTH_OBJS sia.o" |
| fi |
| fi |
| |
| dnl |
| dnl extra FWTK libs + includes |
| dnl |
| if test ${with_fwtk-'no'} != "no"; then |
| if test "$with_fwtk" != "yes"; then |
| SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}]) |
| CPPFLAGS="${CPPFLAGS} -I${with_fwtk}" |
| with_fwtk=yes |
| fi |
| SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall" |
| AUTH_OBJS="$AUTH_OBJS fwtk.o" |
| fi |
| |
| dnl |
| dnl extra SecurID lib + includes |
| dnl |
| if test ${with_SecurID-'no'} != "no"; then |
| if test "$with_SecurID" != "yes"; then |
| : |
| elif test -d /usr/ace/examples; then |
| with_SecurID=/usr/ace/examples |
| else |
| with_SecurID=/usr/ace |
| fi |
| CPPFLAGS="${CPPFLAGS} -I${with_SecurID}" |
| _LDFLAGS="${LDFLAGS}" |
| SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}]) |
| # |
| # Determine whether to use the new or old SecurID API |
| # |
| AC_CHECK_LIB(aceclnt, SD_Init, |
| [ |
| AUTH_OBJS="$AUTH_OBJS securid5.o"; |
| SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread" |
| ] |
| [ |
| SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}]) |
| ], [ |
| AUTH_OBJS="$AUTH_OBJS securid.o"; |
| SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a" |
| ], |
| [ |
| -lpthread |
| ] |
| ) |
| LDFLAGS="${_LDFLAGS}" |
| fi |
| |
| dnl |
| dnl Non-mutually exclusive auth checks come next. |
| dnl Note: passwd must be last of all! |
| dnl |
| |
| dnl |
| dnl Convert default authentication methods to with_* if |
| dnl no explicit authentication scheme was specified. |
| dnl |
| if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then |
| for auth in $AUTH_DEF; do |
| case $auth in |
| passwd) : ${with_passwd='maybe'};; |
| esac |
| done |
| fi |
| |
| dnl |
| dnl Kerberos IV |
| dnl |
| if test ${with_kerb4-'no'} != "no"; then |
| AC_DEFINE(HAVE_KERB4) |
| dnl |
| dnl Use the specified directory, if any, else search for correct inc dir |
| dnl |
| O_LDFLAGS="$LDFLAGS" |
| if test "$with_kerb4" = "yes"; then |
| found=no |
| O_CPPFLAGS="$CPPFLAGS" |
| for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do |
| CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" |
| AC_PREPROC_IFELSE([#include <krb.h>], [found=yes; break]) |
| done |
| test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS" |
| else |
| SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib]) |
| SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib]) |
| CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include" |
| AC_CHECK_HEADER([krb.h], [found=yes], [found=no]) |
| fi |
| if test X"$found" = X"no"; then |
| AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS]) |
| fi |
| |
| dnl |
| dnl Check for -ldes vs. -ldes425 |
| dnl |
| AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [ |
| AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""]) |
| ]) |
| dnl |
| dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV |
| dnl |
| AC_MSG_CHECKING(whether we are using KTH Kerberos IV) |
| AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]], [[const char *tmp = krb4_version;]])], [ |
| AC_MSG_RESULT(yes) |
| K4LIBS="${K4LIBS} -lcom_err" |
| AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"]) |
| ], [ |
| AC_MSG_RESULT(no) |
| ] |
| ) |
| dnl |
| dnl The actual Kerberos IV lib might be -lkrb or -lkrb4 |
| dnl |
| AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [ |
| AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"], |
| [K4LIBS="-lkrb $K4LIBS"] |
| [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])] |
| , [$K4LIBS]) |
| ], [$K4LIBS]) |
| LDFLAGS="$O_LDFLAGS" |
| SUDO_LIBS="${SUDO_LIBS} $K4LIBS" |
| AUTH_OBJS="$AUTH_OBJS kerb4.o" |
| fi |
| |
| dnl |
| dnl Kerberos V |
| dnl There is an easy way and a hard way... |
| dnl |
| if test ${with_kerb5-'no'} != "no"; then |
| AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "") |
| if test -n "$KRB5CONFIG"; then |
| AC_DEFINE(HAVE_KERB5) |
| AUTH_OBJS="$AUTH_OBJS kerb5.o" |
| CPPFLAGS="$CPPFLAGS `krb5-config --cflags`" |
| SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`" |
| dnl |
| dnl Try to determine whether we have Heimdal or MIT Kerberos |
| dnl |
| AC_MSG_CHECKING(whether we are using Heimdal) |
| AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [ |
| AC_MSG_RESULT(yes) |
| AC_DEFINE(HAVE_HEIMDAL) |
| ], [ |
| AC_MSG_RESULT(no) |
| ] |
| ) |
| fi |
| fi |
| if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then |
| AC_DEFINE(HAVE_KERB5) |
| dnl |
| dnl Use the specified directory, if any, else search for correct inc dir |
| dnl |
| if test "$with_kerb5" = "yes"; then |
| found=no |
| O_CPPFLAGS="$CPPFLAGS" |
| for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do |
| CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" |
| AC_PREPROC_IFELSE([#include <krb5.h>], [found=yes; break]) |
| done |
| if test X"$found" = X"no"; then |
| CPPFLAGS="$O_CPPFLAGS" |
| AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS]) |
| fi |
| else |
| dnl XXX - try to include krb5.h here too |
| SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib]) |
| CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include" |
| fi |
| |
| dnl |
| dnl Try to determine whether we have Heimdal or MIT Kerberos |
| dnl |
| AC_MSG_CHECKING(whether we are using Heimdal) |
| AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [ |
| AC_MSG_RESULT(yes) |
| AC_DEFINE(HAVE_HEIMDAL) |
| # XXX - need to check whether -lcrypo is needed! |
| SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1" |
| AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"]) |
| ], [ |
| AC_MSG_RESULT(no) |
| SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err" |
| AC_CHECK_LIB(krb5support, main, [SUDO_LIBS="${SUDO_LIBS} -lkrb5support"]) |
| ]) |
| AUTH_OBJS="$AUTH_OBJS kerb5.o" |
| _LIBS="$LIBS" |
| LIBS="${LIBS} ${SUDO_LIBS}" |
| AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context) |
| AC_CHECK_FUNCS(krb5_get_init_creds_opt_alloc, [ |
| AC_CACHE_CHECK([whether krb5_get_init_creds_opt_free takes a context], |
| sudo_cv_krb5_get_init_creds_opt_free_two_args, [ |
| AC_COMPILE_IFELSE( |
| [AC_LANG_PROGRAM( |
| [[#include <krb5.h>]], |
| [[krb5_get_init_creds_opt_free(NULL, NULL);]] |
| )], |
| [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes], |
| [sudo_cv_krb5_get_init_creds_opt_free_two_args=no] |
| ) |
| ] |
| ) |
| ]) |
| if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then |
| AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS) |
| fi |
| LIBS="$_LIBS" |
| fi |
| |
| dnl |
| dnl extra AFS libs and includes |
| dnl |
| if test ${with_AFS-'no'} = "yes"; then |
| |
| # looks like the "standard" place for AFS libs is /usr/afsws/lib |
| AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs" |
| for i in $AFSLIBDIRS; do |
| if test -d ${i}; then |
| SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i]) |
| FOUND_AFSLIBDIR=true |
| fi |
| done |
| if test -z "$FOUND_AFSLIBDIR"; then |
| AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.]) |
| fi |
| |
| # Order is important here. Note that we build AFS_LIBS from right to left |
| # since AFS_LIBS may be initialized with BSD compat libs that must go last |
| AFS_LIBS="-laudit ${AFS_LIBS}" |
| for i in $AFSLIBDIRS; do |
| if test -f ${i}/util.a; then |
| AFS_LIBS="${i}/util.a ${AFS_LIBS}" |
| FOUND_UTIL_A=true |
| break; |
| fi |
| done |
| if test -z "$FOUND_UTIL_A"; then |
| AFS_LIBS="-lutil ${AFS_LIBS}" |
| fi |
| AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}" |
| |
| # AFS includes may live in /usr/include on some machines... |
| for i in /usr/afsws/include; do |
| if test -d ${i}; then |
| CPPFLAGS="${CPPFLAGS} -I${i}" |
| FOUND_AFSINCDIR=true |
| fi |
| done |
| |
| if test -z "$FOUND_AFSLIBDIR"; then |
| AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.]) |
| fi |
| |
| AUTH_OBJS="$AUTH_OBJS afs.o" |
| fi |
| |
| dnl |
| dnl extra DCE obj + lib |
| dnl Order of libs in HP-UX 10.x is important, -ldce must be last. |
| dnl |
| if test ${with_DCE-'no'} = "yes"; then |
| DCE_OBJS="${DCE_OBJS} dce_pwent.o" |
| SUDO_LIBS="${SUDO_LIBS} -ldce" |
| AUTH_OBJS="$AUTH_OBJS dce.o" |
| fi |
| |
| dnl |
| dnl extra S/Key lib and includes |
| dnl |
| if test ${with_skey-'no'} = "yes"; then |
| O_LDFLAGS="$LDFLAGS" |
| if test "$with_skey" != "yes"; then |
| CPPFLAGS="${CPPFLAGS} -I${with_skey}/include" |
| SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib]) |
| SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib]) |
| AC_PREPROC_IFELSE([#include <skey.h>], [found=yes], [found=no]) |
| else |
| found=no |
| O_CPPFLAGS="$CPPFLAGS" |
| for dir in "" "/usr/local" "/usr/contrib"; do |
| test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" |
| AC_PREPROC_IFELSE([#include <skey.h>], [found=yes; break]) |
| done |
| if test "$found" = "no" -o -z "$dir"; then |
| CPPFLAGS="$O_CPPFLAGS" |
| else |
| SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib]) |
| SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib]) |
| fi |
| fi |
| if test "$found" = "no"; then |
| AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS]) |
| fi |
| AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])]) |
| AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS)) |
| LDFLAGS="$O_LDFLAGS" |
| SUDO_LIBS="${SUDO_LIBS} -lskey" |
| AUTH_OBJS="$AUTH_OBJS rfc1938.o" |
| fi |
| |
| dnl |
| dnl extra OPIE lib and includes |
| dnl |
| if test ${with_opie-'no'} = "yes"; then |
| O_LDFLAGS="$LDFLAGS" |
| if test "$with_opie" != "yes"; then |
| CPPFLAGS="${CPPFLAGS} -I${with_opie}/include" |
| SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib]) |
| SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib]) |
| AC_PREPROC_IFELSE([#include <opie.h>], [found=yes], [found=no]) |
| else |
| found=no |
| O_CPPFLAGS="$CPPFLAGS" |
| for dir in "" "/usr/local" "/usr/contrib"; do |
| test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" |
| AC_PREPROC_IFELSE([#include <opie.h>], [found=yes; break]) |
| done |
| if test "$found" = "no" -o -z "$dir"; then |
| CPPFLAGS="$O_CPPFLAGS" |
| else |
| SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib]) |
| SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib]) |
| fi |
| fi |
| if test "$found" = "no"; then |
| AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS]) |
| fi |
| AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])]) |
| LDFLAGS="$O_LDFLAGS" |
| SUDO_LIBS="${SUDO_LIBS} -lopie" |
| AUTH_OBJS="$AUTH_OBJS rfc1938.o" |
| fi |
| |
| dnl |
| dnl Check for shadow password routines if we have not already done so. |
| dnl If there is a specific list of functions to check we do that first. |
| dnl Otherwise, we check for SVR4-style and then SecureWare-style. |
| dnl |
| if test ${with_passwd-'no'} != "no"; then |
| dnl |
| dnl if crypt(3) not in libc, look elsewhere |
| dnl |
| if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then |
| AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"]) |
| fi |
| |
| if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then |
| _LIBS="$LIBS" |
| LIBS="$LIBS $shadow_libs" |
| found=no |
| AC_CHECK_FUNCS($shadow_funcs, [found=yes]) |
| if test "$found" = "yes"; then |
| SUDO_LIBS="$SUDO_LIBS $shadow_libs" |
| elif test -n "$shadow_libs_optional"; then |
| LIBS="$LIBS $shadow_libs_optional" |
| AC_CHECK_FUNCS($shadow_funcs, [found=yes]) |
| if test "$found" = "yes"; then |
| SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional" |
| fi |
| fi |
| if test "$found" = "yes"; then |
| case "$shadow_funcs" in |
| *getprpwnam*) SECUREWARE=1;; |
| esac |
| test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs" |
| else |
| LIBS="$_LIBS" |
| fi |
| CHECKSHADOW=false |
| fi |
| if test "$CHECKSHADOW" = "true"; then |
| AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"]) |
| fi |
| if test "$CHECKSHADOW" = "true"; then |
| AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"]) |
| fi |
| if test -n "$SECUREWARE"; then |
| AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs) |
| AUTH_OBJS="$AUTH_OBJS secureware.o" |
| fi |
| fi |
| |
| dnl |
| dnl extra lib and .o file for LDAP support |
| dnl |
| if test ${with_ldap-'no'} != "no"; then |
| _LDFLAGS="$LDFLAGS" |
| if test "$with_ldap" != "yes"; then |
| SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib]) |
| SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib]) |
| CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include" |
| with_ldap=yes |
| fi |
| SUDO_OBJS="${SUDO_OBJS} ldap.o" |
| LDAP="" |
| |
| AC_MSG_CHECKING([for LDAP libraries]) |
| LDAP_LIBS="" |
| _LIBS="$LIBS" |
| found=no |
| for l in -lldap -llber '-lssl -lcrypto'; do |
| LIBS="${LIBS} $l" |
| LDAP_LIBS="${LDAP_LIBS} $l" |
| AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h> |
| #include <lber.h> |
| #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break]) |
| done |
| dnl if nothing linked just try with -lldap |
| if test "$found" = "no"; then |
| LIBS="${_LIBS} -lldap" |
| LDAP_LIBS="-lldap" |
| AC_MSG_RESULT([not found, using -lldap]) |
| else |
| AC_MSG_RESULT([$LDAP_LIBS]) |
| fi |
| dnl check if we need to link with -llber for ber_set_option |
| OLIBS="$LIBS" |
| AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no]) |
| if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then |
| LDAP_LIBS="$LDAP_LIBS -llber" |
| fi |
| dnl check if ldap.h includes lber.h for us |
| AC_MSG_CHECKING([whether lber.h is needed]) |
| AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h> |
| #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [ |
| AC_MSG_RESULT([yes]) |
| AC_DEFINE(HAVE_LBER_H)]) |
| |
| AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)], [break]) |
| AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>]) |
| AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_search_ext_s ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_client_init ldap_start_tls_s_np) |
| |
| if test X"$check_gss_krb5_ccache_name" = X"yes"; then |
| AC_CHECK_LIB(gssapi, gss_krb5_ccache_name, |
| AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME) |
| [LDAP_LIBS="${LDAP_LIBS} -lgssapi"], |
| AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name, |
| AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME) |
| [LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"]) |
| ) |
| |
| # gssapi headers may be separate or part of Kerberos V |
| found=no |
| O_CPPFLAGS="$CPPFLAGS" |
| for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do |
| test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" |
| AC_PREPROC_IFELSE([#include <gssapi/gssapi.h>], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([#include <gssapi.h>], [found="gssapi.h"; break])]) |
| done |
| if test X"$found" != X"no"; then |
| AC_CHECK_HEADERS([$found]) |
| if test X"$found" = X"gssapi/gssapi.h"; then |
| AC_CHECK_HEADERS([gssapi/gssapi_krb5.h]) |
| fi |
| else |
| CPPFLAGS="$O_CPPFLAGS" |
| AC_MSG_WARN([Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS]) |
| fi |
| fi |
| |
| SUDO_LIBS="${SUDO_LIBS} ${LDAP_LIBS}" |
| LIBS="$_LIBS" |
| LDFLAGS="$_LDFLAGS" |
| fi |
| |
| dnl |
| dnl Add LIBVAS_RPATH to LDFLAGS |
| dnl GNU ld accepts -R/path/ as an alias for -rpath /path/ |
| dnl |
| if test X"$LIBVAS_RPATH" != X""; then |
| if test -n "$blibpath"; then |
| blibpath_add="${blibpath_add}:$LIBVAS_RPATH" |
| else |
| case "$host" in |
| *-*-hpux*) LDFLAGS="$LDFLAGS -Wl,+b,$LIBVAS_RPATH" |
| ;; |
| *) LDFLAGS="$LDFLAGS -Wl,-R$LIBVAS_RPATH" |
| ;; |
| esac |
| fi |
| fi |
| |
| dnl |
| dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we |
| dnl added -L dirpaths to SUDO_LDFLAGS. |
| dnl |
| if test -n "$blibpath"; then |
| if test -n "$blibpath_add"; then |
| SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}" |
| elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then |
| SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}" |
| fi |
| fi |
| |
| dnl |
| dnl Check for log file, timestamp and iolog locations |
| dnl |
| SUDO_LOGFILE |
| SUDO_TIMEDIR |
| SUDO_IO_LOGDIR |
| |
| dnl |
| dnl If I/O logging is enabled, build sudoreplay and exec_pty get_pty.o iolog.o |
| dnl |
| if test "${with_iologdir-yes}" != "no"; then |
| # Require POSIX job control for I/O log support |
| AC_CHECK_FUNCS(tcsetpgrp, [ |
| SUDO_OBJS="${SUDO_OBJS} exec_pty.o get_pty.o iolog.o" |
| PROGS="$PROGS sudoreplay" |
| REPLAY="" |
| |
| AC_ARG_ENABLE(zlib, |
| [AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])], |
| [ case "$enable_zlib" in |
| yes) AC_DEFINE(HAVE_ZLIB_H) |
| ZLIB="-lz" |
| ;; |
| no) ;; |
| *) AC_DEFINE(HAVE_ZLIB_H) |
| CPPFLAGS="${CPPFLAGS} -I${enable_zlib}/include" |
| SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib]) |
| ZLIB="${ZLIB} -lz" |
| ;; |
| esac |
| ]) |
| if test X"$enable_zlib" = X""; then |
| AC_CHECK_LIB(z, gzdopen, [ |
| AC_CHECK_HEADERS(zlib.h, [ZLIB="-lz"]) |
| ]) |
| fi |
| ], [ |
| AC_MSG_WARN([Disabling I/O log support due to lack of tcsetpgrp function]) |
| with_iologdir=no |
| ]) |
| fi |
| |
| dnl |
| dnl Use passwd (and secureware) auth modules? |
| dnl |
| case "$with_passwd" in |
| yes|maybe) |
| AUTH_OBJS="$AUTH_OBJS passwd.o" |
| ;; |
| *) |
| AC_DEFINE(WITHOUT_PASSWD) |
| if test -z "$AUTH_OBJS"; then |
| AC_MSG_ERROR([no authentication methods defined.]) |
| fi |
| ;; |
| esac |
| AUTH_OBJS=${AUTH_OBJS# } |
| _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` |
| AC_MSG_NOTICE([using the following authentication methods: $_AUTH]) |
| |
| dnl |
| dnl LIBS may contain duplicates from SUDO_LIBS or NET_LIBS so prune it. |
| dnl |
| if test -n "$LIBS"; then |
| L="$LIBS" |
| LIBS= |
| for l in ${L}; do |
| dupe=0 |
| for sl in ${SUDO_LIBS} ${NET_LIBS}; do |
| test $l = $sl && dupe=1 |
| done |
| test $dupe = 0 && LIBS="${LIBS} $l" |
| done |
| fi |
| |
| dnl |
| dnl Set exec_prefix |
| dnl |
| test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)' |
| |
| dnl |
| dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set |
| dnl XXX - this is gross! |
| dnl |
| if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then |
| oexec_prefix="$exec_prefix" |
| if test "$exec_prefix" = '$(prefix)'; then |
| if test "$prefix" = "NONE"; then |
| exec_prefix="$ac_default_prefix" |
| else |
| exec_prefix="$prefix" |
| fi |
| fi |
| if test X"$with_noexec" != X"no"; then |
| PROGS="${PROGS} libsudo_noexec.la" |
| INSTALL_NOEXEC="install-noexec" |
| |
| eval noexec_file="$with_noexec" |
| SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so]) |
| fi |
| if test X"$with_selinux" != X"no"; then |
| eval sesh_file="$libexecdir/sesh" |
| SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh]) |
| fi |
| exec_prefix="$oexec_prefix" |
| fi |
| |
| dnl |
| dnl Override default configure dirs for the Makefile |
| dnl |
| if test X"$prefix" = X"NONE"; then |
| test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man' |
| else |
| test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man' |
| fi |
| test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' |
| test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' |
| test "$libexecdir" = '${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec' |
| test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include' |
| test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share' |
| test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' |
| test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' |
| |
| dnl |
| dnl Substitute into the Makefile and man pages |
| dnl |
| AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudoreplay.man sudo_usage.h sudoers]) |
| AC_OUTPUT |
| |
| dnl |
| dnl Spew any text the user needs to know about |
| dnl |
| if test "$with_pam" = "yes"; then |
| case $host in |
| *-*-linux*) |
| AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo]) |
| ;; |
| esac |
| fi |
| |
| dnl |
| dnl Autoheader templates |
| dnl |
| AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.]) |
| AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.]) |
| AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.]) |
| AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.]) |
| AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.]) |
| AH_TEMPLATE(ENV_DEBUG, [Define to 1 to enable environment function debugging.]) |
| AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.]) |
| AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".]) |
| AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.]) |
| AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.]) |
| AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.]) |
| AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.]) |
| AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM audit support.]) |
| AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.]) |
| AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.]) |
| AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.]) |
| AH_TEMPLATE(HAVE_DGETTEXT, [Define to 1 if you have the `dgettext' function.]) |
| AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.]) |
| AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.]) |
| AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.]) |
| AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.]) |
| AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.]) |
| AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)]) |
| AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)]) |
| AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)]) |
| AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)]) |
| AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)]) |
| AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.]) |
| AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.]) |
| AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if <netinet/in.h> contains struct in6_addr.]) |
| AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)]) |
| AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)]) |
| AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.]) |
| AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.]) |
| AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.]) |
| AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.]) |
| AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.]) |
| AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.]) |
| AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)]) |
| AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.]) |
| AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.]) |
| AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.]) |
| AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.]) |
| AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.]) |
| AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.]) |
| AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.]) |
| AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.]) |
| AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.]) |
| AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.]) |
| AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.]) |
| AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().]) |
| AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union]) |
| AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member]) |
| AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member]) |
| AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.]) |
| AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h]) |
| AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.]) |
| AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.]) |
| AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements]) |
| AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.]) |
| AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.]) |
| AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.]) |
| AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.]) |
| AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support]) |
| AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.]) |
| AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.]) |
| AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.]) |
| AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.]) |
| AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.]) |
| AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.]) |
| AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.]) |
| AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.]) |
| AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.]) |
| AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.]) |
| AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.]) |
| AH_TEMPLATE(USE_ADMIN_FLAG, [Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo.]) |
| AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.]) |
| AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.]) |
| AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.]) |
| AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.]) |
| AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.]) |
| AH_TEMPLATE(USING_NONUNIX_GROUPS, [Define to 1 if using a non-Unix group lookup implementation.]) |
| |
| dnl |
| dnl Bits to copy verbatim into config.h.in |
| dnl |
| AH_TOP([#ifndef _SUDO_CONFIG_H |
| #define _SUDO_CONFIG_H]) |
| |
| AH_BOTTOM([/* |
| * Macros to convert ctime and mtime into timevals. |
| */ |
| #define timespec2timeval(_ts, _tv) do { \ |
| (_tv)->tv_sec = (_ts)->tv_sec; \ |
| (_tv)->tv_usec = (_ts)->tv_nsec / 1000; \ |
| } while (0) |
| |
| #ifdef HAVE_ST_MTIM |
| # ifdef HAVE_ST__TIM |
| # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim.st__tim, (_y)) |
| # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim.st__tim, (_y)) |
| # else |
| # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim, (_y)) |
| # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim, (_y)) |
| # endif |
| #else |
| # ifdef HAVE_ST_MTIMESPEC |
| # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctimespec, (_y)) |
| # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtimespec, (_y)) |
| # else |
| # define ctim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_ctime; (_y)->tv_usec = 0; } while (0) |
| # define mtim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_mtime; (_y)->tv_usec = 0; } while (0) |
| # endif /* HAVE_ST_MTIMESPEC */ |
| #endif /* HAVE_ST_MTIM */ |
| |
| /* |
| * Emulate a subset of waitpid() if we don't have it. |
| */ |
| #ifdef HAVE_WAITPID |
| # define sudo_waitpid(p, s, o) waitpid(p, s, o) |
| #else |
| # ifdef HAVE_WAIT3 |
| # define sudo_waitpid(p, s, o) wait3(s, o, NULL) |
| # endif |
| #endif |
| |
| /* GNU stow needs /etc/sudoers to be a symlink. */ |
| #ifdef USE_STOW |
| # define stat_sudoers stat |
| #else |
| # define stat_sudoers lstat |
| #endif |
| |
| /* Macros to set/clear/test flags. */ |
| #undef SET |
| #define SET(t, f) ((t) |= (f)) |
| #undef CLR |
| #define CLR(t, f) ((t) &= ~(f)) |
| #undef ISSET |
| #define ISSET(t, f) ((t) & (f)) |
| |
| /* New ANSI-style OS defs for HP-UX and ConvexOS. */ |
| #if defined(hpux) && !defined(__hpux) |
| # define __hpux 1 |
| #endif /* hpux */ |
| |
| #if defined(convex) && !defined(__convex__) |
| # define __convex__ 1 |
| #endif /* convex */ |
| |
| /* BSD compatibility on some SVR4 systems. */ |
| #ifdef __svr4__ |
| # define BSD_COMP |
| #endif /* __svr4__ */ |
| |
| #endif /* _SUDO_CONFIG_H */]) |