isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
aecef4aa1d91c88fa9e034b05be4cdeed2608773
sudo/configure.ac
Todd C. Miller 36e828b59f Sudo 1.8.11
2014-06-26 15:51:15 -06:00

3987 lines
121 KiB
Plaintext
Raw Blame History

dnl
dnl Use the top-level autogen.sh script to generate configure and config.h.in
dnl
dnl Copyright (c) 1994-1996,1998-2014 Todd C. Miller <Todd.Miller@courtesan.com>
dnl
AC_PREREQ([2.59])
AC_INIT([sudo], [1.8.11], [http://www.sudo.ws/bugs/], [sudo])
AC_CONFIG_HEADER([config.h pathnames.h])
AC_CONFIG_SRCDIR([src/sudo.c])
dnl
dnl Note: this must come after AC_INIT
dnl
AC_MSG_NOTICE([Configuring Sudo version $PACKAGE_VERSION])
dnl
dnl Variables that get substituted in the Makefile and man pages
dnl
AC_SUBST([HAVE_BSM_AUDIT])
AC_SUBST([SHELL])
AC_SUBST([LIBTOOL])
AC_SUBST([CFLAGS])
AC_SUBST([PROGS])
AC_SUBST([CPPFLAGS])
AC_SUBST([LDFLAGS])
AC_SUBST([SUDOERS_LDFLAGS])
AC_SUBST([LT_LDFLAGS])
AC_SUBST([LT_LDMAP])
AC_SUBST([LT_LDOPT])
AC_SUBST([LT_LDDEP])
AC_SUBST([LT_LDEXPORTS])
AC_SUBST([COMMON_OBJS])
AC_SUBST([SUDOERS_OBJS])
AC_SUBST([SUDO_OBJS])
AC_SUBST([LIBS])
AC_SUBST([SUDO_LIBS])
AC_SUBST([SUDOERS_LIBS])
AC_SUBST([STATIC_SUDOERS])
AC_SUBST([NET_LIBS])
AC_SUBST([AFS_LIBS])
AC_SUBST([REPLAY_LIBS])
AC_SUBST([GETGROUPS_LIB])
AC_SUBST([OSDEFS])
AC_SUBST([AUTH_OBJS])
AC_SUBST([MANTYPE])
AC_SUBST([MANDIRTYPE])
AC_SUBST([MANCOMPRESS])
AC_SUBST([MANCOMPRESSEXT])
AC_SUBST([SHLIB_MODE])
AC_SUBST([SHLIB_EXT])
AC_SUBST([SUDOERS_MODE])
AC_SUBST([SUDOERS_UID])
AC_SUBST([SUDOERS_GID])
AC_SUBST([DEVEL])
AC_SUBST([BAMAN])
AC_SUBST([LCMAN])
AC_SUBST([PSMAN])
AC_SUBST([SEMAN])
AC_SUBST([devdir])
AC_SUBST([mansectsu])
AC_SUBST([mansectform])
AC_SUBST([mansrcdir])
AC_SUBST([NOEXECFILE])
AC_SUBST([NOEXECDIR])
AC_SUBST([SOEXT])
AC_SUBST([noexec_file])
AC_SUBST([sesh_file])
AC_SUBST([INSTALL_NOEXEC])
AC_SUBST([DONT_LEAK_PATH_INFO])
AC_SUBST([BSDAUTH_USAGE])
AC_SUBST([SELINUX_USAGE])
AC_SUBST([LDAP])
AC_SUBST([LOGINCAP_USAGE])
AC_SUBST([ZLIB])
AC_SUBST([ZLIB_SRC])
AC_SUBST([LIBTOOL_DEPS])
AC_SUBST([CONFIGURE_ARGS])
AC_SUBST([LIBDL])
AC_SUBST([LT_STATIC])
AC_SUBST([LIBINTL])
AC_SUBST([LIBMD])
AC_SUBST([SUDO_NLS])
AC_SUBST([LOCALEDIR_SUFFIX])
AC_SUBST([COMPAT_TEST_PROGS])
AC_SUBST([CROSS_COMPILING])
AC_SUBST([PIE_LDFLAGS])
AC_SUBST([PIE_CFLAGS])
AC_SUBST([SSP_LDFLAGS])
AC_SUBST([SSP_CFLAGS])
AC_SUBST([NO_VIZ])
AC_SUBST([INIT_SCRIPT])
AC_SUBST([INIT_DIR])
AC_SUBST([RC_LINK])
dnl
dnl Variables that get substituted in docs (not overridden by environment)
dnl
AC_SUBST([iolog_dir])dnl real initial value from SUDO_IO_LOGDIR
AC_SUBST([rundir])dnl real initial value from SUDO_RUNDIR
AC_SUBST([vardir])dnl real initial value from SUDO_VARDIR
AC_SUBST([timeout])
AC_SUBST([password_timeout])
AC_SUBST([sudo_umask])
AC_SUBST([umask_override])
AC_SUBST([passprompt])
AC_SUBST([long_otp_prompt])
AC_SUBST([lecture])
AC_SUBST([logfac])
AC_SUBST([goodpri])
AC_SUBST([badpri])
AC_SUBST([loglen])
AC_SUBST([ignore_dot])
AC_SUBST([mail_no_user])
AC_SUBST([mail_no_host])
AC_SUBST([mail_no_perms])
AC_SUBST([mailto])
AC_SUBST([mailsub])
AC_SUBST([badpass_message])
AC_SUBST([fqdn])
AC_SUBST([runas_default])
AC_SUBST([env_editor])
AC_SUBST([env_reset])
AC_SUBST([passwd_tries])
AC_SUBST([tty_tickets])
AC_SUBST([insults])
AC_SUBST([root_sudo])
AC_SUBST([path_info])
AC_SUBST([ldap_conf])
AC_SUBST([ldap_secret])
AC_SUBST([sssd_lib])
AC_SUBST([nsswitch_conf])
AC_SUBST([netsvc_conf])
AC_SUBST([secure_path])
AC_SUBST([editor])
AC_SUBST([pam_session])
AC_SUBST([pam_login_service])
AC_SUBST([PLUGINDIR])
#
# Begin initial values for man page substitution
#
iolog_dir=/var/log/sudo-io
rundir=/var/run/sudo
vardir=/var/adm/sudo
timeout=5
password_timeout=5
sudo_umask=0022
umask_override=off
passprompt="Password:"
long_otp_prompt=off
lecture=once
logfac=auth
goodpri=notice
badpri=alert
loglen=80
ignore_dot=off
mail_no_user=on
mail_no_host=off
mail_no_perms=off
mailto=root
mailsub="*** SECURITY information for %h ***"
badpass_message="Sorry, try again."
fqdn=off
runas_default=root
env_editor=off
env_reset=on
editor=vi
passwd_tries=3
tty_tickets=on
insults=off
root_sudo=on
path_info=on
ldap_conf=/etc/ldap.conf
ldap_secret=/etc/ldap.secret
netsvc_conf=/etc/netsvc.conf
noexec_file=/usr/local/libexec/sudo/sudo_noexec.so
sesh_file=/usr/local/libexec/sudo/sesh
nsswitch_conf=/etc/nsswitch.conf
secure_path="not set"
pam_session=on
pam_login_service=sudo
PLUGINDIR=/usr/local/libexec/sudo
#
# End initial values for man page substitution
#
dnl
dnl Initial values for Makefile variables listed above
dnl May be overridden by environment variables..
dnl
INSTALL_NOEXEC=
devdir='$(srcdir)'
PROGS="sudo"
: ${MANDIRTYPE='man'}
: ${mansrcdir='.'}
: ${SHLIB_MODE='0644'}
: ${SUDOERS_MODE='0440'}
: ${SUDOERS_UID='0'}
: ${SUDOERS_GID='0'}
DEVEL=
LDAP="#"
BAMAN=0
LCMAN=0
PSMAN=0
SEMAN=0
LIBINTL=
LIBMD=
ZLIB=
ZLIB_SRC=
AUTH_OBJS=
AUTH_REG=
AUTH_EXCL=
AUTH_EXCL_DEF=
AUTH_DEF=passwd
SUDO_NLS=disabled
LOCALEDIR_SUFFIX=
LT_LDEXPORTS="-export-symbols \$(shlib_exp)"
LT_LDDEP="\$(shlib_exp)"
NO_VIZ="-DNO_VIZ"
OS_INIT=os_init_common
INIT_SCRIPT=
INIT_DIR=
RC_LINK=
dnl
dnl Other vaiables
dnl
CHECKSHADOW=true
shadow_defs=
shadow_funcs=
shadow_libs=
shadow_libs_optional=
CONFIGURE_ARGS="$@"
dnl
dnl LD_PRELOAD equivalents
dnl
RTLD_PRELOAD_VAR="LD_PRELOAD"
RTLD_PRELOAD_ENABLE_VAR=
RTLD_PRELOAD_DELIM=":"
RTLD_PRELOAD_DEFAULT=
dnl
dnl libc replacement functions live in libsudo_util.a
dnl
AC_CONFIG_LIBOBJ_DIR(lib/util)
#
# Prior to sudo 1.8.7, sudo stored libexec files in $libexecdir.
# Starting with sudo 1.8.7, $libexecdir/sudo is used so strip
# off an extraneous "/sudo" from libexecdir.
#
case "$libexecdir" in
*/sudo)
AC_MSG_WARN([libexecdir should not include the "sudo" subdirectory])
libexecdir=`expr "$libexecdir" : '\\(.*\\)/sudo$'`
;;
esac
dnl
dnl Deprecated --with options (these all warn or generate an error)
dnl
AC_ARG_WITH(otp-only, [AS_HELP_STRING([--with-otp-only], [deprecated])],
[case $with_otp_only in
yes) with_passwd="no"
AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
;;
esac])
AC_ARG_WITH(alertmail, [AS_HELP_STRING([--with-alertmail], [deprecated])],
[case $with_alertmail in
*) with_mailto="$with_alertmail"
AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
;;
esac])
dnl
dnl Options for --with
dnl
AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])],
[case $with_devel in
yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
OSDEFS="${OSDEFS} -DSUDO_DEVEL"
DEVEL="true"
devdir=.
;;
no) ;;
*) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
;;
esac])
AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])],
[case $with_CC in
*) AC_MSG_ERROR([the --with-CC option is no longer supported, please set the CC environment variable instead.])
;;
esac])
AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [deprecated, use --disable-rpath])],
[AC_MSG_WARN([--with-rpath deprecated, rpath is now the default])])
AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [deprecated])],
[AC_MSG_WARN([--with-blibpath deprecated, use --with-libpath])])
dnl
dnl Handle BSM auditing support.
dnl
AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit support])],
[case $with_bsm_audit in
yes) AC_DEFINE(HAVE_BSM_AUDIT)
SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm"
SUDOERS_OBJS="${SUDOERS_OBJS} bsm_audit.lo"
;;
no) ;;
*) AC_MSG_ERROR(["--with-bsm-audit does not take an argument."])
;;
esac])
dnl
dnl Handle Linux auditing support.
dnl
AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux-audit], [enable Linux audit support])],
[case $with_linux_audit in
yes) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <libaudit.h>]], [[int i = AUDIT_USER_CMD; (void)i;]])], [
AC_DEFINE(HAVE_LINUX_AUDIT)
SUDO_LIBS="${SUDO_LIBS} -laudit"
SUDOERS_LIBS="${SUDO_LIBS} -laudit"
SUDOERS_OBJS="${SUDOERS_OBJS} linux_audit.lo"
], [
AC_MSG_ERROR([unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit])
])
;;
no) ;;
*) AC_MSG_ERROR(["--with-linux-audit does not take an argument."])
;;
esac])
dnl
dnl Handle SSSD support.
dnl
AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])],
[case $with_sssd in
yes) SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo"
AC_DEFINE(HAVE_SSSD)
;;
no) ;;
*) AC_MSG_ERROR(["--with-sssd does not take an argument."])
;;
esac])
AC_ARG_WITH(sssd-lib, [AS_HELP_STRING([--with-sssd-lib], [path to the SSSD library])])
sssd_lib="\"LIBDIR\""
test -n "$with_sssd_lib" && sssd_lib="$with_sssd_lib"
SUDO_DEFINE_UNQUOTED(_PATH_SSSD_LIB, "$sssd_lib", [Path to the SSSD library])
AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])],
[case $with_incpath in
yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
;;
no) AC_MSG_ERROR(["--without-incpath not supported."])
;;
*) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
for i in ${with_incpath}; do
SUDO_APPEND_CPPFLAGS(-I${i})
done
;;
esac])
AC_ARG_WITH(libpath, [AS_HELP_STRING([--with-libpath], [additional places to look for libraries])],
[case $with_libpath in
yes) AC_MSG_ERROR(["must give --with-libpath an argument."])
;;
no) AC_MSG_ERROR(["--without-libpath not supported."])
;;
*) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS])
;;
esac])
AC_ARG_WITH(libraries, [AS_HELP_STRING([--with-libraries], [additional libraries to link with])],
[case $with_libraries in
yes) AC_MSG_ERROR(["must give --with-libraries an argument."])
;;
no) AC_MSG_ERROR(["--without-libraries not supported."])
;;
*) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS])
;;
esac])
AC_ARG_WITH(efence, [AS_HELP_STRING([--with-efence], [link with -lefence for malloc() debugging])],
[case $with_efence in
yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
LIBS="${LIBS} -lefence"
if test -f /usr/local/lib/libefence.a; then
with_libpath="${with_libpath} /usr/local/lib"
fi
;;
no) ;;
*) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence])
;;
esac])
AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])],
[case $with_csops in
yes) AC_MSG_NOTICE([Adding CSOps standard options])
CHECKSIA=false
with_ignore_dot=yes
insults=on
with_classic_insults=yes
with_csops_insults=yes
with_env_editor=yes
: ${mansectsu='8'}
: ${mansectform='5'}
;;
no) ;;
*) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
;;
esac])
AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])],
[case $with_passwd in
yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
AC_MSG_RESULT($with_passwd)
AUTH_DEF=""
test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
;;
*) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
;;
esac])
AC_ARG_WITH(skey, [AS_HELP_STRING([--with-skey[=DIR]], [enable S/Key support ])],
[case $with_skey in
no) ;;
*) AC_DEFINE(HAVE_SKEY)
AC_MSG_CHECKING(whether to try S/Key authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG S/Key"
;;
esac])
AC_ARG_WITH(opie, [AS_HELP_STRING([--with-opie[=DIR]], [enable OPIE support ])],
[case $with_opie in
no) ;;
*) AC_DEFINE(HAVE_OPIE)
AC_MSG_CHECKING(whether to try NRL OPIE authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG NRL_OPIE"
;;
esac])
AC_ARG_WITH(long-otp-prompt, [AS_HELP_STRING([--with-long-otp-prompt], [use a two line OTP (skey/opie) prompt])],
[case $with_long_otp_prompt in
yes) AC_DEFINE(LONG_OTP_PROMPT)
AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
AC_MSG_RESULT(yes)
long_otp_prompt=on
;;
no) long_otp_prompt=off
;;
*) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."])
;;
esac])
AC_ARG_WITH(SecurID, [AS_HELP_STRING([--with-SecurID[[=DIR]]], [enable SecurID support])],
[case $with_SecurID in
no) ;;
*) AC_DEFINE(HAVE_SECURID)
AC_MSG_CHECKING(whether to use SecurID for authentication)
AC_MSG_RESULT(yes)
AUTH_EXCL="$AUTH_EXCL SecurID"
;;
esac])
AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]]], [enable FWTK AuthSRV support])],
[case $with_fwtk in
no) ;;
*) AC_DEFINE(HAVE_FWTK)
AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
AC_MSG_RESULT(yes)
AUTH_EXCL="$AUTH_EXCL FWTK"
;;
esac])
AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])],
[case $with_kerb5 in
no) ;;
*) AC_MSG_CHECKING(whether to try Kerberos V authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG kerb5"
;;
esac])
AC_ARG_WITH(aixauth, [AS_HELP_STRING([--with-aixauth], [enable AIX general authentication support])],
[case $with_aixauth in
yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
no) ;;
*) AC_MSG_ERROR(["--with-aixauth does not take an argument."])
;;
esac])
AC_ARG_WITH(pam, [AS_HELP_STRING([--with-pam], [enable PAM support])],
[case $with_pam in
yes) AUTH_EXCL="$AUTH_EXCL PAM";;
no) ;;
*) AC_MSG_ERROR(["--with-pam does not take an argument."])
;;
esac])
AC_ARG_WITH(AFS, [AS_HELP_STRING([--with-AFS], [enable AFS support])],
[case $with_AFS in
yes) AC_DEFINE(HAVE_AFS)
AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG AFS"
;;
no) ;;
*) AC_MSG_ERROR(["--with-AFS does not take an argument."])
;;
esac])
AC_ARG_WITH(DCE, [AS_HELP_STRING([--with-DCE], [enable DCE support])],
[case $with_DCE in
yes) AC_DEFINE(HAVE_DCE)
AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG DCE"
;;
no) ;;
*) AC_MSG_ERROR(["--with-DCE does not take an argument."])
;;
esac])
AC_ARG_WITH(logincap, [AS_HELP_STRING([--with-logincap], [enable BSD login class support])],
[case $with_logincap in
yes|no) ;;
*) AC_MSG_ERROR(["--with-logincap does not take an argument."])
;;
esac])
AC_ARG_WITH(bsdauth, [AS_HELP_STRING([--with-bsdauth], [enable BSD authentication support])],
[case $with_bsdauth in
yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
no) ;;
*) AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
;;
esac])
AC_ARG_WITH(project, [AS_HELP_STRING([--with-project], [enable Solaris project support])],
[case $with_project in
yes|no) ;;
no) ;;
*) AC_MSG_ERROR(["--with-project does not take an argument."])
;;
esac])
AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
AC_ARG_WITH(lecture, [AS_HELP_STRING([--without-lecture], [don't print lecture for first-time sudoer])],
[case $with_lecture in
yes|short|always) lecture=once
;;
no|none|never) lecture=never
;;
*) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"])
;;
esac])
if test "$lecture" = "once"; then
AC_MSG_RESULT(yes)
else
AC_DEFINE(NO_LECTURE)
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
AC_ARG_WITH(logging, [AS_HELP_STRING([--with-logging], [log via syslog, file, or both])],
[case $with_logging in
yes) AC_MSG_ERROR(["must give --with-logging an argument."])
;;
no) AC_MSG_ERROR(["--without-logging not supported."])
;;
syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG)
AC_MSG_RESULT(syslog)
;;
file) AC_DEFINE(LOGGING, SLOG_FILE)
AC_MSG_RESULT(file)
;;
both) AC_DEFINE(LOGGING, SLOG_BOTH)
AC_MSG_RESULT(both)
;;
*) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"])
;;
esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "auth")])],
[case $with_logfac in
yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
;;
no) AC_MSG_ERROR(["--without-logfac not supported."])
;;
authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac
;;
*) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
;;
esac])
AC_MSG_CHECKING(at which syslog priority to log commands)
AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])],
[case $with_goodpri in
yes) AC_MSG_ERROR(["must give --with-goodpri an argument."])
;;
no) AC_MSG_ERROR(["--without-goodpri not supported."])
;;
alert|crit|debug|emerg|err|info|notice|warning)
goodpri=$with_goodpri
;;
*) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."])
;;
esac])
AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
AC_MSG_RESULT($goodpri)
AC_MSG_CHECKING(at which syslog priority to log failures)
AC_ARG_WITH(badpri, [AS_HELP_STRING([--with-badpri], [syslog priority for failures (def is "alert")])],
[case $with_badpri in
yes) AC_MSG_ERROR(["must give --with-badpri an argument."])
;;
no) AC_MSG_ERROR(["--without-badpri not supported."])
;;
alert|crit|debug|emerg|err|info|notice|warning)
badpri=$with_badpri
;;
*) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
;;
esac])
AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
AC_MSG_RESULT($badpri)
AC_ARG_WITH(logpath, [AS_HELP_STRING([--with-logpath], [path to the sudo log file])],
[case $with_logpath in
yes) AC_MSG_ERROR(["must give --with-logpath an argument."])
;;
no) AC_MSG_ERROR(["--without-logpath not supported."])
;;
esac])
AC_MSG_CHECKING(how long a line in the log file should be)
AC_ARG_WITH(loglen, [AS_HELP_STRING([--with-loglen], [maximum length of a log file line (default is 80)])],
[case $with_loglen in
yes) AC_MSG_ERROR(["must give --with-loglen an argument."])
;;
no) AC_MSG_ERROR(["--without-loglen not supported."])
;;
[[0-9]]*) loglen=$with_loglen
;;
*) AC_MSG_ERROR(["you must enter a number, not $with_loglen"])
;;
esac])
AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
AC_MSG_RESULT($loglen)
AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [ignore '.' in the PATH])],
[case $with_ignore_dot in
yes) ignore_dot=on
;;
no) ignore_dot=off
;;
*) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."])
;;
esac])
if test "$ignore_dot" = "on"; then
AC_DEFINE(IGNORE_DOT_PATH)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
AC_ARG_WITH(mail-if-no-user, [AS_HELP_STRING([--without-mail-if-no-user], [do not send mail if user not in sudoers])],
[case $with_mail_if_no_user in
yes) mail_no_user=on
;;
no) mail_no_user=off
;;
*) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."])
;;
esac])
if test "$mail_no_user" = "on"; then
AC_DEFINE(SEND_MAIL_WHEN_NO_USER)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
AC_ARG_WITH(mail-if-no-host, [AS_HELP_STRING([--with-mail-if-no-host], [send mail if user in sudoers but not for this host])],
[case $with_mail_if_no_host in
yes) mail_no_host=on
;;
no) mail_no_host=off
;;
*) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."])
;;
esac])
if test "$mail_no_host" = "on"; then
AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
AC_ARG_WITH(mail-if-noperms, [AS_HELP_STRING([--with-mail-if-noperms], [send mail if user not allowed to run command])],
[case $with_mail_if_noperms in
yes) mail_noperms=on
;;
no) mail_noperms=off
;;
*) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."])
;;
esac])
if test "$mail_noperms" = "on"; then
AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(who should get the mail that sudo sends)
AC_ARG_WITH(mailto, [AS_HELP_STRING([--with-mailto], [who should get sudo mail (default is "root")])],
[case $with_mailto in
yes) AC_MSG_ERROR(["must give --with-mailto an argument."])
;;
no) AC_MSG_ERROR(["--without-mailto not supported."])
;;
*) mailto=$with_mailto
;;
esac])
AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
AC_MSG_RESULT([$mailto])
AC_ARG_WITH(mailsubject, [AS_HELP_STRING([--with-mailsubject], [subject of sudo mail])],
[case $with_mailsubject in
yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."])
;;
no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.])
;;
*) mailsub="$with_mailsubject"
AC_MSG_CHECKING(sudo mail subject)
AC_MSG_RESULT([Using alert mail subject: $mailsub])
;;
esac])
AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
AC_MSG_CHECKING(for bad password prompt)
AC_ARG_WITH(passprompt, [AS_HELP_STRING([--with-passprompt], [default password prompt])],
[case $with_passprompt in
yes) AC_MSG_ERROR(["must give --with-passprompt an argument."])
;;
no) AC_MSG_WARN([Sorry, --without-passprompt not supported.])
;;
*) passprompt="$with_passprompt"
esac])
AC_MSG_RESULT($passprompt)
AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
AC_MSG_CHECKING(for bad password message)
AC_ARG_WITH(badpass-message, [AS_HELP_STRING([--with-badpass-message], [message the user sees when the password is wrong])],
[case $with_badpass_message in
yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
;;
no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.])
;;
*) badpass_message="$with_badpass_message"
;;
esac])
AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
AC_MSG_RESULT([$badpass_message])
AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
AC_ARG_WITH(fqdn, [AS_HELP_STRING([--with-fqdn], [expect fully qualified hosts in sudoers])],
[case $with_fqdn in
yes) fqdn=on
;;
no) fqdn=off
;;
*) AC_MSG_ERROR(["--with-fqdn does not take an argument."])
;;
esac])
if test "$fqdn" = "on"; then
AC_DEFINE(FQDN)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir=DIR], [deprecated])],
[case $with_timedir in
*) AC_MSG_ERROR(["--without-timedir no longer supported, see --with-rundir."])
;;
esac])
AC_ARG_WITH(rundir, [AS_HELP_STRING([--with-rundir=DIR], [path to the sudo time stamp parent dir])],
[case $with_rundir in
yes) AC_MSG_ERROR(["must give --with-rundir an argument."])
;;
no) AC_MSG_ERROR(["--without-rundir not supported."])
;;
esac])
AC_ARG_WITH(vardir, [AS_HELP_STRING([--with-vardir=DIR], [path to the sudo var dir])],
[case $with_vardir in
yes) AC_MSG_ERROR(["must give --with-vardirdir an argument."])
;;
no) AC_MSG_ERROR(["--without-vardirdir not supported."])
;;
esac])
AC_ARG_WITH(iologdir, [AS_HELP_STRING([--with-iologdir=DIR], [directory to store sudo I/O log files in])],
[case $with_iologdir in
yes) ;;
no) AC_MSG_ERROR(["--without-iologdir not supported."])
;;
esac])
AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail])
AS_HELP_STRING([--without-sendmail], [do not send mail at all])],
[case $with_sendmail in
yes) with_sendmail=""
;;
no) ;;
*) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
;;
esac])
AC_ARG_WITH(sudoers-mode, [AS_HELP_STRING([--with-sudoers-mode], [mode of sudoers file (defaults to 0440)])],
[case $with_sudoers_mode in
yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
;;
no) AC_MSG_ERROR(["--without-sudoers-mode not supported."])
;;
[[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode}
;;
0*) SUDOERS_MODE=$with_sudoers_mode
;;
*) AC_MSG_ERROR(["you must use an octal mode, not a name."])
;;
esac])
AC_ARG_WITH(sudoers-uid, [AS_HELP_STRING([--with-sudoers-uid], [uid that owns sudoers file (defaults to 0)])],
[case $with_sudoers_uid in
yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
;;
no) AC_MSG_ERROR(["--without-sudoers-uid not supported."])
;;
[[0-9]]*) SUDOERS_UID=$with_sudoers_uid
;;
*) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."])
;;
esac])
AC_ARG_WITH(sudoers-gid, [AS_HELP_STRING([--with-sudoers-gid], [gid that owns sudoers file (defaults to 0)])],
[case $with_sudoers_gid in
yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
;;
no) AC_MSG_ERROR(["--without-sudoers-gid not supported."])
;;
[[0-9]]*) SUDOERS_GID=$with_sudoers_gid
;;
*) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."])
;;
esac])
AC_MSG_CHECKING(for umask programs should be run with)
AC_ARG_WITH(umask, [AS_HELP_STRING([--with-umask], [umask with which the prog should run (default is 022)])
AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo.])],
[case $with_umask in
yes) AC_MSG_ERROR(["must give --with-umask an argument."])
;;
no) sudo_umask=0777
;;
[[0-9]]*) sudo_umask=$with_umask
;;
*) AC_MSG_ERROR(["you must enter a numeric mask."])
;;
esac])
AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the sudo-run prog should use.])
if test "$sudo_umask" = "0777"; then
AC_MSG_RESULT(user)
else
AC_MSG_RESULT($sudo_umask)
fi
AC_ARG_WITH(umask-override, [AS_HELP_STRING([--with-umask-override], [Use the umask specified in sudoers even if it is less restrictive than the user's.])],
[case $with_umask_override in
yes) AC_DEFINE(UMASK_OVERRIDE)
umask_override=on
;;
no) umask_override=off
;;
*) AC_MSG_ERROR(["--with-umask-override does not take an argument."])
;;
esac])
AC_MSG_CHECKING(for default user to run commands as)
AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])],
[case $with_runas_default in
yes) AC_MSG_ERROR(["must give --with-runas-default an argument."])
;;
no) AC_MSG_ERROR(["--without-runas-default not supported."])
;;
*) runas_default="$with_runas_default"
;;
esac])
AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
AC_MSG_RESULT([$runas_default])
AC_ARG_WITH(exempt, [AS_HELP_STRING([--with-exempt=group], [no passwd needed for users in this group])],
[case $with_exempt in
yes) AC_MSG_ERROR(["must give --with-exempt an argument."])
;;
no) AC_MSG_ERROR(["--without-exempt not supported."])
;;
*) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
AC_MSG_CHECKING(for group to be exempt from password)
AC_MSG_RESULT([$with_exempt])
;;
esac])
AC_MSG_CHECKING(for editor that visudo should use)
AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for visudo (defaults to vi)])],
[case $with_editor in
yes) AC_MSG_ERROR(["must give --with-editor an argument."])
;;
no) AC_MSG_ERROR(["--without-editor not supported."])
;;
*) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
AC_MSG_RESULT([$with_editor])
editor="$with_editor"
;;
esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
AC_ARG_WITH(env-editor, [AS_HELP_STRING([--with-env-editor], [Use the environment variable EDITOR for visudo])],
[case $with_env_editor in
yes) env_editor=on
;;
no) env_editor=off
;;
*) AC_MSG_ERROR(["--with-env-editor does not take an argument."])
;;
esac])
if test "$env_editor" = "on"; then
AC_DEFINE(ENV_EDITOR)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(number of tries a user gets to enter their password)
AC_ARG_WITH(passwd-tries, [AS_HELP_STRING([--with-passwd-tries], [number of tries to enter password (default is 3)])],
[case $with_passwd_tries in
yes) ;;
no) AC_MSG_ERROR(["--without-editor not supported."])
;;
[[1-9]]*) passwd_tries=$with_passwd_tries
;;
*) AC_MSG_ERROR(["you must enter the numer of tries, > 0"])
;;
esac])
AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
AC_MSG_RESULT($passwd_tries)
AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
AC_ARG_WITH(timeout, [AS_HELP_STRING([--with-timeout], [minutes before sudo asks for passwd again (def is 5 minutes)])],
[case $with_timeout in
yes) ;;
no) timeout=0
;;
[[0-9]]*) timeout=$with_timeout
;;
*) AC_MSG_ERROR(["you must enter the numer of minutes."])
;;
esac])
AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
AC_MSG_RESULT($timeout)
AC_MSG_CHECKING(time in minutes after the password prompt will time out)
AC_ARG_WITH(password-timeout, [AS_HELP_STRING([--with-password-timeout], [passwd prompt timeout in minutes (default is 5 minutes)])],
[case $with_password_timeout in
yes) ;;
no) password_timeout=0
;;
[[0-9]]*) password_timeout=$with_password_timeout
;;
*) AC_MSG_ERROR(["you must enter the numer of minutes."])
;;
esac])
AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
AC_MSG_RESULT($password_timeout)
AC_MSG_CHECKING(whether to use per-tty ticket files)
AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different ticket file for each tty])],
[case $with_tty_tickets in
yes) tty_tickets=on
;;
no) tty_tickets=off
;;
*) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
;;
esac])
if test "$tty_tickets" = "off"; then
AC_DEFINE(NO_TTY_TICKETS)
AC_MSG_RESULT(no)
else
AC_MSG_RESULT(yes)
fi
AC_MSG_CHECKING(whether to include insults)
AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for entering an incorrect password])],
[case $with_insults in
yes) insults=on
with_classic_insults=yes
with_csops_insults=yes
;;
disabled) insults=off
with_classic_insults=yes
with_csops_insults=yes
;;
no) insults=off
;;
*) AC_MSG_ERROR(["--with-insults does not take an argument."])
;;
esac])
if test "$insults" = "on"; then
AC_DEFINE(USE_INSULTS)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_ARG_WITH(all-insults, [AS_HELP_STRING([--with-all-insults], [include all the sudo insult sets])],
[case $with_all_insults in
yes) with_classic_insults=yes
with_csops_insults=yes
with_hal_insults=yes
with_goons_insults=yes
;;
no) ;;
*) AC_MSG_ERROR(["--with-all-insults does not take an argument."])
;;
esac])
AC_ARG_WITH(classic-insults, [AS_HELP_STRING([--with-classic-insults], [include the insults from the "classic" sudo])],
[case $with_classic_insults in
yes) AC_DEFINE(CLASSIC_INSULTS)
;;
no) ;;
*) AC_MSG_ERROR(["--with-classic-insults does not take an argument."])
;;
esac])
AC_ARG_WITH(csops-insults, [AS_HELP_STRING([--with-csops-insults], [include CSOps insults])],
[case $with_csops_insults in
yes) AC_DEFINE(CSOPS_INSULTS)
;;
no) ;;
*) AC_MSG_ERROR(["--with-csops-insults does not take an argument."])
;;
esac])
AC_ARG_WITH(hal-insults, [AS_HELP_STRING([--with-hal-insults], [include 2001-like insults])],
[case $with_hal_insults in
yes) AC_DEFINE(HAL_INSULTS)
;;
no) ;;
*) AC_MSG_ERROR(["--with-hal-insults does not take an argument."])
;;
esac])
AC_ARG_WITH(goons-insults, [AS_HELP_STRING([--with-goons-insults], [include the insults from the "Goon Show"])],
[case $with_goons_insults in
yes) AC_DEFINE(GOONS_INSULTS)
;;
no) ;;
*) AC_MSG_ERROR(["--with-goons-insults does not take an argument."])
;;
esac])
AC_ARG_WITH(nsswitch, [AS_HELP_STRING([--with-nsswitch[[=PATH]]], [path to nsswitch.conf])],
[case $with_nsswitch in
no) ;;
yes) with_nsswitch="/etc/nsswitch.conf"
;;
*) ;;
esac])
AC_ARG_WITH(ldap, [AS_HELP_STRING([--with-ldap[[=DIR]]], [enable LDAP support])],
[case $with_ldap in
no) ;;
*) AC_DEFINE(HAVE_LDAP)
AC_MSG_CHECKING(whether to use sudoers from LDAP)
AC_MSG_RESULT(yes)
;;
esac])
AC_ARG_WITH(ldap-conf-file, [AS_HELP_STRING([--with-ldap-conf-file], [path to LDAP configuration file])])
test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file"
SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$ldap_conf", [Path to the ldap.conf file])
AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path to LDAP secret password file])])
test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file"
SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file])
AC_ARG_WITH(pc-insults, [AS_HELP_STRING([--with-pc-insults], [replace politically incorrect insults with less offensive ones])],
[case $with_pc_insults in
yes) AC_DEFINE(PC_INSULTS)
;;
no) ;;
*) AC_MSG_ERROR(["--with-pc-insults does not take an argument."])
;;
esac])
dnl include all insult sets on one line
if test "$insults" = "on"; then
AC_MSG_CHECKING(which insult sets to include)
i=""
test "$with_goons_insults" = "yes" && i="goons ${i}"
test "$with_hal_insults" = "yes" && i="hal ${i}"
test "$with_csops_insults" = "yes" && i="csops ${i}"
test "$with_classic_insults" = "yes" && i="classic ${i}"
AC_MSG_RESULT([$i])
fi
AC_MSG_CHECKING(whether to override the user's path)
AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])],
[case $with_secure_path in
yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc"
AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
AC_MSG_RESULT([$with_secure_path])
secure_path="set to $with_secure_path"
;;
no) AC_MSG_RESULT(no)
;;
*) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
AC_MSG_RESULT([$with_secure_path])
secure_path="set to F<$with_secure_path>"
;;
esac], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-interfaces], [don't try to read the ip addr of ether interfaces])],
[case $with_interfaces in
yes) AC_MSG_RESULT(yes)
;;
no) AC_DEFINE(STUB_LOAD_INTERFACES)
AC_MSG_RESULT(no)
;;
*) AC_MSG_ERROR(["--with-interfaces does not take an argument."])
;;
esac], AC_MSG_RESULT(yes))
AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [deprecated])],
[case $with_stow in
*) AC_MSG_NOTICE([--with-stow option deprecated, now is defalt behavior])
;;
esac])
AC_MSG_CHECKING(whether to use an askpass helper)
AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])],
[case $with_askpass in
yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."])
;;
no) ;;
*) ;;
esac], [
with_askpass=no
AC_MSG_RESULT(no)
])
if test X"$with_askpass" != X"no"; then
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass")
else
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, NULL)
fi
AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir=DIR], [set directory to load plugins from])],
[case $with_plugindir in
no) AC_MSG_ERROR(["illegal argument: --without-plugindir."])
;;
*) ;;
esac], [with_plugindir="$libexecdir/sudo"])
AC_ARG_WITH(man, [AS_HELP_STRING([--with-man], [manual pages use man macros])],
[case $with_man in
yes) MANTYPE=man
;;
no) AC_MSG_ERROR(["--without-man not supported."])
;;
*) AC_MSG_ERROR(["ignoring unknown argument to --with-man: $with_man."])
;;
esac])
AC_ARG_WITH(mdoc, [AS_HELP_STRING([--with-mdoc], [manual pages use mdoc macros])],
[case $with_mdoc in
yes) MANTYPE=mdoc
;;
no) AC_MSG_ERROR(["--without-mdoc not supported."])
;;
*) AC_MSG_ERROR(["ignoring unknown argument to --with-mdoc: $with_mdoc."])
;;
esac])
dnl
dnl Options for --enable
dnl
AC_MSG_CHECKING(whether to do user authentication by default)
AC_ARG_ENABLE(authentication,
[AS_HELP_STRING([--disable-authentication], [Do not require authentication by default])],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
;;
no) AC_MSG_RESULT(no)
AC_DEFINE(NO_AUTHENTICATION)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval])
;;
esac
], AC_MSG_RESULT(yes))
AC_MSG_CHECKING(whether to disable running the mailer as root)
AC_ARG_ENABLE(root-mailer,
[AS_HELP_STRING([--disable-root-mailer], [Don't run the mailer as root, run as the user])],
[ case "$enableval" in
yes) AC_MSG_RESULT(no)
;;
no) AC_MSG_RESULT(yes)
AC_DEFINE(NO_ROOT_MAILER)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_ARG_ENABLE(setreuid,
[AS_HELP_STRING([--disable-setreuid], [Don't try to use the setreuid() function])],
[ case "$enableval" in
no) SKIP_SETREUID=yes
;;
*) ;;
esac
])
AC_ARG_ENABLE(setresuid,
[AS_HELP_STRING([--disable-setresuid], [Don't try to use the setresuid() function])],
[ case "$enableval" in
no) SKIP_SETRESUID=yes
;;
*) ;;
esac
])
AC_MSG_CHECKING(whether to disable shadow password support)
AC_ARG_ENABLE(shadow,
[AS_HELP_STRING([--disable-shadow], [Never use shadow passwords])],
[ case "$enableval" in
yes) AC_MSG_RESULT(no)
;;
no) AC_MSG_RESULT(yes)
CHECKSHADOW="false"
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether root should be allowed to use sudo)
AC_ARG_ENABLE(root-sudo,
[AS_HELP_STRING([--disable-root-sudo], [Don't allow root to run sudo])],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
;;
no) AC_DEFINE(NO_ROOT_SUDO)
AC_MSG_RESULT(no)
root_sudo=off
;;
*) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."])
;;
esac
], AC_MSG_RESULT(yes))
AC_MSG_CHECKING(whether to log the hostname in the log file)
AC_ARG_ENABLE(log-host,
[AS_HELP_STRING([--enable-log-host], [Log the hostname in the log file])],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
AC_DEFINE(HOST_IN_LOG)
;;
no) AC_MSG_RESULT(no)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
AC_ARG_ENABLE(noargs-shell,
[AS_HELP_STRING([--enable-noargs-shell], [If sudo is given no arguments run a shell])],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
AC_DEFINE(SHELL_IF_NO_ARGS)
;;
no) AC_MSG_RESULT(no)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
AC_ARG_ENABLE(shell-sets-home,
[AS_HELP_STRING([--enable-shell-sets-home], [Set $HOME to target user in shell mode])],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
AC_DEFINE(SHELL_SETS_HOME)
;;
no) AC_MSG_RESULT(no)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether to disable 'command not found' messages)
AC_ARG_ENABLE(path_info,
[AS_HELP_STRING([--disable-path-info], [Print 'command not allowed' not 'command not found'])],
[ case "$enableval" in
yes) AC_MSG_RESULT(no)
;;
no) AC_MSG_RESULT(yes)
AC_DEFINE(DONT_LEAK_PATH_INFO)
path_info=off
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether to enable environment debugging)
AC_ARG_ENABLE(env_debug,
[AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
AC_DEFINE(ENV_DEBUG)
;;
no) AC_MSG_RESULT(no)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-env-debug: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_ARG_ENABLE(zlib,
[AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])],
[], [enable_zlib=yes])
AC_MSG_CHECKING(whether to enable environment resetting by default)
AC_ARG_ENABLE(env_reset,
[AS_HELP_STRING([--enable-env-reset], [Whether to enable environment resetting by default.])],
[ case "$enableval" in
yes) env_reset=on
;;
no) env_reset=off
;;
*) env_reset=on
AC_MSG_WARN([Ignoring unknown argument to --enable-env-reset: $enableval])
;;
esac
])
if test "$env_reset" = "on"; then
AC_MSG_RESULT(yes)
AC_DEFINE(ENV_RESET, 1)
else
AC_MSG_RESULT(no)
AC_DEFINE(ENV_RESET, 0)
fi
AC_ARG_ENABLE(warnings,
[AS_HELP_STRING([--enable-warnings], [Whether to enable compiler warnings])],
[ case "$enableval" in
yes) ;;
no) ;;
*) AC_MSG_WARN([Ignoring unknown argument to --enable-warnings: $enableval])
;;
esac
])
AC_ARG_ENABLE(werror,
[AS_HELP_STRING([--enable-werror], [Whether to enable the -Werror compiler option])],
[ case "$enableval" in
yes) ;;
no) ;;
*) AC_MSG_WARN([Ignoring unknown argument to --enable-werror: $enableval])
;;
esac
])
AC_ARG_ENABLE(hardening,
[AS_HELP_STRING([--disable-hardening], [Do not use compiler/linker exploit mitigation options])],
[], [enable_hardening=yes])
AC_ARG_ENABLE(pie,
[AS_HELP_STRING([--enable-pie], [Build sudo as a position independent executable.])])
AC_ARG_ENABLE(poll,
[AS_HELP_STRING([--disable-poll], [Use select() instead of poll().])])
AC_ARG_ENABLE(admin-flag,
[AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])],
[ case "$enableval" in
yes) AC_DEFINE(USE_ADMIN_FLAG)
;;
no) ;;
*) AC_MSG_WARN([Ignoring unknown argument to --enable-admin-flag: $enableval])
;;
esac
])
AC_ARG_ENABLE(nls,
[AS_HELP_STRING([--disable-nls], [Disable natural language support using gettext])],
[], [enable_nls=yes])
AC_ARG_ENABLE(rpath,
[AS_HELP_STRING([--disable-rpath], [Disable passing of -Rpath to the linker])],
[], [enable_rpath=yes])
AC_ARG_ENABLE(static-sudoers,
[AS_HELP_STRING([--enable-static-sudoers], [Build the sudoers policy module as part of the sudo binary instead as a plugin])],
[], [enable_static_sudoers=no])
AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])],
[case $with_selinux in
yes) SELINUX_USAGE="[[-r role]] [[-t type]] "
AC_DEFINE(HAVE_SELINUX)
SUDO_LIBS="${SUDO_LIBS} -lselinux"
SUDO_OBJS="${SUDO_OBJS} selinux.o"
PROGS="${PROGS} sesh"
SEMAN=1
AC_CHECK_LIB([selinux], [setkeycreatecon],
[AC_DEFINE(HAVE_SETKEYCREATECON)])
;;
no) ;;
*) AC_MSG_ERROR(["--with-selinux does not take an argument."])
;;
esac], [with_selinux=no])
dnl
dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default
dnl
AC_ARG_ENABLE(gss_krb5_ccache_name,
[AS_HELP_STRING([--enable-gss-krb5-ccache-name], [Use GSS-API to set the Kerberos V cred cache name])],
[check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no])
dnl
dnl C compiler checks
dnl
AC_SEARCH_LIBS([strerror], [cposix])
AC_PROG_CPP
AC_CHECK_TOOL(AR, ar, false)
AC_CHECK_TOOL(RANLIB, ranlib, :)
if test X"$AR" = X"false"; then
AC_MSG_ERROR([the "ar" utility is required to build sudo])
fi
if test "x$ac_cv_prog_cc_c89" = "xno"; then
AC_MSG_ERROR([Sudo version $PACKAGE_VERSION requires an ANSI C compiler to build.])
fi
dnl
dnl If the user specified --disable-static, override them or we'll
dnl be unable to build the executables in the sudoers plugin dir.
dnl
if test "$enable_static" = "no"; then
AC_MSG_WARN([Ignoring --disable-static, sudo does not install static libs])
enable_static=yes
fi
dnl
dnl Libtool setup, we require libtool 2.2.6b or higher
dnl
AC_CANONICAL_HOST
AC_CONFIG_MACRO_DIR([m4])
LT_PREREQ([2.2.6b])
LT_INIT([dlopen])
dnl
dnl Allow the user to specify an alternate libtool.
dnl XXX - should be able to skip LT_INIT if we are using a different libtool
dnl
AC_ARG_WITH(libtool, [AS_HELP_STRING([--with-libtool=PATH], [specify path to libtool])],
[case $with_libtool in
yes|builtin) ;;
no) AC_MSG_ERROR(["--without-libtool not supported."])
;;
system) LIBTOOL=libtool
;;
*) LIBTOOL="$with_libtool"
;;
esac])
dnl
dnl Defer with_noexec until after libtool magic runs
dnl
if test "$enable_shared" = "no"; then
with_noexec=no
enable_dlopen=no
lt_cv_dlopen=none
lt_cv_dlopen_libs=
ac_cv_func_dlopen=no
LT_LDFLAGS=-static
else
eval _shrext="$shrext_cmds"
# Darwin uses .dylib for libraries but .so for modules
if test X"$_shrext" = X".dylib"; then
SOEXT=".so"
SHLIB_EXT=".dylib"
else
SOEXT="$_shrext"
SHLIB_EXT="$_shrext"
fi
fi
LIBDL="$lt_cv_dlopen_libs"
AC_MSG_CHECKING(path to sudo_noexec.so)
AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])],
[case $with_noexec in
yes) with_noexec="$libexecdir/sudo/sudo_noexec.so"
;;
no) ;;
*) ;;
esac], [with_noexec="$libexecdir/sudo/sudo_noexec.so"])
AC_MSG_RESULT($with_noexec)
NOEXECFILE="sudo_noexec.so"
NOEXECDIR="`echo $with_noexec|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`"
dnl
dnl Find programs we use
dnl
AC_PATH_PROG(UNAMEPROG, [uname], [uname])
AC_PATH_PROG(TRPROG, [tr], [tr])
AC_PATH_PROG(MANDOCPROG, [mandoc], [mandoc])
if test "$MANDOCPROG" != "mandoc"; then
: ${MANTYPE='mdoc'}
else
AC_PATH_PROG(NROFFPROG, [nroff])
if test -n "$NROFFPROG"; then
test -n "$MANTYPE" && sudo_cv_var_mantype="$MANTYPE"
AC_CACHE_CHECK([which macro set to use for manual pages],
[sudo_cv_var_mantype],
[
sudo_cv_var_mantype="man"
echo ".Sh NAME" > conftest
echo ".Nm sudo" >> conftest
echo ".Nd sudo" >> conftest
echo ".Sh DESCRIPTION" >> conftest
echo "sudo" >> conftest
if $NROFFPROG -mdoc conftest >/dev/null 2>&1; then
sudo_cv_var_mantype="mdoc"
fi
rm -f conftest
]
)
MANTYPE="$sudo_cv_var_mantype"
else
MANTYPE=cat
MANDIRTYPE=cat
mansrcdir='$(srcdir)'
fi
fi
dnl
dnl What kind of beastie are we being run on?
dnl Barf if config.cache was generated on another host.
dnl
if test -n "$sudo_cv_prev_host"; then
if test "$sudo_cv_prev_host" != "$host"; then
AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
else
AC_MSG_CHECKING(previous host type)
AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
AC_MSG_RESULT([$sudo_cv_prev_host])
fi
else
# this will produce no output since there is no cached value
AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
fi
dnl
dnl We want to be able to differentiate between different rev's
dnl
if test -n "$host_os"; then
OS=`echo $host_os | sed 's/[[0-9]].*//'`
OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'`
OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
else
OS="unknown"
OSREV=0
OSMAJOR=0
fi
case "$host" in
*-*-sunos4*)
# LD_PRELOAD is space-delimited
RTLD_PRELOAD_DELIM=" "
# getcwd(3) opens a pipe to getpwd(1)!?!
BROKEN_GETCWD=1
# system headers lack prototypes but gcc helps...
if test -n "$GCC"; then
OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
fi
shadow_funcs="getpwanam issecure"
;;
*-*-solaris2*)
# LD_PRELOAD is space-delimited
RTLD_PRELOAD_DELIM=" "
# Solaris-specific initialization
OS_INIT=os_init_solaris
SUDO_OBJS="${SUDO_OBJS} solaris.o"
# To get the crypt(3) prototype (so we pass -Wall)
OSDEFS="${OSDEFS} -D__EXTENSIONS__"
# AFS support needs -lucb
if test "$with_AFS" = "yes"; then
AFS_LIBS="-lc -lucb"
fi
: ${mansectsu='1m'}
: ${mansectform='4'}
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
AC_CHECK_FUNCS(priv_set, [PSMAN=1])
;;
*-*-aix*)
# To get all prototypes (so we pass -Wall)
OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT"
SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
# On AIX 6 and higher default to PAM, else default to LAM
if test $OSMAJOR -ge 6; then
if test X"$with_pam" = X""; then
AUTH_EXCL_DEF="PAM"
fi
else
if test X"$with_aixauth" = X""; then
AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
fi
fi
# AIX analog of nsswitch.conf, enabled by default
AC_ARG_WITH(netsvc, [AS_HELP_STRING([--with-netsvc[[=PATH]]], [path to netsvc.conf])],
[case $with_netsvc in
no) ;;
yes) with_netsvc="/etc/netsvc.conf"
;;
*) ;;
esac])
if test -z "$with_nsswitch" -a -z "$with_netsvc"; then
with_netsvc="/etc/netsvc.conf"
fi
# LDR_PRELOAD is only supported in AIX 5.3 and later
if test $OSMAJOR -lt 5; then
with_noexec=no
else
RTLD_PRELOAD_VAR="LDR_PRELOAD"
fi
# Remove timedir on boot, AIX does not have /var/run
INIT_SCRIPT=aix.sh
INIT_DIR=/etc/rc.d/init.d
RC_LINK=/etc/rc.d/rc2.d/S90sudo
# AIX-specific functions
AC_CHECK_FUNCS(getuserattr setauthdb setrlimit64)
COMMON_OBJS="${COMMON_OBJS} aix.lo"
;;
*-*-hiuxmpp*)
: ${mansectsu='1m'}
: ${mansectform='4'}
# HP-UX does not clear /var/run so we need to do it
INIT_SCRIPT=hpux.sh
INIT_DIR=/sbin/init.d
RC_LINK=/sbin/rc2.d/S900sudo
# HP-UX shared libs must be executable
SHLIB_MODE=0755
AC_CHECK_FUNCS(pstat_getproc)
;;
*-*-hpux*)
# AFS support needs -lBSD
if test "$with_AFS" = "yes"; then
AFS_LIBS="-lc -lBSD"
fi
: ${mansectsu='1m'}
: ${mansectform='4'}
# HP-UX does not clear /var/run so we need to do it
INIT_SCRIPT=hpux.sh
INIT_DIR=/sbin/init.d
RC_LINK=/sbin/rc2.d/S900sudo
# HP-UX shared libs must be executable
SHLIB_MODE=0755
# The HP bundled compiler cannot generate shared libs
if test -z "$GCC"; then
AC_CACHE_CHECK([for HP bundled C compiler],
[sudo_cv_var_hpccbundled],
[if $CC -V 2>&1 | grep '^(Bundled)' >/dev/null 2>&1; then
sudo_cv_var_hpccbundled=yes
else
sudo_cv_var_hpccbundled=no
fi]
)
if test "$sudo_cv_var_hpccbundled" = "yes"; then
AC_MSG_ERROR([The HP bundled C compiler is unable to build Sudo, you must use gcc or the HP ANSI C compiler instead.])
fi
fi
# Build PA-RISC1.1 objects for better portability
case "$host_cpu" in
hppa[[2-9]]*)
_CFLAGS="$CFLAGS"
if test -n "$GCC"; then
portable_flag="-march=1.1"
else
portable_flag="+DAportable"
fi
CFLAGS="$CFLAGS $portable_flag"
AC_CACHE_CHECK([whether $CC understands $portable_flag],
[sudo_cv_var_daportable],
[AC_LINK_IFELSE(
[AC_LANG_PROGRAM([[]], [[]])],
[sudo_cv_var_daportable=yes],
[sudo_cv_var_daportable=no]
)
]
)
if test X"$sudo_cv_var_daportable" != X"yes"; then
CFLAGS="$_CFLAGS"
fi
;;
esac
case "$host_os" in
hpux[[1-8]].*)
AC_DEFINE(BROKEN_SYSLOG)
;;
hpux9.*)
AC_DEFINE(BROKEN_SYSLOG)
shadow_funcs="getspwuid"
# DCE support (requires ANSI C compiler)
if test "$with_DCE" = "yes"; then
# order of libs in 9.X is important. -lc_r must be last
SUDOERS_LIBS="${SUDOERS_LIBS} -ldce -lM -lc_r"
LIBS="${LIBS} -ldce -lM -lc_r"
SUDO_APPEND_CPPFLAGS(-D_REENTRANT)
SUDO_APPEND_CPPFLAGS(-I/usr/include/reentrant)
fi
;;
hpux10.*)
shadow_funcs="getprpwnam iscomsec"
shadow_libs="-lsec"
# HP-UX 10.20 libc has an incompatible getline
ac_cv_func_getline="no"
;;
*)
shadow_funcs="getspnam iscomsec"
shadow_libs="-lsec"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
;;
esac
AC_CHECK_FUNCS(pstat_getproc)
;;
*-dec-osf*)
# ignore envariables wrt dynamic lib path
# XXX - sudo LDFLAGS instead?
SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-no_library_replacement"
: ${CHECKSIA='true'}
AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
AC_ARG_ENABLE(sia,
[AS_HELP_STRING([--disable-sia], [Disable SIA on Digital UNIX])],
[ case "$enableval" in
yes) AC_MSG_RESULT(no)
CHECKSIA=true
;;
no) AC_MSG_RESULT(yes)
CHECKSIA=false
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval])
;;
esac
], AC_MSG_RESULT(no))
shadow_funcs="getprpwnam dispcrypt"
# OSF/1 4.x and higher need -ldb too
if test $OSMAJOR -lt 4; then
shadow_libs="-lsecurity -laud -lm"
else
shadow_libs="-lsecurity -ldb -laud -lm"
fi
# use SIA by default, if we have it
test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
#
# Some versions of Digital Unix ship with a broken
# copy of prot.h, which we need for shadow passwords.
# XXX - make should remove this as part of distclean
#
AC_MSG_CHECKING([for broken prot.h])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <sys/security.h>
#include <prot.h>
]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
])
# ":DEFAULT" must be appended to _RLD_LIST
RTLD_PRELOAD_VAR="_RLD_LIST"
RTLD_PRELOAD_DEFAULT="DEFAULT"
: ${mansectsu='8'}
: ${mansectform='4'}
;;
*-*-irix*)
OSDEFS="${OSDEFS} -D_BSD_TYPES"
if test -z "$NROFFPROG"; then
if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
if test -d /usr/share/catman/local; then
mandir="/usr/share/catman/local"
else
mandir="/usr/catman/local"
fi
fi
# Compress cat pages with pack
MANCOMPRESS='pack'
MANCOMPRESSEXT='.z'
else
if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
if test -d "/usr/share/man/local"; then
mandir="/usr/share/man/local"
else
mandir="/usr/man/local"
fi
fi
fi
# IRIX <= 4 needs -lsun
if test "$OSMAJOR" -le 4; then
AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
fi
# ":DEFAULT" must be appended to _RLD_LIST
RTLD_PRELOAD_VAR="_RLD_LIST"
RTLD_PRELOAD_DEFAULT="DEFAULT"
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-*-linux*|*-*-k*bsd*-gnu)
OSDEFS="${OSDEFS} -D_GNU_SOURCE"
# Some Linux versions need to link with -lshadow
shadow_funcs="getspnam"
shadow_libs_optional="-lshadow"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
;;
*-*-gnu*)
OSDEFS="${OSDEFS} -D_GNU_SOURCE"
# lockf() is broken on the Hurd -- use flock instead
ac_cv_func_lockf=no
ac_cv_func_flock=yes
;;
*-convex-bsd*)
OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
if test -z "$GCC"; then
CFLAGS="${CFLAGS} -D__STDC__"
fi
shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
shadow_funcs="getprpwnam"
shadow_libs="-lprot"
;;
*-*-ultrix*)
OS="ultrix"
shadow_funcs="getauthuid"
shadow_libs="-lauth"
;;
*-*-riscos*)
LIBS="${LIBS} -lsun -lbsd"
SUDO_APPEND_CPPFLAGS(-I/usr/include)
SUDO_APPEND_CPPFLAGS(-I/usr/include/bsd)
OSDEFS="${OSDEFS} -D_MIPS"
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-*-isc*)
OSDEFS="${OSDEFS} -D_ISC"
LIB_CRYPT=1
SUDOERS_LIBS="${SUDOERS_LIBS} -lcrypt"
shadow_funcs="getspnam"
shadow_libs="-lsec"
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-*-sco*|*-sco-*)
shadow_funcs="getprpwnam"
shadow_libs="-lprot -lx"
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
m88k-motorola-sysv*)
# motorolla's cc (a variant of gcc) does -O but not -O2
CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-sequent-sysv*)
shadow_funcs="getspnam"
shadow_libs="-lsec"
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-ncr-sysv4*|*-ncr-sysvr4*)
AC_CHECK_LIB(c89, strcasecmp, [LIBS="${LIBS} -lc89"])
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-ccur-sysv4*|*-ccur-sysvr4*)
LIBS="${LIBS} -lgen"
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-*-bsdi*)
SKIP_SETREUID=yes
# Check for newer BSD auth API
if test -z "$with_bsdauth"; then
AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
fi
;;
*-*-freebsd*)
# FreeBSD has a real setreuid(2) starting with 2.1 and
# backported to 2.0.5. We just take 2.1 and above...
case "$OSREV" in
0.*|1.*|2.0*)
SKIP_SETREUID=yes
;;
esac
OSDEFS="${OSDEFS} -D_BSD_SOURCE"
if test "${with_skey-'no'}" = "yes"; then
SUDOERS_LIBS="${SUDOERS_LIBS} -lmd"
fi
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='maybe'}
;;
*-*-*openbsd*)
# OpenBSD-specific initialization
OS_INIT=os_init_openbsd
SUDO_OBJS="${SUDO_OBJS} openbsd.o"
# OpenBSD has a real setreuid(2) starting with 3.3 but
# we will use setresuid(2) instead.
SKIP_SETREUID=yes
OSDEFS="${OSDEFS} -D_BSD_SOURCE"
CHECKSHADOW="false"
# OpenBSD >= 3.0 supports BSD auth
if test -z "$with_bsdauth"; then
if test "$OSMAJOR" -ge 3; then
AUTH_EXCL_DEF="BSD_AUTH"
fi
fi
: ${with_logincap='maybe'}
;;
*-*-*netbsd*)
# NetBSD has a real setreuid(2) starting with 1.3.2
case "$OSREV" in
0.9*|1.[[012]]*|1.3|1.3.1)
SKIP_SETREUID=yes
;;
esac
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='maybe'}
;;
*-*-dragonfly*)
OSDEFS="${OSDEFS} -D_BSD_SOURCE"
if test "${with_skey-'no'}" = "yes"; then
SUDOERS_LIBS="${SUDOERS_LIBS} -lmd"
fi
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='yes'}
;;
*-*-*bsd*)
CHECKSHADOW="false"
;;
*-*-darwin*)
# Darwin has a real setreuid(2) starting with 9.0
if test $OSMAJOR -lt 9; then
SKIP_SETREUID=yes
fi
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='yes'}
# Darwin has a broken poll()
: ${enable_poll='no'}
# Darwin 8 and above can interpose library symbols cleanly
if test $OSMAJOR -ge 8; then
AC_DEFINE(HAVE___INTERPOSE)
dlyld_interpose=yes
else
RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE"
fi
RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES"
;;
*-*-nextstep*)
# lockf() is broken on the NeXT -- use flock instead
ac_cv_func_lockf=no
ac_cv_func_flock=yes
RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES"
RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE"
;;
*-*-*sysv4*)
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-*-sysv*)
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-gnu*)
OSDEFS="${OSDEFS} -D_GNU_SOURCE"
;;
esac
dnl
dnl Library preloading to support NOEXEC
dnl
if test -n "$with_noexec"; then
SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_VAR, "$RTLD_PRELOAD_VAR")
SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DELIM, "$RTLD_PRELOAD_DELIM")
if test -n "$RTLD_PRELOAD_DEFAULT"; then
SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DEFAULT, "$RTLD_PRELOAD_DEFAULT")
fi
if test -n "$RTLD_PRELOAD_ENABLE_VAR"; then
SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_ENABLE_VAR, "$RTLD_PRELOAD_ENABLE_VAR")
fi
fi
dnl
dnl Check for mixing mutually exclusive and regular auth methods
dnl
AUTH_REG=${AUTH_REG# }
AUTH_EXCL=${AUTH_EXCL# }
if test -n "$AUTH_EXCL"; then
set -- $AUTH_EXCL
if test $# != 1; then
AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL])
fi
if test -n "$AUTH_REG"; then
AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
fi
fi
dnl
dnl Only one of S/Key and OPIE may be specified
dnl
if test X"${with_skey}${with_opie}" = X"yesyes"; then
AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
fi
dnl
dnl Use BSD-style man sections by default
dnl
: ${mansectsu='8'}
: ${mansectform='5'}
dnl
dnl Add in any libpaths or libraries specified via configure
dnl
if test -n "$with_libpath"; then
for i in ${with_libpath}; do
SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
done
fi
if test -n "$with_libraries"; then
for i in ${with_libraries}; do
case $i in
-l*) ;;
*.a) ;;
*.o) ;;
*) i="-l${i}";;
esac
LIBS="${LIBS} ${i}"
done
fi
dnl
dnl C compiler checks (to be done after os checks)
dnl
AC_PROG_GCC_TRADITIONAL
AC_C_CONST
AC_C_VOLATILE
AC_MSG_CHECKING([for variadic macro support in cpp])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
AC_INCLUDES_DEFAULT
#if defined(__GNUC__) && __GNUC__ == 2
# define sudo_fprintf(fp, fmt...) fprintf((fp), (fmt))
#else
# define sudo_fprintf(fp, ...) fprintf((fp), __VA_ARGS__)
#endif
], [sudo_fprintf(stderr, "a %s", "test");])], [AC_MSG_RESULT([yes])],
[AC_MSG_RESULT([no])
AC_DEFINE([NO_VARIADIC_MACROS], [1], [Define if your C preprocessor does not support variadic macros.])
AC_MSG_WARN([Your C preprocessor doesn't support variadic macros, debugging support will be limited])])
dnl
dnl Program checks
dnl
AC_PROG_YACC
AC_PATH_PROG([FLEX], [flex], [flex])
SUDO_PROG_MV
SUDO_PROG_BSHELL
if test -z "$with_sendmail"; then
SUDO_PROG_SENDMAIL
fi
SUDO_PROG_VI
dnl
dnl Check for authpriv support in syslog
dnl
AC_MSG_CHECKING(which syslog facility sudo should log with)
if test X"$with_logfac" = X""; then
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <syslog.h>]], [[int i = LOG_AUTHPRIV; (void)i;]])], [logfac=authpriv])
fi
AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
AC_MSG_RESULT($logfac)
dnl
dnl Header file checks
dnl
AC_HEADER_STDC
AC_HEADER_DIRENT
AC_HEADER_TIME
AC_HEADER_STDBOOL
AC_HEADER_MAJOR
AC_CHECK_HEADERS(malloc.h netgroup.h paths.h spawn.h utime.h utmpx.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h)
AC_CHECK_HEADERS([endian.h] [sys/endian.h] [machine/endian.h], [break])
AC_CHECK_HEADERS([procfs.h] [sys/procfs.h], [AC_CHECK_MEMBERS(struct psinfo.pr_ttydev, [AC_CHECK_FUNCS(_ttyname_dev)], [], [AC_INCLUDES_DEFAULT
#ifdef HAVE_PROCFS_H
#include <procfs.h>
#endif
#ifdef HAVE_SYS_PROCFS_H
#include <sys/procfs.h>
#endif
])]
break)
#
# Check for large file support.
#
AC_SYS_LARGEFILE
#
# HP-UX may need to define _XOPEN_SOURCE_EXTENDED to expose MSG_WAITALL.
# Also, HP-UX 11.23 has a broken sys/types.h when large files support
# is enabled and _XOPEN_SOURCE_EXTENDED is not also defined.
# The following test will define _XOPEN_SOURCE_EXTENDED in either case.
#
case "$host_os" in
hpux*)
AC_CACHE_CHECK([whether sys/socket.h needs _XOPEN_SOURCE_EXTENDED for MSG_WAITALL], [sudo_cv_xopen_source_extended],
[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT
# include <sys/socket.h>], [int a = MSG_WAITALL; return a;])],
[sudo_cv_xopen_source_extended=no], [
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#define _XOPEN_SOURCE_EXTENDED
AC_INCLUDES_DEFAULT
# include <sys/socket.h>], [int a = MSG_WAITALL; return a;])],
[sudo_cv_xopen_source_extended=yes],
[sudo_cv_xopen_source_extended=error])
])])
if test "$sudo_cv_xopen_source_extended" = "yes"; then
OSDEFS="${OSDEFS} -D_XOPEN_SOURCE_EXTENDED"
SUDO_DEFINE(_XOPEN_SOURCE_EXTENDED)
fi
;;
esac
AC_SYS_POSIX_TERMIOS
if test "$ac_cv_sys_posix_termios" != "yes"; then
AC_MSG_ERROR([Must have POSIX termios to build sudo])
fi
SUDO_MAILDIR
if test ${with_logincap-'no'} != "no"; then
AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class]] '; LCMAN=1
case "$OS" in
freebsd|netbsd)
SUDO_LIBS="${SUDO_LIBS} -lutil"
SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
;;
esac
])
fi
if test ${with_project-'no'} != "no"; then
AC_CHECK_HEADER(project.h, [
AC_CHECK_LIB(project, setproject, [
AC_DEFINE(HAVE_PROJECT_H)
SUDO_LIBS="${SUDO_LIBS} -lproject"
])
], [])
fi
dnl
dnl typedef checks
dnl We need to define __STDC_WANT_LIB_EXT1__ for errno_t and rsize_t
dnl
SUDO_APPEND_CPPFLAGS(-D__STDC_WANT_LIB_EXT1__=1)
AC_TYPE_MODE_T
AC_TYPE_UID_T
AC_CHECK_TYPE([clockid_t], [], [AC_DEFINE(clockid_t, int)], [#include <sys/types.h>
#include <time.h>])
AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
#include <signal.h>])
AC_CHECK_TYPES([sigaction_t], [], [], [#include <sys/types.h>
#include <signal.h>])
AC_CHECK_TYPES([struct timespec], [], [], [#include <sys/types.h>
#ifdef TIME_WITH_SYS_TIME
# include <sys/time.h>
#endif
#include <time.h>])
AC_CHECK_TYPES([struct in6_addr], [], [], [#include <sys/types.h>
#include <netinet/in.h>])
AC_TYPE_LONG_LONG_INT
if test X"$ac_cv_type_long_long_int" != X"yes"; then
AC_MSG_ERROR(["C compiler does not appear to support the long long int type"])
fi
AC_CHECK_SIZEOF([long int])
AC_CHECK_TYPE(id_t, unsigned int)
AC_CHECK_TYPE(size_t, unsigned int)
AC_CHECK_TYPE(ssize_t, int)
AC_CHECK_TYPE(dev_t, int)
AC_CHECK_TYPE(ino_t, unsigned int)
AC_CHECK_TYPE(uint8_t, unsigned char)
AC_CHECK_TYPE(uint32_t, unsigned int)
AC_CHECK_TYPE(uint64_t, unsigned long long)
AC_CHECK_TYPE(socklen_t, [], [AC_DEFINE(socklen_t, unsigned int)], [
AC_INCLUDES_DEFAULT
#include <sys/socket.h>])
AC_CHECK_TYPE(rsize_t, size_t)
AC_CHECK_TYPE(errno_t, int)
SUDO_UID_T_LEN
SUDO_SOCK_SA_LEN
SUDO_SOCK_SIN_LEN
dnl
dnl Check for utmp/utmpx struct members.
dnl We need to include OSDEFS for glibc which only has __e_termination
dnl visible when _GNU_SOURCE is *not* defined.
dnl
_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $OSDEFS"
if test $ac_cv_header_utmpx_h = "yes"; then
AC_CHECK_MEMBERS([struct utmpx.ut_id, struct utmpx.ut_pid, struct utmpx.ut_tv, struct utmpx.ut_type], [], [], [
# include <sys/types.h>
# include <utmpx.h>
])
dnl
dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination
dnl
AC_CHECK_MEMBERS([struct utmpx.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [
AC_CHECK_MEMBERS([struct utmpx.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [], [
# include <sys/types.h>
# include <utmpx.h>
])
], [
# include <sys/types.h>
# include <utmpx.h>
])
else
AC_CHECK_MEMBERS([struct utmp.ut_id, struct utmp.ut_pid, struct utmp.ut_tv, struct utmp.ut_type, struct utmp.ut_user], [], [], [
# include <sys/types.h>
# include <utmp.h>
])
dnl
dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination
dnl
AC_CHECK_MEMBERS([struct utmp.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [
AC_CHECK_MEMBERS([struct utmp.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [], [
# include <sys/types.h>
# include <utmp.h>
])
], [
# include <sys/types.h>
# include <utmp.h>
])
fi
CFLAGS="$_CFLAGS"
dnl
dnl Function checks
dnl
AC_FUNC_GETGROUPS
AC_CHECK_FUNCS(glob nl_langinfo regcomp strftime strrchr strtoll \
sysconf tzset)
AC_CHECK_FUNCS(getgrouplist, [], [
case "$host_os" in
aix*)
AC_CHECK_FUNCS(getgrset)
;;
*)
AC_CHECK_FUNC(nss_search, [
AC_CHECK_FUNC(_nss_XbyY_buf_alloc, [
# Solaris
AC_CHECK_FUNC(_nss_initf_group, [
AC_CHECK_HEADERS(nss_dbdefs.h)
AC_DEFINE([HAVE_NSS_SEARCH])
AC_DEFINE([HAVE__NSS_XBYY_BUF_ALLOC])
AC_DEFINE([HAVE__NSS_INITF_GROUP])
], [
AC_CHECK_HEADERS(nss_dbdefs.h, [
# Older Solaris does not export _nss_initf_group
# but we can use our own.
AC_DEFINE([HAVE_NSS_SEARCH])
AC_DEFINE([HAVE__NSS_XBYY_BUF_ALLOC])
])
])
], [
# HP-UX
AC_CHECK_FUNC(__nss_XbyY_buf_alloc, [
AC_CHECK_FUNC(__nss_initf_group, [
AC_CHECK_HEADERS(nss_dbdefs.h)
AC_DEFINE([HAVE_NSS_SEARCH])
AC_DEFINE([HAVE___NSS_XBYY_BUF_ALLOC])
AC_DEFINE([HAVE___NSS_INITF_GROUP])
])
])
])
])
;;
esac
AC_LIBOBJ(getgrouplist)
])
AC_CHECK_FUNCS(getline, [], [
AC_LIBOBJ(getline)
AC_CHECK_FUNCS(fgetln)
])
dnl
dnl If libc supports _FORTIFY_SOURCE check functions, use it.
dnl
if test "$enable_hardening" != "no"; then
O_CPPFLAGS="$CPPFLAGS"
CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"
AC_CHECK_FUNC(__sprintf_chk, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]])], [OSDEFS="${OSDEFS} -D_FORTIFY_SOURCE=2"], [])
], [])
CPPFLAGS="$O_CPPFLAGS"
fi
utmp_style=LEGACY
AC_CHECK_FUNCS(getutxid getutid, [utmp_style=POSIX; break])
if test "$utmp_style" = "LEGACY"; then
AC_CHECK_FUNCS(getttyent ttyslot, [break])
AC_CHECK_FUNCS(fseeko)
fi
AC_CHECK_FUNCS(sysctl, [AC_CHECK_MEMBERS([struct kinfo_proc.ki_tdev], [],
[
AC_CHECK_MEMBERS([struct kinfo_proc2.p_tdev], [], [
AC_CHECK_MEMBERS([struct kinfo_proc.p_tdev], [], [
AC_CHECK_MEMBERS([struct kinfo_proc.kp_eproc.e_tdev], [], [], [
# include <sys/param.h>
# include <sys/sysctl.h>
])
], [
# include <sys/param.h>
# include <sys/sysctl.h>
])
],
[
# include <sys/param.h>
# include <sys/sysctl.h>
])
],
[
# include <sys/param.h>
# include <sys/sysctl.h>
# include <sys/user.h>
])
])
AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(libutil.h util.h pty.h, [break])], [
AC_CHECK_LIB(util, openpty, [
AC_CHECK_HEADERS(libutil.h util.h pty.h, [break])
case "$SUDO_LIBS" in
*-lutil*) ;;
*) SUDO_LIBS="${SUDO_LIBS} -lutil";;
esac
AC_DEFINE(HAVE_OPENPTY)
], [
AC_CHECK_FUNCS(_getpty, [], [
AC_CHECK_FUNCS(grantpt, [
AC_CHECK_FUNCS(posix_openpt)
], [
AC_CHECK_FUNCS(revoke)
])
])
])
])
AC_CHECK_FUNCS(unsetenv, [SUDO_FUNC_UNSETENV_VOID], [])
SUDO_FUNC_PUTENV_CONST
if test -z "$SKIP_SETRESUID"; then
AC_CHECK_FUNCS(setresuid, [
SKIP_SETREUID=yes
AC_CHECK_FUNCS(getresuid)
])
fi
if test -z "$SKIP_SETREUID"; then
AC_CHECK_FUNCS(setreuid)
fi
AC_CHECK_FUNCS(seteuid)
if test X"$with_interfaces" != X"no"; then
AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
fi
if test -z "$BROKEN_GETCWD"; then
AC_REPLACE_FUNCS(getcwd)
fi
AC_CHECK_FUNCS(lockf flock, [break])
AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
AC_CHECK_FUNCS(killpg, [], [AC_LIBOBJ(killpg)])
SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)
COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }fnm_test"
])
SUDO_FUNC_ISBLANK
AC_REPLACE_FUNCS(memrchr memset_s pw_dup strlcpy strlcat strtonum)
AC_CHECK_FUNCS(clock_gettime, [], [
# On Solaris, clock_gettime is in librt
AC_CHECK_LIB(rt, clock_gettime, [
AC_DEFINE(HAVE_CLOCK_GETTIME)
SUDOERS_LIBS="${SUDOERS_LIBS} -lrt"
], [AC_LIBOBJ(clock_gettime)])
])
AC_CHECK_FUNCS(getopt_long, [], [AC_LIBOBJ(getopt_long)
AC_MSG_CHECKING([for optreset])
AC_CACHE_VAL(sudo_cv_optreset, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern int optreset; optreset = 1; return optreset;]])], [sudo_cv_optreset=yes], [sudo_cv_optreset=no])])
if test "$sudo_cv_optreset" = "yes"; then
AC_DEFINE(HAVE_OPTRESET)
fi
AC_MSG_RESULT($sudo_cv_optreset)
])
AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom)
AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [], [
# include <limits.h>
# include <fcntl.h> ])
])
AC_CHECK_FUNCS(mkstemps mkdtemp, [], [
AC_CHECK_FUNCS(random lrand48, [break])
AC_LIBOBJ(mktemp)
])
AX_FUNC_SNPRINTF
AC_CHECK_FUNCS(asprintf vasprintf)
if test X"$ac_cv_have_working_snprintf$ac_cv_have_working_vsnprintf" = X"yesyes"; then
# Don't add snprintf to LIBOBJS if it is already present.
if test X"$ac_cv_func_asprintf$ac_cv_func_vasprintf" != X"yesyes"; then
AC_LIBOBJ(snprintf)
fi
fi
# We wrap OpenBSD's strtonum() to get translatable error strings.
AC_CHECK_FUNCS(strtonum)
AC_LIBOBJ(strtonum)
if test X"$ac_cv_type_struct_timespec" != X"no"; then
AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)]
[AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))],
[AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
fi
AC_CHECK_HEADER([sha2.h], [
AC_CHECK_FUNCS(SHA224Update, [SUDO_FUNC_SHA2_VOID_PTR], [
# On some systems, SHA224Update is in libmd
AC_CHECK_LIB(md, SHA224Update, [
AC_DEFINE(HAVE_SHA224UPDATE)
SUDO_FUNC_SHA2_VOID_PTR
LIBMD="-lmd"
], [AC_LIBOBJ(sha2)])
])
], [AC_LIBOBJ(sha2)])
dnl
dnl Function checks for sudo_noexec
dnl
if test X"$with_noexec" != X"no"; then
# Check for underscore versions of standard exec functions
# unless we are using dyld symbole interposition
if test X"$dlyld_interpose" != X"yes"; then
AC_CHECK_FUNCS(_execl __execl)
AC_CHECK_FUNCS(_execle __execle)
AC_CHECK_FUNCS(_execlp __execlp)
AC_CHECK_FUNCS(_execv __execv)
AC_CHECK_FUNCS(_execve __execve)
AC_CHECK_FUNCS(_execvp __execvp)
fi
# Check for non-standard exec functions including underscore versions
AC_CHECK_FUNCS(exect, [
if test X"$dlyld_interpose" != X"yes"; then
AC_CHECK_FUNCS(_exect __exect)
fi
])
AC_CHECK_FUNCS(execvP, [
if test X"$dlyld_interpose" != X"yes"; then
AC_CHECK_FUNCS(_execvP __execvP)
fi
])
AC_CHECK_FUNCS(execvpe, [
if test X"$dlyld_interpose" != X"yes"; then
AC_CHECK_FUNCS(_execvpe __execvpe)
fi
])
AC_CHECK_FUNCS(fexecve, [
if test X"$dlyld_interpose" != X"yes"; then
AC_CHECK_FUNCS(_fexecve __fexecve)
fi
])
# Check for posix_spawn, posix_spawnp and any underscore versions
AC_CHECK_FUNCS(posix_spawn, [
if test X"$dlyld_interpose" != X"yes"; then
AC_CHECK_FUNCS(_posix_spawn __posix_spawn)
fi
])
AC_CHECK_FUNCS(posix_spawnp, [
if test X"$dlyld_interpose" != X"yes"; then
AC_CHECK_FUNCS(_posix_spawnp __posix_spawnp)
fi
])
fi
dnl
dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
dnl
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
#include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
#include <$ac_header_dirent>]], [[DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);]])], [AC_DEFINE(HAVE_DD_FD)], [])])
AC_CHECK_MEMBERS([struct dirent.d_type], [], [], [
AC_INCLUDES_DEFAULT
#include <$ac_header_dirent>
])
dnl
dnl If socket(2) not in libc, check -lsocket and -linet
dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
dnl
AC_CHECK_FUNC(socket, [], [
for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
_libs=
for lib in $libs; do
case "$NET_LIBS" in
*"$lib"*) ;;
*) _libs="$_libs $lib";;
esac
done
libs="${_libs# }"
test -z "$libs" && continue
lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
SUDO_CHECK_LIB($lib, socket, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs])
done
])
dnl
dnl If inet_pton(3) not in libc, check -lnsl and -linet
dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
dnl Some systems may have inet_pton() in libresolv.
dnl
AC_CHECK_FUNC(inet_pton, [AC_DEFINE(HAVE_INET_PTON)], [
for libs in "-lsocket" "-linet" "-lsocket -lnsl" "-lresolv"; do
_libs=
for lib in $libs; do
case "$NET_LIBS" in
*"$lib"*) ;;
*) _libs="$_libs $lib";;
esac
done
libs="${_libs# }"
test -z "$libs" && continue
lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
SUDO_CHECK_LIB($lib, inet_pton, [
AC_DEFINE(HAVE_INET_PTON)
NET_LIBS="${NET_LIBS} $libs"
LIBS="${LIBS} $libs"
break
], [], [$extralibs])
done
])
if test X"$ac_cv_func_inet_pton" != X"yes"; then
AC_LIBOBJ(inet_pton)
fi
dnl
dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
dnl
AC_CHECK_FUNC(syslog, [], [
for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
_libs=
for lib in $libs; do
case "$NET_LIBS" in
*"$lib"*) ;;
*) _libs="$_libs $lib";;
esac
done
libs="${_libs# }"
test -z "$libs" && continue
lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
SUDO_CHECK_LIB($lib, syslog, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs])
done
])
#
# Check for getaddrinfo and add any required libs to NET_LIBS
#
OLIBS="$LIBS"
AX_FUNC_GETADDRINFO
for lib in $LIBS; do
case "$OLIBS" in
*"$lib"*) ;;
*) NET_LIBS="$NET_LIBS $lib";;
esac
done
dnl
dnl Check for getprogname() or __progname
dnl
AC_CHECK_FUNCS(getprogname, , [
AC_MSG_CHECKING([for __progname])
AC_CACHE_VAL(sudo_cv___progname, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
if test "$sudo_cv___progname" = "yes"; then
AC_DEFINE(HAVE___PROGNAME)
fi
AC_MSG_RESULT($sudo_cv___progname)
])
dnl
dnl Check for __func__ or __FUNCTION__
dnl
AC_MSG_CHECKING([for __func__])
AC_CACHE_VAL(sudo_cv___func__, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[(void)puts(__func__);]])], [sudo_cv___func__=yes], [sudo_cv___func__=no])])
AC_MSG_RESULT($sudo_cv___func__)
if test "$sudo_cv___func__" = "yes"; then
AC_DEFINE(HAVE___FUNC__)
elif test -n "$GCC"; then
AC_MSG_CHECKING([for __FUNCTION__])
AC_CACHE_VAL(sudo_cv___FUNCTION__, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[(void)puts(__FUNCTION__);]])], [sudo_cv___FUNCTION__=yes], [sudo_cv___FUNCTION__=no])])
AC_MSG_RESULT($sudo_cv___FUNCTION__)
if test "$sudo_cv___FUNCTION__" = "yes"; then
AC_DEFINE(HAVE___FUNC__)
AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler supports __FUNCTION__ but not __func__])
fi
fi
# gettext() and friends may be located in libc (Linux and Solaris)
# or in libintl. However, it is possible to have libintl installed
# even when gettext() is present in libc. In the case of GNU libintl,
# gettext() will be defined to gettext_libintl in libintl.h.
# Since gcc prefers /usr/local/include to /usr/include, we need to
# make sure we use the gettext() that matches the include file.
if test "$enable_nls" != "no"; then
if test "$enable_nls" != "yes"; then
SUDO_APPEND_CPPFLAGS(-I${enable_nls}/include)
SUDO_APPEND_LIBPATH(LDFLAGS, [$enable_nls/lib])
fi
OLIBS="$LIBS"
for l in "libc" "-lintl" "-lintl -liconv"; do
if test "$l" = "libc"; then
# If user specified a dir for libintl ignore libc
if test "$enable_nls" != "yes"; then
continue
fi
gettext_name=sudo_cv_gettext
AC_MSG_CHECKING([for gettext])
else
LIBS="$OLIBS $l"
gettext_name=sudo_cv_gettext"`echo $l|sed -e 's/ //g' -e 's/-/_/g'`"
AC_MSG_CHECKING([for gettext in $l])
fi
AC_CACHE_VAL($gettext_name, [
AC_LINK_IFELSE(
[
AC_LANG_PROGRAM([[#include <libintl.h>]], [(void)gettext((char *)0);])
], [eval $gettext_name=yes], [eval $gettext_name=no]
)
])
eval gettext_result="\$$gettext_name"
AC_MSG_RESULT($gettext_result)
if test "$gettext_result" = "yes"; then
AC_CHECK_FUNCS(ngettext)
break
fi
done
LIBS="$OLIBS"
if test "$sudo_cv_gettext" = "yes"; then
AC_DEFINE(HAVE_LIBINTL_H)
SUDO_NLS=enabled
# For Solaris we need links from lang to lang.UTF-8 in localedir
case "$host_os" in
solaris2*) LOCALEDIR_SUFFIX=".UTF-8";;
esac
elif test "$sudo_cv_gettext_lintl" = "yes"; then
AC_DEFINE(HAVE_LIBINTL_H)
SUDO_NLS=enabled
LIBINTL="-lintl"
elif test "$sudo_cv_gettext_lintl_liconv" = "yes"; then
AC_DEFINE(HAVE_LIBINTL_H)
SUDO_NLS=enabled
LIBINTL="-lintl -liconv"
fi
fi
dnl
dnl Deferred zlib option processing.
dnl By default we use the system zlib if it is present.
dnl If a directory was specified for zlib (or we are use sudo's version),
dnl prepend the include dir to make sure we get the right zlib header.
dnl
case "$enable_zlib" in
yes)
AC_CHECK_LIB(z, gzdopen, [
AC_CHECK_HEADERS(zlib.h, [ZLIB="-lz"], [enable_zlib=builtin])
])
;;
no)
;;
system)
AC_DEFINE(HAVE_ZLIB_H)
ZLIB="-lz"
;;
builtin)
# handled below
;;
*)
AC_DEFINE(HAVE_ZLIB_H)
SUDO_APPEND_CPPFLAGS(-I${enable_zlib}/include)
SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib])
ZLIB="${ZLIB} -lz"
;;
esac
if test X"$enable_zlib" = X"builtin"; then
AC_DEFINE(HAVE_ZLIB_H)
CPPFLAGS='-I$(top_builddir)/lib/zlib -I$(top_srcdir)/lib/zlib '"${CPPFLAGS}"
ZLIB="${ZLIB}"' $(top_builddir)/lib/zlib/libz.la'
ZLIB_SRC=lib/zlib
AC_CONFIG_HEADER([lib/zlib/zconf.h])
AC_CONFIG_FILES([lib/zlib/Makefile])
fi
dnl
dnl Check for errno declaration in errno.h
dnl
AC_CHECK_DECLS([errno], [], [], [
AC_INCLUDES_DEFAULT
#include <errno.h>
])
dnl
dnl Check for h_errno declaration in netdb.h
dnl
AC_CHECK_DECLS([h_errno], [], [], [
AC_INCLUDES_DEFAULT
#include <netdb.h>
])
dnl
dnl Check for strsignal() or sys_siglist
dnl
AC_CHECK_FUNCS(strsignal, [], [
AC_LIBOBJ(strsignal)
HAVE_SIGLIST="false"
AC_CHECK_DECLS([sys_siglist, _sys_siglist, __sys_siglist], [
HAVE_SIGLIST="true"
break
], [ ], [
AC_INCLUDES_DEFAULT
#include <signal.h>
])
if test "$HAVE_SIGLIST" != "true"; then
AC_LIBOBJ(siglist)
fi
])
dnl
dnl Check for sig2str(), sys_signame or sys_sigabbrev
dnl
AC_CHECK_FUNCS(sig2str, [], [
AC_LIBOBJ(sig2str)
HAVE_SIGNAME="false"
AC_CHECK_DECLS([sys_signame, _sys_signame, __sys_signame, sys_sigabbrev], [
HAVE_SIGNAME="true"
break
], [ ], [
AC_INCLUDES_DEFAULT
#include <signal.h>
])
if test "$HAVE_SIGNAME" != "true"; then
AC_CACHE_CHECK([for undeclared sys_sigabbrev],
[sudo_cv_var_sys_sigabbrev],
[AC_LINK_IFELSE(
[AC_LANG_PROGRAM([[extern char **sys_sigabbrev;]], [[return sys_sigabbrev[1];]])],
[sudo_cv_var_sys_sigabbrev=yes],
[sudo_cv_var_sys_sigabbrev=no]
)
]
)
if test "$sudo_cv_var_sys_sigabbrev" = yes; then
AC_DEFINE(HAVE_SYS_SIGABBREV)
else
AC_LIBOBJ(signame)
fi
fi
])
dnl
dnl nsswitch.conf and its equivalents
dnl
if test ${with_netsvc-"no"} != "no"; then
SUDO_DEFINE_UNQUOTED(_PATH_NETSVC_CONF, "${with_netsvc-/etc/netsvc.conf}")
netsvc_conf=${with_netsvc-/etc/netsvc.conf}
elif test ${with_nsswitch-"yes"} != "no"; then
SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}")
nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf}
fi
dnl
dnl Mutually exclusive auth checks come first, followed by
dnl non-exclusive ones. Note: passwd must be last of all!
dnl
dnl
dnl Convert default authentication methods to with_* if
dnl no explicit authentication scheme was specified.
dnl
if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
for auth in $AUTH_EXCL_DEF; do
case $auth in
AIX_AUTH) with_aixauth=maybe;;
BSD_AUTH) with_bsdauth=maybe;;
PAM) with_pam=maybe;;
SIA) CHECKSIA=true;;
esac
done
fi
dnl
dnl PAM support. Systems that use PAM by default set with_pam=default
dnl and we do the actual tests here.
dnl
if test ${with_pam-"no"} != "no"; then
#
# Check for pam_start() in libpam first, then for pam_appl.h.
#
found_pam_lib=no
AC_CHECK_LIB(pam, pam_start, [found_pam_lib=yes], [], [$lt_cv_dlopen_libs])
#
# Some PAM implementations (MacOS X for example) put the PAM headers
# in /usr/include/pam instead of /usr/include/security...
#
found_pam_hdrs=no
AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [found_pam_hdrs=yes; break])
if test "$found_pam_lib" = "yes" -a "$found_pam_hdrs" = "yes"; then
# Found both PAM libs and headers
with_pam=yes
elif test "$with_pam" = "yes"; then
if test "$found_pam_lib" = "no"; then
AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development library."])
fi
if test "$found_pam_hdrs" = "no"; then
AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development headers."])
fi
elif test "$found_pam_lib" != "$found_pam_hdrs"; then
if test "$found_pam_lib" = "no"; then
AC_MSG_ERROR(["found PAM headers but no PAM development library; specify --without-pam to build without PAM"])
fi
if test "$found_pam_hdrs" = "no"; then
AC_MSG_ERROR(["found PAM library but no PAM development headers; specify --without-pam to build without PAM"])
fi
fi
if test "$with_pam" = "yes"; then
# Older PAM implementations lack pam_getenvlist
OLIBS="$LIBS"
LIBS="$LIBS -lpam $lt_cv_dlopen_libs"
AC_CHECK_FUNCS(pam_getenvlist)
LIBS="$OLIBS"
# We already link with -ldl if needed (see LIBDL below)
SUDOERS_LIBS="${SUDOERS_LIBS} -lpam"
AC_DEFINE(HAVE_PAM)
AUTH_OBJS="$AUTH_OBJS pam.lo";
AUTH_EXCL=PAM
AC_ARG_WITH(pam-login, [AS_HELP_STRING([--with-pam-login], [enable specific PAM session for sudo -i])],
[case $with_pam_login in
yes) AC_DEFINE([HAVE_PAM_LOGIN])
AC_MSG_CHECKING(whether to use PAM login)
AC_MSG_RESULT(yes)
pam_login_service="sudo-i"
;;
no) ;;
*) AC_MSG_ERROR(["--with-pam-login does not take an argument."])
;;
esac])
AC_MSG_CHECKING(whether to use PAM session support)
AC_ARG_ENABLE(pam_session,
[AS_HELP_STRING([--disable-pam-session], [Disable PAM session support])],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
;;
no) AC_MSG_RESULT(no)
AC_DEFINE(NO_PAM_SESSION)
pam_session=off
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
;;
esac], AC_MSG_RESULT(yes))
fi
fi
dnl
dnl AIX general authentication
dnl If set to "maybe" only enable if no other exclusive method in use.
dnl
if test ${with_aixauth-'no'} != "no"; then
if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
AC_MSG_NOTICE([using AIX general authentication])
AC_DEFINE(HAVE_AIXAUTH)
AUTH_OBJS="$AUTH_OBJS aix_auth.lo";
SUDOERS_LIBS="${SUDOERS_LIBS} -ls"
AUTH_EXCL=AIX_AUTH
fi
fi
dnl
dnl BSD authentication
dnl If set to "maybe" only enable if no other exclusive method in use.
dnl
if test ${with_bsdauth-'no'} != "no"; then
AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
[AUTH_OBJS="$AUTH_OBJS bsdauth.lo"]
[BSDAUTH_USAGE='[[-a type]] ']
[AUTH_EXCL=BSD_AUTH; BAMAN=1],
[AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
fi
dnl
dnl SIA authentication for Tru64 Unix
dnl
if test ${CHECKSIA-'false'} = "true"; then
AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
if test "$found" = "true"; then
AUTH_EXCL=SIA
AUTH_OBJS="$AUTH_OBJS sia.lo"
fi
fi
dnl
dnl extra FWTK libs + includes
dnl
if test ${with_fwtk-'no'} != "no"; then
if test "$with_fwtk" != "yes"; then
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_fwtk}])
SUDO_APPEND_CPPFLAGS(-I${with_fwtk})
with_fwtk=yes
fi
SUDOERS_LIBS="${SUDOERS_LIBS} -lauth -lfwall"
AUTH_OBJS="$AUTH_OBJS fwtk.lo"
fi
dnl
dnl extra SecurID lib + includes
dnl
if test ${with_SecurID-'no'} != "no"; then
if test "$with_SecurID" != "yes"; then
:
elif test -d /usr/ace/examples; then
with_SecurID=/usr/ace/examples
else
with_SecurID=/usr/ace
fi
SUDO_APPEND_CPPFLAGS(-I${with_SecurID})
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_SecurID}])
SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread"
AUTH_OBJS="$AUTH_OBJS securid5.lo";
fi
dnl
dnl Non-mutually exclusive auth checks come next.
dnl Note: passwd must be last of all!
dnl
dnl
dnl Convert default authentication methods to with_* if
dnl no explicit authentication scheme was specified.
dnl
if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
for auth in $AUTH_DEF; do
case $auth in
passwd) : ${with_passwd='maybe'};;
esac
done
fi
dnl
dnl Kerberos V
dnl There is an easy way and a hard way...
dnl
if test ${with_kerb5-'no'} != "no"; then
AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
if test -n "$KRB5CONFIG"; then
AC_DEFINE(HAVE_KERB5)
AUTH_OBJS="$AUTH_OBJS kerb5.lo"
CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
SUDOERS_LIBS="$SUDOERS_LIBS `krb5-config --libs`"
dnl
dnl Try to determine whether we have Heimdal or MIT Kerberos
dnl
AC_MSG_CHECKING(whether we are using Heimdal)
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_HEIMDAL)
], [
AC_MSG_RESULT(no)
]
)
else
AC_DEFINE(HAVE_KERB5)
dnl
dnl Use the specified directory, if any, else search for correct inc dir
dnl
if test "$with_kerb5" = "yes"; then
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]])], [found=yes; break])
done
if test X"$found" = X"no"; then
CPPFLAGS="$O_CPPFLAGS"
AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
fi
else
dnl XXX - try to include krb5.h here too
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb5}/lib])
SUDO_APPEND_CPPFLAGS(-I${with_kerb5}/include)
fi
dnl
dnl Try to determine whether we have Heimdal or MIT Kerberos
dnl
AC_MSG_CHECKING(whether we are using Heimdal)
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_HEIMDAL)
# XXX - need to check whether -lcrypo is needed!
SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
AC_CHECK_LIB(roken, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lroken"])
], [
AC_MSG_RESULT(no)
SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lk5crypto -lcom_err"
AC_CHECK_LIB(krb5support, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5support"])
])
AUTH_OBJS="$AUTH_OBJS kerb5.lo"
fi
_LIBS="$LIBS"
LIBS="${LIBS} ${SUDOERS_LIBS}"
AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
AC_CHECK_FUNCS(krb5_get_init_creds_opt_alloc, [
AC_CACHE_CHECK([whether krb5_get_init_creds_opt_free takes a context],
sudo_cv_krb5_get_init_creds_opt_free_two_args, [
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]],
[[krb5_get_init_creds_opt_free(NULL, NULL);]]
)],
[sudo_cv_krb5_get_init_creds_opt_free_two_args=yes],
[sudo_cv_krb5_get_init_creds_opt_free_two_args=no]
)
]
)
])
if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then
AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS)
fi
LIBS="$_LIBS"
AC_MSG_CHECKING(whether to use an instance name for Kerberos V)
AC_ARG_ENABLE(kerb5-instance,
[AS_HELP_STRING([--enable-kerb5-instance], [instance string to append to the username (separated by a slash)])],
[ case "$enableval" in
yes) AC_MSG_ERROR(["must give --enable-kerb5-instance an argument."])
;;
no) AC_MSG_RESULT(no)
;;
*) SUDO_DEFINE_UNQUOTED(SUDO_KRB5_INSTANCE, "$enableval")
AC_MSG_RESULT([$enableval])
;;
esac], AC_MSG_RESULT(no))
fi
dnl
dnl extra AFS libs and includes
dnl
if test ${with_AFS-'no'} = "yes"; then
# looks like the "standard" place for AFS libs is /usr/afsws/lib
AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
for i in $AFSLIBDIRS; do
if test -d ${i}; then
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [$i])
FOUND_AFSLIBDIR=true
fi
done
if test -z "$FOUND_AFSLIBDIR"; then
AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options.])
fi
# Order is important here. Note that we build AFS_LIBS from right to left
# since AFS_LIBS may be initialized with BSD compat libs that must go last
AFS_LIBS="-laudit ${AFS_LIBS}"
for i in $AFSLIBDIRS; do
if test -f ${i}/util.a; then
AFS_LIBS="${i}/util.a ${AFS_LIBS}"
FOUND_UTIL_A=true
break;
fi
done
if test -z "$FOUND_UTIL_A"; then
AFS_LIBS="-lutil ${AFS_LIBS}"
fi
AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
# AFS includes may live in /usr/include on some machines...
for i in /usr/afsws/include; do
if test -d ${i}; then
SUDO_APPEND_CPPFLAGS(-I${i})
FOUND_AFSINCDIR=true
fi
done
if test -z "$FOUND_AFSLIBDIR"; then
AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
fi
AUTH_OBJS="$AUTH_OBJS afs.lo"
fi
dnl
dnl extra DCE obj + lib
dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
dnl
if test ${with_DCE-'no'} = "yes"; then
DCE_OBJS="${DCE_OBJS} dce_pwent.o"
SUDOERS_LIBS="${SUDOERS_LIBS} -ldce"
AUTH_OBJS="$AUTH_OBJS dce.lo"
fi
dnl
dnl extra S/Key lib and includes
dnl
if test "${with_skey-'no'}" = "yes"; then
O_LDFLAGS="$LDFLAGS"
if test "$with_skey" != "yes"; then
SUDO_APPEND_CPPFLAGS(-I${with_skey}/include)
LDFLAGS="$LDFLAGS -L${with_skey}/lib"
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_skey}/lib])
AC_CHECK_HEADER([skey.h], [found=yes], [found=no], [#include <stdio.h>])
else
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "/usr/local" "/usr/contrib"; do
test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
AC_CHECK_HEADER([skey.h], [found=yes; break], [], [#include <stdio.h>])
done
if test "$found" = "no" -o -z "$dir"; then
CPPFLAGS="$O_CPPFLAGS"
else
LDFLAGS="$LDFLAGS -L${dir}/lib"
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib])
fi
if test "$found" = "no"; then
AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
fi
fi
AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS])])
AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
AC_MSG_CHECKING([for RFC1938-compliant skeychallenge])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM([[
# include <stdio.h>
# include <skey.h>]],
[[skeychallenge(NULL, NULL, NULL, 0);]]
)], [
AC_DEFINE(HAVE_RFC1938_SKEYCHALLENGE)
AC_MSG_RESULT([yes])
], [
AC_MSG_RESULT([no])
]
)
LDFLAGS="$O_LDFLAGS"
SUDOERS_LIBS="${SUDOERS_LIBS} -lskey"
AUTH_OBJS="$AUTH_OBJS rfc1938.lo"
fi
dnl
dnl extra OPIE lib and includes
dnl
if test "${with_opie-'no'}" = "yes"; then
O_LDFLAGS="$LDFLAGS"
if test "$with_opie" != "yes"; then
SUDO_APPEND_CPPFLAGS(-I${with_opie}/include)
LDFLAGS="$LDFLAGS -L${with_opie}/lib"
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_opie}/lib])
AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes], [found=no])
else
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "/usr/local" "/usr/contrib"; do
test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes; break])
done
if test "$found" = "no" -o -z "$dir"; then
CPPFLAGS="$O_CPPFLAGS"
else
LDFLAGS="$LDFLAGS -L${dir}/lib"
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib])
fi
if test "$found" = "no"; then
AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
fi
fi
AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS])])
LDFLAGS="$O_LDFLAGS"
SUDOERS_LIBS="${SUDOERS_LIBS} -lopie"
AUTH_OBJS="$AUTH_OBJS rfc1938.lo"
fi
dnl
dnl Check for shadow password routines if we have not already done so.
dnl If there is a specific list of functions to check we do that first.
dnl Otherwise, we check for SVR4-style and then SecureWare-style.
dnl
if test ${with_passwd-'no'} != "no"; then
dnl
dnl if crypt(3) not in libc, look elsewhere
dnl
if test -z "$LIB_CRYPT"; then
_LIBS="$LIBS"
AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"])
LIBS="$_LIBS"
fi
if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
_LIBS="$LIBS"
LIBS="$LIBS $shadow_libs"
found=no
AC_CHECK_FUNCS($shadow_funcs, [found=yes])
if test "$found" = "yes"; then
SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs"
elif test -n "$shadow_libs_optional"; then
LIBS="$LIBS $shadow_libs_optional"
AC_CHECK_FUNCS($shadow_funcs, [found=yes])
if test "$found" = "yes"; then
SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs $shadow_libs_optional"
fi
fi
if test "$found" = "yes"; then
case "$shadow_funcs" in
*getprpwnam*) SECUREWARE=1;;
esac
test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
else
LIBS="$_LIBS"
fi
CHECKSHADOW=false
fi
if test "$CHECKSHADOW" = "true"; then
AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"])
fi
if test "$CHECKSHADOW" = "true"; then
AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"])
fi
if test -n "$SECUREWARE"; then
AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
AUTH_OBJS="$AUTH_OBJS secureware.lo"
fi
fi
dnl
dnl Choose event subsystem backend: poll or select
dnl
if test X"$enable_poll" = X""; then
AC_CHECK_FUNCS(poll, [enable_poll=yes], [enable_poll=no])
elif test X"$enable_poll" = X"yes"; then
AC_DEFINE(HAVE_POLL)
fi
if test "$enable_poll" = "yes"; then
COMMON_OBJS="${COMMON_OBJS} event_poll.lo"
else
COMMON_OBJS="${COMMON_OBJS} event_select.lo"
fi
dnl
dnl extra lib and .o file for LDAP support
dnl
if test ${with_ldap-'no'} != "no"; then
O_LDFLAGS="$LDFLAGS"
if test "$with_ldap" != "yes"; then
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_ldap}/lib])
LDFLAGS="$LDFLAGS -L${with_ldap}/lib"
SUDO_APPEND_CPPFLAGS(-I${with_ldap}/include)
with_ldap=yes
fi
SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo"
LDAP=""
_LIBS="$LIBS"
LDAP_LIBS=""
IBMLDAP_EXTRA=""
found=no
# On HP-UX, libibmldap has a hidden dependency on libCsup
case "$host_os" in
hpux*) AC_CHECK_LIB(Csup, main, [IBMLDAP_EXTRA=" -lCsup"]);;
esac
AC_SEARCH_LIBS(ldap_init, "ibmldap${IBMLDAP_EXTRA}" "ibmldap -lidsldif${IBMLDAP_EXTRA}" "ldap" "ldap -llber" "ldap -llber -lssl -lcrypto" "ibmldap${IBMLDAP_EXTRA}", [
test "$ac_res" != "none required" && LDAP_LIBS="$ac_res"
found=yes
])
# If nothing linked, try -lldap and hope for the best
if test "$found" = "no"; then
LDAP_LIBS="-lldap"
fi
LIBS="${_LIBS} ${LDAP_LIBS}"
dnl check if we need to link with -llber for ber_set_option
OLIBS="$LIBS"
AC_MSG_CHECKING([whether lber.h defines LBER_OPT_DEBUG_LEVEL])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
# include <lber.h>]], [[int opt=LBER_OPT_DEBUG_LEVEL;]])], [
AC_MSG_RESULT([yes])
AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
LDAP_LIBS="$LDAP_LIBS -llber"
fi
], [
AC_MSG_RESULT([no])
])
dnl check if ldap.h includes lber.h for us
AC_MSG_CHECKING([whether lber.h is needed])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
# include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
AC_MSG_RESULT([yes])
AC_DEFINE(HAVE_LBER_H)])
AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [
AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)
break
])
AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_init ldap_ssl_client_init ldap_start_tls_s_np)
AC_CHECK_FUNCS(ldap_search_ext_s ldap_search_st, [break])
if test X"$check_gss_krb5_ccache_name" = X"yes"; then
AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,
AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
[LDAP_LIBS="${LDAP_LIBS} -lgssapi"],
AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,
AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
[LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"])
)
# gssapi headers may be separate or part of Kerberos V
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do
test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <gssapi/gssapi.h>]])], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <gssapi.h>]])], [found="gssapi.h"; break])])
done
if test X"$found" != X"no"; then
AC_CHECK_HEADERS([$found])
if test X"$found" = X"gssapi/gssapi.h"; then
AC_CHECK_HEADERS([gssapi/gssapi_krb5.h])
fi
else
CPPFLAGS="$O_CPPFLAGS"
AC_MSG_WARN([Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS])
fi
fi
SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}"
LIBS="$_LIBS"
LDFLAGS="$O_LDFLAGS"
fi
#
# How to do dynamic object loading.
# We support dlopen() and sh_load(), else fall back to static loading.
#
case "$lt_cv_dlopen" in
dlopen)
AC_DEFINE(HAVE_DLOPEN)
if test "$enable_static_sudoers" = "yes"; then
AC_DEFINE(STATIC_SUDOERS_PLUGIN)
SUDO_OBJS="${SUDO_OBJS} preload.o"
STATIC_SUDOERS="\$(top_builddir)/plugins/sudoers/sudoers.la"
SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} --tag=disable-shared -static"
LT_STATIC=""
else
SUDO_OBJS="$SUDO_OBJS locale_stub.o"
LT_STATIC="--tag=disable-static"
fi
;;
shl_load)
AC_DEFINE(HAVE_SHL_LOAD)
if test "$enable_static_sudoers" = "yes"; then
AC_DEFINE(STATIC_SUDOERS_PLUGIN)
SUDO_OBJS="${SUDO_OBJS} preload.o"
STATIC_SUDOERS="\$(top_builddir)/plugins/sudoers/sudoers.la"
SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} --tag=disable-shared -static"
LT_STATIC=""
else
SUDO_OBJS="$SUDO_OBJS locale_stub.o"
LT_STATIC="--tag=disable-static"
fi
;;
*)
if test X"${ac_cv_func_dlopen}" = X"yes"; then
AC_MSG_ERROR(["dlopen present but libtool doesn't appear to support your platform."])
fi
# Preload sudoers module symbols
SUDO_OBJS="${SUDO_OBJS} preload.o"
STATIC_SUDOERS="\$(top_builddir)/plugins/sudoers/sudoers.la"
LT_STATIC=""
;;
esac
# On HP-UX, you cannot dlopen() a shared object that uses pthreads unless
# the main program is linked against -lpthread. We have no knowledge of
# what libraries a plugin may depend on (e.g. HP-UX LDAP which uses pthreads)
# so always link against -lpthread on HP-UX if it is available.
# This check should go after all other libraries tests.
case "$host_os" in
hpux*)
AC_CHECK_LIB(pthread, main, [SUDO_LIBS="${SUDO_LIBS} -lpthread"])
OSDEFS="${OSDEFS} -D_REENTRANT"
;;
esac
dnl
dnl Check for log file, timestamp and iolog locations
dnl
if test "$utmp_style" = "LEGACY"; then
SUDO_PATH_UTMP
fi
SUDO_LOGFILE
SUDO_RUNDIR
SUDO_VARDIR
SUDO_IO_LOGDIR
dnl
dnl Turn warnings into errors.
dnl All compiler/loader tests after this point will fail if
dnl a warning is displayed (nornally, warnings are not fata).
dnl
AC_LANG_WERROR
dnl
dnl If compiler supports the -static-libgcc flag use it unless we have
dnl GNU ld (which can avoid linking in libgcc when it is not needed).
dnl This test relies on AC_LANG_WERROR
dnl
if test -n "$GCC" -a "$lt_cv_prog_gnu_ld" != "yes" -a -n "$GCC"; then
AX_CHECK_COMPILE_FLAG([-static-libgcc], [LT_LDFLAGS="$LT_LDFLAGS -Wc,-static-libgcc"])
fi
dnl
dnl Check for symbol visibility support.
dnl This test relies on AC_LANG_WERROR
dnl
if test -n "$GCC"; then
AX_CHECK_COMPILE_FLAG([-fvisibility=hidden], [
AC_DEFINE(HAVE_DSO_VISIBILITY)
CFLAGS="${CFLAGS} -fvisibility=hidden"
LT_LDEXPORTS=
LT_LDDEP=
NO_VIZ=
])
else
case "$host_os" in
hpux*)
AX_CHECK_COMPILE_FLAG([-Bhidden_def], [
AC_DEFINE(HAVE_DSO_VISIBILITY)
CFLAGS="${CFLAGS} -Bhidden_def"
LT_LDEXPORTS=
LT_LDDEP=
])
;;
solaris2*)
AX_CHECK_COMPILE_FLAG([-xldscope=hidden], [
AC_DEFINE(HAVE_DSO_VISIBILITY)
CFLAGS="${CFLAGS} -xldscope=hidden"
LT_LDEXPORTS=
LT_LDDEP=
])
;;
esac
fi
dnl
dnl If the compiler doesn't have symbol visibility support, it may
dnl support version scripts (only GNU and Solaris ld).
dnl This test relies on AC_LANG_WERROR
dnl
if test -n "$LT_LDEXPORTS"; then
if test "$lt_cv_prog_gnu_ld" = "yes"; then
AC_CACHE_CHECK([whether ld supports anonymous map files],
[sudo_cv_var_gnu_ld_anon_map],
[
sudo_cv_var_gnu_ld_anon_map=no
cat > conftest.map <<-EOF
{
global: foo;
local: *;
};
EOF
_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $lt_prog_compiler_pic"
_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS -fpic -shared -Wl,--version-script,./conftest.map"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])],
[sudo_cv_var_gnu_ld_anon_map=yes])
CFLAGS="$_CFLAGS"
LDFLAGS="$_LDFLAGS"
]
)
if test "$sudo_cv_var_gnu_ld_anon_map" = "yes"; then
LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,--version-script,\$(shlib_map)"
fi
else
case "$host_os" in
solaris2*)
AC_CACHE_CHECK([whether ld supports anonymous map files],
[sudo_cv_var_solaris_ld_anon_map],
[
sudo_cv_var_solaris_ld_anon_map=no
cat > conftest.map <<-EOF
{
global: foo;
local: *;
};
EOF
_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $lt_prog_compiler_pic"
_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS -shared -Wl,-M,./conftest.map"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])],
[sudo_cv_var_solaris_ld_anon_map=yes])
CFLAGS="$_CFLAGS"
LDFLAGS="$_LDFLAGS"
]
)
if test "$sudo_cv_var_solaris_ld_anon_map" = "yes"; then
LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,-M,\$(shlib_map)"
fi
;;
hpux*)
AC_CACHE_CHECK([whether ld supports controlling exported symbols],
[sudo_cv_var_hpux_ld_symbol_export],
[
sudo_cv_var_hpux_ld_symbol_export=no
echo "+e foo" > conftest.opt
_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $lt_prog_compiler_pic"
_LDFLAGS="$LDFLAGS"
if test -n "$GCC"; then
LDFLAGS="$LDFLAGS -shared -Wl,-c,./conftest.opt"
else
LDFLAGS="$LDFLAGS -Wl,-b -Wl,-c,./conftest.opt"
fi
AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])],
[sudo_cv_var_hpux_ld_symbol_export=yes])
CFLAGS="$_CFLAGS"
LDFLAGS="$_LDFLAGS"
rm -f conftest.opt
]
)
if test "$sudo_cv_var_hpux_ld_symbol_export" = "yes"; then
LT_LDEXPORTS=; LT_LDDEP="\$(shlib_opt)"; LT_LDOPT="-Wl,-c,\$(shlib_opt)"
fi
;;
esac
fi
fi
dnl
dnl Check for PIE executable support if using gcc.
dnl This test relies on AC_LANG_WERROR
dnl
if test -n "$GCC"; then
if test -z "$enable_pie"; then
case "$host_os" in
linux*)
# Attempt to build with PIE support
enable_pie="maybe"
;;
esac
fi
if test -n "$enable_pie"; then
if test "$enable_pie" = "no"; then
AX_CHECK_COMPILE_FLAG([-fno-pie], [
_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS -fno-pie"
AX_CHECK_LINK_FLAG([-nopie], [
PIE_CFLAGS="-fno-pie"
PIE_LDFLAGS="-nopie"
])
CFLAGS="$_CFLAGS"
])
else
AX_CHECK_COMPILE_FLAG([-fPIE], [
_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS -fPIE"
AX_CHECK_LINK_FLAG([-pie], [
if test "$enable_pie" = "maybe"; then
SUDO_WORKING_PIE([enable_pie=yes], [])
fi
if test "$enable_pie" = "yes"; then
PIE_CFLAGS="-fPIE"
PIE_LDFLAGS="-Wc,-fPIE -pie"
fi
])
CFLAGS="$_CFLAGS"
])
fi
fi
fi
if test "$enable_pie" != "yes"; then
# Solaris 11.1 and higher supports tagging binaries to use ASLR
case "$host_os" in
solaris2.1[[1-9]]|solaris2.[[2-9]][[0-9]])
AX_CHECK_LINK_FLAG([-Wl,-z,aslr], [PIE_LDFLAGS="${PIE_LDFLAGS}${PIE_LDFLAGS+ }-Wl,-z,aslr"])
;;
esac
fi
dnl
dnl Check for -fstack-protector and -z relro support
dnl This test relies on AC_LANG_WERROR
dnl
if test "$enable_hardening" != "no"; then
if test -n "$GCC"; then
AX_CHECK_COMPILE_FLAG([-fstack-protector-strong], [
AX_CHECK_LINK_FLAG([-fstack-protector-strong], [
SSP_CFLAGS="-fstack-protector-strong"
SSP_LDFLAGS="-Wc,-fstack-protector-strong"
])
])
if test -z "$SSP_CFLAGS"; then
AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [
AX_CHECK_LINK_FLAG([-fstack-protector-all], [
SSP_CFLAGS="-fstack-protector-all"
SSP_LDFLAGS="-Wc,-fstack-protector-all"
])
])
if test -z "$SSP_CFLAGS"; then
AX_CHECK_COMPILE_FLAG([-fstack-protector], [
AX_CHECK_LINK_FLAG([-fstack-protector], [
SSP_CFLAGS="-fstack-protector"
SSP_LDFLAGS="-Wc,-fstack-protector"
])
])
fi
fi
fi
AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="${LDFLAGS} -Wl,-z,relro"])
fi
dnl
dnl Use passwd auth module?
dnl
case "$with_passwd" in
yes|maybe)
AUTH_OBJS="$AUTH_OBJS getspwuid.lo passwd.lo"
;;
*)
AC_DEFINE(WITHOUT_PASSWD)
if test -z "$AUTH_OBJS"; then
AC_MSG_ERROR([no authentication methods defined.])
fi
;;
esac
AUTH_OBJS=${AUTH_OBJS# }
_AUTH=`echo "$AUTH_OBJS" | sed -e 's/\.lo//g' -e 's/getspwuid *//'`
AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
dnl
dnl LIBS may contain duplicates from SUDO_LIBS, SUDOERS_LIBS, or NET_LIBS
dnl
if test -n "$LIBS"; then
L="$LIBS"
LIBS=
for l in ${L}; do
dupe=0
for sl in ${SUDO_LIBS} ${SUDOERS_LIBS} ${NET_LIBS}; do
test $l = $sl && dupe=1
done
test $dupe = 0 && LIBS="${LIBS} $l"
done
fi
dnl
dnl OS-specific initialization
dnl
AC_DEFINE_UNQUOTED(os_init, $OS_INIT, [Define to an OS-specific initialization function or `os_init_common'.])
dnl
dnl We add -Wall and -Werror after all tests so they don't cause failures
dnl
if test -n "$GCC"; then
if test X"$enable_warnings" = X"yes" -o X"$with_devel" = X"yes"; then
CFLAGS="${CFLAGS} -Wall -Wsign-compare -Wold-style-definition -Wpointer-arith"
fi
if test X"$enable_werror" = X"yes"; then
CFLAGS="${CFLAGS} -Werror"
fi
fi
dnl
dnl Skip regress tests and sudoers sanity check if cross compiling.
dnl
CROSS_COMPILING="$cross_compiling"
dnl
dnl Set exec_prefix
dnl
test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
dnl
dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
dnl XXX - this is gross!
dnl
if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no" -o "$enabled_shared" != X"no"; then
oexec_prefix="$exec_prefix"
if test "$exec_prefix" = '$(prefix)'; then
if test "$prefix" = "NONE"; then
exec_prefix="$ac_default_prefix"
else
exec_prefix="$prefix"
fi
fi
if test X"$with_noexec" != X"no"; then
PROGS="${PROGS} libsudo_noexec.la"
INSTALL_NOEXEC="install-noexec"
noexec_file="$with_noexec"
_noexec_file=
while test X"$noexec_file" != X"$_noexec_file"; do
_noexec_file="$noexec_file"
eval noexec_file="$_noexec_file"
done
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
fi
if test X"$with_selinux" != X"no"; then
sesh_file="$libexecdir/sudo/sesh"
_sesh_file=
while test X"$sesh_file" != X"$_sesh_file"; do
_sesh_file="$sesh_file"
eval sesh_file="$_sesh_file"
done
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file")
fi
if test X"$enable_shared" != X"no"; then
PLUGINDIR="$with_plugindir"
_PLUGINDIR=
while test X"$PLUGINDIR" != X"$_PLUGINDIR"; do
_PLUGINDIR="$PLUGINDIR"
eval PLUGINDIR="$_PLUGINDIR"
done
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/")
fi
exec_prefix="$oexec_prefix"
fi
if test X"$with_selinux" = X"no"; then
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, NULL)
fi
dnl
dnl Add -R options to LDFLAGS, etc.
dnl
if test X"$LDFLAGS_R" != X""; then
LDFLAGS="$LDFLAGS $LDFLAGS_R"
fi
if test X"$SUDOERS_LDFLAGS_R" != X""; then
SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS $SUDOERS_LDFLAGS_R"
fi
if test X"$ZLIB_R" != X""; then
ZLIB="$ZLIB_R $ZLIB"
fi
dnl
dnl Override default configure dirs for the Makefile
dnl
if test X"$prefix" = X"NONE"; then
test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
else
test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man'
fi
test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
test "$libexecdir" = '${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec'
test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include'
test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share'
test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
dnl
dnl Substitute into the Makefile and man pages
dnl
AC_CONFIG_FILES([Makefile doc/Makefile include/Makefile init.d/aix.sh init.d/hpux.sh lib/util/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers])
AC_OUTPUT
dnl
dnl Spew any text the user needs to know about
dnl
if test "$with_pam" = "yes"; then
case $host_os in
hpux*)
if test -f /usr/lib/security/libpam_hpsec.so.1; then
AC_MSG_NOTICE([You may wish to add the following line to /etc/pam.conf])
AC_MSG_NOTICE([sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login])
fi
;;
linux*)
AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
;;
esac
fi
dnl
dnl Warn user if they may need to clear rundir manually.
dnl
case "$rundir" in
/var/run*)
clear_rundir=0
;;
*)
clear_rundir=1
;;
esac
if test $clear_rundir -eq 1; then
AC_MSG_NOTICE([Warning: the $rundir/ts directory must be cleared at boot time.])
AC_MSG_NOTICE([ You may need to create a startup item to do this.])
fi
dnl
dnl Autoheader templates
dnl
AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
AH_TEMPLATE(ENV_DEBUG, [Define to 1 to enable environment function debugging.])
AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
AH_TEMPLATE(ENV_RESET, [Define to 1 to enable environment resetting by default.])
AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM audit support.])
AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
AH_TEMPLATE(HAVE_DLOPEN, [Define to 1 if you have the `dlopen' function.])
AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords).])
AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords).])
AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords).])
AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords).])
AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords).])
AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.])
AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
AH_TEMPLATE(HAVE_INET_PTON, [Define to 1 if you have the `inet_pton' function.])
AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled).])
AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled).])
AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.])
AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.])
AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.])
AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.])
AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not).])
AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
AH_TEMPLATE(HAVE_LIBINTL_H, [Define to 1 if you have the <libintl.h> header file.])
AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.])
AH_TEMPLATE(HAVE_SSSD, [Define to 1 to enable SSSD support.])
AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
AH_TEMPLATE(HAVE_OPTRESET, [Define to 1 if you have the `optreset' symbol.])
AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.])
AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.])
AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.])
AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.])
AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments.])
AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union.])
AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member.])
AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member.])
AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements.])
AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support.])
AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.])
AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
AH_TEMPLATE(STATIC_SUDOERS_PLUGIN, [Define to 1 to compile the sudoers plugin statically into the sudo binary.])
AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
AH_TEMPLATE(UMASK_OVERRIDE, [Define to 1 to use the umask specified in sudoers even when it is less restrictive than the invoking user's.])
AH_TEMPLATE(USE_ADMIN_FLAG, [Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo.])
AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
AH_TEMPLATE(clockid_t, [Define to `int' if <time.h> does not define.])
AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
AH_TEMPLATE(socklen_t, [Define to `unsigned int' if <sys/socket.h> doesn't define.])
AH_TEMPLATE(HAVE_STRUCT_UTMP_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmp'.])
AH_TEMPLATE(HAVE_STRUCT_UTMPX_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmpx'.])
AH_TEMPLATE(HAVE___FUNC__, [Define to 1 if the compiler supports the C99 __func__ variable.])
AH_TEMPLATE(HAVE___INTERPOSE, [Define to 1 if you have dyld with __interpose attribute support.])
AH_TEMPLATE(SUDO_KRB5_INSTANCE, [An instance string to append to the username (separated by a slash) for Kerberos V authentication.])
AH_TEMPLATE(RTLD_PRELOAD_VAR, [The environment variable that controls preloading of dynamic objects.])
AH_TEMPLATE(RTLD_PRELOAD_ENABLE_VAR, [An extra environment variable that is required to enable preloading (if any).])
AH_TEMPLATE(RTLD_PRELOAD_DELIM, [The delimiter to use when defining multiple preloaded objects.])
AH_TEMPLATE(RTLD_PRELOAD_DEFAULT, [The default value of preloaded objects (if any).])
AH_TEMPLATE(HAVE_DSO_VISIBILITY, [Define to 1 if the compiler supports the __visibility__ attribute.])
AH_TEMPLATE(HAVE_SYS_SIGABBREV, [Define to 1 if your libc has the `sys_sigabbrev' symbol.])
AH_TEMPLATE(HAVE_NSS_SEARCH, [Define to 1 if you have the `nss_search' function.])
AH_TEMPLATE(HAVE__NSS_INITF_GROUP, [Define to 1 if you have the `_nss_initf_group' function.])
AH_TEMPLATE(HAVE___NSS_INITF_GROUP, [Define to 1 if you have the `__nss_initf_group' function.])
AH_TEMPLATE(HAVE__NSS_XBYY_BUF_ALLOC, [Define to 1 if you have the `_nss_XbyY_buf_alloc' function.])
AH_TEMPLATE(HAVE___NSS_XBYY_BUF_ALLOC, [Define to 1 if you have the `__nss_XbyY_buf_alloc' function.])
dnl
dnl Bits to copy verbatim into config.h.in
dnl
AH_TOP([#ifndef _SUDO_CONFIG_H
#define _SUDO_CONFIG_H])
AH_BOTTOM([/* BSD compatibility on some SVR4 systems. */
#ifdef __svr4__
# define BSD_COMP
#endif /* __svr4__ */
#endif /* _SUDO_CONFIG_H */])
Reference in New Issue View Git Blame Copy Permalink