isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e34fe030b94e4fedf4c4f21a135b19f692825a91
sudo/configure.in
Todd C. Miller 8b1d645534 Simplify usage messages a bit and make --help output more closely 
resemble GNU usage wrt long options.  Sync usage and man page
SYNOPSYS sections and improve long options in the manual pages.
Now that we have long options we don't need to give the mnemonic
for the single-character options in the description.
2013-08-14 10:30:51 -06:00

3820 lines
116 KiB
Plaintext
Raw Blame History

dnl
dnl Process this file with GNU autoconf to produce a configure script.
dnl
dnl Copyright (c) 1994-1996,1998-2013 Todd C. Miller <Todd.Miller@courtesan.com>
dnl
AC_INIT([sudo], [1.8.8], [http://www.sudo.ws/bugs/], [sudo])
AC_CONFIG_HEADER([config.h pathnames.h])
dnl
dnl Note: this must come after AC_INIT
dnl
AC_MSG_NOTICE([Configuring Sudo version $PACKAGE_VERSION])
dnl
dnl Variables that get substituted in the Makefile and man pages
dnl
AC_SUBST([HAVE_BSM_AUDIT])
AC_SUBST([SHELL])
AC_SUBST([LIBTOOL])
AC_SUBST([CFLAGS])
AC_SUBST([PROGS])
AC_SUBST([CPPFLAGS])
AC_SUBST([LDFLAGS])
AC_SUBST([SUDOERS_LDFLAGS])
AC_SUBST([LT_LDFLAGS])
AC_SUBST([LT_LDMAP])
AC_SUBST([LT_LDOPT])
AC_SUBST([LT_LDDEP])
AC_SUBST([LT_LDEXPORTS])
AC_SUBST([COMMON_OBJS])
AC_SUBST([SUDOERS_OBJS])
AC_SUBST([SUDO_OBJS])
AC_SUBST([LIBS])
AC_SUBST([SUDO_LIBS])
AC_SUBST([SUDOERS_LIBS])
AC_SUBST([NET_LIBS])
AC_SUBST([AFS_LIBS])
AC_SUBST([REPLAY_LIBS])
AC_SUBST([GETGROUPS_LIB])
AC_SUBST([OSDEFS])
AC_SUBST([AUTH_OBJS])
AC_SUBST([MANTYPE])
AC_SUBST([MANDIRTYPE])
AC_SUBST([MANCOMPRESS])
AC_SUBST([MANCOMPRESSEXT])
AC_SUBST([SHLIB_MODE])
AC_SUBST([SUDOERS_MODE])
AC_SUBST([SUDOERS_UID])
AC_SUBST([SUDOERS_GID])
AC_SUBST([DEVEL])
AC_SUBST([BAMAN])
AC_SUBST([LCMAN])
AC_SUBST([PSMAN])
AC_SUBST([SEMAN])
AC_SUBST([devdir])
AC_SUBST([mansectsu])
AC_SUBST([mansectform])
AC_SUBST([mansrcdir])
AC_SUBST([NOEXECFILE])
AC_SUBST([NOEXECDIR])
AC_SUBST([SOEXT])
AC_SUBST([noexec_file])
AC_SUBST([sesh_file])
AC_SUBST([INSTALL_NOEXEC])
AC_SUBST([DONT_LEAK_PATH_INFO])
AC_SUBST([BSDAUTH_USAGE])
AC_SUBST([SELINUX_USAGE])
AC_SUBST([LDAP])
AC_SUBST([LOGINCAP_USAGE])
AC_SUBST([ZLIB])
AC_SUBST([ZLIB_SRC])
AC_SUBST([LIBTOOL_DEPS])
AC_SUBST([ac_config_libobj_dir])
AC_SUBST([CONFIGURE_ARGS])
AC_SUBST([LIBDL])
AC_SUBST([LT_STATIC])
AC_SUBST([LIBINTL])
AC_SUBST([SUDO_NLS])
AC_SUBST([LOCALEDIR_SUFFIX])
AC_SUBST([COMPAT_TEST_PROGS])
AC_SUBST([CROSS_COMPILING])
AC_SUBST([PIE_LDFLAGS])
AC_SUBST([PIE_CFLAGS])
AC_SUBST([SSP_LDFLAGS])
AC_SUBST([SSP_CFLAGS])
AC_SUBST([NO_VIZ])
dnl
dnl Variables that get substituted in docs (not overridden by environment)
dnl
AC_SUBST([iolog_dir])dnl real initial value from SUDO_IO_LOGDIR
AC_SUBST([timedir])dnl real initial value from SUDO_TIMEDIR
AC_SUBST([timeout])
AC_SUBST([password_timeout])
AC_SUBST([sudo_umask])
AC_SUBST([umask_override])
AC_SUBST([passprompt])
AC_SUBST([long_otp_prompt])
AC_SUBST([lecture])
AC_SUBST([logfac])
AC_SUBST([goodpri])
AC_SUBST([badpri])
AC_SUBST([loglen])
AC_SUBST([ignore_dot])
AC_SUBST([mail_no_user])
AC_SUBST([mail_no_host])
AC_SUBST([mail_no_perms])
AC_SUBST([mailto])
AC_SUBST([mailsub])
AC_SUBST([badpass_message])
AC_SUBST([fqdn])
AC_SUBST([runas_default])
AC_SUBST([env_editor])
AC_SUBST([env_reset])
AC_SUBST([passwd_tries])
AC_SUBST([tty_tickets])
AC_SUBST([insults])
AC_SUBST([root_sudo])
AC_SUBST([path_info])
AC_SUBST([ldap_conf])
AC_SUBST([ldap_secret])
AC_SUBST([sssd_lib])
AC_SUBST([nsswitch_conf])
AC_SUBST([netsvc_conf])
AC_SUBST([secure_path])
AC_SUBST([editor])
AC_SUBST([pam_session])
AC_SUBST([pam_login_service])
AC_SUBST([PLUGINDIR])
#
# Begin initial values for man page substitution
#
iolog_dir=/var/log/sudo-io
timedir=/var/adm/sudo
timeout=5
password_timeout=5
sudo_umask=0022
umask_override=off
passprompt="Password:"
long_otp_prompt=off
lecture=once
logfac=auth
goodpri=notice
badpri=alert
loglen=80
ignore_dot=off
mail_no_user=on
mail_no_host=off
mail_no_perms=off
mailto=root
mailsub="*** SECURITY information for %h ***"
badpass_message="Sorry, try again."
fqdn=off
runas_default=root
env_editor=off
env_reset=on
editor=vi
passwd_tries=3
tty_tickets=on
insults=off
root_sudo=on
path_info=on
ldap_conf=/etc/ldap.conf
ldap_secret=/etc/ldap.secret
netsvc_conf=/etc/netsvc.conf
noexec_file=/usr/local/libexec/sudo/sudo_noexec.so
sesh_file=/usr/local/libexec/sudo/sesh
nsswitch_conf=/etc/nsswitch.conf
secure_path="not set"
pam_session=on
pam_login_service=sudo
PLUGINDIR=/usr/local/libexec/sudo
#
# End initial values for man page substitution
#
dnl
dnl Initial values for Makefile variables listed above
dnl May be overridden by environment variables..
dnl
INSTALL_NOEXEC=
devdir='$(srcdir)'
PROGS="sudo"
: ${MANDIRTYPE='man'}
: ${mansrcdir='.'}
: ${SHLIB_MODE='0644'}
: ${SUDOERS_MODE='0440'}
: ${SUDOERS_UID='0'}
: ${SUDOERS_GID='0'}
DEVEL=
LDAP="#"
BAMAN=0
LCMAN=0
PSMAN=0
SEMAN=0
LIBINTL=
ZLIB=
ZLIB_SRC=
AUTH_OBJS=
AUTH_REG=
AUTH_EXCL=
AUTH_EXCL_DEF=
AUTH_DEF=passwd
SUDO_NLS=disabled
LOCALEDIR_SUFFIX=
LT_LDEXPORTS="-export-symbols \$(shlib_exp)"
LT_LDDEP="\$(shlib_exp)"
NO_VIZ="-DNO_VIZ"
OS_INIT=os_init_common
dnl
dnl Other vaiables
dnl
CHECKSHADOW=true
shadow_defs=
shadow_funcs=
shadow_libs=
shadow_libs_optional=
CONFIGURE_ARGS="$@"
dnl
dnl LD_PRELOAD equivalents
dnl
RTLD_PRELOAD_VAR="LD_PRELOAD"
RTLD_PRELOAD_ENABLE_VAR=
RTLD_PRELOAD_DELIM=":"
RTLD_PRELOAD_DEFAULT=
dnl
dnl libc replacement functions live in compat
dnl
AC_CONFIG_LIBOBJ_DIR(compat)
#
# Prior to sudo 1.8.7, sudo stored libexec files in $libexecdir.
# Starting with sudo 1.8.7, $libexecdir/sudo is used so strip
# off an extraneous "/sudo" from libexecdir.
#
case "$libexecdir" in
*/sudo)
AC_MSG_WARN([libexecdir should not include the "sudo" subdirectory])
libexecdir=`expr "$libexecdir" : '\\(.*\\)/sudo$'`
;;
esac
dnl
dnl Deprecated --with options (these all warn or generate an error)
dnl
AC_ARG_WITH(otp-only, [AS_HELP_STRING([--with-otp-only], [deprecated])],
[case $with_otp_only in
yes) with_passwd="no"
AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
;;
esac])
AC_ARG_WITH(alertmail, [AS_HELP_STRING([--with-alertmail], [deprecated])],
[case $with_alertmail in
*) with_mailto="$with_alertmail"
AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
;;
esac])
dnl
dnl Options for --with
dnl
AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])],
[case $with_devel in
yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
OSDEFS="${OSDEFS} -DSUDO_DEVEL"
DEVEL="true"
devdir=.
;;
no) ;;
*) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
;;
esac])
AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])],
[case $with_CC in
*) AC_MSG_ERROR([the --with-CC option is no longer supported, please set the CC environment variable instead.])
;;
esac])
AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [deprecated, use --disable-rpath])],
[AC_MSG_WARN([--with-rpath deprecated, rpath is now the default])])
AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [deprecated])],
[AC_MSG_WARN([--with-blibpath deprecated, use --with-libpath])])
dnl
dnl Handle BSM auditing support.
dnl
AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit support])],
[case $with_bsm_audit in
yes) AC_DEFINE(HAVE_BSM_AUDIT)
SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm"
SUDOERS_OBJS="${SUDOERS_OBJS} bsm_audit.lo"
;;
no) ;;
*) AC_MSG_ERROR(["--with-bsm-audit does not take an argument."])
;;
esac])
dnl
dnl Handle Linux auditing support.
dnl
AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux-audit], [enable Linux audit support])],
[case $with_linux_audit in
yes) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <libaudit.h>]], [[int i = AUDIT_USER_CMD; (void)i;]])], [
AC_DEFINE(HAVE_LINUX_AUDIT)
SUDO_LIBS="${SUDO_LIBS} -laudit"
SUDOERS_LIBS="${SUDO_LIBS} -laudit"
SUDOERS_OBJS="${SUDOERS_OBJS} linux_audit.lo"
], [
AC_MSG_ERROR([unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit])
])
;;
no) ;;
*) AC_MSG_ERROR(["--with-linux-audit does not take an argument."])
;;
esac])
dnl
dnl Handle SSSD support.
dnl
AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])],
[case $with_sssd in
yes) SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo"
AC_DEFINE(HAVE_SSSD)
;;
no) ;;
*) AC_MSG_ERROR(["--with-sssd does not take an argument."])
;;
esac])
AC_ARG_WITH(sssd-lib, [AS_HELP_STRING([--with-sssd-lib], [path to the SSSD library])])
sssd_lib="\"LIBDIR\""
test -n "$with_sssd_lib" && sssd_lib="$with_sssd_lib"
SUDO_DEFINE_UNQUOTED(_PATH_SSSD_LIB, "$sssd_lib", [Path to the SSSD library])
AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])],
[case $with_incpath in
yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
;;
no) AC_MSG_ERROR(["--without-incpath not supported."])
;;
*) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
for i in ${with_incpath}; do
SUDO_APPEND_CPPFLAGS(-I${i})
done
;;
esac])
AC_ARG_WITH(libpath, [AS_HELP_STRING([--with-libpath], [additional places to look for libraries])],
[case $with_libpath in
yes) AC_MSG_ERROR(["must give --with-libpath an argument."])
;;
no) AC_MSG_ERROR(["--without-libpath not supported."])
;;
*) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS])
;;
esac])
AC_ARG_WITH(libraries, [AS_HELP_STRING([--with-libraries], [additional libraries to link with])],
[case $with_libraries in
yes) AC_MSG_ERROR(["must give --with-libraries an argument."])
;;
no) AC_MSG_ERROR(["--without-libraries not supported."])
;;
*) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS])
;;
esac])
AC_ARG_WITH(efence, [AS_HELP_STRING([--with-efence], [link with -lefence for malloc() debugging])],
[case $with_efence in
yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
LIBS="${LIBS} -lefence"
if test -f /usr/local/lib/libefence.a; then
with_libpath="${with_libpath} /usr/local/lib"
fi
;;
no) ;;
*) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence])
;;
esac])
AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])],
[case $with_csops in
yes) AC_MSG_NOTICE([Adding CSOps standard options])
CHECKSIA=false
with_ignore_dot=yes
insults=on
with_classic_insults=yes
with_csops_insults=yes
with_env_editor=yes
: ${mansectsu='8'}
: ${mansectform='5'}
;;
no) ;;
*) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
;;
esac])
AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])],
[case $with_passwd in
yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
AC_MSG_RESULT($with_passwd)
AUTH_DEF=""
test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
;;
*) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
;;
esac])
AC_ARG_WITH(skey, [AS_HELP_STRING([--with-skey[=DIR]], [enable S/Key support ])],
[case $with_skey in
no) ;;
*) AC_DEFINE(HAVE_SKEY)
AC_MSG_CHECKING(whether to try S/Key authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG S/Key"
;;
esac])
AC_ARG_WITH(opie, [AS_HELP_STRING([--with-opie[=DIR]], [enable OPIE support ])],
[case $with_opie in
no) ;;
*) AC_DEFINE(HAVE_OPIE)
AC_MSG_CHECKING(whether to try NRL OPIE authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG NRL_OPIE"
;;
esac])
AC_ARG_WITH(long-otp-prompt, [AS_HELP_STRING([--with-long-otp-prompt], [use a two line OTP (skey/opie) prompt])],
[case $with_long_otp_prompt in
yes) AC_DEFINE(LONG_OTP_PROMPT)
AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
AC_MSG_RESULT(yes)
long_otp_prompt=on
;;
no) long_otp_prompt=off
;;
*) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."])
;;
esac])
AC_ARG_WITH(SecurID, [AS_HELP_STRING([--with-SecurID[[=DIR]]], [enable SecurID support])],
[case $with_SecurID in
no) ;;
*) AC_DEFINE(HAVE_SECURID)
AC_MSG_CHECKING(whether to use SecurID for authentication)
AC_MSG_RESULT(yes)
AUTH_EXCL="$AUTH_EXCL SecurID"
;;
esac])
AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]]], [enable FWTK AuthSRV support])],
[case $with_fwtk in
no) ;;
*) AC_DEFINE(HAVE_FWTK)
AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
AC_MSG_RESULT(yes)
AUTH_EXCL="$AUTH_EXCL FWTK"
;;
esac])
AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])],
[case $with_kerb5 in
no) ;;
*) AC_MSG_CHECKING(whether to try Kerberos V authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG kerb5"
;;
esac])
AC_ARG_WITH(aixauth, [AS_HELP_STRING([--with-aixauth], [enable AIX general authentication support])],
[case $with_aixauth in
yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
no) ;;
*) AC_MSG_ERROR(["--with-aixauth does not take an argument."])
;;
esac])
AC_ARG_WITH(pam, [AS_HELP_STRING([--with-pam], [enable PAM support])],
[case $with_pam in
yes) AUTH_EXCL="$AUTH_EXCL PAM";;
no) ;;
*) AC_MSG_ERROR(["--with-pam does not take an argument."])
;;
esac])
AC_ARG_WITH(AFS, [AS_HELP_STRING([--with-AFS], [enable AFS support])],
[case $with_AFS in
yes) AC_DEFINE(HAVE_AFS)
AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG AFS"
;;
no) ;;
*) AC_MSG_ERROR(["--with-AFS does not take an argument."])
;;
esac])
AC_ARG_WITH(DCE, [AS_HELP_STRING([--with-DCE], [enable DCE support])],
[case $with_DCE in
yes) AC_DEFINE(HAVE_DCE)
AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG DCE"
;;
no) ;;
*) AC_MSG_ERROR(["--with-DCE does not take an argument."])
;;
esac])
AC_ARG_WITH(logincap, [AS_HELP_STRING([--with-logincap], [enable BSD login class support])],
[case $with_logincap in
yes|no) ;;
*) AC_MSG_ERROR(["--with-logincap does not take an argument."])
;;
esac])
AC_ARG_WITH(bsdauth, [AS_HELP_STRING([--with-bsdauth], [enable BSD authentication support])],
[case $with_bsdauth in
yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
no) ;;
*) AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
;;
esac])
AC_ARG_WITH(project, [AS_HELP_STRING([--with-project], [enable Solaris project support])],
[case $with_project in
yes|no) ;;
no) ;;
*) AC_MSG_ERROR(["--with-project does not take an argument."])
;;
esac])
AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
AC_ARG_WITH(lecture, [AS_HELP_STRING([--without-lecture], [don't print lecture for first-time sudoer])],
[case $with_lecture in
yes|short|always) lecture=once
;;
no|none|never) lecture=never
;;
*) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"])
;;
esac])
if test "$lecture" = "once"; then
AC_MSG_RESULT(yes)
else
AC_DEFINE(NO_LECTURE)
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
AC_ARG_WITH(logging, [AS_HELP_STRING([--with-logging], [log via syslog, file, or both])],
[case $with_logging in
yes) AC_MSG_ERROR(["must give --with-logging an argument."])
;;
no) AC_MSG_ERROR(["--without-logging not supported."])
;;
syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG)
AC_MSG_RESULT(syslog)
;;
file) AC_DEFINE(LOGGING, SLOG_FILE)
AC_MSG_RESULT(file)
;;
both) AC_DEFINE(LOGGING, SLOG_BOTH)
AC_MSG_RESULT(both)
;;
*) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"])
;;
esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "auth")])],
[case $with_logfac in
yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
;;
no) AC_MSG_ERROR(["--without-logfac not supported."])
;;
authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac
;;
*) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
;;
esac])
AC_MSG_CHECKING(at which syslog priority to log commands)
AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])],
[case $with_goodpri in
yes) AC_MSG_ERROR(["must give --with-goodpri an argument."])
;;
no) AC_MSG_ERROR(["--without-goodpri not supported."])
;;
alert|crit|debug|emerg|err|info|notice|warning)
goodpri=$with_goodpri
;;
*) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."])
;;
esac])
AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
AC_MSG_RESULT($goodpri)
AC_MSG_CHECKING(at which syslog priority to log failures)
AC_ARG_WITH(badpri, [AS_HELP_STRING([--with-badpri], [syslog priority for failures (def is "alert")])],
[case $with_badpri in
yes) AC_MSG_ERROR(["must give --with-badpri an argument."])
;;
no) AC_MSG_ERROR(["--without-badpri not supported."])
;;
alert|crit|debug|emerg|err|info|notice|warning)
badpri=$with_badpri
;;
*) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
;;
esac])
AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
AC_MSG_RESULT($badpri)
AC_ARG_WITH(logpath, [AS_HELP_STRING([--with-logpath], [path to the sudo log file])],
[case $with_logpath in
yes) AC_MSG_ERROR(["must give --with-logpath an argument."])
;;
no) AC_MSG_ERROR(["--without-logpath not supported."])
;;
esac])
AC_MSG_CHECKING(how long a line in the log file should be)
AC_ARG_WITH(loglen, [AS_HELP_STRING([--with-loglen], [maximum length of a log file line (default is 80)])],
[case $with_loglen in
yes) AC_MSG_ERROR(["must give --with-loglen an argument."])
;;
no) AC_MSG_ERROR(["--without-loglen not supported."])
;;
[[0-9]]*) loglen=$with_loglen
;;
*) AC_MSG_ERROR(["you must enter a number, not $with_loglen"])
;;
esac])
AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
AC_MSG_RESULT($loglen)
AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [ignore '.' in the PATH])],
[case $with_ignore_dot in
yes) ignore_dot=on
;;
no) ignore_dot=off
;;
*) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."])
;;
esac])
if test "$ignore_dot" = "on"; then
AC_DEFINE(IGNORE_DOT_PATH)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
AC_ARG_WITH(mail-if-no-user, [AS_HELP_STRING([--without-mail-if-no-user], [do not send mail if user not in sudoers])],
[case $with_mail_if_no_user in
yes) mail_no_user=on
;;
no) mail_no_user=off
;;
*) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."])
;;
esac])
if test "$mail_no_user" = "on"; then
AC_DEFINE(SEND_MAIL_WHEN_NO_USER)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
AC_ARG_WITH(mail-if-no-host, [AS_HELP_STRING([--with-mail-if-no-host], [send mail if user in sudoers but not for this host])],
[case $with_mail_if_no_host in
yes) mail_no_host=on
;;
no) mail_no_host=off
;;
*) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."])
;;
esac])
if test "$mail_no_host" = "on"; then
AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
AC_ARG_WITH(mail-if-noperms, [AS_HELP_STRING([--with-mail-if-noperms], [send mail if user not allowed to run command])],
[case $with_mail_if_noperms in
yes) mail_noperms=on
;;
no) mail_noperms=off
;;
*) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."])
;;
esac])
if test "$mail_noperms" = "on"; then
AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(who should get the mail that sudo sends)
AC_ARG_WITH(mailto, [AS_HELP_STRING([--with-mailto], [who should get sudo mail (default is "root")])],
[case $with_mailto in
yes) AC_MSG_ERROR(["must give --with-mailto an argument."])
;;
no) AC_MSG_ERROR(["--without-mailto not supported."])
;;
*) mailto=$with_mailto
;;
esac])
AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
AC_MSG_RESULT([$mailto])
AC_ARG_WITH(mailsubject, [AS_HELP_STRING([--with-mailsubject], [subject of sudo mail])],
[case $with_mailsubject in
yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."])
;;
no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.])
;;
*) mailsub="$with_mailsubject"
AC_MSG_CHECKING(sudo mail subject)
AC_MSG_RESULT([Using alert mail subject: $mailsub])
;;
esac])
AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
AC_MSG_CHECKING(for bad password prompt)
AC_ARG_WITH(passprompt, [AS_HELP_STRING([--with-passprompt], [default password prompt])],
[case $with_passprompt in
yes) AC_MSG_ERROR(["must give --with-passprompt an argument."])
;;
no) AC_MSG_WARN([Sorry, --without-passprompt not supported.])
;;
*) passprompt="$with_passprompt"
esac])
AC_MSG_RESULT($passprompt)
AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
AC_MSG_CHECKING(for bad password message)
AC_ARG_WITH(badpass-message, [AS_HELP_STRING([--with-badpass-message], [message the user sees when the password is wrong])],
[case $with_badpass_message in
yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
;;
no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.])
;;
*) badpass_message="$with_badpass_message"
;;
esac])
AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
AC_MSG_RESULT([$badpass_message])
AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
AC_ARG_WITH(fqdn, [AS_HELP_STRING([--with-fqdn], [expect fully qualified hosts in sudoers])],
[case $with_fqdn in
yes) fqdn=on
;;
no) fqdn=off
;;
*) AC_MSG_ERROR(["--with-fqdn does not take an argument."])
;;
esac])
if test "$fqdn" = "on"; then
AC_DEFINE(FQDN)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir], [path to the sudo timestamp dir])],
[case $with_timedir in
yes) AC_MSG_ERROR(["must give --with-timedir an argument."])
;;
no) AC_MSG_ERROR(["--without-timedir not supported."])
;;
esac])
AC_ARG_WITH(iologdir, [AS_HELP_STRING([--with-iologdir=DIR], [directory to store sudo I/O log files in])],
[case $with_iologdir in
yes) ;;
no) AC_MSG_ERROR(["--without-iologdir not supported."])
;;
esac])
AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail])
AS_HELP_STRING([--without-sendmail], [do not send mail at all])],
[case $with_sendmail in
yes) with_sendmail=""
;;
no) ;;
*) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
;;
esac])
AC_ARG_WITH(sudoers-mode, [AS_HELP_STRING([--with-sudoers-mode], [mode of sudoers file (defaults to 0440)])],
[case $with_sudoers_mode in
yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
;;
no) AC_MSG_ERROR(["--without-sudoers-mode not supported."])
;;
[[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode}
;;
0*) SUDOERS_MODE=$with_sudoers_mode
;;
*) AC_MSG_ERROR(["you must use an octal mode, not a name."])
;;
esac])
AC_ARG_WITH(sudoers-uid, [AS_HELP_STRING([--with-sudoers-uid], [uid that owns sudoers file (defaults to 0)])],
[case $with_sudoers_uid in
yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
;;
no) AC_MSG_ERROR(["--without-sudoers-uid not supported."])
;;
[[0-9]]*) SUDOERS_UID=$with_sudoers_uid
;;
*) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."])
;;
esac])
AC_ARG_WITH(sudoers-gid, [AS_HELP_STRING([--with-sudoers-gid], [gid that owns sudoers file (defaults to 0)])],
[case $with_sudoers_gid in
yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
;;
no) AC_MSG_ERROR(["--without-sudoers-gid not supported."])
;;
[[0-9]]*) SUDOERS_GID=$with_sudoers_gid
;;
*) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."])
;;
esac])
AC_MSG_CHECKING(for umask programs should be run with)
AC_ARG_WITH(umask, [AS_HELP_STRING([--with-umask], [umask with which the prog should run (default is 022)])
AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo.])],
[case $with_umask in
yes) AC_MSG_ERROR(["must give --with-umask an argument."])
;;
no) sudo_umask=0777
;;
[[0-9]]*) sudo_umask=$with_umask
;;
*) AC_MSG_ERROR(["you must enter a numeric mask."])
;;
esac])
AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the sudo-run prog should use.])
if test "$sudo_umask" = "0777"; then
AC_MSG_RESULT(user)
else
AC_MSG_RESULT($sudo_umask)
fi
AC_ARG_WITH(umask-override, [AS_HELP_STRING([--with-umask-override], [Use the umask specified in sudoers even if it is less restrictive than the user's.])],
[case $with_umask_override in
yes) AC_DEFINE(UMASK_OVERRIDE)
umask_override=on
;;
no) umask_override=off
;;
*) AC_MSG_ERROR(["--with-umask-override does not take an argument."])
;;
esac])
AC_MSG_CHECKING(for default user to run commands as)
AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])],
[case $with_runas_default in
yes) AC_MSG_ERROR(["must give --with-runas-default an argument."])
;;
no) AC_MSG_ERROR(["--without-runas-default not supported."])
;;
*) runas_default="$with_runas_default"
;;
esac])
AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
AC_MSG_RESULT([$runas_default])
AC_ARG_WITH(exempt, [AS_HELP_STRING([--with-exempt=group], [no passwd needed for users in this group])],
[case $with_exempt in
yes) AC_MSG_ERROR(["must give --with-exempt an argument."])
;;
no) AC_MSG_ERROR(["--without-exempt not supported."])
;;
*) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
AC_MSG_CHECKING(for group to be exempt from password)
AC_MSG_RESULT([$with_exempt])
;;
esac])
AC_MSG_CHECKING(for editor that visudo should use)
AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for visudo (defaults to vi)])],
[case $with_editor in
yes) AC_MSG_ERROR(["must give --with-editor an argument."])
;;
no) AC_MSG_ERROR(["--without-editor not supported."])
;;
*) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
AC_MSG_RESULT([$with_editor])
editor="$with_editor"
;;
esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
AC_ARG_WITH(env-editor, [AS_HELP_STRING([--with-env-editor], [Use the environment variable EDITOR for visudo])],
[case $with_env_editor in
yes) env_editor=on
;;
no) env_editor=off
;;
*) AC_MSG_ERROR(["--with-env-editor does not take an argument."])
;;
esac])
if test "$env_editor" = "on"; then
AC_DEFINE(ENV_EDITOR)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(number of tries a user gets to enter their password)
AC_ARG_WITH(passwd-tries, [AS_HELP_STRING([--with-passwd-tries], [number of tries to enter password (default is 3)])],
[case $with_passwd_tries in
yes) ;;
no) AC_MSG_ERROR(["--without-editor not supported."])
;;
[[1-9]]*) passwd_tries=$with_passwd_tries
;;
*) AC_MSG_ERROR(["you must enter the numer of tries, > 0"])
;;
esac])
AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
AC_MSG_RESULT($passwd_tries)
AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
AC_ARG_WITH(timeout, [AS_HELP_STRING([--with-timeout], [minutes before sudo asks for passwd again (def is 5 minutes)])],
[case $with_timeout in
yes) ;;
no) timeout=0
;;
[[0-9]]*) timeout=$with_timeout
;;
*) AC_MSG_ERROR(["you must enter the numer of minutes."])
;;
esac])
AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
AC_MSG_RESULT($timeout)
AC_MSG_CHECKING(time in minutes after the password prompt will time out)
AC_ARG_WITH(password-timeout, [AS_HELP_STRING([--with-password-timeout], [passwd prompt timeout in minutes (default is 5 minutes)])],
[case $with_password_timeout in
yes) ;;
no) password_timeout=0
;;
[[0-9]]*) password_timeout=$with_password_timeout
;;
*) AC_MSG_ERROR(["you must enter the numer of minutes."])
;;
esac])
AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
AC_MSG_RESULT($password_timeout)
AC_MSG_CHECKING(whether to use per-tty ticket files)
AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different ticket file for each tty])],
[case $with_tty_tickets in
yes) tty_tickets=on
;;
no) tty_tickets=off
;;
*) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
;;
esac])
if test "$tty_tickets" = "off"; then
AC_DEFINE(NO_TTY_TICKETS)
AC_MSG_RESULT(no)
else
AC_MSG_RESULT(yes)
fi
AC_MSG_CHECKING(whether to include insults)
AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for entering an incorrect password])],
[case $with_insults in
yes) insults=on
with_classic_insults=yes
with_csops_insults=yes
;;
disabled) insults=off
with_classic_insults=yes
with_csops_insults=yes
;;
no) insults=off
;;
*) AC_MSG_ERROR(["--with-insults does not take an argument."])
;;
esac])
if test "$insults" = "on"; then
AC_DEFINE(USE_INSULTS)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_ARG_WITH(all-insults, [AS_HELP_STRING([--with-all-insults], [include all the sudo insult sets])],
[case $with_all_insults in
yes) with_classic_insults=yes
with_csops_insults=yes
with_hal_insults=yes
with_goons_insults=yes
;;
no) ;;
*) AC_MSG_ERROR(["--with-all-insults does not take an argument."])
;;
esac])
AC_ARG_WITH(classic-insults, [AS_HELP_STRING([--with-classic-insults], [include the insults from the "classic" sudo])],
[case $with_classic_insults in
yes) AC_DEFINE(CLASSIC_INSULTS)
;;
no) ;;
*) AC_MSG_ERROR(["--with-classic-insults does not take an argument."])
;;
esac])
AC_ARG_WITH(csops-insults, [AS_HELP_STRING([--with-csops-insults], [include CSOps insults])],
[case $with_csops_insults in
yes) AC_DEFINE(CSOPS_INSULTS)
;;
no) ;;
*) AC_MSG_ERROR(["--with-csops-insults does not take an argument."])
;;
esac])
AC_ARG_WITH(hal-insults, [AS_HELP_STRING([--with-hal-insults], [include 2001-like insults])],
[case $with_hal_insults in
yes) AC_DEFINE(HAL_INSULTS)
;;
no) ;;
*) AC_MSG_ERROR(["--with-hal-insults does not take an argument."])
;;
esac])
AC_ARG_WITH(goons-insults, [AS_HELP_STRING([--with-goons-insults], [include the insults from the "Goon Show"])],
[case $with_goons_insults in
yes) AC_DEFINE(GOONS_INSULTS)
;;
no) ;;
*) AC_MSG_ERROR(["--with-goons-insults does not take an argument."])
;;
esac])
AC_ARG_WITH(nsswitch, [AS_HELP_STRING([--with-nsswitch[[=PATH]]], [path to nsswitch.conf])],
[case $with_nsswitch in
no) ;;
yes) with_nsswitch="/etc/nsswitch.conf"
;;
*) ;;
esac])
AC_ARG_WITH(ldap, [AS_HELP_STRING([--with-ldap[[=DIR]]], [enable LDAP support])],
[case $with_ldap in
no) ;;
*) AC_DEFINE(HAVE_LDAP)
AC_MSG_CHECKING(whether to use sudoers from LDAP)
AC_MSG_RESULT(yes)
;;
esac])
AC_ARG_WITH(ldap-conf-file, [AS_HELP_STRING([--with-ldap-conf-file], [path to LDAP configuration file])])
test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file"
SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$ldap_conf", [Path to the ldap.conf file])
AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path to LDAP secret password file])])
test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file"
SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file])
AC_ARG_WITH(pc-insults, [AS_HELP_STRING([--with-pc-insults], [replace politically incorrect insults with less offensive ones])],
[case $with_pc_insults in
yes) AC_DEFINE(PC_INSULTS)
;;
no) ;;
*) AC_MSG_ERROR(["--with-pc-insults does not take an argument."])
;;
esac])
dnl include all insult sets on one line
if test "$insults" = "on"; then
AC_MSG_CHECKING(which insult sets to include)
i=""
test "$with_goons_insults" = "yes" && i="goons ${i}"
test "$with_hal_insults" = "yes" && i="hal ${i}"
test "$with_csops_insults" = "yes" && i="csops ${i}"
test "$with_classic_insults" = "yes" && i="classic ${i}"
AC_MSG_RESULT([$i])
fi
AC_MSG_CHECKING(whether to override the user's path)
AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])],
[case $with_secure_path in
yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc"
AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
AC_MSG_RESULT([$with_secure_path])
secure_path="set to $with_secure_path"
;;
no) AC_MSG_RESULT(no)
;;
*) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
AC_MSG_RESULT([$with_secure_path])
secure_path="set to F<$with_secure_path>"
;;
esac], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-interfaces], [don't try to read the ip addr of ether interfaces])],
[case $with_interfaces in
yes) AC_MSG_RESULT(yes)
;;
no) AC_DEFINE(STUB_LOAD_INTERFACES)
AC_MSG_RESULT(no)
;;
*) AC_MSG_ERROR(["--with-interfaces does not take an argument."])
;;
esac], AC_MSG_RESULT(yes))
AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [deprecated])],
[case $with_stow in
*) AC_MSG_NOTICE([--with-stow option deprecated, now is defalt behavior])
;;
esac])
AC_MSG_CHECKING(whether to use an askpass helper)
AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])],
[case $with_askpass in
yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."])
;;
no) ;;
*) ;;
esac], [
with_askpass=no
AC_MSG_RESULT(no)
])
if test X"$with_askpass" != X"no"; then
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass")
else
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, NULL)
fi
AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir], [set directory to load plugins from])],
[case $with_plugindir in
no) AC_MSG_ERROR(["illegal argument: --without-plugindir."])
;;
*) ;;
esac], [with_plugindir="$libexecdir/sudo"])
AC_ARG_WITH(man, [AS_HELP_STRING([--with-man], [manual pages use man macros])],
[case $with_man in
yes) MANTYPE=man
;;
no) AC_MSG_ERROR(["--without-man not supported."])
;;
*) AC_MSG_ERROR(["ignoring unknown argument to --with-man: $with_man."])
;;
esac])
AC_ARG_WITH(mdoc, [AS_HELP_STRING([--with-mdoc], [manual pages use mdoc macros])],
[case $with_mdoc in
yes) MANTYPE=mdoc
;;
no) AC_MSG_ERROR(["--without-mdoc not supported."])
;;
*) AC_MSG_ERROR(["ignoring unknown argument to --with-mdoc: $with_mdoc."])
;;
esac])
dnl
dnl Options for --enable
dnl
AC_MSG_CHECKING(whether to do user authentication by default)
AC_ARG_ENABLE(authentication,
[AS_HELP_STRING([--disable-authentication], [Do not require authentication by default])],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
;;
no) AC_MSG_RESULT(no)
AC_DEFINE(NO_AUTHENTICATION)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval])
;;
esac
], AC_MSG_RESULT(yes))
AC_MSG_CHECKING(whether to disable running the mailer as root)
AC_ARG_ENABLE(root-mailer,
[AS_HELP_STRING([--disable-root-mailer], [Don't run the mailer as root, run as the user])],
[ case "$enableval" in
yes) AC_MSG_RESULT(no)
;;
no) AC_MSG_RESULT(yes)
AC_DEFINE(NO_ROOT_MAILER)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_ARG_ENABLE(setreuid,
[AS_HELP_STRING([--disable-setreuid], [Don't try to use the setreuid() function])],
[ case "$enableval" in
no) SKIP_SETREUID=yes
;;
*) ;;
esac
])
AC_ARG_ENABLE(setresuid,
[AS_HELP_STRING([--disable-setresuid], [Don't try to use the setresuid() function])],
[ case "$enableval" in
no) SKIP_SETRESUID=yes
;;
*) ;;
esac
])
AC_MSG_CHECKING(whether to disable shadow password support)
AC_ARG_ENABLE(shadow,
[AS_HELP_STRING([--disable-shadow], [Never use shadow passwords])],
[ case "$enableval" in
yes) AC_MSG_RESULT(no)
;;
no) AC_MSG_RESULT(yes)
CHECKSHADOW="false"
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether root should be allowed to use sudo)
AC_ARG_ENABLE(root-sudo,
[AS_HELP_STRING([--disable-root-sudo], [Don't allow root to run sudo])],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
;;
no) AC_DEFINE(NO_ROOT_SUDO)
AC_MSG_RESULT(no)
root_sudo=off
;;
*) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."])
;;
esac
], AC_MSG_RESULT(yes))
AC_MSG_CHECKING(whether to log the hostname in the log file)
AC_ARG_ENABLE(log-host,
[AS_HELP_STRING([--enable-log-host], [Log the hostname in the log file])],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
AC_DEFINE(HOST_IN_LOG)
;;
no) AC_MSG_RESULT(no)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
AC_ARG_ENABLE(noargs-shell,
[AS_HELP_STRING([--enable-noargs-shell], [If sudo is given no arguments run a shell])],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
AC_DEFINE(SHELL_IF_NO_ARGS)
;;
no) AC_MSG_RESULT(no)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
AC_ARG_ENABLE(shell-sets-home,
[AS_HELP_STRING([--enable-shell-sets-home], [Set $HOME to target user in shell mode])],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
AC_DEFINE(SHELL_SETS_HOME)
;;
no) AC_MSG_RESULT(no)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether to disable 'command not found' messages)
AC_ARG_ENABLE(path_info,
[AS_HELP_STRING([--disable-path-info], [Print 'command not allowed' not 'command not found'])],
[ case "$enableval" in
yes) AC_MSG_RESULT(no)
;;
no) AC_MSG_RESULT(yes)
AC_DEFINE(DONT_LEAK_PATH_INFO)
path_info=off
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether to enable environment debugging)
AC_ARG_ENABLE(env_debug,
[AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
AC_DEFINE(ENV_DEBUG)
;;
no) AC_MSG_RESULT(no)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-env-debug: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_ARG_ENABLE(zlib,
[AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])],
[], [enable_zlib=yes])
AC_MSG_CHECKING(whether to enable environment resetting by default)
AC_ARG_ENABLE(env_reset,
[AS_HELP_STRING([--enable-env-reset], [Whether to enable environment resetting by default.])],
[ case "$enableval" in
yes) env_reset=on
;;
no) env_reset=off
;;
*) env_reset=on
AC_MSG_WARN([Ignoring unknown argument to --enable-env-reset: $enableval])
;;
esac
])
if test "$env_reset" = "on"; then
AC_MSG_RESULT(yes)
AC_DEFINE(ENV_RESET, 1)
else
AC_MSG_RESULT(no)
AC_DEFINE(ENV_RESET, 0)
fi
AC_ARG_ENABLE(warnings,
[AS_HELP_STRING([--enable-warnings], [Whether to enable compiler warnings])],
[ case "$enableval" in
yes) ;;
no) ;;
*) AC_MSG_WARN([Ignoring unknown argument to --enable-warnings: $enableval])
;;
esac
])
AC_ARG_ENABLE(werror,
[AS_HELP_STRING([--enable-werror], [Whether to enable the -Werror compiler option])],
[ case "$enableval" in
yes) ;;
no) ;;
*) AC_MSG_WARN([Ignoring unknown argument to --enable-werror: $enableval])
;;
esac
])
AC_ARG_ENABLE(hardening,
[AS_HELP_STRING([--disable-hardening], [Do not use compiler/linker exploit mitigation options])],
[], [enable_hardening=yes])
AC_ARG_ENABLE(pie,
[AS_HELP_STRING([--enable-pie], [Build sudo as a position independent executable.])])
AC_ARG_ENABLE(admin-flag,
[AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])],
[ case "$enableval" in
yes) AC_DEFINE(USE_ADMIN_FLAG)
;;
no) ;;
*) AC_MSG_WARN([Ignoring unknown argument to --enable-admin-flag: $enableval])
;;
esac
])
AC_ARG_ENABLE(nls,
[AS_HELP_STRING([--disable-nls], [Disable natural language support using gettext])],
[], [enable_nls=yes])
AC_ARG_ENABLE(rpath,
[AS_HELP_STRING([--disable-rpath], [Disable passing of -Rpath to the linker])],
[], [enable_rpath=yes])
AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])],
[case $with_selinux in
yes) SELINUX_USAGE="[[-r role]] [[-t type]] "
AC_DEFINE(HAVE_SELINUX)
SUDO_LIBS="${SUDO_LIBS} -lselinux"
SUDO_OBJS="${SUDO_OBJS} selinux.o"
PROGS="${PROGS} sesh"
SEMAN=1
AC_CHECK_LIB([selinux], [setkeycreatecon],
[AC_DEFINE(HAVE_SETKEYCREATECON)])
;;
no) ;;
*) AC_MSG_ERROR(["--with-selinux does not take an argument."])
;;
esac], [with_selinux=no])
dnl
dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default
dnl
AC_ARG_ENABLE(gss_krb5_ccache_name,
[AS_HELP_STRING([--enable-gss-krb5-ccache-name], [Use GSS-API to set the Kerberos V cred cache name])],
[check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no])
dnl
dnl C compiler checks
dnl
AC_SEARCH_LIBS([strerror], [cposix])
AC_PROG_CPP
AC_CHECK_TOOL(AR, ar, false)
AC_CHECK_TOOL(RANLIB, ranlib, :)
if test X"$AR" = X"false"; then
AC_MSG_ERROR([the "ar" utility is required to build sudo])
fi
if test "x$ac_cv_prog_cc_c89" = "xno"; then
AC_MSG_ERROR([Sudo version $PACKAGE_VERSION requires an ANSI C compiler to build.])
fi
dnl
dnl If the user specified --disable-static, override them or we'll
dnl be unable to build the executables in the sudoers plugin dir.
dnl
if test "$enable_static" = "no"; then
AC_MSG_WARN([Ignoring --disable-static, sudo does not install static libs])
enable_static=yes
fi
dnl
dnl Libtool setup, we require libtool 2.2.6b or higher
dnl
AC_CANONICAL_HOST
AC_CONFIG_MACRO_DIR([m4])
LT_PREREQ([2.2.6b])
LT_INIT([dlopen])
dnl
dnl Allow the user to specify an alternate libtool.
dnl XXX - should be able to skip LT_INIT if we are using a different libtool
dnl
AC_ARG_WITH(libtool, [AS_HELP_STRING([--with-libtool=PATH], [specify path to libtool])],
[case $with_libtool in
yes|builtin) ;;
no) AC_MSG_ERROR(["--without-libtool not supported."])
;;
system) LIBTOOL=libtool
;;
*) LIBTOOL="$with_libtool"
;;
esac])
dnl
dnl Defer with_noexec until after libtool magic runs
dnl
if test "$enable_shared" = "no"; then
with_noexec=no
enable_dlopen=no
lt_cv_dlopen=none
lt_cv_dlopen_libs=
ac_cv_func_dlopen=no
LT_LDFLAGS=-static
else
eval _shrext="$shrext_cmds"
# Darwin uses .dylib for libraries but .so for modules
if test X"$_shrext" = X".dylib"; then
SOEXT=".so"
else
SOEXT="$_shrext"
fi
fi
AC_MSG_CHECKING(path to sudo_noexec.so)
AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])],
[case $with_noexec in
yes) with_noexec="$libexecdir/sudo/sudo_noexec.so"
;;
no) ;;
*) ;;
esac], [with_noexec="$libexecdir/sudo/sudo_noexec.so"])
AC_MSG_RESULT($with_noexec)
NOEXECFILE="sudo_noexec.so"
NOEXECDIR="`echo $with_noexec|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`"
dnl
dnl Find programs we use
dnl
AC_PATH_PROG(UNAMEPROG, [uname], [uname])
AC_PATH_PROG(TRPROG, [tr], [tr])
AC_PATH_PROG(MANDOCPROG, [mandoc], [mandoc])
if test "$MANDOCPROG" != "mandoc"; then
: ${MANTYPE='mdoc'}
else
AC_PATH_PROG(NROFFPROG, [nroff])
if test -n "$NROFFPROG"; then
test -n "$MANTYPE" && sudo_cv_var_mantype="$MANTYPE"
AC_CACHE_CHECK([which macro set to use for manual pages],
[sudo_cv_var_mantype],
[
sudo_cv_var_mantype="man"
echo ".Sh NAME" > conftest
echo ".Nm sudo" >> conftest
echo ".Nd sudo" >> conftest
echo ".Sh DESCRIPTION" >> conftest
echo "sudo" >> conftest
if $NROFFPROG -mdoc conftest >/dev/null 2>&1; then
sudo_cv_var_mantype="mdoc"
fi
rm -f conftest
]
)
MANTYPE="$sudo_cv_var_mantype"
else
MANTYPE=cat
MANDIRTYPE=cat
mansrcdir='$(srcdir)'
fi
fi
dnl
dnl What kind of beastie are we being run on?
dnl Barf if config.cache was generated on another host.
dnl
if test -n "$sudo_cv_prev_host"; then
if test "$sudo_cv_prev_host" != "$host"; then
AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
else
AC_MSG_CHECKING(previous host type)
AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
AC_MSG_RESULT([$sudo_cv_prev_host])
fi
else
# this will produce no output since there is no cached value
AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
fi
dnl
dnl We want to be able to differentiate between different rev's
dnl
if test -n "$host_os"; then
OS=`echo $host_os | sed 's/[[0-9]].*//'`
OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'`
OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
else
OS="unknown"
OSREV=0
OSMAJOR=0
fi
case "$host" in
*-*-sunos4*)
# LD_PRELOAD is space-delimited
RTLD_PRELOAD_DELIM=" "
# getcwd(3) opens a pipe to getpwd(1)!?!
BROKEN_GETCWD=1
# system headers lack prototypes but gcc helps...
if test -n "$GCC"; then
OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
fi
shadow_funcs="getpwanam issecure"
;;
*-*-solaris2*)
# LD_PRELOAD is space-delimited
RTLD_PRELOAD_DELIM=" "
# Solaris-specific initialization
OS_INIT=os_init_solaris
SUDO_OBJS="${SUDO_OBJS} solaris.o"
# To get the crypt(3) prototype (so we pass -Wall)
OSDEFS="${OSDEFS} -D__EXTENSIONS__"
# AFS support needs -lucb
if test "$with_AFS" = "yes"; then
AFS_LIBS="-lc -lucb"
fi
: ${mansectsu='1m'}
: ${mansectform='4'}
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
AC_CHECK_FUNCS(priv_set, [PSMAN=1])
;;
*-*-aix*)
# To get all prototypes (so we pass -Wall)
OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT"
SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
# On AIX 6 and higher default to PAM, else default to LAM
if test $OSMAJOR -ge 6; then
if test X"$with_pam" = X""; then
AUTH_EXCL_DEF="PAM"
fi
else
if test X"$with_aixauth" = X""; then
AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
fi
fi
# AIX analog of nsswitch.conf, enabled by default
AC_ARG_WITH(netsvc, [AS_HELP_STRING([--with-netsvc[[=PATH]]], [path to netsvc.conf])],
[case $with_netsvc in
no) ;;
yes) with_netsvc="/etc/netsvc.conf"
;;
*) ;;
esac])
if test -z "$with_nsswitch" -a -z "$with_netsvc"; then
with_netsvc="/etc/netsvc.conf"
fi
# LDR_PRELOAD is only supported in AIX 5.3 and later
if test $OSMAJOR -lt 5; then
with_noexec=no
else
RTLD_PRELOAD_VAR="LDR_PRELOAD"
fi
# AIX-specific functions
AC_CHECK_FUNCS(getuserattr setauthdb setrlimit64)
COMMON_OBJS="$COMMON_OBJS aix.lo"
;;
*-*-hiuxmpp*)
: ${mansectsu='1m'}
: ${mansectform='4'}
# HP-UX shared libs must be executable
SHLIB_MODE=0755
;;
*-*-hpux*)
# AFS support needs -lBSD
if test "$with_AFS" = "yes"; then
AFS_LIBS="-lc -lBSD"
fi
: ${mansectsu='1m'}
: ${mansectform='4'}
# HP-UX shared libs must be executable
SHLIB_MODE=0755
# The HP bundled compiler cannot generate shared libs
if test -z "$GCC"; then
AC_CACHE_CHECK([for HP bundled C compiler],
[sudo_cv_var_hpccbundled],
[if $CC -V 2>&1 | grep '^(Bundled)' >/dev/null 2>&1; then
sudo_cv_var_hpccbundled=yes
else
sudo_cv_var_hpccbundled=no
fi]
)
if test "$sudo_cv_var_hpccbundled" = "yes"; then
AC_MSG_ERROR([The HP bundled C compiler is unable to build Sudo, you must use gcc or the HP ANSI C compiler instead.])
fi
fi
# Build PA-RISC1.1 objects for better portability
case "$host_cpu" in
hppa[[2-9]]*)
_CFLAGS="$CFLAGS"
if test -n "$GCC"; then
portable_flag="-march=1.1"
else
portable_flag="+DAportable"
fi
CFLAGS="$CFLAGS $portable_flag"
AC_CACHE_CHECK([whether $CC understands $portable_flag],
[sudo_cv_var_daportable],
[AC_LINK_IFELSE(
[AC_LANG_PROGRAM([[]], [[]])],
[sudo_cv_var_daportable=yes],
[sudo_cv_var_daportable=no]
)
]
)
if test X"$sudo_cv_var_daportable" != X"yes"; then
CFLAGS="$_CFLAGS"
fi
;;
esac
case "$host_os" in
hpux[[1-8]].*)
AC_DEFINE(BROKEN_SYSLOG)
;;
hpux9.*)
AC_DEFINE(BROKEN_SYSLOG)
shadow_funcs="getspwuid"
# DCE support (requires ANSI C compiler)
if test "$with_DCE" = "yes"; then
# order of libs in 9.X is important. -lc_r must be last
SUDOERS_LIBS="${SUDOERS_LIBS} -ldce -lM -lc_r"
LIBS="${LIBS} -ldce -lM -lc_r"
SUDO_APPEND_CPPFLAGS(-D_REENTRANT)
SUDO_APPEND_CPPFLAGS(-I/usr/include/reentrant)
fi
;;
hpux10.*)
shadow_funcs="getprpwnam iscomsec"
shadow_libs="-lsec"
# HP-UX 10.20 libc has an incompatible getline
ac_cv_func_getline="no"
;;
*)
shadow_funcs="getspnam iscomsec"
shadow_libs="-lsec"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
;;
esac
AC_CHECK_FUNCS(pstat_getproc)
;;
*-dec-osf*)
# ignore envariables wrt dynamic lib path
# XXX - sudo LDFLAGS instead?
SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-no_library_replacement"
: ${CHECKSIA='true'}
AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
AC_ARG_ENABLE(sia,
[AS_HELP_STRING([--disable-sia], [Disable SIA on Digital UNIX])],
[ case "$enableval" in
yes) AC_MSG_RESULT(no)
CHECKSIA=true
;;
no) AC_MSG_RESULT(yes)
CHECKSIA=false
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval])
;;
esac
], AC_MSG_RESULT(no))
shadow_funcs="getprpwnam dispcrypt"
# OSF/1 4.x and higher need -ldb too
if test $OSMAJOR -lt 4; then
shadow_libs="-lsecurity -laud -lm"
else
shadow_libs="-lsecurity -ldb -laud -lm"
fi
# use SIA by default, if we have it
test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
#
# Some versions of Digital Unix ship with a broken
# copy of prot.h, which we need for shadow passwords.
# XXX - make should remove this as part of distclean
#
AC_MSG_CHECKING([for broken prot.h])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <sys/security.h>
#include <prot.h>
]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
])
# ":DEFAULT" must be appended to _RLD_LIST
RTLD_PRELOAD_VAR="_RLD_LIST"
RTLD_PRELOAD_DEFAULT="DEFAULT"
: ${mansectsu='8'}
: ${mansectform='4'}
;;
*-*-irix*)
OSDEFS="${OSDEFS} -D_BSD_TYPES"
if test -z "$NROFFPROG"; then
if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
if test -d /usr/share/catman/local; then
mandir="/usr/share/catman/local"
else
mandir="/usr/catman/local"
fi
fi
# Compress cat pages with pack
MANCOMPRESS='pack'
MANCOMPRESSEXT='.z'
else
if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
if test -d "/usr/share/man/local"; then
mandir="/usr/share/man/local"
else
mandir="/usr/man/local"
fi
fi
fi
# IRIX <= 4 needs -lsun
if test "$OSMAJOR" -le 4; then
AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
fi
# ":DEFAULT" must be appended to _RLD_LIST
RTLD_PRELOAD_VAR="_RLD_LIST"
RTLD_PRELOAD_DEFAULT="DEFAULT"
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-*-linux*|*-*-k*bsd*-gnu)
OSDEFS="${OSDEFS} -D_GNU_SOURCE"
# Some Linux versions need to link with -lshadow
shadow_funcs="getspnam"
shadow_libs_optional="-lshadow"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
;;
*-convex-bsd*)
OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
if test -z "$GCC"; then
CFLAGS="${CFLAGS} -D__STDC__"
fi
shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
shadow_funcs="getprpwnam"
shadow_libs="-lprot"
;;
*-*-ultrix*)
OS="ultrix"
shadow_funcs="getauthuid"
shadow_libs="-lauth"
;;
*-*-riscos*)
LIBS="${LIBS} -lsun -lbsd"
SUDO_APPEND_CPPFLAGS(-I/usr/include)
SUDO_APPEND_CPPFLAGS(-I/usr/include/bsd)
OSDEFS="${OSDEFS} -D_MIPS"
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-*-isc*)
OSDEFS="${OSDEFS} -D_ISC"
LIB_CRYPT=1
SUDOERS_LIBS="${SUDOERS_LIBS} -lcrypt"
shadow_funcs="getspnam"
shadow_libs="-lsec"
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-*-sco*|*-sco-*)
shadow_funcs="getprpwnam"
shadow_libs="-lprot -lx"
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
m88k-motorola-sysv*)
# motorolla's cc (a variant of gcc) does -O but not -O2
CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-sequent-sysv*)
shadow_funcs="getspnam"
shadow_libs="-lsec"
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-ncr-sysv4*|*-ncr-sysvr4*)
AC_CHECK_LIB(c89, strcasecmp, [LIBS="${LIBS} -lc89"])
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-ccur-sysv4*|*-ccur-sysvr4*)
LIBS="${LIBS} -lgen"
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-*-bsdi*)
SKIP_SETREUID=yes
# Check for newer BSD auth API
if test -z "$with_bsdauth"; then
AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
fi
;;
*-*-freebsd*)
# FreeBSD has a real setreuid(2) starting with 2.1 and
# backported to 2.0.5. We just take 2.1 and above...
case "$OSREV" in
0.*|1.*|2.0*)
SKIP_SETREUID=yes
;;
esac
OSDEFS="${OSDEFS} -D_BSD_SOURCE"
if test "${with_skey-'no'}" = "yes"; then
SUDOERS_LIBS="${SUDOERS_LIBS} -lmd"
fi
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='maybe'}
;;
*-*-*openbsd*)
# OpenBSD-specific initialization
OS_INIT=os_init_openbsd
SUDO_OBJS="${SUDO_OBJS} openbsd.o"
# OpenBSD has a real setreuid(2) starting with 3.3 but
# we will use setresuid(2) instead.
SKIP_SETREUID=yes
OSDEFS="${OSDEFS} -D_BSD_SOURCE"
CHECKSHADOW="false"
# OpenBSD >= 3.0 supports BSD auth
if test -z "$with_bsdauth"; then
if test "$OSMAJOR" -ge 3; then
AUTH_EXCL_DEF="BSD_AUTH"
fi
fi
: ${with_logincap='maybe'}
;;
*-*-*netbsd*)
# NetBSD has a real setreuid(2) starting with 1.3.2
case "$OSREV" in
0.9*|1.[[012]]*|1.3|1.3.1)
SKIP_SETREUID=yes
;;
esac
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='maybe'}
;;
*-*-dragonfly*)
OSDEFS="${OSDEFS} -D_BSD_SOURCE"
if test "${with_skey-'no'}" = "yes"; then
SUDOERS_LIBS="${SUDOERS_LIBS} -lmd"
fi
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='yes'}
;;
*-*-*bsd*)
CHECKSHADOW="false"
;;
*-*-darwin*)
# Darwin has a real setreuid(2) starting with 9.0
if test $OSMAJOR -lt 9; then
SKIP_SETREUID=yes
fi
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='yes'}
RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES"
RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE"
;;
*-*-nextstep*)
# lockf() on is broken on the NeXT -- use flock instead
ac_cv_func_lockf=no
ac_cv_func_flock=yes
RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES"
RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE"
;;
*-*-*sysv4*)
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-*-sysv*)
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-gnu*)
OSDEFS="${OSDEFS} -D_GNU_SOURCE"
;;
esac
dnl
dnl Library preloading to support NOEXEC
dnl
if test -n "$with_noexec"; then
SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_VAR, "$RTLD_PRELOAD_VAR")
SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DELIM, "$RTLD_PRELOAD_DELIM")
if test -n "$RTLD_PRELOAD_DEFAULT"; then
SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DEFAULT, "$RTLD_PRELOAD_DEFAULT")
fi
if test -n "$RTLD_PRELOAD_ENABLE_VAR"; then
SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_ENABLE_VAR, "$RTLD_PRELOAD_ENABLE_VAR")
fi
fi
dnl
dnl Check for mixing mutually exclusive and regular auth methods
dnl
AUTH_REG=${AUTH_REG# }
AUTH_EXCL=${AUTH_EXCL# }
if test -n "$AUTH_EXCL"; then
set -- $AUTH_EXCL
if test $# != 1; then
AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL])
fi
if test -n "$AUTH_REG"; then
AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
fi
fi
dnl
dnl Only one of S/Key and OPIE may be specified
dnl
if test X"${with_skey}${with_opie}" = X"yesyes"; then
AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
fi
dnl
dnl Use BSD-style man sections by default
dnl
: ${mansectsu='8'}
: ${mansectform='5'}
dnl
dnl Add in any libpaths or libraries specified via configure
dnl
if test -n "$with_libpath"; then
for i in ${with_libpath}; do
SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
done
fi
if test -n "$with_libraries"; then
for i in ${with_libraries}; do
case $i in
-l*) ;;
*.a) ;;
*.o) ;;
*) i="-l${i}";;
esac
LIBS="${LIBS} ${i}"
done
fi
dnl
dnl C compiler checks (to be done after os checks)
dnl
AC_PROG_GCC_TRADITIONAL
AC_C_CONST
AC_C_VOLATILE
# Check for variadic macro support in cpp
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
AC_INCLUDES_DEFAULT
#if defined(__GNUC__) && __GNUC__ == 2
# define sudo_fprintf(fp, fmt...) fprintf((fp), (fmt))
#else
# define sudo_fprintf(fp, ...) fprintf((fp), __VA_ARGS__)
#endif
], [sudo_fprintf(stderr, "a %s", "test");])], [], [AC_MSG_ERROR([Your C compiler doesn't support variadic macros, try building with gcc instead])])
dnl
dnl Program checks
dnl
AC_PROG_YACC
AC_PATH_PROG([FLEX], [flex], [flex])
SUDO_PROG_MV
SUDO_PROG_BSHELL
if test -z "$with_sendmail"; then
SUDO_PROG_SENDMAIL
fi
SUDO_PROG_VI
dnl
dnl Check for authpriv support in syslog
dnl
AC_MSG_CHECKING(which syslog facility sudo should log with)
if test X"$with_logfac" = X""; then
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <syslog.h>]], [[int i = LOG_AUTHPRIV; (void)i;]])], [logfac=authpriv])
fi
AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
AC_MSG_RESULT($logfac)
dnl
dnl Header file checks
dnl
AC_HEADER_STDC
AC_HEADER_DIRENT
AC_HEADER_TIME
AC_HEADER_STDBOOL
AC_HEADER_MAJOR
AC_CHECK_HEADERS(malloc.h netgroup.h paths.h spawn.h utime.h utmpx.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h)
AC_CHECK_HEADERS([endian.h] [sys/endian.h] [machine/endian.h], [break])
AC_CHECK_HEADERS([procfs.h] [sys/procfs.h], [AC_CHECK_MEMBERS(struct psinfo.pr_ttydev, [AC_CHECK_FUNCS(_ttyname_dev)], [], [AC_INCLUDES_DEFAULT
#ifdef HAVE_PROCFS_H
#include <procfs.h>
#endif
#ifdef HAVE_SYS_PROCFS_H
#include <sys/procfs.h>
#endif
])]
break)
dnl
dnl Check for large file support. HP-UX 11.23 has a broken sys/type.h
dnl when large files support is enabled so work around it.
dnl
AC_SYS_LARGEFILE
case "$host_os" in
hpux11.*)
AC_CACHE_CHECK([whether sys/types.h needs _XOPEN_SOURCE_EXTENDED], [sudo_cv_xopen_source_extended],
[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT
#include <sys/socket.h>], [])], [sudo_cv_xopen_source_extended=no], [
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#define _XOPEN_SOURCE_EXTENDED
AC_INCLUDES_DEFAULT
#include <sys/socket.h>], [])], [sudo_cv_xopen_source_extended=yes],
[sudo_cv_xopen_source_extended=error])
])])
if test "$sudo_cv_xopen_source_extended" = "yes"; then
OSDEFS="${OSDEFS} -D_XOPEN_SOURCE_EXTENDED"
SUDO_DEFINE(_XOPEN_SOURCE_EXTENDED)
fi
;;
esac
AC_SYS_POSIX_TERMIOS
if test "$ac_cv_sys_posix_termios" != "yes"; then
AC_MSG_ERROR([Must have POSIX termios to build sudo])
fi
SUDO_MAILDIR
if test ${with_logincap-'no'} != "no"; then
AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class]] '; LCMAN=1
case "$OS" in
freebsd|netbsd)
SUDO_LIBS="${SUDO_LIBS} -lutil"
SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
;;
esac
])
fi
if test ${with_project-'no'} != "no"; then
AC_CHECK_HEADER(project.h, [
AC_CHECK_LIB(project, setproject, [
AC_DEFINE(HAVE_PROJECT_H)
SUDO_LIBS="${SUDO_LIBS} -lproject"
])
], [])
fi
dnl
dnl typedef checks
dnl We need to define __STDC_WANT_LIB_EXT1__ for errno_t and rsize_t
dnl
SUDO_APPEND_CPPFLAGS(-D__STDC_WANT_LIB_EXT1__=1)
AC_TYPE_MODE_T
AC_TYPE_UID_T
AC_CHECK_TYPE([__signed char], [], [AC_CHECK_TYPE([signed char], [AC_DEFINE(__signed, signed)], [AC_DEFINE(__signed, [])])])
AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
#include <signal.h>])
AC_CHECK_TYPES([sigaction_t], [], [], [#include <sys/types.h>
#include <signal.h>])
AC_CHECK_TYPES([struct timespec], [], [], [#include <sys/types.h>
#if TIME_WITH_SYS_TIME
# include <sys/time.h>
#endif
#include <time.h>])
AC_CHECK_TYPES([struct in6_addr], [], [], [#include <sys/types.h>
#include <netinet/in.h>])
AC_TYPE_LONG_LONG_INT
if test X"$ac_cv_type_long_long_int" != X"yes"; then
AC_MSG_ERROR(["C compiler does not appear have required long long support"])
fi
AC_CHECK_SIZEOF([long int])
AC_CHECK_TYPE(id_t, unsigned int)
AC_CHECK_TYPE(size_t, unsigned int)
AC_CHECK_TYPE(ssize_t, int)
AC_CHECK_TYPE(dev_t, int)
AC_CHECK_TYPE(ino_t, unsigned int)
AC_CHECK_TYPE(uint8_t, unsigned char)
AC_CHECK_TYPE(uint32_t, unsigned int)
AC_CHECK_TYPE(uint64_t, unsigned long long)
AC_CHECK_TYPE(socklen_t, [], [AC_DEFINE(socklen_t, unsigned int)], [
AC_INCLUDES_DEFAULT
#include <sys/socket.h>])
AC_CHECK_TYPE(rsize_t, size_t)
AC_CHECK_TYPE(errno_t, int)
SUDO_UID_T_LEN
SUDO_SOCK_SA_LEN
dnl
dnl Check for utmp/utmpx struct members.
dnl We need to include OSDEFS for glibc which only has __e_termination
dnl visible when _GNU_SOURCE is *not* defined.
dnl
_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $OSDEFS"
if test $ac_cv_header_utmpx_h = "yes"; then
AC_CHECK_MEMBERS([struct utmpx.ut_id, struct utmpx.ut_pid, struct utmpx.ut_tv, struct utmpx.ut_type], [], [], [
#include <sys/types.h>
#include <utmpx.h>
])
dnl
dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination
dnl
AC_CHECK_MEMBERS([struct utmpx.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [
AC_CHECK_MEMBERS([struct utmpx.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [], [
#include <sys/types.h>
#include <utmpx.h>
])
], [
#include <sys/types.h>
#include <utmpx.h>
])
else
AC_CHECK_MEMBERS([struct utmp.ut_id, struct utmp.ut_pid, struct utmp.ut_tv, struct utmp.ut_type, struct utmp.ut_user], [], [], [
#include <sys/types.h>
#include <utmp.h>
])
dnl
dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination
dnl
AC_CHECK_MEMBERS([struct utmp.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [
AC_CHECK_MEMBERS([struct utmp.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [], [
#include <sys/types.h>
#include <utmp.h>
])
], [
#include <sys/types.h>
#include <utmp.h>
])
fi
CFLAGS="$_CFLAGS"
dnl
dnl Function checks
dnl
AC_FUNC_GETGROUPS
AC_CHECK_FUNCS(glob nl_langinfo regcomp setenv strftime strrchr strtoll \
sysconf tzset)
AC_CHECK_FUNCS(getgrouplist, [], [
case "$host_os" in
aix*)
AC_CHECK_FUNCS(getgrset)
;;
*)
AC_CHECK_FUNC(nss_search, [
AC_CHECK_FUNC(_nss_XbyY_buf_alloc, [
# Solaris
AC_CHECK_FUNC(_nss_initf_group, [
AC_CHECK_HEADERS(nss_dbdefs.h)
AC_DEFINE([HAVE_NSS_SEARCH])
AC_DEFINE([HAVE__NSS_XBYY_BUF_ALLOC])
AC_DEFINE([HAVE__NSS_INITF_GROUP])
])
], [
# HP-UX
AC_CHECK_FUNC(__nss_XbyY_buf_alloc, [
AC_CHECK_FUNC(__nss_initf_group, [
AC_CHECK_HEADERS(nss_dbdefs.h)
AC_DEFINE([HAVE_NSS_SEARCH])
AC_DEFINE([HAVE___NSS_XBYY_BUF_ALLOC])
AC_DEFINE([HAVE___NSS_INITF_GROUP])
])
])
])
])
;;
esac
AC_LIBOBJ(getgrouplist)
])
AC_CHECK_FUNCS(getline, [], [
AC_LIBOBJ(getline)
AC_CHECK_FUNCS(fgetln)
])
dnl
dnl If libc supports _FORTIFY_SOURCE check functions, use it.
dnl
if test "$enable_hardening" != "no"; then
O_CPPFLAGS="$CPPFLAGS"
CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"
AC_CHECK_FUNC(__sprintf_chk, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]])], [OSDEFS="${OSDEFS} -D_FORTIFY_SOURCE=2"], [])
], [])
CPPFLAGS="$O_CPPFLAGS"
fi
utmp_style=LEGACY
AC_CHECK_FUNCS(getutxid getutid, [utmp_style=POSIX; break])
if test "$utmp_style" = "LEGACY"; then
AC_CHECK_FUNCS(getttyent ttyslot, [break])
AC_CHECK_FUNCS(fseeko)
fi
AC_CHECK_FUNCS(sysctl, [AC_CHECK_MEMBERS([struct kinfo_proc.ki_tdev], [],
[
AC_CHECK_MEMBERS([struct kinfo_proc2.p_tdev], [], [
AC_CHECK_MEMBERS([struct kinfo_proc.p_tdev], [], [
AC_CHECK_MEMBERS([struct kinfo_proc.kp_eproc.e_tdev], [], [], [
#include <sys/param.h>
#include <sys/sysctl.h>
])
], [
#include <sys/param.h>
#include <sys/sysctl.h>
])
],
[
#include <sys/param.h>
#include <sys/sysctl.h>
])
],
[
#include <sys/param.h>
#include <sys/sysctl.h>
#include <sys/user.h>
])
])
AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(libutil.h util.h pty.h, [break])], [
AC_CHECK_LIB(util, openpty, [
AC_CHECK_HEADERS(libutil.h util.h pty.h, [break])
case "$SUDO_LIBS" in
*-lutil*) ;;
*) SUDO_LIBS="${SUDO_LIBS} -lutil";;
esac
AC_DEFINE(HAVE_OPENPTY)
], [
AC_CHECK_FUNCS(_getpty, [], [
AC_CHECK_FUNCS(grantpt, [
AC_CHECK_FUNCS(posix_openpt)
], [
AC_CHECK_FUNCS(revoke)
])
])
])
])
AC_CHECK_FUNCS(unsetenv, [SUDO_FUNC_UNSETENV_VOID], [])
SUDO_FUNC_PUTENV_CONST
if test -z "$SKIP_SETRESUID"; then
AC_CHECK_FUNCS(setresuid, [
SKIP_SETREUID=yes
AC_CHECK_FUNCS(getresuid)
])
fi
if test -z "$SKIP_SETREUID"; then
AC_CHECK_FUNCS(setreuid)
fi
AC_CHECK_FUNCS(seteuid)
if test X"$with_interfaces" != X"no"; then
AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
fi
if test -z "$BROKEN_GETCWD"; then
AC_REPLACE_FUNCS(getcwd)
fi
AC_CHECK_FUNCS(lockf flock, [break])
AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
AC_CHECK_FUNCS(killpg, [], [AC_LIBOBJ(killpg)])
SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)
COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }fnm_test"
])
SUDO_FUNC_ISBLANK
AC_REPLACE_FUNCS(getopt_long memrchr memset_s pw_dup strlcpy strlcat)
AC_CHECK_FUNCS(nanosleep, [], [
# On Solaris, nanosleep is in librt
AC_CHECK_LIB(rt, nanosleep, [REPLAY_LIBS="${REPLAY_LIBS} -lrt"], [AC_LIBOBJ(nanosleep)])
])
AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom)
AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [],
[ #include <limits.h>
#include <fcntl.h> ])
])
AC_CHECK_FUNCS(mkstemps mkdtemp, [], [
AC_CHECK_FUNCS(random lrand48, [break])
AC_LIBOBJ(mktemp)
])
AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
if test X"$ac_cv_type_struct_timespec" != X"no"; then
AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)]
[AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))],
[AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
fi
dnl
dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
dnl
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
#include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
#include <$ac_header_dirent>]], [[DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);]])], [AC_DEFINE(HAVE_DD_FD)], [])])
AC_CHECK_MEMBERS([struct dirent.d_type], [], [], [
AC_INCLUDES_DEFAULT
#include <$ac_header_dirent>
])
dnl
dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
dnl
if test -n "$NEED_SNPRINTF"; then
AC_LIBOBJ(snprintf)
fi
dnl
dnl If socket(2) not in libc, check -lsocket and -linet
dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
dnl
AC_CHECK_FUNC(socket, [], [
for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
_libs=
for lib in $libs; do
case "$NET_LIBS" in
*"$lib"*) ;;
*) _libs="$_libs $lib";;
esac
done
libs="${_libs# }"
test -z "$libs" && continue
lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
SUDO_CHECK_LIB($lib, socket, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs])
done
])
dnl
dnl If inet_addr(3) not in libc, check -lnsl and -linet
dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
dnl
AC_CHECK_FUNC(inet_addr, [], [
AC_CHECK_FUNC(__inet_addr, [], [
for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
_libs=
for lib in $libs; do
case "$NET_LIBS" in
*"$lib"*) ;;
*) _libs="$_libs $lib";;
esac
done
libs="${_libs# }"
test -z "$libs" && continue
lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
SUDO_CHECK_LIB($lib, inet_addr, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs])
done
])
])
dnl
dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
dnl
AC_CHECK_FUNC(syslog, [], [
for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
_libs=
for lib in $libs; do
case "$NET_LIBS" in
*"$lib"*) ;;
*) _libs="$_libs $lib";;
esac
done
libs="${_libs# }"
test -z "$libs" && continue
lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
SUDO_CHECK_LIB($lib, syslog, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs])
done
])
dnl
dnl If getaddrinfo(3) not in libc, check -lsocket and -linet
dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols.
dnl
AC_CHECK_FUNCS(getaddrinfo, [], [
found=no
for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
_libs=
for lib in $libs; do
case "$NET_LIBS" in
*"$lib"*) ;;
*) _libs="$_libs $lib";;
esac
done
libs="${_libs# }"
test -z "$libs" && continue
lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
SUDO_CHECK_LIB($lib, getaddrinfo, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; found=yes; break], [], [$extralibs])
done
if test X"$found" != X"no"; then
AC_DEFINE(HAVE_GETADDRINFO)
fi
])
dnl
dnl Check for getprogname() or __progname
dnl
AC_CHECK_FUNCS(getprogname, , [
AC_MSG_CHECKING([for __progname])
AC_CACHE_VAL(sudo_cv___progname, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
if test "$sudo_cv___progname" = "yes"; then
AC_DEFINE(HAVE___PROGNAME)
else
AC_LIBOBJ(getprogname)
fi
AC_MSG_RESULT($sudo_cv___progname)
])
dnl
dnl Check for __func__ or __FUNCTION__
dnl
AC_MSG_CHECKING([for __func__])
AC_CACHE_VAL(sudo_cv___func__, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[(void)puts(__func__);]])], [sudo_cv___func__=yes], [sudo_cv___func__=no])])
AC_MSG_RESULT($sudo_cv___func__)
if test "$sudo_cv___func__" = "yes"; then
AC_DEFINE(HAVE___FUNC__)
elif test -n "$GCC"; then
AC_MSG_CHECKING([for __FUNCTION__])
AC_CACHE_VAL(sudo_cv___FUNCTION__, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[(void)puts(__FUNCTION__);]])], [sudo_cv___FUNCTION__=yes], [sudo_cv___FUNCTION__=no])])
AC_MSG_RESULT($sudo_cv___FUNCTION__)
if test "$sudo_cv___FUNCTION__" = "yes"; then
AC_DEFINE(HAVE___FUNC__)
AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler supports __FUNCTION__ but not __func__])
fi
fi
# gettext() and friends may be located in libc (Linux and Solaris)
# or in libintl. However, it is possible to have libintl installed
# even when gettext() is present in libc. In the case of GNU libintl,
# gettext() will be defined to gettext_libintl in libintl.h.
# Since gcc prefers /usr/local/include to /usr/include, we need to
# make sure we use the gettext() that matches the include file.
if test "$enable_nls" != "no"; then
if test "$enable_nls" != "yes"; then
SUDO_APPEND_CPPFLAGS(-I${enable_nls}/include)
SUDO_APPEND_LIBPATH(LDFLAGS, [$enable_nls/lib])
fi
OLIBS="$LIBS"
for l in "libc" "-lintl" "-lintl -liconv"; do
if test "$l" = "libc"; then
# If user specified a dir for libintl ignore libc
if test "$enable_nls" != "yes"; then
continue
fi
gettext_name=sudo_cv_gettext
AC_MSG_CHECKING([for gettext])
else
LIBS="$OLIBS $l"
gettext_name=sudo_cv_gettext"`echo $l|sed -e 's/ //g' -e 's/-/_/g'`"
AC_MSG_CHECKING([for gettext in $l])
fi
AC_CACHE_VAL($gettext_name, [
AC_LINK_IFELSE(
[
AC_LANG_PROGRAM([[#include <libintl.h>]], [(void)gettext((char *)0);])
], [eval $gettext_name=yes], [eval $gettext_name=no]
)
])
eval gettext_result="\$$gettext_name"
AC_MSG_RESULT($gettext_result)
if test "$gettext_result" = "yes"; then
AC_CHECK_FUNCS(ngettext)
break
fi
done
LIBS="$OLIBS"
if test "$sudo_cv_gettext" = "yes"; then
AC_DEFINE(HAVE_LIBINTL_H)
SUDO_NLS=enabled
# For Solaris we need links from lang to lang.UTF-8 in localedir
case "$host_os" in
solaris2*) LOCALEDIR_SUFFIX=".UTF-8";;
esac
elif test "$sudo_cv_gettext_lintl" = "yes"; then
AC_DEFINE(HAVE_LIBINTL_H)
SUDO_NLS=enabled
LIBINTL="-lintl"
elif test "$sudo_cv_gettext_lintl_liconv" = "yes"; then
AC_DEFINE(HAVE_LIBINTL_H)
SUDO_NLS=enabled
LIBINTL="-lintl -liconv"
fi
fi
dnl
dnl Deferred zlib option processing.
dnl By default we use the system zlib if it is present.
dnl If a directory was specified for zlib (or we are use sudo's version),
dnl prepend the include dir to make sure we get the right zlib header.
dnl
case "$enable_zlib" in
yes)
AC_CHECK_LIB(z, gzdopen, [
AC_CHECK_HEADERS(zlib.h, [ZLIB="-lz"], [enable_zlib=builtin])
])
;;
no)
;;
system)
AC_DEFINE(HAVE_ZLIB_H)
ZLIB="-lz"
;;
builtin)
# handled below
;;
*)
AC_DEFINE(HAVE_ZLIB_H)
SUDO_APPEND_CPPFLAGS(-I${enable_zlib}/include)
SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib])
ZLIB="${ZLIB} -lz"
;;
esac
if test X"$enable_zlib" = X"builtin"; then
AC_DEFINE(HAVE_ZLIB_H)
CPPFLAGS='-I$(top_builddir)/zlib -I$(top_srcdir)/zlib '"${CPPFLAGS}"
ZLIB="${ZLIB}"' $(top_builddir)/zlib/libz.la'
ZLIB_SRC=zlib
AC_CONFIG_HEADER([zlib/zconf.h])
AC_CONFIG_FILES([zlib/Makefile])
fi
dnl
dnl Check for errno declaration in errno.h
dnl
AC_CHECK_DECLS([errno], [], [], [
AC_INCLUDES_DEFAULT
#include <errno.h>
])
dnl
dnl Check for h_errno declaration in netdb.h
dnl
AC_CHECK_DECLS([h_errno], [], [], [
AC_INCLUDES_DEFAULT
#include <netdb.h>
])
dnl
dnl Check for strsignal() or sys_siglist
dnl
AC_CHECK_FUNCS(strsignal, [], [
AC_LIBOBJ(strsignal)
HAVE_SIGLIST="false"
AC_CHECK_DECLS([sys_siglist, _sys_siglist, __sys_siglist], [
HAVE_SIGLIST="true"
break
], [ ], [
AC_INCLUDES_DEFAULT
#include <signal.h>
])
if test "$HAVE_SIGLIST" != "true"; then
AC_LIBOBJ(siglist)
fi
])
dnl
dnl Check for sig2str(), sys_signame or sys_sigabbrev
dnl
AC_CHECK_FUNCS(sig2str, [], [
AC_LIBOBJ(sig2str)
HAVE_SIGNAME="false"
AC_CHECK_DECLS([sys_signame, _sys_signame, __sys_signame, sys_sigabbrev], [
HAVE_SIGNAME="true"
break
], [ ], [
AC_INCLUDES_DEFAULT
#include <signal.h>
])
if test "$HAVE_SIGNAME" != "true"; then
AC_CACHE_CHECK([for undeclared sys_sigabbrev],
[sudo_cv_var_sys_sigabbrev],
[AC_LINK_IFELSE(
[AC_LANG_PROGRAM([[extern char **sys_sigabbrev;]], [[return sys_sigabbrev[1];]])],
[sudo_cv_var_sys_sigabbrev=yes],
[sudo_cv_var_sys_sigabbrev=no]
)
]
)
if test "$sudo_cv_var_sys_sigabbrev" = yes; then
AC_DEFINE(HAVE_SYS_SIGABBREV)
else
AC_LIBOBJ(signame)
fi
fi
])
dnl
dnl nsswitch.conf and its equivalents
dnl
if test ${with_netsvc-"no"} != "no"; then
SUDO_DEFINE_UNQUOTED(_PATH_NETSVC_CONF, "${with_netsvc-/etc/netsvc.conf}")
netsvc_conf=${with_netsvc-/etc/netsvc.conf}
elif test ${with_nsswitch-"yes"} != "no"; then
SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}")
nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf}
fi
dnl
dnl Mutually exclusive auth checks come first, followed by
dnl non-exclusive ones. Note: passwd must be last of all!
dnl
dnl
dnl Convert default authentication methods to with_* if
dnl no explicit authentication scheme was specified.
dnl
if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
for auth in $AUTH_EXCL_DEF; do
case $auth in
AIX_AUTH) with_aixauth=maybe;;
BSD_AUTH) with_bsdauth=maybe;;
PAM) with_pam=maybe;;
SIA) CHECKSIA=true;;
esac
done
fi
dnl
dnl PAM support. Systems that use PAM by default set with_pam=default
dnl and we do the actual tests here.
dnl
if test ${with_pam-"no"} != "no"; then
#
# Check for pam_start() in libpam first, then for pam_appl.h.
#
found_pam_lib=no
AC_CHECK_LIB(pam, pam_start, [found_pam_lib=yes], [], [$lt_cv_dlopen_libs])
#
# Some PAM implementations (MacOS X for example) put the PAM headers
# in /usr/include/pam instead of /usr/include/security...
#
found_pam_hdrs=no
AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [found_pam_hdrs=yes; break])
if test "$found_pam_lib" = "yes" -a "$found_pam_hdrs" = "yes"; then
# Found both PAM libs and headers
with_pam=yes
elif test "$with_pam" = "yes"; then
if test "$found_pam_lib" = "no"; then
AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development library."])
fi
if test "$found_pam_hdrs" = "no"; then
AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development headers."])
fi
elif test "$found_pam_lib" != "$found_pam_hdrs"; then
if test "$found_pam_lib" = "no"; then
AC_MSG_ERROR(["found PAM headers but no PAM development library; specify --without-pam to build without PAM"])
fi
if test "$found_pam_hdrs" = "no"; then
AC_MSG_ERROR(["found PAM library but no PAM development headers; specify --without-pam to build without PAM"])
fi
fi
if test "$with_pam" = "yes"; then
# Older PAM implementations lack pam_getenvlist
OLIBS="$LIBS"
LIBS="$LIBS -lpam $lt_cv_dlopen_libs"
AC_CHECK_FUNCS(pam_getenvlist)
LIBS="$OLIBS"
# We already link with -ldl if needed (see LIBDL below)
SUDOERS_LIBS="${SUDOERS_LIBS} -lpam"
AC_DEFINE(HAVE_PAM)
AUTH_OBJS="$AUTH_OBJS pam.lo";
AUTH_EXCL=PAM
AC_ARG_WITH(pam-login, [AS_HELP_STRING([--with-pam-login], [enable specific PAM session for sudo -i])],
[case $with_pam_login in
yes) AC_DEFINE([HAVE_PAM_LOGIN])
AC_MSG_CHECKING(whether to use PAM login)
AC_MSG_RESULT(yes)
pam_login_service="sudo-i"
;;
no) ;;
*) AC_MSG_ERROR(["--with-pam-login does not take an argument."])
;;
esac])
AC_MSG_CHECKING(whether to use PAM session support)
AC_ARG_ENABLE(pam_session,
[AS_HELP_STRING([--disable-pam-session], [Disable PAM session support])],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
;;
no) AC_MSG_RESULT(no)
AC_DEFINE(NO_PAM_SESSION)
pam_session=off
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
;;
esac], AC_MSG_RESULT(yes))
fi
fi
dnl
dnl AIX general authentication
dnl If set to "maybe" only enable if no other exclusive method in use.
dnl
if test ${with_aixauth-'no'} != "no"; then
if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
AC_MSG_NOTICE([using AIX general authentication])
AC_DEFINE(HAVE_AIXAUTH)
AUTH_OBJS="$AUTH_OBJS aix_auth.lo";
SUDOERS_LIBS="${SUDOERS_LIBS} -ls"
AUTH_EXCL=AIX_AUTH
fi
fi
dnl
dnl BSD authentication
dnl If set to "maybe" only enable if no other exclusive method in use.
dnl
if test ${with_bsdauth-'no'} != "no"; then
AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
[AUTH_OBJS="$AUTH_OBJS bsdauth.lo"]
[BSDAUTH_USAGE='[[-a type]] ']
[AUTH_EXCL=BSD_AUTH; BAMAN=1],
[AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
fi
dnl
dnl SIA authentication for Tru64 Unix
dnl
if test ${CHECKSIA-'false'} = "true"; then
AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
if test "$found" = "true"; then
AUTH_EXCL=SIA
AUTH_OBJS="$AUTH_OBJS sia.lo"
fi
fi
dnl
dnl extra FWTK libs + includes
dnl
if test ${with_fwtk-'no'} != "no"; then
if test "$with_fwtk" != "yes"; then
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_fwtk}])
SUDO_APPEND_CPPFLAGS(-I${with_fwtk})
with_fwtk=yes
fi
SUDOERS_LIBS="${SUDOERS_LIBS} -lauth -lfwall"
AUTH_OBJS="$AUTH_OBJS fwtk.lo"
fi
dnl
dnl extra SecurID lib + includes
dnl
if test ${with_SecurID-'no'} != "no"; then
if test "$with_SecurID" != "yes"; then
:
elif test -d /usr/ace/examples; then
with_SecurID=/usr/ace/examples
else
with_SecurID=/usr/ace
fi
SUDO_APPEND_CPPFLAGS(-I${with_SecurID})
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_SecurID}])
SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread"
AUTH_OBJS="$AUTH_OBJS securid5.lo";
fi
dnl
dnl Non-mutually exclusive auth checks come next.
dnl Note: passwd must be last of all!
dnl
dnl
dnl Convert default authentication methods to with_* if
dnl no explicit authentication scheme was specified.
dnl
if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
for auth in $AUTH_DEF; do
case $auth in
passwd) : ${with_passwd='maybe'};;
esac
done
fi
dnl
dnl Kerberos V
dnl There is an easy way and a hard way...
dnl
if test ${with_kerb5-'no'} != "no"; then
AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
if test -n "$KRB5CONFIG"; then
AC_DEFINE(HAVE_KERB5)
AUTH_OBJS="$AUTH_OBJS kerb5.lo"
CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
SUDOERS_LIBS="$SUDOERS_LIBS `krb5-config --libs`"
dnl
dnl Try to determine whether we have Heimdal or MIT Kerberos
dnl
AC_MSG_CHECKING(whether we are using Heimdal)
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_HEIMDAL)
], [
AC_MSG_RESULT(no)
]
)
else
AC_DEFINE(HAVE_KERB5)
dnl
dnl Use the specified directory, if any, else search for correct inc dir
dnl
if test "$with_kerb5" = "yes"; then
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]])], [found=yes; break])
done
if test X"$found" = X"no"; then
CPPFLAGS="$O_CPPFLAGS"
AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
fi
else
dnl XXX - try to include krb5.h here too
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb5}/lib])
SUDO_APPEND_CPPFLAGS(-I${with_kerb5}/include)
fi
dnl
dnl Try to determine whether we have Heimdal or MIT Kerberos
dnl
AC_MSG_CHECKING(whether we are using Heimdal)
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_HEIMDAL)
# XXX - need to check whether -lcrypo is needed!
SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
AC_CHECK_LIB(roken, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lroken"])
], [
AC_MSG_RESULT(no)
SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lk5crypto -lcom_err"
AC_CHECK_LIB(krb5support, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5support"])
])
AUTH_OBJS="$AUTH_OBJS kerb5.lo"
fi
_LIBS="$LIBS"
LIBS="${LIBS} ${SUDOERS_LIBS}"
AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
AC_CHECK_FUNCS(krb5_get_init_creds_opt_alloc, [
AC_CACHE_CHECK([whether krb5_get_init_creds_opt_free takes a context],
sudo_cv_krb5_get_init_creds_opt_free_two_args, [
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#include <krb5.h>]],
[[krb5_get_init_creds_opt_free(NULL, NULL);]]
)],
[sudo_cv_krb5_get_init_creds_opt_free_two_args=yes],
[sudo_cv_krb5_get_init_creds_opt_free_two_args=no]
)
]
)
])
if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then
AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS)
fi
LIBS="$_LIBS"
AC_MSG_CHECKING(whether to use an instance name for Kerberos V)
AC_ARG_ENABLE(kerb5-instance,
[AS_HELP_STRING([--enable-kerb5-instance], [instance string to append to the username (separated by a slash)])],
[ case "$enableval" in
yes) AC_MSG_ERROR(["must give --enable-kerb5-instance an argument."])
;;
no) AC_MSG_RESULT(no)
;;
*) SUDO_DEFINE_UNQUOTED(SUDO_KRB5_INSTANCE, "$enableval")
AC_MSG_RESULT([$enableval])
;;
esac], AC_MSG_RESULT(no))
fi
dnl
dnl extra AFS libs and includes
dnl
if test ${with_AFS-'no'} = "yes"; then
# looks like the "standard" place for AFS libs is /usr/afsws/lib
AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
for i in $AFSLIBDIRS; do
if test -d ${i}; then
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [$i])
FOUND_AFSLIBDIR=true
fi
done
if test -z "$FOUND_AFSLIBDIR"; then
AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options.])
fi
# Order is important here. Note that we build AFS_LIBS from right to left
# since AFS_LIBS may be initialized with BSD compat libs that must go last
AFS_LIBS="-laudit ${AFS_LIBS}"
for i in $AFSLIBDIRS; do
if test -f ${i}/util.a; then
AFS_LIBS="${i}/util.a ${AFS_LIBS}"
FOUND_UTIL_A=true
break;
fi
done
if test -z "$FOUND_UTIL_A"; then
AFS_LIBS="-lutil ${AFS_LIBS}"
fi
AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
# AFS includes may live in /usr/include on some machines...
for i in /usr/afsws/include; do
if test -d ${i}; then
SUDO_APPEND_CPPFLAGS(-I${i})
FOUND_AFSINCDIR=true
fi
done
if test -z "$FOUND_AFSLIBDIR"; then
AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
fi
AUTH_OBJS="$AUTH_OBJS afs.lo"
fi
dnl
dnl extra DCE obj + lib
dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
dnl
if test ${with_DCE-'no'} = "yes"; then
DCE_OBJS="${DCE_OBJS} dce_pwent.o"
SUDOERS_LIBS="${SUDOERS_LIBS} -ldce"
AUTH_OBJS="$AUTH_OBJS dce.lo"
fi
dnl
dnl extra S/Key lib and includes
dnl
if test "${with_skey-'no'}" = "yes"; then
O_LDFLAGS="$LDFLAGS"
if test "$with_skey" != "yes"; then
SUDO_APPEND_CPPFLAGS(-I${with_skey}/include)
LDFLAGS="$LDFLAGS -L${with_skey}/lib"
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_skey}/lib])
AC_CHECK_HEADER([skey.h], [found=yes], [found=no], [#include <stdio.h>])
else
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "/usr/local" "/usr/contrib"; do
test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
AC_CHECK_HEADER([skey.h], [found=yes; break], [],
[#include <stdio.h>])
done
if test "$found" = "no" -o -z "$dir"; then
CPPFLAGS="$O_CPPFLAGS"
else
LDFLAGS="$LDFLAGS -L${dir}/lib"
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib])
fi
if test "$found" = "no"; then
AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
fi
fi
AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS])])
AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
AC_MSG_CHECKING([for RFC1938-compliant skeychallenge])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#include <stdio.h>
#include <skey.h>]],
[[skeychallenge(NULL, NULL, NULL, 0);]]
)], [
AC_DEFINE(HAVE_RFC1938_SKEYCHALLENGE)
AC_MSG_RESULT([yes])
], [
AC_MSG_RESULT([no])
]
)
LDFLAGS="$O_LDFLAGS"
SUDOERS_LIBS="${SUDOERS_LIBS} -lskey"
AUTH_OBJS="$AUTH_OBJS rfc1938.lo"
fi
dnl
dnl extra OPIE lib and includes
dnl
if test "${with_opie-'no'}" = "yes"; then
O_LDFLAGS="$LDFLAGS"
if test "$with_opie" != "yes"; then
SUDO_APPEND_CPPFLAGS(-I${with_opie}/include)
LDFLAGS="$LDFLAGS -L${with_opie}/lib"
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_opie}/lib])
AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes], [found=no])
else
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "/usr/local" "/usr/contrib"; do
test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes; break])
done
if test "$found" = "no" -o -z "$dir"; then
CPPFLAGS="$O_CPPFLAGS"
else
LDFLAGS="$LDFLAGS -L${dir}/lib"
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib])
fi
if test "$found" = "no"; then
AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
fi
fi
AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS])])
LDFLAGS="$O_LDFLAGS"
SUDOERS_LIBS="${SUDOERS_LIBS} -lopie"
AUTH_OBJS="$AUTH_OBJS rfc1938.lo"
fi
dnl
dnl Check for shadow password routines if we have not already done so.
dnl If there is a specific list of functions to check we do that first.
dnl Otherwise, we check for SVR4-style and then SecureWare-style.
dnl
if test ${with_passwd-'no'} != "no"; then
dnl
dnl if crypt(3) not in libc, look elsewhere
dnl
if test -z "$LIB_CRYPT"; then
_LIBS="$LIBS"
AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"])
LIBS="$_LIBS"
fi
if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
_LIBS="$LIBS"
LIBS="$LIBS $shadow_libs"
found=no
AC_CHECK_FUNCS($shadow_funcs, [found=yes])
if test "$found" = "yes"; then
SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs"
elif test -n "$shadow_libs_optional"; then
LIBS="$LIBS $shadow_libs_optional"
AC_CHECK_FUNCS($shadow_funcs, [found=yes])
if test "$found" = "yes"; then
SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs $shadow_libs_optional"
fi
fi
if test "$found" = "yes"; then
case "$shadow_funcs" in
*getprpwnam*) SECUREWARE=1;;
esac
test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
else
LIBS="$_LIBS"
fi
CHECKSHADOW=false
fi
if test "$CHECKSHADOW" = "true"; then
AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"])
fi
if test "$CHECKSHADOW" = "true"; then
AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"])
fi
if test -n "$SECUREWARE"; then
AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
AUTH_OBJS="$AUTH_OBJS secureware.lo"
fi
fi
dnl
dnl extra lib and .o file for LDAP support
dnl
if test ${with_ldap-'no'} != "no"; then
O_LDFLAGS="$LDFLAGS"
if test "$with_ldap" != "yes"; then
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_ldap}/lib])
LDFLAGS="$LDFLAGS -L${with_ldap}/lib"
SUDO_APPEND_CPPFLAGS(-I${with_ldap}/include)
with_ldap=yes
fi
SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo"
LDAP=""
_LIBS="$LIBS"
LDAP_LIBS=""
IBMLDAP_EXTRA=""
found=no
# On HP-UX, libibmldap has a hidden dependency on libCsup
case "$host_os" in
hpux*) AC_CHECK_LIB(Csup, main, [IBMLDAP_EXTRA=" -lCsup"]);;
esac
AC_SEARCH_LIBS(ldap_init, "ldap" "ldap -llber" "ldap -llber -lssl -lcrypto" "ibmldap${IBMLDAP_EXTRA}" "ibmldap -lidsldif${IBMLDAP_EXTRA}", [
test "$ac_res" != "none required" && LDAP_LIBS="$ac_res"
found=yes
])
# If nothing linked, try -lldap and hope for the best
if test "$found" = "no"; then
LDAP_LIBS="-lldap"
fi
LIBS="${_LIBS} ${LDAP_LIBS}"
dnl check if we need to link with -llber for ber_set_option
OLIBS="$LIBS"
AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
LDAP_LIBS="$LDAP_LIBS -llber"
fi
dnl check if ldap.h includes lber.h for us
AC_MSG_CHECKING([whether lber.h is needed])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
#include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
AC_MSG_RESULT([yes])
AC_DEFINE(HAVE_LBER_H)])
AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [
AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)
break
])
AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_init ldap_ssl_client_init ldap_start_tls_s_np)
AC_CHECK_FUNCS(ldap_search_ext_s ldap_search_st, [break])
if test X"$check_gss_krb5_ccache_name" = X"yes"; then
AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,
AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
[LDAP_LIBS="${LDAP_LIBS} -lgssapi"],
AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,
AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
[LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"])
)
# gssapi headers may be separate or part of Kerberos V
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do
test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <gssapi/gssapi.h>]])], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <gssapi.h>]])], [found="gssapi.h"; break])])
done
if test X"$found" != X"no"; then
AC_CHECK_HEADERS([$found])
if test X"$found" = X"gssapi/gssapi.h"; then
AC_CHECK_HEADERS([gssapi/gssapi_krb5.h])
fi
else
CPPFLAGS="$O_CPPFLAGS"
AC_MSG_WARN([Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS])
fi
fi
SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}"
LIBS="$_LIBS"
LDFLAGS="$O_LDFLAGS"
fi
#
# How to do dynamic object loading.
# We support dlopen() and sh_load(), else fall back to static loading.
#
case "$lt_cv_dlopen" in
dlopen)
AC_DEFINE(HAVE_DLOPEN)
SUDO_OBJS="$SUDO_OBJS locale_stub.o"
LT_STATIC="--tag=disable-static"
;;
shl_load)
AC_DEFINE(HAVE_SHL_LOAD)
SUDO_OBJS="$SUDO_OBJS locale_stub.o"
LT_STATIC="--tag=disable-static"
AC_LIBOBJ(dlopen)
;;
*)
if test X"${ac_cv_func_dlopen}" = X"yes"; then
AC_MSG_ERROR(["dlopen present but libtool doesn't appear to support your platform."])
fi
# Preload sudoers module symbols
SUDO_OBJS="${SUDO_OBJS} preload.o"
SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la"
LT_STATIC=""
AC_LIBOBJ(dlopen)
;;
esac
#
# Add library needed for dynamic loading, if any.
#
LIBDL="$lt_cv_dlopen_libs"
if test X"$LIBDL" != X""; then
SUDO_LIBS="${SUDO_LIBS} $LIBDL"
SUDOERS_LIBS="${SUDOERS_LIBS} $LIBDL"
fi
# On HP-UX, you cannot dlopen() a shared object that uses pthreads unless
# the main program is linked against -lpthread. We have no knowledge of
# what libraries a plugin may depend on (e.g. HP-UX LDAP which uses pthreads)
# so always link against -lpthread on HP-UX if it is available.
# This check should go after all other libraries tests.
case "$host_os" in
hpux*)
AC_CHECK_LIB(pthread, main, [SUDO_LIBS="${SUDO_LIBS} -lpthread"])
OSDEFS="${OSDEFS} -D_REENTRANT"
;;
esac
dnl
dnl Check for log file, timestamp and iolog locations
dnl
if test "$utmp_style" = "LEGACY"; then
SUDO_PATH_UTMP
fi
SUDO_LOGFILE
SUDO_TIMEDIR
SUDO_IO_LOGDIR
dnl
dnl Turn warnings into errors.
dnl All compiler/loader tests after this point will fail if
dnl a warning is displayed (nornally, warnings are not fata).
dnl
AC_LANG_WERROR
dnl
dnl If compiler supports the -static-libgcc flag use it unless we have
dnl GNU ld (which can avoid linking in libgcc when it is not needed).
dnl This test relies on AC_LANG_WERROR
dnl
if test -n "$GCC" -a "$lt_cv_prog_gnu_ld" != "yes" -a -n "$GCC"; then
AX_CHECK_COMPILE_FLAG([-static-libgcc], [LT_LDFLAGS="$LT_LDFLAGS -Wc,-static-libgcc"])
fi
dnl
dnl Check for symbol visibility support.
dnl This test relies on AC_LANG_WERROR
dnl
if test -n "$GCC"; then
AX_CHECK_COMPILE_FLAG([-fvisibility=hidden], [
AC_DEFINE(HAVE_DSO_VISIBILITY)
CFLAGS="${CFLAGS} -fvisibility=hidden"
LT_LDEXPORTS=
LT_LDDEP=
NO_VIZ=
])
else
case "$host_os" in
hpux*)
AX_CHECK_COMPILE_FLAG([-Bhidden_def], [
AC_DEFINE(HAVE_DSO_VISIBILITY)
CFLAGS="${CFLAGS} -Bhidden_def"
LT_LDEXPORTS=
LT_LDDEP=
])
;;
solaris2*)
AX_CHECK_COMPILE_FLAG([-xldscope=hidden], [
AC_DEFINE(HAVE_DSO_VISIBILITY)
CFLAGS="${CFLAGS} -xldscope=hidden"
LT_LDEXPORTS=
LT_LDDEP=
])
;;
esac
fi
dnl
dnl If the compiler doesn't have symbol visibility support, it may
dnl support version scripts (only GNU and Solaris ld).
dnl This test relies on AC_LANG_WERROR
dnl
if test -n "$LT_LDEXPORTS"; then
if test "$lt_cv_prog_gnu_ld" = "yes"; then
AC_CACHE_CHECK([whether ld supports anonymous map files],
[sudo_cv_var_gnu_ld_anon_map],
[
sudo_cv_var_gnu_ld_anon_map=no
cat > conftest.map <<-EOF
{
global: foo;
local: *;
};
EOF
_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $lt_prog_compiler_pic"
_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS -fpic -shared -Wl,--version-script,./conftest.map"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])],
[sudo_cv_var_gnu_ld_anon_map=yes])
CFLAGS="$_CFLAGS"
LDFLAGS="$_LDFLAGS"
]
)
if test "$sudo_cv_var_gnu_ld_anon_map" = "yes"; then
LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,--version-script,\$(shlib_map)"
fi
else
case "$host_os" in
solaris2*)
AC_CACHE_CHECK([whether ld supports anonymous map files],
[sudo_cv_var_solaris_ld_anon_map],
[
sudo_cv_var_solaris_ld_anon_map=no
cat > conftest.map <<-EOF
{
global: foo;
local: *;
};
EOF
_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $lt_prog_compiler_pic"
_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS -shared -Wl,-M,./conftest.map"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])],
[sudo_cv_var_solaris_ld_anon_map=yes])
CFLAGS="$_CFLAGS"
LDFLAGS="$_LDFLAGS"
]
)
if test "$sudo_cv_var_solaris_ld_anon_map" = "yes"; then
LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,-M,\$(shlib_map)"
fi
;;
hpux*)
AC_CACHE_CHECK([whether ld supports controlling exported symbols],
[sudo_cv_var_hpux_ld_symbol_export],
[
sudo_cv_var_hpux_ld_symbol_export=no
echo "+e foo" > conftest.opt
_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS $lt_prog_compiler_pic"
_LDFLAGS="$LDFLAGS"
if test -n "$GCC"; then
LDFLAGS="$LDFLAGS -shared -Wl,-c,./conftest.opt"
else
LDFLAGS="$LDFLAGS -Wl,-b -Wl,-c,./conftest.opt"
fi
AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])],
[sudo_cv_var_hpux_ld_symbol_export=yes])
CFLAGS="$_CFLAGS"
LDFLAGS="$_LDFLAGS"
rm -f conftest.opt
]
)
if test "$sudo_cv_var_hpux_ld_symbol_export" = "yes"; then
LT_LDEXPORTS=; LT_LDDEP="\$(shlib_opt)"; LT_LDOPT="-Wl,-c,\$(shlib_opt)"
fi
;;
esac
fi
fi
dnl
dnl Check for PIE executable support if using gcc.
dnl This test relies on AC_LANG_WERROR
dnl
if test -n "$GCC"; then
if test -z "$enable_pie"; then
case "$host_os" in
linux*)
# Attempt to build with PIE support
enable_pie="maybe"
;;
esac
fi
if test -n "$enable_pie"; then
if test "$enable_pie" = "no"; then
AX_CHECK_COMPILE_FLAG([-fno-pie], [
_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS -fno-pie"
AX_CHECK_LINK_FLAG([-nopie], [
PIE_CFLAGS="-fno-pie"
PIE_LDFLAGS="-nopie"
])
CFLAGS="$_CFLAGS"
])
else
AX_CHECK_COMPILE_FLAG([-fPIE], [
_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS -fPIE"
AX_CHECK_LINK_FLAG([-pie], [
if test "$enable_pie" = "maybe"; then
SUDO_WORKING_PIE([enable_pie=yes], [])
fi
if test "$enable_pie" = "yes"; then
PIE_CFLAGS="-fPIE"
PIE_LDFLAGS="-Wc,-fPIE -pie"
fi
])
CFLAGS="$_CFLAGS"
])
fi
fi
fi
if test "$enable_pie" != "yes"; then
# Solaris 11.1 and higher supports tagging binaries to use ASLR
case "$host_os" in
solaris2.1[[1-9]]|solaris2.[[2-9]][[0-9]])
AX_CHECK_LINK_FLAG([-Wl,-z,aslr], [PIE_LDFLAGS="${PIE_LDFLAGS}${PIE_LDFLAGS+ }-Wl,-z,aslr"])
;;
esac
fi
dnl
dnl Check for -fstack-protector and -z relro support
dnl This test relies on AC_LANG_WERROR
dnl
if test "$enable_hardening" != "no"; then
if test -n "$GCC"; then
AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [
AX_CHECK_LINK_FLAG([-fstack-protector-all], [
SSP_CFLAGS="-fstack-protector-all"
SSP_LDFLAGS="-Wc,-fstack-protector-all"
])
])
if test -z "$SSP_CFLAGS"; then
AX_CHECK_COMPILE_FLAG([-fstack-protector], [
AX_CHECK_LINK_FLAG([-fstack-protector], [
SSP_CFLAGS="-fstack-protector"
SSP_LDFLAGS="-Wc,-fstack-protector"
])
])
fi
fi
AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="${LDFLAGS} -Wl,-z,relro"])
fi
dnl
dnl Use passwd auth module?
dnl
case "$with_passwd" in
yes|maybe)
AUTH_OBJS="$AUTH_OBJS getspwuid.lo passwd.lo"
;;
*)
AC_DEFINE(WITHOUT_PASSWD)
if test -z "$AUTH_OBJS"; then
AC_MSG_ERROR([no authentication methods defined.])
fi
;;
esac
AUTH_OBJS=${AUTH_OBJS# }
_AUTH=`echo "$AUTH_OBJS" | sed -e 's/\.lo//g' -e 's/getspwuid *//'`
AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
dnl
dnl LIBS may contain duplicates from SUDO_LIBS, SUDOERS_LIBS, or NET_LIBS
dnl
if test -n "$LIBS"; then
L="$LIBS"
LIBS=
for l in ${L}; do
dupe=0
for sl in ${SUDO_LIBS} ${SUDOERS_LIBS} ${NET_LIBS}; do
test $l = $sl && dupe=1
done
test $dupe = 0 && LIBS="${LIBS} $l"
done
fi
dnl
dnl OS-specific initialization
dnl
AC_DEFINE_UNQUOTED(os_init, $OS_INIT, [Define to an OS-specific initialization function or `os_init_common'.])
dnl
dnl We add -Wall and -Werror after all tests so they don't cause failures
dnl
if test -n "$GCC"; then
if test X"$enable_warnings" = X"yes" -o X"$with_devel" = X"yes"; then
CFLAGS="${CFLAGS} -Wall"
fi
if test X"$enable_werror" = X"yes"; then
CFLAGS="${CFLAGS} -Werror"
fi
fi
dnl
dnl Skip regress tests and sudoers sanity check if cross compiling.
dnl
CROSS_COMPILING="$cross_compiling"
dnl
dnl Set exec_prefix
dnl
test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
dnl
dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
dnl XXX - this is gross!
dnl
if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no" -o "$enabled_shared" != X"no"; then
oexec_prefix="$exec_prefix"
if test "$exec_prefix" = '$(prefix)'; then
if test "$prefix" = "NONE"; then
exec_prefix="$ac_default_prefix"
else
exec_prefix="$prefix"
fi
fi
if test X"$with_noexec" != X"no"; then
PROGS="${PROGS} libsudo_noexec.la"
INSTALL_NOEXEC="install-noexec"
noexec_file="$with_noexec"
_noexec_file=
while test X"$noexec_file" != X"$_noexec_file"; do
_noexec_file="$noexec_file"
eval noexec_file="$_noexec_file"
done
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
fi
if test X"$with_selinux" != X"no"; then
sesh_file="$libexecdir/sudo/sesh"
_sesh_file=
while test X"$sesh_file" != X"$_sesh_file"; do
_sesh_file="$sesh_file"
eval sesh_file="$_sesh_file"
done
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file")
fi
if test X"$enable_shared" != X"no"; then
PLUGINDIR="$with_plugindir"
_PLUGINDIR=
while test X"$PLUGINDIR" != X"$_PLUGINDIR"; do
_PLUGINDIR="$PLUGINDIR"
eval PLUGINDIR="$_PLUGINDIR"
done
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/")
SUDO_DEFINE_UNQUOTED(SUDOERS_PLUGIN, "sudoers.so")
fi
exec_prefix="$oexec_prefix"
fi
if test X"$with_selinux" = X"no"; then
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, NULL)
fi
dnl
dnl Add -R options to LDFLAGS, etc.
dnl
if test X"$LDFLAGS_R" != X""; then
LDFLAGS="$LDFLAGS $LDFLAGS_R"
fi
if test X"$SUDOERS_LDFLAGS_R" != X""; then
SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS $SUDOERS_LDFLAGS_R"
fi
if test X"$ZLIB_R" != X""; then
ZLIB="$ZLIB_R $ZLIB"
fi
dnl
dnl Override default configure dirs for the Makefile
dnl
if test X"$prefix" = X"NONE"; then
test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
else
test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man'
fi
test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
test "$libexecdir" = '${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec'
test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include'
test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share'
test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
dnl
dnl Substitute into the Makefile and man pages
dnl
AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers])
AC_OUTPUT
dnl
dnl Spew any text the user needs to know about
dnl
if test "$with_pam" = "yes"; then
case $host_os in
hpux*)
if test -f /usr/lib/security/libpam_hpsec.so.1; then
AC_MSG_NOTICE([You may wish to add the following line to /etc/pam.conf])
AC_MSG_NOTICE([sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login])
fi
;;
linux*)
AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
;;
esac
fi
dnl
dnl Autoheader templates
dnl
AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
AH_TEMPLATE(SUDOERS_PLUGIN, [The name of the sudoers plugin, including extension.])
AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
AH_TEMPLATE(ENV_DEBUG, [Define to 1 to enable environment function debugging.])
AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
AH_TEMPLATE(ENV_RESET, [Define to 1 to enable environment resetting by default.])
AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM audit support.])
AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
AH_TEMPLATE(HAVE_DLOPEN, [Define to 1 if you have the `dlopen' function.])
AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords).])
AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords).])
AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords).])
AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords).])
AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords).])
AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.])
AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled).])
AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled).])
AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.])
AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.])
AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.])
AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.])
AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not).])
AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
AH_TEMPLATE(HAVE_LIBINTL_H, [Define to 1 if you have the <libintl.h> header file.])
AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.])
AH_TEMPLATE(HAVE_SSSD, [Define to 1 to enable SSSD support.])
AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.])
AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.])
AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.])
AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.])
AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments.])
AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union.])
AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member.])
AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member.])
AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements.])
AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support.])
AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.])
AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
AH_TEMPLATE(UMASK_OVERRIDE, [Define to 1 to use the umask specified in sudoers even when it is less restrictive than the invoking user's.])
AH_TEMPLATE(USE_ADMIN_FLAG, [Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo.])
AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.])
AH_TEMPLATE(socklen_t, [Define to `unsigned int' if <sys/socket.h> doesn't define.])
AH_TEMPLATE(HAVE_STRUCT_UTMP_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmp'.])
AH_TEMPLATE(HAVE_STRUCT_UTMPX_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmpx'.])
AH_TEMPLATE(HAVE___FUNC__, [Define to 1 if the compiler supports the C99 __func__ variable.])
AH_TEMPLATE(SUDO_KRB5_INSTANCE, [An instance string to append to the username (separated by a slash) for Kerberos V authentication.])
AH_TEMPLATE(RTLD_PRELOAD_VAR, [The environment variable that controls preloading of dynamic objects.])
AH_TEMPLATE(RTLD_PRELOAD_ENABLE_VAR, [An extra environment variable that is required to enable preloading (if any).])
AH_TEMPLATE(RTLD_PRELOAD_DELIM, [The delimiter to use when defining multiple preloaded objects.])
AH_TEMPLATE(RTLD_PRELOAD_DEFAULT, [The default value of preloaded objects (if any).])
AH_TEMPLATE(HAVE_DSO_VISIBILITY, [Define to 1 if the compiler supports the __visibility__ attribute.])
AH_TEMPLATE(HAVE_SYS_SIGABBREV, [Define to 1 if your libc has the `sys_sigabbrev' symbol.])
AH_TEMPLATE(HAVE_NSS_SEARCH, [Define to 1 if you have the `nss_search' function.])
AH_TEMPLATE(HAVE__NSS_INITF_GROUP, [Define to 1 if you have the `_nss_initf_group' function.])
AH_TEMPLATE(HAVE___NSS_INITF_GROUP, [Define to 1 if you have the `__nss_initf_group' function.])
AH_TEMPLATE(HAVE__NSS_XBYY_BUF_ALLOC, [Define to 1 if you have the `_nss_XbyY_buf_alloc' function.])
AH_TEMPLATE(HAVE___NSS_XBYY_BUF_ALLOC, [Define to 1 if you have the `__nss_XbyY_buf_alloc' function.])
dnl
dnl Bits to copy verbatim into config.h.in
dnl
AH_TOP([#ifndef _SUDO_CONFIG_H
#define _SUDO_CONFIG_H])
AH_BOTTOM([/*
* Macros to convert ctime and mtime into timevals.
*/
#define timespec2timeval(_ts, _tv) do { \
(_tv)->tv_sec = (_ts)->tv_sec; \
(_tv)->tv_usec = (_ts)->tv_nsec / 1000; \
} while (0)
#ifdef HAVE_ST_MTIM
# ifdef HAVE_ST__TIM
# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim.st__tim, (_y))
# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim.st__tim, (_y))
# else
# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim, (_y))
# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim, (_y))
# endif
#else
# ifdef HAVE_ST_MTIMESPEC
# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctimespec, (_y))
# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtimespec, (_y))
# else
# define ctim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_ctime; (_y)->tv_usec = 0; } while (0)
# define mtim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_mtime; (_y)->tv_usec = 0; } while (0)
# endif /* HAVE_ST_MTIMESPEC */
#endif /* HAVE_ST_MTIM */
#ifdef __GNUC__
# define ignore_result(x) do { \
__typeof__(x) y = (x); \
(void)y; \
} while(0)
#else
# define ignore_result(x) (void)(x)
#endif
/* BSD compatibility on some SVR4 systems. */
#ifdef __svr4__
# define BSD_COMP
#endif /* __svr4__ */
#endif /* _SUDO_CONFIG_H */])
Reference in New Issue View Git Blame Copy Permalink