Annotation of src/usr.bin/sudo/configure.in, Revision 1.25
1.1 millert 1: dnl
2: dnl Process this file with GNU autoconf to produce a configure script.
1.25 ! millert 3: dnl $Sudo: configure.in,v 1.413.2.21 2007/09/05 22:16:57 millert Exp $
1.1 millert 4: dnl
1.23 millert 5: dnl Copyright (c) 1994-1996,1998-2007 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 millert 6: dnl
1.23 millert 7: AC_INIT([sudo], [1.6.9])
1.1 millert 8: AC_CONFIG_HEADER(config.h pathnames.h)
9: dnl
1.23 millert 10: dnl This won't work before AC_INIT
1.1 millert 11: dnl
1.23 millert 12: AC_MSG_NOTICE([Configuring Sudo version 1.6.9])
1.1 millert 13: dnl
1.7 millert 14: dnl Variables that get substituted in the Makefile and man pages
1.1 millert 15: dnl
1.21 millert 16: AC_SUBST(LIBTOOL)
1.23 millert 17: AC_SUBST(CFLAGS)
18: AC_SUBST(PROGS)
19: AC_SUBST(CPPFLAGS)
20: AC_SUBST(LDFLAGS)
21: AC_SUBST(SUDO_LDFLAGS)
22: AC_SUBST(SUDO_OBJS)
23: AC_SUBST(LIBS)
24: AC_SUBST(SUDO_LIBS)
25: AC_SUBST(NET_LIBS)
26: AC_SUBST(AFS_LIBS)
27: AC_SUBST(OSDEFS)
28: AC_SUBST(AUTH_OBJS)
29: AC_SUBST(MANTYPE)
30: AC_SUBST(MAN_POSTINSTALL)
31: AC_SUBST(SUDOERS_MODE)
32: AC_SUBST(SUDOERS_UID)
33: AC_SUBST(SUDOERS_GID)
1.5 millert 34: AC_SUBST(DEV)
35: AC_SUBST(mansectsu)
36: AC_SUBST(mansectform)
37: AC_SUBST(mansrcdir)
1.21 millert 38: AC_SUBST(NOEXECDIR)
39: AC_SUBST(noexec_file)
40: AC_SUBST(INSTALL_NOEXEC)
1.23 millert 41: AC_SUBST(DONT_LEAK_PATH_INFO)
1.5 millert 42: dnl
1.7 millert 43: dnl Variables that get substituted in docs (not overridden by environment)
44: dnl
45: AC_SUBST(timedir)dnl initial value from SUDO_TIMEDIR
46: AC_SUBST(timeout)
47: AC_SUBST(password_timeout)
48: AC_SUBST(sudo_umask)
49: AC_SUBST(passprompt)
50: AC_SUBST(long_otp_prompt)
51: AC_SUBST(lecture)
52: AC_SUBST(logfac)
53: AC_SUBST(goodpri)
54: AC_SUBST(badpri)
55: AC_SUBST(loglen)
56: AC_SUBST(ignore_dot)
57: AC_SUBST(mail_no_user)
58: AC_SUBST(mail_no_host)
59: AC_SUBST(mail_no_perms)
60: AC_SUBST(mailto)
61: AC_SUBST(mailsub)
62: AC_SUBST(badpass_message)
63: AC_SUBST(fqdn)
64: AC_SUBST(runas_default)
65: AC_SUBST(env_editor)
66: AC_SUBST(passwd_tries)
67: AC_SUBST(tty_tickets)
68: AC_SUBST(insults)
1.21 millert 69: AC_SUBST(root_sudo)
1.23 millert 70: AC_SUBST(path_info)
1.7 millert 71: dnl
72: dnl Initial values for above
73: dnl
74: timeout=5
75: password_timeout=5
76: sudo_umask=0022
77: passprompt="Password:"
78: long_otp_prompt=off
1.21 millert 79: lecture=once
1.7 millert 80: logfac=local2
81: goodpri=notice
82: badpri=alert
83: loglen=80
84: ignore_dot=off
85: mail_no_user=on
86: mail_no_host=off
87: mail_no_perms=off
88: mailto=root
89: mailsub='*** SECURITY information for %h ***'
90: badpass_message='Sorry, try again.'
91: fqdn=off
92: runas_default=root
93: env_editor=off
94: passwd_tries=3
95: tty_tickets=off
96: insults=off
1.21 millert 97: root_sudo=on
1.23 millert 98: path_info=on
1.21 millert 99: INSTALL_NOEXEC=
1.7 millert 100: dnl
1.5 millert 101: dnl Initial values for Makefile variables listed above
1.7 millert 102: dnl May be overridden by environment variables..
1.5 millert 103: dnl
104: PROGS="sudo visudo"
1.23 millert 105: : ${MANTYPE='man'}
106: : ${mansrcdir='.'}
107: : ${SUDOERS_MODE='0440'}
108: : ${SUDOERS_UID='0'}
109: : ${SUDOERS_GID='0'}
1.1 millert 110: DEV="#"
1.25 ! millert 111: AUTH_OBJS=
! 112: AUTH_REG=
! 113: AUTH_EXCL=
! 114: AUTH_EXCL_DEF=
! 115: AUTH_DEF=passwd
1.5 millert 116:
117: dnl
118: dnl Other vaiables
119: dnl
1.1 millert 120: CHECKSHADOW=true
121: CHECKSIA=true
1.23 millert 122: shadow_defs=
123: shadow_funcs=
124: shadow_libs=
125: shadow_libs_optional=
1.1 millert 126:
127: dnl
128: dnl Override default configure dirs...
129: dnl
130: test "$mandir" = '${prefix}/man' && mandir='$(prefix)/man'
131: test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
132: test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
1.14 millert 133: test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
1.1 millert 134:
135: dnl
136: dnl Deprecated --with options (these all warn or generate an error)
137: dnl
138:
139: AC_ARG_WITH(otp-only, [ --with-otp-only deprecated],
140: [case $with_otp_only in
1.25 ! millert 141: yes) with_passwd="no"
1.15 millert 142: AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
1.1 millert 143: ;;
144: esac])
145:
146: AC_ARG_WITH(alertmail, [ --with-alertmail deprecated],
147: [case $with_alertmail in
148: *) with_mailto="$with_alertmail"
1.15 millert 149: AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
1.1 millert 150: ;;
151: esac])
152:
153: dnl
154: dnl Options for --with
155: dnl
156:
157: AC_ARG_WITH(CC, [ --with-CC C compiler to use],
158: [case $with_CC in
159: yes) AC_MSG_ERROR(["must give --with-CC an argument."])
160: ;;
161: no) AC_MSG_ERROR(["illegal argument: --without-CC."])
162: ;;
163: *) CC=$with_CC
164: ;;
165: esac])
166:
1.15 millert 167: AC_ARG_WITH(rpath, [ --with-rpath pass -R flag in addition to -L for lib paths],
168: [case $with_rpath in
1.23 millert 169: yes|no) ;;
1.15 millert 170: *) AC_MSG_ERROR(["--with-rpath does not take an argument."])
171: ;;
172: esac])
173:
1.23 millert 174: AC_ARG_WITH(blibpath, [ --with-blibpath[=PATH] pass -blibpath flag to ld for additional lib paths],
1.15 millert 175: [case $with_blibpath in
1.23 millert 176: yes|no) ;;
1.15 millert 177: *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
178: ;;
179: esac])
180:
1.1 millert 181: AC_ARG_WITH(incpath, [ --with-incpath additional places to look for include files],
1.21 millert 182: [case $with_incpath in
1.1 millert 183: yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
184: ;;
185: no) AC_MSG_ERROR(["--without-incpath not supported."])
186: ;;
1.15 millert 187: *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
1.1 millert 188: for i in ${with_incpath}; do
189: CPPFLAGS="${CPPFLAGS} -I${i}"
190: done
191: ;;
192: esac])
193:
194: AC_ARG_WITH(libpath, [ --with-libpath additional places to look for libraries],
1.21 millert 195: [case $with_libpath in
1.1 millert 196: yes) AC_MSG_ERROR(["must give --with-libpath an argument."])
197: ;;
198: no) AC_MSG_ERROR(["--without-libpath not supported."])
199: ;;
1.15 millert 200: *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS])
1.1 millert 201: ;;
202: esac])
203:
204: AC_ARG_WITH(libraries, [ --with-libraries additional libraries to link with],
1.21 millert 205: [case $with_libraries in
1.1 millert 206: yes) AC_MSG_ERROR(["must give --with-libraries an argument."])
207: ;;
208: no) AC_MSG_ERROR(["--without-libraries not supported."])
209: ;;
1.15 millert 210: *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS])
1.1 millert 211: ;;
212: esac])
213:
1.13 david 214: AC_ARG_WITH(devel, [ --with-devel add development options],
1.21 millert 215: [case $with_devel in
1.15 millert 216: yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
1.1 millert 217: PROGS="${PROGS} testsudoers"
218: OSDEFS="${OSDEFS} -DSUDO_DEVEL"
219: DEV=""
220: ;;
221: no) ;;
1.15 millert 222: *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
1.1 millert 223: ;;
224: esac])
225:
1.9 millert 226: AC_ARG_WITH(efence, [ --with-efence link with -lefence for malloc() debugging],
1.21 millert 227: [case $with_efence in
1.15 millert 228: yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
1.9 millert 229: LIBS="${LIBS} -lefence"
230: if test -f /usr/local/lib/libefence.a; then
1.15 millert 231: with_libpath="${with_libpath} /usr/local/lib"
1.9 millert 232: fi
233: ;;
234: no) ;;
1.15 millert 235: *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence])
1.9 millert 236: ;;
237: esac])
238:
1.1 millert 239: AC_ARG_WITH(csops, [ --with-csops add CSOps standard options],
1.21 millert 240: [case $with_csops in
1.15 millert 241: yes) AC_MSG_NOTICE([Adding CSOps standard options])
1.1 millert 242: CHECKSIA=false
243: with_ignore_dot=yes
1.7 millert 244: insults=on
1.1 millert 245: with_classic_insults=yes
246: with_csops_insults=yes
247: with_env_editor=yes
1.23 millert 248: : ${mansectsu='8'}
249: : ${mansectform='5'}
1.1 millert 250: ;;
251: no) ;;
1.15 millert 252: *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
1.1 millert 253: ;;
254: esac])
255:
256: AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for authentication],
257: [case $with_passwd in
1.25 ! millert 258: yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
! 259: AC_MSG_RESULT($with_passwd)
! 260: AUTH_DEF=""
! 261: test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
1.1 millert 262: ;;
263: *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
264: ;;
265: esac])
266:
1.23 millert 267: AC_ARG_WITH(skey, [ --with-skey[=DIR] enable S/Key support ],
1.1 millert 268: [case $with_skey in
1.23 millert 269: no) with_skey=""
270: ;;
1.25 ! millert 271: *) AC_DEFINE(HAVE_SKEY)
1.1 millert 272: AC_MSG_CHECKING(whether to try S/Key authentication)
273: AC_MSG_RESULT(yes)
1.25 ! millert 274: AUTH_REG="$AUTH_REG S/Key"
1.1 millert 275: ;;
276: esac])
277:
1.23 millert 278: AC_ARG_WITH(opie, [ --with-opie[=DIR] enable OPIE support ],
1.1 millert 279: [case $with_opie in
1.23 millert 280: no) with_opie=""
281: ;;
1.25 ! millert 282: *) AC_DEFINE(HAVE_OPIE)
1.1 millert 283: AC_MSG_CHECKING(whether to try NRL OPIE authentication)
284: AC_MSG_RESULT(yes)
1.25 ! millert 285: AUTH_REG="$AUTH_REG NRL_OPIE"
1.1 millert 286: ;;
287: esac])
288:
289: AC_ARG_WITH(long-otp-prompt, [ --with-long-otp-prompt use a two line OTP (skey/opie) prompt],
290: [case $with_long_otp_prompt in
1.21 millert 291: yes) AC_DEFINE(LONG_OTP_PROMPT)
1.1 millert 292: AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
293: AC_MSG_RESULT(yes)
1.7 millert 294: long_otp_prompt=on
295: ;;
296: no) long_otp_prompt=off
1.1 millert 297: ;;
298: *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."])
299: ;;
300: esac])
301:
1.15 millert 302: AC_ARG_WITH(SecurID, [ --with-SecurID[[=DIR]] enable SecurID support],
1.1 millert 303: [case $with_SecurID in
1.15 millert 304: no) with_SecurID="";;
1.21 millert 305: *) AC_DEFINE(HAVE_SECURID)
1.1 millert 306: AC_MSG_CHECKING(whether to use SecurID for authentication)
307: AC_MSG_RESULT(yes)
1.25 ! millert 308: AUTH_EXCL="$AUTH_EXCL SecurID"
1.1 millert 309: ;;
310: esac])
311:
1.15 millert 312: AC_ARG_WITH(fwtk, [ --with-fwtk[[=DIR]] enable FWTK AuthSRV support],
1.1 millert 313: [case $with_fwtk in
1.15 millert 314: no) with_fwtk="";;
1.21 millert 315: *) AC_DEFINE(HAVE_FWTK)
1.1 millert 316: AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
317: AC_MSG_RESULT(yes)
1.25 ! millert 318: AUTH_EXCL="$AUTH_EXCL FWTK"
1.1 millert 319: ;;
320: esac])
321:
1.15 millert 322: AC_ARG_WITH(kerb4, [ --with-kerb4[[=DIR]] enable Kerberos IV support],
1.1 millert 323: [case $with_kerb4 in
1.15 millert 324: no) with_kerb4="";;
325: *) AC_MSG_CHECKING(whether to try kerberos IV authentication)
1.1 millert 326: AC_MSG_RESULT(yes)
1.25 ! millert 327: AUTH_REG="$AUTH_REG kerb4"
1.1 millert 328: ;;
329: esac])
330:
1.15 millert 331: AC_ARG_WITH(kerb5, [ --with-kerb5[[=DIR]] enable Kerberos V support],
1.1 millert 332: [case $with_kerb5 in
1.15 millert 333: no) with_kerb5="";;
334: *) AC_MSG_CHECKING(whether to try Kerberos V authentication)
1.1 millert 335: AC_MSG_RESULT(yes)
1.25 ! millert 336: AUTH_REG="$AUTH_REG kerb5"
1.1 millert 337: ;;
338: esac])
339:
1.23 millert 340: AC_ARG_WITH(aixauth, [ --with-aixauth enable AIX general authentication support],
341: [case $with_aixauth in
1.25 ! millert 342: yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
! 343: no) ;;
1.23 millert 344: *) AC_MSG_ERROR(["--with-aixauth does not take an argument."])
1.1 millert 345: ;;
346: esac])
347:
348: AC_ARG_WITH(pam, [ --with-pam enable PAM support],
349: [case $with_pam in
1.25 ! millert 350: yes) AUTH_EXCL="$AUTH_EXCL PAM";;
! 351: no) ;;
1.1 millert 352: *) AC_MSG_ERROR(["--with-pam does not take an argument."])
353: ;;
354: esac])
355:
356: AC_ARG_WITH(AFS, [ --with-AFS enable AFS support],
357: [case $with_AFS in
1.21 millert 358: yes) AC_DEFINE(HAVE_AFS)
1.1 millert 359: AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
360: AC_MSG_RESULT(yes)
1.25 ! millert 361: AUTH_REG="$AUTH_REG AFS"
1.1 millert 362: ;;
363: no) ;;
364: *) AC_MSG_ERROR(["--with-AFS does not take an argument."])
365: ;;
366: esac])
367:
368: AC_ARG_WITH(DCE, [ --with-DCE enable DCE support],
369: [case $with_DCE in
1.21 millert 370: yes) AC_DEFINE(HAVE_DCE)
1.1 millert 371: AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
372: AC_MSG_RESULT(yes)
1.25 ! millert 373: AUTH_REG="$AUTH_REG DCE"
1.1 millert 374: ;;
375: no) ;;
376: *) AC_MSG_ERROR(["--with-DCE does not take an argument."])
377: ;;
378: esac])
379:
1.6 millert 380: AC_ARG_WITH(logincap, [ --with-logincap enable BSD login class support],
1.5 millert 381: [case $with_logincap in
1.6 millert 382: yes|no) ;;
383: *) AC_MSG_ERROR(["--with-logincap does not take an argument."])
384: ;;
385: esac])
386:
387: AC_ARG_WITH(bsdauth, [ --with-bsdauth enable BSD authentication support],
388: [case $with_bsdauth in
1.25 ! millert 389: yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
! 390: no) ;;
1.23 millert 391: *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
1.5 millert 392: ;;
1.23 millert 393: esac])
394:
395: AC_ARG_WITH(project, [ --with-project enable Solaris project support],
396: [case $with_project in
397: yes|no) ;;
398: no) ;;
399: *) AC_MSG_ERROR(["--with-project does not take an argument."])
1.5 millert 400: ;;
401: esac])
402:
1.1 millert 403: AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
404: AC_ARG_WITH(lecture, [ --without-lecture don't print lecture for first-time sudoer],
1.21 millert 405: [case $with_lecture in
406: yes|short|always) lecture=once
1.1 millert 407: ;;
1.21 millert 408: no|none|never) lecture=never
1.1 millert 409: ;;
410: *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"])
411: ;;
1.7 millert 412: esac])
1.21 millert 413: if test "$lecture" = "once"; then
1.7 millert 414: AC_MSG_RESULT(yes)
415: else
1.21 millert 416: AC_DEFINE(NO_LECTURE)
1.7 millert 417: AC_MSG_RESULT(no)
418: fi
1.1 millert 419:
420: AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
421: AC_ARG_WITH(logging, [ --with-logging log via syslog, file, or both],
1.21 millert 422: [case $with_logging in
1.1 millert 423: yes) AC_MSG_ERROR(["must give --with-logging an argument."])
424: ;;
425: no) AC_MSG_ERROR(["--without-logging not supported."])
426: ;;
1.21 millert 427: syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG)
1.1 millert 428: AC_MSG_RESULT(syslog)
429: ;;
430: file) AC_DEFINE(LOGGING, SLOG_FILE)
431: AC_MSG_RESULT(file)
432: ;;
433: both) AC_DEFINE(LOGGING, SLOG_BOTH)
434: AC_MSG_RESULT(both)
435: ;;
436: *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"])
437: ;;
438: esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
439:
440: AC_MSG_CHECKING(which syslog facility sudo should log with)
1.7 millert 441: AC_ARG_WITH(logfac, [ --with-logfac syslog facility to log with (default is "local2")],
1.21 millert 442: [case $with_logfac in
1.1 millert 443: yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
444: ;;
445: no) AC_MSG_ERROR(["--without-logfac not supported."])
446: ;;
1.7 millert 447: authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac
1.1 millert 448: ;;
449: *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
450: ;;
1.7 millert 451: esac])
452: AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
453: AC_MSG_RESULT($logfac)
1.1 millert 454:
455: AC_MSG_CHECKING(at which syslog priority to log commands)
1.7 millert 456: AC_ARG_WITH(goodpri, [ --with-goodpri syslog priority for commands (def is "notice")],
1.21 millert 457: [case $with_goodpri in
1.1 millert 458: yes) AC_MSG_ERROR(["must give --with-goodpri an argument."])
459: ;;
460: no) AC_MSG_ERROR(["--without-goodpri not supported."])
461: ;;
1.7 millert 462: alert|crit|debug|emerg|err|info|notice|warning)
463: goodpri=$with_goodpri
1.1 millert 464: ;;
465: *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."])
466: ;;
1.7 millert 467: esac])
468: AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
469: AC_MSG_RESULT($goodpri)
1.1 millert 470:
471: AC_MSG_CHECKING(at which syslog priority to log failures)
1.7 millert 472: AC_ARG_WITH(badpri, [ --with-badpri syslog priority for failures (def is "alert")],
1.21 millert 473: [case $with_badpri in
1.1 millert 474: yes) AC_MSG_ERROR(["must give --with-badpri an argument."])
475: ;;
476: no) AC_MSG_ERROR(["--without-badpri not supported."])
477: ;;
1.7 millert 478: alert|crit|debug|emerg|err|info|notice|warning)
479: badpri=$with_badpri
1.1 millert 480: ;;
481: *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
482: ;;
1.7 millert 483: esac])
484: AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
1.14 millert 485: AC_MSG_RESULT($badpri)
1.1 millert 486:
487: AC_ARG_WITH(logpath, [ --with-logpath path to the sudo log file],
1.21 millert 488: [case $with_logpath in
1.1 millert 489: yes) AC_MSG_ERROR(["must give --with-logpath an argument."])
490: ;;
491: no) AC_MSG_ERROR(["--without-logpath not supported."])
492: ;;
493: esac])
494:
495: AC_MSG_CHECKING(how long a line in the log file should be)
496: AC_ARG_WITH(loglen, [ --with-loglen maximum length of a log file line (default is 80)],
1.21 millert 497: [case $with_loglen in
1.1 millert 498: yes) AC_MSG_ERROR(["must give --with-loglen an argument."])
499: ;;
500: no) AC_MSG_ERROR(["--without-loglen not supported."])
501: ;;
1.7 millert 502: [[0-9]]*) loglen=$with_loglen
1.1 millert 503: ;;
504: *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"])
505: ;;
1.7 millert 506: esac])
507: AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
508: AC_MSG_RESULT($loglen)
1.1 millert 509:
510: AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
511: AC_ARG_WITH(ignore-dot, [ --with-ignore-dot ignore '.' in the PATH],
1.21 millert 512: [case $with_ignore_dot in
1.7 millert 513: yes) ignore_dot=on
1.1 millert 514: ;;
1.7 millert 515: no) ignore_dot=off
1.1 millert 516: ;;
517: *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."])
518: ;;
1.7 millert 519: esac])
520: if test "$ignore_dot" = "on"; then
1.21 millert 521: AC_DEFINE(IGNORE_DOT_PATH)
1.7 millert 522: AC_MSG_RESULT(yes)
523: else
524: AC_MSG_RESULT(no)
525: fi
1.1 millert 526:
527: AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
528: AC_ARG_WITH(mail-if-no-user, [ --without-mail-if-no-user do not send mail if user not in sudoers],
1.21 millert 529: [case $with_mail_if_no_user in
1.7 millert 530: yes) mail_no_user=on
1.1 millert 531: ;;
1.7 millert 532: no) mail_no_user=off
1.1 millert 533: ;;
1.7 millert 534: *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."])
1.1 millert 535: ;;
1.7 millert 536: esac])
537: if test "$mail_no_user" = "on"; then
1.21 millert 538: AC_DEFINE(SEND_MAIL_WHEN_NO_USER)
1.7 millert 539: AC_MSG_RESULT(yes)
540: else
541: AC_MSG_RESULT(no)
542: fi
1.1 millert 543:
544: AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
545: AC_ARG_WITH(mail-if-no-host, [ --with-mail-if-no-host send mail if user in sudoers but not for this host],
1.21 millert 546: [case $with_mail_if_no_host in
1.7 millert 547: yes) mail_no_host=on
1.1 millert 548: ;;
1.7 millert 549: no) mail_no_host=off
1.1 millert 550: ;;
1.7 millert 551: *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."])
1.1 millert 552: ;;
1.7 millert 553: esac])
554: if test "$mail_no_host" = "on"; then
1.21 millert 555: AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
1.7 millert 556: AC_MSG_RESULT(yes)
557: else
558: AC_MSG_RESULT(no)
559: fi
1.1 millert 560:
561: AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
562: AC_ARG_WITH(mail-if-noperms, [ --with-mail-if-noperms send mail if user not allowed to run command],
1.21 millert 563: [case $with_mail_if_noperms in
1.7 millert 564: yes) mail_noperms=on
565: ;;
566: no) mail_noperms=off
567: ;;
568: *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."])
569: ;;
570: esac])
571: if test "$mail_noperms" = "on"; then
1.21 millert 572: AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
1.7 millert 573: AC_MSG_RESULT(yes)
574: else
575: AC_MSG_RESULT(no)
576: fi
577:
578: AC_MSG_CHECKING(who should get the mail that sudo sends)
579: AC_ARG_WITH(mailto, [ --with-mailto who should get sudo mail (default is "root")],
1.21 millert 580: [case $with_mailto in
1.7 millert 581: yes) AC_MSG_ERROR(["must give --with-mailto an argument."])
582: ;;
583: no) AC_MSG_ERROR(["--without-mailto not supported."])
584: ;;
585: *) mailto=$with_mailto
586: ;;
587: esac])
588: AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
589: AC_MSG_RESULT([$mailto])
590:
591: AC_ARG_WITH(mailsubject, [ --with-mailsubject subject of sudo mail],
1.21 millert 592: [case $with_mailsubject in
1.7 millert 593: yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."])
1.1 millert 594: ;;
1.15 millert 595: no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.])
1.1 millert 596: ;;
1.7 millert 597: *) mailsub="$with_mailsubject"
598: AC_MSG_CHECKING(sudo mail subject)
599: AC_MSG_RESULT([Using alert mail subject: $mailsub])
1.1 millert 600: ;;
1.7 millert 601: esac])
602: AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
1.1 millert 603:
604: AC_MSG_CHECKING(for bad password prompt)
605: AC_ARG_WITH(passprompt, [ --with-passprompt default password prompt],
1.21 millert 606: [case $with_passprompt in
1.1 millert 607: yes) AC_MSG_ERROR(["must give --with-passprompt an argument."])
608: ;;
1.15 millert 609: no) AC_MSG_WARN([Sorry, --without-passprompt not supported.])
1.1 millert 610: ;;
1.7 millert 611: *) passprompt="$with_passprompt"
612: esac])
613: AC_MSG_RESULT($passprompt)
614: AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
1.1 millert 615:
616: AC_MSG_CHECKING(for bad password message)
617: AC_ARG_WITH(badpass-message, [ --with-badpass-message message the user sees when the password is wrong],
1.21 millert 618: [case $with_badpass_message in
1.1 millert 619: yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
620: ;;
1.15 millert 621: no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.])
1.1 millert 622: ;;
1.7 millert 623: *) badpass_message="$with_badpass_message"
1.1 millert 624: ;;
1.7 millert 625: esac])
626: AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
627: AC_MSG_RESULT([$badpass_message])
1.1 millert 628:
629: AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
630: AC_ARG_WITH(fqdn, [ --with-fqdn expect fully qualified hosts in sudoers],
1.21 millert 631: [case $with_fqdn in
1.7 millert 632: yes) fqdn=on
1.1 millert 633: ;;
1.7 millert 634: no) fqdn=off
1.1 millert 635: ;;
636: *) AC_MSG_ERROR(["--with-fqdn does not take an argument."])
637: ;;
1.7 millert 638: esac])
639: if test "$fqdn" = "on"; then
1.21 millert 640: AC_DEFINE(FQDN)
1.7 millert 641: AC_MSG_RESULT(yes)
642: else
643: AC_MSG_RESULT(no)
644: fi
1.1 millert 645:
646: AC_ARG_WITH(timedir, [ --with-timedir path to the sudo timestamp dir],
1.21 millert 647: [case $with_timedir in
1.1 millert 648: yes) AC_MSG_ERROR(["must give --with-timedir an argument."])
649: ;;
650: no) AC_MSG_ERROR(["--without-timedir not supported."])
651: ;;
652: esac])
653:
654: AC_ARG_WITH(sendmail, [ --with-sendmail=path set path to sendmail
655: --without-sendmail do not send mail at all],
1.21 millert 656: [case $with_sendmail in
1.1 millert 657: yes) with_sendmail=""
658: ;;
659: no) ;;
1.7 millert 660: *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
1.1 millert 661: ;;
662: esac])
663:
664: AC_ARG_WITH(sudoers-mode, [ --with-sudoers-mode mode of sudoers file (defaults to 0440)],
1.21 millert 665: [case $with_sudoers_mode in
1.1 millert 666: yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
667: ;;
668: no) AC_MSG_ERROR(["--without-sudoers-mode not supported."])
669: ;;
670: [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode}
671: ;;
672: 0*) SUDOERS_MODE=$with_sudoers_mode
673: ;;
1.14 millert 674: *) AC_MSG_ERROR(["you must use an octal mode, not a name."])
1.1 millert 675: ;;
676: esac])
677:
678: AC_ARG_WITH(sudoers-uid, [ --with-sudoers-uid uid that owns sudoers file (defaults to 0)],
1.21 millert 679: [case $with_sudoers_uid in
1.1 millert 680: yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
681: ;;
682: no) AC_MSG_ERROR(["--without-sudoers-uid not supported."])
683: ;;
684: [[0-9]]*) SUDOERS_UID=$with_sudoers_uid
685: ;;
1.14 millert 686: *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."])
1.1 millert 687: ;;
688: esac])
689:
690: AC_ARG_WITH(sudoers-gid, [ --with-sudoers-gid gid that owns sudoers file (defaults to 0)],
1.21 millert 691: [case $with_sudoers_gid in
1.1 millert 692: yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
693: ;;
694: no) AC_MSG_ERROR(["--without-sudoers-gid not supported."])
695: ;;
696: [[0-9]]*) SUDOERS_GID=$with_sudoers_gid
697: ;;
1.14 millert 698: *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."])
1.1 millert 699: ;;
700: esac])
701:
702: AC_MSG_CHECKING(for umask programs should be run with)
1.7 millert 703: AC_ARG_WITH(umask, [ --with-umask umask with which the prog should run (default is 022)
1.1 millert 704: --without-umask Preserves the umask of the user invoking sudo.],
1.21 millert 705: [case $with_umask in
1.1 millert 706: yes) AC_MSG_ERROR(["must give --with-umask an argument."])
707: ;;
1.7 millert 708: no) sudo_umask=0777
1.1 millert 709: ;;
1.7 millert 710: [[0-9]]*) sudo_umask=$with_umask
1.1 millert 711: ;;
712: *) AC_MSG_ERROR(["you must enter a numeric mask."])
713: ;;
1.7 millert 714: esac])
715: AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.])
716: if test "$sudo_umask" = "0777"; then
717: AC_MSG_RESULT(user)
718: else
719: AC_MSG_RESULT($sudo_umask)
720: fi
1.1 millert 721:
722: AC_MSG_CHECKING(for default user to run commands as)
1.7 millert 723: AC_ARG_WITH(runas-default, [ --with-runas-default User to run commands as (default is "root")],
1.21 millert 724: [case $with_runas_default in
1.1 millert 725: yes) AC_MSG_ERROR(["must give --with-runas-default an argument."])
726: ;;
727: no) AC_MSG_ERROR(["--without-runas-default not supported."])
728: ;;
1.7 millert 729: *) runas_default="$with_runas_default"
1.1 millert 730: ;;
1.7 millert 731: esac])
732: AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
733: AC_MSG_RESULT([$runas_default])
1.1 millert 734:
735: AC_ARG_WITH(exempt, [ --with-exempt=group no passwd needed for users in this group],
1.21 millert 736: [case $with_exempt in
1.1 millert 737: yes) AC_MSG_ERROR(["must give --with-exempt an argument."])
738: ;;
739: no) AC_MSG_ERROR(["--without-exempt not supported."])
740: ;;
1.7 millert 741: *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
1.1 millert 742: AC_MSG_CHECKING(for group to be exempt from password)
743: AC_MSG_RESULT([$with_exempt])
744: ;;
745: esac])
746:
747: AC_MSG_CHECKING(for editor that visudo should use)
748: AC_ARG_WITH(editor, [ --with-editor=path Default editor for visudo (defaults to vi)],
1.21 millert 749: [case $with_editor in
1.1 millert 750: yes) AC_MSG_ERROR(["must give --with-editor an argument."])
751: ;;
752: no) AC_MSG_ERROR(["--without-editor not supported."])
753: ;;
1.7 millert 754: *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
1.1 millert 755: AC_MSG_RESULT([$with_editor])
756: ;;
757: esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
758:
759: AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
760: AC_ARG_WITH(env-editor, [ --with-env-editor Use the environment variable EDITOR for visudo],
1.21 millert 761: [case $with_env_editor in
1.7 millert 762: yes) env_editor=on
1.1 millert 763: ;;
1.7 millert 764: no) env_editor=off
1.1 millert 765: ;;
766: *) AC_MSG_ERROR(["--with-env-editor does not take an argument."])
767: ;;
1.7 millert 768: esac])
769: if test "$env_editor" = "on"; then
1.21 millert 770: AC_DEFINE(ENV_EDITOR)
1.7 millert 771: AC_MSG_RESULT(yes)
772: else
773: AC_MSG_RESULT(no)
774: fi
1.1 millert 775:
776: AC_MSG_CHECKING(number of tries a user gets to enter their password)
777: AC_ARG_WITH(passwd-tries, [ --with-passwd-tries number of tries to enter password (default is 3)],
1.21 millert 778: [case $with_passwd_tries in
1.7 millert 779: yes) ;;
1.1 millert 780: no) AC_MSG_ERROR(["--without-editor not supported."])
781: ;;
1.7 millert 782: [[1-9]]*) passwd_tries=$with_passwd_tries
1.1 millert 783: ;;
784: *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"])
785: ;;
1.7 millert 786: esac])
787: AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
788: AC_MSG_RESULT($passwd_tries)
1.1 millert 789:
790: AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
1.7 millert 791: AC_ARG_WITH(timeout, [ --with-timeout minutes before sudo asks for passwd again (def is 5 minutes)],
1.21 millert 792: [case $with_timeout in
1.7 millert 793: yes) ;;
794: no) timeout=0
1.1 millert 795: ;;
1.7 millert 796: [[0-9]]*) timeout=$with_timeout
1.1 millert 797: ;;
798: *) AC_MSG_ERROR(["you must enter the numer of minutes."])
799: ;;
1.7 millert 800: esac])
801: AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
802: AC_MSG_RESULT($timeout)
1.1 millert 803:
804: AC_MSG_CHECKING(time in minutes after the password prompt will time out)
1.7 millert 805: AC_ARG_WITH(password-timeout, [ --with-password-timeout passwd prompt timeout in minutes (default is 5 minutes)],
1.21 millert 806: [case $with_password_timeout in
1.7 millert 807: yes) ;;
808: no) password_timeout=0
1.1 millert 809: ;;
1.7 millert 810: [[0-9]]*) password_timeout=$with_password_timeout
1.1 millert 811: ;;
812: *) AC_MSG_ERROR(["you must enter the numer of minutes."])
813: ;;
1.7 millert 814: esac])
815: AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
816: AC_MSG_RESULT($password_timeout)
1.1 millert 817:
818: AC_MSG_CHECKING(whether to use per-tty ticket files)
819: AC_ARG_WITH(tty-tickets, [ --with-tty-tickets use a different ticket file for each tty],
1.21 millert 820: [case $with_tty_tickets in
1.7 millert 821: yes) tty_tickets=on
1.1 millert 822: ;;
1.7 millert 823: no) tty_tickets=off
1.1 millert 824: ;;
825: *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
826: ;;
1.7 millert 827: esac])
828: if test "$tty_tickets" = "on"; then
1.21 millert 829: AC_DEFINE(USE_TTY_TICKETS)
1.7 millert 830: AC_MSG_RESULT(yes)
831: else
832: AC_MSG_RESULT(no)
833: fi
1.1 millert 834:
835: AC_MSG_CHECKING(whether to include insults)
836: AC_ARG_WITH(insults, [ --with-insults insult the user for entering an incorrect password],
1.21 millert 837: [case $with_insults in
1.7 millert 838: yes) insults=on
1.1 millert 839: with_classic_insults=yes
840: with_csops_insults=yes
841: ;;
1.7 millert 842: no) insults=off
1.1 millert 843: ;;
844: *) AC_MSG_ERROR(["--with-insults does not take an argument."])
845: ;;
1.7 millert 846: esac])
847: if test "$insults" = "on"; then
1.21 millert 848: AC_DEFINE(USE_INSULTS)
1.7 millert 849: AC_MSG_RESULT(yes)
850: else
851: AC_MSG_RESULT(no)
852: fi
1.1 millert 853:
854: AC_ARG_WITH(all-insults, [ --with-all-insults include all the sudo insult sets],
1.21 millert 855: [case $with_all_insults in
1.1 millert 856: yes) with_classic_insults=yes
857: with_csops_insults=yes
858: with_hal_insults=yes
859: with_goons_insults=yes
860: ;;
861: no) ;;
862: *) AC_MSG_ERROR(["--with-all-insults does not take an argument."])
863: ;;
864: esac])
865:
866: AC_ARG_WITH(classic-insults, [ --with-classic-insults include the insults from the "classic" sudo],
1.21 millert 867: [case $with_classic_insults in
868: yes) AC_DEFINE(CLASSIC_INSULTS)
1.1 millert 869: ;;
870: no) ;;
871: *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."])
872: ;;
873: esac])
874:
875: AC_ARG_WITH(csops-insults, [ --with-csops-insults include CSOps insults],
1.21 millert 876: [case $with_csops_insults in
877: yes) AC_DEFINE(CSOPS_INSULTS)
1.1 millert 878: ;;
879: no) ;;
880: *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."])
881: ;;
882: esac])
883:
884: AC_ARG_WITH(hal-insults, [ --with-hal-insults include 2001-like insults],
1.21 millert 885: [case $with_hal_insults in
886: yes) AC_DEFINE(HAL_INSULTS)
1.1 millert 887: ;;
888: no) ;;
889: *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."])
890: ;;
891: esac])
892:
1.7 millert 893: AC_ARG_WITH(goons-insults, [ --with-goons-insults include the insults from the "Goon Show"],
1.21 millert 894: [case $with_goons_insults in
895: yes) AC_DEFINE(GOONS_INSULTS)
1.1 millert 896: ;;
897: no) ;;
898: *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."])
899: ;;
900: esac])
901:
1.23 millert 902: AC_ARG_WITH(ldap, [ --with-ldap[[=DIR]] enable LDAP support],
1.21 millert 903: [case $with_ldap in
904: no) with_ldap="";;
905: *) AC_DEFINE(HAVE_LDAP)
906: AC_MSG_CHECKING(whether to use sudoers from LDAP)
907: AC_MSG_RESULT(yes)
908: ;;
909: esac])
910: AC_ARG_WITH(ldap-conf-file, [ --with-ldap-conf-file path to LDAP configuration file],
911: [AC_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$with_ldap_conf_file", [Path to the ldap.conf file])])
1.23 millert 912: AC_ARG_WITH(ldap-secret-file, [ --with-ldap-secret-file path to LDAP secret pasdword file],
913: [AC_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$with_ldap_secret_file", [Path to the ldap.secret file])])
1.21 millert 914:
915: AC_ARG_WITH(pc-insults, [ --with-pc-insults replace politically incorrect insults with less offensive ones],
916: [case $with_pc_insults in
917: yes) AC_DEFINE(PC_INSULTS)
918: ;;
919: no) ;;
920: *) AC_MSG_ERROR(["--with-pc-insults does not take an argument."])
921: ;;
922: esac])
923:
1.1 millert 924: dnl include all insult sets on one line
1.7 millert 925: if test "$insults" = "on"; then
1.1 millert 926: AC_MSG_CHECKING(which insult sets to include)
927: i=""
928: test "$with_goons_insults" = "yes" && i="goons ${i}"
929: test "$with_hal_insults" = "yes" && i="hal ${i}"
930: test "$with_csops_insults" = "yes" && i="csops ${i}"
931: test "$with_classic_insults" = "yes" && i="classic ${i}"
932: AC_MSG_RESULT([$i])
933: fi
934:
935: AC_MSG_CHECKING(whether to override the user's path)
1.18 millert 936: AC_ARG_WITH(secure-path, [ --with-secure-path override the user's path with a built-in one],
1.21 millert 937: [case $with_secure_path in
938: yes) AC_DEFINE_UNQUOTED(SECURE_PATH, "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc")
1.1 millert 939: AC_MSG_RESULT([:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc])
940: ;;
941: no) AC_MSG_RESULT(no)
942: ;;
943: *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
944: AC_MSG_RESULT([$with_secure_path])
945: ;;
946: esac], AC_MSG_RESULT(no))
947:
948: AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
949: AC_ARG_WITH(interfaces, [ --without-interfaces don't try to read the ip addr of ether interfaces],
1.21 millert 950: [case $with_interfaces in
1.1 millert 951: yes) AC_MSG_RESULT(yes)
952: ;;
1.21 millert 953: no) AC_DEFINE(STUB_LOAD_INTERFACES)
1.1 millert 954: AC_MSG_RESULT(no)
955: ;;
956: *) AC_MSG_ERROR(["--with-interfaces does not take an argument."])
957: ;;
958: esac], AC_MSG_RESULT(yes))
959:
1.14 millert 960: AC_MSG_CHECKING(whether stow should be used)
961: AC_ARG_WITH(stow, [ --with-stow properly handle GNU stow packaging],
962: [case $with_stow in
963: yes) AC_MSG_RESULT(yes)
1.21 millert 964: AC_DEFINE(USE_STOW)
1.14 millert 965: ;;
966: no) AC_MSG_RESULT(no)
967: ;;
968: *) AC_MSG_ERROR(["--with-stow does not take an argument."])
969: ;;
970: esac], AC_MSG_RESULT(no))
971:
1.1 millert 972: dnl
973: dnl Options for --enable
974: dnl
975:
976: AC_MSG_CHECKING(whether to do user authentication by default)
977: AC_ARG_ENABLE(authentication,
978: [ --disable-authentication
979: Do not require authentication by default],
980: [ case "$enableval" in
981: yes) AC_MSG_RESULT(yes)
982: ;;
983: no) AC_MSG_RESULT(no)
1.21 millert 984: AC_DEFINE(NO_AUTHENTICATION)
1.1 millert 985: ;;
986: *) AC_MSG_RESULT(no)
1.15 millert 987: AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval])
1.1 millert 988: ;;
989: esac
990: ], AC_MSG_RESULT(yes))
1.9 millert 991:
1.10 millert 992: AC_MSG_CHECKING(whether to disable running the mailer as root)
993: AC_ARG_ENABLE(root-mailer,
994: [ --disable-root-mailer Don't run the mailer as root, run as the user],
995: [ case "$enableval" in
996: yes) AC_MSG_RESULT(no)
997: ;;
998: no) AC_MSG_RESULT(yes)
1.21 millert 999: AC_DEFINE(NO_ROOT_MAILER)
1.10 millert 1000: ;;
1001: *) AC_MSG_RESULT(no)
1.15 millert 1002: AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval])
1.10 millert 1003: ;;
1004: esac
1005: ], AC_MSG_RESULT(no))
1006:
1.11 millert 1007: AC_ARG_ENABLE(setreuid,
1008: [ --disable-setreuid Don't try to use the setreuid() function],
1009: [ case "$enableval" in
1.14 millert 1010: no) SKIP_SETREUID=yes
1011: ;;
1012: *) ;;
1013: esac
1014: ])
1015:
1016: AC_ARG_ENABLE(setresuid,
1.23 millert 1017: [ --disable-setresuid Don't try to use the setresuid() function],
1.14 millert 1018: [ case "$enableval" in
1019: no) SKIP_SETRESUID=yes
1.11 millert 1020: ;;
1021: *) ;;
1022: esac
1023: ])
1024:
1.1 millert 1025: AC_MSG_CHECKING(whether to disable shadow password support)
1026: AC_ARG_ENABLE(shadow,
1027: [ --disable-shadow Never use shadow passwords],
1028: [ case "$enableval" in
1029: yes) AC_MSG_RESULT(no)
1030: ;;
1031: no) AC_MSG_RESULT(yes)
1032: CHECKSHADOW="false"
1033: ;;
1034: *) AC_MSG_RESULT(no)
1.15 millert 1035: AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval])
1.1 millert 1036: ;;
1037: esac
1038: ], AC_MSG_RESULT(no))
1039:
1040: AC_MSG_CHECKING(whether root should be allowed to use sudo)
1041: AC_ARG_ENABLE(root-sudo,
1.10 millert 1042: [ --disable-root-sudo Don't allow root to run sudo],
1.21 millert 1043: [ case "$enableval" in
1.1 millert 1044: yes) AC_MSG_RESULT(yes)
1045: ;;
1.21 millert 1046: no) AC_DEFINE(NO_ROOT_SUDO)
1.1 millert 1047: AC_MSG_RESULT(no)
1.21 millert 1048: root_sudo=off
1.1 millert 1049: ;;
1050: *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."])
1051: ;;
1052: esac
1053: ], AC_MSG_RESULT(yes))
1054:
1055: AC_MSG_CHECKING(whether to log the hostname in the log file)
1056: AC_ARG_ENABLE(log-host,
1057: [ --enable-log-host Log the hostname in the log file],
1058: [ case "$enableval" in
1059: yes) AC_MSG_RESULT(yes)
1.21 millert 1060: AC_DEFINE(HOST_IN_LOG)
1.1 millert 1061: ;;
1062: no) AC_MSG_RESULT(no)
1063: ;;
1064: *) AC_MSG_RESULT(no)
1.15 millert 1065: AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval])
1.1 millert 1066: ;;
1067: esac
1068: ], AC_MSG_RESULT(no))
1069:
1070: AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
1071: AC_ARG_ENABLE(noargs-shell,
1072: [ --enable-noargs-shell If sudo is given no arguments run a shell],
1073: [ case "$enableval" in
1074: yes) AC_MSG_RESULT(yes)
1.21 millert 1075: AC_DEFINE(SHELL_IF_NO_ARGS)
1.1 millert 1076: ;;
1077: no) AC_MSG_RESULT(no)
1078: ;;
1079: *) AC_MSG_RESULT(no)
1.15 millert 1080: AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval])
1.1 millert 1081: ;;
1082: esac
1083: ], AC_MSG_RESULT(no))
1084:
1085: AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
1086: AC_ARG_ENABLE(shell-sets-home,
1087: [ --enable-shell-sets-home
1.7 millert 1088: set $HOME to target user in shell mode],
1.1 millert 1089: [ case "$enableval" in
1090: yes) AC_MSG_RESULT(yes)
1.21 millert 1091: AC_DEFINE(SHELL_SETS_HOME)
1.1 millert 1092: ;;
1093: no) AC_MSG_RESULT(no)
1094: ;;
1095: *) AC_MSG_RESULT(no)
1.15 millert 1096: AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval])
1.1 millert 1097: ;;
1098: esac
1099: ], AC_MSG_RESULT(no))
1100:
1101: AC_MSG_CHECKING(whether to disable 'command not found' messages)
1102: AC_ARG_ENABLE(path_info,
1103: [ --disable-path-info Print 'command not allowed' not 'command not found'],
1104: [ case "$enableval" in
1105: yes) AC_MSG_RESULT(no)
1106: ;;
1107: no) AC_MSG_RESULT(yes)
1.21 millert 1108: AC_DEFINE(DONT_LEAK_PATH_INFO)
1.23 millert 1109: path_info=off
1.1 millert 1110: ;;
1111: *) AC_MSG_RESULT(no)
1.15 millert 1112: AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval])
1.1 millert 1113: ;;
1114: esac
1115: ], AC_MSG_RESULT(no))
1116:
1117: dnl
1118: dnl If we don't have egrep we can't do anything...
1119: dnl
1.23 millert 1120: AC_CHECK_PROG(EGREPPROG, egrep, egrep)
1.1 millert 1121: if test -z "$EGREPPROG"; then
1.15 millert 1122: AC_MSG_ERROR([Sorry, configure requires egrep to run.])
1.1 millert 1123: fi
1124:
1125: dnl
1.7 millert 1126: dnl Prevent configure from adding the -g flag unless in devel mode
1127: dnl
1128: if test "$with_devel" != "yes"; then
1129: ac_cv_prog_cc_g=no
1130: fi
1131:
1132: dnl
1.1 millert 1133: dnl C compiler checks
1134: dnl
1.7 millert 1135: AC_ISC_POSIX
1.1 millert 1136: AC_PROG_CPP
1137:
1138: dnl
1.21 millert 1139: dnl Libtool magic; enable shared libs and disable static libs
1140: dnl
1141: AC_CANONICAL_HOST
1.23 millert 1142: AC_CANONICAL_TARGET([])
1.25 ! millert 1143: AC_DISABLE_STATIC
! 1144: AC_PROG_LIBTOOL
1.21 millert 1145:
1146: dnl
1147: dnl Defer with_noexec until after libtool magic runs
1148: dnl
1149: if test "$enable_shared" = "no"; then
1150: with_noexec=no
1151: else
1.24 millert 1152: eval _shrext="$shrext_cmds"
1.21 millert 1153: fi
1154: AC_MSG_CHECKING(path to sudo_noexec.so)
1.23 millert 1155: AC_ARG_WITH(noexec, [ --with-noexec[=PATH] fully qualified pathname of sudo_noexec.so],
1.21 millert 1156: [case $with_noexec in
1157: yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
1158: ;;
1159: no) ;;
1160: *) ;;
1161: esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
1162: AC_MSG_RESULT($with_noexec)
1163: NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
1164:
1165: dnl
1.1 millert 1166: dnl It is now safe to modify CFLAGS and CPPFLAGS
1167: dnl
1168: if test "$with_devel" = "yes" -a -n "$GCC"; then
1169: CFLAGS="${CFLAGS} -Wall"
1170: fi
1171:
1172: dnl
1173: dnl Find programs we use
1174: dnl
1.23 millert 1175: AC_CHECK_PROG(UNAMEPROG, uname, uname)
1176: AC_CHECK_PROG(TRPROG, tr, tr)
1177: AC_CHECK_PROG(NROFFPROG, nroff, nroff)
1.1 millert 1178: if test -z "$NROFFPROG"; then
1179: MANTYPE="cat"
1.5 millert 1180: mansrcdir='$(srcdir)'
1.1 millert 1181: fi
1182:
1183: dnl
1184: dnl What kind of beastie are we being run on?
1185: dnl Barf if config.cache was generated on another host.
1186: dnl
1187: if test -n "$sudo_cv_prev_host"; then
1188: if test "$sudo_cv_prev_host" != "$host"; then
1.15 millert 1189: AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
1.1 millert 1190: else
1191: AC_MSG_CHECKING(previous host type)
1192: AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1.15 millert 1193: AC_MSG_RESULT([$sudo_cv_prev_host])
1.1 millert 1194: fi
1195: else
1196: # this will produce no output since there is no cached value
1197: AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1198: fi
1199:
1200: dnl
1201: dnl We want to be able to differentiate between different rev's
1202: dnl
1203: if test -n "$host_os"; then
1204: OS=`echo $host_os | sed 's/[[0-9]].*//'`
1.23 millert 1205: OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'`
1206: OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
1.1 millert 1207: else
1208: OS="unknown"
1209: OSREV=0
1.23 millert 1210: OSMAJOR=0
1.1 millert 1211: fi
1212:
1213: case "$host" in
1214: *-*-sunos4*)
1215: # getcwd(3) opens a pipe to getpwd(1)!?!
1216: BROKEN_GETCWD=1
1217:
1218: # system headers lack prototypes but gcc helps...
1219: if test -n "$GCC"; then
1.23 millert 1220: OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
1.1 millert 1221: fi
1222:
1.23 millert 1223: shadow_funcs="getpwanam issecure"
1.1 millert 1224: ;;
1225: *-*-solaris2*)
1226: # To get the crypt(3) prototype (so we pass -Wall)
1.23 millert 1227: OSDEFS="${OSDEFS} -D__EXTENSIONS__"
1.1 millert 1228: # AFS support needs -lucb
1229: if test "$with_AFS" = "yes"; then
1230: AFS_LIBS="-lc -lucb"
1231: fi
1.23 millert 1232: : ${mansectsu='1m'}
1233: : ${mansectform='4'}
1234: : ${with_rpath='yes'}
1.25 ! millert 1235: test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1.1 millert 1236: ;;
1237: *-*-aix*)
1238: # To get all prototypes (so we pass -Wall)
1.23 millert 1239: OSDEFS="${OSDEFS} -D_XOPEN_EXTENDED_SOURCE -D_ALL_SOURCE"
1.1 millert 1240: SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
1.15 millert 1241: if test X"$with_blibpath" != X"no"; then
1242: AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
1243: O_LDFLAGS="$LDFLAGS"
1.23 millert 1244: LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
1245: AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [
1.15 millert 1246: if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
1247: blibpath="$with_blibpath"
1248: elif test -n "$GCC"; then
1249: blibpath="/usr/lib:/lib:/usr/local/lib"
1250: else
1251: blibpath="/usr/lib:/lib"
1252: fi
1253: AC_MSG_RESULT(yes)
1254: ], [AC_MSG_RESULT(no)])
1255: fi
1256: LDFLAGS="$O_LDFLAGS"
1.23 millert 1257:
1.25 ! millert 1258: # Use authenticate(3) as the default authentication method
1.23 millert 1259: if test X"$with_aixauth" = X""; then
1.25 ! millert 1260: AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
1.23 millert 1261: fi
1.1 millert 1262: ;;
1263: *-*-hiuxmpp*)
1.23 millert 1264: : ${mansectsu='1m'}
1265: : ${mansectform='4'}
1.1 millert 1266: ;;
1.21 millert 1267: *-*-hpux*)
1.1 millert 1268: # AFS support needs -lBSD
1269: if test "$with_AFS" = "yes"; then
1270: AFS_LIBS="-lc -lBSD"
1271: fi
1.23 millert 1272: : ${mansectsu='1m'}
1273: : ${mansectform='4'}
1.1 millert 1274:
1.21 millert 1275: case "$host" in
1276: *-*-hpux[1-8].*)
1277: AC_DEFINE(BROKEN_SYSLOG)
1278:
1279: # Not sure if setuid binaries are safe in < 9.x
1280: if test -n "$GCC"; then
1281: SUDO_LDFLAGS="${SUDO_LDFLAGS} -static"
1282: else
1283: SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive"
1284: fi
1285: ;;
1286: *-*-hpux9.*)
1287: AC_DEFINE(BROKEN_SYSLOG)
1288:
1.23 millert 1289: shadow_funcs="getspwuid"
1.21 millert 1290:
1291: # DCE support (requires ANSI C compiler)
1292: if test "$with_DCE" = "yes"; then
1293: # order of libs in 9.X is important. -lc_r must be last
1294: SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r"
1295: LIBS="${LIBS} -ldce -lM -lc_r"
1296: CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
1297: fi
1298: ;;
1299: *-*-hpux10.*)
1.23 millert 1300: shadow_funcs="getprpwnam iscomsec"
1301: shadow_libs="-lsec"
1.21 millert 1302: ;;
1303: *)
1.23 millert 1304: shadow_funcs="getspnam iscomsec"
1305: shadow_libs="-lsec"
1.25 ! millert 1306: test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1.21 millert 1307: ;;
1308: esac
1.1 millert 1309: ;;
1310: *-dec-osf*)
1311: # ignore envariables wrt dynamic lib path
1312: SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement"
1313:
1314: AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
1315: AC_ARG_ENABLE(sia,
1.25 ! millert 1316: [ --disable-sia Disable SIA on Digital UNIX],
1.1 millert 1317: [ case "$enableval" in
1318: yes) AC_MSG_RESULT(no)
1319: ;;
1320: no) AC_MSG_RESULT(yes)
1321: CHECKSIA=false
1322: ;;
1323: *) AC_MSG_RESULT(no)
1.15 millert 1324: AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval])
1.1 millert 1325: ;;
1326: esac
1327: ], AC_MSG_RESULT(no))
1328:
1.23 millert 1329: shadow_funcs="getprpwnam dispcrypt"
1330: # OSF/1 4.x and higher need -ldb too
1331: if test $OSMAJOR -lt 4; then
1332: shadow_libs="-lsecurity -laud -lm"
1333: else
1334: shadow_libs="-lsecurity -ldb -laud -lm"
1335: fi
1336:
1337: # use SIA by default, if we have it
1.25 ! millert 1338: test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
! 1339:
! 1340: #
! 1341: # Some versions of Digital Unix ship with a broken
! 1342: # copy of prot.h, which we need for shadow passwords.
! 1343: # XXX - make should remove this as part of distclean
! 1344: #
! 1345: AC_MSG_CHECKING([for broken prot.h])
! 1346: AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1.1 millert 1347: #include <sys/types.h>
1348: #include <sys/security.h>
1349: #include <prot.h>
1.25 ! millert 1350: ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
! 1351: sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
! 1352: ])
1.23 millert 1353: : ${mansectsu='8'}
1354: : ${mansectform='4'}
1.1 millert 1355: ;;
1356: *-*-irix*)
1.23 millert 1357: OSDEFS="${OSDEFS} -D_BSD_TYPES"
1.1 millert 1358: if test -z "$NROFFPROG"; then
1.14 millert 1359: MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
1.1 millert 1360: if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
1361: if test -d /usr/share/catman/local; then
1362: mandir="/usr/share/catman/local"
1363: else
1364: mandir="/usr/catman/local"
1365: fi
1366: fi
1367: else
1368: if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
1369: if test -d "/usr/share/man/local"; then
1370: mandir="/usr/share/man/local"
1371: else
1372: mandir="/usr/man/local"
1373: fi
1374: fi
1375: fi
1376: # IRIX <= 4 needs -lsun
1.23 millert 1377: if test "$OSMAJOR" -le 4; then
1.1 millert 1378: AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
1379: fi
1.23 millert 1380: : ${mansectsu='1m'}
1381: : ${mansectform='4'}
1.1 millert 1382: ;;
1383: *-*-linux*)
1.23 millert 1384: OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1.1 millert 1385: # Some Linux versions need to link with -lshadow
1.23 millert 1386: shadow_funcs="getspnam"
1387: shadow_libs_optional="-lshadow"
1.25 ! millert 1388: test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1.1 millert 1389: ;;
1390: *-convex-bsd*)
1.23 millert 1391: OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
1.1 millert 1392: if test -z "$GCC"; then
1393: CFLAGS="${CFLAGS} -D__STDC__"
1394: fi
1395:
1.23 millert 1396: shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
1397: shadow_funcs="getprpwnam"
1398: shadow_libs="-lprot"
1.1 millert 1399: ;;
1400: *-*-ultrix*)
1401: OS="ultrix"
1.23 millert 1402: shadow_funcs="getauthuid"
1403: shadow_libs="-lauth"
1.1 millert 1404: ;;
1405: *-*-riscos*)
1406: LIBS="${LIBS} -lsun -lbsd"
1407: CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
1408: OSDEFS="${OSDEFS} -D_MIPS"
1.23 millert 1409: : ${mansectsu='1m'}
1410: : ${mansectform='4'}
1.1 millert 1411: ;;
1412: *-*-isc*)
1413: OSDEFS="${OSDEFS} -D_ISC"
1414: LIB_CRYPT=1
1415: SUDO_LIBS="${SUDO_LIBS} -lcrypt"
1416: LIBS="${LIBS} -lcrypt"
1417:
1.23 millert 1418: shadow_funcs="getspnam"
1419: shadow_libs="-lsec"
1420:
1421: : ${mansectsu='1m'}
1422: : ${mansectform='4'}
1.1 millert 1423: ;;
1.7 millert 1424: *-*-sco*|*-sco-*)
1.23 millert 1425: shadow_funcs="getprpwnam"
1426: shadow_libs="-lprot -lx"
1427: : ${mansectsu='1m'}
1428: : ${mansectform='4'}
1.8 millert 1429: ;;
1430: m88k-motorola-sysv*)
1431: # motorolla's cc (a variant of gcc) does -O but not -O2
1432: CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
1.23 millert 1433: : ${mansectsu='1m'}
1434: : ${mansectform='4'}
1.1 millert 1435: ;;
1436: *-sequent-sysv*)
1.23 millert 1437: shadow_funcs="getspnam"
1438: shadow_libs="-lsec"
1439: : ${mansectsu='1m'}
1440: : ${mansectform='4'}
1441: : ${with_rpath='yes'}
1.7 millert 1442: ;;
1443: *-ncr-sysv4*|*-ncr-sysvr4*)
1444: AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes])
1.23 millert 1445: : ${mansectsu='1m'}
1446: : ${mansectform='4'}
1447: : ${with_rpath='yes'}
1.1 millert 1448: ;;
1.7 millert 1449: *-ccur-sysv4*|*-ccur-sysvr4*)
1.1 millert 1450: LIBS="${LIBS} -lgen"
1451: SUDO_LIBS="${SUDO_LIBS} -lgen"
1.23 millert 1452: : ${mansectsu='1m'}
1453: : ${mansectform='4'}
1454: : ${with_rpath='yes'}
1.1 millert 1455: ;;
1456: *-*-bsdi*)
1.14 millert 1457: SKIP_SETREUID=yes
1.5 millert 1458: # Use shlicc for BSD/OS [23].x unless asked to do otherwise
1459: if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then
1.23 millert 1460: case "$OSMAJOR" in
1.15 millert 1461: 2|3) AC_MSG_NOTICE([using shlicc as CC])
1.5 millert 1462: ac_cv_prog_CC=shlicc
1463: CC="$ac_cv_prog_CC"
1464: ;;
1465: esac
1466: fi
1.23 millert 1467: # Check for newer BSD auth API (just check for >= 3.0?)
1468: if test -z "$with_bsdauth"; then
1.25 ! millert 1469: AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
1.23 millert 1470: fi
1.5 millert 1471: ;;
1472: *-*-freebsd*)
1.11 millert 1473: # FreeBSD has a real setreuid(2) starting with 2.1 and
1474: # backported to 2.0.5. We just take 2.1 and above...
1.23 millert 1475: case "$OSREV" in
1.11 millert 1476: 0.*|1.*|2.0*)
1.14 millert 1477: SKIP_SETREUID=yes
1.11 millert 1478: ;;
1479: esac
1.5 millert 1480: if test "$with_skey" = "yes"; then
1481: SUDO_LIBS="${SUDO_LIBS} -lmd"
1482: fi
1.25 ! millert 1483: CHECKSHADOW="false"
! 1484: test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1.23 millert 1485: : ${with_logincap='maybe'}
1.1 millert 1486: ;;
1.7 millert 1487: *-*-*openbsd*)
1.23 millert 1488: # OpenBSD has a real setreuid(2) starting with 3.3 but
1489: # we will use setreuid(2) instead.
1.14 millert 1490: SKIP_SETREUID=yes
1.25 ! millert 1491: CHECKSHADOW="false"
1.23 millert 1492: # OpenBSD >= 3.0 supports BSD auth
1493: if test -z "$with_bsdauth"; then
1494: case "$OSREV" in
1495: [0-2].*)
1496: ;;
1497: *)
1.25 ! millert 1498: AUTH_EXCL_DEF="BSD_AUTH"
1.23 millert 1499: ;;
1500: esac
1501: fi
1502: : ${with_logincap='maybe'}
1.7 millert 1503: ;;
1504: *-*-*netbsd*)
1.11 millert 1505: # NetBSD has a real setreuid(2) starting with 1.3.2
1.23 millert 1506: case "$OSREV" in
1.11 millert 1507: 0.9*|1.[012]*|1.3|1.3.1)
1.14 millert 1508: SKIP_SETREUID=yes
1.11 millert 1509: ;;
1510: esac
1.25 ! millert 1511: CHECKSHADOW="false"
! 1512: test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1.23 millert 1513: : ${with_logincap='maybe'}
1514: ;;
1515: *-*-dragonfly*)
1516: if test "$with_skey" = "yes"; then
1517: SUDO_LIBS="${SUDO_LIBS} -lmd"
1518: fi
1.25 ! millert 1519: CHECKSHADOW="false"
! 1520: test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1.23 millert 1521: : ${with_logincap='yes'}
1.7 millert 1522: ;;
1.1 millert 1523: *-*-*bsd*)
1.25 ! millert 1524: CHECKSHADOW="false"
1.19 millert 1525: ;;
1526: *-*-darwin*)
1527: SKIP_SETREUID=yes
1.25 ! millert 1528: CHECKSHADOW="false"
! 1529: test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1.23 millert 1530: : ${with_logincap='yes'}
1.1 millert 1531: ;;
1.7 millert 1532: *-*-nextstep*)
1533: # lockf() on is broken on the NeXT -- use flock instead
1534: ac_cv_func_lockf=no
1535: ac_cv_func_flock=yes
1536: ;;
1.15 millert 1537: *-*-*sysv4*)
1.23 millert 1538: : ${mansectsu='1m'}
1539: : ${mansectform='4'}
1540: : ${with_rpath='yes'}
1.15 millert 1541: ;;
1.5 millert 1542: *-*-sysv*)
1.23 millert 1543: : ${mansectsu='1m'}
1544: : ${mansectform='4'}
1545: ;;
1546: *-gnu*)
1547: OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1.5 millert 1548: ;;
1.1 millert 1549: esac
1550:
1551: dnl
1.25 ! millert 1552: dnl Check for mixing mutually exclusive and regular auth methods
! 1553: dnl
! 1554: AUTH_REG=${AUTH_REG# }
! 1555: AUTH_EXCL=${AUTH_EXCL# }
! 1556: if test -n "$AUTH_EXCL"; then
! 1557: set -- $AUTH_EXCL
! 1558: if test $# != 1; then
! 1559: AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL])
! 1560: fi
! 1561: if test -n "$AUTH_REG"; then
! 1562: AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
! 1563: fi
! 1564: fi
! 1565: dnl
! 1566: dnl Only one of S/Key and OPIE may be specified
! 1567: dnl
! 1568: if test X"${with_skey}${with_opie}" = X"yesyes"; then
! 1569: AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
! 1570: fi
! 1571:
! 1572: dnl
1.5 millert 1573: dnl Use BSD-style man sections by default
1574: dnl
1.23 millert 1575: : ${mansectsu='8'}
1576: : ${mansectform='5'}
1.5 millert 1577:
1578: dnl
1.15 millert 1579: dnl Add in any libpaths or libraries specified via configure
1580: dnl
1581: if test -n "$with_libpath"; then
1582: for i in ${with_libpath}; do
1583: SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
1584: done
1585: fi
1586: if test -n "$with_libraries"; then
1587: for i in ${with_libraries}; do
1588: case $i in
1589: -l*) ;;
1590: *.a) ;;
1591: *.o) ;;
1592: *) i="-l${i}";;
1593: esac
1594: LIBS="${LIBS} ${i}"
1595: done
1596: fi
1597:
1598: dnl
1.1 millert 1599: dnl C compiler checks (to be done after os checks)
1600: dnl
1601: AC_PROG_GCC_TRADITIONAL
1602: AC_C_CONST
1.7 millert 1603: AC_C_VOLATILE
1.1 millert 1604: dnl
1605: dnl Program checks
1606: dnl
1607: AC_PROG_YACC
1.7 millert 1608: SUDO_PROG_MV
1609: SUDO_PROG_BSHELL
1.1 millert 1610: if test -z "$with_sendmail"; then
1611: SUDO_PROG_SENDMAIL
1612: fi
1.7 millert 1613: if test -z "$with_editor"; then
1614: SUDO_PROG_VI
1615: fi
1.1 millert 1616: dnl
1617: dnl Header file checks
1618: dnl
1619: AC_HEADER_STDC
1620: AC_HEADER_DIRENT
1.23 millert 1621: AC_HEADER_TIME
1.7 millert 1622: AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h)
1.23 millert 1623: AC_CHECK_HEADERS([err.h], [], [AC_LIBOBJ(err)])
1.1 millert 1624: dnl ultrix termio/termios are broken
1625: if test "$OS" != "ultrix"; then
1.7 millert 1626: AC_SYS_POSIX_TERMIOS
1627: if test "$ac_cv_sys_posix_termios" = "yes"; then
1.21 millert 1628: AC_DEFINE(HAVE_TERMIOS_H)
1.7 millert 1629: else
1630: AC_CHECK_HEADERS(termio.h)
1631: fi
1.1 millert 1632: fi
1.23 millert 1633: if test ${with_logincap-'no'} != "no"; then
1.6 millert 1634: AC_CHECK_HEADERS(login_cap.h)
1635: fi
1.23 millert 1636: if test ${with_project-'no'} != "no"; then
1637: AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H)
1638: [SUDO_LIBS="${SUDO_LIBS} -lproject"], -)
1.6 millert 1639: fi
1.1 millert 1640: dnl
1641: dnl typedef checks
1642: dnl
1643: AC_TYPE_MODE_T
1644: AC_TYPE_UID_T
1.21 millert 1645: AC_CHECK_TYPES([sig_atomic_t], , [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
1.7 millert 1646: #include <signal.h>])
1.23 millert 1647: AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include <sys/types.h>
1.7 millert 1648: #include <signal.h>])
1.23 millert 1649: AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include <sys/types.h>
1650: #if TIME_WITH_SYS_TIME
1651: # include <sys/time.h>
1652: # include <time.h>
1653: #else
1654: # include <sys/time.h>
1655: #endif])
1.1 millert 1656: SUDO_TYPE_SIZE_T
1657: SUDO_TYPE_SSIZE_T
1658: SUDO_TYPE_DEV_T
1659: SUDO_TYPE_INO_T
1660: SUDO_FULL_VOID
1661: SUDO_UID_T_LEN
1.23 millert 1662: SUDO_TYPE_LONG_LONG
1.1 millert 1663: SUDO_SOCK_SA_LEN
1664: dnl
1665: dnl only set RETSIGTYPE if it is not set already
1666: dnl
1667: case "$DEFS" in
1668: *"RETSIGTYPE"*) ;;
1669: *) AC_TYPE_SIGNAL;;
1670: esac
1671: dnl
1672: dnl Function checks
1673: dnl
1.7 millert 1674: AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
1.23 millert 1675: strftime setrlimit initgroups getgroups fstat gettimeofday \
1.24 millert 1676: setlocale getaddrinfo)
1.14 millert 1677: if test -z "$SKIP_SETRESUID"; then
1678: AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
1679: fi
1680: if test -z "$SKIP_SETREUID"; then
1.23 millert 1681: AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
1682: fi
1683: if test -z "$SKIP_SETEUID"; then
1684: AC_CHECK_FUNCS(seteuid)
1.7 millert 1685: fi
1686: if test X"$with_interfaces" != X"no"; then
1.14 millert 1687: AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
1.7 millert 1688: fi
1.1 millert 1689: if test -z "$BROKEN_GETCWD"; then
1.7 millert 1690: AC_REPLACE_FUNCS(getcwd)
1.1 millert 1691: fi
1.23 millert 1692: AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h)
1693: AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <glob.h>]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB)
1694: AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob)
1695: AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)])
1.7 millert 1696: AC_CHECK_FUNCS(lockf flock, [break])
1697: AC_CHECK_FUNCS(waitpid wait3, [break])
1.14 millert 1698: AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
1.23 millert 1699: AC_CHECK_FUNCS(lsearch, [], [AC_CHECK_LIB([compat], [lsearch], [AC_CHECK_HEADER([search.h], [AC_DEFINE(HAVE_LSEARCH)] [LIBS="${LIBS} -lcompat"], [AC_LIBOBJ(lsearch)], -)], [AC_LIBOBJ(lsearch)])])
1.21 millert 1700: AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
1.23 millert 1701: SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)])
1.7 millert 1702: SUDO_FUNC_ISBLANK
1.23 millert 1703: AC_REPLACE_FUNCS(memrchr strerror strcasecmp sigaction strlcpy strlcat)
1704: AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom)
1705: AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [],
1706: [ #include <limits.h>
1707: #include <fcntl.h> ])
1708: ])
1709: AC_CHECK_FUNCS(mkstemp, [], [SUDO_OBJS="${SUDO_OBJS} mkstemp.o"
1710: AC_CHECK_FUNCS(random lrand48, [break])
1711: ])
1.7 millert 1712: AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
1.22 millert 1713: if test X"$ac_cv_type_struct_timespec" != X"no"; then
1714: AC_CHECK_MEMBER([struct stat.st_mtim], AC_DEFINE(HAVE_ST_MTIM), [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
1715: AC_MSG_CHECKING([for two-parameter timespecsub])
1.23 millert 1716: AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1717: #include <sys/time.h>]], [[struct timespec ts1, ts2;
1.22 millert 1718: ts1.tv_sec = 1; ts1.tv_nsec = 0; ts2.tv_sec = 0; ts2.tv_nsec = 0;
1719: #ifndef timespecsub
1720: #error missing timespecsub
1721: #endif
1.23 millert 1722: timespecsub(&ts1, &ts2);]])], [AC_DEFINE(HAVE_TIMESPECSUB2)
1723: AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)])
1.22 millert 1724: fi
1.21 millert 1725: dnl
1726: dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
1727: dnl
1.23 millert 1728: AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1729: #include <$ac_header_dirent>]], [[DIR d; (void)dirfd(&d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_TRY_LINK([#include <sys/types.h>
1.24 millert 1730: #include <$ac_header_dirent>], [DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);], [AC_DEFINE(HAVE_DD_FD)])])
1.1 millert 1731: dnl
1732: dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
1733: dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
1734: dnl
1735: if test -n "$NEED_SNPRINTF"; then
1.7 millert 1736: AC_LIBOBJ(snprintf)
1.1 millert 1737: fi
1738: dnl
1739: dnl If socket(2) not in libc, check -lsocket and -linet
1740: dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
1741: dnl In this case we look for main(), not socket() to avoid using a cached value
1742: dnl
1.7 millert 1743: AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl)
1744: AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))])
1.1 millert 1745: dnl
1746: dnl If inet_addr(3) not in libc, check -lnsl and -linet
1747: dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
1748: dnl
1.7 millert 1749: AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl)
1750: AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))])
1.1 millert 1751: dnl
1752: dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
1753: dnl
1.7 millert 1754: AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))])
1.1 millert 1755: dnl
1756: dnl Bison and DCE use alloca(3), if not in libc, use the sudo one (from gcc)
1757: dnl (gcc includes its own alloca(3) but other compilers may not)
1758: dnl
1759: if test "$with_DCE" = "yes" -o "$ac_cv_prog_YACC" = "bison -y"; then
1760: AC_FUNC_ALLOCA
1761: fi
1.16 millert 1762: dnl
1763: dnl Check for getprogname() or __progname
1764: dnl
1765: AC_CHECK_FUNCS(getprogname, , [
1766: AC_MSG_CHECKING([for __progname])
1767: AC_CACHE_VAL(sudo_cv___progname, [
1.23 millert 1768: AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
1.16 millert 1769: if test "$sudo_cv___progname" = "yes"; then
1.21 millert 1770: AC_DEFINE(HAVE___PROGNAME)
1.16 millert 1771: else
1772: AC_LIBOBJ(getprogname)
1773: fi
1774: AC_MSG_RESULT($sudo_cv___progname)
1775: ])
1.25 ! millert 1776:
! 1777: dnl
! 1778: dnl Mutually exclusive auth checks come first, followed by
! 1779: dnl non-exclusive ones. Note: passwd must be last of all!
! 1780: dnl
! 1781:
! 1782: dnl
! 1783: dnl Convert default authentication methods to with_* if
! 1784: dnl no explicit authentication scheme was specified.
! 1785: dnl
! 1786: if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
! 1787: for auth in $AUTH_EXCL_DEF; do
! 1788: case $auth in
! 1789: AIX_AUTH) with_aixauth=maybe;;
! 1790: BSD_AUTH) with_bsdauth=maybe;;
! 1791: PAM) with_pam=maybe;;
! 1792: SIA) CHECKSIA=true;;
! 1793: esac
! 1794: done
! 1795: fi
! 1796:
! 1797: dnl
! 1798: dnl PAM support. Systems that use PAM by default set with_pam=default
! 1799: dnl and we do the actual tests here.
! 1800: dnl
! 1801: if test ${with_pam-"no"} != "no"; then
! 1802: dnl
! 1803: dnl Linux may need this
! 1804: dnl
! 1805: AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"])
! 1806: ac_cv_lib_dl=ac_cv_lib_dl_main
! 1807:
! 1808: dnl
! 1809: dnl Some PAM implementations (MacOS X for example) put the PAM headers
! 1810: dnl in /usr/include/pam instead of /usr/include/security...
! 1811: dnl
! 1812: AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break])
! 1813: if test "$with_pam" = "yes"; then
! 1814: AC_DEFINE(HAVE_PAM)
! 1815: AUTH_OBJS="$AUTH_OBJS pam.o";
! 1816: AUTH_EXCL=PAM
! 1817: fi
! 1818: fi
! 1819:
! 1820: dnl
! 1821: dnl AIX general authentication
! 1822: dnl If set to "maybe" only enable if no other exclusive method in use.
! 1823: dnl
! 1824: if test ${with_aixauth-'no'} != "no"; then
! 1825: if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
! 1826: AC_MSG_NOTICE([using AIX general authentication])
! 1827: AC_DEFINE(HAVE_AIXAUTH)
! 1828: AUTH_OBJS="$AUTH_OBJS aix_auth.o";
! 1829: SUDO_LIBS="${SUDO_LIBS} -ls"
! 1830: AUTH_EXCL=AIX_AUTH
! 1831: fi
! 1832: fi
! 1833:
! 1834: dnl
! 1835: dnl BSD authentication
! 1836: dnl If set to "maybe" only enable if no other exclusive method in use.
! 1837: dnl
! 1838: if test ${with_bsdauth-'no'} != "no"; then
! 1839: AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
! 1840: [AUTH_OBJS="$AUTH_OBJS bsdauth.o"]
! 1841: [BSDAUTH_USAGE='[[-a auth_type]] ']
! 1842: [AUTH_EXCL=BSD_AUTH],
! 1843: [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
! 1844: fi
! 1845:
! 1846: dnl
! 1847: dnl SIA authentication for Tru64 Unix
! 1848: dnl
! 1849: if test ${CHECKSIA-'false'} = "true"; then
! 1850: AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
! 1851: if test "$found" = "true"; then
! 1852: AUTH_EXCL=SIA
! 1853: AUTH_OBJS="$AUTH_OBJS sia.o"
! 1854: fi
! 1855: fi
! 1856:
! 1857: dnl
! 1858: dnl extra FWTK libs + includes
! 1859: dnl
! 1860: if test ${with_fwtk-'no'} != "no"; then
! 1861: if test "$with_fwtk" != "yes"; then
! 1862: SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}])
! 1863: CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
! 1864: with_fwtk=yes
! 1865: fi
! 1866: SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall"
! 1867: AUTH_OBJS="$AUTH_OBJS fwtk.o"
! 1868: fi
! 1869:
! 1870: dnl
! 1871: dnl extra SecurID lib + includes
! 1872: dnl
! 1873: if test ${with_SecurID-'no'} != "no"; then
! 1874: if test "$with_SecurID" != "yes"; then
! 1875: :
! 1876: elif test -d /usr/ace/examples; then
! 1877: with_SecurID=/usr/ace/examples
! 1878: else
! 1879: with_SecurID=/usr/ace
! 1880: fi
! 1881: CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
! 1882: _LDFLAGS="${LDFLAGS}"
! 1883: SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
! 1884: #
! 1885: # Determine whether to use the new or old SecurID API
! 1886: #
! 1887: AC_CHECK_LIB(aceclnt, SD_Init,
! 1888: [
! 1889: AUTH_OBJS="$AUTH_OBJS securid5.o";
! 1890: SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"
! 1891: ]
! 1892: [
! 1893: SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}])
! 1894: ], [
! 1895: AUTH_OBJS="$AUTH_OBJS securid.o";
! 1896: SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a"
! 1897: ],
! 1898: [
! 1899: -lpthread
! 1900: ]
! 1901: )
! 1902: LDFLAGS="${_LDFLAGS}"
! 1903: fi
! 1904:
! 1905: dnl
! 1906: dnl Non-mutually exclusive auth checks come next.
! 1907: dnl Note: passwd must be last of all!
! 1908: dnl
! 1909:
! 1910: dnl
! 1911: dnl Convert default authentication methods to with_* if
! 1912: dnl no explicit authentication scheme was specified.
! 1913: dnl
! 1914: if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
! 1915: for auth in $AUTH_DEF; do
! 1916: case $auth in
! 1917: passwd) : ${with_passwd='maybe'};;
! 1918: esac
! 1919: done
! 1920: fi
! 1921:
1.1 millert 1922: dnl
1.15 millert 1923: dnl Kerberos IV
1.1 millert 1924: dnl
1.25 ! millert 1925: if test ${with_kerb4-'no'} != "no"; then
1.21 millert 1926: AC_DEFINE(HAVE_KERB4)
1.15 millert 1927: dnl
1928: dnl Use the specified directory, if any, else search for correct inc dir
1929: dnl
1930: O_LDFLAGS="$LDFLAGS"
1931: if test "$with_kerb4" = "yes"; then
1932: found=no
1933: O_CPPFLAGS="$CPPFLAGS"
1934: for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
1935: CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
1.23 millert 1936: AC_PREPROC_IFELSE([#include <krb.h>], [found=yes; break])
1.15 millert 1937: done
1938: test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
1.1 millert 1939: else
1.15 millert 1940: SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib])
1941: SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib])
1942: CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
1943: AC_CHECK_HEADER([krb.h], [found=yes], [found=no])
1944: fi
1945: if test X"$found" = X"no"; then
1946: AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
1.1 millert 1947: fi
1948:
1.15 millert 1949: dnl
1950: dnl Check for -ldes vs. -ldes425
1951: dnl
1952: AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [
1953: AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""])
1954: ])
1955: dnl
1956: dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV
1957: dnl
1958: AC_MSG_CHECKING(whether we are using KTH Kerberos IV)
1.23 millert 1959: AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]], [[const char *tmp = krb4_version;]])], [
1.15 millert 1960: AC_MSG_RESULT(yes)
1961: K4LIBS="${K4LIBS} -lcom_err"
1962: AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"])
1963: ], [
1964: AC_MSG_RESULT(no)
1965: ]
1966: )
1967: dnl
1968: dnl The actual Kerberos IV lib might be -lkrb or -lkrb4
1969: dnl
1970: AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [
1971: AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"],
1972: [K4LIBS="-lkrb $K4LIBS"]
1973: [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])]
1974: , [$K4LIBS])
1975: ], [$K4LIBS])
1976: LDFLAGS="$O_LDFLAGS"
1977: SUDO_LIBS="${SUDO_LIBS} $K4LIBS"
1.25 ! millert 1978: AUTH_OBJS="$AUTH_OBJS kerb4.o"
1.15 millert 1979: fi
1980:
1981: dnl
1982: dnl Kerberos V
1.16 millert 1983: dnl There is an easy way and a hard way...
1.15 millert 1984: dnl
1.25 ! millert 1985: if test ${with_kerb5-'no'} != "no"; then
1.16 millert 1986: AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
1987: if test -n "$KRB5CONFIG"; then
1.21 millert 1988: AC_DEFINE(HAVE_KERB5)
1.25 ! millert 1989: AUTH_OBJS="$AUTH_OBJS kerb5.o"
1.16 millert 1990: CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
1991: SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`"
1.17 millert 1992: dnl
1993: dnl Try to determine whether we have Heimdal or MIT Kerberos
1994: dnl
1995: AC_MSG_CHECKING(whether we are using Heimdal)
1.23 millert 1996: AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
1.17 millert 1997: AC_MSG_RESULT(yes)
1.21 millert 1998: AC_DEFINE(HAVE_HEIMDAL)
1.25 ! millert 1999: ], [
1.23 millert 2000: AC_MSG_RESULT(no)
1.17 millert 2001: ]
2002: )
1.16 millert 2003: fi
2004: fi
1.25 ! millert 2005: if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then
1.21 millert 2006: AC_DEFINE(HAVE_KERB5)
1.15 millert 2007: dnl
2008: dnl Use the specified directory, if any, else search for correct inc dir
2009: dnl
2010: if test "$with_kerb5" = "yes"; then
2011: found=no
2012: O_CPPFLAGS="$CPPFLAGS"
2013: for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
2014: CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
1.23 millert 2015: AC_PREPROC_IFELSE([#include <krb5.h>], [found=yes; break])
1.15 millert 2016: done
2017: if test X"$found" = X"no"; then
2018: CPPFLAGS="$O_CPPFLAGS"
2019: AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
2020: fi
1.1 millert 2021: else
1.15 millert 2022: dnl XXX - try to include krb5.h here too
2023: SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib])
2024: CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
1.1 millert 2025: fi
2026:
1.15 millert 2027: dnl
2028: dnl Try to determine whether we have Heimdal or MIT Kerberos
2029: dnl
2030: AC_MSG_CHECKING(whether we are using Heimdal)
1.23 millert 2031: AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
1.15 millert 2032: AC_MSG_RESULT(yes)
1.21 millert 2033: AC_DEFINE(HAVE_HEIMDAL)
1.23 millert 2034: SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
1.15 millert 2035: AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"])
2036: ], [
2037: AC_MSG_RESULT(no)
2038: SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
1.23 millert 2039:
2040: ])
1.25 ! millert 2041: AUTH_OBJS="$AUTH_OBJS kerb5.o"
1.23 millert 2042: _LIBS="$LIBS"
2043: LIBS="${LIBS} ${SUDO_LIBS}"
2044: AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
2045: LIBS="$_LIBS"
2046: fi
2047:
2048: dnl
2049: dnl Some systems put login_cap(3) in libutil
2050: dnl
1.25 ! millert 2051: if test ${with_logincap-'no'} = "yes"; then
1.23 millert 2052: case "$OS" in
2053: freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
2054: ;;
2055: esac
1.1 millert 2056: fi
2057:
2058: dnl
2059: dnl extra AFS libs and includes
2060: dnl
1.25 ! millert 2061: if test ${with_AFS-'no'} = "yes"; then
1.1 millert 2062:
2063: # looks like the "standard" place for AFS libs is /usr/afsws/lib
2064: AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
2065: for i in $AFSLIBDIRS; do
2066: if test -d ${i}; then
1.15 millert 2067: SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i])
1.1 millert 2068: FOUND_AFSLIBDIR=true
2069: fi
2070: done
2071: if test -z "$FOUND_AFSLIBDIR"; then
1.15 millert 2072: AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.])
1.1 millert 2073: fi
2074:
2075: # Order is important here. Note that we build AFS_LIBS from right to left
2076: # since AFS_LIBS may be initialized with BSD compat libs that must go last
2077: AFS_LIBS="-laudit ${AFS_LIBS}"
2078: for i in $AFSLIBDIRS; do
2079: if test -f ${i}/util.a; then
2080: AFS_LIBS="${i}/util.a ${AFS_LIBS}"
2081: FOUND_UTIL_A=true
2082: break;
2083: fi
2084: done
2085: if test -z "$FOUND_UTIL_A"; then
2086: AFS_LIBS="-lutil ${AFS_LIBS}"
2087: fi
2088: AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
2089:
2090: # AFS includes may live in /usr/include on some machines...
2091: for i in /usr/afsws/include; do
2092: if test -d ${i}; then
2093: CPPFLAGS="${CPPFLAGS} -I${i}"
2094: FOUND_AFSINCDIR=true
2095: fi
2096: done
2097:
2098: if test -z "$FOUND_AFSLIBDIR"; then
1.15 millert 2099: AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
1.1 millert 2100: fi
1.25 ! millert 2101:
! 2102: AUTH_OBJS="$AUTH_OBJS afs.o"
1.1 millert 2103: fi
2104:
2105: dnl
2106: dnl extra DCE obj + lib
2107: dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
2108: dnl
1.25 ! millert 2109: if test ${with_DCE-'no'} = "yes"; then
1.1 millert 2110: DCE_OBJS="${DCE_OBJS} dce_pwent.o"
2111: SUDO_LIBS="${SUDO_LIBS} -ldce"
1.25 ! millert 2112: AUTH_OBJS="$AUTH_OBJS dce.o"
1.5 millert 2113: fi
2114:
2115: dnl
1.1 millert 2116: dnl extra S/Key lib and includes
2117: dnl
1.25 ! millert 2118: if test ${with_skey-'no'} = "yes"; then
1.15 millert 2119: O_LDFLAGS="$LDFLAGS"
2120: if test "$with_skey" != "yes"; then
2121: CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
2122: SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
2123: SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib])
2124: AC_PREPROC_IFELSE([#include <skey.h>], [found=yes], [found=no])
1.1 millert 2125: else
1.15 millert 2126: found=no
2127: O_CPPFLAGS="$CPPFLAGS"
2128: for dir in "" "/usr/local" "/usr/contrib"; do
2129: test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
1.23 millert 2130: AC_PREPROC_IFELSE([#include <skey.h>], [found=yes; break])
1.15 millert 2131: done
2132: if test "$found" = "no" -o -z "$dir"; then
2133: CPPFLAGS="$O_CPPFLAGS"
2134: else
2135: SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2136: SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
2137: fi
1.1 millert 2138: fi
1.15 millert 2139: if test "$found" = "no"; then
2140: AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
2141: fi
2142: AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])])
1.21 millert 2143: AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
1.15 millert 2144: LDFLAGS="$O_LDFLAGS"
2145: SUDO_LIBS="${SUDO_LIBS} -lskey"
1.25 ! millert 2146: AUTH_OBJS="$AUTH_OBJS rfc1938.o"
1.1 millert 2147: fi
2148:
2149: dnl
2150: dnl extra OPIE lib and includes
2151: dnl
1.25 ! millert 2152: if test ${with_opie-'no'} = "yes"; then
1.15 millert 2153: O_LDFLAGS="$LDFLAGS"
2154: if test "$with_opie" != "yes"; then
2155: CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
2156: SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
2157: SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib])
2158: AC_PREPROC_IFELSE([#include <opie.h>], [found=yes], [found=no])
1.1 millert 2159: else
1.15 millert 2160: found=no
2161: O_CPPFLAGS="$CPPFLAGS"
2162: for dir in "" "/usr/local" "/usr/contrib"; do
2163: test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
1.23 millert 2164: AC_PREPROC_IFELSE([#include <opie.h>], [found=yes; break])
1.15 millert 2165: done
2166: if test "$found" = "no" -o -z "$dir"; then
2167: CPPFLAGS="$O_CPPFLAGS"
2168: else
2169: SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2170: SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
2171: fi
2172: fi
2173: if test "$found" = "no"; then
2174: AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
1.1 millert 2175: fi
1.15 millert 2176: AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])])
2177: LDFLAGS="$O_LDFLAGS"
2178: SUDO_LIBS="${SUDO_LIBS} -lopie"
1.25 ! millert 2179: AUTH_OBJS="$AUTH_OBJS rfc1938.o"
1.1 millert 2180: fi
2181:
2182: dnl
1.25 ! millert 2183: dnl Check for shadow password routines if we have not already done so.
! 2184: dnl If there is a specific list of functions to check we do that first.
! 2185: dnl Otherwise, we check for SVR4-style and then SecureWare-style.
1.1 millert 2186: dnl
1.25 ! millert 2187: if test ${with_passwd-'no'} != "no"; then
! 2188: dnl
! 2189: dnl if crypt(3) not in libc, look elsewhere
! 2190: dnl
! 2191: if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then
! 2192: AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
1.1 millert 2193: fi
2194:
1.25 ! millert 2195: if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
! 2196: _LIBS="$LIBS"
! 2197: LIBS="$LIBS $shadow_libs"
! 2198: found=no
! 2199: AC_CHECK_FUNCS($shadow_funcs, [found=yes])
! 2200: if test "$found" = "yes"; then
! 2201: SUDO_LIBS="$SUDO_LIBS $shadow_libs"
! 2202: elif test -n "$shadow_libs_optional"; then
! 2203: LIBS="$LIBS $shadow_libs_optional"
! 2204: AC_CHECK_FUNCS($shadow_funcs, [found=yes])
! 2205: if test "$found" = "yes"; then
! 2206: SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional"
! 2207: fi
! 2208: fi
! 2209: if test "$found" = "yes"; then
! 2210: case "$shadow_funcs" in
! 2211: *getprpwnam*) SECUREWARE=1;;
! 2212: esac
! 2213: test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
! 2214: else
! 2215: LIBS="$_LIBS"
! 2216: fi
! 2217: CHECKSHADOW=false
! 2218: fi
! 2219: if test "$CHECKSHADOW" = "true"; then
! 2220: AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
1.15 millert 2221: fi
1.25 ! millert 2222: if test "$CHECKSHADOW" = "true"; then
! 2223: AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
1.23 millert 2224: fi
1.25 ! millert 2225: if test -n "$SECUREWARE"; then
! 2226: AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
! 2227: AUTH_OBJS="$AUTH_OBJS secureware.o"
1.23 millert 2228: fi
1.1 millert 2229: fi
2230:
2231: dnl
1.21 millert 2232: dnl extra lib and .o file for LDAP support
2233: dnl
1.25 ! millert 2234: if test ${with_ldap-'no'} != "no"; then
1.23 millert 2235: _LDFLAGS="$LDFLAGS"
1.21 millert 2236: if test "$with_ldap" != "yes"; then
2237: SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib])
2238: SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
2239: CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
2240: with_ldap=yes
2241: fi
2242: SUDO_OBJS="${SUDO_OBJS} ldap.o"
2243:
2244: AC_MSG_CHECKING([for LDAP libraries])
2245: LDAP_LIBS=""
2246: _LIBS="$LIBS"
2247: found=no
2248: for l in -lldap -llber '-lssl -lcrypto'; do
2249: LIBS="${LIBS} $l"
2250: LDAP_LIBS="${LDAP_LIBS} $l"
1.23 millert 2251: AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1.21 millert 2252: #include <lber.h>
1.23 millert 2253: #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
1.21 millert 2254: done
1.23 millert 2255: dnl if nothing linked just try with -lldap
1.21 millert 2256: if test "$found" = "no"; then
1.23 millert 2257: LDAP_LIBS=" -lldap"
2258: AC_MSG_RESULT([not found, using -lldap])
1.21 millert 2259: else
2260: AC_MSG_RESULT([$LDAP_LIBS])
2261: fi
2262: dnl try again w/o explicitly including lber.h
2263: AC_MSG_CHECKING([whether lber.h is needed])
1.23 millert 2264: AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2265: #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
1.21 millert 2266: AC_MSG_RESULT([yes])
2267: AC_DEFINE(HAVE_LBER_H)])
2268:
2269: AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s)
2270:
2271: SUDO_LIBS="${SUDO_LIBS}${LDAP_LIBS}"
2272: LIBS="$_LIBS"
2273: LDFLAGS="$_LDFLAGS"
1.23 millert 2274: # XXX - OpenLDAP has deprecated ldap_get_values()
2275: CPPFLAGS="${CPPFLAGS} -DLDAP_DEPRECATED"
1.21 millert 2276: fi
2277:
2278: dnl
1.15 millert 2279: dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we
2280: dnl added -L dirpaths to SUDO_LDFLAGS.
2281: dnl
2282: if test -n "$blibpath"; then
2283: if test -n "$blibpath_add"; then
2284: SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
2285: elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
2286: SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}"
2287: fi
2288: fi
2289:
2290: dnl
1.1 millert 2291: dnl Check for log file and timestamp locations
2292: dnl
2293: SUDO_LOGFILE
2294: SUDO_TIMEDIR
2295:
2296: dnl
2297: dnl Use passwd (and secureware) auth modules?
2298: dnl
1.25 ! millert 2299: case "$with_passwd" in
! 2300: yes|maybe)
! 2301: AUTH_OBJS="$AUTH_OBJS passwd.o"
1.23 millert 2302: ;;
2303: *)
1.21 millert 2304: AC_DEFINE(WITHOUT_PASSWD)
1.1 millert 2305: if test -z "$AUTH_OBJS"; then
2306: AC_MSG_ERROR([no authentication methods defined.])
2307: fi
1.23 millert 2308: ;;
2309: esac
1.25 ! millert 2310: AUTH_OBJS=${AUTH_OBJS# }
1.23 millert 2311: _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'`
2312: AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
1.1 millert 2313:
2314: dnl
2315: dnl LIBS may contain duplicates from SUDO_LIBS or NET_LIBS so prune it.
2316: dnl
2317: if test -n "$LIBS"; then
2318: L="$LIBS"
2319: LIBS=
2320: for l in ${L}; do
2321: dupe=0
2322: for sl in ${SUDO_LIBS} ${NET_LIBS}; do
2323: test $l = $sl && dupe=1
2324: done
2325: test $dupe = 0 && LIBS="${LIBS} $l"
2326: done
2327: fi
2328:
2329: dnl
2330: dnl Set exec_prefix
2331: dnl
2332: test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
2333:
2334: dnl
1.21 millert 2335: dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
2336: dnl XXX - this is gross!
2337: dnl
2338: if test "$with_noexec" != "no"; then
2339: PROGS="${PROGS} sudo_noexec.la"
2340: INSTALL_NOEXEC="install-noexec"
2341:
2342: oexec_prefix="$exec_prefix"
2343: if test "$exec_prefix" = '$(prefix)'; then
2344: if test "$prefix" = "NONE"; then
2345: exec_prefix="$ac_default_prefix"
2346: else
2347: exec_prefix="$prefix"
2348: fi
2349: fi
2350: eval noexec_file="$with_noexec"
2351: AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
2352: exec_prefix="$oexec_prefix"
2353: fi
2354:
2355: dnl
1.5 millert 2356: dnl Substitute into the Makefile and man pages
1.1 millert 2357: dnl
1.23 millert 2358: AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man])
2359: AC_OUTPUT
1.1 millert 2360:
2361: dnl
2362: dnl Spew any text the user needs to know about
2363: dnl
2364: if test "$with_pam" = "yes"; then
2365: case $host in
2366: *-*-linux*)
1.15 millert 2367: AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
1.1 millert 2368: ;;
2369: esac
2370: fi
1.7 millert 2371:
2372: dnl
1.21 millert 2373: dnl Autoheader templates
2374: dnl
2375: AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
2376: AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
2377: AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
2378: AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
2379: AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
2380: AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
2381: AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
2382: AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
2383: AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
1.23 millert 2384: AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
1.21 millert 2385: AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
2386: AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
2387: AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
2388: AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
1.23 millert 2389: AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
2390: AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.])
2391: AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
1.21 millert 2392: AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
2393: AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
2394: AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)])
2395: AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)])
2396: AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
2397: AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
2398: AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
2399: AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
2400: AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
2401: AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
2402: AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.])
2403: AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
2404: AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
2405: AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
2406: AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
2407: AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
1.23 millert 2408: AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
1.21 millert 2409: AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
2410: AH_TEMPLATE(HAVE_SIA, [Define to 1 if you use SIA authentication.])
2411: AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
2412: AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
2413: AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
2414: AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
2415: AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
2416: AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.])
2417: AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h])
1.22 millert 2418: AH_TEMPLATE(HAVE_TIMESPECSUB2, [Define to 1 if you have a timespecsub macro or function that takes two arguments (not three)])
1.21 millert 2419: AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
2420: AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
2421: AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
2422: AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
2423: AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
2424: AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
2425: AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
2426: AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
2427: AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
2428: AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
2429: AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
2430: AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
2431: AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
2432: AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
2433: AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
2434: AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
2435: AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
2436: AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
2437: AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
2438: AH_TEMPLATE(USE_TTY_TICKETS, [Define to 1 if you want a different ticket file for each tty.])
2439: AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
2440: AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
2441:
2442: dnl
2443: dnl Bits to copy verbatim into config.h.in
1.7 millert 2444: dnl
2445: AH_TOP([#ifndef _SUDO_CONFIG_H
2446: #define _SUDO_CONFIG_H])
2447:
2448: AH_BOTTOM([/*
1.21 millert 2449: * Macros to pull sec and nsec parts of mtime from struct stat.
1.23 millert 2450: * We need to be able to convert between timeval and timespec
2451: * so the last 3 digits of tv_nsec are not significant.
1.21 millert 2452: */
2453: #ifdef HAVE_ST_MTIM
2454: # define mtim_getsec(_x) ((_x).st_mtim.tv_sec)
1.23 millert 2455: # define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000)
1.21 millert 2456: #else
2457: # ifdef HAVE_ST_MTIMESPEC
2458: # define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec)
1.23 millert 2459: # define mtim_getnsec(_x) (((_x).st_mtimespec.tv_nsec / 1000) * 1000)
1.21 millert 2460: # else
2461: # define mtim_getsec(_x) ((_x).st_mtime)
2462: # define mtim_getnsec(_x) (0)
2463: # endif /* HAVE_ST_MTIMESPEC */
2464: #endif /* HAVE_ST_MTIM */
2465:
2466: /*
1.7 millert 2467: * Emulate a subset of waitpid() if we don't have it.
2468: */
2469: #ifdef HAVE_WAITPID
2470: # define sudo_waitpid(p, s, o) waitpid(p, s, o)
2471: #else
2472: # ifdef HAVE_WAIT3
2473: # define sudo_waitpid(p, s, o) wait3(s, o, NULL)
2474: # endif
1.14 millert 2475: #endif
2476:
2477: /* GNU stow needs /etc/sudoers to be a symlink. */
1.21 millert 2478: #ifdef USE_STOW
1.14 millert 2479: # define stat_sudoers stat
2480: #else
2481: # define stat_sudoers lstat
1.7 millert 2482: #endif
1.21 millert 2483:
2484: /* Macros to set/clear/test flags. */
2485: #undef SET
2486: #define SET(t, f) ((t) |= (f))
2487: #undef CLR
2488: #define CLR(t, f) ((t) &= ~(f))
2489: #undef ISSET
2490: #define ISSET(t, f) ((t) & (f))
1.7 millert 2491:
2492: /* New ANSI-style OS defs for HP-UX and ConvexOS. */
2493: #if defined(hpux) && !defined(__hpux)
2494: # define __hpux 1
2495: #endif /* hpux */
2496:
2497: #if defined(convex) && !defined(__convex__)
2498: # define __convex__ 1
2499: #endif /* convex */
2500:
2501: /* BSD compatibility on some SVR4 systems. */
2502: #ifdef __svr4__
2503: # define BSD_COMP
2504: #endif /* __svr4__ */
2505:
2506: #endif /* _SUDO_CONFIG_H */])