Annotation of src/usr.bin/sudo/configure.in, Revision 1.35
1.1 millert 1: dnl
2: dnl Process this file with GNU autoconf to produce a configure script.
1.35 ! millert 3: dnl $Sudo: configure.in,v 1.535 2008/10/23 16:06:22 millert Exp $
1.1 millert 4: dnl
1.35 ! millert 5: dnl Copyright (c) 1994-1996,1998-2008 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 millert 6: dnl
1.35 ! millert 7: AC_INIT([sudo], [1.7])
1.1 millert 8: AC_CONFIG_HEADER(config.h pathnames.h)
9: dnl
1.23 millert 10: dnl This won't work before AC_INIT
1.1 millert 11: dnl
1.35 ! millert 12: AC_MSG_NOTICE([Configuring Sudo version 1.7])
1.1 millert 13: dnl
1.7 millert 14: dnl Variables that get substituted in the Makefile and man pages
1.1 millert 15: dnl
1.21 millert 16: AC_SUBST(LIBTOOL)
1.23 millert 17: AC_SUBST(CFLAGS)
18: AC_SUBST(PROGS)
19: AC_SUBST(CPPFLAGS)
20: AC_SUBST(LDFLAGS)
21: AC_SUBST(SUDO_LDFLAGS)
22: AC_SUBST(SUDO_OBJS)
23: AC_SUBST(LIBS)
24: AC_SUBST(SUDO_LIBS)
25: AC_SUBST(NET_LIBS)
26: AC_SUBST(AFS_LIBS)
1.30 millert 27: AC_SUBST(GETGROUPS_LIB)
1.23 millert 28: AC_SUBST(OSDEFS)
29: AC_SUBST(AUTH_OBJS)
30: AC_SUBST(MANTYPE)
31: AC_SUBST(MAN_POSTINSTALL)
32: AC_SUBST(SUDOERS_MODE)
33: AC_SUBST(SUDOERS_UID)
34: AC_SUBST(SUDOERS_GID)
1.5 millert 35: AC_SUBST(DEV)
1.34 millert 36: AC_SUBST(SELINUX)
37: AC_SUBST(BAMAN)
38: AC_SUBST(LCMAN)
39: AC_SUBST(SEMAN)
1.35 ! millert 40: AC_SUBST(devdir)
1.5 millert 41: AC_SUBST(mansectsu)
42: AC_SUBST(mansectform)
43: AC_SUBST(mansrcdir)
1.34 millert 44: AC_SUBST(NOEXECFILE)
1.21 millert 45: AC_SUBST(NOEXECDIR)
46: AC_SUBST(noexec_file)
47: AC_SUBST(INSTALL_NOEXEC)
1.23 millert 48: AC_SUBST(DONT_LEAK_PATH_INFO)
1.35 ! millert 49: AC_SUBST(BSDAUTH_USAGE)
! 50: AC_SUBST(SELINUX_USAGE)
! 51: AC_SUBST(LDAP)
! 52: AC_SUBST(LOGINCAP_USAGE)
1.5 millert 53: dnl
1.7 millert 54: dnl Variables that get substituted in docs (not overridden by environment)
55: dnl
56: AC_SUBST(timedir)dnl initial value from SUDO_TIMEDIR
57: AC_SUBST(timeout)
58: AC_SUBST(password_timeout)
59: AC_SUBST(sudo_umask)
60: AC_SUBST(passprompt)
61: AC_SUBST(long_otp_prompt)
62: AC_SUBST(lecture)
63: AC_SUBST(logfac)
64: AC_SUBST(goodpri)
65: AC_SUBST(badpri)
66: AC_SUBST(loglen)
67: AC_SUBST(ignore_dot)
68: AC_SUBST(mail_no_user)
69: AC_SUBST(mail_no_host)
70: AC_SUBST(mail_no_perms)
71: AC_SUBST(mailto)
72: AC_SUBST(mailsub)
73: AC_SUBST(badpass_message)
74: AC_SUBST(fqdn)
75: AC_SUBST(runas_default)
76: AC_SUBST(env_editor)
77: AC_SUBST(passwd_tries)
78: AC_SUBST(tty_tickets)
79: AC_SUBST(insults)
1.21 millert 80: AC_SUBST(root_sudo)
1.23 millert 81: AC_SUBST(path_info)
1.35 ! millert 82: AC_SUBST(ldap_conf)
! 83: AC_SUBST(ldap_secret)
! 84: AC_SUBST(nsswitch_conf)
1.7 millert 85: dnl
86: dnl Initial values for above
87: dnl
88: timeout=5
89: password_timeout=5
90: sudo_umask=0022
91: passprompt="Password:"
92: long_otp_prompt=off
1.21 millert 93: lecture=once
1.7 millert 94: logfac=local2
95: goodpri=notice
96: badpri=alert
97: loglen=80
98: ignore_dot=off
99: mail_no_user=on
100: mail_no_host=off
101: mail_no_perms=off
102: mailto=root
103: mailsub='*** SECURITY information for %h ***'
104: badpass_message='Sorry, try again.'
105: fqdn=off
106: runas_default=root
107: env_editor=off
108: passwd_tries=3
109: tty_tickets=off
110: insults=off
1.21 millert 111: root_sudo=on
1.23 millert 112: path_info=on
1.21 millert 113: INSTALL_NOEXEC=
1.35 ! millert 114: devdir='$(srcdir)'
1.7 millert 115: dnl
1.5 millert 116: dnl Initial values for Makefile variables listed above
1.7 millert 117: dnl May be overridden by environment variables..
1.5 millert 118: dnl
119: PROGS="sudo visudo"
1.23 millert 120: : ${MANTYPE='man'}
121: : ${mansrcdir='.'}
122: : ${SUDOERS_MODE='0440'}
123: : ${SUDOERS_UID='0'}
124: : ${SUDOERS_GID='0'}
1.1 millert 125: DEV="#"
1.35 ! millert 126: LDAP="#"
1.34 millert 127: SELINUX="#"
128: BAMAN='.\" '
129: LCMAN='.\" '
130: SEMAN='.\" '
1.25 millert 131: AUTH_OBJS=
132: AUTH_REG=
133: AUTH_EXCL=
134: AUTH_EXCL_DEF=
135: AUTH_DEF=passwd
1.5 millert 136:
137: dnl
138: dnl Other vaiables
139: dnl
1.1 millert 140: CHECKSHADOW=true
1.23 millert 141: shadow_defs=
142: shadow_funcs=
143: shadow_libs=
144: shadow_libs_optional=
1.1 millert 145:
146: dnl
147: dnl Override default configure dirs...
148: dnl
1.34 millert 149: if test X"$prefix" = X"NONE"; then
150: test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
151: else
152: test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man'
153: fi
1.1 millert 154: test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
155: test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
1.14 millert 156: test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
1.1 millert 157:
158: dnl
159: dnl Deprecated --with options (these all warn or generate an error)
160: dnl
161:
162: AC_ARG_WITH(otp-only, [ --with-otp-only deprecated],
163: [case $with_otp_only in
1.25 millert 164: yes) with_passwd="no"
1.15 millert 165: AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
1.1 millert 166: ;;
167: esac])
168:
169: AC_ARG_WITH(alertmail, [ --with-alertmail deprecated],
170: [case $with_alertmail in
171: *) with_mailto="$with_alertmail"
1.15 millert 172: AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
1.1 millert 173: ;;
174: esac])
175:
176: dnl
177: dnl Options for --with
178: dnl
179:
180: AC_ARG_WITH(CC, [ --with-CC C compiler to use],
181: [case $with_CC in
182: yes) AC_MSG_ERROR(["must give --with-CC an argument."])
183: ;;
184: no) AC_MSG_ERROR(["illegal argument: --without-CC."])
185: ;;
186: *) CC=$with_CC
187: ;;
188: esac])
189:
1.15 millert 190: AC_ARG_WITH(rpath, [ --with-rpath pass -R flag in addition to -L for lib paths],
191: [case $with_rpath in
1.23 millert 192: yes|no) ;;
1.15 millert 193: *) AC_MSG_ERROR(["--with-rpath does not take an argument."])
194: ;;
195: esac])
196:
1.23 millert 197: AC_ARG_WITH(blibpath, [ --with-blibpath[=PATH] pass -blibpath flag to ld for additional lib paths],
1.15 millert 198: [case $with_blibpath in
1.23 millert 199: yes|no) ;;
1.15 millert 200: *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
201: ;;
202: esac])
203:
1.1 millert 204: AC_ARG_WITH(incpath, [ --with-incpath additional places to look for include files],
1.21 millert 205: [case $with_incpath in
1.1 millert 206: yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
207: ;;
208: no) AC_MSG_ERROR(["--without-incpath not supported."])
209: ;;
1.15 millert 210: *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
1.1 millert 211: for i in ${with_incpath}; do
212: CPPFLAGS="${CPPFLAGS} -I${i}"
213: done
214: ;;
215: esac])
216:
217: AC_ARG_WITH(libpath, [ --with-libpath additional places to look for libraries],
1.21 millert 218: [case $with_libpath in
1.1 millert 219: yes) AC_MSG_ERROR(["must give --with-libpath an argument."])
220: ;;
221: no) AC_MSG_ERROR(["--without-libpath not supported."])
222: ;;
1.15 millert 223: *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS])
1.1 millert 224: ;;
225: esac])
226:
227: AC_ARG_WITH(libraries, [ --with-libraries additional libraries to link with],
1.21 millert 228: [case $with_libraries in
1.1 millert 229: yes) AC_MSG_ERROR(["must give --with-libraries an argument."])
230: ;;
231: no) AC_MSG_ERROR(["--without-libraries not supported."])
232: ;;
1.15 millert 233: *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS])
1.1 millert 234: ;;
235: esac])
236:
1.13 david 237: AC_ARG_WITH(devel, [ --with-devel add development options],
1.21 millert 238: [case $with_devel in
1.15 millert 239: yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
1.1 millert 240: PROGS="${PROGS} testsudoers"
241: OSDEFS="${OSDEFS} -DSUDO_DEVEL"
242: DEV=""
1.35 ! millert 243: devdir=.
1.1 millert 244: ;;
245: no) ;;
1.15 millert 246: *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
1.1 millert 247: ;;
248: esac])
249:
1.9 millert 250: AC_ARG_WITH(efence, [ --with-efence link with -lefence for malloc() debugging],
1.21 millert 251: [case $with_efence in
1.15 millert 252: yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
1.9 millert 253: LIBS="${LIBS} -lefence"
254: if test -f /usr/local/lib/libefence.a; then
1.15 millert 255: with_libpath="${with_libpath} /usr/local/lib"
1.9 millert 256: fi
257: ;;
258: no) ;;
1.15 millert 259: *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence])
1.9 millert 260: ;;
261: esac])
262:
1.1 millert 263: AC_ARG_WITH(csops, [ --with-csops add CSOps standard options],
1.21 millert 264: [case $with_csops in
1.15 millert 265: yes) AC_MSG_NOTICE([Adding CSOps standard options])
1.1 millert 266: CHECKSIA=false
267: with_ignore_dot=yes
1.7 millert 268: insults=on
1.1 millert 269: with_classic_insults=yes
270: with_csops_insults=yes
271: with_env_editor=yes
1.23 millert 272: : ${mansectsu='8'}
273: : ${mansectform='5'}
1.1 millert 274: ;;
275: no) ;;
1.15 millert 276: *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
1.1 millert 277: ;;
278: esac])
279:
280: AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for authentication],
281: [case $with_passwd in
1.25 millert 282: yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
283: AC_MSG_RESULT($with_passwd)
284: AUTH_DEF=""
285: test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
1.1 millert 286: ;;
287: *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
288: ;;
289: esac])
290:
1.23 millert 291: AC_ARG_WITH(skey, [ --with-skey[=DIR] enable S/Key support ],
1.1 millert 292: [case $with_skey in
1.23 millert 293: no) with_skey=""
294: ;;
1.25 millert 295: *) AC_DEFINE(HAVE_SKEY)
1.1 millert 296: AC_MSG_CHECKING(whether to try S/Key authentication)
297: AC_MSG_RESULT(yes)
1.25 millert 298: AUTH_REG="$AUTH_REG S/Key"
1.1 millert 299: ;;
300: esac])
301:
1.23 millert 302: AC_ARG_WITH(opie, [ --with-opie[=DIR] enable OPIE support ],
1.1 millert 303: [case $with_opie in
1.23 millert 304: no) with_opie=""
305: ;;
1.25 millert 306: *) AC_DEFINE(HAVE_OPIE)
1.1 millert 307: AC_MSG_CHECKING(whether to try NRL OPIE authentication)
308: AC_MSG_RESULT(yes)
1.25 millert 309: AUTH_REG="$AUTH_REG NRL_OPIE"
1.1 millert 310: ;;
311: esac])
312:
313: AC_ARG_WITH(long-otp-prompt, [ --with-long-otp-prompt use a two line OTP (skey/opie) prompt],
314: [case $with_long_otp_prompt in
1.21 millert 315: yes) AC_DEFINE(LONG_OTP_PROMPT)
1.1 millert 316: AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
317: AC_MSG_RESULT(yes)
1.7 millert 318: long_otp_prompt=on
319: ;;
320: no) long_otp_prompt=off
1.1 millert 321: ;;
322: *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."])
323: ;;
324: esac])
325:
1.15 millert 326: AC_ARG_WITH(SecurID, [ --with-SecurID[[=DIR]] enable SecurID support],
1.1 millert 327: [case $with_SecurID in
1.15 millert 328: no) with_SecurID="";;
1.21 millert 329: *) AC_DEFINE(HAVE_SECURID)
1.1 millert 330: AC_MSG_CHECKING(whether to use SecurID for authentication)
331: AC_MSG_RESULT(yes)
1.25 millert 332: AUTH_EXCL="$AUTH_EXCL SecurID"
1.1 millert 333: ;;
334: esac])
335:
1.15 millert 336: AC_ARG_WITH(fwtk, [ --with-fwtk[[=DIR]] enable FWTK AuthSRV support],
1.1 millert 337: [case $with_fwtk in
1.15 millert 338: no) with_fwtk="";;
1.21 millert 339: *) AC_DEFINE(HAVE_FWTK)
1.1 millert 340: AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
341: AC_MSG_RESULT(yes)
1.25 millert 342: AUTH_EXCL="$AUTH_EXCL FWTK"
1.1 millert 343: ;;
344: esac])
345:
1.15 millert 346: AC_ARG_WITH(kerb4, [ --with-kerb4[[=DIR]] enable Kerberos IV support],
1.1 millert 347: [case $with_kerb4 in
1.15 millert 348: no) with_kerb4="";;
349: *) AC_MSG_CHECKING(whether to try kerberos IV authentication)
1.1 millert 350: AC_MSG_RESULT(yes)
1.25 millert 351: AUTH_REG="$AUTH_REG kerb4"
1.1 millert 352: ;;
353: esac])
354:
1.15 millert 355: AC_ARG_WITH(kerb5, [ --with-kerb5[[=DIR]] enable Kerberos V support],
1.1 millert 356: [case $with_kerb5 in
1.15 millert 357: no) with_kerb5="";;
358: *) AC_MSG_CHECKING(whether to try Kerberos V authentication)
1.1 millert 359: AC_MSG_RESULT(yes)
1.25 millert 360: AUTH_REG="$AUTH_REG kerb5"
1.1 millert 361: ;;
362: esac])
363:
1.23 millert 364: AC_ARG_WITH(aixauth, [ --with-aixauth enable AIX general authentication support],
365: [case $with_aixauth in
1.25 millert 366: yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
367: no) ;;
1.23 millert 368: *) AC_MSG_ERROR(["--with-aixauth does not take an argument."])
1.1 millert 369: ;;
370: esac])
371:
372: AC_ARG_WITH(pam, [ --with-pam enable PAM support],
373: [case $with_pam in
1.25 millert 374: yes) AUTH_EXCL="$AUTH_EXCL PAM";;
375: no) ;;
1.1 millert 376: *) AC_MSG_ERROR(["--with-pam does not take an argument."])
377: ;;
378: esac])
379:
380: AC_ARG_WITH(AFS, [ --with-AFS enable AFS support],
381: [case $with_AFS in
1.21 millert 382: yes) AC_DEFINE(HAVE_AFS)
1.1 millert 383: AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
384: AC_MSG_RESULT(yes)
1.25 millert 385: AUTH_REG="$AUTH_REG AFS"
1.1 millert 386: ;;
387: no) ;;
388: *) AC_MSG_ERROR(["--with-AFS does not take an argument."])
389: ;;
390: esac])
391:
392: AC_ARG_WITH(DCE, [ --with-DCE enable DCE support],
393: [case $with_DCE in
1.21 millert 394: yes) AC_DEFINE(HAVE_DCE)
1.1 millert 395: AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
396: AC_MSG_RESULT(yes)
1.25 millert 397: AUTH_REG="$AUTH_REG DCE"
1.1 millert 398: ;;
399: no) ;;
400: *) AC_MSG_ERROR(["--with-DCE does not take an argument."])
401: ;;
402: esac])
403:
1.6 millert 404: AC_ARG_WITH(logincap, [ --with-logincap enable BSD login class support],
1.5 millert 405: [case $with_logincap in
1.6 millert 406: yes|no) ;;
407: *) AC_MSG_ERROR(["--with-logincap does not take an argument."])
408: ;;
409: esac])
410:
411: AC_ARG_WITH(bsdauth, [ --with-bsdauth enable BSD authentication support],
412: [case $with_bsdauth in
1.25 millert 413: yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
414: no) ;;
1.23 millert 415: *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
1.5 millert 416: ;;
1.23 millert 417: esac])
418:
419: AC_ARG_WITH(project, [ --with-project enable Solaris project support],
420: [case $with_project in
421: yes|no) ;;
422: no) ;;
423: *) AC_MSG_ERROR(["--with-project does not take an argument."])
1.5 millert 424: ;;
425: esac])
426:
1.1 millert 427: AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
428: AC_ARG_WITH(lecture, [ --without-lecture don't print lecture for first-time sudoer],
1.21 millert 429: [case $with_lecture in
430: yes|short|always) lecture=once
1.1 millert 431: ;;
1.21 millert 432: no|none|never) lecture=never
1.1 millert 433: ;;
434: *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"])
435: ;;
1.7 millert 436: esac])
1.21 millert 437: if test "$lecture" = "once"; then
1.7 millert 438: AC_MSG_RESULT(yes)
439: else
1.21 millert 440: AC_DEFINE(NO_LECTURE)
1.7 millert 441: AC_MSG_RESULT(no)
442: fi
1.1 millert 443:
444: AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
445: AC_ARG_WITH(logging, [ --with-logging log via syslog, file, or both],
1.21 millert 446: [case $with_logging in
1.1 millert 447: yes) AC_MSG_ERROR(["must give --with-logging an argument."])
448: ;;
449: no) AC_MSG_ERROR(["--without-logging not supported."])
450: ;;
1.21 millert 451: syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG)
1.1 millert 452: AC_MSG_RESULT(syslog)
453: ;;
454: file) AC_DEFINE(LOGGING, SLOG_FILE)
455: AC_MSG_RESULT(file)
456: ;;
457: both) AC_DEFINE(LOGGING, SLOG_BOTH)
458: AC_MSG_RESULT(both)
459: ;;
460: *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"])
461: ;;
462: esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
463:
464: AC_MSG_CHECKING(which syslog facility sudo should log with)
1.7 millert 465: AC_ARG_WITH(logfac, [ --with-logfac syslog facility to log with (default is "local2")],
1.21 millert 466: [case $with_logfac in
1.1 millert 467: yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
468: ;;
469: no) AC_MSG_ERROR(["--without-logfac not supported."])
470: ;;
1.7 millert 471: authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac
1.1 millert 472: ;;
473: *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
474: ;;
1.7 millert 475: esac])
476: AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
477: AC_MSG_RESULT($logfac)
1.1 millert 478:
479: AC_MSG_CHECKING(at which syslog priority to log commands)
1.7 millert 480: AC_ARG_WITH(goodpri, [ --with-goodpri syslog priority for commands (def is "notice")],
1.21 millert 481: [case $with_goodpri in
1.1 millert 482: yes) AC_MSG_ERROR(["must give --with-goodpri an argument."])
483: ;;
484: no) AC_MSG_ERROR(["--without-goodpri not supported."])
485: ;;
1.7 millert 486: alert|crit|debug|emerg|err|info|notice|warning)
487: goodpri=$with_goodpri
1.1 millert 488: ;;
489: *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."])
490: ;;
1.7 millert 491: esac])
492: AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
493: AC_MSG_RESULT($goodpri)
1.1 millert 494:
495: AC_MSG_CHECKING(at which syslog priority to log failures)
1.7 millert 496: AC_ARG_WITH(badpri, [ --with-badpri syslog priority for failures (def is "alert")],
1.21 millert 497: [case $with_badpri in
1.1 millert 498: yes) AC_MSG_ERROR(["must give --with-badpri an argument."])
499: ;;
500: no) AC_MSG_ERROR(["--without-badpri not supported."])
501: ;;
1.7 millert 502: alert|crit|debug|emerg|err|info|notice|warning)
503: badpri=$with_badpri
1.1 millert 504: ;;
505: *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
506: ;;
1.7 millert 507: esac])
508: AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
1.14 millert 509: AC_MSG_RESULT($badpri)
1.1 millert 510:
511: AC_ARG_WITH(logpath, [ --with-logpath path to the sudo log file],
1.21 millert 512: [case $with_logpath in
1.1 millert 513: yes) AC_MSG_ERROR(["must give --with-logpath an argument."])
514: ;;
515: no) AC_MSG_ERROR(["--without-logpath not supported."])
516: ;;
517: esac])
518:
519: AC_MSG_CHECKING(how long a line in the log file should be)
520: AC_ARG_WITH(loglen, [ --with-loglen maximum length of a log file line (default is 80)],
1.21 millert 521: [case $with_loglen in
1.1 millert 522: yes) AC_MSG_ERROR(["must give --with-loglen an argument."])
523: ;;
524: no) AC_MSG_ERROR(["--without-loglen not supported."])
525: ;;
1.7 millert 526: [[0-9]]*) loglen=$with_loglen
1.1 millert 527: ;;
528: *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"])
529: ;;
1.7 millert 530: esac])
531: AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
532: AC_MSG_RESULT($loglen)
1.1 millert 533:
534: AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
535: AC_ARG_WITH(ignore-dot, [ --with-ignore-dot ignore '.' in the PATH],
1.21 millert 536: [case $with_ignore_dot in
1.7 millert 537: yes) ignore_dot=on
1.1 millert 538: ;;
1.7 millert 539: no) ignore_dot=off
1.1 millert 540: ;;
541: *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."])
542: ;;
1.7 millert 543: esac])
544: if test "$ignore_dot" = "on"; then
1.21 millert 545: AC_DEFINE(IGNORE_DOT_PATH)
1.7 millert 546: AC_MSG_RESULT(yes)
547: else
548: AC_MSG_RESULT(no)
549: fi
1.1 millert 550:
551: AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
552: AC_ARG_WITH(mail-if-no-user, [ --without-mail-if-no-user do not send mail if user not in sudoers],
1.21 millert 553: [case $with_mail_if_no_user in
1.7 millert 554: yes) mail_no_user=on
1.1 millert 555: ;;
1.7 millert 556: no) mail_no_user=off
1.1 millert 557: ;;
1.7 millert 558: *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."])
1.1 millert 559: ;;
1.7 millert 560: esac])
561: if test "$mail_no_user" = "on"; then
1.21 millert 562: AC_DEFINE(SEND_MAIL_WHEN_NO_USER)
1.7 millert 563: AC_MSG_RESULT(yes)
564: else
565: AC_MSG_RESULT(no)
566: fi
1.1 millert 567:
568: AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
569: AC_ARG_WITH(mail-if-no-host, [ --with-mail-if-no-host send mail if user in sudoers but not for this host],
1.21 millert 570: [case $with_mail_if_no_host in
1.7 millert 571: yes) mail_no_host=on
1.1 millert 572: ;;
1.7 millert 573: no) mail_no_host=off
1.1 millert 574: ;;
1.7 millert 575: *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."])
1.1 millert 576: ;;
1.7 millert 577: esac])
578: if test "$mail_no_host" = "on"; then
1.21 millert 579: AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
1.7 millert 580: AC_MSG_RESULT(yes)
581: else
582: AC_MSG_RESULT(no)
583: fi
1.1 millert 584:
585: AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
586: AC_ARG_WITH(mail-if-noperms, [ --with-mail-if-noperms send mail if user not allowed to run command],
1.21 millert 587: [case $with_mail_if_noperms in
1.7 millert 588: yes) mail_noperms=on
589: ;;
590: no) mail_noperms=off
591: ;;
592: *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."])
593: ;;
594: esac])
595: if test "$mail_noperms" = "on"; then
1.21 millert 596: AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
1.7 millert 597: AC_MSG_RESULT(yes)
598: else
599: AC_MSG_RESULT(no)
600: fi
601:
602: AC_MSG_CHECKING(who should get the mail that sudo sends)
603: AC_ARG_WITH(mailto, [ --with-mailto who should get sudo mail (default is "root")],
1.21 millert 604: [case $with_mailto in
1.7 millert 605: yes) AC_MSG_ERROR(["must give --with-mailto an argument."])
606: ;;
607: no) AC_MSG_ERROR(["--without-mailto not supported."])
608: ;;
609: *) mailto=$with_mailto
610: ;;
611: esac])
612: AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
613: AC_MSG_RESULT([$mailto])
614:
615: AC_ARG_WITH(mailsubject, [ --with-mailsubject subject of sudo mail],
1.21 millert 616: [case $with_mailsubject in
1.7 millert 617: yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."])
1.1 millert 618: ;;
1.15 millert 619: no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.])
1.1 millert 620: ;;
1.7 millert 621: *) mailsub="$with_mailsubject"
622: AC_MSG_CHECKING(sudo mail subject)
623: AC_MSG_RESULT([Using alert mail subject: $mailsub])
1.1 millert 624: ;;
1.7 millert 625: esac])
626: AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
1.1 millert 627:
628: AC_MSG_CHECKING(for bad password prompt)
629: AC_ARG_WITH(passprompt, [ --with-passprompt default password prompt],
1.21 millert 630: [case $with_passprompt in
1.1 millert 631: yes) AC_MSG_ERROR(["must give --with-passprompt an argument."])
632: ;;
1.15 millert 633: no) AC_MSG_WARN([Sorry, --without-passprompt not supported.])
1.1 millert 634: ;;
1.7 millert 635: *) passprompt="$with_passprompt"
636: esac])
637: AC_MSG_RESULT($passprompt)
638: AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
1.1 millert 639:
640: AC_MSG_CHECKING(for bad password message)
641: AC_ARG_WITH(badpass-message, [ --with-badpass-message message the user sees when the password is wrong],
1.21 millert 642: [case $with_badpass_message in
1.1 millert 643: yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
644: ;;
1.15 millert 645: no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.])
1.1 millert 646: ;;
1.7 millert 647: *) badpass_message="$with_badpass_message"
1.1 millert 648: ;;
1.7 millert 649: esac])
650: AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
651: AC_MSG_RESULT([$badpass_message])
1.1 millert 652:
653: AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
654: AC_ARG_WITH(fqdn, [ --with-fqdn expect fully qualified hosts in sudoers],
1.21 millert 655: [case $with_fqdn in
1.7 millert 656: yes) fqdn=on
1.1 millert 657: ;;
1.7 millert 658: no) fqdn=off
1.1 millert 659: ;;
660: *) AC_MSG_ERROR(["--with-fqdn does not take an argument."])
661: ;;
1.7 millert 662: esac])
663: if test "$fqdn" = "on"; then
1.21 millert 664: AC_DEFINE(FQDN)
1.7 millert 665: AC_MSG_RESULT(yes)
666: else
667: AC_MSG_RESULT(no)
668: fi
1.1 millert 669:
670: AC_ARG_WITH(timedir, [ --with-timedir path to the sudo timestamp dir],
1.21 millert 671: [case $with_timedir in
1.1 millert 672: yes) AC_MSG_ERROR(["must give --with-timedir an argument."])
673: ;;
674: no) AC_MSG_ERROR(["--without-timedir not supported."])
675: ;;
676: esac])
677:
678: AC_ARG_WITH(sendmail, [ --with-sendmail=path set path to sendmail
679: --without-sendmail do not send mail at all],
1.21 millert 680: [case $with_sendmail in
1.1 millert 681: yes) with_sendmail=""
682: ;;
683: no) ;;
1.7 millert 684: *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
1.1 millert 685: ;;
686: esac])
687:
688: AC_ARG_WITH(sudoers-mode, [ --with-sudoers-mode mode of sudoers file (defaults to 0440)],
1.21 millert 689: [case $with_sudoers_mode in
1.1 millert 690: yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
691: ;;
692: no) AC_MSG_ERROR(["--without-sudoers-mode not supported."])
693: ;;
694: [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode}
695: ;;
696: 0*) SUDOERS_MODE=$with_sudoers_mode
697: ;;
1.14 millert 698: *) AC_MSG_ERROR(["you must use an octal mode, not a name."])
1.1 millert 699: ;;
700: esac])
701:
702: AC_ARG_WITH(sudoers-uid, [ --with-sudoers-uid uid that owns sudoers file (defaults to 0)],
1.21 millert 703: [case $with_sudoers_uid in
1.1 millert 704: yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
705: ;;
706: no) AC_MSG_ERROR(["--without-sudoers-uid not supported."])
707: ;;
708: [[0-9]]*) SUDOERS_UID=$with_sudoers_uid
709: ;;
1.14 millert 710: *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."])
1.1 millert 711: ;;
712: esac])
713:
714: AC_ARG_WITH(sudoers-gid, [ --with-sudoers-gid gid that owns sudoers file (defaults to 0)],
1.21 millert 715: [case $with_sudoers_gid in
1.1 millert 716: yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
717: ;;
718: no) AC_MSG_ERROR(["--without-sudoers-gid not supported."])
719: ;;
720: [[0-9]]*) SUDOERS_GID=$with_sudoers_gid
721: ;;
1.14 millert 722: *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."])
1.1 millert 723: ;;
724: esac])
725:
726: AC_MSG_CHECKING(for umask programs should be run with)
1.7 millert 727: AC_ARG_WITH(umask, [ --with-umask umask with which the prog should run (default is 022)
1.1 millert 728: --without-umask Preserves the umask of the user invoking sudo.],
1.21 millert 729: [case $with_umask in
1.1 millert 730: yes) AC_MSG_ERROR(["must give --with-umask an argument."])
731: ;;
1.7 millert 732: no) sudo_umask=0777
1.1 millert 733: ;;
1.7 millert 734: [[0-9]]*) sudo_umask=$with_umask
1.1 millert 735: ;;
736: *) AC_MSG_ERROR(["you must enter a numeric mask."])
737: ;;
1.7 millert 738: esac])
739: AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.])
740: if test "$sudo_umask" = "0777"; then
741: AC_MSG_RESULT(user)
742: else
743: AC_MSG_RESULT($sudo_umask)
744: fi
1.1 millert 745:
746: AC_MSG_CHECKING(for default user to run commands as)
1.7 millert 747: AC_ARG_WITH(runas-default, [ --with-runas-default User to run commands as (default is "root")],
1.21 millert 748: [case $with_runas_default in
1.1 millert 749: yes) AC_MSG_ERROR(["must give --with-runas-default an argument."])
750: ;;
751: no) AC_MSG_ERROR(["--without-runas-default not supported."])
752: ;;
1.7 millert 753: *) runas_default="$with_runas_default"
1.1 millert 754: ;;
1.7 millert 755: esac])
756: AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
757: AC_MSG_RESULT([$runas_default])
1.1 millert 758:
759: AC_ARG_WITH(exempt, [ --with-exempt=group no passwd needed for users in this group],
1.21 millert 760: [case $with_exempt in
1.1 millert 761: yes) AC_MSG_ERROR(["must give --with-exempt an argument."])
762: ;;
763: no) AC_MSG_ERROR(["--without-exempt not supported."])
764: ;;
1.7 millert 765: *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
1.1 millert 766: AC_MSG_CHECKING(for group to be exempt from password)
767: AC_MSG_RESULT([$with_exempt])
768: ;;
769: esac])
770:
771: AC_MSG_CHECKING(for editor that visudo should use)
772: AC_ARG_WITH(editor, [ --with-editor=path Default editor for visudo (defaults to vi)],
1.21 millert 773: [case $with_editor in
1.1 millert 774: yes) AC_MSG_ERROR(["must give --with-editor an argument."])
775: ;;
776: no) AC_MSG_ERROR(["--without-editor not supported."])
777: ;;
1.7 millert 778: *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
1.1 millert 779: AC_MSG_RESULT([$with_editor])
780: ;;
781: esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
782:
783: AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
784: AC_ARG_WITH(env-editor, [ --with-env-editor Use the environment variable EDITOR for visudo],
1.21 millert 785: [case $with_env_editor in
1.7 millert 786: yes) env_editor=on
1.1 millert 787: ;;
1.7 millert 788: no) env_editor=off
1.1 millert 789: ;;
790: *) AC_MSG_ERROR(["--with-env-editor does not take an argument."])
791: ;;
1.7 millert 792: esac])
793: if test "$env_editor" = "on"; then
1.21 millert 794: AC_DEFINE(ENV_EDITOR)
1.7 millert 795: AC_MSG_RESULT(yes)
796: else
797: AC_MSG_RESULT(no)
798: fi
1.1 millert 799:
800: AC_MSG_CHECKING(number of tries a user gets to enter their password)
801: AC_ARG_WITH(passwd-tries, [ --with-passwd-tries number of tries to enter password (default is 3)],
1.21 millert 802: [case $with_passwd_tries in
1.7 millert 803: yes) ;;
1.1 millert 804: no) AC_MSG_ERROR(["--without-editor not supported."])
805: ;;
1.7 millert 806: [[1-9]]*) passwd_tries=$with_passwd_tries
1.1 millert 807: ;;
808: *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"])
809: ;;
1.7 millert 810: esac])
811: AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
812: AC_MSG_RESULT($passwd_tries)
1.1 millert 813:
814: AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
1.7 millert 815: AC_ARG_WITH(timeout, [ --with-timeout minutes before sudo asks for passwd again (def is 5 minutes)],
1.21 millert 816: [case $with_timeout in
1.7 millert 817: yes) ;;
818: no) timeout=0
1.1 millert 819: ;;
1.7 millert 820: [[0-9]]*) timeout=$with_timeout
1.1 millert 821: ;;
822: *) AC_MSG_ERROR(["you must enter the numer of minutes."])
823: ;;
1.7 millert 824: esac])
825: AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
826: AC_MSG_RESULT($timeout)
1.1 millert 827:
828: AC_MSG_CHECKING(time in minutes after the password prompt will time out)
1.7 millert 829: AC_ARG_WITH(password-timeout, [ --with-password-timeout passwd prompt timeout in minutes (default is 5 minutes)],
1.21 millert 830: [case $with_password_timeout in
1.7 millert 831: yes) ;;
832: no) password_timeout=0
1.1 millert 833: ;;
1.7 millert 834: [[0-9]]*) password_timeout=$with_password_timeout
1.1 millert 835: ;;
836: *) AC_MSG_ERROR(["you must enter the numer of minutes."])
837: ;;
1.7 millert 838: esac])
839: AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
840: AC_MSG_RESULT($password_timeout)
1.1 millert 841:
842: AC_MSG_CHECKING(whether to use per-tty ticket files)
843: AC_ARG_WITH(tty-tickets, [ --with-tty-tickets use a different ticket file for each tty],
1.21 millert 844: [case $with_tty_tickets in
1.7 millert 845: yes) tty_tickets=on
1.1 millert 846: ;;
1.7 millert 847: no) tty_tickets=off
1.1 millert 848: ;;
849: *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
850: ;;
1.7 millert 851: esac])
852: if test "$tty_tickets" = "on"; then
1.21 millert 853: AC_DEFINE(USE_TTY_TICKETS)
1.7 millert 854: AC_MSG_RESULT(yes)
855: else
856: AC_MSG_RESULT(no)
857: fi
1.1 millert 858:
859: AC_MSG_CHECKING(whether to include insults)
860: AC_ARG_WITH(insults, [ --with-insults insult the user for entering an incorrect password],
1.21 millert 861: [case $with_insults in
1.7 millert 862: yes) insults=on
1.1 millert 863: with_classic_insults=yes
864: with_csops_insults=yes
865: ;;
1.7 millert 866: no) insults=off
1.1 millert 867: ;;
868: *) AC_MSG_ERROR(["--with-insults does not take an argument."])
869: ;;
1.7 millert 870: esac])
871: if test "$insults" = "on"; then
1.21 millert 872: AC_DEFINE(USE_INSULTS)
1.7 millert 873: AC_MSG_RESULT(yes)
874: else
875: AC_MSG_RESULT(no)
876: fi
1.1 millert 877:
878: AC_ARG_WITH(all-insults, [ --with-all-insults include all the sudo insult sets],
1.21 millert 879: [case $with_all_insults in
1.1 millert 880: yes) with_classic_insults=yes
881: with_csops_insults=yes
882: with_hal_insults=yes
883: with_goons_insults=yes
884: ;;
885: no) ;;
886: *) AC_MSG_ERROR(["--with-all-insults does not take an argument."])
887: ;;
888: esac])
889:
890: AC_ARG_WITH(classic-insults, [ --with-classic-insults include the insults from the "classic" sudo],
1.21 millert 891: [case $with_classic_insults in
892: yes) AC_DEFINE(CLASSIC_INSULTS)
1.1 millert 893: ;;
894: no) ;;
895: *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."])
896: ;;
897: esac])
898:
899: AC_ARG_WITH(csops-insults, [ --with-csops-insults include CSOps insults],
1.21 millert 900: [case $with_csops_insults in
901: yes) AC_DEFINE(CSOPS_INSULTS)
1.1 millert 902: ;;
903: no) ;;
904: *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."])
905: ;;
906: esac])
907:
908: AC_ARG_WITH(hal-insults, [ --with-hal-insults include 2001-like insults],
1.21 millert 909: [case $with_hal_insults in
910: yes) AC_DEFINE(HAL_INSULTS)
1.1 millert 911: ;;
912: no) ;;
913: *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."])
914: ;;
915: esac])
916:
1.7 millert 917: AC_ARG_WITH(goons-insults, [ --with-goons-insults include the insults from the "Goon Show"],
1.21 millert 918: [case $with_goons_insults in
919: yes) AC_DEFINE(GOONS_INSULTS)
1.1 millert 920: ;;
921: no) ;;
922: *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."])
923: ;;
924: esac])
925:
1.35 ! millert 926: AC_ARG_WITH(nsswitch, [ --with-nsswitch[[=PATH]] path to nsswitch.conf],
! 927: [case $with_nsswitch in
! 928: no) ;;
! 929: yes) with_nsswitch="/etc/nsswitch.conf"
! 930: ;;
! 931: *) ;;
! 932: esac])
! 933: if test ${with_nsswitch-"yes"} != "no"; then
! 934: SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}")
! 935: nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf}
! 936: else
! 937: nsswitch_conf='/etc/nsswitch.conf'
! 938: fi
! 939:
1.23 millert 940: AC_ARG_WITH(ldap, [ --with-ldap[[=DIR]] enable LDAP support],
1.21 millert 941: [case $with_ldap in
942: no) with_ldap="";;
943: *) AC_DEFINE(HAVE_LDAP)
944: AC_MSG_CHECKING(whether to use sudoers from LDAP)
945: AC_MSG_RESULT(yes)
946: ;;
947: esac])
1.35 ! millert 948:
! 949: AC_ARG_WITH(ldap-conf-file, [ --with-ldap-conf-file path to LDAP configuration file])
! 950: SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "${with_ldap_conf_file-/etc/ldap.conf}", [Path to the ldap.conf file])
! 951: ldap_conf=${with_ldap_conf_file-'/etc/ldap.conf'}
! 952:
! 953: AC_ARG_WITH(ldap-secret-file, [ --with-ldap-secret-file path to LDAP secret password file])
! 954: SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "${with_ldap_secret_file-/etc/ldap.secret}", [Path to the ldap.secret file])
! 955: ldap_secret=${with_ldap_secret_file-'/etc/ldap.secret'}
1.21 millert 956:
957: AC_ARG_WITH(pc-insults, [ --with-pc-insults replace politically incorrect insults with less offensive ones],
958: [case $with_pc_insults in
959: yes) AC_DEFINE(PC_INSULTS)
960: ;;
961: no) ;;
962: *) AC_MSG_ERROR(["--with-pc-insults does not take an argument."])
963: ;;
964: esac])
965:
1.1 millert 966: dnl include all insult sets on one line
1.7 millert 967: if test "$insults" = "on"; then
1.1 millert 968: AC_MSG_CHECKING(which insult sets to include)
969: i=""
970: test "$with_goons_insults" = "yes" && i="goons ${i}"
971: test "$with_hal_insults" = "yes" && i="hal ${i}"
972: test "$with_csops_insults" = "yes" && i="csops ${i}"
973: test "$with_classic_insults" = "yes" && i="classic ${i}"
974: AC_MSG_RESULT([$i])
975: fi
976:
977: AC_MSG_CHECKING(whether to override the user's path)
1.18 millert 978: AC_ARG_WITH(secure-path, [ --with-secure-path override the user's path with a built-in one],
1.21 millert 979: [case $with_secure_path in
980: yes) AC_DEFINE_UNQUOTED(SECURE_PATH, "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc")
1.1 millert 981: AC_MSG_RESULT([:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc])
982: ;;
983: no) AC_MSG_RESULT(no)
984: ;;
985: *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
986: AC_MSG_RESULT([$with_secure_path])
987: ;;
988: esac], AC_MSG_RESULT(no))
989:
990: AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
991: AC_ARG_WITH(interfaces, [ --without-interfaces don't try to read the ip addr of ether interfaces],
1.21 millert 992: [case $with_interfaces in
1.1 millert 993: yes) AC_MSG_RESULT(yes)
994: ;;
1.21 millert 995: no) AC_DEFINE(STUB_LOAD_INTERFACES)
1.1 millert 996: AC_MSG_RESULT(no)
997: ;;
998: *) AC_MSG_ERROR(["--with-interfaces does not take an argument."])
999: ;;
1000: esac], AC_MSG_RESULT(yes))
1001:
1.14 millert 1002: AC_MSG_CHECKING(whether stow should be used)
1003: AC_ARG_WITH(stow, [ --with-stow properly handle GNU stow packaging],
1004: [case $with_stow in
1005: yes) AC_MSG_RESULT(yes)
1.21 millert 1006: AC_DEFINE(USE_STOW)
1.14 millert 1007: ;;
1008: no) AC_MSG_RESULT(no)
1009: ;;
1010: *) AC_MSG_ERROR(["--with-stow does not take an argument."])
1011: ;;
1012: esac], AC_MSG_RESULT(no))
1013:
1.35 ! millert 1014: AC_MSG_CHECKING(whether to use an askpass helper)
! 1015: AC_ARG_WITH(askpass, [ --with-askpass=PATH Fully qualified pathname of askpass helper],
! 1016: [case $with_askpass in
! 1017: yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."])
! 1018: ;;
! 1019: no) ;;
! 1020: *) AC_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass])
! 1021: ;;
! 1022: esac], AC_MSG_RESULT(no))
! 1023:
1.1 millert 1024: dnl
1025: dnl Options for --enable
1026: dnl
1027:
1028: AC_MSG_CHECKING(whether to do user authentication by default)
1029: AC_ARG_ENABLE(authentication,
1030: [ --disable-authentication
1031: Do not require authentication by default],
1032: [ case "$enableval" in
1033: yes) AC_MSG_RESULT(yes)
1034: ;;
1035: no) AC_MSG_RESULT(no)
1.21 millert 1036: AC_DEFINE(NO_AUTHENTICATION)
1.1 millert 1037: ;;
1038: *) AC_MSG_RESULT(no)
1.15 millert 1039: AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval])
1.1 millert 1040: ;;
1041: esac
1042: ], AC_MSG_RESULT(yes))
1.9 millert 1043:
1.10 millert 1044: AC_MSG_CHECKING(whether to disable running the mailer as root)
1045: AC_ARG_ENABLE(root-mailer,
1046: [ --disable-root-mailer Don't run the mailer as root, run as the user],
1047: [ case "$enableval" in
1048: yes) AC_MSG_RESULT(no)
1049: ;;
1050: no) AC_MSG_RESULT(yes)
1.21 millert 1051: AC_DEFINE(NO_ROOT_MAILER)
1.10 millert 1052: ;;
1053: *) AC_MSG_RESULT(no)
1.15 millert 1054: AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval])
1.10 millert 1055: ;;
1056: esac
1057: ], AC_MSG_RESULT(no))
1058:
1.11 millert 1059: AC_ARG_ENABLE(setreuid,
1060: [ --disable-setreuid Don't try to use the setreuid() function],
1061: [ case "$enableval" in
1.14 millert 1062: no) SKIP_SETREUID=yes
1063: ;;
1064: *) ;;
1065: esac
1066: ])
1067:
1068: AC_ARG_ENABLE(setresuid,
1.23 millert 1069: [ --disable-setresuid Don't try to use the setresuid() function],
1.14 millert 1070: [ case "$enableval" in
1071: no) SKIP_SETRESUID=yes
1.11 millert 1072: ;;
1073: *) ;;
1074: esac
1075: ])
1076:
1.1 millert 1077: AC_MSG_CHECKING(whether to disable shadow password support)
1078: AC_ARG_ENABLE(shadow,
1079: [ --disable-shadow Never use shadow passwords],
1080: [ case "$enableval" in
1081: yes) AC_MSG_RESULT(no)
1082: ;;
1083: no) AC_MSG_RESULT(yes)
1084: CHECKSHADOW="false"
1085: ;;
1086: *) AC_MSG_RESULT(no)
1.15 millert 1087: AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval])
1.1 millert 1088: ;;
1089: esac
1090: ], AC_MSG_RESULT(no))
1091:
1092: AC_MSG_CHECKING(whether root should be allowed to use sudo)
1093: AC_ARG_ENABLE(root-sudo,
1.10 millert 1094: [ --disable-root-sudo Don't allow root to run sudo],
1.21 millert 1095: [ case "$enableval" in
1.1 millert 1096: yes) AC_MSG_RESULT(yes)
1097: ;;
1.21 millert 1098: no) AC_DEFINE(NO_ROOT_SUDO)
1.1 millert 1099: AC_MSG_RESULT(no)
1.21 millert 1100: root_sudo=off
1.1 millert 1101: ;;
1102: *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."])
1103: ;;
1104: esac
1105: ], AC_MSG_RESULT(yes))
1106:
1107: AC_MSG_CHECKING(whether to log the hostname in the log file)
1108: AC_ARG_ENABLE(log-host,
1109: [ --enable-log-host Log the hostname in the log file],
1110: [ case "$enableval" in
1111: yes) AC_MSG_RESULT(yes)
1.21 millert 1112: AC_DEFINE(HOST_IN_LOG)
1.1 millert 1113: ;;
1114: no) AC_MSG_RESULT(no)
1115: ;;
1116: *) AC_MSG_RESULT(no)
1.15 millert 1117: AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval])
1.1 millert 1118: ;;
1119: esac
1120: ], AC_MSG_RESULT(no))
1121:
1122: AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
1123: AC_ARG_ENABLE(noargs-shell,
1124: [ --enable-noargs-shell If sudo is given no arguments run a shell],
1125: [ case "$enableval" in
1126: yes) AC_MSG_RESULT(yes)
1.21 millert 1127: AC_DEFINE(SHELL_IF_NO_ARGS)
1.1 millert 1128: ;;
1129: no) AC_MSG_RESULT(no)
1130: ;;
1131: *) AC_MSG_RESULT(no)
1.15 millert 1132: AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval])
1.1 millert 1133: ;;
1134: esac
1135: ], AC_MSG_RESULT(no))
1136:
1137: AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
1138: AC_ARG_ENABLE(shell-sets-home,
1139: [ --enable-shell-sets-home
1.35 ! millert 1140: Set $HOME to target user in shell mode],
1.1 millert 1141: [ case "$enableval" in
1142: yes) AC_MSG_RESULT(yes)
1.21 millert 1143: AC_DEFINE(SHELL_SETS_HOME)
1.1 millert 1144: ;;
1145: no) AC_MSG_RESULT(no)
1146: ;;
1147: *) AC_MSG_RESULT(no)
1.15 millert 1148: AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval])
1.1 millert 1149: ;;
1150: esac
1151: ], AC_MSG_RESULT(no))
1152:
1153: AC_MSG_CHECKING(whether to disable 'command not found' messages)
1154: AC_ARG_ENABLE(path_info,
1155: [ --disable-path-info Print 'command not allowed' not 'command not found'],
1156: [ case "$enableval" in
1157: yes) AC_MSG_RESULT(no)
1158: ;;
1159: no) AC_MSG_RESULT(yes)
1.21 millert 1160: AC_DEFINE(DONT_LEAK_PATH_INFO)
1.23 millert 1161: path_info=off
1.1 millert 1162: ;;
1163: *) AC_MSG_RESULT(no)
1.15 millert 1164: AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval])
1.1 millert 1165: ;;
1166: esac
1167: ], AC_MSG_RESULT(no))
1168:
1.34 millert 1169: AC_ARG_WITH(selinux, [ --with-selinux enable SELinux support],
1170: [case $with_selinux in
1.35 ! millert 1171: yes) SELINUX_USAGE="[[-r role]] [[-t type]] "
! 1172: AC_DEFINE(HAVE_SELINUX)
1.34 millert 1173: SUDO_LIBS="${SUDO_LIBS} -lselinux"
1174: SUDO_OBJS="${SUDO_OBJS} selinux.o"
1175: PROGS="${PROGS} sesh"
1176: SELINUX=""
1177: SEMAN=""
1178: ;;
1179: no) ;;
1180: *) AC_MSG_ERROR(["--with-selinux does not take an argument."])
1181: ;;
1182: esac])
1183:
1.1 millert 1184: dnl
1.35 ! millert 1185: dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default
! 1186: dnl
! 1187: AC_ARG_ENABLE(gss_krb5_ccache_name, [ --enable-gss-krb5-ccache-name
! 1188: Use GSS-API to set the Kerberos V cred cache name], [check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no])
! 1189:
! 1190: dnl
1.1 millert 1191: dnl If we don't have egrep we can't do anything...
1192: dnl
1.23 millert 1193: AC_CHECK_PROG(EGREPPROG, egrep, egrep)
1.1 millert 1194: if test -z "$EGREPPROG"; then
1.15 millert 1195: AC_MSG_ERROR([Sorry, configure requires egrep to run.])
1.1 millert 1196: fi
1197:
1198: dnl
1.7 millert 1199: dnl Prevent configure from adding the -g flag unless in devel mode
1200: dnl
1201: if test "$with_devel" != "yes"; then
1202: ac_cv_prog_cc_g=no
1203: fi
1204:
1205: dnl
1.1 millert 1206: dnl C compiler checks
1207: dnl
1.7 millert 1208: AC_ISC_POSIX
1.1 millert 1209: AC_PROG_CPP
1210:
1211: dnl
1.21 millert 1212: dnl Libtool magic; enable shared libs and disable static libs
1213: dnl
1214: AC_CANONICAL_HOST
1.23 millert 1215: AC_CANONICAL_TARGET([])
1.25 millert 1216: AC_DISABLE_STATIC
1217: AC_PROG_LIBTOOL
1.21 millert 1218:
1219: dnl
1220: dnl Defer with_noexec until after libtool magic runs
1221: dnl
1222: if test "$enable_shared" = "no"; then
1223: with_noexec=no
1224: else
1.24 millert 1225: eval _shrext="$shrext_cmds"
1.21 millert 1226: fi
1227: AC_MSG_CHECKING(path to sudo_noexec.so)
1.23 millert 1228: AC_ARG_WITH(noexec, [ --with-noexec[=PATH] fully qualified pathname of sudo_noexec.so],
1.21 millert 1229: [case $with_noexec in
1230: yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
1231: ;;
1232: no) ;;
1233: *) ;;
1234: esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
1235: AC_MSG_RESULT($with_noexec)
1.34 millert 1236: NOEXECFILE="sudo_noexec$_shrext"
1.21 millert 1237: NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
1238:
1239: dnl
1.1 millert 1240: dnl It is now safe to modify CFLAGS and CPPFLAGS
1241: dnl
1242: if test "$with_devel" = "yes" -a -n "$GCC"; then
1243: CFLAGS="${CFLAGS} -Wall"
1244: fi
1245:
1246: dnl
1247: dnl Find programs we use
1248: dnl
1.23 millert 1249: AC_CHECK_PROG(UNAMEPROG, uname, uname)
1250: AC_CHECK_PROG(TRPROG, tr, tr)
1251: AC_CHECK_PROG(NROFFPROG, nroff, nroff)
1.1 millert 1252: if test -z "$NROFFPROG"; then
1253: MANTYPE="cat"
1.5 millert 1254: mansrcdir='$(srcdir)'
1.1 millert 1255: fi
1256:
1257: dnl
1258: dnl What kind of beastie are we being run on?
1259: dnl Barf if config.cache was generated on another host.
1260: dnl
1261: if test -n "$sudo_cv_prev_host"; then
1262: if test "$sudo_cv_prev_host" != "$host"; then
1.15 millert 1263: AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
1.1 millert 1264: else
1265: AC_MSG_CHECKING(previous host type)
1266: AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1.15 millert 1267: AC_MSG_RESULT([$sudo_cv_prev_host])
1.1 millert 1268: fi
1269: else
1270: # this will produce no output since there is no cached value
1271: AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1272: fi
1273:
1274: dnl
1275: dnl We want to be able to differentiate between different rev's
1276: dnl
1277: if test -n "$host_os"; then
1278: OS=`echo $host_os | sed 's/[[0-9]].*//'`
1.23 millert 1279: OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'`
1280: OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
1.1 millert 1281: else
1282: OS="unknown"
1283: OSREV=0
1.23 millert 1284: OSMAJOR=0
1.1 millert 1285: fi
1286:
1287: case "$host" in
1288: *-*-sunos4*)
1289: # getcwd(3) opens a pipe to getpwd(1)!?!
1290: BROKEN_GETCWD=1
1291:
1292: # system headers lack prototypes but gcc helps...
1293: if test -n "$GCC"; then
1.23 millert 1294: OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
1.1 millert 1295: fi
1296:
1.23 millert 1297: shadow_funcs="getpwanam issecure"
1.1 millert 1298: ;;
1299: *-*-solaris2*)
1300: # To get the crypt(3) prototype (so we pass -Wall)
1.23 millert 1301: OSDEFS="${OSDEFS} -D__EXTENSIONS__"
1.1 millert 1302: # AFS support needs -lucb
1303: if test "$with_AFS" = "yes"; then
1304: AFS_LIBS="-lc -lucb"
1305: fi
1.23 millert 1306: : ${mansectsu='1m'}
1307: : ${mansectform='4'}
1308: : ${with_rpath='yes'}
1.25 millert 1309: test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1.1 millert 1310: ;;
1311: *-*-aix*)
1312: # To get all prototypes (so we pass -Wall)
1.23 millert 1313: OSDEFS="${OSDEFS} -D_XOPEN_EXTENDED_SOURCE -D_ALL_SOURCE"
1.1 millert 1314: SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
1.15 millert 1315: if test X"$with_blibpath" != X"no"; then
1316: AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
1317: O_LDFLAGS="$LDFLAGS"
1.23 millert 1318: LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
1319: AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [
1.15 millert 1320: if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
1321: blibpath="$with_blibpath"
1322: elif test -n "$GCC"; then
1323: blibpath="/usr/lib:/lib:/usr/local/lib"
1324: else
1325: blibpath="/usr/lib:/lib"
1326: fi
1327: AC_MSG_RESULT(yes)
1328: ], [AC_MSG_RESULT(no)])
1329: fi
1330: LDFLAGS="$O_LDFLAGS"
1.23 millert 1331:
1.25 millert 1332: # Use authenticate(3) as the default authentication method
1.23 millert 1333: if test X"$with_aixauth" = X""; then
1.25 millert 1334: AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
1.23 millert 1335: fi
1.35 ! millert 1336:
! 1337: # AIX-specific functions
! 1338: AC_CHECK_FUNCS(getuserattr)
! 1339: SUDO_OBJS="$SUDO_OBJS aix.o"
1.1 millert 1340: ;;
1341: *-*-hiuxmpp*)
1.23 millert 1342: : ${mansectsu='1m'}
1343: : ${mansectform='4'}
1.1 millert 1344: ;;
1.21 millert 1345: *-*-hpux*)
1.1 millert 1346: # AFS support needs -lBSD
1347: if test "$with_AFS" = "yes"; then
1348: AFS_LIBS="-lc -lBSD"
1349: fi
1.23 millert 1350: : ${mansectsu='1m'}
1351: : ${mansectform='4'}
1.1 millert 1352:
1.21 millert 1353: case "$host" in
1354: *-*-hpux[1-8].*)
1355: AC_DEFINE(BROKEN_SYSLOG)
1356:
1357: # Not sure if setuid binaries are safe in < 9.x
1358: if test -n "$GCC"; then
1359: SUDO_LDFLAGS="${SUDO_LDFLAGS} -static"
1360: else
1361: SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive"
1362: fi
1363: ;;
1364: *-*-hpux9.*)
1365: AC_DEFINE(BROKEN_SYSLOG)
1366:
1.23 millert 1367: shadow_funcs="getspwuid"
1.21 millert 1368:
1369: # DCE support (requires ANSI C compiler)
1370: if test "$with_DCE" = "yes"; then
1371: # order of libs in 9.X is important. -lc_r must be last
1372: SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r"
1373: LIBS="${LIBS} -ldce -lM -lc_r"
1374: CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
1375: fi
1376: ;;
1377: *-*-hpux10.*)
1.23 millert 1378: shadow_funcs="getprpwnam iscomsec"
1379: shadow_libs="-lsec"
1.21 millert 1380: ;;
1381: *)
1.23 millert 1382: shadow_funcs="getspnam iscomsec"
1383: shadow_libs="-lsec"
1.25 millert 1384: test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1.21 millert 1385: ;;
1386: esac
1.1 millert 1387: ;;
1388: *-dec-osf*)
1389: # ignore envariables wrt dynamic lib path
1390: SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement"
1391:
1.26 millert 1392: : ${CHECKSIA='true'}
1.1 millert 1393: AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
1394: AC_ARG_ENABLE(sia,
1.25 millert 1395: [ --disable-sia Disable SIA on Digital UNIX],
1.1 millert 1396: [ case "$enableval" in
1397: yes) AC_MSG_RESULT(no)
1.26 millert 1398: CHECKSIA=true
1.1 millert 1399: ;;
1400: no) AC_MSG_RESULT(yes)
1401: CHECKSIA=false
1402: ;;
1403: *) AC_MSG_RESULT(no)
1.15 millert 1404: AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval])
1.1 millert 1405: ;;
1406: esac
1407: ], AC_MSG_RESULT(no))
1408:
1.23 millert 1409: shadow_funcs="getprpwnam dispcrypt"
1410: # OSF/1 4.x and higher need -ldb too
1411: if test $OSMAJOR -lt 4; then
1412: shadow_libs="-lsecurity -laud -lm"
1413: else
1414: shadow_libs="-lsecurity -ldb -laud -lm"
1415: fi
1416:
1417: # use SIA by default, if we have it
1.25 millert 1418: test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
1419:
1420: #
1421: # Some versions of Digital Unix ship with a broken
1422: # copy of prot.h, which we need for shadow passwords.
1423: # XXX - make should remove this as part of distclean
1424: #
1425: AC_MSG_CHECKING([for broken prot.h])
1426: AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1.1 millert 1427: #include <sys/types.h>
1428: #include <sys/security.h>
1429: #include <prot.h>
1.25 millert 1430: ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
1431: sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
1432: ])
1.23 millert 1433: : ${mansectsu='8'}
1434: : ${mansectform='4'}
1.1 millert 1435: ;;
1436: *-*-irix*)
1.23 millert 1437: OSDEFS="${OSDEFS} -D_BSD_TYPES"
1.1 millert 1438: if test -z "$NROFFPROG"; then
1.14 millert 1439: MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
1.1 millert 1440: if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
1441: if test -d /usr/share/catman/local; then
1442: mandir="/usr/share/catman/local"
1443: else
1444: mandir="/usr/catman/local"
1445: fi
1446: fi
1447: else
1448: if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
1449: if test -d "/usr/share/man/local"; then
1450: mandir="/usr/share/man/local"
1451: else
1452: mandir="/usr/man/local"
1453: fi
1454: fi
1455: fi
1456: # IRIX <= 4 needs -lsun
1.23 millert 1457: if test "$OSMAJOR" -le 4; then
1.1 millert 1458: AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
1459: fi
1.23 millert 1460: : ${mansectsu='1m'}
1461: : ${mansectform='4'}
1.1 millert 1462: ;;
1.34 millert 1463: *-*-linux*|*-*-k*bsd*-gnu)
1.23 millert 1464: OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1.1 millert 1465: # Some Linux versions need to link with -lshadow
1.23 millert 1466: shadow_funcs="getspnam"
1467: shadow_libs_optional="-lshadow"
1.25 millert 1468: test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1.1 millert 1469: ;;
1470: *-convex-bsd*)
1.23 millert 1471: OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
1.1 millert 1472: if test -z "$GCC"; then
1473: CFLAGS="${CFLAGS} -D__STDC__"
1474: fi
1475:
1.23 millert 1476: shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
1477: shadow_funcs="getprpwnam"
1478: shadow_libs="-lprot"
1.1 millert 1479: ;;
1480: *-*-ultrix*)
1481: OS="ultrix"
1.23 millert 1482: shadow_funcs="getauthuid"
1483: shadow_libs="-lauth"
1.1 millert 1484: ;;
1485: *-*-riscos*)
1486: LIBS="${LIBS} -lsun -lbsd"
1487: CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
1488: OSDEFS="${OSDEFS} -D_MIPS"
1.23 millert 1489: : ${mansectsu='1m'}
1490: : ${mansectform='4'}
1.1 millert 1491: ;;
1492: *-*-isc*)
1493: OSDEFS="${OSDEFS} -D_ISC"
1494: LIB_CRYPT=1
1495: SUDO_LIBS="${SUDO_LIBS} -lcrypt"
1496: LIBS="${LIBS} -lcrypt"
1497:
1.23 millert 1498: shadow_funcs="getspnam"
1499: shadow_libs="-lsec"
1500:
1501: : ${mansectsu='1m'}
1502: : ${mansectform='4'}
1.1 millert 1503: ;;
1.7 millert 1504: *-*-sco*|*-sco-*)
1.23 millert 1505: shadow_funcs="getprpwnam"
1506: shadow_libs="-lprot -lx"
1507: : ${mansectsu='1m'}
1508: : ${mansectform='4'}
1.8 millert 1509: ;;
1510: m88k-motorola-sysv*)
1511: # motorolla's cc (a variant of gcc) does -O but not -O2
1512: CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
1.23 millert 1513: : ${mansectsu='1m'}
1514: : ${mansectform='4'}
1.1 millert 1515: ;;
1516: *-sequent-sysv*)
1.23 millert 1517: shadow_funcs="getspnam"
1518: shadow_libs="-lsec"
1519: : ${mansectsu='1m'}
1520: : ${mansectform='4'}
1521: : ${with_rpath='yes'}
1.7 millert 1522: ;;
1523: *-ncr-sysv4*|*-ncr-sysvr4*)
1524: AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes])
1.23 millert 1525: : ${mansectsu='1m'}
1526: : ${mansectform='4'}
1527: : ${with_rpath='yes'}
1.1 millert 1528: ;;
1.7 millert 1529: *-ccur-sysv4*|*-ccur-sysvr4*)
1.1 millert 1530: LIBS="${LIBS} -lgen"
1531: SUDO_LIBS="${SUDO_LIBS} -lgen"
1.23 millert 1532: : ${mansectsu='1m'}
1533: : ${mansectform='4'}
1534: : ${with_rpath='yes'}
1.1 millert 1535: ;;
1536: *-*-bsdi*)
1.14 millert 1537: SKIP_SETREUID=yes
1.5 millert 1538: # Use shlicc for BSD/OS [23].x unless asked to do otherwise
1539: if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then
1.23 millert 1540: case "$OSMAJOR" in
1.15 millert 1541: 2|3) AC_MSG_NOTICE([using shlicc as CC])
1.5 millert 1542: ac_cv_prog_CC=shlicc
1543: CC="$ac_cv_prog_CC"
1544: ;;
1545: esac
1546: fi
1.23 millert 1547: # Check for newer BSD auth API (just check for >= 3.0?)
1548: if test -z "$with_bsdauth"; then
1.25 millert 1549: AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
1.23 millert 1550: fi
1.5 millert 1551: ;;
1552: *-*-freebsd*)
1.11 millert 1553: # FreeBSD has a real setreuid(2) starting with 2.1 and
1554: # backported to 2.0.5. We just take 2.1 and above...
1.23 millert 1555: case "$OSREV" in
1.11 millert 1556: 0.*|1.*|2.0*)
1.14 millert 1557: SKIP_SETREUID=yes
1.11 millert 1558: ;;
1559: esac
1.5 millert 1560: if test "$with_skey" = "yes"; then
1561: SUDO_LIBS="${SUDO_LIBS} -lmd"
1562: fi
1.25 millert 1563: CHECKSHADOW="false"
1564: test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1.23 millert 1565: : ${with_logincap='maybe'}
1.1 millert 1566: ;;
1.7 millert 1567: *-*-*openbsd*)
1.23 millert 1568: # OpenBSD has a real setreuid(2) starting with 3.3 but
1569: # we will use setreuid(2) instead.
1.14 millert 1570: SKIP_SETREUID=yes
1.25 millert 1571: CHECKSHADOW="false"
1.23 millert 1572: # OpenBSD >= 3.0 supports BSD auth
1573: if test -z "$with_bsdauth"; then
1574: case "$OSREV" in
1575: [0-2].*)
1576: ;;
1577: *)
1.25 millert 1578: AUTH_EXCL_DEF="BSD_AUTH"
1.23 millert 1579: ;;
1580: esac
1581: fi
1582: : ${with_logincap='maybe'}
1.7 millert 1583: ;;
1584: *-*-*netbsd*)
1.11 millert 1585: # NetBSD has a real setreuid(2) starting with 1.3.2
1.23 millert 1586: case "$OSREV" in
1.11 millert 1587: 0.9*|1.[012]*|1.3|1.3.1)
1.14 millert 1588: SKIP_SETREUID=yes
1.11 millert 1589: ;;
1590: esac
1.25 millert 1591: CHECKSHADOW="false"
1592: test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1.23 millert 1593: : ${with_logincap='maybe'}
1594: ;;
1595: *-*-dragonfly*)
1596: if test "$with_skey" = "yes"; then
1597: SUDO_LIBS="${SUDO_LIBS} -lmd"
1598: fi
1.25 millert 1599: CHECKSHADOW="false"
1600: test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1.23 millert 1601: : ${with_logincap='yes'}
1.7 millert 1602: ;;
1.1 millert 1603: *-*-*bsd*)
1.25 millert 1604: CHECKSHADOW="false"
1.19 millert 1605: ;;
1606: *-*-darwin*)
1607: SKIP_SETREUID=yes
1.25 millert 1608: CHECKSHADOW="false"
1609: test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1.23 millert 1610: : ${with_logincap='yes'}
1.1 millert 1611: ;;
1.7 millert 1612: *-*-nextstep*)
1613: # lockf() on is broken on the NeXT -- use flock instead
1614: ac_cv_func_lockf=no
1615: ac_cv_func_flock=yes
1616: ;;
1.15 millert 1617: *-*-*sysv4*)
1.23 millert 1618: : ${mansectsu='1m'}
1619: : ${mansectform='4'}
1620: : ${with_rpath='yes'}
1.15 millert 1621: ;;
1.5 millert 1622: *-*-sysv*)
1.23 millert 1623: : ${mansectsu='1m'}
1624: : ${mansectform='4'}
1625: ;;
1626: *-gnu*)
1627: OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1.5 millert 1628: ;;
1.1 millert 1629: esac
1630:
1631: dnl
1.25 millert 1632: dnl Check for mixing mutually exclusive and regular auth methods
1633: dnl
1634: AUTH_REG=${AUTH_REG# }
1635: AUTH_EXCL=${AUTH_EXCL# }
1636: if test -n "$AUTH_EXCL"; then
1637: set -- $AUTH_EXCL
1638: if test $# != 1; then
1639: AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL])
1640: fi
1641: if test -n "$AUTH_REG"; then
1642: AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
1643: fi
1644: fi
1645: dnl
1646: dnl Only one of S/Key and OPIE may be specified
1647: dnl
1648: if test X"${with_skey}${with_opie}" = X"yesyes"; then
1649: AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
1650: fi
1651:
1652: dnl
1.5 millert 1653: dnl Use BSD-style man sections by default
1654: dnl
1.23 millert 1655: : ${mansectsu='8'}
1656: : ${mansectform='5'}
1.5 millert 1657:
1658: dnl
1.15 millert 1659: dnl Add in any libpaths or libraries specified via configure
1660: dnl
1661: if test -n "$with_libpath"; then
1662: for i in ${with_libpath}; do
1663: SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
1664: done
1665: fi
1666: if test -n "$with_libraries"; then
1667: for i in ${with_libraries}; do
1668: case $i in
1669: -l*) ;;
1670: *.a) ;;
1671: *.o) ;;
1672: *) i="-l${i}";;
1673: esac
1674: LIBS="${LIBS} ${i}"
1675: done
1676: fi
1677:
1678: dnl
1.1 millert 1679: dnl C compiler checks (to be done after os checks)
1680: dnl
1681: AC_PROG_GCC_TRADITIONAL
1682: AC_C_CONST
1.7 millert 1683: AC_C_VOLATILE
1.1 millert 1684: dnl
1685: dnl Program checks
1686: dnl
1687: AC_PROG_YACC
1.7 millert 1688: SUDO_PROG_MV
1689: SUDO_PROG_BSHELL
1.1 millert 1690: if test -z "$with_sendmail"; then
1691: SUDO_PROG_SENDMAIL
1692: fi
1.7 millert 1693: if test -z "$with_editor"; then
1694: SUDO_PROG_VI
1695: fi
1.1 millert 1696: dnl
1697: dnl Header file checks
1698: dnl
1699: AC_HEADER_STDC
1700: AC_HEADER_DIRENT
1.23 millert 1701: AC_HEADER_TIME
1.7 millert 1702: AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h)
1.1 millert 1703: dnl ultrix termio/termios are broken
1704: if test "$OS" != "ultrix"; then
1.7 millert 1705: AC_SYS_POSIX_TERMIOS
1706: if test "$ac_cv_sys_posix_termios" = "yes"; then
1.21 millert 1707: AC_DEFINE(HAVE_TERMIOS_H)
1.7 millert 1708: else
1709: AC_CHECK_HEADERS(termio.h)
1710: fi
1.1 millert 1711: fi
1.23 millert 1712: if test ${with_logincap-'no'} != "no"; then
1.35 ! millert 1713: AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=""
1.29 millert 1714: case "$OS" in
1715: freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
1716: ;;
1717: esac
1718: ])
1.6 millert 1719: fi
1.23 millert 1720: if test ${with_project-'no'} != "no"; then
1721: AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H)
1722: [SUDO_LIBS="${SUDO_LIBS} -lproject"], -)
1.6 millert 1723: fi
1.1 millert 1724: dnl
1725: dnl typedef checks
1726: dnl
1727: AC_TYPE_MODE_T
1728: AC_TYPE_UID_T
1.35 ! millert 1729: AC_CHECK_TYPE([__signed char], [], [AC_CHECK_TYPE([signed char], [AC_DEFINE(__signed, signed)], [AC_DEFINE(__signed, [])])])
! 1730: AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
1.7 millert 1731: #include <signal.h>])
1.23 millert 1732: AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include <sys/types.h>
1.7 millert 1733: #include <signal.h>])
1.23 millert 1734: AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include <sys/types.h>
1735: #if TIME_WITH_SYS_TIME
1736: # include <sys/time.h>
1.29 millert 1737: #endif
1738: #include <time.h>])
1739: AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include <sys/types.h>
1740: #include <netinet/in.h>])
1.1 millert 1741: SUDO_TYPE_SIZE_T
1742: SUDO_TYPE_SSIZE_T
1743: SUDO_TYPE_DEV_T
1744: SUDO_TYPE_INO_T
1745: SUDO_UID_T_LEN
1.23 millert 1746: SUDO_TYPE_LONG_LONG
1.1 millert 1747: SUDO_SOCK_SA_LEN
1748: dnl
1749: dnl only set RETSIGTYPE if it is not set already
1750: dnl
1751: case "$DEFS" in
1752: *"RETSIGTYPE"*) ;;
1753: *) AC_TYPE_SIGNAL;;
1754: esac
1755: dnl
1756: dnl Function checks
1757: dnl
1.30 millert 1758: AC_FUNC_GETGROUPS
1.7 millert 1759: AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
1.23 millert 1760: strftime setrlimit initgroups getgroups fstat gettimeofday \
1.34 millert 1761: setlocale getaddrinfo setsid)
1.14 millert 1762: if test -z "$SKIP_SETRESUID"; then
1763: AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
1764: fi
1765: if test -z "$SKIP_SETREUID"; then
1.23 millert 1766: AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
1767: fi
1768: if test -z "$SKIP_SETEUID"; then
1769: AC_CHECK_FUNCS(seteuid)
1.7 millert 1770: fi
1771: if test X"$with_interfaces" != X"no"; then
1.14 millert 1772: AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
1.7 millert 1773: fi
1.1 millert 1774: if test -z "$BROKEN_GETCWD"; then
1.7 millert 1775: AC_REPLACE_FUNCS(getcwd)
1.1 millert 1776: fi
1.23 millert 1777: AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h)
1778: AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <glob.h>]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB)
1779: AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob)
1780: AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)])
1.7 millert 1781: AC_CHECK_FUNCS(lockf flock, [break])
1782: AC_CHECK_FUNCS(waitpid wait3, [break])
1.14 millert 1783: AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
1.21 millert 1784: AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
1.23 millert 1785: SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)])
1.7 millert 1786: SUDO_FUNC_ISBLANK
1.23 millert 1787: AC_REPLACE_FUNCS(memrchr strerror strcasecmp sigaction strlcpy strlcat)
1788: AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom)
1789: AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [],
1790: [ #include <limits.h>
1791: #include <fcntl.h> ])
1792: ])
1793: AC_CHECK_FUNCS(mkstemp, [], [SUDO_OBJS="${SUDO_OBJS} mkstemp.o"
1794: AC_CHECK_FUNCS(random lrand48, [break])
1795: ])
1.7 millert 1796: AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
1.22 millert 1797: if test X"$ac_cv_type_struct_timespec" != X"no"; then
1.32 millert 1798: AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)]
1799: [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))],
1800: [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
1.22 millert 1801: AC_MSG_CHECKING([for two-parameter timespecsub])
1.23 millert 1802: AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1803: #include <sys/time.h>]], [[struct timespec ts1, ts2;
1.22 millert 1804: ts1.tv_sec = 1; ts1.tv_nsec = 0; ts2.tv_sec = 0; ts2.tv_nsec = 0;
1805: #ifndef timespecsub
1806: #error missing timespecsub
1807: #endif
1.23 millert 1808: timespecsub(&ts1, &ts2);]])], [AC_DEFINE(HAVE_TIMESPECSUB2)
1809: AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)])
1.22 millert 1810: fi
1.21 millert 1811: dnl
1812: dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
1813: dnl
1.23 millert 1814: AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1.34 millert 1815: #include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_TRY_LINK([#include <sys/types.h>
1.24 millert 1816: #include <$ac_header_dirent>], [DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);], [AC_DEFINE(HAVE_DD_FD)])])
1.1 millert 1817: dnl
1818: dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
1819: dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
1820: dnl
1821: if test -n "$NEED_SNPRINTF"; then
1.7 millert 1822: AC_LIBOBJ(snprintf)
1.1 millert 1823: fi
1824: dnl
1825: dnl If socket(2) not in libc, check -lsocket and -linet
1826: dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
1827: dnl In this case we look for main(), not socket() to avoid using a cached value
1828: dnl
1.7 millert 1829: AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl)
1830: AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))])
1.1 millert 1831: dnl
1832: dnl If inet_addr(3) not in libc, check -lnsl and -linet
1833: dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
1834: dnl
1.7 millert 1835: AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl)
1836: AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))])
1.1 millert 1837: dnl
1838: dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
1839: dnl
1.7 millert 1840: AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))])
1.1 millert 1841: dnl
1.16 millert 1842: dnl Check for getprogname() or __progname
1843: dnl
1844: AC_CHECK_FUNCS(getprogname, , [
1845: AC_MSG_CHECKING([for __progname])
1846: AC_CACHE_VAL(sudo_cv___progname, [
1.23 millert 1847: AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
1.16 millert 1848: if test "$sudo_cv___progname" = "yes"; then
1.21 millert 1849: AC_DEFINE(HAVE___PROGNAME)
1.16 millert 1850: else
1851: AC_LIBOBJ(getprogname)
1852: fi
1853: AC_MSG_RESULT($sudo_cv___progname)
1854: ])
1.25 millert 1855:
1856: dnl
1857: dnl Mutually exclusive auth checks come first, followed by
1858: dnl non-exclusive ones. Note: passwd must be last of all!
1859: dnl
1860:
1861: dnl
1862: dnl Convert default authentication methods to with_* if
1863: dnl no explicit authentication scheme was specified.
1864: dnl
1865: if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
1866: for auth in $AUTH_EXCL_DEF; do
1867: case $auth in
1868: AIX_AUTH) with_aixauth=maybe;;
1869: BSD_AUTH) with_bsdauth=maybe;;
1870: PAM) with_pam=maybe;;
1871: SIA) CHECKSIA=true;;
1872: esac
1873: done
1874: fi
1875:
1876: dnl
1877: dnl PAM support. Systems that use PAM by default set with_pam=default
1878: dnl and we do the actual tests here.
1879: dnl
1880: if test ${with_pam-"no"} != "no"; then
1881: dnl
1882: dnl Linux may need this
1883: dnl
1884: AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"])
1885: ac_cv_lib_dl=ac_cv_lib_dl_main
1886:
1887: dnl
1888: dnl Some PAM implementations (MacOS X for example) put the PAM headers
1889: dnl in /usr/include/pam instead of /usr/include/security...
1890: dnl
1891: AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break])
1892: if test "$with_pam" = "yes"; then
1893: AC_DEFINE(HAVE_PAM)
1894: AUTH_OBJS="$AUTH_OBJS pam.o";
1895: AUTH_EXCL=PAM
1.28 millert 1896: AC_MSG_CHECKING(whether to use PAM session support)
1897: AC_ARG_ENABLE(pam_session,
1898: [ --disable-pam-session Disable PAM session support],
1899: [ case "$enableval" in
1900: yes) AC_MSG_RESULT(yes)
1901: ;;
1902: no) AC_MSG_RESULT(no)
1.35 ! millert 1903: AC_DEFINE([NO_PAM_SESSION], [], [PAM session support disabled])
1.28 millert 1904: ;;
1905: *) AC_MSG_RESULT(no)
1906: AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
1907: ;;
1908: esac], AC_MSG_RESULT(yes))
1.30 millert 1909: case $host in
1910: *-*-linux*|*-*-solaris*)
1.34 millert 1911: # dgettext() may be defined to dgettext_libintl in the
1912: # header file, so first check that it links w/ additional
1913: # libs, then try with -lintl
1914: AC_LINK_IFELSE([AC_LANG_PROGRAM(
1915: [[#include <libintl.h>]], [(void)dgettext((char *)0, (char *)0);])],
1916: [AC_DEFINE(HAVE_DGETTEXT)],
1917: [AC_CHECK_LIB(intl, dgettext, [LIBS="${LIBS} -lintl"]
1.30 millert 1918: [AC_DEFINE(HAVE_DGETTEXT)])])
1919: ;;
1920: esac
1.25 millert 1921: fi
1922: fi
1923:
1924: dnl
1925: dnl AIX general authentication
1926: dnl If set to "maybe" only enable if no other exclusive method in use.
1927: dnl
1928: if test ${with_aixauth-'no'} != "no"; then
1929: if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
1930: AC_MSG_NOTICE([using AIX general authentication])
1931: AC_DEFINE(HAVE_AIXAUTH)
1932: AUTH_OBJS="$AUTH_OBJS aix_auth.o";
1933: SUDO_LIBS="${SUDO_LIBS} -ls"
1934: AUTH_EXCL=AIX_AUTH
1935: fi
1936: fi
1937:
1938: dnl
1939: dnl BSD authentication
1940: dnl If set to "maybe" only enable if no other exclusive method in use.
1941: dnl
1942: if test ${with_bsdauth-'no'} != "no"; then
1943: AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
1944: [AUTH_OBJS="$AUTH_OBJS bsdauth.o"]
1.35 ! millert 1945: [BSDAUTH_USAGE='[[-a auth_type]] ']
1.34 millert 1946: [AUTH_EXCL=BSD_AUTH; BAMAN=""],
1.25 millert 1947: [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
1948: fi
1949:
1950: dnl
1951: dnl SIA authentication for Tru64 Unix
1952: dnl
1953: if test ${CHECKSIA-'false'} = "true"; then
1954: AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
1955: if test "$found" = "true"; then
1956: AUTH_EXCL=SIA
1957: AUTH_OBJS="$AUTH_OBJS sia.o"
1958: fi
1959: fi
1960:
1961: dnl
1962: dnl extra FWTK libs + includes
1963: dnl
1964: if test ${with_fwtk-'no'} != "no"; then
1965: if test "$with_fwtk" != "yes"; then
1966: SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}])
1967: CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
1968: with_fwtk=yes
1969: fi
1970: SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall"
1971: AUTH_OBJS="$AUTH_OBJS fwtk.o"
1972: fi
1973:
1974: dnl
1975: dnl extra SecurID lib + includes
1976: dnl
1977: if test ${with_SecurID-'no'} != "no"; then
1978: if test "$with_SecurID" != "yes"; then
1979: :
1980: elif test -d /usr/ace/examples; then
1981: with_SecurID=/usr/ace/examples
1982: else
1983: with_SecurID=/usr/ace
1984: fi
1985: CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
1986: _LDFLAGS="${LDFLAGS}"
1987: SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
1988: #
1989: # Determine whether to use the new or old SecurID API
1990: #
1991: AC_CHECK_LIB(aceclnt, SD_Init,
1992: [
1993: AUTH_OBJS="$AUTH_OBJS securid5.o";
1994: SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"
1995: ]
1996: [
1997: SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}])
1998: ], [
1999: AUTH_OBJS="$AUTH_OBJS securid.o";
2000: SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a"
2001: ],
2002: [
2003: -lpthread
2004: ]
2005: )
2006: LDFLAGS="${_LDFLAGS}"
2007: fi
2008:
2009: dnl
2010: dnl Non-mutually exclusive auth checks come next.
2011: dnl Note: passwd must be last of all!
2012: dnl
2013:
2014: dnl
2015: dnl Convert default authentication methods to with_* if
2016: dnl no explicit authentication scheme was specified.
2017: dnl
2018: if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
2019: for auth in $AUTH_DEF; do
2020: case $auth in
2021: passwd) : ${with_passwd='maybe'};;
2022: esac
2023: done
2024: fi
2025:
1.1 millert 2026: dnl
1.15 millert 2027: dnl Kerberos IV
1.1 millert 2028: dnl
1.25 millert 2029: if test ${with_kerb4-'no'} != "no"; then
1.21 millert 2030: AC_DEFINE(HAVE_KERB4)
1.15 millert 2031: dnl
2032: dnl Use the specified directory, if any, else search for correct inc dir
2033: dnl
2034: O_LDFLAGS="$LDFLAGS"
2035: if test "$with_kerb4" = "yes"; then
2036: found=no
2037: O_CPPFLAGS="$CPPFLAGS"
2038: for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
2039: CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
1.23 millert 2040: AC_PREPROC_IFELSE([#include <krb.h>], [found=yes; break])
1.15 millert 2041: done
2042: test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
1.1 millert 2043: else
1.15 millert 2044: SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib])
2045: SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib])
2046: CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
2047: AC_CHECK_HEADER([krb.h], [found=yes], [found=no])
2048: fi
2049: if test X"$found" = X"no"; then
2050: AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
1.1 millert 2051: fi
2052:
1.15 millert 2053: dnl
2054: dnl Check for -ldes vs. -ldes425
2055: dnl
2056: AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [
2057: AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""])
2058: ])
2059: dnl
2060: dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV
2061: dnl
2062: AC_MSG_CHECKING(whether we are using KTH Kerberos IV)
1.23 millert 2063: AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]], [[const char *tmp = krb4_version;]])], [
1.15 millert 2064: AC_MSG_RESULT(yes)
2065: K4LIBS="${K4LIBS} -lcom_err"
2066: AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"])
2067: ], [
2068: AC_MSG_RESULT(no)
2069: ]
2070: )
2071: dnl
2072: dnl The actual Kerberos IV lib might be -lkrb or -lkrb4
2073: dnl
2074: AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [
2075: AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"],
2076: [K4LIBS="-lkrb $K4LIBS"]
2077: [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])]
2078: , [$K4LIBS])
2079: ], [$K4LIBS])
2080: LDFLAGS="$O_LDFLAGS"
2081: SUDO_LIBS="${SUDO_LIBS} $K4LIBS"
1.25 millert 2082: AUTH_OBJS="$AUTH_OBJS kerb4.o"
1.15 millert 2083: fi
2084:
2085: dnl
2086: dnl Kerberos V
1.16 millert 2087: dnl There is an easy way and a hard way...
1.15 millert 2088: dnl
1.25 millert 2089: if test ${with_kerb5-'no'} != "no"; then
1.16 millert 2090: AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
2091: if test -n "$KRB5CONFIG"; then
1.21 millert 2092: AC_DEFINE(HAVE_KERB5)
1.25 millert 2093: AUTH_OBJS="$AUTH_OBJS kerb5.o"
1.16 millert 2094: CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
2095: SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`"
1.17 millert 2096: dnl
2097: dnl Try to determine whether we have Heimdal or MIT Kerberos
2098: dnl
2099: AC_MSG_CHECKING(whether we are using Heimdal)
1.23 millert 2100: AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
1.17 millert 2101: AC_MSG_RESULT(yes)
1.21 millert 2102: AC_DEFINE(HAVE_HEIMDAL)
1.25 millert 2103: ], [
1.23 millert 2104: AC_MSG_RESULT(no)
1.17 millert 2105: ]
2106: )
1.16 millert 2107: fi
2108: fi
1.25 millert 2109: if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then
1.21 millert 2110: AC_DEFINE(HAVE_KERB5)
1.15 millert 2111: dnl
2112: dnl Use the specified directory, if any, else search for correct inc dir
2113: dnl
2114: if test "$with_kerb5" = "yes"; then
2115: found=no
2116: O_CPPFLAGS="$CPPFLAGS"
2117: for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
2118: CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
1.23 millert 2119: AC_PREPROC_IFELSE([#include <krb5.h>], [found=yes; break])
1.15 millert 2120: done
2121: if test X"$found" = X"no"; then
2122: CPPFLAGS="$O_CPPFLAGS"
2123: AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
2124: fi
1.1 millert 2125: else
1.15 millert 2126: dnl XXX - try to include krb5.h here too
2127: SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib])
2128: CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
1.1 millert 2129: fi
2130:
1.15 millert 2131: dnl
2132: dnl Try to determine whether we have Heimdal or MIT Kerberos
2133: dnl
2134: AC_MSG_CHECKING(whether we are using Heimdal)
1.23 millert 2135: AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
1.15 millert 2136: AC_MSG_RESULT(yes)
1.21 millert 2137: AC_DEFINE(HAVE_HEIMDAL)
1.35 ! millert 2138: # XXX - need to check whether -lcrypo is needed!
1.23 millert 2139: SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
1.15 millert 2140: AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"])
2141: ], [
2142: AC_MSG_RESULT(no)
2143: SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
1.31 millert 2144: AC_CHECK_LIB(krb5support, main, [SUDO_LIBS="${SUDO_LIBS} -lkrb5support,"])
1.23 millert 2145: ])
1.25 millert 2146: AUTH_OBJS="$AUTH_OBJS kerb5.o"
1.23 millert 2147: _LIBS="$LIBS"
2148: LIBS="${LIBS} ${SUDO_LIBS}"
1.35 ! millert 2149: AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context krb5_get_init_creds_opt_alloc)
! 2150: AC_CACHE_CHECK(whether krb5_get_init_creds_opt_free takes a two argument2,
! 2151: sudo_cv_krb5_get_init_creds_opt_free_two_args, [
! 2152: AC_TRY_COMPILE([#include <krb5.h>],
! 2153: [
! 2154: krb5_context context = NULL;
! 2155: krb5_get_init_creds_opt *opts = NULL;
! 2156: krb5_get_init_creds_opt_free(context, opts);
! 2157: ],
! 2158: [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes],
! 2159: [sudo_cv_krb5_get_init_creds_opt_free_two_args=no]
! 2160: )
! 2161: ]
! 2162: )
! 2163: if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then
! 2164: AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS)
! 2165: fi
1.23 millert 2166: LIBS="$_LIBS"
2167: fi
2168:
2169: dnl
1.1 millert 2170: dnl extra AFS libs and includes
2171: dnl
1.25 millert 2172: if test ${with_AFS-'no'} = "yes"; then
1.1 millert 2173:
2174: # looks like the "standard" place for AFS libs is /usr/afsws/lib
2175: AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
2176: for i in $AFSLIBDIRS; do
2177: if test -d ${i}; then
1.15 millert 2178: SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i])
1.1 millert 2179: FOUND_AFSLIBDIR=true
2180: fi
2181: done
2182: if test -z "$FOUND_AFSLIBDIR"; then
1.15 millert 2183: AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.])
1.1 millert 2184: fi
2185:
2186: # Order is important here. Note that we build AFS_LIBS from right to left
2187: # since AFS_LIBS may be initialized with BSD compat libs that must go last
2188: AFS_LIBS="-laudit ${AFS_LIBS}"
2189: for i in $AFSLIBDIRS; do
2190: if test -f ${i}/util.a; then
2191: AFS_LIBS="${i}/util.a ${AFS_LIBS}"
2192: FOUND_UTIL_A=true
2193: break;
2194: fi
2195: done
2196: if test -z "$FOUND_UTIL_A"; then
2197: AFS_LIBS="-lutil ${AFS_LIBS}"
2198: fi
2199: AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
2200:
2201: # AFS includes may live in /usr/include on some machines...
2202: for i in /usr/afsws/include; do
2203: if test -d ${i}; then
2204: CPPFLAGS="${CPPFLAGS} -I${i}"
2205: FOUND_AFSINCDIR=true
2206: fi
2207: done
2208:
2209: if test -z "$FOUND_AFSLIBDIR"; then
1.15 millert 2210: AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
1.1 millert 2211: fi
1.25 millert 2212:
2213: AUTH_OBJS="$AUTH_OBJS afs.o"
1.1 millert 2214: fi
2215:
2216: dnl
2217: dnl extra DCE obj + lib
2218: dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
2219: dnl
1.25 millert 2220: if test ${with_DCE-'no'} = "yes"; then
1.1 millert 2221: DCE_OBJS="${DCE_OBJS} dce_pwent.o"
2222: SUDO_LIBS="${SUDO_LIBS} -ldce"
1.25 millert 2223: AUTH_OBJS="$AUTH_OBJS dce.o"
1.5 millert 2224: fi
2225:
2226: dnl
1.1 millert 2227: dnl extra S/Key lib and includes
2228: dnl
1.25 millert 2229: if test ${with_skey-'no'} = "yes"; then
1.15 millert 2230: O_LDFLAGS="$LDFLAGS"
2231: if test "$with_skey" != "yes"; then
2232: CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
2233: SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
2234: SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib])
2235: AC_PREPROC_IFELSE([#include <skey.h>], [found=yes], [found=no])
1.1 millert 2236: else
1.15 millert 2237: found=no
2238: O_CPPFLAGS="$CPPFLAGS"
2239: for dir in "" "/usr/local" "/usr/contrib"; do
2240: test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
1.23 millert 2241: AC_PREPROC_IFELSE([#include <skey.h>], [found=yes; break])
1.15 millert 2242: done
2243: if test "$found" = "no" -o -z "$dir"; then
2244: CPPFLAGS="$O_CPPFLAGS"
2245: else
2246: SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2247: SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
2248: fi
1.1 millert 2249: fi
1.15 millert 2250: if test "$found" = "no"; then
2251: AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
2252: fi
2253: AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])])
1.21 millert 2254: AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
1.15 millert 2255: LDFLAGS="$O_LDFLAGS"
2256: SUDO_LIBS="${SUDO_LIBS} -lskey"
1.25 millert 2257: AUTH_OBJS="$AUTH_OBJS rfc1938.o"
1.1 millert 2258: fi
2259:
2260: dnl
2261: dnl extra OPIE lib and includes
2262: dnl
1.25 millert 2263: if test ${with_opie-'no'} = "yes"; then
1.15 millert 2264: O_LDFLAGS="$LDFLAGS"
2265: if test "$with_opie" != "yes"; then
2266: CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
2267: SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
2268: SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib])
2269: AC_PREPROC_IFELSE([#include <opie.h>], [found=yes], [found=no])
1.1 millert 2270: else
1.15 millert 2271: found=no
2272: O_CPPFLAGS="$CPPFLAGS"
2273: for dir in "" "/usr/local" "/usr/contrib"; do
2274: test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
1.23 millert 2275: AC_PREPROC_IFELSE([#include <opie.h>], [found=yes; break])
1.15 millert 2276: done
2277: if test "$found" = "no" -o -z "$dir"; then
2278: CPPFLAGS="$O_CPPFLAGS"
2279: else
2280: SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2281: SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
2282: fi
2283: fi
2284: if test "$found" = "no"; then
2285: AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
1.1 millert 2286: fi
1.15 millert 2287: AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])])
2288: LDFLAGS="$O_LDFLAGS"
2289: SUDO_LIBS="${SUDO_LIBS} -lopie"
1.25 millert 2290: AUTH_OBJS="$AUTH_OBJS rfc1938.o"
1.1 millert 2291: fi
2292:
2293: dnl
1.25 millert 2294: dnl Check for shadow password routines if we have not already done so.
2295: dnl If there is a specific list of functions to check we do that first.
2296: dnl Otherwise, we check for SVR4-style and then SecureWare-style.
1.1 millert 2297: dnl
1.25 millert 2298: if test ${with_passwd-'no'} != "no"; then
2299: dnl
2300: dnl if crypt(3) not in libc, look elsewhere
2301: dnl
2302: if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then
2303: AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
1.1 millert 2304: fi
2305:
1.25 millert 2306: if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
2307: _LIBS="$LIBS"
2308: LIBS="$LIBS $shadow_libs"
2309: found=no
2310: AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2311: if test "$found" = "yes"; then
2312: SUDO_LIBS="$SUDO_LIBS $shadow_libs"
2313: elif test -n "$shadow_libs_optional"; then
2314: LIBS="$LIBS $shadow_libs_optional"
2315: AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2316: if test "$found" = "yes"; then
2317: SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional"
2318: fi
2319: fi
2320: if test "$found" = "yes"; then
2321: case "$shadow_funcs" in
2322: *getprpwnam*) SECUREWARE=1;;
2323: esac
2324: test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
2325: else
2326: LIBS="$_LIBS"
2327: fi
2328: CHECKSHADOW=false
2329: fi
2330: if test "$CHECKSHADOW" = "true"; then
2331: AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
1.15 millert 2332: fi
1.25 millert 2333: if test "$CHECKSHADOW" = "true"; then
2334: AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
1.23 millert 2335: fi
1.25 millert 2336: if test -n "$SECUREWARE"; then
2337: AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
2338: AUTH_OBJS="$AUTH_OBJS secureware.o"
1.23 millert 2339: fi
1.1 millert 2340: fi
2341:
2342: dnl
1.21 millert 2343: dnl extra lib and .o file for LDAP support
2344: dnl
1.25 millert 2345: if test ${with_ldap-'no'} != "no"; then
1.23 millert 2346: _LDFLAGS="$LDFLAGS"
1.21 millert 2347: if test "$with_ldap" != "yes"; then
2348: SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib])
2349: SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
2350: CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
2351: with_ldap=yes
1.35 ! millert 2352: LDAP=""
1.21 millert 2353: fi
2354: SUDO_OBJS="${SUDO_OBJS} ldap.o"
2355:
2356: AC_MSG_CHECKING([for LDAP libraries])
2357: LDAP_LIBS=""
2358: _LIBS="$LIBS"
2359: found=no
2360: for l in -lldap -llber '-lssl -lcrypto'; do
2361: LIBS="${LIBS} $l"
2362: LDAP_LIBS="${LDAP_LIBS} $l"
1.23 millert 2363: AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1.21 millert 2364: #include <lber.h>
1.23 millert 2365: #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
1.21 millert 2366: done
1.23 millert 2367: dnl if nothing linked just try with -lldap
1.21 millert 2368: if test "$found" = "no"; then
1.33 millert 2369: LIBS="${_LIBS} -lldap"
2370: LDAP_LIBS="-lldap"
1.23 millert 2371: AC_MSG_RESULT([not found, using -lldap])
1.21 millert 2372: else
2373: AC_MSG_RESULT([$LDAP_LIBS])
2374: fi
1.33 millert 2375: dnl check if we need to link with -llber for ber_set_option
2376: OLIBS="$LIBS"
2377: AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
2378: if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
2379: LDAP_LIBS="$LDAP_LIBS -llber"
2380: fi
2381: dnl check if ldap.h includes lber.h for us
1.21 millert 2382: AC_MSG_CHECKING([whether lber.h is needed])
1.23 millert 2383: AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2384: #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
1.21 millert 2385: AC_MSG_RESULT([yes])
2386: AC_DEFINE(HAVE_LBER_H)])
2387:
1.35 ! millert 2388: AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldap_sasl_interactive_bind_s ldapssl_init ldapssl_set_strength ldap_search_ext_s ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s)
! 2389: AC_CHECK_HEADERS([sasl/sasl.h])
1.33 millert 2390: AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
1.21 millert 2391:
1.35 ! millert 2392: if test X"$check_gss_krb5_ccache_name" = X"yes"; then
! 2393: AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,
! 2394: AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
! 2395: [LDAP_LIBS="${LDAP_LIBS} -lgssapi"],
! 2396: AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,
! 2397: AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
! 2398: [LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"])
! 2399: )
! 2400:
! 2401: # gssapi headers may be separate or part of Kerberos V
! 2402: found=no
! 2403: O_CPPFLAGS="$CPPFLAGS"
! 2404: for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do
! 2405: test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
! 2406: AC_PREPROC_IFELSE([#include <gssapi/gssapi.h>], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([#include <gssapi.h>], [found="gssapi.h"; break])])
! 2407: done
! 2408: if test X"$found" != X"no"; then
! 2409: AC_CHECK_HEADERS([$found])
! 2410: if test X"$found" = X"gssapi/gssapi.h"; then
! 2411: AC_CHECK_HEADERS([gssapi/gssapi_krb5.h])
! 2412: fi
! 2413: else
! 2414: CPPFLAGS="$O_CPPFLAGS"
! 2415: AC_MSG_WARN([Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS])
! 2416: fi
! 2417: fi
! 2418:
1.34 millert 2419: SUDO_LIBS="${SUDO_LIBS} ${LDAP_LIBS}"
1.21 millert 2420: LIBS="$_LIBS"
2421: LDFLAGS="$_LDFLAGS"
2422: fi
2423:
2424: dnl
1.15 millert 2425: dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we
2426: dnl added -L dirpaths to SUDO_LDFLAGS.
2427: dnl
2428: if test -n "$blibpath"; then
2429: if test -n "$blibpath_add"; then
2430: SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
2431: elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
2432: SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}"
2433: fi
2434: fi
2435:
2436: dnl
1.1 millert 2437: dnl Check for log file and timestamp locations
2438: dnl
2439: SUDO_LOGFILE
2440: SUDO_TIMEDIR
2441:
2442: dnl
2443: dnl Use passwd (and secureware) auth modules?
2444: dnl
1.25 millert 2445: case "$with_passwd" in
2446: yes|maybe)
2447: AUTH_OBJS="$AUTH_OBJS passwd.o"
1.23 millert 2448: ;;
2449: *)
1.21 millert 2450: AC_DEFINE(WITHOUT_PASSWD)
1.1 millert 2451: if test -z "$AUTH_OBJS"; then
2452: AC_MSG_ERROR([no authentication methods defined.])
2453: fi
1.23 millert 2454: ;;
2455: esac
1.25 millert 2456: AUTH_OBJS=${AUTH_OBJS# }
1.23 millert 2457: _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'`
2458: AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
1.1 millert 2459:
2460: dnl
2461: dnl LIBS may contain duplicates from SUDO_LIBS or NET_LIBS so prune it.
2462: dnl
2463: if test -n "$LIBS"; then
2464: L="$LIBS"
2465: LIBS=
2466: for l in ${L}; do
2467: dupe=0
2468: for sl in ${SUDO_LIBS} ${NET_LIBS}; do
2469: test $l = $sl && dupe=1
2470: done
2471: test $dupe = 0 && LIBS="${LIBS} $l"
2472: done
2473: fi
2474:
2475: dnl
2476: dnl Set exec_prefix
2477: dnl
2478: test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
2479:
2480: dnl
1.35 ! millert 2481: dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
1.21 millert 2482: dnl XXX - this is gross!
2483: dnl
1.34 millert 2484: if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
1.21 millert 2485: oexec_prefix="$exec_prefix"
2486: if test "$exec_prefix" = '$(prefix)'; then
2487: if test "$prefix" = "NONE"; then
2488: exec_prefix="$ac_default_prefix"
2489: else
2490: exec_prefix="$prefix"
2491: fi
2492: fi
1.34 millert 2493: if test X"$with_noexec" != X"no"; then
2494: PROGS="${PROGS} sudo_noexec.la"
2495: INSTALL_NOEXEC="install-noexec"
2496:
2497: eval noexec_file="$with_noexec"
2498: AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
2499: fi
2500: if test X"$with_selinux" != X"no"; then
2501: eval sesh_file="$libexecdir/sesh"
2502: AC_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
2503: fi
1.21 millert 2504: exec_prefix="$oexec_prefix"
2505: fi
2506:
2507: dnl
1.5 millert 2508: dnl Substitute into the Makefile and man pages
1.1 millert 2509: dnl
1.35 ! millert 2510: AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudo_usage.h])
1.23 millert 2511: AC_OUTPUT
1.1 millert 2512:
2513: dnl
2514: dnl Spew any text the user needs to know about
2515: dnl
2516: if test "$with_pam" = "yes"; then
2517: case $host in
2518: *-*-linux*)
1.15 millert 2519: AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
1.1 millert 2520: ;;
2521: esac
2522: fi
1.7 millert 2523:
2524: dnl
1.21 millert 2525: dnl Autoheader templates
2526: dnl
2527: AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
2528: AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
2529: AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
2530: AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
2531: AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
2532: AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
2533: AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
2534: AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
2535: AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
1.23 millert 2536: AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
1.21 millert 2537: AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
2538: AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
2539: AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
2540: AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
1.30 millert 2541: AH_TEMPLATE(HAVE_DGETTEXT, [Define to 1 if you have the `dgettext' function.])
1.23 millert 2542: AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
2543: AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.])
2544: AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
1.21 millert 2545: AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
2546: AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
2547: AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)])
2548: AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)])
2549: AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
2550: AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
2551: AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
1.35 ! millert 2552: AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.])
1.21 millert 2553: AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
1.29 millert 2554: AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if <netinet/in.h> contains struct in6_addr.])
1.21 millert 2555: AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
2556: AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
2557: AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.])
2558: AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
1.35 ! millert 2559: AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.])
! 2560: AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_alloc' function takes two arguments.])
! 2561: AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.])
! 2562: AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.])
1.21 millert 2563: AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
2564: AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
2565: AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
2566: AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
1.23 millert 2567: AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
1.21 millert 2568: AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
1.34 millert 2569: AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.])
1.21 millert 2570: AH_TEMPLATE(HAVE_SIA, [Define to 1 if you use SIA authentication.])
2571: AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
2572: AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
2573: AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
1.32 millert 2574: AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union])
1.21 millert 2575: AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
2576: AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
2577: AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.])
2578: AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h])
1.22 millert 2579: AH_TEMPLATE(HAVE_TIMESPECSUB2, [Define to 1 if you have a timespecsub macro or function that takes two arguments (not three)])
1.21 millert 2580: AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
2581: AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
2582: AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
2583: AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
2584: AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
2585: AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
2586: AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
2587: AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
2588: AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
2589: AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
2590: AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
2591: AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
2592: AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
2593: AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
2594: AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
2595: AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
2596: AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
2597: AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
2598: AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
2599: AH_TEMPLATE(USE_TTY_TICKETS, [Define to 1 if you want a different ticket file for each tty.])
2600: AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
2601: AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
1.35 ! millert 2602: AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.])
1.21 millert 2603:
2604: dnl
2605: dnl Bits to copy verbatim into config.h.in
1.7 millert 2606: dnl
2607: AH_TOP([#ifndef _SUDO_CONFIG_H
2608: #define _SUDO_CONFIG_H])
2609:
2610: AH_BOTTOM([/*
1.21 millert 2611: * Macros to pull sec and nsec parts of mtime from struct stat.
1.23 millert 2612: * We need to be able to convert between timeval and timespec
2613: * so the last 3 digits of tv_nsec are not significant.
1.21 millert 2614: */
2615: #ifdef HAVE_ST_MTIM
1.32 millert 2616: # ifdef HAVE_ST__TIM
2617: # define mtim_getsec(_x) ((_x).st_mtim.st__tim.tv_sec)
2618: # define mtim_getnsec(_x) (((_x).st_mtim.st__tim.tv_nsec / 1000) * 1000)
2619: # else
2620: # define mtim_getsec(_x) ((_x).st_mtim.tv_sec)
2621: # define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000)
2622: # endif
1.21 millert 2623: #else
2624: # ifdef HAVE_ST_MTIMESPEC
2625: # define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec)
1.23 millert 2626: # define mtim_getnsec(_x) (((_x).st_mtimespec.tv_nsec / 1000) * 1000)
1.21 millert 2627: # else
2628: # define mtim_getsec(_x) ((_x).st_mtime)
2629: # define mtim_getnsec(_x) (0)
2630: # endif /* HAVE_ST_MTIMESPEC */
2631: #endif /* HAVE_ST_MTIM */
2632:
2633: /*
1.7 millert 2634: * Emulate a subset of waitpid() if we don't have it.
2635: */
2636: #ifdef HAVE_WAITPID
2637: # define sudo_waitpid(p, s, o) waitpid(p, s, o)
2638: #else
2639: # ifdef HAVE_WAIT3
2640: # define sudo_waitpid(p, s, o) wait3(s, o, NULL)
2641: # endif
1.14 millert 2642: #endif
2643:
2644: /* GNU stow needs /etc/sudoers to be a symlink. */
1.21 millert 2645: #ifdef USE_STOW
1.14 millert 2646: # define stat_sudoers stat
2647: #else
2648: # define stat_sudoers lstat
1.7 millert 2649: #endif
1.21 millert 2650:
2651: /* Macros to set/clear/test flags. */
2652: #undef SET
2653: #define SET(t, f) ((t) |= (f))
2654: #undef CLR
2655: #define CLR(t, f) ((t) &= ~(f))
2656: #undef ISSET
2657: #define ISSET(t, f) ((t) & (f))
1.7 millert 2658:
2659: /* New ANSI-style OS defs for HP-UX and ConvexOS. */
2660: #if defined(hpux) && !defined(__hpux)
2661: # define __hpux 1
2662: #endif /* hpux */
2663:
2664: #if defined(convex) && !defined(__convex__)
2665: # define __convex__ 1
2666: #endif /* convex */
2667:
2668: /* BSD compatibility on some SVR4 systems. */
2669: #ifdef __svr4__
2670: # define BSD_COMP
2671: #endif /* __svr4__ */
2672:
2673: #endif /* _SUDO_CONFIG_H */])