dnl
dnl Process this file with GNU autoconf to produce a configure script.
dnl $Sudo: configure.in,v 1.413.2.21 2007/09/05 22:16:57 millert Exp $
dnl
dnl Copyright (c) 1994-1996,1998-2007 Todd C. Miller <Todd.Miller@courtesan.com>
dnl
AC_INIT([sudo], [1.6.9])
AC_CONFIG_HEADER(config.h pathnames.h)
dnl
dnl This won't work before AC_INIT
dnl
AC_MSG_NOTICE([Configuring Sudo version 1.6.9])
dnl
dnl Variables that get substituted in the Makefile and man pages
dnl
AC_SUBST(LIBTOOL)
AC_SUBST(CFLAGS)
AC_SUBST(PROGS)
AC_SUBST(CPPFLAGS)
AC_SUBST(LDFLAGS)
AC_SUBST(SUDO_LDFLAGS)
AC_SUBST(SUDO_OBJS)
AC_SUBST(LIBS)
AC_SUBST(SUDO_LIBS)
AC_SUBST(NET_LIBS)
AC_SUBST(AFS_LIBS)
AC_SUBST(OSDEFS)
AC_SUBST(AUTH_OBJS)
AC_SUBST(MANTYPE)
AC_SUBST(MAN_POSTINSTALL)
AC_SUBST(SUDOERS_MODE)
AC_SUBST(SUDOERS_UID)
AC_SUBST(SUDOERS_GID)
AC_SUBST(DEV)
AC_SUBST(mansectsu)
AC_SUBST(mansectform)
AC_SUBST(mansrcdir)
AC_SUBST(NOEXECDIR)
AC_SUBST(noexec_file)
AC_SUBST(INSTALL_NOEXEC)
AC_SUBST(DONT_LEAK_PATH_INFO)
dnl
dnl Variables that get substituted in docs (not overridden by environment)
dnl
AC_SUBST(timedir)dnl initial value from SUDO_TIMEDIR
AC_SUBST(timeout)
AC_SUBST(password_timeout)
AC_SUBST(sudo_umask)
AC_SUBST(passprompt)
AC_SUBST(long_otp_prompt)
AC_SUBST(lecture)
AC_SUBST(logfac)
AC_SUBST(goodpri)
AC_SUBST(badpri)
AC_SUBST(loglen)
AC_SUBST(ignore_dot)
AC_SUBST(mail_no_user)
AC_SUBST(mail_no_host)
AC_SUBST(mail_no_perms)
AC_SUBST(mailto)
AC_SUBST(mailsub)
AC_SUBST(badpass_message)
AC_SUBST(fqdn)
AC_SUBST(runas_default)
AC_SUBST(env_editor)
AC_SUBST(passwd_tries)
AC_SUBST(tty_tickets)
AC_SUBST(insults)
AC_SUBST(root_sudo)
AC_SUBST(path_info)
dnl
dnl Initial values for above
dnl
timeout=5
password_timeout=5
sudo_umask=0022
passprompt="Password:"
long_otp_prompt=off
lecture=once
logfac=local2
goodpri=notice
badpri=alert
loglen=80
ignore_dot=off
mail_no_user=on
mail_no_host=off
mail_no_perms=off
mailto=root
mailsub='*** SECURITY information for %h ***'
badpass_message='Sorry, try again.'
fqdn=off
runas_default=root
env_editor=off
passwd_tries=3
tty_tickets=off
insults=off
root_sudo=on
path_info=on
INSTALL_NOEXEC=
dnl
dnl Initial values for Makefile variables listed above
dnl May be overridden by environment variables..
dnl
PROGS="sudo visudo"
: ${MANTYPE='man'}
: ${mansrcdir='.'}
: ${SUDOERS_MODE='0440'}
: ${SUDOERS_UID='0'}
: ${SUDOERS_GID='0'}
DEV="#"
AUTH_OBJS=
AUTH_REG=
AUTH_EXCL=
AUTH_EXCL_DEF=
AUTH_DEF=passwd
dnl
dnl Other vaiables
dnl
CHECKSHADOW=true
CHECKSIA=true
shadow_defs=
shadow_funcs=
shadow_libs=
shadow_libs_optional=
dnl
dnl Override default configure dirs...
dnl
test "$mandir" = '${prefix}/man' && mandir='$(prefix)/man'
test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
dnl
dnl Deprecated --with options (these all warn or generate an error)
dnl
AC_ARG_WITH(otp-only, [ --with-otp-only deprecated],
[case $with_otp_only in
yes) with_passwd="no"
AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
;;
esac])
AC_ARG_WITH(alertmail, [ --with-alertmail deprecated],
[case $with_alertmail in
*) with_mailto="$with_alertmail"
AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
;;
esac])
dnl
dnl Options for --with
dnl
AC_ARG_WITH(CC, [ --with-CC C compiler to use],
[case $with_CC in
yes) AC_MSG_ERROR(["must give --with-CC an argument."])
;;
no) AC_MSG_ERROR(["illegal argument: --without-CC."])
;;
*) CC=$with_CC
;;
esac])
AC_ARG_WITH(rpath, [ --with-rpath pass -R flag in addition to -L for lib paths],
[case $with_rpath in
yes|no) ;;
*) AC_MSG_ERROR(["--with-rpath does not take an argument."])
;;
esac])
AC_ARG_WITH(blibpath, [ --with-blibpath[=PATH] pass -blibpath flag to ld for additional lib paths],
[case $with_blibpath in
yes|no) ;;
*) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
;;
esac])
AC_ARG_WITH(incpath, [ --with-incpath additional places to look for include files],
[case $with_incpath in
yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
;;
no) AC_MSG_ERROR(["--without-incpath not supported."])
;;
*) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
for i in ${with_incpath}; do
CPPFLAGS="${CPPFLAGS} -I${i}"
done
;;
esac])
AC_ARG_WITH(libpath, [ --with-libpath additional places to look for libraries],
[case $with_libpath in
yes) AC_MSG_ERROR(["must give --with-libpath an argument."])
;;
no) AC_MSG_ERROR(["--without-libpath not supported."])
;;
*) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS])
;;
esac])
AC_ARG_WITH(libraries, [ --with-libraries additional libraries to link with],
[case $with_libraries in
yes) AC_MSG_ERROR(["must give --with-libraries an argument."])
;;
no) AC_MSG_ERROR(["--without-libraries not supported."])
;;
*) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS])
;;
esac])
AC_ARG_WITH(devel, [ --with-devel add development options],
[case $with_devel in
yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
PROGS="${PROGS} testsudoers"
OSDEFS="${OSDEFS} -DSUDO_DEVEL"
DEV=""
;;
no) ;;
*) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
;;
esac])
AC_ARG_WITH(efence, [ --with-efence link with -lefence for malloc() debugging],
[case $with_efence in
yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
LIBS="${LIBS} -lefence"
if test -f /usr/local/lib/libefence.a; then
with_libpath="${with_libpath} /usr/local/lib"
fi
;;
no) ;;
*) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence])
;;
esac])
AC_ARG_WITH(csops, [ --with-csops add CSOps standard options],
[case $with_csops in
yes) AC_MSG_NOTICE([Adding CSOps standard options])
CHECKSIA=false
with_ignore_dot=yes
insults=on
with_classic_insults=yes
with_csops_insults=yes
with_env_editor=yes
: ${mansectsu='8'}
: ${mansectform='5'}
;;
no) ;;
*) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
;;
esac])
AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for authentication],
[case $with_passwd in
yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
AC_MSG_RESULT($with_passwd)
AUTH_DEF=""
test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
;;
*) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
;;
esac])
AC_ARG_WITH(skey, [ --with-skey[=DIR] enable S/Key support ],
[case $with_skey in
no) with_skey=""
;;
*) AC_DEFINE(HAVE_SKEY)
AC_MSG_CHECKING(whether to try S/Key authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG S/Key"
;;
esac])
AC_ARG_WITH(opie, [ --with-opie[=DIR] enable OPIE support ],
[case $with_opie in
no) with_opie=""
;;
*) AC_DEFINE(HAVE_OPIE)
AC_MSG_CHECKING(whether to try NRL OPIE authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG NRL_OPIE"
;;
esac])
AC_ARG_WITH(long-otp-prompt, [ --with-long-otp-prompt use a two line OTP (skey/opie) prompt],
[case $with_long_otp_prompt in
yes) AC_DEFINE(LONG_OTP_PROMPT)
AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
AC_MSG_RESULT(yes)
long_otp_prompt=on
;;
no) long_otp_prompt=off
;;
*) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."])
;;
esac])
AC_ARG_WITH(SecurID, [ --with-SecurID[[=DIR]] enable SecurID support],
[case $with_SecurID in
no) with_SecurID="";;
*) AC_DEFINE(HAVE_SECURID)
AC_MSG_CHECKING(whether to use SecurID for authentication)
AC_MSG_RESULT(yes)
AUTH_EXCL="$AUTH_EXCL SecurID"
;;
esac])
AC_ARG_WITH(fwtk, [ --with-fwtk[[=DIR]] enable FWTK AuthSRV support],
[case $with_fwtk in
no) with_fwtk="";;
*) AC_DEFINE(HAVE_FWTK)
AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
AC_MSG_RESULT(yes)
AUTH_EXCL="$AUTH_EXCL FWTK"
;;
esac])
AC_ARG_WITH(kerb4, [ --with-kerb4[[=DIR]] enable Kerberos IV support],
[case $with_kerb4 in
no) with_kerb4="";;
*) AC_MSG_CHECKING(whether to try kerberos IV authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG kerb4"
;;
esac])
AC_ARG_WITH(kerb5, [ --with-kerb5[[=DIR]] enable Kerberos V support],
[case $with_kerb5 in
no) with_kerb5="";;
*) AC_MSG_CHECKING(whether to try Kerberos V authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG kerb5"
;;
esac])
AC_ARG_WITH(aixauth, [ --with-aixauth enable AIX general authentication support],
[case $with_aixauth in
yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
no) ;;
*) AC_MSG_ERROR(["--with-aixauth does not take an argument."])
;;
esac])
AC_ARG_WITH(pam, [ --with-pam enable PAM support],
[case $with_pam in
yes) AUTH_EXCL="$AUTH_EXCL PAM";;
no) ;;
*) AC_MSG_ERROR(["--with-pam does not take an argument."])
;;
esac])
AC_ARG_WITH(AFS, [ --with-AFS enable AFS support],
[case $with_AFS in
yes) AC_DEFINE(HAVE_AFS)
AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG AFS"
;;
no) ;;
*) AC_MSG_ERROR(["--with-AFS does not take an argument."])
;;
esac])
AC_ARG_WITH(DCE, [ --with-DCE enable DCE support],
[case $with_DCE in
yes) AC_DEFINE(HAVE_DCE)
AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG DCE"
;;
no) ;;
*) AC_MSG_ERROR(["--with-DCE does not take an argument."])
;;
esac])
AC_ARG_WITH(logincap, [ --with-logincap enable BSD login class support],
[case $with_logincap in
yes|no) ;;
*) AC_MSG_ERROR(["--with-logincap does not take an argument."])
;;
esac])
AC_ARG_WITH(bsdauth, [ --with-bsdauth enable BSD authentication support],
[case $with_bsdauth in
yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
no) ;;
*) AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
;;
esac])
AC_ARG_WITH(project, [ --with-project enable Solaris project support],
[case $with_project in
yes|no) ;;
no) ;;
*) AC_MSG_ERROR(["--with-project does not take an argument."])
;;
esac])
AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
AC_ARG_WITH(lecture, [ --without-lecture don't print lecture for first-time sudoer],
[case $with_lecture in
yes|short|always) lecture=once
;;
no|none|never) lecture=never
;;
*) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"])
;;
esac])
if test "$lecture" = "once"; then
AC_MSG_RESULT(yes)
else
AC_DEFINE(NO_LECTURE)
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
AC_ARG_WITH(logging, [ --with-logging log via syslog, file, or both],
[case $with_logging in
yes) AC_MSG_ERROR(["must give --with-logging an argument."])
;;
no) AC_MSG_ERROR(["--without-logging not supported."])
;;
syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG)
AC_MSG_RESULT(syslog)
;;
file) AC_DEFINE(LOGGING, SLOG_FILE)
AC_MSG_RESULT(file)
;;
both) AC_DEFINE(LOGGING, SLOG_BOTH)
AC_MSG_RESULT(both)
;;
*) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"])
;;
esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
AC_MSG_CHECKING(which syslog facility sudo should log with)
AC_ARG_WITH(logfac, [ --with-logfac syslog facility to log with (default is "local2")],
[case $with_logfac in
yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
;;
no) AC_MSG_ERROR(["--without-logfac not supported."])
;;
authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac
;;
*) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
;;
esac])
AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
AC_MSG_RESULT($logfac)
AC_MSG_CHECKING(at which syslog priority to log commands)
AC_ARG_WITH(goodpri, [ --with-goodpri syslog priority for commands (def is "notice")],
[case $with_goodpri in
yes) AC_MSG_ERROR(["must give --with-goodpri an argument."])
;;
no) AC_MSG_ERROR(["--without-goodpri not supported."])
;;
alert|crit|debug|emerg|err|info|notice|warning)
goodpri=$with_goodpri
;;
*) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."])
;;
esac])
AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
AC_MSG_RESULT($goodpri)
AC_MSG_CHECKING(at which syslog priority to log failures)
AC_ARG_WITH(badpri, [ --with-badpri syslog priority for failures (def is "alert")],
[case $with_badpri in
yes) AC_MSG_ERROR(["must give --with-badpri an argument."])
;;
no) AC_MSG_ERROR(["--without-badpri not supported."])
;;
alert|crit|debug|emerg|err|info|notice|warning)
badpri=$with_badpri
;;
*) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
;;
esac])
AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
AC_MSG_RESULT($badpri)
AC_ARG_WITH(logpath, [ --with-logpath path to the sudo log file],
[case $with_logpath in
yes) AC_MSG_ERROR(["must give --with-logpath an argument."])
;;
no) AC_MSG_ERROR(["--without-logpath not supported."])
;;
esac])
AC_MSG_CHECKING(how long a line in the log file should be)
AC_ARG_WITH(loglen, [ --with-loglen maximum length of a log file line (default is 80)],
[case $with_loglen in
yes) AC_MSG_ERROR(["must give --with-loglen an argument."])
;;
no) AC_MSG_ERROR(["--without-loglen not supported."])
;;
[[0-9]]*) loglen=$with_loglen
;;
*) AC_MSG_ERROR(["you must enter a number, not $with_loglen"])
;;
esac])
AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
AC_MSG_RESULT($loglen)
AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
AC_ARG_WITH(ignore-dot, [ --with-ignore-dot ignore '.' in the PATH],
[case $with_ignore_dot in
yes) ignore_dot=on
;;
no) ignore_dot=off
;;
*) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."])
;;
esac])
if test "$ignore_dot" = "on"; then
AC_DEFINE(IGNORE_DOT_PATH)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
AC_ARG_WITH(mail-if-no-user, [ --without-mail-if-no-user do not send mail if user not in sudoers],
[case $with_mail_if_no_user in
yes) mail_no_user=on
;;
no) mail_no_user=off
;;
*) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."])
;;
esac])
if test "$mail_no_user" = "on"; then
AC_DEFINE(SEND_MAIL_WHEN_NO_USER)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
AC_ARG_WITH(mail-if-no-host, [ --with-mail-if-no-host send mail if user in sudoers but not for this host],
[case $with_mail_if_no_host in
yes) mail_no_host=on
;;
no) mail_no_host=off
;;
*) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."])
;;
esac])
if test "$mail_no_host" = "on"; then
AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
AC_ARG_WITH(mail-if-noperms, [ --with-mail-if-noperms send mail if user not allowed to run command],
[case $with_mail_if_noperms in
yes) mail_noperms=on
;;
no) mail_noperms=off
;;
*) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."])
;;
esac])
if test "$mail_noperms" = "on"; then
AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(who should get the mail that sudo sends)
AC_ARG_WITH(mailto, [ --with-mailto who should get sudo mail (default is "root")],
[case $with_mailto in
yes) AC_MSG_ERROR(["must give --with-mailto an argument."])
;;
no) AC_MSG_ERROR(["--without-mailto not supported."])
;;
*) mailto=$with_mailto
;;
esac])
AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
AC_MSG_RESULT([$mailto])
AC_ARG_WITH(mailsubject, [ --with-mailsubject subject of sudo mail],
[case $with_mailsubject in
yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."])
;;
no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.])
;;
*) mailsub="$with_mailsubject"
AC_MSG_CHECKING(sudo mail subject)
AC_MSG_RESULT([Using alert mail subject: $mailsub])
;;
esac])
AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
AC_MSG_CHECKING(for bad password prompt)
AC_ARG_WITH(passprompt, [ --with-passprompt default password prompt],
[case $with_passprompt in
yes) AC_MSG_ERROR(["must give --with-passprompt an argument."])
;;
no) AC_MSG_WARN([Sorry, --without-passprompt not supported.])
;;
*) passprompt="$with_passprompt"
esac])
AC_MSG_RESULT($passprompt)
AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
AC_MSG_CHECKING(for bad password message)
AC_ARG_WITH(badpass-message, [ --with-badpass-message message the user sees when the password is wrong],
[case $with_badpass_message in
yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
;;
no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.])
;;
*) badpass_message="$with_badpass_message"
;;
esac])
AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
AC_MSG_RESULT([$badpass_message])
AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
AC_ARG_WITH(fqdn, [ --with-fqdn expect fully qualified hosts in sudoers],
[case $with_fqdn in
yes) fqdn=on
;;
no) fqdn=off
;;
*) AC_MSG_ERROR(["--with-fqdn does not take an argument."])
;;
esac])
if test "$fqdn" = "on"; then
AC_DEFINE(FQDN)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_ARG_WITH(timedir, [ --with-timedir path to the sudo timestamp dir],
[case $with_timedir in
yes) AC_MSG_ERROR(["must give --with-timedir an argument."])
;;
no) AC_MSG_ERROR(["--without-timedir not supported."])
;;
esac])
AC_ARG_WITH(sendmail, [ --with-sendmail=path set path to sendmail
--without-sendmail do not send mail at all],
[case $with_sendmail in
yes) with_sendmail=""
;;
no) ;;
*) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
;;
esac])
AC_ARG_WITH(sudoers-mode, [ --with-sudoers-mode mode of sudoers file (defaults to 0440)],
[case $with_sudoers_mode in
yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
;;
no) AC_MSG_ERROR(["--without-sudoers-mode not supported."])
;;
[[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode}
;;
0*) SUDOERS_MODE=$with_sudoers_mode
;;
*) AC_MSG_ERROR(["you must use an octal mode, not a name."])
;;
esac])
AC_ARG_WITH(sudoers-uid, [ --with-sudoers-uid uid that owns sudoers file (defaults to 0)],
[case $with_sudoers_uid in
yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
;;
no) AC_MSG_ERROR(["--without-sudoers-uid not supported."])
;;
[[0-9]]*) SUDOERS_UID=$with_sudoers_uid
;;
*) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."])
;;
esac])
AC_ARG_WITH(sudoers-gid, [ --with-sudoers-gid gid that owns sudoers file (defaults to 0)],
[case $with_sudoers_gid in
yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
;;
no) AC_MSG_ERROR(["--without-sudoers-gid not supported."])
;;
[[0-9]]*) SUDOERS_GID=$with_sudoers_gid
;;
*) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."])
;;
esac])
AC_MSG_CHECKING(for umask programs should be run with)
AC_ARG_WITH(umask, [ --with-umask umask with which the prog should run (default is 022)
--without-umask Preserves the umask of the user invoking sudo.],
[case $with_umask in
yes) AC_MSG_ERROR(["must give --with-umask an argument."])
;;
no) sudo_umask=0777
;;
[[0-9]]*) sudo_umask=$with_umask
;;
*) AC_MSG_ERROR(["you must enter a numeric mask."])
;;
esac])
AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.])
if test "$sudo_umask" = "0777"; then
AC_MSG_RESULT(user)
else
AC_MSG_RESULT($sudo_umask)
fi
AC_MSG_CHECKING(for default user to run commands as)
AC_ARG_WITH(runas-default, [ --with-runas-default User to run commands as (default is "root")],
[case $with_runas_default in
yes) AC_MSG_ERROR(["must give --with-runas-default an argument."])
;;
no) AC_MSG_ERROR(["--without-runas-default not supported."])
;;
*) runas_default="$with_runas_default"
;;
esac])
AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
AC_MSG_RESULT([$runas_default])
AC_ARG_WITH(exempt, [ --with-exempt=group no passwd needed for users in this group],
[case $with_exempt in
yes) AC_MSG_ERROR(["must give --with-exempt an argument."])
;;
no) AC_MSG_ERROR(["--without-exempt not supported."])
;;
*) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
AC_MSG_CHECKING(for group to be exempt from password)
AC_MSG_RESULT([$with_exempt])
;;
esac])
AC_MSG_CHECKING(for editor that visudo should use)
AC_ARG_WITH(editor, [ --with-editor=path Default editor for visudo (defaults to vi)],
[case $with_editor in
yes) AC_MSG_ERROR(["must give --with-editor an argument."])
;;
no) AC_MSG_ERROR(["--without-editor not supported."])
;;
*) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
AC_MSG_RESULT([$with_editor])
;;
esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
AC_ARG_WITH(env-editor, [ --with-env-editor Use the environment variable EDITOR for visudo],
[case $with_env_editor in
yes) env_editor=on
;;
no) env_editor=off
;;
*) AC_MSG_ERROR(["--with-env-editor does not take an argument."])
;;
esac])
if test "$env_editor" = "on"; then
AC_DEFINE(ENV_EDITOR)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(number of tries a user gets to enter their password)
AC_ARG_WITH(passwd-tries, [ --with-passwd-tries number of tries to enter password (default is 3)],
[case $with_passwd_tries in
yes) ;;
no) AC_MSG_ERROR(["--without-editor not supported."])
;;
[[1-9]]*) passwd_tries=$with_passwd_tries
;;
*) AC_MSG_ERROR(["you must enter the numer of tries, > 0"])
;;
esac])
AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
AC_MSG_RESULT($passwd_tries)
AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
AC_ARG_WITH(timeout, [ --with-timeout minutes before sudo asks for passwd again (def is 5 minutes)],
[case $with_timeout in
yes) ;;
no) timeout=0
;;
[[0-9]]*) timeout=$with_timeout
;;
*) AC_MSG_ERROR(["you must enter the numer of minutes."])
;;
esac])
AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
AC_MSG_RESULT($timeout)
AC_MSG_CHECKING(time in minutes after the password prompt will time out)
AC_ARG_WITH(password-timeout, [ --with-password-timeout passwd prompt timeout in minutes (default is 5 minutes)],
[case $with_password_timeout in
yes) ;;
no) password_timeout=0
;;
[[0-9]]*) password_timeout=$with_password_timeout
;;
*) AC_MSG_ERROR(["you must enter the numer of minutes."])
;;
esac])
AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
AC_MSG_RESULT($password_timeout)
AC_MSG_CHECKING(whether to use per-tty ticket files)
AC_ARG_WITH(tty-tickets, [ --with-tty-tickets use a different ticket file for each tty],
[case $with_tty_tickets in
yes) tty_tickets=on
;;
no) tty_tickets=off
;;
*) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
;;
esac])
if test "$tty_tickets" = "on"; then
AC_DEFINE(USE_TTY_TICKETS)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_MSG_CHECKING(whether to include insults)
AC_ARG_WITH(insults, [ --with-insults insult the user for entering an incorrect password],
[case $with_insults in
yes) insults=on
with_classic_insults=yes
with_csops_insults=yes
;;
no) insults=off
;;
*) AC_MSG_ERROR(["--with-insults does not take an argument."])
;;
esac])
if test "$insults" = "on"; then
AC_DEFINE(USE_INSULTS)
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
AC_ARG_WITH(all-insults, [ --with-all-insults include all the sudo insult sets],
[case $with_all_insults in
yes) with_classic_insults=yes
with_csops_insults=yes
with_hal_insults=yes
with_goons_insults=yes
;;
no) ;;
*) AC_MSG_ERROR(["--with-all-insults does not take an argument."])
;;
esac])
AC_ARG_WITH(classic-insults, [ --with-classic-insults include the insults from the "classic" sudo],
[case $with_classic_insults in
yes) AC_DEFINE(CLASSIC_INSULTS)
;;
no) ;;
*) AC_MSG_ERROR(["--with-classic-insults does not take an argument."])
;;
esac])
AC_ARG_WITH(csops-insults, [ --with-csops-insults include CSOps insults],
[case $with_csops_insults in
yes) AC_DEFINE(CSOPS_INSULTS)
;;
no) ;;
*) AC_MSG_ERROR(["--with-csops-insults does not take an argument."])
;;
esac])
AC_ARG_WITH(hal-insults, [ --with-hal-insults include 2001-like insults],
[case $with_hal_insults in
yes) AC_DEFINE(HAL_INSULTS)
;;
no) ;;
*) AC_MSG_ERROR(["--with-hal-insults does not take an argument."])
;;
esac])
AC_ARG_WITH(goons-insults, [ --with-goons-insults include the insults from the "Goon Show"],
[case $with_goons_insults in
yes) AC_DEFINE(GOONS_INSULTS)
;;
no) ;;
*) AC_MSG_ERROR(["--with-goons-insults does not take an argument."])
;;
esac])
AC_ARG_WITH(ldap, [ --with-ldap[[=DIR]] enable LDAP support],
[case $with_ldap in
no) with_ldap="";;
*) AC_DEFINE(HAVE_LDAP)
AC_MSG_CHECKING(whether to use sudoers from LDAP)
AC_MSG_RESULT(yes)
;;
esac])
AC_ARG_WITH(ldap-conf-file, [ --with-ldap-conf-file path to LDAP configuration file],
[AC_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$with_ldap_conf_file", [Path to the ldap.conf file])])
AC_ARG_WITH(ldap-secret-file, [ --with-ldap-secret-file path to LDAP secret pasdword file],
[AC_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$with_ldap_secret_file", [Path to the ldap.secret file])])
AC_ARG_WITH(pc-insults, [ --with-pc-insults replace politically incorrect insults with less offensive ones],
[case $with_pc_insults in
yes) AC_DEFINE(PC_INSULTS)
;;
no) ;;
*) AC_MSG_ERROR(["--with-pc-insults does not take an argument."])
;;
esac])
dnl include all insult sets on one line
if test "$insults" = "on"; then
AC_MSG_CHECKING(which insult sets to include)
i=""
test "$with_goons_insults" = "yes" && i="goons ${i}"
test "$with_hal_insults" = "yes" && i="hal ${i}"
test "$with_csops_insults" = "yes" && i="csops ${i}"
test "$with_classic_insults" = "yes" && i="classic ${i}"
AC_MSG_RESULT([$i])
fi
AC_MSG_CHECKING(whether to override the user's path)
AC_ARG_WITH(secure-path, [ --with-secure-path override the user's path with a built-in one],
[case $with_secure_path in
yes) AC_DEFINE_UNQUOTED(SECURE_PATH, "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc")
AC_MSG_RESULT([:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc])
;;
no) AC_MSG_RESULT(no)
;;
*) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
AC_MSG_RESULT([$with_secure_path])
;;
esac], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
AC_ARG_WITH(interfaces, [ --without-interfaces don't try to read the ip addr of ether interfaces],
[case $with_interfaces in
yes) AC_MSG_RESULT(yes)
;;
no) AC_DEFINE(STUB_LOAD_INTERFACES)
AC_MSG_RESULT(no)
;;
*) AC_MSG_ERROR(["--with-interfaces does not take an argument."])
;;
esac], AC_MSG_RESULT(yes))
AC_MSG_CHECKING(whether stow should be used)
AC_ARG_WITH(stow, [ --with-stow properly handle GNU stow packaging],
[case $with_stow in
yes) AC_MSG_RESULT(yes)
AC_DEFINE(USE_STOW)
;;
no) AC_MSG_RESULT(no)
;;
*) AC_MSG_ERROR(["--with-stow does not take an argument."])
;;
esac], AC_MSG_RESULT(no))
dnl
dnl Options for --enable
dnl
AC_MSG_CHECKING(whether to do user authentication by default)
AC_ARG_ENABLE(authentication,
[ --disable-authentication
Do not require authentication by default],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
;;
no) AC_MSG_RESULT(no)
AC_DEFINE(NO_AUTHENTICATION)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval])
;;
esac
], AC_MSG_RESULT(yes))
AC_MSG_CHECKING(whether to disable running the mailer as root)
AC_ARG_ENABLE(root-mailer,
[ --disable-root-mailer Don't run the mailer as root, run as the user],
[ case "$enableval" in
yes) AC_MSG_RESULT(no)
;;
no) AC_MSG_RESULT(yes)
AC_DEFINE(NO_ROOT_MAILER)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_ARG_ENABLE(setreuid,
[ --disable-setreuid Don't try to use the setreuid() function],
[ case "$enableval" in
no) SKIP_SETREUID=yes
;;
*) ;;
esac
])
AC_ARG_ENABLE(setresuid,
[ --disable-setresuid Don't try to use the setresuid() function],
[ case "$enableval" in
no) SKIP_SETRESUID=yes
;;
*) ;;
esac
])
AC_MSG_CHECKING(whether to disable shadow password support)
AC_ARG_ENABLE(shadow,
[ --disable-shadow Never use shadow passwords],
[ case "$enableval" in
yes) AC_MSG_RESULT(no)
;;
no) AC_MSG_RESULT(yes)
CHECKSHADOW="false"
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether root should be allowed to use sudo)
AC_ARG_ENABLE(root-sudo,
[ --disable-root-sudo Don't allow root to run sudo],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
;;
no) AC_DEFINE(NO_ROOT_SUDO)
AC_MSG_RESULT(no)
root_sudo=off
;;
*) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."])
;;
esac
], AC_MSG_RESULT(yes))
AC_MSG_CHECKING(whether to log the hostname in the log file)
AC_ARG_ENABLE(log-host,
[ --enable-log-host Log the hostname in the log file],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
AC_DEFINE(HOST_IN_LOG)
;;
no) AC_MSG_RESULT(no)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
AC_ARG_ENABLE(noargs-shell,
[ --enable-noargs-shell If sudo is given no arguments run a shell],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
AC_DEFINE(SHELL_IF_NO_ARGS)
;;
no) AC_MSG_RESULT(no)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
AC_ARG_ENABLE(shell-sets-home,
[ --enable-shell-sets-home
set $HOME to target user in shell mode],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
AC_DEFINE(SHELL_SETS_HOME)
;;
no) AC_MSG_RESULT(no)
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval])
;;
esac
], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether to disable 'command not found' messages)
AC_ARG_ENABLE(path_info,
[ --disable-path-info Print 'command not allowed' not 'command not found'],
[ case "$enableval" in
yes) AC_MSG_RESULT(no)
;;
no) AC_MSG_RESULT(yes)
AC_DEFINE(DONT_LEAK_PATH_INFO)
path_info=off
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval])
;;
esac
], AC_MSG_RESULT(no))
dnl
dnl If we don't have egrep we can't do anything...
dnl
AC_CHECK_PROG(EGREPPROG, egrep, egrep)
if test -z "$EGREPPROG"; then
AC_MSG_ERROR([Sorry, configure requires egrep to run.])
fi
dnl
dnl Prevent configure from adding the -g flag unless in devel mode
dnl
if test "$with_devel" != "yes"; then
ac_cv_prog_cc_g=no
fi
dnl
dnl C compiler checks
dnl
AC_ISC_POSIX
AC_PROG_CPP
dnl
dnl Libtool magic; enable shared libs and disable static libs
dnl
AC_CANONICAL_HOST
AC_CANONICAL_TARGET([])
AC_DISABLE_STATIC
AC_PROG_LIBTOOL
dnl
dnl Defer with_noexec until after libtool magic runs
dnl
if test "$enable_shared" = "no"; then
with_noexec=no
else
eval _shrext="$shrext_cmds"
fi
AC_MSG_CHECKING(path to sudo_noexec.so)
AC_ARG_WITH(noexec, [ --with-noexec[=PATH] fully qualified pathname of sudo_noexec.so],
[case $with_noexec in
yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
;;
no) ;;
*) ;;
esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
AC_MSG_RESULT($with_noexec)
NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
dnl
dnl It is now safe to modify CFLAGS and CPPFLAGS
dnl
if test "$with_devel" = "yes" -a -n "$GCC"; then
CFLAGS="${CFLAGS} -Wall"
fi
dnl
dnl Find programs we use
dnl
AC_CHECK_PROG(UNAMEPROG, uname, uname)
AC_CHECK_PROG(TRPROG, tr, tr)
AC_CHECK_PROG(NROFFPROG, nroff, nroff)
if test -z "$NROFFPROG"; then
MANTYPE="cat"
mansrcdir='$(srcdir)'
fi
dnl
dnl What kind of beastie are we being run on?
dnl Barf if config.cache was generated on another host.
dnl
if test -n "$sudo_cv_prev_host"; then
if test "$sudo_cv_prev_host" != "$host"; then
AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
else
AC_MSG_CHECKING(previous host type)
AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
AC_MSG_RESULT([$sudo_cv_prev_host])
fi
else
# this will produce no output since there is no cached value
AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
fi
dnl
dnl We want to be able to differentiate between different rev's
dnl
if test -n "$host_os"; then
OS=`echo $host_os | sed 's/[[0-9]].*//'`
OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'`
OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
else
OS="unknown"
OSREV=0
OSMAJOR=0
fi
case "$host" in
*-*-sunos4*)
# getcwd(3) opens a pipe to getpwd(1)!?!
BROKEN_GETCWD=1
# system headers lack prototypes but gcc helps...
if test -n "$GCC"; then
OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
fi
shadow_funcs="getpwanam issecure"
;;
*-*-solaris2*)
# To get the crypt(3) prototype (so we pass -Wall)
OSDEFS="${OSDEFS} -D__EXTENSIONS__"
# AFS support needs -lucb
if test "$with_AFS" = "yes"; then
AFS_LIBS="-lc -lucb"
fi
: ${mansectsu='1m'}
: ${mansectform='4'}
: ${with_rpath='yes'}
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
;;
*-*-aix*)
# To get all prototypes (so we pass -Wall)
OSDEFS="${OSDEFS} -D_XOPEN_EXTENDED_SOURCE -D_ALL_SOURCE"
SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
if test X"$with_blibpath" != X"no"; then
AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
O_LDFLAGS="$LDFLAGS"
LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [
if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
blibpath="$with_blibpath"
elif test -n "$GCC"; then
blibpath="/usr/lib:/lib:/usr/local/lib"
else
blibpath="/usr/lib:/lib"
fi
AC_MSG_RESULT(yes)
], [AC_MSG_RESULT(no)])
fi
LDFLAGS="$O_LDFLAGS"
# Use authenticate(3) as the default authentication method
if test X"$with_aixauth" = X""; then
AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
fi
;;
*-*-hiuxmpp*)
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-*-hpux*)
# AFS support needs -lBSD
if test "$with_AFS" = "yes"; then
AFS_LIBS="-lc -lBSD"
fi
: ${mansectsu='1m'}
: ${mansectform='4'}
case "$host" in
*-*-hpux[1-8].*)
AC_DEFINE(BROKEN_SYSLOG)
# Not sure if setuid binaries are safe in < 9.x
if test -n "$GCC"; then
SUDO_LDFLAGS="${SUDO_LDFLAGS} -static"
else
SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive"
fi
;;
*-*-hpux9.*)
AC_DEFINE(BROKEN_SYSLOG)
shadow_funcs="getspwuid"
# DCE support (requires ANSI C compiler)
if test "$with_DCE" = "yes"; then
# order of libs in 9.X is important. -lc_r must be last
SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r"
LIBS="${LIBS} -ldce -lM -lc_r"
CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
fi
;;
*-*-hpux10.*)
shadow_funcs="getprpwnam iscomsec"
shadow_libs="-lsec"
;;
*)
shadow_funcs="getspnam iscomsec"
shadow_libs="-lsec"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
;;
esac
;;
*-dec-osf*)
# ignore envariables wrt dynamic lib path
SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement"
AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
AC_ARG_ENABLE(sia,
[ --disable-sia Disable SIA on Digital UNIX],
[ case "$enableval" in
yes) AC_MSG_RESULT(no)
;;
no) AC_MSG_RESULT(yes)
CHECKSIA=false
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval])
;;
esac
], AC_MSG_RESULT(no))
shadow_funcs="getprpwnam dispcrypt"
# OSF/1 4.x and higher need -ldb too
if test $OSMAJOR -lt 4; then
shadow_libs="-lsecurity -laud -lm"
else
shadow_libs="-lsecurity -ldb -laud -lm"
fi
# use SIA by default, if we have it
test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
#
# Some versions of Digital Unix ship with a broken
# copy of prot.h, which we need for shadow passwords.
# XXX - make should remove this as part of distclean
#
AC_MSG_CHECKING([for broken prot.h])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <sys/security.h>
#include <prot.h>
]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
])
: ${mansectsu='8'}
: ${mansectform='4'}
;;
*-*-irix*)
OSDEFS="${OSDEFS} -D_BSD_TYPES"
if test -z "$NROFFPROG"; then
MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
if test -d /usr/share/catman/local; then
mandir="/usr/share/catman/local"
else
mandir="/usr/catman/local"
fi
fi
else
if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
if test -d "/usr/share/man/local"; then
mandir="/usr/share/man/local"
else
mandir="/usr/man/local"
fi
fi
fi
# IRIX <= 4 needs -lsun
if test "$OSMAJOR" -le 4; then
AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
fi
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-*-linux*)
OSDEFS="${OSDEFS} -D_GNU_SOURCE"
# Some Linux versions need to link with -lshadow
shadow_funcs="getspnam"
shadow_libs_optional="-lshadow"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
;;
*-convex-bsd*)
OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
if test -z "$GCC"; then
CFLAGS="${CFLAGS} -D__STDC__"
fi
shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
shadow_funcs="getprpwnam"
shadow_libs="-lprot"
;;
*-*-ultrix*)
OS="ultrix"
shadow_funcs="getauthuid"
shadow_libs="-lauth"
;;
*-*-riscos*)
LIBS="${LIBS} -lsun -lbsd"
CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
OSDEFS="${OSDEFS} -D_MIPS"
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-*-isc*)
OSDEFS="${OSDEFS} -D_ISC"
LIB_CRYPT=1
SUDO_LIBS="${SUDO_LIBS} -lcrypt"
LIBS="${LIBS} -lcrypt"
shadow_funcs="getspnam"
shadow_libs="-lsec"
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-*-sco*|*-sco-*)
shadow_funcs="getprpwnam"
shadow_libs="-lprot -lx"
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
m88k-motorola-sysv*)
# motorolla's cc (a variant of gcc) does -O but not -O2
CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-sequent-sysv*)
shadow_funcs="getspnam"
shadow_libs="-lsec"
: ${mansectsu='1m'}
: ${mansectform='4'}
: ${with_rpath='yes'}
;;
*-ncr-sysv4*|*-ncr-sysvr4*)
AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes])
: ${mansectsu='1m'}
: ${mansectform='4'}
: ${with_rpath='yes'}
;;
*-ccur-sysv4*|*-ccur-sysvr4*)
LIBS="${LIBS} -lgen"
SUDO_LIBS="${SUDO_LIBS} -lgen"
: ${mansectsu='1m'}
: ${mansectform='4'}
: ${with_rpath='yes'}
;;
*-*-bsdi*)
SKIP_SETREUID=yes
# Use shlicc for BSD/OS [23].x unless asked to do otherwise
if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then
case "$OSMAJOR" in
2|3) AC_MSG_NOTICE([using shlicc as CC])
ac_cv_prog_CC=shlicc
CC="$ac_cv_prog_CC"
;;
esac
fi
# Check for newer BSD auth API (just check for >= 3.0?)
if test -z "$with_bsdauth"; then
AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
fi
;;
*-*-freebsd*)
# FreeBSD has a real setreuid(2) starting with 2.1 and
# backported to 2.0.5. We just take 2.1 and above...
case "$OSREV" in
0.*|1.*|2.0*)
SKIP_SETREUID=yes
;;
esac
if test "$with_skey" = "yes"; then
SUDO_LIBS="${SUDO_LIBS} -lmd"
fi
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='maybe'}
;;
*-*-*openbsd*)
# OpenBSD has a real setreuid(2) starting with 3.3 but
# we will use setreuid(2) instead.
SKIP_SETREUID=yes
CHECKSHADOW="false"
# OpenBSD >= 3.0 supports BSD auth
if test -z "$with_bsdauth"; then
case "$OSREV" in
[0-2].*)
;;
*)
AUTH_EXCL_DEF="BSD_AUTH"
;;
esac
fi
: ${with_logincap='maybe'}
;;
*-*-*netbsd*)
# NetBSD has a real setreuid(2) starting with 1.3.2
case "$OSREV" in
0.9*|1.[012]*|1.3|1.3.1)
SKIP_SETREUID=yes
;;
esac
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='maybe'}
;;
*-*-dragonfly*)
if test "$with_skey" = "yes"; then
SUDO_LIBS="${SUDO_LIBS} -lmd"
fi
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='yes'}
;;
*-*-*bsd*)
CHECKSHADOW="false"
;;
*-*-darwin*)
SKIP_SETREUID=yes
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='yes'}
;;
*-*-nextstep*)
# lockf() on is broken on the NeXT -- use flock instead
ac_cv_func_lockf=no
ac_cv_func_flock=yes
;;
*-*-*sysv4*)
: ${mansectsu='1m'}
: ${mansectform='4'}
: ${with_rpath='yes'}
;;
*-*-sysv*)
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
*-gnu*)
OSDEFS="${OSDEFS} -D_GNU_SOURCE"
;;
esac
dnl
dnl Check for mixing mutually exclusive and regular auth methods
dnl
AUTH_REG=${AUTH_REG# }
AUTH_EXCL=${AUTH_EXCL# }
if test -n "$AUTH_EXCL"; then
set -- $AUTH_EXCL
if test $# != 1; then
AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL])
fi
if test -n "$AUTH_REG"; then
AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
fi
fi
dnl
dnl Only one of S/Key and OPIE may be specified
dnl
if test X"${with_skey}${with_opie}" = X"yesyes"; then
AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
fi
dnl
dnl Use BSD-style man sections by default
dnl
: ${mansectsu='8'}
: ${mansectform='5'}
dnl
dnl Add in any libpaths or libraries specified via configure
dnl
if test -n "$with_libpath"; then
for i in ${with_libpath}; do
SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
done
fi
if test -n "$with_libraries"; then
for i in ${with_libraries}; do
case $i in
-l*) ;;
*.a) ;;
*.o) ;;
*) i="-l${i}";;
esac
LIBS="${LIBS} ${i}"
done
fi
dnl
dnl C compiler checks (to be done after os checks)
dnl
AC_PROG_GCC_TRADITIONAL
AC_C_CONST
AC_C_VOLATILE
dnl
dnl Program checks
dnl
AC_PROG_YACC
SUDO_PROG_MV
SUDO_PROG_BSHELL
if test -z "$with_sendmail"; then
SUDO_PROG_SENDMAIL
fi
if test -z "$with_editor"; then
SUDO_PROG_VI
fi
dnl
dnl Header file checks
dnl
AC_HEADER_STDC
AC_HEADER_DIRENT
AC_HEADER_TIME
AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h)
AC_CHECK_HEADERS([err.h], [], [AC_LIBOBJ(err)])
dnl ultrix termio/termios are broken
if test "$OS" != "ultrix"; then
AC_SYS_POSIX_TERMIOS
if test "$ac_cv_sys_posix_termios" = "yes"; then
AC_DEFINE(HAVE_TERMIOS_H)
else
AC_CHECK_HEADERS(termio.h)
fi
fi
if test ${with_logincap-'no'} != "no"; then
AC_CHECK_HEADERS(login_cap.h)
fi
if test ${with_project-'no'} != "no"; then
AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H)
[SUDO_LIBS="${SUDO_LIBS} -lproject"], -)
fi
dnl
dnl typedef checks
dnl
AC_TYPE_MODE_T
AC_TYPE_UID_T
AC_CHECK_TYPES([sig_atomic_t], , [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
#include <signal.h>])
AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include <sys/types.h>
#include <signal.h>])
AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include <sys/types.h>
#if TIME_WITH_SYS_TIME
# include <sys/time.h>
# include <time.h>
#else
# include <sys/time.h>
#endif])
SUDO_TYPE_SIZE_T
SUDO_TYPE_SSIZE_T
SUDO_TYPE_DEV_T
SUDO_TYPE_INO_T
SUDO_FULL_VOID
SUDO_UID_T_LEN
SUDO_TYPE_LONG_LONG
SUDO_SOCK_SA_LEN
dnl
dnl only set RETSIGTYPE if it is not set already
dnl
case "$DEFS" in
*"RETSIGTYPE"*) ;;
*) AC_TYPE_SIGNAL;;
esac
dnl
dnl Function checks
dnl
AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
strftime setrlimit initgroups getgroups fstat gettimeofday \
setlocale getaddrinfo)
if test -z "$SKIP_SETRESUID"; then
AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
fi
if test -z "$SKIP_SETREUID"; then
AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
fi
if test -z "$SKIP_SETEUID"; then
AC_CHECK_FUNCS(seteuid)
fi
if test X"$with_interfaces" != X"no"; then
AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
fi
if test -z "$BROKEN_GETCWD"; then
AC_REPLACE_FUNCS(getcwd)
fi
AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h)
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <glob.h>]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB)
AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob)
AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)])
AC_CHECK_FUNCS(lockf flock, [break])
AC_CHECK_FUNCS(waitpid wait3, [break])
AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
AC_CHECK_FUNCS(lsearch, [], [AC_CHECK_LIB([compat], [lsearch], [AC_CHECK_HEADER([search.h], [AC_DEFINE(HAVE_LSEARCH)] [LIBS="${LIBS} -lcompat"], [AC_LIBOBJ(lsearch)], -)], [AC_LIBOBJ(lsearch)])])
AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)])
SUDO_FUNC_ISBLANK
AC_REPLACE_FUNCS(memrchr strerror strcasecmp sigaction strlcpy strlcat)
AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom)
AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [],
[ #include <limits.h>
#include <fcntl.h> ])
])
AC_CHECK_FUNCS(mkstemp, [], [SUDO_OBJS="${SUDO_OBJS} mkstemp.o"
AC_CHECK_FUNCS(random lrand48, [break])
])
AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
if test X"$ac_cv_type_struct_timespec" != X"no"; then
AC_CHECK_MEMBER([struct stat.st_mtim], AC_DEFINE(HAVE_ST_MTIM), [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
AC_MSG_CHECKING([for two-parameter timespecsub])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
#include <sys/time.h>]], [[struct timespec ts1, ts2;
ts1.tv_sec = 1; ts1.tv_nsec = 0; ts2.tv_sec = 0; ts2.tv_nsec = 0;
#ifndef timespecsub
#error missing timespecsub
#endif
timespecsub(&ts1, &ts2);]])], [AC_DEFINE(HAVE_TIMESPECSUB2)
AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)])
fi
dnl
dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
dnl
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
#include <$ac_header_dirent>]], [[DIR d; (void)dirfd(&d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_TRY_LINK([#include <sys/types.h>
#include <$ac_header_dirent>], [DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);], [AC_DEFINE(HAVE_DD_FD)])])
dnl
dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
dnl
if test -n "$NEED_SNPRINTF"; then
AC_LIBOBJ(snprintf)
fi
dnl
dnl If socket(2) not in libc, check -lsocket and -linet
dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
dnl In this case we look for main(), not socket() to avoid using a cached value
dnl
AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl)
AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))])
dnl
dnl If inet_addr(3) not in libc, check -lnsl and -linet
dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
dnl
AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl)
AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))])
dnl
dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
dnl
AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))])
dnl
dnl Bison and DCE use alloca(3), if not in libc, use the sudo one (from gcc)
dnl (gcc includes its own alloca(3) but other compilers may not)
dnl
if test "$with_DCE" = "yes" -o "$ac_cv_prog_YACC" = "bison -y"; then
AC_FUNC_ALLOCA
fi
dnl
dnl Check for getprogname() or __progname
dnl
AC_CHECK_FUNCS(getprogname, , [
AC_MSG_CHECKING([for __progname])
AC_CACHE_VAL(sudo_cv___progname, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
if test "$sudo_cv___progname" = "yes"; then
AC_DEFINE(HAVE___PROGNAME)
else
AC_LIBOBJ(getprogname)
fi
AC_MSG_RESULT($sudo_cv___progname)
])
dnl
dnl Mutually exclusive auth checks come first, followed by
dnl non-exclusive ones. Note: passwd must be last of all!
dnl
dnl
dnl Convert default authentication methods to with_* if
dnl no explicit authentication scheme was specified.
dnl
if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
for auth in $AUTH_EXCL_DEF; do
case $auth in
AIX_AUTH) with_aixauth=maybe;;
BSD_AUTH) with_bsdauth=maybe;;
PAM) with_pam=maybe;;
SIA) CHECKSIA=true;;
esac
done
fi
dnl
dnl PAM support. Systems that use PAM by default set with_pam=default
dnl and we do the actual tests here.
dnl
if test ${with_pam-"no"} != "no"; then
dnl
dnl Linux may need this
dnl
AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"])
ac_cv_lib_dl=ac_cv_lib_dl_main
dnl
dnl Some PAM implementations (MacOS X for example) put the PAM headers
dnl in /usr/include/pam instead of /usr/include/security...
dnl
AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break])
if test "$with_pam" = "yes"; then
AC_DEFINE(HAVE_PAM)
AUTH_OBJS="$AUTH_OBJS pam.o";
AUTH_EXCL=PAM
fi
fi
dnl
dnl AIX general authentication
dnl If set to "maybe" only enable if no other exclusive method in use.
dnl
if test ${with_aixauth-'no'} != "no"; then
if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
AC_MSG_NOTICE([using AIX general authentication])
AC_DEFINE(HAVE_AIXAUTH)
AUTH_OBJS="$AUTH_OBJS aix_auth.o";
SUDO_LIBS="${SUDO_LIBS} -ls"
AUTH_EXCL=AIX_AUTH
fi
fi
dnl
dnl BSD authentication
dnl If set to "maybe" only enable if no other exclusive method in use.
dnl
if test ${with_bsdauth-'no'} != "no"; then
AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
[AUTH_OBJS="$AUTH_OBJS bsdauth.o"]
[BSDAUTH_USAGE='[[-a auth_type]] ']
[AUTH_EXCL=BSD_AUTH],
[AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
fi
dnl
dnl SIA authentication for Tru64 Unix
dnl
if test ${CHECKSIA-'false'} = "true"; then
AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
if test "$found" = "true"; then
AUTH_EXCL=SIA
AUTH_OBJS="$AUTH_OBJS sia.o"
fi
fi
dnl
dnl extra FWTK libs + includes
dnl
if test ${with_fwtk-'no'} != "no"; then
if test "$with_fwtk" != "yes"; then
SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}])
CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
with_fwtk=yes
fi
SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall"
AUTH_OBJS="$AUTH_OBJS fwtk.o"
fi
dnl
dnl extra SecurID lib + includes
dnl
if test ${with_SecurID-'no'} != "no"; then
if test "$with_SecurID" != "yes"; then
:
elif test -d /usr/ace/examples; then
with_SecurID=/usr/ace/examples
else
with_SecurID=/usr/ace
fi
CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
_LDFLAGS="${LDFLAGS}"
SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
#
# Determine whether to use the new or old SecurID API
#
AC_CHECK_LIB(aceclnt, SD_Init,
[
AUTH_OBJS="$AUTH_OBJS securid5.o";
SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"
]
[
SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}])
], [
AUTH_OBJS="$AUTH_OBJS securid.o";
SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a"
],
[
-lpthread
]
)
LDFLAGS="${_LDFLAGS}"
fi
dnl
dnl Non-mutually exclusive auth checks come next.
dnl Note: passwd must be last of all!
dnl
dnl
dnl Convert default authentication methods to with_* if
dnl no explicit authentication scheme was specified.
dnl
if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
for auth in $AUTH_DEF; do
case $auth in
passwd) : ${with_passwd='maybe'};;
esac
done
fi
dnl
dnl Kerberos IV
dnl
if test ${with_kerb4-'no'} != "no"; then
AC_DEFINE(HAVE_KERB4)
dnl
dnl Use the specified directory, if any, else search for correct inc dir
dnl
O_LDFLAGS="$LDFLAGS"
if test "$with_kerb4" = "yes"; then
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
AC_PREPROC_IFELSE([#include <krb.h>], [found=yes; break])
done
test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
else
SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib])
SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib])
CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
AC_CHECK_HEADER([krb.h], [found=yes], [found=no])
fi
if test X"$found" = X"no"; then
AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
fi
dnl
dnl Check for -ldes vs. -ldes425
dnl
AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [
AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""])
])
dnl
dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV
dnl
AC_MSG_CHECKING(whether we are using KTH Kerberos IV)
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]], [[const char *tmp = krb4_version;]])], [
AC_MSG_RESULT(yes)
K4LIBS="${K4LIBS} -lcom_err"
AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"])
], [
AC_MSG_RESULT(no)
]
)
dnl
dnl The actual Kerberos IV lib might be -lkrb or -lkrb4
dnl
AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [
AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"],
[K4LIBS="-lkrb $K4LIBS"]
[AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])]
, [$K4LIBS])
], [$K4LIBS])
LDFLAGS="$O_LDFLAGS"
SUDO_LIBS="${SUDO_LIBS} $K4LIBS"
AUTH_OBJS="$AUTH_OBJS kerb4.o"
fi
dnl
dnl Kerberos V
dnl There is an easy way and a hard way...
dnl
if test ${with_kerb5-'no'} != "no"; then
AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
if test -n "$KRB5CONFIG"; then
AC_DEFINE(HAVE_KERB5)
AUTH_OBJS="$AUTH_OBJS kerb5.o"
CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`"
dnl
dnl Try to determine whether we have Heimdal or MIT Kerberos
dnl
AC_MSG_CHECKING(whether we are using Heimdal)
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_HEIMDAL)
], [
AC_MSG_RESULT(no)
]
)
fi
fi
if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then
AC_DEFINE(HAVE_KERB5)
dnl
dnl Use the specified directory, if any, else search for correct inc dir
dnl
if test "$with_kerb5" = "yes"; then
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
AC_PREPROC_IFELSE([#include <krb5.h>], [found=yes; break])
done
if test X"$found" = X"no"; then
CPPFLAGS="$O_CPPFLAGS"
AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
fi
else
dnl XXX - try to include krb5.h here too
SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib])
CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
fi
dnl
dnl Try to determine whether we have Heimdal or MIT Kerberos
dnl
AC_MSG_CHECKING(whether we are using Heimdal)
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_HEIMDAL)
SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"])
], [
AC_MSG_RESULT(no)
SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
])
AUTH_OBJS="$AUTH_OBJS kerb5.o"
_LIBS="$LIBS"
LIBS="${LIBS} ${SUDO_LIBS}"
AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
LIBS="$_LIBS"
fi
dnl
dnl Some systems put login_cap(3) in libutil
dnl
if test ${with_logincap-'no'} = "yes"; then
case "$OS" in
freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
;;
esac
fi
dnl
dnl extra AFS libs and includes
dnl
if test ${with_AFS-'no'} = "yes"; then
# looks like the "standard" place for AFS libs is /usr/afsws/lib
AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
for i in $AFSLIBDIRS; do
if test -d ${i}; then
SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i])
FOUND_AFSLIBDIR=true
fi
done
if test -z "$FOUND_AFSLIBDIR"; then
AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.])
fi
# Order is important here. Note that we build AFS_LIBS from right to left
# since AFS_LIBS may be initialized with BSD compat libs that must go last
AFS_LIBS="-laudit ${AFS_LIBS}"
for i in $AFSLIBDIRS; do
if test -f ${i}/util.a; then
AFS_LIBS="${i}/util.a ${AFS_LIBS}"
FOUND_UTIL_A=true
break;
fi
done
if test -z "$FOUND_UTIL_A"; then
AFS_LIBS="-lutil ${AFS_LIBS}"
fi
AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
# AFS includes may live in /usr/include on some machines...
for i in /usr/afsws/include; do
if test -d ${i}; then
CPPFLAGS="${CPPFLAGS} -I${i}"
FOUND_AFSINCDIR=true
fi
done
if test -z "$FOUND_AFSLIBDIR"; then
AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
fi
AUTH_OBJS="$AUTH_OBJS afs.o"
fi
dnl
dnl extra DCE obj + lib
dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
dnl
if test ${with_DCE-'no'} = "yes"; then
DCE_OBJS="${DCE_OBJS} dce_pwent.o"
SUDO_LIBS="${SUDO_LIBS} -ldce"
AUTH_OBJS="$AUTH_OBJS dce.o"
fi
dnl
dnl extra S/Key lib and includes
dnl
if test ${with_skey-'no'} = "yes"; then
O_LDFLAGS="$LDFLAGS"
if test "$with_skey" != "yes"; then
CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib])
AC_PREPROC_IFELSE([#include <skey.h>], [found=yes], [found=no])
else
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "/usr/local" "/usr/contrib"; do
test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
AC_PREPROC_IFELSE([#include <skey.h>], [found=yes; break])
done
if test "$found" = "no" -o -z "$dir"; then
CPPFLAGS="$O_CPPFLAGS"
else
SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
fi
fi
if test "$found" = "no"; then
AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
fi
AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])])
AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
LDFLAGS="$O_LDFLAGS"
SUDO_LIBS="${SUDO_LIBS} -lskey"
AUTH_OBJS="$AUTH_OBJS rfc1938.o"
fi
dnl
dnl extra OPIE lib and includes
dnl
if test ${with_opie-'no'} = "yes"; then
O_LDFLAGS="$LDFLAGS"
if test "$with_opie" != "yes"; then
CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib])
AC_PREPROC_IFELSE([#include <opie.h>], [found=yes], [found=no])
else
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "/usr/local" "/usr/contrib"; do
test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
AC_PREPROC_IFELSE([#include <opie.h>], [found=yes; break])
done
if test "$found" = "no" -o -z "$dir"; then
CPPFLAGS="$O_CPPFLAGS"
else
SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
fi
fi
if test "$found" = "no"; then
AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
fi
AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])])
LDFLAGS="$O_LDFLAGS"
SUDO_LIBS="${SUDO_LIBS} -lopie"
AUTH_OBJS="$AUTH_OBJS rfc1938.o"
fi
dnl
dnl Check for shadow password routines if we have not already done so.
dnl If there is a specific list of functions to check we do that first.
dnl Otherwise, we check for SVR4-style and then SecureWare-style.
dnl
if test ${with_passwd-'no'} != "no"; then
dnl
dnl if crypt(3) not in libc, look elsewhere
dnl
if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then
AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
fi
if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
_LIBS="$LIBS"
LIBS="$LIBS $shadow_libs"
found=no
AC_CHECK_FUNCS($shadow_funcs, [found=yes])
if test "$found" = "yes"; then
SUDO_LIBS="$SUDO_LIBS $shadow_libs"
elif test -n "$shadow_libs_optional"; then
LIBS="$LIBS $shadow_libs_optional"
AC_CHECK_FUNCS($shadow_funcs, [found=yes])
if test "$found" = "yes"; then
SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional"
fi
fi
if test "$found" = "yes"; then
case "$shadow_funcs" in
*getprpwnam*) SECUREWARE=1;;
esac
test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
else
LIBS="$_LIBS"
fi
CHECKSHADOW=false
fi
if test "$CHECKSHADOW" = "true"; then
AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
fi
if test "$CHECKSHADOW" = "true"; then
AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
fi
if test -n "$SECUREWARE"; then
AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
AUTH_OBJS="$AUTH_OBJS secureware.o"
fi
fi
dnl
dnl extra lib and .o file for LDAP support
dnl
if test ${with_ldap-'no'} != "no"; then
_LDFLAGS="$LDFLAGS"
if test "$with_ldap" != "yes"; then
SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib])
SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
with_ldap=yes
fi
SUDO_OBJS="${SUDO_OBJS} ldap.o"
AC_MSG_CHECKING([for LDAP libraries])
LDAP_LIBS=""
_LIBS="$LIBS"
found=no
for l in -lldap -llber '-lssl -lcrypto'; do
LIBS="${LIBS} $l"
LDAP_LIBS="${LDAP_LIBS} $l"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
#include <lber.h>
#include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
done
dnl if nothing linked just try with -lldap
if test "$found" = "no"; then
LDAP_LIBS=" -lldap"
AC_MSG_RESULT([not found, using -lldap])
else
AC_MSG_RESULT([$LDAP_LIBS])
fi
dnl try again w/o explicitly including lber.h
AC_MSG_CHECKING([whether lber.h is needed])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
#include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
AC_MSG_RESULT([yes])
AC_DEFINE(HAVE_LBER_H)])
AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s)
SUDO_LIBS="${SUDO_LIBS}${LDAP_LIBS}"
LIBS="$_LIBS"
LDFLAGS="$_LDFLAGS"
# XXX - OpenLDAP has deprecated ldap_get_values()
CPPFLAGS="${CPPFLAGS} -DLDAP_DEPRECATED"
fi
dnl
dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we
dnl added -L dirpaths to SUDO_LDFLAGS.
dnl
if test -n "$blibpath"; then
if test -n "$blibpath_add"; then
SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}"
fi
fi
dnl
dnl Check for log file and timestamp locations
dnl
SUDO_LOGFILE
SUDO_TIMEDIR
dnl
dnl Use passwd (and secureware) auth modules?
dnl
case "$with_passwd" in
yes|maybe)
AUTH_OBJS="$AUTH_OBJS passwd.o"
;;
*)
AC_DEFINE(WITHOUT_PASSWD)
if test -z "$AUTH_OBJS"; then
AC_MSG_ERROR([no authentication methods defined.])
fi
;;
esac
AUTH_OBJS=${AUTH_OBJS# }
_AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'`
AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
dnl
dnl LIBS may contain duplicates from SUDO_LIBS or NET_LIBS so prune it.
dnl
if test -n "$LIBS"; then
L="$LIBS"
LIBS=
for l in ${L}; do
dupe=0
for sl in ${SUDO_LIBS} ${NET_LIBS}; do
test $l = $sl && dupe=1
done
test $dupe = 0 && LIBS="${LIBS} $l"
done
fi
dnl
dnl Set exec_prefix
dnl
test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
dnl
dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
dnl XXX - this is gross!
dnl
if test "$with_noexec" != "no"; then
PROGS="${PROGS} sudo_noexec.la"
INSTALL_NOEXEC="install-noexec"
oexec_prefix="$exec_prefix"
if test "$exec_prefix" = '$(prefix)'; then
if test "$prefix" = "NONE"; then
exec_prefix="$ac_default_prefix"
else
exec_prefix="$prefix"
fi
fi
eval noexec_file="$with_noexec"
AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
exec_prefix="$oexec_prefix"
fi
dnl
dnl Substitute into the Makefile and man pages
dnl
AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man])
AC_OUTPUT
dnl
dnl Spew any text the user needs to know about
dnl
if test "$with_pam" = "yes"; then
case $host in
*-*-linux*)
AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
;;
esac
fi
dnl
dnl Autoheader templates
dnl
AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.])
AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)])
AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)])
AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.])
AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
AH_TEMPLATE(HAVE_SIA, [Define to 1 if you use SIA authentication.])
AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.])
AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h])
AH_TEMPLATE(HAVE_TIMESPECSUB2, [Define to 1 if you have a timespecsub macro or function that takes two arguments (not three)])
AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
AH_TEMPLATE(USE_TTY_TICKETS, [Define to 1 if you want a different ticket file for each tty.])
AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
dnl
dnl Bits to copy verbatim into config.h.in
dnl
AH_TOP([#ifndef _SUDO_CONFIG_H
#define _SUDO_CONFIG_H])
AH_BOTTOM([/*
* Macros to pull sec and nsec parts of mtime from struct stat.
* We need to be able to convert between timeval and timespec
* so the last 3 digits of tv_nsec are not significant.
*/
#ifdef HAVE_ST_MTIM
# define mtim_getsec(_x) ((_x).st_mtim.tv_sec)
# define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000)
#else
# ifdef HAVE_ST_MTIMESPEC
# define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec)
# define mtim_getnsec(_x) (((_x).st_mtimespec.tv_nsec / 1000) * 1000)
# else
# define mtim_getsec(_x) ((_x).st_mtime)
# define mtim_getnsec(_x) (0)
# endif /* HAVE_ST_MTIMESPEC */
#endif /* HAVE_ST_MTIM */
/*
* Emulate a subset of waitpid() if we don't have it.
*/
#ifdef HAVE_WAITPID
# define sudo_waitpid(p, s, o) waitpid(p, s, o)
#else
# ifdef HAVE_WAIT3
# define sudo_waitpid(p, s, o) wait3(s, o, NULL)
# endif
#endif
/* GNU stow needs /etc/sudoers to be a symlink. */
#ifdef USE_STOW
# define stat_sudoers stat
#else
# define stat_sudoers lstat
#endif
/* Macros to set/clear/test flags. */
#undef SET
#define SET(t, f) ((t) |= (f))
#undef CLR
#define CLR(t, f) ((t) &= ~(f))
#undef ISSET
#define ISSET(t, f) ((t) & (f))
/* New ANSI-style OS defs for HP-UX and ConvexOS. */
#if defined(hpux) && !defined(__hpux)
# define __hpux 1
#endif /* hpux */
#if defined(convex) && !defined(__convex__)
# define __convex__ 1
#endif /* convex */
/* BSD compatibility on some SVR4 systems. */
#ifdef __svr4__
# define BSD_COMP
#endif /* __svr4__ */
#endif /* _SUDO_CONFIG_H */])