2 dnl Process this file with GNU autoconf to produce a configure script.
3 dnl $Sudo: configure.in,v 1.420 2004/09/08 15:49:25 millert Exp $
5 dnl Copyright (c) 1994-1996,1998-2004 Todd C. Miller <Todd.Miller@courtesan.com>
8 AC_CONFIG_HEADER(config.h pathnames.h)
10 dnl This won't work before AC_INIT()
12 AC_MSG_NOTICE([Configuring Sudo version 1.6.8])
14 dnl Variables that get substituted in the Makefile and man pages
21 AC_SUBST(SUDO_LDFLAGS)dnl
22 AC_SUBST(SUDO_OBJS)dnl
24 AC_SUBST(SUDO_LIBS)dnl
28 AC_SUBST(AUTH_OBJS)dnl
30 AC_SUBST(MAN_POSTINSTALL)dnl
31 AC_SUBST(SUDOERS_MODE)dnl
32 AC_SUBST(SUDOERS_UID)dnl
33 AC_SUBST(SUDOERS_GID)dnl
40 AC_SUBST(INSTALL_NOEXEC)
42 dnl Variables that get substituted in docs (not overridden by environment)
44 AC_SUBST(timedir)dnl initial value from SUDO_TIMEDIR
46 AC_SUBST(password_timeout)
49 AC_SUBST(long_otp_prompt)
56 AC_SUBST(mail_no_user)
57 AC_SUBST(mail_no_host)
58 AC_SUBST(mail_no_perms)
61 AC_SUBST(badpass_message)
63 AC_SUBST(runas_default)
65 AC_SUBST(passwd_tries)
70 dnl Initial values for above
75 passprompt="Password:"
87 mailsub='*** SECURITY information for %h ***'
88 badpass_message='Sorry, try again.'
98 dnl Initial values for Makefile variables listed above
99 dnl May be overridden by environment variables..
102 test -n "$MANTYPE" || MANTYPE="man"
103 test -n "$mansrcdir" || mansrcdir="."
104 test -n "$SUDOERS_MODE" || SUDOERS_MODE=0440
105 test -n "$SUDOERS_UID" || SUDOERS_UID=0
106 test -n "$SUDOERS_GID" || SUDOERS_GID=0
116 dnl Override default configure dirs...
118 test "$mandir" = '${prefix}/man' && mandir='$(prefix)/man'
119 test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
120 test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
121 test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
124 dnl Deprecated --with options (these all warn or generate an error)
127 AC_ARG_WITH(otp-only, [ --with-otp-only deprecated],
128 [case $with_otp_only in
130 AC_DEFINE(WITHOUT_PASSWD)
131 AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
135 AC_ARG_WITH(alertmail, [ --with-alertmail deprecated],
136 [case $with_alertmail in
137 *) with_mailto="$with_alertmail"
138 AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
143 dnl Options for --with
146 AC_ARG_WITH(CC, [ --with-CC C compiler to use],
148 yes) AC_MSG_ERROR(["must give --with-CC an argument."])
150 no) AC_MSG_ERROR(["illegal argument: --without-CC."])
156 AC_ARG_WITH(rpath, [ --with-rpath pass -R flag in addition to -L for lib paths],
160 *) AC_MSG_ERROR(["--with-rpath does not take an argument."])
164 AC_ARG_WITH(blibpath, [ --with-blibpath[=PATH] pass -blibpath flag to ld for additional lib paths],
165 [case $with_blibpath in
168 *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
172 AC_ARG_WITH(incpath, [ --with-incpath additional places to look for include files],
173 [case $with_incpath in
174 yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
176 no) AC_MSG_ERROR(["--without-incpath not supported."])
178 *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
179 for i in ${with_incpath}; do
180 CPPFLAGS="${CPPFLAGS} -I${i}"
185 AC_ARG_WITH(libpath, [ --with-libpath additional places to look for libraries],
186 [case $with_libpath in
187 yes) AC_MSG_ERROR(["must give --with-libpath an argument."])
189 no) AC_MSG_ERROR(["--without-libpath not supported."])
191 *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS])
195 AC_ARG_WITH(libraries, [ --with-libraries additional libraries to link with],
196 [case $with_libraries in
197 yes) AC_MSG_ERROR(["must give --with-libraries an argument."])
199 no) AC_MSG_ERROR(["--without-libraries not supported."])
201 *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS])
205 AC_ARG_WITH(devel, [ --with-devel add development options],
207 yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
208 PROGS="${PROGS} testsudoers"
209 OSDEFS="${OSDEFS} -DSUDO_DEVEL"
213 *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
217 AC_ARG_WITH(efence, [ --with-efence link with -lefence for malloc() debugging],
218 [case $with_efence in
219 yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
220 LIBS="${LIBS} -lefence"
221 if test -f /usr/local/lib/libefence.a; then
222 with_libpath="${with_libpath} /usr/local/lib"
226 *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence])
230 AC_ARG_WITH(csops, [ --with-csops add CSOps standard options],
232 yes) AC_MSG_NOTICE([Adding CSOps standard options])
236 with_classic_insults=yes
237 with_csops_insults=yes
239 test -n "$mansectsu" || mansectsu=8
240 test -n "$mansectform" || mansectform=5
243 *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
247 AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for authentication],
248 [case $with_passwd in
250 no) AC_DEFINE(WITHOUT_PASSWD)
251 AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
254 *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
258 AC_ARG_WITH(skey, [ --with-skey[=DIR] enable S/Key support ],
261 *) if test -n "$with_opie"; then
262 AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
265 AC_MSG_CHECKING(whether to try S/Key authentication)
267 AUTH_OBJS="${AUTH_OBJS} rfc1938.o"
271 AC_ARG_WITH(opie, [ --with-opie[=DIR] enable OPIE support ],
274 *) if test -n "$with_skey"; then
275 AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
278 AC_MSG_CHECKING(whether to try NRL OPIE authentication)
280 AUTH_OBJS="${AUTH_OBJS} rfc1938.o"
284 AC_ARG_WITH(long-otp-prompt, [ --with-long-otp-prompt use a two line OTP (skey/opie) prompt],
285 [case $with_long_otp_prompt in
286 yes) AC_DEFINE(LONG_OTP_PROMPT)
287 AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
291 no) long_otp_prompt=off
293 *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."])
297 AC_ARG_WITH(SecurID, [ --with-SecurID[[=DIR]] enable SecurID support],
298 [case $with_SecurID in
299 no) with_SecurID="";;
300 *) AC_DEFINE(HAVE_SECURID)
301 AC_MSG_CHECKING(whether to use SecurID for authentication)
307 AC_ARG_WITH(fwtk, [ --with-fwtk[[=DIR]] enable FWTK AuthSRV support],
310 *) AC_DEFINE(HAVE_FWTK)
311 AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
318 AC_ARG_WITH(kerb4, [ --with-kerb4[[=DIR]] enable Kerberos IV support],
321 *) AC_MSG_CHECKING(whether to try kerberos IV authentication)
326 AC_ARG_WITH(kerb5, [ --with-kerb5[[=DIR]] enable Kerberos V support],
329 *) AC_MSG_CHECKING(whether to try Kerberos V authentication)
334 AC_ARG_WITH(authenticate, [ --with-authenticate enable AIX general authentication support],
335 [case $with_authenticate in
336 yes) AC_DEFINE(HAVE_AUTHENTICATE)
337 AC_MSG_CHECKING(whether to use AIX general authentication)
340 AUTH_OBJS="aix_auth.o"
343 *) AC_MSG_ERROR(["--with-authenticate does not take an argument."])
347 AC_ARG_WITH(pam, [ --with-pam enable PAM support],
349 yes) AC_DEFINE(HAVE_PAM)
350 AC_MSG_CHECKING(whether to use PAM authentication)
356 *) AC_MSG_ERROR(["--with-pam does not take an argument."])
360 AC_ARG_WITH(AFS, [ --with-AFS enable AFS support],
362 yes) AC_DEFINE(HAVE_AFS)
363 AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
365 AUTH_OBJS="${AUTH_OBJS} afs.o"
368 *) AC_MSG_ERROR(["--with-AFS does not take an argument."])
372 AC_ARG_WITH(DCE, [ --with-DCE enable DCE support],
374 yes) AC_DEFINE(HAVE_DCE)
375 AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
377 AUTH_OBJS="${AUTH_OBJS} dce.o"
380 *) AC_MSG_ERROR(["--with-DCE does not take an argument."])
384 AC_ARG_WITH(logincap, [ --with-logincap enable BSD login class support],
385 [case $with_logincap in
387 *) AC_MSG_ERROR(["--with-logincap does not take an argument."])
391 AC_ARG_WITH(bsdauth, [ --with-bsdauth enable BSD authentication support],
392 [case $with_bsdauth in
393 yes) with_logincap=yes
396 *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
400 AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
401 AC_ARG_WITH(lecture, [ --without-lecture don't print lecture for first-time sudoer],
402 [case $with_lecture in
403 yes|short|always) lecture=once
405 no|none|never) lecture=never
407 *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"])
410 if test "$lecture" = "once"; then
413 AC_DEFINE(NO_LECTURE)
417 AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
418 AC_ARG_WITH(logging, [ --with-logging log via syslog, file, or both],
419 [case $with_logging in
420 yes) AC_MSG_ERROR(["must give --with-logging an argument."])
422 no) AC_MSG_ERROR(["--without-logging not supported."])
424 syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG)
425 AC_MSG_RESULT(syslog)
427 file) AC_DEFINE(LOGGING, SLOG_FILE)
430 both) AC_DEFINE(LOGGING, SLOG_BOTH)
433 *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"])
435 esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
437 AC_MSG_CHECKING(which syslog facility sudo should log with)
438 AC_ARG_WITH(logfac, [ --with-logfac syslog facility to log with (default is "local2")],
439 [case $with_logfac in
440 yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
442 no) AC_MSG_ERROR(["--without-logfac not supported."])
444 authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac
446 *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
449 AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
450 AC_MSG_RESULT($logfac)
452 AC_MSG_CHECKING(at which syslog priority to log commands)
453 AC_ARG_WITH(goodpri, [ --with-goodpri syslog priority for commands (def is "notice")],
454 [case $with_goodpri in
455 yes) AC_MSG_ERROR(["must give --with-goodpri an argument."])
457 no) AC_MSG_ERROR(["--without-goodpri not supported."])
459 alert|crit|debug|emerg|err|info|notice|warning)
460 goodpri=$with_goodpri
462 *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."])
465 AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
466 AC_MSG_RESULT($goodpri)
468 AC_MSG_CHECKING(at which syslog priority to log failures)
469 AC_ARG_WITH(badpri, [ --with-badpri syslog priority for failures (def is "alert")],
470 [case $with_badpri in
471 yes) AC_MSG_ERROR(["must give --with-badpri an argument."])
473 no) AC_MSG_ERROR(["--without-badpri not supported."])
475 alert|crit|debug|emerg|err|info|notice|warning)
478 *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
481 AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
482 AC_MSG_RESULT($badpri)
484 AC_ARG_WITH(logpath, [ --with-logpath path to the sudo log file],
485 [case $with_logpath in
486 yes) AC_MSG_ERROR(["must give --with-logpath an argument."])
488 no) AC_MSG_ERROR(["--without-logpath not supported."])
492 AC_MSG_CHECKING(how long a line in the log file should be)
493 AC_ARG_WITH(loglen, [ --with-loglen maximum length of a log file line (default is 80)],
494 [case $with_loglen in
495 yes) AC_MSG_ERROR(["must give --with-loglen an argument."])
497 no) AC_MSG_ERROR(["--without-loglen not supported."])
499 [[0-9]]*) loglen=$with_loglen
501 *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"])
504 AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
505 AC_MSG_RESULT($loglen)
507 AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
508 AC_ARG_WITH(ignore-dot, [ --with-ignore-dot ignore '.' in the PATH],
509 [case $with_ignore_dot in
514 *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."])
517 if test "$ignore_dot" = "on"; then
518 AC_DEFINE(IGNORE_DOT_PATH)
524 AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
525 AC_ARG_WITH(mail-if-no-user, [ --without-mail-if-no-user do not send mail if user not in sudoers],
526 [case $with_mail_if_no_user in
531 *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."])
534 if test "$mail_no_user" = "on"; then
535 AC_DEFINE(SEND_MAIL_WHEN_NO_USER)
541 AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
542 AC_ARG_WITH(mail-if-no-host, [ --with-mail-if-no-host send mail if user in sudoers but not for this host],
543 [case $with_mail_if_no_host in
548 *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."])
551 if test "$mail_no_host" = "on"; then
552 AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
558 AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
559 AC_ARG_WITH(mail-if-noperms, [ --with-mail-if-noperms send mail if user not allowed to run command],
560 [case $with_mail_if_noperms in
565 *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."])
568 if test "$mail_noperms" = "on"; then
569 AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
575 AC_MSG_CHECKING(who should get the mail that sudo sends)
576 AC_ARG_WITH(mailto, [ --with-mailto who should get sudo mail (default is "root")],
577 [case $with_mailto in
578 yes) AC_MSG_ERROR(["must give --with-mailto an argument."])
580 no) AC_MSG_ERROR(["--without-mailto not supported."])
582 *) mailto=$with_mailto
585 AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
586 AC_MSG_RESULT([$mailto])
588 AC_ARG_WITH(mailsubject, [ --with-mailsubject subject of sudo mail],
589 [case $with_mailsubject in
590 yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."])
592 no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.])
594 *) mailsub="$with_mailsubject"
595 AC_MSG_CHECKING(sudo mail subject)
596 AC_MSG_RESULT([Using alert mail subject: $mailsub])
599 AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
601 AC_MSG_CHECKING(for bad password prompt)
602 AC_ARG_WITH(passprompt, [ --with-passprompt default password prompt],
603 [case $with_passprompt in
604 yes) AC_MSG_ERROR(["must give --with-passprompt an argument."])
606 no) AC_MSG_WARN([Sorry, --without-passprompt not supported.])
608 *) passprompt="$with_passprompt"
610 AC_MSG_RESULT($passprompt)
611 AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
613 AC_MSG_CHECKING(for bad password message)
614 AC_ARG_WITH(badpass-message, [ --with-badpass-message message the user sees when the password is wrong],
615 [case $with_badpass_message in
616 yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
618 no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.])
620 *) badpass_message="$with_badpass_message"
623 AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
624 AC_MSG_RESULT([$badpass_message])
626 AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
627 AC_ARG_WITH(fqdn, [ --with-fqdn expect fully qualified hosts in sudoers],
633 *) AC_MSG_ERROR(["--with-fqdn does not take an argument."])
636 if test "$fqdn" = "on"; then
643 AC_ARG_WITH(timedir, [ --with-timedir path to the sudo timestamp dir],
644 [case $with_timedir in
645 yes) AC_MSG_ERROR(["must give --with-timedir an argument."])
647 no) AC_MSG_ERROR(["--without-timedir not supported."])
651 AC_ARG_WITH(sendmail, [ --with-sendmail=path set path to sendmail
652 --without-sendmail do not send mail at all],
653 [case $with_sendmail in
654 yes) with_sendmail=""
657 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
661 AC_ARG_WITH(sudoers-mode, [ --with-sudoers-mode mode of sudoers file (defaults to 0440)],
662 [case $with_sudoers_mode in
663 yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
665 no) AC_MSG_ERROR(["--without-sudoers-mode not supported."])
667 [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode}
669 0*) SUDOERS_MODE=$with_sudoers_mode
671 *) AC_MSG_ERROR(["you must use an octal mode, not a name."])
675 AC_ARG_WITH(sudoers-uid, [ --with-sudoers-uid uid that owns sudoers file (defaults to 0)],
676 [case $with_sudoers_uid in
677 yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
679 no) AC_MSG_ERROR(["--without-sudoers-uid not supported."])
681 [[0-9]]*) SUDOERS_UID=$with_sudoers_uid
683 *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."])
687 AC_ARG_WITH(sudoers-gid, [ --with-sudoers-gid gid that owns sudoers file (defaults to 0)],
688 [case $with_sudoers_gid in
689 yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
691 no) AC_MSG_ERROR(["--without-sudoers-gid not supported."])
693 [[0-9]]*) SUDOERS_GID=$with_sudoers_gid
695 *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."])
699 AC_MSG_CHECKING(for umask programs should be run with)
700 AC_ARG_WITH(umask, [ --with-umask umask with which the prog should run (default is 022)
701 --without-umask Preserves the umask of the user invoking sudo.],
703 yes) AC_MSG_ERROR(["must give --with-umask an argument."])
707 [[0-9]]*) sudo_umask=$with_umask
709 *) AC_MSG_ERROR(["you must enter a numeric mask."])
712 AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.])
713 if test "$sudo_umask" = "0777"; then
716 AC_MSG_RESULT($sudo_umask)
719 AC_MSG_CHECKING(for default user to run commands as)
720 AC_ARG_WITH(runas-default, [ --with-runas-default User to run commands as (default is "root")],
721 [case $with_runas_default in
722 yes) AC_MSG_ERROR(["must give --with-runas-default an argument."])
724 no) AC_MSG_ERROR(["--without-runas-default not supported."])
726 *) runas_default="$with_runas_default"
729 AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
730 AC_MSG_RESULT([$runas_default])
732 AC_ARG_WITH(exempt, [ --with-exempt=group no passwd needed for users in this group],
733 [case $with_exempt in
734 yes) AC_MSG_ERROR(["must give --with-exempt an argument."])
736 no) AC_MSG_ERROR(["--without-exempt not supported."])
738 *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
739 AC_MSG_CHECKING(for group to be exempt from password)
740 AC_MSG_RESULT([$with_exempt])
744 AC_MSG_CHECKING(for editor that visudo should use)
745 AC_ARG_WITH(editor, [ --with-editor=path Default editor for visudo (defaults to vi)],
746 [case $with_editor in
747 yes) AC_MSG_ERROR(["must give --with-editor an argument."])
749 no) AC_MSG_ERROR(["--without-editor not supported."])
751 *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
752 AC_MSG_RESULT([$with_editor])
754 esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
756 AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
757 AC_ARG_WITH(env-editor, [ --with-env-editor Use the environment variable EDITOR for visudo],
758 [case $with_env_editor in
763 *) AC_MSG_ERROR(["--with-env-editor does not take an argument."])
766 if test "$env_editor" = "on"; then
767 AC_DEFINE(ENV_EDITOR)
773 AC_MSG_CHECKING(number of tries a user gets to enter their password)
774 AC_ARG_WITH(passwd-tries, [ --with-passwd-tries number of tries to enter password (default is 3)],
775 [case $with_passwd_tries in
777 no) AC_MSG_ERROR(["--without-editor not supported."])
779 [[1-9]]*) passwd_tries=$with_passwd_tries
781 *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"])
784 AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
785 AC_MSG_RESULT($passwd_tries)
787 AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
788 AC_ARG_WITH(timeout, [ --with-timeout minutes before sudo asks for passwd again (def is 5 minutes)],
789 [case $with_timeout in
793 [[0-9]]*) timeout=$with_timeout
795 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
798 AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
799 AC_MSG_RESULT($timeout)
801 AC_MSG_CHECKING(time in minutes after the password prompt will time out)
802 AC_ARG_WITH(password-timeout, [ --with-password-timeout passwd prompt timeout in minutes (default is 5 minutes)],
803 [case $with_password_timeout in
805 no) password_timeout=0
807 [[0-9]]*) password_timeout=$with_password_timeout
809 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
812 AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
813 AC_MSG_RESULT($password_timeout)
815 AC_ARG_WITH(execv, [ --with-execv use execv() instead of execvp()],
817 yes) AC_MSG_CHECKING(whether to use execvp or execv)
822 *) AC_MSG_ERROR(["--with-execv does not take an argument."])
826 AC_MSG_CHECKING(whether to use per-tty ticket files)
827 AC_ARG_WITH(tty-tickets, [ --with-tty-tickets use a different ticket file for each tty],
828 [case $with_tty_tickets in
833 *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
836 if test "$tty_tickets" = "on"; then
837 AC_DEFINE(USE_TTY_TICKETS)
843 AC_MSG_CHECKING(whether to include insults)
844 AC_ARG_WITH(insults, [ --with-insults insult the user for entering an incorrect password],
845 [case $with_insults in
847 with_classic_insults=yes
848 with_csops_insults=yes
852 *) AC_MSG_ERROR(["--with-insults does not take an argument."])
855 if test "$insults" = "on"; then
856 AC_DEFINE(USE_INSULTS)
862 AC_ARG_WITH(all-insults, [ --with-all-insults include all the sudo insult sets],
863 [case $with_all_insults in
864 yes) with_classic_insults=yes
865 with_csops_insults=yes
867 with_goons_insults=yes
870 *) AC_MSG_ERROR(["--with-all-insults does not take an argument."])
874 AC_ARG_WITH(classic-insults, [ --with-classic-insults include the insults from the "classic" sudo],
875 [case $with_classic_insults in
876 yes) AC_DEFINE(CLASSIC_INSULTS)
879 *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."])
883 AC_ARG_WITH(csops-insults, [ --with-csops-insults include CSOps insults],
884 [case $with_csops_insults in
885 yes) AC_DEFINE(CSOPS_INSULTS)
888 *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."])
892 AC_ARG_WITH(hal-insults, [ --with-hal-insults include 2001-like insults],
893 [case $with_hal_insults in
894 yes) AC_DEFINE(HAL_INSULTS)
897 *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."])
901 AC_ARG_WITH(goons-insults, [ --with-goons-insults include the insults from the "Goon Show"],
902 [case $with_goons_insults in
903 yes) AC_DEFINE(GOONS_INSULTS)
906 *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."])
910 AC_ARG_WITH(ldap, [ --with-ldap[[=DIR]] enable LDAP support],
913 *) AC_DEFINE(HAVE_LDAP)
914 AC_MSG_CHECKING(whether to use sudoers from LDAP)
918 AC_ARG_WITH(ldap-conf-file, [ --with-ldap-conf-file path to LDAP configuration file],
919 [AC_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$with_ldap_conf_file", [Path to the ldap.conf file])])
921 AC_ARG_WITH(pc-insults, [ --with-pc-insults replace politically incorrect insults with less offensive ones],
922 [case $with_pc_insults in
923 yes) AC_DEFINE(PC_INSULTS)
926 *) AC_MSG_ERROR(["--with-pc-insults does not take an argument."])
930 dnl include all insult sets on one line
931 if test "$insults" = "on"; then
932 AC_MSG_CHECKING(which insult sets to include)
934 test "$with_goons_insults" = "yes" && i="goons ${i}"
935 test "$with_hal_insults" = "yes" && i="hal ${i}"
936 test "$with_csops_insults" = "yes" && i="csops ${i}"
937 test "$with_classic_insults" = "yes" && i="classic ${i}"
941 AC_MSG_CHECKING(whether to override the user's path)
942 AC_ARG_WITH(secure-path, [ --with-secure-path override the user's path with a built-in one],
943 [case $with_secure_path in
944 yes) AC_DEFINE_UNQUOTED(SECURE_PATH, "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc")
945 AC_MSG_RESULT([:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc])
947 no) AC_MSG_RESULT(no)
949 *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
950 AC_MSG_RESULT([$with_secure_path])
952 esac], AC_MSG_RESULT(no))
954 AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
955 AC_ARG_WITH(interfaces, [ --without-interfaces don't try to read the ip addr of ether interfaces],
956 [case $with_interfaces in
957 yes) AC_MSG_RESULT(yes)
959 no) AC_DEFINE(STUB_LOAD_INTERFACES)
962 *) AC_MSG_ERROR(["--with-interfaces does not take an argument."])
964 esac], AC_MSG_RESULT(yes))
966 AC_MSG_CHECKING(whether stow should be used)
967 AC_ARG_WITH(stow, [ --with-stow properly handle GNU stow packaging],
969 yes) AC_MSG_RESULT(yes)
972 no) AC_MSG_RESULT(no)
974 *) AC_MSG_ERROR(["--with-stow does not take an argument."])
976 esac], AC_MSG_RESULT(no))
979 dnl Options for --enable
982 AC_MSG_CHECKING(whether to do user authentication by default)
983 AC_ARG_ENABLE(authentication,
984 [ --disable-authentication
985 Do not require authentication by default],
986 [ case "$enableval" in
987 yes) AC_MSG_RESULT(yes)
989 no) AC_MSG_RESULT(no)
990 AC_DEFINE(NO_AUTHENTICATION)
993 AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval])
996 ], AC_MSG_RESULT(yes))
998 AC_MSG_CHECKING(whether to disable running the mailer as root)
999 AC_ARG_ENABLE(root-mailer,
1000 [ --disable-root-mailer Don't run the mailer as root, run as the user],
1001 [ case "$enableval" in
1002 yes) AC_MSG_RESULT(no)
1004 no) AC_MSG_RESULT(yes)
1005 AC_DEFINE(NO_ROOT_MAILER)
1007 *) AC_MSG_RESULT(no)
1008 AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval])
1011 ], AC_MSG_RESULT(no))
1013 AC_ARG_ENABLE(setreuid,
1014 [ --disable-setreuid Don't try to use the setreuid() function],
1015 [ case "$enableval" in
1016 no) SKIP_SETREUID=yes
1022 AC_ARG_ENABLE(setresuid,
1023 [ --disable-setresuid Don't try to use the setresuid() function],
1024 [ case "$enableval" in
1025 no) SKIP_SETRESUID=yes
1031 AC_MSG_CHECKING(whether to disable use of POSIX saved ids)
1032 AC_ARG_ENABLE(saved-ids,
1033 [ --disable-saved-ids Don't try to use POSIX saved ids],
1034 [ case "$enableval" in
1035 yes) AC_MSG_RESULT(no)
1037 no) AC_MSG_RESULT(yes)
1038 AC_DEFINE(NO_SAVED_IDS)
1040 *) AC_MSG_RESULT(no)
1041 AC_MSG_WARN([Ignoring unknown argument to --enable-saved-ids: $enableval])
1044 ], AC_MSG_RESULT(no))
1046 AC_MSG_CHECKING(whether to disable shadow password support)
1047 AC_ARG_ENABLE(shadow,
1048 [ --disable-shadow Never use shadow passwords],
1049 [ case "$enableval" in
1050 yes) AC_MSG_RESULT(no)
1052 no) AC_MSG_RESULT(yes)
1055 *) AC_MSG_RESULT(no)
1056 AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval])
1059 ], AC_MSG_RESULT(no))
1061 AC_MSG_CHECKING(whether root should be allowed to use sudo)
1062 AC_ARG_ENABLE(root-sudo,
1063 [ --disable-root-sudo Don't allow root to run sudo],
1064 [ case "$enableval" in
1065 yes) AC_MSG_RESULT(yes)
1067 no) AC_DEFINE(NO_ROOT_SUDO)
1071 *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."])
1074 ], AC_MSG_RESULT(yes))
1076 AC_MSG_CHECKING(whether to log the hostname in the log file)
1077 AC_ARG_ENABLE(log-host,
1078 [ --enable-log-host Log the hostname in the log file],
1079 [ case "$enableval" in
1080 yes) AC_MSG_RESULT(yes)
1081 AC_DEFINE(HOST_IN_LOG)
1083 no) AC_MSG_RESULT(no)
1085 *) AC_MSG_RESULT(no)
1086 AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval])
1089 ], AC_MSG_RESULT(no))
1091 AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
1092 AC_ARG_ENABLE(noargs-shell,
1093 [ --enable-noargs-shell If sudo is given no arguments run a shell],
1094 [ case "$enableval" in
1095 yes) AC_MSG_RESULT(yes)
1096 AC_DEFINE(SHELL_IF_NO_ARGS)
1098 no) AC_MSG_RESULT(no)
1100 *) AC_MSG_RESULT(no)
1101 AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval])
1104 ], AC_MSG_RESULT(no))
1106 AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
1107 AC_ARG_ENABLE(shell-sets-home,
1108 [ --enable-shell-sets-home
1109 set $HOME to target user in shell mode],
1110 [ case "$enableval" in
1111 yes) AC_MSG_RESULT(yes)
1112 AC_DEFINE(SHELL_SETS_HOME)
1114 no) AC_MSG_RESULT(no)
1116 *) AC_MSG_RESULT(no)
1117 AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval])
1120 ], AC_MSG_RESULT(no))
1122 AC_MSG_CHECKING(whether to disable 'command not found' messages)
1123 AC_ARG_ENABLE(path_info,
1124 [ --disable-path-info Print 'command not allowed' not 'command not found'],
1125 [ case "$enableval" in
1126 yes) AC_MSG_RESULT(no)
1128 no) AC_MSG_RESULT(yes)
1129 AC_DEFINE(DONT_LEAK_PATH_INFO)
1131 *) AC_MSG_RESULT(no)
1132 AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval])
1135 ], AC_MSG_RESULT(no))
1138 dnl If we don't have egrep we can't do anything...
1140 AC_CHECK_PROG(EGREPPROG, egrep, egrep, )
1141 if test -z "$EGREPPROG"; then
1142 AC_MSG_ERROR([Sorry, configure requires egrep to run.])
1146 dnl Prevent configure from adding the -g flag unless in devel mode
1148 if test "$with_devel" != "yes"; then
1153 dnl C compiler checks
1160 dnl Libtool magic; enable shared libs and disable static libs
1169 dnl Defer with_noexec until after libtool magic runs
1171 if test "$enable_shared" = "no"; then
1174 eval _shrext="$shrext"
1176 AC_MSG_CHECKING(path to sudo_noexec.so)
1177 AC_ARG_WITH(noexec, [ --with-noexec[=PATH] fully qualified pathname of sudo_noexec.so],
1178 [case $with_noexec in
1179 yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
1183 esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
1184 AC_MSG_RESULT($with_noexec)
1185 NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
1188 dnl It is now safe to modify CFLAGS and CPPFLAGS
1190 if test "$with_devel" = "yes" -a -n "$GCC"; then
1191 CFLAGS="${CFLAGS} -Wall"
1195 dnl Find programs we use
1197 AC_CHECK_PROG(UNAMEPROG, uname, uname, )
1198 AC_CHECK_PROG(TRPROG, tr, tr, )
1199 AC_CHECK_PROG(NROFFPROG, nroff, nroff, )
1200 if test -z "$NROFFPROG"; then
1202 mansrcdir='$(srcdir)'
1206 dnl What kind of beastie are we being run on?
1207 dnl Barf if config.cache was generated on another host.
1209 if test -n "$sudo_cv_prev_host"; then
1210 if test "$sudo_cv_prev_host" != "$host"; then
1211 AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
1213 AC_MSG_CHECKING(previous host type)
1214 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1215 AC_MSG_RESULT([$sudo_cv_prev_host])
1218 # this will produce no output since there is no cached value
1219 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1223 dnl We want to be able to differentiate between different rev's
1225 if test -n "$host_os"; then
1226 OS=`echo $host_os | sed 's/[[0-9]].*//'`
1227 OSREV=`echo $host_os | sed 's/^[[^0-9]]*\([[0-9]][[0-9]]*\).*$/\1/'`
1235 # getcwd(3) opens a pipe to getpwd(1)!?!
1238 # system headers lack prototypes but gcc helps...
1239 if test -n "$GCC"; then
1240 CPPFLAGS="${CPPFLAGS} -D__USE_FIXED_PROTOTYPES__"
1243 # check for password adjunct functions (shadow passwords)
1244 if test "$CHECKSHADOW" = "true"; then
1245 AC_CHECK_FUNCS(getpwanam issecure, , [break])
1250 # To get the crypt(3) prototype (so we pass -Wall)
1251 CPPFLAGS="${CPPFLAGS} -D__EXTENSIONS__"
1252 # AFS support needs -lucb
1253 if test "$with_AFS" = "yes"; then
1254 AFS_LIBS="-lc -lucb"
1256 test -n "$mansectsu" || mansectsu=1m
1257 test -n "$mansectform" || mansectform=4
1258 test -n "$with_rpath" || with_rpath=yes
1261 # To get all prototypes (so we pass -Wall)
1262 CPPFLAGS="${CPPFLAGS} -D_XOPEN_EXTENDED_SOURCE"
1263 SUDO_DEFINE(_ALL_SOURCE)
1264 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
1265 if test X"$with_blibpath" != X"no"; then
1266 AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
1267 O_LDFLAGS="$LDFLAGS"
1268 LDFLAGS="$LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
1269 AC_TRY_LINK([], [], [
1270 if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
1271 blibpath="$with_blibpath"
1272 elif test -n "$GCC"; then
1273 blibpath="/usr/lib:/lib:/usr/local/lib"
1275 blibpath="/usr/lib:/lib"
1278 ], [AC_MSG_RESULT(no)])
1280 LDFLAGS="$O_LDFLAGS"
1283 if test "$CHECKSHADOW" = "true"; then
1284 AC_CHECK_LIB(sec, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"; SECUREWARE=1], AC_CHECK_LIB(security, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [SUDO_LIBS="${SUDO_LIBS} -lsecurity"; LIBS="${LIBS} -lsecurity"; SECUREWARE=1]))
1287 test -n "$mansectsu" || mansectsu=1m
1288 test -n "$mansectform" || mansectform=4
1291 # AFS support needs -lBSD
1292 if test "$with_AFS" = "yes"; then
1293 AFS_LIBS="-lc -lBSD"
1295 test -n "$mansectsu" || mansectsu=1m
1296 test -n "$mansectform" || mansectform=4
1300 AC_DEFINE(BROKEN_SYSLOG)
1302 # Not sure if setuid binaries are safe in < 9.x
1303 if test -n "$GCC"; then
1304 SUDO_LDFLAGS="${SUDO_LDFLAGS} -static"
1306 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive"
1310 AC_DEFINE(BROKEN_SYSLOG)
1312 if test "$CHECKSHADOW" = "true"; then
1313 AC_CHECK_FUNCS(getspwuid)
1317 # DCE support (requires ANSI C compiler)
1318 if test "$with_DCE" = "yes"; then
1319 # order of libs in 9.X is important. -lc_r must be last
1320 SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r"
1321 LIBS="${LIBS} -ldce -lM -lc_r"
1322 CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
1326 if test "$CHECKSHADOW" = "true"; then
1327 AC_CHECK_LIB(sec, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) AC_CHECK_LIB(sec, iscomsec, AC_DEFINE(HAVE_ISCOMSEC)) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"; SECUREWARE=1])
1332 if test "$CHECKSHADOW" = "true"; then
1333 AC_CHECK_LIB(sec, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"])
1340 # ignore envariables wrt dynamic lib path
1341 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement"
1343 AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
1345 [ --disable-sia Never use SIA on Digital UNIX],
1346 [ case "$enableval" in
1347 yes) AC_MSG_RESULT(no)
1349 no) AC_MSG_RESULT(yes)
1352 *) AC_MSG_RESULT(no)
1353 AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval])
1356 ], AC_MSG_RESULT(no))
1358 # use SIA by default, if we have it, else SecureWare
1359 # unless overridden on the command line
1360 if test "$CHECKSIA" = "true"; then
1361 AC_CHECK_FUNC(sia_ses_init, [AC_DEFINE(HAVE_SIA)] [
1362 if test -n "$with_skey" -o -n "$with_opie" -o -n "$with_otp_only" -o -n "$with_long_otp_prompt" -o -n "$with_SecurID" -o -n "$with_fwtk" -o -n "$with_kerb4" -o -n "$with_kerb5" -o -n "$with_pam" -o -n "$with_AFS" -o -n "$with_DCE"; then
1363 AC_MSG_ERROR(["you cannot mix SIA and other authentication schemes. You can turn off SIA support via the --disable-sia option"])
1364 fi]; CHECKSHADOW=false)
1366 if test "$CHECKSHADOW" = "true"; then
1367 AC_CHECK_LIB(security, getprpwnam, SECUREWARE=1)
1371 if test -n "$SECUREWARE"; then
1372 AC_DEFINE(HAVE_GETPRPWNAM)
1373 # -ldb includes bogus versions of snprintf/vsnprintf
1374 AC_CHECK_FUNCS(snprintf, , [NEED_SNPRINTF=1])
1375 AC_CHECK_FUNCS(vsnprintf, , [NEED_SNPRINTF=1])
1376 # 4.x and higher need -ldb too...
1377 AC_CHECK_LIB(db, dbopen, [SUDO_LIBS="${SUDO_LIBS} -lsecurity -ldb -laud -lm"; LIBS="${LIBS} -lsecurity -ldb -laud -lm"], [SUDO_LIBS="${SUDO_LIBS} -lsecurity -ldb -laud -lm"; LIBS="${LIBS} -lsecurity -ldb -laud -lm"])
1378 AC_CHECK_FUNCS(dispcrypt)
1379 AC_MSG_CHECKING([for broken /usr/include/prot.h])
1381 #include <sys/types.h>
1382 #include <sys/security.h>
1384 ], [exit(0);], AC_MSG_RESULT(no),
1385 [AC_MSG_RESULT([yes, fixing locally])
1386 sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
1388 elif test "$CHECKSIA" = "true"; then
1392 test -n "$mansectsu" || mansectsu=8
1393 test -n "$mansectform" || mansectform=4
1396 CPPFLAGS="${CPPFLAGS} -D_BSD_TYPES"
1397 if test -z "$NROFFPROG"; then
1398 MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
1399 if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
1400 if test -d /usr/share/catman/local; then
1401 mandir="/usr/share/catman/local"
1403 mandir="/usr/catman/local"
1407 if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
1408 if test -d "/usr/share/man/local"; then
1409 mandir="/usr/share/man/local"
1411 mandir="/usr/man/local"
1415 # IRIX <= 4 needs -lsun
1416 if test "$OSREV" -le 4; then
1417 AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
1419 test -n "$mansectsu" || mansectsu=1m
1420 test -n "$mansectform" || mansectform=4
1423 # Some Linux versions need to link with -lshadow
1424 if test "$CHECKSHADOW" = "true"; then
1425 AC_CHECK_FUNCS(getspnam, , [AC_CHECK_LIB(shadow, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lshadow"; LIBS="${LIBS} -lshadow"])])
1430 SUDO_DEFINE(_CONVEX_SOURCE)
1431 if test -z "$GCC"; then
1432 CFLAGS="${CFLAGS} -D__STDC__"
1435 if test "$CHECKSHADOW" = "true"; then
1436 AC_CHECK_LIB(sec, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [SUDO_LIBS="${SUDO_LIBS} -lprot"; LIBS="${LIBS} -lprot"; OSDEFS="${OSDEFS} -D_AUDIT -D_ACL -DSecureWare"; SECUREWARE=1])
1442 if test "$CHECKSHADOW" = "true"; then
1443 AC_CHECK_LIB(auth, getauthuid, AC_DEFINE(HAVE_GETAUTHUID) [SUDO_LIBS="${SUDO_LIBS} -lauth"; LIBS="${LIBS} -lauth"])
1448 LIBS="${LIBS} -lsun -lbsd"
1449 CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
1450 OSDEFS="${OSDEFS} -D_MIPS"
1451 test -n "$mansectsu" || mansectsu=1m
1452 test -n "$mansectform" || mansectform=4
1455 OSDEFS="${OSDEFS} -D_ISC"
1457 SUDO_LIBS="${SUDO_LIBS} -lcrypt"
1458 LIBS="${LIBS} -lcrypt"
1460 if test "$CHECKSHADOW" = "true"; then
1461 AC_CHECK_LIB(sec, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"])
1464 test -n "$mansectsu" || mansectsu=1m
1465 test -n "$mansectform" || mansectform=4
1468 if test "$CHECKSHADOW" = "true"; then
1469 AC_CHECK_LIB(prot, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [SUDO_LIBS="${SUDO_LIBS} -lprot -lx"; LIBS="${LIBS} -lprot -lx"; SECUREWARE=1], , -lx)
1470 AC_CHECK_LIB(gen, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lgen"; LIBS="${LIBS} -lgen"])
1473 test -n "$mansectsu" || mansectsu=1m
1474 test -n "$mansectform" || mansectform=4
1476 m88k-motorola-sysv*)
1477 # motorolla's cc (a variant of gcc) does -O but not -O2
1478 CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
1479 test -n "$mansectsu" || mansectsu=1m
1480 test -n "$mansectform" || mansectform=4
1483 if test "$CHECKSHADOW" = "true"; then
1484 AC_CHECK_LIB(sec, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"])
1487 test -n "$mansectsu" || mansectsu=1m
1488 test -n "$mansectform" || mansectform=4
1489 test -n "$with_rpath" || with_rpath=yes
1491 *-ncr-sysv4*|*-ncr-sysvr4*)
1492 AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes])
1493 test -n "$mansectsu" || mansectsu=1m
1494 test -n "$mansectform" || mansectform=4
1495 test -n "$with_rpath" || with_rpath=yes
1497 *-ccur-sysv4*|*-ccur-sysvr4*)
1498 LIBS="${LIBS} -lgen"
1499 SUDO_LIBS="${SUDO_LIBS} -lgen"
1500 test -n "$mansectsu" || mansectsu=1m
1501 test -n "$mansectform" || mansectform=4
1502 test -n "$with_rpath" || with_rpath=yes
1506 # Use shlicc for BSD/OS [23].x unless asked to do otherwise
1507 if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then
1509 2|3) AC_MSG_NOTICE([using shlicc as CC])
1510 ac_cv_prog_CC=shlicc
1517 # FreeBSD has a real setreuid(2) starting with 2.1 and
1518 # backported to 2.0.5. We just take 2.1 and above...
1519 case "`echo $host_os | sed 's/^freebsd\([[0-9\.]]*\).*$/\1/'`" in
1524 if test "$with_logincap" = "yes"; then
1525 SUDO_LIBS="${SUDO_LIBS} -lutil"
1527 if test "$with_skey" = "yes"; then
1528 SUDO_LIBS="${SUDO_LIBS} -lmd"
1530 if test "$CHECKSHADOW" = "true"; then
1536 if test "$CHECKSHADOW" = "true"; then
1541 # NetBSD has a real setreuid(2) starting with 1.3.2
1542 case "`echo $host_os | sed 's/^netbsd\([[0-9\.]]*\).*$/\1/'`" in
1543 0.9*|1.[012]*|1.3|1.3.1)
1547 if test "$CHECKSHADOW" = "true"; then
1552 if test "$CHECKSHADOW" = "true"; then
1558 if test "$CHECKSHADOW" = "true"; then
1563 # lockf() on is broken on the NeXT -- use flock instead
1565 ac_cv_func_flock=yes
1568 test -n "$mansectsu" || mansectsu=1m
1569 test -n "$mansectform" || mansectform=4
1570 test -n "$with_rpath" || with_rpath=yes
1573 test -n "$mansectsu" || mansectsu=1m
1574 test -n "$mansectform" || mansectform=4
1579 dnl Use BSD-style man sections by default
1581 test -n "$mansectsu" || mansectsu=8
1582 test -n "$mansectform" || mansectform=5
1585 dnl Add in any libpaths or libraries specified via configure
1587 if test -n "$with_libpath"; then
1588 for i in ${with_libpath}; do
1589 SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
1592 if test -n "$with_libraries"; then
1593 for i in ${with_libraries}; do
1605 dnl Check for shadow password routines if we have not already done so.
1606 dnl We check for SVR4-style first and then SecureWare-style.
1608 if test "$CHECKSHADOW" = "true"; then
1609 AC_CHECK_FUNCS(getspnam, [CHECKSHADOW="false"], [AC_CHECK_LIB(gen, getspnam, AC_DEFINE(HAVE_GETSPNAM) [SUDO_LIBS="${SUDO_LIBS} -lgen"; LIBS="${LIBS} -lgen"])])
1611 if test "$CHECKSHADOW" = "true"; then
1612 AC_CHECK_FUNC(getprpwnam, [AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1], AC_CHECK_LIB(sec, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lsec"; LIBS="${LIBS} -lsec"], AC_CHECK_LIB(security, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lsecurity"; LIBS="${LIBS} -lsecurity"], AC_CHECK_LIB(prot, getprpwnam, AC_DEFINE(HAVE_GETPRPWNAM) [CHECKSHADOW="false"; SECUREWARE=1; SUDO_LIBS="${SUDO_LIBS} -lprot"; LIBS="${LIBS} -lprot"])))])
1616 dnl C compiler checks (to be done after os checks)
1618 AC_PROG_GCC_TRADITIONAL
1627 if test -z "$with_sendmail"; then
1630 if test -z "$with_editor"; then
1634 dnl Header file checks
1638 AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h)
1639 AC_CHECK_HEADERS(err.h, , [AC_LIBOBJ(err)])
1640 dnl ultrix termio/termios are broken
1641 if test "$OS" != "ultrix"; then
1642 AC_SYS_POSIX_TERMIOS
1643 if test "$ac_cv_sys_posix_termios" = "yes"; then
1644 AC_DEFINE(HAVE_TERMIOS_H)
1646 AC_CHECK_HEADERS(termio.h)
1649 if test "$with_logincap" = "yes"; then
1650 AC_CHECK_HEADERS(login_cap.h)
1652 if test "$with_bsdauth" = "yes"; then
1653 AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H) [with_passwd=no; AUTH_OBJS=bsdauth.o], -)
1660 AC_CHECK_TYPES([sig_atomic_t], , [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
1661 #include <signal.h>])
1662 AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], ,[#include <sys/types.h>
1663 #include <signal.h>])
1664 AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], , [#include <sys/types.h>
1665 #include <sys/time.h>
1676 dnl only set RETSIGTYPE if it is not set already
1685 AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
1686 strftime setrlimit initgroups fstat gettimeofday)
1687 AC_CHECK_FUNCS(seteuid, , [AC_DEFINE(NO_SAVED_IDS)])
1688 if test -z "$SKIP_SETRESUID"; then
1689 AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
1691 if test -z "$SKIP_SETREUID"; then
1692 AC_CHECK_FUNCS(setreuid)
1694 if test X"$with_interfaces" != X"no"; then
1695 AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
1697 if test -n "$SECUREWARE"; then
1698 AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
1700 if test -z "$BROKEN_GETCWD"; then
1701 AC_REPLACE_FUNCS(getcwd)
1703 AC_CHECK_FUNCS(lockf flock, [break])
1704 AC_CHECK_FUNCS(waitpid wait3, [break])
1705 AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
1706 AC_CHECK_FUNCS(lsearch, , [AC_CHECK_LIB(compat, lsearch, AC_CHECK_HEADER(search.h, AC_DEFINE(HAVE_LSEARCH) [LIBS="${LIBS} -lcompat"], AC_LIBOBJ(lsearch), -), AC_LIBOBJ(lsearch))])
1707 AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
1708 SUDO_FUNC_FNMATCH(AC_DEFINE(HAVE_FNMATCH), AC_LIBOBJ(fnmatch))
1710 AC_REPLACE_FUNCS(strerror strcasecmp sigaction strlcpy strlcat closefrom)
1711 AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
1712 if test X"$ac_cv_type_struct_timespec" != X"no"; then
1713 AC_CHECK_MEMBER([struct stat.st_mtim], AC_DEFINE(HAVE_ST_MTIM), [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
1714 AC_MSG_CHECKING([for two-parameter timespecsub])
1715 AC_TRY_COMPILE([#include <sys/types.h>
1716 #include <sys/time.h>], [struct timespec ts1, ts2;
1717 ts1.tv_sec = 1; ts1.tv_nsec = 0; ts2.tv_sec = 0; ts2.tv_nsec = 0;
1719 #error missing timespecsub
1721 timespecsub(&ts1, &ts2);],
1722 [AC_DEFINE(HAVE_TIMESPECSUB2)
1723 AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)])
1726 dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
1728 AC_TRY_LINK([#include <sys/types.h>
1729 #include <$ac_header_dirent>], [DIR d; (void)dirfd(&d);], [AC_DEFINE(HAVE_DIRFD)], [AC_TRY_LINK([#include <sys/types.h>
1730 #include <$ac_header_dirent>], [DIR d; (void)&d.dd_fd;], [AC_DEFINE(HAVE_DD_FD)], [])])
1732 dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
1733 dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
1735 if test -n "$NEED_SNPRINTF"; then
1739 dnl if crypt(3) not in libc, look elsewhere
1741 if test -z "$LIB_CRYPT" -a "$with_pam" != "yes"; then
1742 AC_CHECK_FUNC(crypt, , [AC_CHECK_LIB(crypt, crypt, [SUDO_LIBS="${SUDO_LIBS} -lcrypt"; LIBS="${LIBS} -lcrypt"], AC_CHECK_LIB(crypt_d, crypt, [SUDO_LIBS="${SUDO_LIBS} -lcrypt_d"; LIBS="${LIBS} -lcrypt_d"], AC_CHECK_LIB(ufc, crypt, [SUDO_LIBS="${SUDO_LIBS} -lufc"; LIBS="${LIBS} -lufc"])))])
1745 dnl If socket(2) not in libc, check -lsocket and -linet
1746 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
1747 dnl In this case we look for main(), not socket() to avoid using a cached value
1749 AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl)
1750 AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))])
1752 dnl If inet_addr(3) not in libc, check -lnsl and -linet
1753 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
1755 AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl)
1756 AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))])
1758 dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
1760 AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))])
1762 dnl Bison and DCE use alloca(3), if not in libc, use the sudo one (from gcc)
1763 dnl (gcc includes its own alloca(3) but other compilers may not)
1765 if test "$with_DCE" = "yes" -o "$ac_cv_prog_YACC" = "bison -y"; then
1769 dnl Check for getprogname() or __progname
1771 AC_CHECK_FUNCS(getprogname, , [
1772 AC_MSG_CHECKING([for __progname])
1773 AC_CACHE_VAL(sudo_cv___progname, [
1774 AC_TRY_LINK(, [extern char *__progname; (void)puts(__progname);],
1775 [sudo_cv___progname=yes], [sudo_cv___progname=no])])
1776 if test "$sudo_cv___progname" = "yes"; then
1777 AC_DEFINE(HAVE___PROGNAME)
1779 AC_LIBOBJ(getprogname)
1781 AC_MSG_RESULT($sudo_cv___progname)
1786 if test -n "$with_kerb4"; then
1787 AC_DEFINE(HAVE_KERB4)
1789 dnl Use the specified directory, if any, else search for correct inc dir
1791 O_LDFLAGS="$LDFLAGS"
1792 if test "$with_kerb4" = "yes"; then
1794 O_CPPFLAGS="$CPPFLAGS"
1795 for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
1796 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
1797 AC_PREPROC_IFELSE([#include <krb.h>], [found=yes; break], )
1799 test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
1801 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib])
1802 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib])
1803 CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
1804 AC_CHECK_HEADER([krb.h], [found=yes], [found=no])
1806 if test X"$found" = X"no"; then
1807 AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
1811 dnl Check for -ldes vs. -ldes425
1813 AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [
1814 AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""])
1817 dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV
1819 AC_MSG_CHECKING(whether we are using KTH Kerberos IV)
1820 AC_TRY_COMPILE([#include <krb.h>], [const char *tmp = krb4_version;],
1823 K4LIBS="${K4LIBS} -lcom_err"
1824 AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"])
1830 dnl The actual Kerberos IV lib might be -lkrb or -lkrb4
1832 AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [
1833 AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"],
1834 [K4LIBS="-lkrb $K4LIBS"]
1835 [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])]
1838 LDFLAGS="$O_LDFLAGS"
1839 SUDO_LIBS="${SUDO_LIBS} $K4LIBS"
1840 AUTH_OBJS="${AUTH_OBJS} kerb4.o"
1845 dnl There is an easy way and a hard way...
1847 if test "$with_kerb5" = "yes"; then
1848 AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
1849 if test -n "$KRB5CONFIG"; then
1850 AC_DEFINE(HAVE_KERB5)
1851 AUTH_OBJS="${AUTH_OBJS} kerb5.o"
1852 CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
1853 SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`"
1855 dnl Try to determine whether we have Heimdal or MIT Kerberos
1857 AC_MSG_CHECKING(whether we are using Heimdal)
1858 AC_TRY_COMPILE([#include <krb5.h>], [const char *tmp = heimdal_version;],
1861 AC_DEFINE(HAVE_HEIMDAL)
1866 if test -n "$with_kerb5" -a -z "$KRB5CONFIG"; then
1867 AC_DEFINE(HAVE_KERB5)
1869 dnl Use the specified directory, if any, else search for correct inc dir
1871 if test "$with_kerb5" = "yes"; then
1873 O_CPPFLAGS="$CPPFLAGS"
1874 for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
1875 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
1876 AC_PREPROC_IFELSE([#include <krb5.h>], [found=yes; break], )
1878 if test X"$found" = X"no"; then
1879 CPPFLAGS="$O_CPPFLAGS"
1880 AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
1883 dnl XXX - try to include krb5.h here too
1884 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib])
1885 CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
1889 dnl Try to determine whether we have Heimdal or MIT Kerberos
1891 AC_MSG_CHECKING(whether we are using Heimdal)
1892 AC_TRY_COMPILE([#include <krb5.h>], [const char *tmp = heimdal_version;],
1895 AC_DEFINE(HAVE_HEIMDAL)
1896 SUDO_LIBS="${SUDO_LIBS} -lkrb5 -ldes -lcom_err -lasn1"
1897 AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"])
1900 SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
1903 AUTH_OBJS="${AUTH_OBJS} kerb5.o"
1907 dnl Extra PAM foolishness
1909 if test "$with_pam" = "yes"; then
1911 dnl Linux may need this
1913 AC_HAVE_LIBRARY(dl, SUDO_LIBS="${SUDO_LIBS} -lpam -ldl", SUDO_LIBS="${SUDO_LIBS} -lpam")
1915 dnl Some PAM implementations (MacOS X for example) put the PAM headers
1916 dnl in /usr/include/pam instead of /usr/include/security...
1918 AC_CHECK_HEADERS([pam/pam_appl.h])
1922 dnl extra AFS libs and includes
1924 if test "$with_AFS" = "yes"; then
1926 # looks like the "standard" place for AFS libs is /usr/afsws/lib
1927 AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
1928 for i in $AFSLIBDIRS; do
1929 if test -d ${i}; then
1930 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i])
1931 FOUND_AFSLIBDIR=true
1934 if test -z "$FOUND_AFSLIBDIR"; then
1935 AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.])
1938 # Order is important here. Note that we build AFS_LIBS from right to left
1939 # since AFS_LIBS may be initialized with BSD compat libs that must go last
1940 AFS_LIBS="-laudit ${AFS_LIBS}"
1941 for i in $AFSLIBDIRS; do
1942 if test -f ${i}/util.a; then
1943 AFS_LIBS="${i}/util.a ${AFS_LIBS}"
1948 if test -z "$FOUND_UTIL_A"; then
1949 AFS_LIBS="-lutil ${AFS_LIBS}"
1951 AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
1953 # AFS includes may live in /usr/include on some machines...
1954 for i in /usr/afsws/include; do
1955 if test -d ${i}; then
1956 CPPFLAGS="${CPPFLAGS} -I${i}"
1957 FOUND_AFSINCDIR=true
1961 if test -z "$FOUND_AFSLIBDIR"; then
1962 AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
1967 dnl extra DCE obj + lib
1968 dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
1970 if test "$with_DCE" = "yes"; then
1971 DCE_OBJS="${DCE_OBJS} dce_pwent.o"
1972 SUDO_LIBS="${SUDO_LIBS} -ldce"
1976 dnl extra S/Key lib and includes
1978 if test -n "$with_skey"; then
1979 O_LDFLAGS="$LDFLAGS"
1980 if test "$with_skey" != "yes"; then
1981 CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
1982 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
1983 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib])
1984 AC_PREPROC_IFELSE([#include <skey.h>], [found=yes], [found=no])
1987 O_CPPFLAGS="$CPPFLAGS"
1988 for dir in "" "/usr/local" "/usr/contrib"; do
1989 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
1990 AC_PREPROC_IFELSE([#include <skey.h>], [found=yes; break], )
1992 if test "$found" = "no" -o -z "$dir"; then
1993 CPPFLAGS="$O_CPPFLAGS"
1995 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
1996 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
1999 if test "$found" = "no"; then
2000 AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
2002 AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])])
2003 AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
2004 LDFLAGS="$O_LDFLAGS"
2005 SUDO_LIBS="${SUDO_LIBS} -lskey"
2009 dnl extra OPIE lib and includes
2011 if test -n "$with_opie"; then
2012 O_LDFLAGS="$LDFLAGS"
2013 if test "$with_opie" != "yes"; then
2014 CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
2015 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
2016 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib])
2017 AC_PREPROC_IFELSE([#include <opie.h>], [found=yes], [found=no])
2020 O_CPPFLAGS="$CPPFLAGS"
2021 for dir in "" "/usr/local" "/usr/contrib"; do
2022 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2023 AC_PREPROC_IFELSE([#include <opie.h>], [found=yes; break], )
2025 if test "$found" = "no" -o -z "$dir"; then
2026 CPPFLAGS="$O_CPPFLAGS"
2028 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2029 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
2032 if test "$found" = "no"; then
2033 AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
2035 AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])])
2036 LDFLAGS="$O_LDFLAGS"
2037 SUDO_LIBS="${SUDO_LIBS} -lopie"
2041 dnl extra SecurID lib + includes
2043 if test -n "$with_SecurID" -a "$with_SecurID" != "no"; then
2044 if test "$with_SecurID" != "yes"; then
2046 elif test -d /usr/ace/examples; then
2047 with_SecurID=/usr/ace/examples
2049 with_SecurID=/usr/ace
2051 CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
2052 _LDFLAGS="${LDFLAGS}"
2053 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
2055 # Determine whether to use the new or old SecurID API
2057 AC_CHECK_LIB(aceclnt, SD_Init,
2059 AUTH_OBJS="securid5.o"
2060 SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"
2063 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}])
2065 AUTH_OBJS="securid.o"
2066 SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a"
2072 LDFLAGS="${_LDFLAGS}"
2076 dnl extra FWTK libs + includes
2078 if test -n "$with_fwtk"; then
2079 if test "$with_fwtk" != "yes"; then
2080 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}])
2081 CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
2084 SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall"
2088 dnl extra 'authenticate' lib (AIX only?)
2090 if test "$with_authenticate" = "yes"; then
2091 SUDO_LIBS="${SUDO_LIBS} -ls"
2095 dnl extra lib and .o file for LDAP support
2097 if test -n "$with_ldap"; then
2098 if test "$with_ldap" != "yes"; then
2099 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib])
2101 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
2102 CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
2105 SUDO_OBJS="${SUDO_OBJS} ldap.o"
2107 AC_MSG_CHECKING([for LDAP libraries])
2111 for l in -lldap -llber '-lssl -lcrypto'; do
2113 LDAP_LIBS="${LDAP_LIBS} $l"
2114 AC_TRY_LINK([#include <sys/types.h>
2116 #include <ldap.h>], [(void)ldap_init(0, 0)], [found=yes; break], [])
2118 dnl if nothing linked just try with -ldap
2119 if test "$found" = "no"; then
2121 AC_MSG_RESULT([not found, using -ldap])
2123 AC_MSG_RESULT([$LDAP_LIBS])
2125 dnl try again w/o explicitly including lber.h
2126 AC_MSG_CHECKING([whether lber.h is needed])
2127 AC_TRY_LINK([#include <sys/types.h>
2128 #include <ldap.h>], [(void)ldap_init(0, 0)], [AC_MSG_RESULT([no])], [
2129 AC_MSG_RESULT([yes])
2130 AC_DEFINE(HAVE_LBER_H)])
2132 AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s)
2134 SUDO_LIBS="${SUDO_LIBS}${LDAP_LIBS}"
2140 dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we
2141 dnl added -L dirpaths to SUDO_LDFLAGS.
2143 if test -n "$blibpath"; then
2144 if test -n "$blibpath_add"; then
2145 SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
2146 elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
2147 SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}"
2152 dnl Check for log file and timestamp locations
2158 dnl Use passwd (and secureware) auth modules?
2160 if test "$with_passwd" = "no"; then
2161 AC_DEFINE(WITHOUT_PASSWD)
2162 if test -z "$AUTH_OBJS"; then
2163 AC_MSG_ERROR([no authentication methods defined.])
2166 if test -n "$SECUREWARE"; then
2167 AUTH_OBJS="${AUTH_OBJS} passwd.o secureware.o"
2169 AUTH_OBJS="${AUTH_OBJS} passwd.o"
2174 dnl LIBS may contain duplicates from SUDO_LIBS or NET_LIBS so prune it.
2176 if test -n "$LIBS"; then
2181 for sl in ${SUDO_LIBS} ${NET_LIBS}; do
2182 test $l = $sl && dupe=1
2184 test $dupe = 0 && LIBS="${LIBS} $l"
2191 test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
2194 dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
2195 dnl XXX - this is gross!
2197 if test "$with_noexec" != "no"; then
2198 PROGS="${PROGS} sudo_noexec.la"
2199 INSTALL_NOEXEC="install-noexec"
2201 oexec_prefix="$exec_prefix"
2202 if test "$exec_prefix" = '$(prefix)'; then
2203 if test "$prefix" = "NONE"; then
2204 exec_prefix="$ac_default_prefix"
2206 exec_prefix="$prefix"
2209 eval noexec_file="$with_noexec"
2210 AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
2211 exec_prefix="$oexec_prefix"
2215 dnl Substitute into the Makefile and man pages
2217 AC_OUTPUT([Makefile sudo.man visudo.man sudoers.man])
2220 dnl Spew any text the user needs to know about
2222 if test "$with_pam" = "yes"; then
2225 AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
2231 dnl Autoheader templates
2233 AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
2234 AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
2235 AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
2236 AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
2237 AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
2238 AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
2239 AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
2240 AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
2241 AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
2242 AH_TEMPLATE(HAVE_AUTHENTICATE, [Define to 1 if you use AIX general authentication.])
2243 AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
2244 AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
2245 AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
2246 AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
2247 AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
2248 AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
2249 AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)])
2250 AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)])
2251 AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
2252 AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
2253 AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
2254 AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
2255 AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
2256 AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
2257 AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.])
2258 AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
2259 AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
2260 AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
2261 AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
2262 AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
2263 AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
2264 AH_TEMPLATE(HAVE_SIA, [Define to 1 if you use SIA authentication.])
2265 AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
2266 AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
2267 AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
2268 AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
2269 AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
2270 AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.])
2271 AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h])
2272 AH_TEMPLATE(HAVE_TIMESPECSUB2, [Define to 1 if you have a timespecsub macro or function that takes two arguments (not three)])
2273 AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
2274 AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
2275 AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
2276 AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
2277 AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
2278 AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
2279 AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
2280 AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
2281 AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
2282 AH_TEMPLATE(NO_SAVED_IDS, [Define to avoid using POSIX saved ids.])
2283 AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
2284 AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
2285 AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
2286 AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
2287 AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
2288 AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
2289 AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
2290 AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
2291 AH_TEMPLATE(USE_EXECV, [Define to 1 if you wish to use execv() instead of execvp() when running programs.])
2292 AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
2293 AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
2294 AH_TEMPLATE(USE_TTY_TICKETS, [Define to 1 if you want a different ticket file for each tty.])
2295 AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
2296 AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
2297 AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
2300 dnl Bits to copy verbatim into config.h.in
2302 AH_VERBATIM([_GNU_SOURCE],
2303 [/* Enable GNU extensions on systems that have them. */
2305 # define _GNU_SOURCE 1
2308 AH_VERBATIM([_ALL_SOURCE],
2309 [/* Enable non-POSIX extensions on AIX. */
2314 AH_VERBATIM([_CONVEX_SOURCE],
2315 [/* Enable non-POSIX extensions on ConvexOS. */
2316 #ifndef _CONVEX_SOURCE
2317 # undef _CONVEX_SOURCE
2320 AH_TOP([#ifndef _SUDO_CONFIG_H
2321 #define _SUDO_CONFIG_H])
2324 * Macros to pull sec and nsec parts of mtime from struct stat.
2327 # define mtim_getsec(_x) ((_x).st_mtim.tv_sec)
2328 # define mtim_getnsec(_x) ((_x).st_mtim.tv_nsec)
2330 # ifdef HAVE_ST_MTIMESPEC
2331 # define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec)
2332 # define mtim_getnsec(_x) ((_x).st_mtimespec.tv_nsec)
2334 # define mtim_getsec(_x) ((_x).st_mtime)
2335 # define mtim_getnsec(_x) (0)
2336 # endif /* HAVE_ST_MTIMESPEC */
2337 #endif /* HAVE_ST_MTIM */
2340 * Emulate a subset of waitpid() if we don't have it.
2343 # define sudo_waitpid(p, s, o) waitpid(p, s, o)
2346 # define sudo_waitpid(p, s, o) wait3(s, o, NULL)
2350 /* GNU stow needs /etc/sudoers to be a symlink. */
2352 # define stat_sudoers stat
2354 # define stat_sudoers lstat
2358 # define EXECV execv
2360 # define EXECV execvp
2361 #endif /* USE_EXECV */
2363 /* Macros to set/clear/test flags. */
2365 #define SET(t, f) ((t) |= (f))
2367 #define CLR(t, f) ((t) &= ~(f))
2369 #define ISSET(t, f) ((t) & (f))
2371 /* New ANSI-style OS defs for HP-UX and ConvexOS. */
2372 #if defined(hpux) && !defined(__hpux)
2376 #if defined(convex) && !defined(__convex__)
2377 # define __convex__ 1
2380 /* BSD compatibility on some SVR4 systems. */
2383 #endif /* __svr4__ */
2385 #endif /* _SUDO_CONFIG_H */])