2 dnl Process this file with GNU autoconf to produce a configure script.
3 dnl $Sudo: configure.in,v 1.549 2009/06/13 20:52:50 millert Exp $
5 dnl Copyright (c) 1994-1996,1998-2009 Todd C. Miller <Todd.Miller@courtesan.com>
7 AC_INIT([sudo], [1.7.2], [http://www.sudo.ws/bugs/], [sudo])
8 AC_CONFIG_HEADER(config.h pathnames.h)
10 dnl This won't work before AC_INIT
12 AC_MSG_NOTICE([Configuring Sudo version $PACKAGE_VERSION])
14 dnl Variables that get substituted in the Makefile and man pages
16 AC_SUBST(HAVE_BSM_AUDIT)
22 AC_SUBST(SUDO_LDFLAGS)
28 AC_SUBST(GETGROUPS_LIB)
32 AC_SUBST(MAN_POSTINSTALL)
33 AC_SUBST(SUDOERS_MODE)
48 AC_SUBST(INSTALL_NOEXEC)
49 AC_SUBST(DONT_LEAK_PATH_INFO)
50 AC_SUBST(BSDAUTH_USAGE)
51 AC_SUBST(SELINUX_USAGE)
53 AC_SUBST(LOGINCAP_USAGE)
54 AC_SUBST(NONUNIX_GROUPS_IMPL)
56 dnl Variables that get substituted in docs (not overridden by environment)
58 AC_SUBST(timedir)dnl initial value from SUDO_TIMEDIR
60 AC_SUBST(password_timeout)
63 AC_SUBST(long_otp_prompt)
70 AC_SUBST(mail_no_user)
71 AC_SUBST(mail_no_host)
72 AC_SUBST(mail_no_perms)
75 AC_SUBST(badpass_message)
77 AC_SUBST(runas_default)
79 AC_SUBST(passwd_tries)
86 AC_SUBST(nsswitch_conf)
89 dnl Initial values for above
94 passprompt="Password:"
106 mailsub='*** SECURITY information for %h ***'
107 badpass_message='Sorry, try again.'
119 dnl Initial values for Makefile variables listed above
120 dnl May be overridden by environment variables..
125 : ${SUDOERS_MODE='0440'}
147 shadow_libs_optional=
150 dnl Override default configure dirs...
152 if test X"$prefix" = X"NONE"; then
153 test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
155 test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man'
157 test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
158 test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
159 test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
162 dnl Deprecated --with options (these all warn or generate an error)
165 AC_ARG_WITH(otp-only, [AS_HELP_STRING([--with-otp-only], [deprecated])],
166 [case $with_otp_only in
167 yes) with_passwd="no"
168 AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
172 AC_ARG_WITH(alertmail, [AS_HELP_STRING([--with-alertmail], [deprecated])],
173 [case $with_alertmail in
174 *) with_mailto="$with_alertmail"
175 AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
180 dnl Options for --with
183 AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])],
185 yes) AC_MSG_ERROR(["must give --with-CC an argument."])
187 no) AC_MSG_ERROR(["illegal argument: --without-CC."])
193 AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [pass -R flag in addition to -L for lib paths])],
196 *) AC_MSG_ERROR(["--with-rpath does not take an argument."])
200 AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [pass -blibpath flag to ld for additional lib paths])],
201 [case $with_blibpath in
203 *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
208 dnl Handle BSM auditing support.
210 AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit support])],
211 [case $with_bsm_audit in
212 yes) AC_DEFINE(HAVE_BSM_AUDIT)
213 SUDO_LIBS="${SUDO_LIBS} -lbsm"
214 SUDO_OBJS="${SUDO_OBJS} bsm_audit.o"
217 *) AC_MSG_ERROR(["--with-bsm-audit does not take an argument."])
221 AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])],
222 [case $with_incpath in
223 yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
225 no) AC_MSG_ERROR(["--without-incpath not supported."])
227 *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
228 for i in ${with_incpath}; do
229 CPPFLAGS="${CPPFLAGS} -I${i}"
234 AC_ARG_WITH(libpath, [AS_HELP_STRING([--with-libpath], [additional places to look for libraries])],
235 [case $with_libpath in
236 yes) AC_MSG_ERROR(["must give --with-libpath an argument."])
238 no) AC_MSG_ERROR(["--without-libpath not supported."])
240 *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS])
244 AC_ARG_WITH(libraries, [AS_HELP_STRING([--with-libraries], [additional libraries to link with])],
245 [case $with_libraries in
246 yes) AC_MSG_ERROR(["must give --with-libraries an argument."])
248 no) AC_MSG_ERROR(["--without-libraries not supported."])
250 *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS])
254 AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])],
256 yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
257 PROGS="${PROGS} testsudoers"
258 OSDEFS="${OSDEFS} -DSUDO_DEVEL"
263 *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
267 AC_ARG_WITH(efence, [AS_HELP_STRING([--with-efence], [link with -lefence for malloc() debugging])],
268 [case $with_efence in
269 yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
270 LIBS="${LIBS} -lefence"
271 if test -f /usr/local/lib/libefence.a; then
272 with_libpath="${with_libpath} /usr/local/lib"
276 *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence])
280 AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])],
282 yes) AC_MSG_NOTICE([Adding CSOps standard options])
286 with_classic_insults=yes
287 with_csops_insults=yes
293 *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
297 AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])],
298 [case $with_passwd in
299 yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
300 AC_MSG_RESULT($with_passwd)
302 test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
304 *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
308 AC_ARG_WITH(skey, [AS_HELP_STRING([--with-skey[=DIR]], [enable S/Key support ])],
312 *) AC_DEFINE(HAVE_SKEY)
313 AC_MSG_CHECKING(whether to try S/Key authentication)
315 AUTH_REG="$AUTH_REG S/Key"
319 AC_ARG_WITH(opie, [AS_HELP_STRING([--with-opie[=DIR]], [enable OPIE support ])],
323 *) AC_DEFINE(HAVE_OPIE)
324 AC_MSG_CHECKING(whether to try NRL OPIE authentication)
326 AUTH_REG="$AUTH_REG NRL_OPIE"
330 AC_ARG_WITH(long-otp-prompt, [AS_HELP_STRING([--with-long-otp-prompt], [use a two line OTP (skey/opie) prompt])],
331 [case $with_long_otp_prompt in
332 yes) AC_DEFINE(LONG_OTP_PROMPT)
333 AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
337 no) long_otp_prompt=off
339 *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."])
343 AC_ARG_WITH(SecurID, [AS_HELP_STRING([--with-SecurID[[=DIR]]], [enable SecurID support])],
344 [case $with_SecurID in
345 no) with_SecurID="";;
346 *) AC_DEFINE(HAVE_SECURID)
347 AC_MSG_CHECKING(whether to use SecurID for authentication)
349 AUTH_EXCL="$AUTH_EXCL SecurID"
353 AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]]], [enable FWTK AuthSRV support])],
356 *) AC_DEFINE(HAVE_FWTK)
357 AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
359 AUTH_EXCL="$AUTH_EXCL FWTK"
363 AC_ARG_WITH(kerb4, [AS_HELP_STRING([--with-kerb4[[=DIR]]], [enable Kerberos IV support])],
366 *) AC_MSG_CHECKING(whether to try kerberos IV authentication)
368 AUTH_REG="$AUTH_REG kerb4"
372 AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])],
375 *) AC_MSG_CHECKING(whether to try Kerberos V authentication)
377 AUTH_REG="$AUTH_REG kerb5"
381 AC_ARG_WITH(aixauth, [AS_HELP_STRING([--with-aixauth], [enable AIX general authentication support])],
382 [case $with_aixauth in
383 yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
385 *) AC_MSG_ERROR(["--with-aixauth does not take an argument."])
389 AC_ARG_WITH(pam, [AS_HELP_STRING([--with-pam], [enable PAM support])],
391 yes) AUTH_EXCL="$AUTH_EXCL PAM";;
393 *) AC_MSG_ERROR(["--with-pam does not take an argument."])
397 AC_ARG_WITH(AFS, [AS_HELP_STRING([--with-AFS], [enable AFS support])],
399 yes) AC_DEFINE(HAVE_AFS)
400 AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
402 AUTH_REG="$AUTH_REG AFS"
405 *) AC_MSG_ERROR(["--with-AFS does not take an argument."])
409 AC_ARG_WITH(DCE, [AS_HELP_STRING([--with-DCE], [enable DCE support])],
411 yes) AC_DEFINE(HAVE_DCE)
412 AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
414 AUTH_REG="$AUTH_REG DCE"
417 *) AC_MSG_ERROR(["--with-DCE does not take an argument."])
421 AC_ARG_WITH(logincap, [AS_HELP_STRING([--with-logincap], [enable BSD login class support])],
422 [case $with_logincap in
424 *) AC_MSG_ERROR(["--with-logincap does not take an argument."])
428 AC_ARG_WITH(bsdauth, [AS_HELP_STRING([--with-bsdauth], [enable BSD authentication support])],
429 [case $with_bsdauth in
430 yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
432 *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
436 AC_ARG_WITH(project, [AS_HELP_STRING([--with-project], [enable Solaris project support])],
437 [case $with_project in
440 *) AC_MSG_ERROR(["--with-project does not take an argument."])
444 AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
445 AC_ARG_WITH(lecture, [AS_HELP_STRING([--without-lecture], [don't print lecture for first-time sudoer])],
446 [case $with_lecture in
447 yes|short|always) lecture=once
449 no|none|never) lecture=never
451 *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"])
454 if test "$lecture" = "once"; then
457 AC_DEFINE(NO_LECTURE)
461 AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
462 AC_ARG_WITH(logging, [AS_HELP_STRING([--with-logging], [log via syslog, file, or both])],
463 [case $with_logging in
464 yes) AC_MSG_ERROR(["must give --with-logging an argument."])
466 no) AC_MSG_ERROR(["--without-logging not supported."])
468 syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG)
469 AC_MSG_RESULT(syslog)
471 file) AC_DEFINE(LOGGING, SLOG_FILE)
474 both) AC_DEFINE(LOGGING, SLOG_BOTH)
477 *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"])
479 esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
481 AC_MSG_CHECKING(which syslog facility sudo should log with)
482 AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "local2")])],
483 [case $with_logfac in
484 yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
486 no) AC_MSG_ERROR(["--without-logfac not supported."])
488 authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac
490 *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
493 AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
494 AC_MSG_RESULT($logfac)
496 AC_MSG_CHECKING(at which syslog priority to log commands)
497 AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])],
498 [case $with_goodpri in
499 yes) AC_MSG_ERROR(["must give --with-goodpri an argument."])
501 no) AC_MSG_ERROR(["--without-goodpri not supported."])
503 alert|crit|debug|emerg|err|info|notice|warning)
504 goodpri=$with_goodpri
506 *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."])
509 AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
510 AC_MSG_RESULT($goodpri)
512 AC_MSG_CHECKING(at which syslog priority to log failures)
513 AC_ARG_WITH(badpri, [AS_HELP_STRING([--with-badpri], [syslog priority for failures (def is "alert")])],
514 [case $with_badpri in
515 yes) AC_MSG_ERROR(["must give --with-badpri an argument."])
517 no) AC_MSG_ERROR(["--without-badpri not supported."])
519 alert|crit|debug|emerg|err|info|notice|warning)
522 *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
525 AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
526 AC_MSG_RESULT($badpri)
528 AC_ARG_WITH(logpath, [AS_HELP_STRING([--with-logpath], [path to the sudo log file])],
529 [case $with_logpath in
530 yes) AC_MSG_ERROR(["must give --with-logpath an argument."])
532 no) AC_MSG_ERROR(["--without-logpath not supported."])
536 AC_MSG_CHECKING(how long a line in the log file should be)
537 AC_ARG_WITH(loglen, [AS_HELP_STRING([--with-loglen], [maximum length of a log file line (default is 80)])],
538 [case $with_loglen in
539 yes) AC_MSG_ERROR(["must give --with-loglen an argument."])
541 no) AC_MSG_ERROR(["--without-loglen not supported."])
543 [[0-9]]*) loglen=$with_loglen
545 *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"])
548 AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
549 AC_MSG_RESULT($loglen)
551 AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
552 AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [ignore '.' in the PATH])],
553 [case $with_ignore_dot in
558 *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."])
561 if test "$ignore_dot" = "on"; then
562 AC_DEFINE(IGNORE_DOT_PATH)
568 AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
569 AC_ARG_WITH(mail-if-no-user, [AS_HELP_STRING([--without-mail-if-no-user], [do not send mail if user not in sudoers])],
570 [case $with_mail_if_no_user in
575 *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."])
578 if test "$mail_no_user" = "on"; then
579 AC_DEFINE(SEND_MAIL_WHEN_NO_USER)
585 AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
586 AC_ARG_WITH(mail-if-no-host, [AS_HELP_STRING([--with-mail-if-no-host], [send mail if user in sudoers but not for this host])],
587 [case $with_mail_if_no_host in
592 *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."])
595 if test "$mail_no_host" = "on"; then
596 AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
602 AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
603 AC_ARG_WITH(mail-if-noperms, [AS_HELP_STRING([--with-mail-if-noperms], [send mail if user not allowed to run command])],
604 [case $with_mail_if_noperms in
609 *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."])
612 if test "$mail_noperms" = "on"; then
613 AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
619 AC_MSG_CHECKING(who should get the mail that sudo sends)
620 AC_ARG_WITH(mailto, [AS_HELP_STRING([--with-mailto], [who should get sudo mail (default is "root")])],
621 [case $with_mailto in
622 yes) AC_MSG_ERROR(["must give --with-mailto an argument."])
624 no) AC_MSG_ERROR(["--without-mailto not supported."])
626 *) mailto=$with_mailto
629 AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
630 AC_MSG_RESULT([$mailto])
632 AC_ARG_WITH(mailsubject, [AS_HELP_STRING([--with-mailsubject], [subject of sudo mail])],
633 [case $with_mailsubject in
634 yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."])
636 no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.])
638 *) mailsub="$with_mailsubject"
639 AC_MSG_CHECKING(sudo mail subject)
640 AC_MSG_RESULT([Using alert mail subject: $mailsub])
643 AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
645 AC_MSG_CHECKING(for bad password prompt)
646 AC_ARG_WITH(passprompt, [AS_HELP_STRING([--with-passprompt], [default password prompt])],
647 [case $with_passprompt in
648 yes) AC_MSG_ERROR(["must give --with-passprompt an argument."])
650 no) AC_MSG_WARN([Sorry, --without-passprompt not supported.])
652 *) passprompt="$with_passprompt"
654 AC_MSG_RESULT($passprompt)
655 AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
657 AC_MSG_CHECKING(for bad password message)
658 AC_ARG_WITH(badpass-message, [AS_HELP_STRING([--with-badpass-message], [message the user sees when the password is wrong])],
659 [case $with_badpass_message in
660 yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
662 no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.])
664 *) badpass_message="$with_badpass_message"
667 AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
668 AC_MSG_RESULT([$badpass_message])
670 AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
671 AC_ARG_WITH(fqdn, [AS_HELP_STRING([--with-fqdn], [expect fully qualified hosts in sudoers])],
677 *) AC_MSG_ERROR(["--with-fqdn does not take an argument."])
680 if test "$fqdn" = "on"; then
687 AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir], [path to the sudo timestamp dir])],
688 [case $with_timedir in
689 yes) AC_MSG_ERROR(["must give --with-timedir an argument."])
691 no) AC_MSG_ERROR(["--without-timedir not supported."])
695 AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail])
696 AS_HELP_STRING([--without-sendmail], [do not send mail at all])],
697 [case $with_sendmail in
698 yes) with_sendmail=""
701 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
705 AC_ARG_WITH(sudoers-mode, [AS_HELP_STRING([--with-sudoers-mode], [mode of sudoers file (defaults to 0440)])],
706 [case $with_sudoers_mode in
707 yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
709 no) AC_MSG_ERROR(["--without-sudoers-mode not supported."])
711 [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode}
713 0*) SUDOERS_MODE=$with_sudoers_mode
715 *) AC_MSG_ERROR(["you must use an octal mode, not a name."])
719 AC_ARG_WITH(sudoers-uid, [AS_HELP_STRING([--with-sudoers-uid], [uid that owns sudoers file (defaults to 0)])],
720 [case $with_sudoers_uid in
721 yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
723 no) AC_MSG_ERROR(["--without-sudoers-uid not supported."])
725 [[0-9]]*) SUDOERS_UID=$with_sudoers_uid
727 *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."])
731 AC_ARG_WITH(sudoers-gid, [AS_HELP_STRING([--with-sudoers-gid], [gid that owns sudoers file (defaults to 0)])],
732 [case $with_sudoers_gid in
733 yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
735 no) AC_MSG_ERROR(["--without-sudoers-gid not supported."])
737 [[0-9]]*) SUDOERS_GID=$with_sudoers_gid
739 *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."])
743 AC_MSG_CHECKING(for umask programs should be run with)
744 AC_ARG_WITH(umask, [AS_HELP_STRING([--with-umask], [umask with which the prog should run (default is 022)])
745 AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo.])],
747 yes) AC_MSG_ERROR(["must give --with-umask an argument."])
751 [[0-9]]*) sudo_umask=$with_umask
753 *) AC_MSG_ERROR(["you must enter a numeric mask."])
756 AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.])
757 if test "$sudo_umask" = "0777"; then
760 AC_MSG_RESULT($sudo_umask)
763 AC_MSG_CHECKING(for default user to run commands as)
764 AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])],
765 [case $with_runas_default in
766 yes) AC_MSG_ERROR(["must give --with-runas-default an argument."])
768 no) AC_MSG_ERROR(["--without-runas-default not supported."])
770 *) runas_default="$with_runas_default"
773 AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
774 AC_MSG_RESULT([$runas_default])
776 AC_ARG_WITH(exempt, [AS_HELP_STRING([--with-exempt=group], [no passwd needed for users in this group])],
777 [case $with_exempt in
778 yes) AC_MSG_ERROR(["must give --with-exempt an argument."])
780 no) AC_MSG_ERROR(["--without-exempt not supported."])
782 *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
783 AC_MSG_CHECKING(for group to be exempt from password)
784 AC_MSG_RESULT([$with_exempt])
788 AC_MSG_CHECKING(for editor that visudo should use)
789 AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for visudo (defaults to vi)])],
790 [case $with_editor in
791 yes) AC_MSG_ERROR(["must give --with-editor an argument."])
793 no) AC_MSG_ERROR(["--without-editor not supported."])
795 *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
796 AC_MSG_RESULT([$with_editor])
798 esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
800 AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
801 AC_ARG_WITH(env-editor, [AS_HELP_STRING([--with-env-editor], [Use the environment variable EDITOR for visudo])],
802 [case $with_env_editor in
807 *) AC_MSG_ERROR(["--with-env-editor does not take an argument."])
810 if test "$env_editor" = "on"; then
811 AC_DEFINE(ENV_EDITOR)
817 AC_MSG_CHECKING(number of tries a user gets to enter their password)
818 AC_ARG_WITH(passwd-tries, [AS_HELP_STRING([--with-passwd-tries], [number of tries to enter password (default is 3)])],
819 [case $with_passwd_tries in
821 no) AC_MSG_ERROR(["--without-editor not supported."])
823 [[1-9]]*) passwd_tries=$with_passwd_tries
825 *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"])
828 AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
829 AC_MSG_RESULT($passwd_tries)
831 AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
832 AC_ARG_WITH(timeout, [AS_HELP_STRING([--with-timeout], [minutes before sudo asks for passwd again (def is 5 minutes)])],
833 [case $with_timeout in
837 [[0-9]]*) timeout=$with_timeout
839 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
842 AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
843 AC_MSG_RESULT($timeout)
845 AC_MSG_CHECKING(time in minutes after the password prompt will time out)
846 AC_ARG_WITH(password-timeout, [AS_HELP_STRING([--with-password-timeout], [passwd prompt timeout in minutes (default is 5 minutes)])],
847 [case $with_password_timeout in
849 no) password_timeout=0
851 [[0-9]]*) password_timeout=$with_password_timeout
853 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
856 AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
857 AC_MSG_RESULT($password_timeout)
859 AC_MSG_CHECKING(whether to use per-tty ticket files)
860 AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different ticket file for each tty])],
861 [case $with_tty_tickets in
866 *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
869 if test "$tty_tickets" = "on"; then
870 AC_DEFINE(USE_TTY_TICKETS)
876 AC_MSG_CHECKING(whether to include insults)
877 AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for entering an incorrect password])],
878 [case $with_insults in
880 with_classic_insults=yes
881 with_csops_insults=yes
885 *) AC_MSG_ERROR(["--with-insults does not take an argument."])
888 if test "$insults" = "on"; then
889 AC_DEFINE(USE_INSULTS)
895 AC_ARG_WITH(all-insults, [AS_HELP_STRING([--with-all-insults], [include all the sudo insult sets])],
896 [case $with_all_insults in
897 yes) with_classic_insults=yes
898 with_csops_insults=yes
900 with_goons_insults=yes
903 *) AC_MSG_ERROR(["--with-all-insults does not take an argument."])
907 AC_ARG_WITH(classic-insults, [AS_HELP_STRING([--with-classic-insults], [include the insults from the "classic" sudo])],
908 [case $with_classic_insults in
909 yes) AC_DEFINE(CLASSIC_INSULTS)
912 *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."])
916 AC_ARG_WITH(csops-insults, [AS_HELP_STRING([--with-csops-insults], [include CSOps insults])],
917 [case $with_csops_insults in
918 yes) AC_DEFINE(CSOPS_INSULTS)
921 *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."])
925 AC_ARG_WITH(hal-insults, [AS_HELP_STRING([--with-hal-insults], [include 2001-like insults])],
926 [case $with_hal_insults in
927 yes) AC_DEFINE(HAL_INSULTS)
930 *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."])
934 AC_ARG_WITH(goons-insults, [AS_HELP_STRING([--with-goons-insults], [include the insults from the "Goon Show"])],
935 [case $with_goons_insults in
936 yes) AC_DEFINE(GOONS_INSULTS)
939 *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."])
943 AC_ARG_WITH(nsswitch, [AS_HELP_STRING([--with-nsswitch[[=PATH]]], [path to nsswitch.conf])],
944 [case $with_nsswitch in
946 yes) with_nsswitch="/etc/nsswitch.conf"
951 AC_ARG_WITH(ldap, [AS_HELP_STRING([--with-ldap[[=DIR]]], [enable LDAP support])],
954 *) AC_DEFINE(HAVE_LDAP)
955 AC_MSG_CHECKING(whether to use sudoers from LDAP)
960 AC_ARG_WITH(ldap-conf-file, [AS_HELP_STRING([--with-ldap-conf-file], [path to LDAP configuration file])])
961 SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "${with_ldap_conf_file-/etc/ldap.conf}", [Path to the ldap.conf file])
962 ldap_conf=${with_ldap_conf_file-'/etc/ldap.conf'}
964 AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path to LDAP secret password file])])
965 SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "${with_ldap_secret_file-/etc/ldap.secret}", [Path to the ldap.secret file])
966 ldap_secret=${with_ldap_secret_file-'/etc/ldap.secret'}
968 AC_ARG_WITH(pc-insults, [AS_HELP_STRING([--with-pc-insults], [replace politically incorrect insults with less offensive ones])],
969 [case $with_pc_insults in
970 yes) AC_DEFINE(PC_INSULTS)
973 *) AC_MSG_ERROR(["--with-pc-insults does not take an argument."])
977 dnl include all insult sets on one line
978 if test "$insults" = "on"; then
979 AC_MSG_CHECKING(which insult sets to include)
981 test "$with_goons_insults" = "yes" && i="goons ${i}"
982 test "$with_hal_insults" = "yes" && i="hal ${i}"
983 test "$with_csops_insults" = "yes" && i="csops ${i}"
984 test "$with_classic_insults" = "yes" && i="classic ${i}"
988 AC_MSG_CHECKING(whether to override the user's path)
989 AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])],
990 [case $with_secure_path in
991 yes) AC_DEFINE_UNQUOTED(SECURE_PATH, "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc")
992 AC_MSG_RESULT([:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc])
994 no) AC_MSG_RESULT(no)
996 *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
997 AC_MSG_RESULT([$with_secure_path])
999 esac], AC_MSG_RESULT(no))
1001 AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
1002 AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-interfaces], [don't try to read the ip addr of ether interfaces])],
1003 [case $with_interfaces in
1004 yes) AC_MSG_RESULT(yes)
1006 no) AC_DEFINE(STUB_LOAD_INTERFACES)
1009 *) AC_MSG_ERROR(["--with-interfaces does not take an argument."])
1011 esac], AC_MSG_RESULT(yes))
1013 AC_MSG_CHECKING(whether stow should be used)
1014 AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [properly handle GNU stow packaging])],
1016 yes) AC_MSG_RESULT(yes)
1019 no) AC_MSG_RESULT(no)
1021 *) AC_MSG_ERROR(["--with-stow does not take an argument."])
1023 esac], AC_MSG_RESULT(no))
1025 AC_MSG_CHECKING(whether to use an askpass helper)
1026 AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])],
1027 [case $with_askpass in
1028 yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."])
1031 *) AC_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass])
1033 esac], AC_MSG_RESULT(no))
1036 dnl If enabled, set LIBVAS_SO, LIBVAS_RPATH and USING_NONUNIX_GROUPS
1038 AC_ARG_WITH(libvas, [AS_HELP_STRING([--with-libvas=NAME], [Name of the libvas shared library (default=libvas.so)])],
1039 [case $with_libvas in
1040 yes) with_libvas=libvas.so
1043 *) AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_with_libvas"], [The name of libvas.so])
1046 if test X"$with_libvas" != X"no"; then
1047 AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_libvas"], [The name of libvas.so])
1048 AC_DEFINE(USING_NONUNIX_GROUPS)
1049 NONUNIX_GROUPS_IMPL="vasgroups.o"
1050 AC_ARG_WITH([libvas-rpath],
1051 [AS_HELP_STRING([--with-libvas-rpath=PATH],
1052 [Path to look for libvas in [default=/opt/quest/lib]])],
1053 [LIBVAS_RPATH=$withval],
1054 [LIBVAS_RPATH=/opt/quest/lib])
1059 dnl Options for --enable
1062 AC_MSG_CHECKING(whether to do user authentication by default)
1063 AC_ARG_ENABLE(authentication,
1064 [AS_HELP_STRING([--disable-authentication], [Do not require authentication by default])],
1065 [ case "$enableval" in
1066 yes) AC_MSG_RESULT(yes)
1068 no) AC_MSG_RESULT(no)
1069 AC_DEFINE(NO_AUTHENTICATION)
1071 *) AC_MSG_RESULT(no)
1072 AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval])
1075 ], AC_MSG_RESULT(yes))
1077 AC_MSG_CHECKING(whether to disable running the mailer as root)
1078 AC_ARG_ENABLE(root-mailer,
1079 [AS_HELP_STRING([--disable-root-mailer], [Don't run the mailer as root, run as the user])],
1080 [ case "$enableval" in
1081 yes) AC_MSG_RESULT(no)
1083 no) AC_MSG_RESULT(yes)
1084 AC_DEFINE(NO_ROOT_MAILER)
1086 *) AC_MSG_RESULT(no)
1087 AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval])
1090 ], AC_MSG_RESULT(no))
1092 AC_ARG_ENABLE(setreuid,
1093 [AS_HELP_STRING([--disable-setreuid], [Don't try to use the setreuid() function])],
1094 [ case "$enableval" in
1095 no) SKIP_SETREUID=yes
1101 AC_ARG_ENABLE(setresuid,
1102 [AS_HELP_STRING([--disable-setresuid], [Don't try to use the setresuid() function])],
1103 [ case "$enableval" in
1104 no) SKIP_SETRESUID=yes
1110 AC_MSG_CHECKING(whether to disable shadow password support)
1111 AC_ARG_ENABLE(shadow,
1112 [AS_HELP_STRING([--disable-shadow], [Never use shadow passwords])],
1113 [ case "$enableval" in
1114 yes) AC_MSG_RESULT(no)
1116 no) AC_MSG_RESULT(yes)
1119 *) AC_MSG_RESULT(no)
1120 AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval])
1123 ], AC_MSG_RESULT(no))
1125 AC_MSG_CHECKING(whether root should be allowed to use sudo)
1126 AC_ARG_ENABLE(root-sudo,
1127 [AS_HELP_STRING([--disable-root-sudo], [Don't allow root to run sudo])],
1128 [ case "$enableval" in
1129 yes) AC_MSG_RESULT(yes)
1131 no) AC_DEFINE(NO_ROOT_SUDO)
1135 *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."])
1138 ], AC_MSG_RESULT(yes))
1140 AC_MSG_CHECKING(whether to log the hostname in the log file)
1141 AC_ARG_ENABLE(log-host,
1142 [AS_HELP_STRING([--enable-log-host], [Log the hostname in the log file])],
1143 [ case "$enableval" in
1144 yes) AC_MSG_RESULT(yes)
1145 AC_DEFINE(HOST_IN_LOG)
1147 no) AC_MSG_RESULT(no)
1149 *) AC_MSG_RESULT(no)
1150 AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval])
1153 ], AC_MSG_RESULT(no))
1155 AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
1156 AC_ARG_ENABLE(noargs-shell,
1157 [AS_HELP_STRING([--enable-noargs-shell], [If sudo is given no arguments run a shell])],
1158 [ case "$enableval" in
1159 yes) AC_MSG_RESULT(yes)
1160 AC_DEFINE(SHELL_IF_NO_ARGS)
1162 no) AC_MSG_RESULT(no)
1164 *) AC_MSG_RESULT(no)
1165 AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval])
1168 ], AC_MSG_RESULT(no))
1170 AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
1171 AC_ARG_ENABLE(shell-sets-home,
1172 [AS_HELP_STRING([--enable-shell-sets-home], [Set $HOME to target user in shell mode])],
1173 [ case "$enableval" in
1174 yes) AC_MSG_RESULT(yes)
1175 AC_DEFINE(SHELL_SETS_HOME)
1177 no) AC_MSG_RESULT(no)
1179 *) AC_MSG_RESULT(no)
1180 AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval])
1183 ], AC_MSG_RESULT(no))
1185 AC_MSG_CHECKING(whether to disable 'command not found' messages)
1186 AC_ARG_ENABLE(path_info,
1187 [AS_HELP_STRING([--disable-path-info], [Print 'command not allowed' not 'command not found'])],
1188 [ case "$enableval" in
1189 yes) AC_MSG_RESULT(no)
1191 no) AC_MSG_RESULT(yes)
1192 AC_DEFINE(DONT_LEAK_PATH_INFO)
1195 *) AC_MSG_RESULT(no)
1196 AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval])
1199 ], AC_MSG_RESULT(no))
1201 AC_MSG_CHECKING(whether to enable environment debugging)
1202 AC_ARG_ENABLE(env_debug,
1203 [AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])],
1204 [ case "$enableval" in
1205 yes) AC_MSG_RESULT(yes)
1206 AC_DEFINE(ENV_DEBUG)
1208 no) AC_MSG_RESULT(no)
1210 *) AC_MSG_RESULT(no)
1211 AC_MSG_WARN([Ignoring unknown argument to --enable-env-debug: $enableval])
1214 ], AC_MSG_RESULT(no))
1216 AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])],
1217 [case $with_selinux in
1218 yes) SELINUX_USAGE="[[-r role]] [[-t type]] "
1219 AC_DEFINE(HAVE_SELINUX)
1220 SUDO_LIBS="${SUDO_LIBS} -lselinux"
1221 SUDO_OBJS="${SUDO_OBJS} selinux.o"
1222 PROGS="${PROGS} sesh"
1227 *) AC_MSG_ERROR(["--with-selinux does not take an argument."])
1232 dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default
1234 AC_ARG_ENABLE(gss_krb5_ccache_name,
1235 [AS_HELP_STRING([--enable-gss-krb5-ccache-name], [Use GSS-API to set the Kerberos V cred cache name])],
1236 [check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no])
1239 dnl If we don't have egrep we can't do anything...
1241 AC_CHECK_PROG(EGREPPROG, egrep, egrep)
1242 if test -z "$EGREPPROG"; then
1243 AC_MSG_ERROR([Sorry, configure requires egrep to run.])
1247 dnl Prevent configure from adding the -g flag unless in devel mode
1249 if test "$with_devel" != "yes"; then
1254 dnl C compiler checks
1260 dnl Libtool magic; enable shared libs and disable static libs
1268 dnl Defer with_noexec until after libtool magic runs
1270 if test "$enable_shared" = "no"; then
1273 eval _shrext="$shrext_cmds"
1275 AC_MSG_CHECKING(path to sudo_noexec.so)
1276 AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])],
1277 [case $with_noexec in
1278 yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
1282 esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
1283 AC_MSG_RESULT($with_noexec)
1284 NOEXECFILE="sudo_noexec$_shrext"
1285 NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
1288 dnl It is now safe to modify CFLAGS and CPPFLAGS
1290 if test "$with_devel" = "yes" -a -n "$GCC"; then
1291 CFLAGS="${CFLAGS} -Wall"
1295 dnl Find programs we use
1297 AC_CHECK_PROG(UNAMEPROG, uname, uname)
1298 AC_CHECK_PROG(TRPROG, tr, tr)
1299 AC_CHECK_PROG(NROFFPROG, nroff, nroff)
1300 if test -z "$NROFFPROG"; then
1302 mansrcdir='$(srcdir)'
1306 dnl What kind of beastie are we being run on?
1307 dnl Barf if config.cache was generated on another host.
1309 if test -n "$sudo_cv_prev_host"; then
1310 if test "$sudo_cv_prev_host" != "$host"; then
1311 AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
1313 AC_MSG_CHECKING(previous host type)
1314 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1315 AC_MSG_RESULT([$sudo_cv_prev_host])
1318 # this will produce no output since there is no cached value
1319 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1323 dnl We want to be able to differentiate between different rev's
1325 if test -n "$host_os"; then
1326 OS=`echo $host_os | sed 's/[[0-9]].*//'`
1327 OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'`
1328 OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
1337 # getcwd(3) opens a pipe to getpwd(1)!?!
1340 # system headers lack prototypes but gcc helps...
1341 if test -n "$GCC"; then
1342 OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
1345 shadow_funcs="getpwanam issecure"
1348 # To get the crypt(3) prototype (so we pass -Wall)
1349 OSDEFS="${OSDEFS} -D__EXTENSIONS__"
1350 # AFS support needs -lucb
1351 if test "$with_AFS" = "yes"; then
1352 AFS_LIBS="-lc -lucb"
1355 : ${mansectform='4'}
1356 : ${with_rpath='yes'}
1357 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1360 # To get all prototypes (so we pass -Wall)
1361 OSDEFS="${OSDEFS} -D_XOPEN_EXTENDED_SOURCE -D_ALL_SOURCE"
1362 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
1363 if test X"$with_blibpath" != X"no"; then
1364 AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
1365 O_LDFLAGS="$LDFLAGS"
1366 LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
1367 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [
1368 if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
1369 blibpath="$with_blibpath"
1370 elif test -n "$GCC"; then
1371 blibpath="/usr/lib:/lib:/usr/local/lib"
1373 blibpath="/usr/lib:/lib"
1376 ], [AC_MSG_RESULT(no)])
1378 LDFLAGS="$O_LDFLAGS"
1380 # Use authenticate(3) as the default authentication method
1381 if test X"$with_aixauth" = X""; then
1382 AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
1385 # AIX analog of nsswitch.conf, enabled by default
1386 AC_ARG_WITH(netsvc, [AS_HELP_STRING([--with-netsvc[[=PATH]]], [path to netsvc.conf])],
1387 [case $with_netsvc in
1389 yes) with_netsvc="/etc/netsvc.conf"
1393 if test -z "$with_nsswitch" -a -z "$with_netsvc"; then
1394 with_netsvc="/etc/netsvc.conf"
1397 # AIX-specific functions
1398 AC_CHECK_FUNCS(getuserattr)
1399 SUDO_OBJS="$SUDO_OBJS aix.o"
1403 : ${mansectform='4'}
1406 # AFS support needs -lBSD
1407 if test "$with_AFS" = "yes"; then
1408 AFS_LIBS="-lc -lBSD"
1411 : ${mansectform='4'}
1413 # HP-UX bundled compiler can't generate shared objects
1414 if test "x$ac_cv_prog_cc_c89" = "xno"; then
1418 # Use the +DAportable flag if it is supported
1420 CFLAGS="$CFLAGS +DAportable"
1421 AC_CACHE_CHECK([whether $CC understands +DAportable],
1422 [sudo_cv_var_daportable],
1423 [AC_TRY_LINK([], [], [sudo_cv_var_daportable=yes],
1424 [sudo_cv_var_daportable=no])]
1426 if test X"$sudo_cv_var_daportable" != X"yes"; then
1432 AC_DEFINE(BROKEN_SYSLOG)
1434 # Not sure if setuid binaries are safe in < 9.x
1435 if test -n "$GCC"; then
1436 SUDO_LDFLAGS="${SUDO_LDFLAGS} -static"
1438 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive"
1442 AC_DEFINE(BROKEN_SYSLOG)
1444 shadow_funcs="getspwuid"
1446 # DCE support (requires ANSI C compiler)
1447 if test "$with_DCE" = "yes"; then
1448 # order of libs in 9.X is important. -lc_r must be last
1449 SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r"
1450 LIBS="${LIBS} -ldce -lM -lc_r"
1451 CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
1455 shadow_funcs="getprpwnam iscomsec"
1459 shadow_funcs="getspnam iscomsec"
1461 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1466 # ignore envariables wrt dynamic lib path
1467 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement"
1469 : ${CHECKSIA='true'}
1470 AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
1472 [AS_HELP_STRING([--disable-sia], [Disable SIA on Digital UNIX])],
1473 [ case "$enableval" in
1474 yes) AC_MSG_RESULT(no)
1477 no) AC_MSG_RESULT(yes)
1480 *) AC_MSG_RESULT(no)
1481 AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval])
1484 ], AC_MSG_RESULT(no))
1486 shadow_funcs="getprpwnam dispcrypt"
1487 # OSF/1 4.x and higher need -ldb too
1488 if test $OSMAJOR -lt 4; then
1489 shadow_libs="-lsecurity -laud -lm"
1491 shadow_libs="-lsecurity -ldb -laud -lm"
1494 # use SIA by default, if we have it
1495 test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
1498 # Some versions of Digital Unix ship with a broken
1499 # copy of prot.h, which we need for shadow passwords.
1500 # XXX - make should remove this as part of distclean
1502 AC_MSG_CHECKING([for broken prot.h])
1503 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1504 #include <sys/types.h>
1505 #include <sys/security.h>
1507 ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
1508 sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
1511 : ${mansectform='4'}
1514 OSDEFS="${OSDEFS} -D_BSD_TYPES"
1515 if test -z "$NROFFPROG"; then
1516 MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
1517 if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
1518 if test -d /usr/share/catman/local; then
1519 mandir="/usr/share/catman/local"
1521 mandir="/usr/catman/local"
1525 if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
1526 if test -d "/usr/share/man/local"; then
1527 mandir="/usr/share/man/local"
1529 mandir="/usr/man/local"
1533 # IRIX <= 4 needs -lsun
1534 if test "$OSMAJOR" -le 4; then
1535 AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
1538 : ${mansectform='4'}
1540 *-*-linux*|*-*-k*bsd*-gnu)
1541 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1542 # Some Linux versions need to link with -lshadow
1543 shadow_funcs="getspnam"
1544 shadow_libs_optional="-lshadow"
1545 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1548 OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
1549 if test -z "$GCC"; then
1550 CFLAGS="${CFLAGS} -D__STDC__"
1553 shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
1554 shadow_funcs="getprpwnam"
1555 shadow_libs="-lprot"
1559 shadow_funcs="getauthuid"
1560 shadow_libs="-lauth"
1563 LIBS="${LIBS} -lsun -lbsd"
1564 CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
1565 OSDEFS="${OSDEFS} -D_MIPS"
1567 : ${mansectform='4'}
1570 OSDEFS="${OSDEFS} -D_ISC"
1572 SUDO_LIBS="${SUDO_LIBS} -lcrypt"
1573 LIBS="${LIBS} -lcrypt"
1575 shadow_funcs="getspnam"
1579 : ${mansectform='4'}
1582 shadow_funcs="getprpwnam"
1583 shadow_libs="-lprot -lx"
1585 : ${mansectform='4'}
1587 m88k-motorola-sysv*)
1588 # motorolla's cc (a variant of gcc) does -O but not -O2
1589 CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
1591 : ${mansectform='4'}
1594 shadow_funcs="getspnam"
1597 : ${mansectform='4'}
1598 : ${with_rpath='yes'}
1600 *-ncr-sysv4*|*-ncr-sysvr4*)
1601 AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes])
1603 : ${mansectform='4'}
1604 : ${with_rpath='yes'}
1606 *-ccur-sysv4*|*-ccur-sysvr4*)
1607 LIBS="${LIBS} -lgen"
1608 SUDO_LIBS="${SUDO_LIBS} -lgen"
1610 : ${mansectform='4'}
1611 : ${with_rpath='yes'}
1615 # Use shlicc for BSD/OS [23].x unless asked to do otherwise
1616 if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then
1618 2|3) AC_MSG_NOTICE([using shlicc as CC])
1619 ac_cv_prog_CC=shlicc
1624 # Check for newer BSD auth API (just check for >= 3.0?)
1625 if test -z "$with_bsdauth"; then
1626 AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
1630 # FreeBSD has a real setreuid(2) starting with 2.1 and
1631 # backported to 2.0.5. We just take 2.1 and above...
1637 if test "$with_skey" = "yes"; then
1638 SUDO_LIBS="${SUDO_LIBS} -lmd"
1641 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1642 : ${with_logincap='maybe'}
1645 # OpenBSD has a real setreuid(2) starting with 3.3 but
1646 # we will use setreuid(2) instead.
1649 # OpenBSD >= 3.0 supports BSD auth
1650 if test -z "$with_bsdauth"; then
1655 AUTH_EXCL_DEF="BSD_AUTH"
1659 : ${with_logincap='maybe'}
1662 # NetBSD has a real setreuid(2) starting with 1.3.2
1664 0.9*|1.[012]*|1.3|1.3.1)
1669 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1670 : ${with_logincap='maybe'}
1673 if test "$with_skey" = "yes"; then
1674 SUDO_LIBS="${SUDO_LIBS} -lmd"
1677 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1678 : ${with_logincap='yes'}
1686 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1687 : ${with_logincap='yes'}
1690 # lockf() on is broken on the NeXT -- use flock instead
1692 ac_cv_func_flock=yes
1696 : ${mansectform='4'}
1697 : ${with_rpath='yes'}
1701 : ${mansectform='4'}
1704 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1709 dnl Check for mixing mutually exclusive and regular auth methods
1711 AUTH_REG=${AUTH_REG# }
1712 AUTH_EXCL=${AUTH_EXCL# }
1713 if test -n "$AUTH_EXCL"; then
1715 if test $# != 1; then
1716 AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL])
1718 if test -n "$AUTH_REG"; then
1719 AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
1723 dnl Only one of S/Key and OPIE may be specified
1725 if test X"${with_skey}${with_opie}" = X"yesyes"; then
1726 AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
1730 dnl Use BSD-style man sections by default
1733 : ${mansectform='5'}
1736 dnl Add in any libpaths or libraries specified via configure
1738 if test -n "$with_libpath"; then
1739 for i in ${with_libpath}; do
1740 SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
1743 if test -n "$with_libraries"; then
1744 for i in ${with_libraries}; do
1756 dnl C compiler checks (to be done after os checks)
1758 AC_PROG_GCC_TRADITIONAL
1765 AC_PATH_PROG([FLEX], [flex], [flex])
1768 if test -z "$with_sendmail"; then
1771 if test -z "$with_editor"; then
1775 dnl Header file checks
1780 AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h)
1781 dnl ultrix termio/termios are broken
1782 if test "$OS" != "ultrix"; then
1783 AC_SYS_POSIX_TERMIOS
1784 if test "$ac_cv_sys_posix_termios" = "yes"; then
1785 AC_DEFINE(HAVE_TERMIOS_H)
1787 AC_CHECK_HEADERS(termio.h)
1790 if test ${with_logincap-'no'} != "no"; then
1791 AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=""
1793 freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
1798 if test ${with_project-'no'} != "no"; then
1799 AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H)
1800 [SUDO_LIBS="${SUDO_LIBS} -lproject"], -)
1807 AC_CHECK_TYPE([__signed char], [], [AC_CHECK_TYPE([signed char], [AC_DEFINE(__signed, signed)], [AC_DEFINE(__signed, [])])])
1808 AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
1809 #include <signal.h>])
1810 AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include <sys/types.h>
1811 #include <signal.h>])
1812 AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include <sys/types.h>
1813 #if TIME_WITH_SYS_TIME
1814 # include <sys/time.h>
1817 AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include <sys/types.h>
1818 #include <netinet/in.h>])
1827 dnl only set RETSIGTYPE if it is not set already
1837 AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
1838 strftime setrlimit initgroups getgroups fstat gettimeofday \
1839 setlocale getaddrinfo setsid setenv)
1840 AC_CHECK_FUNCS(unsetenv, SUDO_FUNC_UNSETENV_VOID)
1841 SUDO_FUNC_PUTENV_CONST
1842 if test -z "$SKIP_SETRESUID"; then
1843 AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
1845 if test -z "$SKIP_SETREUID"; then
1846 AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
1848 if test -z "$SKIP_SETEUID"; then
1849 AC_CHECK_FUNCS(seteuid)
1851 if test X"$with_interfaces" != X"no"; then
1852 AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
1854 if test -z "$BROKEN_GETCWD"; then
1855 AC_REPLACE_FUNCS(getcwd)
1857 AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h)
1858 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <glob.h>]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB)
1859 AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob)
1860 AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)])
1861 AC_CHECK_FUNCS(lockf flock, [break])
1862 AC_CHECK_FUNCS(waitpid wait3, [break])
1863 AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
1864 AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
1865 SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)])
1867 AC_REPLACE_FUNCS(memrchr strerror strcasecmp sigaction strlcpy strlcat)
1868 AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom)
1869 AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [],
1870 [ #include <limits.h>
1871 #include <fcntl.h> ])
1873 AC_CHECK_FUNCS(mkstemp, [], [SUDO_OBJS="${SUDO_OBJS} mkstemp.o"
1874 AC_CHECK_FUNCS(random lrand48, [break])
1876 AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
1877 if test X"$ac_cv_type_struct_timespec" != X"no"; then
1878 AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)]
1879 [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))],
1880 [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
1881 AC_MSG_CHECKING([for two-parameter timespecsub])
1882 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1883 #include <sys/time.h>]], [[struct timespec ts1, ts2;
1884 ts1.tv_sec = 1; ts1.tv_nsec = 0; ts2.tv_sec = 0; ts2.tv_nsec = 0;
1886 #error missing timespecsub
1888 timespecsub(&ts1, &ts2);]])], [AC_DEFINE(HAVE_TIMESPECSUB2)
1889 AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)])
1892 dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
1894 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1895 #include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_TRY_LINK([#include <sys/types.h>
1896 #include <$ac_header_dirent>], [DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);], [AC_DEFINE(HAVE_DD_FD)])])
1898 dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
1899 dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
1901 if test -n "$NEED_SNPRINTF"; then
1905 dnl If socket(2) not in libc, check -lsocket and -linet
1906 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
1907 dnl In this case we look for main(), not socket() to avoid using a cached value
1909 AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl)
1910 AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))])
1912 dnl If inet_addr(3) not in libc, check -lnsl and -linet
1913 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
1915 AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl)
1916 AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))])
1918 dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
1920 AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))])
1922 dnl Check for getprogname() or __progname
1924 AC_CHECK_FUNCS(getprogname, , [
1925 AC_MSG_CHECKING([for __progname])
1926 AC_CACHE_VAL(sudo_cv___progname, [
1927 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
1928 if test "$sudo_cv___progname" = "yes"; then
1929 AC_DEFINE(HAVE___PROGNAME)
1931 AC_LIBOBJ(getprogname)
1933 AC_MSG_RESULT($sudo_cv___progname)
1937 dnl nsswitch.conf and its equivalents
1939 netsvc_conf='/etc/netsvc.conf'
1940 nsswitch_conf='/etc/nsswitch.conf'
1941 if test ${with_netsvc-"no"} != "no"; then
1942 SUDO_DEFINE_UNQUOTED(_PATH_NETSVC_CONF, "${with_netsvc-/etc/netsvc.conf}")
1943 netsvc_conf=${with_netsvc-/etc/netsvc.conf}
1944 elif test ${with_nsswitch-"yes"} != "no"; then
1945 SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}")
1946 nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf}
1950 dnl Mutually exclusive auth checks come first, followed by
1951 dnl non-exclusive ones. Note: passwd must be last of all!
1955 dnl Convert default authentication methods to with_* if
1956 dnl no explicit authentication scheme was specified.
1958 if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
1959 for auth in $AUTH_EXCL_DEF; do
1961 AIX_AUTH) with_aixauth=maybe;;
1962 BSD_AUTH) with_bsdauth=maybe;;
1963 PAM) with_pam=maybe;;
1964 SIA) CHECKSIA=true;;
1970 dnl PAM support. Systems that use PAM by default set with_pam=default
1971 dnl and we do the actual tests here.
1973 if test ${with_pam-"no"} != "no"; then
1975 dnl Linux may need this
1977 AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"])
1978 ac_cv_lib_dl=ac_cv_lib_dl_main
1981 dnl Some PAM implementations (MacOS X for example) put the PAM headers
1982 dnl in /usr/include/pam instead of /usr/include/security...
1984 AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break])
1985 if test "$with_pam" = "yes"; then
1987 AUTH_OBJS="$AUTH_OBJS pam.o";
1989 AC_MSG_CHECKING(whether to use PAM session support)
1990 AC_ARG_ENABLE(pam_session,
1991 [AS_HELP_STRING([--disable-pam-session], [Disable PAM session support])],
1992 [ case "$enableval" in
1993 yes) AC_MSG_RESULT(yes)
1995 no) AC_MSG_RESULT(no)
1996 AC_DEFINE([NO_PAM_SESSION], [], [PAM session support disabled])
1998 *) AC_MSG_RESULT(no)
1999 AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
2001 esac], AC_MSG_RESULT(yes))
2003 *-*-linux*|*-*-solaris*)
2004 # dgettext() may be defined to dgettext_libintl in the
2005 # header file, so first check that it links w/ additional
2006 # libs, then try with -lintl
2007 AC_LINK_IFELSE([AC_LANG_PROGRAM(
2008 [[#include <libintl.h>]], [(void)dgettext((char *)0, (char *)0);])],
2009 [AC_DEFINE(HAVE_DGETTEXT)],
2010 [AC_CHECK_LIB(intl, dgettext, [LIBS="${LIBS} -lintl"]
2011 [AC_DEFINE(HAVE_DGETTEXT)])])
2018 dnl AIX general authentication
2019 dnl If set to "maybe" only enable if no other exclusive method in use.
2021 if test ${with_aixauth-'no'} != "no"; then
2022 if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
2023 AC_MSG_NOTICE([using AIX general authentication])
2024 AC_DEFINE(HAVE_AIXAUTH)
2025 AUTH_OBJS="$AUTH_OBJS aix_auth.o";
2026 SUDO_LIBS="${SUDO_LIBS} -ls"
2032 dnl BSD authentication
2033 dnl If set to "maybe" only enable if no other exclusive method in use.
2035 if test ${with_bsdauth-'no'} != "no"; then
2036 AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
2037 [AUTH_OBJS="$AUTH_OBJS bsdauth.o"]
2038 [BSDAUTH_USAGE='[[-a auth_type]] ']
2039 [AUTH_EXCL=BSD_AUTH; BAMAN=""],
2040 [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
2044 dnl SIA authentication for Tru64 Unix
2046 if test ${CHECKSIA-'false'} = "true"; then
2047 AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
2048 if test "$found" = "true"; then
2050 AUTH_OBJS="$AUTH_OBJS sia.o"
2055 dnl extra FWTK libs + includes
2057 if test ${with_fwtk-'no'} != "no"; then
2058 if test "$with_fwtk" != "yes"; then
2059 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}])
2060 CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
2063 SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall"
2064 AUTH_OBJS="$AUTH_OBJS fwtk.o"
2068 dnl extra SecurID lib + includes
2070 if test ${with_SecurID-'no'} != "no"; then
2071 if test "$with_SecurID" != "yes"; then
2073 elif test -d /usr/ace/examples; then
2074 with_SecurID=/usr/ace/examples
2076 with_SecurID=/usr/ace
2078 CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
2079 _LDFLAGS="${LDFLAGS}"
2080 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
2082 # Determine whether to use the new or old SecurID API
2084 AC_CHECK_LIB(aceclnt, SD_Init,
2086 AUTH_OBJS="$AUTH_OBJS securid5.o";
2087 SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"
2090 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}])
2092 AUTH_OBJS="$AUTH_OBJS securid.o";
2093 SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a"
2099 LDFLAGS="${_LDFLAGS}"
2103 dnl Non-mutually exclusive auth checks come next.
2104 dnl Note: passwd must be last of all!
2108 dnl Convert default authentication methods to with_* if
2109 dnl no explicit authentication scheme was specified.
2111 if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
2112 for auth in $AUTH_DEF; do
2114 passwd) : ${with_passwd='maybe'};;
2122 if test ${with_kerb4-'no'} != "no"; then
2123 AC_DEFINE(HAVE_KERB4)
2125 dnl Use the specified directory, if any, else search for correct inc dir
2127 O_LDFLAGS="$LDFLAGS"
2128 if test "$with_kerb4" = "yes"; then
2130 O_CPPFLAGS="$CPPFLAGS"
2131 for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
2132 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
2133 AC_PREPROC_IFELSE([#include <krb.h>], [found=yes; break])
2135 test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
2137 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib])
2138 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib])
2139 CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
2140 AC_CHECK_HEADER([krb.h], [found=yes], [found=no])
2142 if test X"$found" = X"no"; then
2143 AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
2147 dnl Check for -ldes vs. -ldes425
2149 AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [
2150 AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""])
2153 dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV
2155 AC_MSG_CHECKING(whether we are using KTH Kerberos IV)
2156 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]], [[const char *tmp = krb4_version;]])], [
2158 K4LIBS="${K4LIBS} -lcom_err"
2159 AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"])
2165 dnl The actual Kerberos IV lib might be -lkrb or -lkrb4
2167 AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [
2168 AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"],
2169 [K4LIBS="-lkrb $K4LIBS"]
2170 [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])]
2173 LDFLAGS="$O_LDFLAGS"
2174 SUDO_LIBS="${SUDO_LIBS} $K4LIBS"
2175 AUTH_OBJS="$AUTH_OBJS kerb4.o"
2180 dnl There is an easy way and a hard way...
2182 if test ${with_kerb5-'no'} != "no"; then
2183 AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
2184 if test -n "$KRB5CONFIG"; then
2185 AC_DEFINE(HAVE_KERB5)
2186 AUTH_OBJS="$AUTH_OBJS kerb5.o"
2187 CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
2188 SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`"
2190 dnl Try to determine whether we have Heimdal or MIT Kerberos
2192 AC_MSG_CHECKING(whether we are using Heimdal)
2193 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2195 AC_DEFINE(HAVE_HEIMDAL)
2202 if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then
2203 AC_DEFINE(HAVE_KERB5)
2205 dnl Use the specified directory, if any, else search for correct inc dir
2207 if test "$with_kerb5" = "yes"; then
2209 O_CPPFLAGS="$CPPFLAGS"
2210 for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
2211 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
2212 AC_PREPROC_IFELSE([#include <krb5.h>], [found=yes; break])
2214 if test X"$found" = X"no"; then
2215 CPPFLAGS="$O_CPPFLAGS"
2216 AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
2219 dnl XXX - try to include krb5.h here too
2220 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib])
2221 CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
2225 dnl Try to determine whether we have Heimdal or MIT Kerberos
2227 AC_MSG_CHECKING(whether we are using Heimdal)
2228 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2230 AC_DEFINE(HAVE_HEIMDAL)
2231 # XXX - need to check whether -lcrypo is needed!
2232 SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
2233 AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"])
2236 SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
2237 AC_CHECK_LIB(krb5support, main, [SUDO_LIBS="${SUDO_LIBS} -lkrb5support,"])
2239 AUTH_OBJS="$AUTH_OBJS kerb5.o"
2241 LIBS="${LIBS} ${SUDO_LIBS}"
2242 AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context krb5_get_init_creds_opt_alloc)
2243 AC_CACHE_CHECK(whether krb5_get_init_creds_opt_free takes a two argument2,
2244 sudo_cv_krb5_get_init_creds_opt_free_two_args, [
2245 AC_TRY_COMPILE([#include <krb5.h>],
2247 krb5_context context = NULL;
2248 krb5_get_init_creds_opt *opts = NULL;
2249 krb5_get_init_creds_opt_free(context, opts);
2251 [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes],
2252 [sudo_cv_krb5_get_init_creds_opt_free_two_args=no]
2256 if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then
2257 AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS)
2263 dnl extra AFS libs and includes
2265 if test ${with_AFS-'no'} = "yes"; then
2267 # looks like the "standard" place for AFS libs is /usr/afsws/lib
2268 AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
2269 for i in $AFSLIBDIRS; do
2270 if test -d ${i}; then
2271 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i])
2272 FOUND_AFSLIBDIR=true
2275 if test -z "$FOUND_AFSLIBDIR"; then
2276 AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.])
2279 # Order is important here. Note that we build AFS_LIBS from right to left
2280 # since AFS_LIBS may be initialized with BSD compat libs that must go last
2281 AFS_LIBS="-laudit ${AFS_LIBS}"
2282 for i in $AFSLIBDIRS; do
2283 if test -f ${i}/util.a; then
2284 AFS_LIBS="${i}/util.a ${AFS_LIBS}"
2289 if test -z "$FOUND_UTIL_A"; then
2290 AFS_LIBS="-lutil ${AFS_LIBS}"
2292 AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
2294 # AFS includes may live in /usr/include on some machines...
2295 for i in /usr/afsws/include; do
2296 if test -d ${i}; then
2297 CPPFLAGS="${CPPFLAGS} -I${i}"
2298 FOUND_AFSINCDIR=true
2302 if test -z "$FOUND_AFSLIBDIR"; then
2303 AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
2306 AUTH_OBJS="$AUTH_OBJS afs.o"
2310 dnl extra DCE obj + lib
2311 dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
2313 if test ${with_DCE-'no'} = "yes"; then
2314 DCE_OBJS="${DCE_OBJS} dce_pwent.o"
2315 SUDO_LIBS="${SUDO_LIBS} -ldce"
2316 AUTH_OBJS="$AUTH_OBJS dce.o"
2320 dnl extra S/Key lib and includes
2322 if test ${with_skey-'no'} = "yes"; then
2323 O_LDFLAGS="$LDFLAGS"
2324 if test "$with_skey" != "yes"; then
2325 CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
2326 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
2327 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib])
2328 AC_PREPROC_IFELSE([#include <skey.h>], [found=yes], [found=no])
2331 O_CPPFLAGS="$CPPFLAGS"
2332 for dir in "" "/usr/local" "/usr/contrib"; do
2333 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2334 AC_PREPROC_IFELSE([#include <skey.h>], [found=yes; break])
2336 if test "$found" = "no" -o -z "$dir"; then
2337 CPPFLAGS="$O_CPPFLAGS"
2339 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2340 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
2343 if test "$found" = "no"; then
2344 AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
2346 AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])])
2347 AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
2348 LDFLAGS="$O_LDFLAGS"
2349 SUDO_LIBS="${SUDO_LIBS} -lskey"
2350 AUTH_OBJS="$AUTH_OBJS rfc1938.o"
2354 dnl extra OPIE lib and includes
2356 if test ${with_opie-'no'} = "yes"; then
2357 O_LDFLAGS="$LDFLAGS"
2358 if test "$with_opie" != "yes"; then
2359 CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
2360 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
2361 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib])
2362 AC_PREPROC_IFELSE([#include <opie.h>], [found=yes], [found=no])
2365 O_CPPFLAGS="$CPPFLAGS"
2366 for dir in "" "/usr/local" "/usr/contrib"; do
2367 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2368 AC_PREPROC_IFELSE([#include <opie.h>], [found=yes; break])
2370 if test "$found" = "no" -o -z "$dir"; then
2371 CPPFLAGS="$O_CPPFLAGS"
2373 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2374 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
2377 if test "$found" = "no"; then
2378 AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
2380 AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])])
2381 LDFLAGS="$O_LDFLAGS"
2382 SUDO_LIBS="${SUDO_LIBS} -lopie"
2383 AUTH_OBJS="$AUTH_OBJS rfc1938.o"
2387 dnl Check for shadow password routines if we have not already done so.
2388 dnl If there is a specific list of functions to check we do that first.
2389 dnl Otherwise, we check for SVR4-style and then SecureWare-style.
2391 if test ${with_passwd-'no'} != "no"; then
2393 dnl if crypt(3) not in libc, look elsewhere
2395 if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then
2396 AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2399 if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
2401 LIBS="$LIBS $shadow_libs"
2403 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2404 if test "$found" = "yes"; then
2405 SUDO_LIBS="$SUDO_LIBS $shadow_libs"
2406 elif test -n "$shadow_libs_optional"; then
2407 LIBS="$LIBS $shadow_libs_optional"
2408 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2409 if test "$found" = "yes"; then
2410 SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional"
2413 if test "$found" = "yes"; then
2414 case "$shadow_funcs" in
2415 *getprpwnam*) SECUREWARE=1;;
2417 test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
2423 if test "$CHECKSHADOW" = "true"; then
2424 AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2426 if test "$CHECKSHADOW" = "true"; then
2427 AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2429 if test -n "$SECUREWARE"; then
2430 AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
2431 AUTH_OBJS="$AUTH_OBJS secureware.o"
2436 dnl extra lib and .o file for LDAP support
2438 if test ${with_ldap-'no'} != "no"; then
2440 if test "$with_ldap" != "yes"; then
2441 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib])
2442 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
2443 CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
2447 SUDO_OBJS="${SUDO_OBJS} ldap.o"
2449 AC_MSG_CHECKING([for LDAP libraries])
2453 for l in -lldap -llber '-lssl -lcrypto'; do
2455 LDAP_LIBS="${LDAP_LIBS} $l"
2456 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2458 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
2460 dnl if nothing linked just try with -lldap
2461 if test "$found" = "no"; then
2462 LIBS="${_LIBS} -lldap"
2464 AC_MSG_RESULT([not found, using -lldap])
2466 AC_MSG_RESULT([$LDAP_LIBS])
2468 dnl check if we need to link with -llber for ber_set_option
2470 AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
2471 if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
2472 LDAP_LIBS="$LDAP_LIBS -llber"
2474 dnl check if ldap.h includes lber.h for us
2475 AC_MSG_CHECKING([whether lber.h is needed])
2476 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2477 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
2478 AC_MSG_RESULT([yes])
2479 AC_DEFINE(HAVE_LBER_H)])
2481 AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)], [break])
2482 AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
2483 AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_search_ext_s ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_client_init ldap_start_tls_s_np)
2485 if test X"$check_gss_krb5_ccache_name" = X"yes"; then
2486 AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,
2487 AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
2488 [LDAP_LIBS="${LDAP_LIBS} -lgssapi"],
2489 AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,
2490 AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
2491 [LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"])
2494 # gssapi headers may be separate or part of Kerberos V
2496 O_CPPFLAGS="$CPPFLAGS"
2497 for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do
2498 test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
2499 AC_PREPROC_IFELSE([#include <gssapi/gssapi.h>], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([#include <gssapi.h>], [found="gssapi.h"; break])])
2501 if test X"$found" != X"no"; then
2502 AC_CHECK_HEADERS([$found])
2503 if test X"$found" = X"gssapi/gssapi.h"; then
2504 AC_CHECK_HEADERS([gssapi/gssapi_krb5.h])
2507 CPPFLAGS="$O_CPPFLAGS"
2508 AC_MSG_WARN([Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS])
2512 SUDO_LIBS="${SUDO_LIBS} ${LDAP_LIBS}"
2518 dnl Add LIBVAS_RPATH to LDFLAGS
2519 dnl GNU ld accepts -R/path/ as an alias for -rpath /path/
2521 if test X"$LIBVAS_RPATH" != X""; then
2522 if test -n "$blibpath"; then
2523 blibpath_add="${blibpath_add}:$LIBVAS_RPATH"
2525 LDFLAGS="$LDFLAGS -R$LIBVAS_RPATH"
2530 dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we
2531 dnl added -L dirpaths to SUDO_LDFLAGS.
2533 if test -n "$blibpath"; then
2534 if test -n "$blibpath_add"; then
2535 SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
2536 elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
2537 SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}"
2542 dnl Check for log file and timestamp locations
2548 dnl Use passwd (and secureware) auth modules?
2550 case "$with_passwd" in
2552 AUTH_OBJS="$AUTH_OBJS passwd.o"
2555 AC_DEFINE(WITHOUT_PASSWD)
2556 if test -z "$AUTH_OBJS"; then
2557 AC_MSG_ERROR([no authentication methods defined.])
2561 AUTH_OBJS=${AUTH_OBJS# }
2562 _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'`
2563 AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
2566 dnl LIBS may contain duplicates from SUDO_LIBS or NET_LIBS so prune it.
2568 if test -n "$LIBS"; then
2573 for sl in ${SUDO_LIBS} ${NET_LIBS}; do
2574 test $l = $sl && dupe=1
2576 test $dupe = 0 && LIBS="${LIBS} $l"
2583 test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
2586 dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
2587 dnl XXX - this is gross!
2589 if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
2590 oexec_prefix="$exec_prefix"
2591 if test "$exec_prefix" = '$(prefix)'; then
2592 if test "$prefix" = "NONE"; then
2593 exec_prefix="$ac_default_prefix"
2595 exec_prefix="$prefix"
2598 if test X"$with_noexec" != X"no"; then
2599 PROGS="${PROGS} sudo_noexec.la"
2600 INSTALL_NOEXEC="install-noexec"
2602 eval noexec_file="$with_noexec"
2603 AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
2605 if test X"$with_selinux" != X"no"; then
2606 eval sesh_file="$libexecdir/sesh"
2607 AC_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
2609 exec_prefix="$oexec_prefix"
2613 dnl Substitute into the Makefile and man pages
2615 AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudo_usage.h])
2619 dnl Spew any text the user needs to know about
2621 if test "$with_pam" = "yes"; then
2624 AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
2630 dnl Autoheader templates
2632 AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
2633 AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
2634 AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
2635 AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
2636 AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
2637 AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
2638 AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
2639 AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
2640 AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
2641 AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
2642 AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
2643 AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM auditing.])
2644 AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
2645 AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
2646 AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
2647 AH_TEMPLATE(HAVE_DGETTEXT, [Define to 1 if you have the `dgettext' function.])
2648 AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
2649 AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.])
2650 AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
2651 AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
2652 AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
2653 AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)])
2654 AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)])
2655 AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
2656 AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
2657 AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
2658 AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.])
2659 AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
2660 AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if <netinet/in.h> contains struct in6_addr.])
2661 AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
2662 AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
2663 AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.])
2664 AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
2665 AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.])
2666 AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_alloc' function takes two arguments.])
2667 AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.])
2668 AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.])
2669 AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
2670 AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
2671 AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
2672 AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
2673 AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
2674 AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
2675 AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.])
2676 AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
2677 AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
2678 AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
2679 AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union])
2680 AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
2681 AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
2682 AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.])
2683 AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h])
2684 AH_TEMPLATE(HAVE_TIMESPECSUB2, [Define to 1 if you have a timespecsub macro or function that takes two arguments (not three)])
2685 AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
2686 AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
2687 AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
2688 AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
2689 AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
2690 AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
2691 AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
2692 AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
2693 AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
2694 AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
2695 AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
2696 AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
2697 AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
2698 AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
2699 AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
2700 AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
2701 AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
2702 AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
2703 AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
2704 AH_TEMPLATE(USE_TTY_TICKETS, [Define to 1 if you want a different ticket file for each tty.])
2705 AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
2706 AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
2707 AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.])
2708 AH_TEMPLATE(USING_NONUNIX_GROUPS, [Define to 1 if using a non-Unix group lookup implementation.])
2711 dnl Bits to copy verbatim into config.h.in
2713 AH_TOP([#ifndef _SUDO_CONFIG_H
2714 #define _SUDO_CONFIG_H])
2717 * Macros to pull sec and nsec parts of mtime from struct stat.
2718 * We need to be able to convert between timeval and timespec
2719 * so the last 3 digits of tv_nsec are not significant.
2722 # ifdef HAVE_ST__TIM
2723 # define mtim_getsec(_x) ((_x).st_mtim.st__tim.tv_sec)
2724 # define mtim_getnsec(_x) (((_x).st_mtim.st__tim.tv_nsec / 1000) * 1000)
2726 # define mtim_getsec(_x) ((_x).st_mtim.tv_sec)
2727 # define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000)
2730 # ifdef HAVE_ST_MTIMESPEC
2731 # define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec)
2732 # define mtim_getnsec(_x) (((_x).st_mtimespec.tv_nsec / 1000) * 1000)
2734 # define mtim_getsec(_x) ((_x).st_mtime)
2735 # define mtim_getnsec(_x) (0)
2736 # endif /* HAVE_ST_MTIMESPEC */
2737 #endif /* HAVE_ST_MTIM */
2740 * Emulate a subset of waitpid() if we don't have it.
2743 # define sudo_waitpid(p, s, o) waitpid(p, s, o)
2746 # define sudo_waitpid(p, s, o) wait3(s, o, NULL)
2750 /* GNU stow needs /etc/sudoers to be a symlink. */
2752 # define stat_sudoers stat
2754 # define stat_sudoers lstat
2757 /* Macros to set/clear/test flags. */
2759 #define SET(t, f) ((t) |= (f))
2761 #define CLR(t, f) ((t) &= ~(f))
2763 #define ISSET(t, f) ((t) & (f))
2765 /* New ANSI-style OS defs for HP-UX and ConvexOS. */
2766 #if defined(hpux) && !defined(__hpux)
2770 #if defined(convex) && !defined(__convex__)
2771 # define __convex__ 1
2774 /* BSD compatibility on some SVR4 systems. */
2777 #endif /* __svr4__ */
2779 #endif /* _SUDO_CONFIG_H */])