2 dnl Process this file with GNU autoconf to produce a configure script.
4 dnl Copyright (c) 1994-1996,1998-2011 Todd C. Miller <Todd.Miller@courtesan.com>
6 AC_INIT([sudo], [1.8.2], [http://www.sudo.ws/bugs/], [sudo])
7 AC_CONFIG_HEADER([config.h pathnames.h])
9 dnl Note: this must come after AC_INIT
11 AC_MSG_NOTICE([Configuring Sudo version $PACKAGE_VERSION])
13 dnl Variables that get substituted in the Makefile and man pages
15 AC_SUBST([HAVE_BSM_AUDIT])
22 AC_SUBST([SUDOERS_LDFLAGS])
24 AC_SUBST([COMMON_OBJS])
25 AC_SUBST([SUDOERS_OBJS])
29 AC_SUBST([SUDOERS_LIBS])
32 AC_SUBST([REPLAY_LIBS])
33 AC_SUBST([GETGROUPS_LIB])
37 AC_SUBST([MAN_POSTINSTALL])
38 AC_SUBST([SUDOERS_MODE])
39 AC_SUBST([SUDOERS_UID])
40 AC_SUBST([SUDOERS_GID])
47 AC_SUBST([mansectform])
49 AC_SUBST([NOEXECFILE])
53 AC_SUBST([noexec_file])
54 AC_SUBST([INSTALL_NOEXEC])
55 AC_SUBST([DONT_LEAK_PATH_INFO])
56 AC_SUBST([BSDAUTH_USAGE])
57 AC_SUBST([SELINUX_USAGE])
59 AC_SUBST([LOGINCAP_USAGE])
62 AC_SUBST([LIBTOOL_DEPS])
63 AC_SUBST([ac_config_libobj_dir])
64 AC_SUBST([CONFIGURE_ARGS])
70 dnl Variables that get substituted in docs (not overridden by environment)
72 AC_SUBST([iolog_dir])dnl real initial value from SUDO_IO_LOGDIR
73 AC_SUBST([timedir])dnl real initial value from SUDO_TIMEDIR
75 AC_SUBST([password_timeout])
76 AC_SUBST([sudo_umask])
77 AC_SUBST([umask_override])
78 AC_SUBST([passprompt])
79 AC_SUBST([long_otp_prompt])
85 AC_SUBST([ignore_dot])
86 AC_SUBST([mail_no_user])
87 AC_SUBST([mail_no_host])
88 AC_SUBST([mail_no_perms])
91 AC_SUBST([badpass_message])
93 AC_SUBST([runas_default])
94 AC_SUBST([env_editor])
96 AC_SUBST([passwd_tries])
97 AC_SUBST([tty_tickets])
100 AC_SUBST([path_info])
101 AC_SUBST([ldap_conf])
102 AC_SUBST([ldap_secret])
103 AC_SUBST([nsswitch_conf])
104 AC_SUBST([netsvc_conf])
105 AC_SUBST([secure_path])
108 # Begin initial values for man page substitution
110 iolog_dir=/var/log/sudo-io
111 timedir=/var/adm/sudo
116 passprompt="Password:"
128 mailsub="*** SECURITY information for %h ***"
129 badpass_message="Sorry, try again."
140 ldap_conf=/etc/ldap.conf
141 ldap_secret=/etc/ldap.secret
142 netsvc_conf=/etc/netsvc.conf
143 noexec_file=/usr/local/libexec/sudo_noexec.so
144 nsswitch_conf=/etc/nsswitch.conf
145 secure_path="not set"
147 # End initial values for man page substitution
150 dnl Initial values for Makefile variables listed above
151 dnl May be overridden by environment variables..
158 : ${SUDOERS_MODE='0440'}
183 shadow_libs_optional=
187 dnl libc replacement functions live in compat
189 AC_CONFIG_LIBOBJ_DIR(compat)
192 dnl Deprecated --with options (these all warn or generate an error)
195 AC_ARG_WITH(otp-only, [AS_HELP_STRING([--with-otp-only], [deprecated])],
196 [case $with_otp_only in
197 yes) with_passwd="no"
198 AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
202 AC_ARG_WITH(alertmail, [AS_HELP_STRING([--with-alertmail], [deprecated])],
203 [case $with_alertmail in
204 *) with_mailto="$with_alertmail"
205 AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
210 dnl Options for --with
213 AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])],
215 yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
216 OSDEFS="${OSDEFS} -DSUDO_DEVEL"
221 *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
225 AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])],
227 yes) AC_MSG_ERROR(["must give --with-CC an argument."])
229 no) AC_MSG_ERROR(["illegal argument: --without-CC."])
235 AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [pass -R flag in addition to -L for lib paths])],
238 *) AC_MSG_ERROR(["--with-rpath does not take an argument."])
242 AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [pass -blibpath flag to ld for additional lib paths])],
243 [case $with_blibpath in
245 *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
250 dnl Handle BSM auditing support.
252 AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit support])],
253 [case $with_bsm_audit in
254 yes) AC_DEFINE(HAVE_BSM_AUDIT)
255 SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm"
256 SUDOERS_OBJS="${SUDOERS_OBJS} bsm_audit.lo"
259 *) AC_MSG_ERROR(["--with-bsm-audit does not take an argument."])
264 dnl Handle Linux auditing support.
266 AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux-audit], [enable Linux audit support])],
267 [case $with_linux_audit in
268 yes) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <libaudit.h>]], [[int i = AUDIT_USER_CMD; (void)i;]])], [
269 AC_DEFINE(HAVE_LINUX_AUDIT)
270 SUDO_LIBS="${SUDO_LIBS} -laudit"
271 SUDOERS_LIBS="${SUDO_LIBS} -laudit"
272 SUDOERS_OBJS="${SUDOERS_OBJS} linux_audit.lo"
274 AC_MSG_ERROR([unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit])
278 *) AC_MSG_ERROR(["--with-linux-audit does not take an argument."])
282 AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])],
283 [case $with_incpath in
284 yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
286 no) AC_MSG_ERROR(["--without-incpath not supported."])
288 *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
289 for i in ${with_incpath}; do
290 CPPFLAGS="${CPPFLAGS} -I${i}"
295 AC_ARG_WITH(libpath, [AS_HELP_STRING([--with-libpath], [additional places to look for libraries])],
296 [case $with_libpath in
297 yes) AC_MSG_ERROR(["must give --with-libpath an argument."])
299 no) AC_MSG_ERROR(["--without-libpath not supported."])
301 *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS])
305 AC_ARG_WITH(libraries, [AS_HELP_STRING([--with-libraries], [additional libraries to link with])],
306 [case $with_libraries in
307 yes) AC_MSG_ERROR(["must give --with-libraries an argument."])
309 no) AC_MSG_ERROR(["--without-libraries not supported."])
311 *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS])
315 AC_ARG_WITH(efence, [AS_HELP_STRING([--with-efence], [link with -lefence for malloc() debugging])],
316 [case $with_efence in
317 yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
318 LIBS="${LIBS} -lefence"
319 if test -f /usr/local/lib/libefence.a; then
320 with_libpath="${with_libpath} /usr/local/lib"
324 *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence])
328 AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])],
330 yes) AC_MSG_NOTICE([Adding CSOps standard options])
334 with_classic_insults=yes
335 with_csops_insults=yes
341 *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
345 AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])],
346 [case $with_passwd in
347 yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
348 AC_MSG_RESULT($with_passwd)
350 test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
352 *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
356 AC_ARG_WITH(skey, [AS_HELP_STRING([--with-skey[=DIR]], [enable S/Key support ])],
359 *) AC_DEFINE(HAVE_SKEY)
360 AC_MSG_CHECKING(whether to try S/Key authentication)
362 AUTH_REG="$AUTH_REG S/Key"
366 AC_ARG_WITH(opie, [AS_HELP_STRING([--with-opie[=DIR]], [enable OPIE support ])],
369 *) AC_DEFINE(HAVE_OPIE)
370 AC_MSG_CHECKING(whether to try NRL OPIE authentication)
372 AUTH_REG="$AUTH_REG NRL_OPIE"
376 AC_ARG_WITH(long-otp-prompt, [AS_HELP_STRING([--with-long-otp-prompt], [use a two line OTP (skey/opie) prompt])],
377 [case $with_long_otp_prompt in
378 yes) AC_DEFINE(LONG_OTP_PROMPT)
379 AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
383 no) long_otp_prompt=off
385 *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."])
389 AC_ARG_WITH(SecurID, [AS_HELP_STRING([--with-SecurID[[=DIR]]], [enable SecurID support])],
390 [case $with_SecurID in
392 *) AC_DEFINE(HAVE_SECURID)
393 AC_MSG_CHECKING(whether to use SecurID for authentication)
395 AUTH_EXCL="$AUTH_EXCL SecurID"
399 AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]]], [enable FWTK AuthSRV support])],
402 *) AC_DEFINE(HAVE_FWTK)
403 AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
405 AUTH_EXCL="$AUTH_EXCL FWTK"
409 AC_ARG_WITH(kerb4, [AS_HELP_STRING([--with-kerb4[[=DIR]]], [enable Kerberos IV support])],
412 *) AC_MSG_CHECKING(whether to try kerberos IV authentication)
414 AUTH_REG="$AUTH_REG kerb4"
418 AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])],
421 *) AC_MSG_CHECKING(whether to try Kerberos V authentication)
423 AUTH_REG="$AUTH_REG kerb5"
427 AC_ARG_WITH(aixauth, [AS_HELP_STRING([--with-aixauth], [enable AIX general authentication support])],
428 [case $with_aixauth in
429 yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
431 *) AC_MSG_ERROR(["--with-aixauth does not take an argument."])
435 AC_ARG_WITH(pam, [AS_HELP_STRING([--with-pam], [enable PAM support])],
437 yes) AUTH_EXCL="$AUTH_EXCL PAM";;
439 *) AC_MSG_ERROR(["--with-pam does not take an argument."])
443 AC_ARG_WITH(AFS, [AS_HELP_STRING([--with-AFS], [enable AFS support])],
445 yes) AC_DEFINE(HAVE_AFS)
446 AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
448 AUTH_REG="$AUTH_REG AFS"
451 *) AC_MSG_ERROR(["--with-AFS does not take an argument."])
455 AC_ARG_WITH(DCE, [AS_HELP_STRING([--with-DCE], [enable DCE support])],
457 yes) AC_DEFINE(HAVE_DCE)
458 AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
460 AUTH_REG="$AUTH_REG DCE"
463 *) AC_MSG_ERROR(["--with-DCE does not take an argument."])
467 AC_ARG_WITH(logincap, [AS_HELP_STRING([--with-logincap], [enable BSD login class support])],
468 [case $with_logincap in
470 *) AC_MSG_ERROR(["--with-logincap does not take an argument."])
474 AC_ARG_WITH(bsdauth, [AS_HELP_STRING([--with-bsdauth], [enable BSD authentication support])],
475 [case $with_bsdauth in
476 yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
478 *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
482 AC_ARG_WITH(project, [AS_HELP_STRING([--with-project], [enable Solaris project support])],
483 [case $with_project in
486 *) AC_MSG_ERROR(["--with-project does not take an argument."])
490 AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
491 AC_ARG_WITH(lecture, [AS_HELP_STRING([--without-lecture], [don't print lecture for first-time sudoer])],
492 [case $with_lecture in
493 yes|short|always) lecture=once
495 no|none|never) lecture=never
497 *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"])
500 if test "$lecture" = "once"; then
503 AC_DEFINE(NO_LECTURE)
507 AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
508 AC_ARG_WITH(logging, [AS_HELP_STRING([--with-logging], [log via syslog, file, or both])],
509 [case $with_logging in
510 yes) AC_MSG_ERROR(["must give --with-logging an argument."])
512 no) AC_MSG_ERROR(["--without-logging not supported."])
514 syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG)
515 AC_MSG_RESULT(syslog)
517 file) AC_DEFINE(LOGGING, SLOG_FILE)
520 both) AC_DEFINE(LOGGING, SLOG_BOTH)
523 *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"])
525 esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
527 AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "auth")])],
528 [case $with_logfac in
529 yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
531 no) AC_MSG_ERROR(["--without-logfac not supported."])
533 authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac
535 *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
539 AC_MSG_CHECKING(at which syslog priority to log commands)
540 AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])],
541 [case $with_goodpri in
542 yes) AC_MSG_ERROR(["must give --with-goodpri an argument."])
544 no) AC_MSG_ERROR(["--without-goodpri not supported."])
546 alert|crit|debug|emerg|err|info|notice|warning)
547 goodpri=$with_goodpri
549 *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."])
552 AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
553 AC_MSG_RESULT($goodpri)
555 AC_MSG_CHECKING(at which syslog priority to log failures)
556 AC_ARG_WITH(badpri, [AS_HELP_STRING([--with-badpri], [syslog priority for failures (def is "alert")])],
557 [case $with_badpri in
558 yes) AC_MSG_ERROR(["must give --with-badpri an argument."])
560 no) AC_MSG_ERROR(["--without-badpri not supported."])
562 alert|crit|debug|emerg|err|info|notice|warning)
565 *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
568 AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
569 AC_MSG_RESULT($badpri)
571 AC_ARG_WITH(logpath, [AS_HELP_STRING([--with-logpath], [path to the sudo log file])],
572 [case $with_logpath in
573 yes) AC_MSG_ERROR(["must give --with-logpath an argument."])
575 no) AC_MSG_ERROR(["--without-logpath not supported."])
579 AC_MSG_CHECKING(how long a line in the log file should be)
580 AC_ARG_WITH(loglen, [AS_HELP_STRING([--with-loglen], [maximum length of a log file line (default is 80)])],
581 [case $with_loglen in
582 yes) AC_MSG_ERROR(["must give --with-loglen an argument."])
584 no) AC_MSG_ERROR(["--without-loglen not supported."])
586 [[0-9]]*) loglen=$with_loglen
588 *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"])
591 AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
592 AC_MSG_RESULT($loglen)
594 AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
595 AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [ignore '.' in the PATH])],
596 [case $with_ignore_dot in
601 *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."])
604 if test "$ignore_dot" = "on"; then
605 AC_DEFINE(IGNORE_DOT_PATH)
611 AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
612 AC_ARG_WITH(mail-if-no-user, [AS_HELP_STRING([--without-mail-if-no-user], [do not send mail if user not in sudoers])],
613 [case $with_mail_if_no_user in
618 *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."])
621 if test "$mail_no_user" = "on"; then
622 AC_DEFINE(SEND_MAIL_WHEN_NO_USER)
628 AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
629 AC_ARG_WITH(mail-if-no-host, [AS_HELP_STRING([--with-mail-if-no-host], [send mail if user in sudoers but not for this host])],
630 [case $with_mail_if_no_host in
635 *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."])
638 if test "$mail_no_host" = "on"; then
639 AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
645 AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
646 AC_ARG_WITH(mail-if-noperms, [AS_HELP_STRING([--with-mail-if-noperms], [send mail if user not allowed to run command])],
647 [case $with_mail_if_noperms in
652 *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."])
655 if test "$mail_noperms" = "on"; then
656 AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
662 AC_MSG_CHECKING(who should get the mail that sudo sends)
663 AC_ARG_WITH(mailto, [AS_HELP_STRING([--with-mailto], [who should get sudo mail (default is "root")])],
664 [case $with_mailto in
665 yes) AC_MSG_ERROR(["must give --with-mailto an argument."])
667 no) AC_MSG_ERROR(["--without-mailto not supported."])
669 *) mailto=$with_mailto
672 AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
673 AC_MSG_RESULT([$mailto])
675 AC_ARG_WITH(mailsubject, [AS_HELP_STRING([--with-mailsubject], [subject of sudo mail])],
676 [case $with_mailsubject in
677 yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."])
679 no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.])
681 *) mailsub="$with_mailsubject"
682 AC_MSG_CHECKING(sudo mail subject)
683 AC_MSG_RESULT([Using alert mail subject: $mailsub])
686 AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
688 AC_MSG_CHECKING(for bad password prompt)
689 AC_ARG_WITH(passprompt, [AS_HELP_STRING([--with-passprompt], [default password prompt])],
690 [case $with_passprompt in
691 yes) AC_MSG_ERROR(["must give --with-passprompt an argument."])
693 no) AC_MSG_WARN([Sorry, --without-passprompt not supported.])
695 *) passprompt="$with_passprompt"
697 AC_MSG_RESULT($passprompt)
698 AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
700 AC_MSG_CHECKING(for bad password message)
701 AC_ARG_WITH(badpass-message, [AS_HELP_STRING([--with-badpass-message], [message the user sees when the password is wrong])],
702 [case $with_badpass_message in
703 yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
705 no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.])
707 *) badpass_message="$with_badpass_message"
710 AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
711 AC_MSG_RESULT([$badpass_message])
713 AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
714 AC_ARG_WITH(fqdn, [AS_HELP_STRING([--with-fqdn], [expect fully qualified hosts in sudoers])],
720 *) AC_MSG_ERROR(["--with-fqdn does not take an argument."])
723 if test "$fqdn" = "on"; then
730 AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir], [path to the sudo timestamp dir])],
731 [case $with_timedir in
732 yes) AC_MSG_ERROR(["must give --with-timedir an argument."])
734 no) AC_MSG_ERROR(["--without-timedir not supported."])
738 AC_ARG_WITH(iologdir, [AS_HELP_STRING([--with-iologdir=DIR], [directory to store sudo I/O log files in])],
739 [case $with_iologdir in
741 no) AC_MSG_ERROR(["--without-iologdir not supported."])
745 AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail])
746 AS_HELP_STRING([--without-sendmail], [do not send mail at all])],
747 [case $with_sendmail in
748 yes) with_sendmail=""
751 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
755 AC_ARG_WITH(sudoers-mode, [AS_HELP_STRING([--with-sudoers-mode], [mode of sudoers file (defaults to 0440)])],
756 [case $with_sudoers_mode in
757 yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
759 no) AC_MSG_ERROR(["--without-sudoers-mode not supported."])
761 [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode}
763 0*) SUDOERS_MODE=$with_sudoers_mode
765 *) AC_MSG_ERROR(["you must use an octal mode, not a name."])
769 AC_ARG_WITH(sudoers-uid, [AS_HELP_STRING([--with-sudoers-uid], [uid that owns sudoers file (defaults to 0)])],
770 [case $with_sudoers_uid in
771 yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
773 no) AC_MSG_ERROR(["--without-sudoers-uid not supported."])
775 [[0-9]]*) SUDOERS_UID=$with_sudoers_uid
777 *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."])
781 AC_ARG_WITH(sudoers-gid, [AS_HELP_STRING([--with-sudoers-gid], [gid that owns sudoers file (defaults to 0)])],
782 [case $with_sudoers_gid in
783 yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
785 no) AC_MSG_ERROR(["--without-sudoers-gid not supported."])
787 [[0-9]]*) SUDOERS_GID=$with_sudoers_gid
789 *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."])
793 AC_MSG_CHECKING(for umask programs should be run with)
794 AC_ARG_WITH(umask, [AS_HELP_STRING([--with-umask], [umask with which the prog should run (default is 022)])
795 AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo.])],
797 yes) AC_MSG_ERROR(["must give --with-umask an argument."])
801 [[0-9]]*) sudo_umask=$with_umask
803 *) AC_MSG_ERROR(["you must enter a numeric mask."])
806 AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the sudo-run prog should use.])
807 if test "$sudo_umask" = "0777"; then
810 AC_MSG_RESULT($sudo_umask)
813 AC_ARG_WITH(umask-override, [AS_HELP_STRING([--with-umask-override], [Use the umask specified in sudoers even if it is less restrictive than the user's.])],
814 [case $with_umask_override in
815 yes) AC_DEFINE(UMASK_OVERRIDE)
818 no) umask_override=off
820 *) AC_MSG_ERROR(["--with-umask-override does not take an argument."])
824 AC_MSG_CHECKING(for default user to run commands as)
825 AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])],
826 [case $with_runas_default in
827 yes) AC_MSG_ERROR(["must give --with-runas-default an argument."])
829 no) AC_MSG_ERROR(["--without-runas-default not supported."])
831 *) runas_default="$with_runas_default"
834 AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
835 AC_MSG_RESULT([$runas_default])
837 AC_ARG_WITH(exempt, [AS_HELP_STRING([--with-exempt=group], [no passwd needed for users in this group])],
838 [case $with_exempt in
839 yes) AC_MSG_ERROR(["must give --with-exempt an argument."])
841 no) AC_MSG_ERROR(["--without-exempt not supported."])
843 *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
844 AC_MSG_CHECKING(for group to be exempt from password)
845 AC_MSG_RESULT([$with_exempt])
849 AC_MSG_CHECKING(for editor that visudo should use)
850 AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for visudo (defaults to vi)])],
851 [case $with_editor in
852 yes) AC_MSG_ERROR(["must give --with-editor an argument."])
854 no) AC_MSG_ERROR(["--without-editor not supported."])
856 *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
857 AC_MSG_RESULT([$with_editor])
858 editor="$with_editor"
860 esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
862 AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
863 AC_ARG_WITH(env-editor, [AS_HELP_STRING([--with-env-editor], [Use the environment variable EDITOR for visudo])],
864 [case $with_env_editor in
869 *) AC_MSG_ERROR(["--with-env-editor does not take an argument."])
872 if test "$env_editor" = "on"; then
873 AC_DEFINE(ENV_EDITOR)
879 AC_MSG_CHECKING(number of tries a user gets to enter their password)
880 AC_ARG_WITH(passwd-tries, [AS_HELP_STRING([--with-passwd-tries], [number of tries to enter password (default is 3)])],
881 [case $with_passwd_tries in
883 no) AC_MSG_ERROR(["--without-editor not supported."])
885 [[1-9]]*) passwd_tries=$with_passwd_tries
887 *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"])
890 AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
891 AC_MSG_RESULT($passwd_tries)
893 AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
894 AC_ARG_WITH(timeout, [AS_HELP_STRING([--with-timeout], [minutes before sudo asks for passwd again (def is 5 minutes)])],
895 [case $with_timeout in
899 [[0-9]]*) timeout=$with_timeout
901 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
904 AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
905 AC_MSG_RESULT($timeout)
907 AC_MSG_CHECKING(time in minutes after the password prompt will time out)
908 AC_ARG_WITH(password-timeout, [AS_HELP_STRING([--with-password-timeout], [passwd prompt timeout in minutes (default is 5 minutes)])],
909 [case $with_password_timeout in
911 no) password_timeout=0
913 [[0-9]]*) password_timeout=$with_password_timeout
915 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
918 AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
919 AC_MSG_RESULT($password_timeout)
921 AC_MSG_CHECKING(whether to use per-tty ticket files)
922 AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different ticket file for each tty])],
923 [case $with_tty_tickets in
928 *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
931 if test "$tty_tickets" = "off"; then
932 AC_DEFINE(NO_TTY_TICKETS)
938 AC_MSG_CHECKING(whether to include insults)
939 AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for entering an incorrect password])],
940 [case $with_insults in
942 with_classic_insults=yes
943 with_csops_insults=yes
945 disabled) insults=off
946 with_classic_insults=yes
947 with_csops_insults=yes
951 *) AC_MSG_ERROR(["--with-insults does not take an argument."])
954 if test "$insults" = "on"; then
955 AC_DEFINE(USE_INSULTS)
961 AC_ARG_WITH(all-insults, [AS_HELP_STRING([--with-all-insults], [include all the sudo insult sets])],
962 [case $with_all_insults in
963 yes) with_classic_insults=yes
964 with_csops_insults=yes
966 with_goons_insults=yes
969 *) AC_MSG_ERROR(["--with-all-insults does not take an argument."])
973 AC_ARG_WITH(classic-insults, [AS_HELP_STRING([--with-classic-insults], [include the insults from the "classic" sudo])],
974 [case $with_classic_insults in
975 yes) AC_DEFINE(CLASSIC_INSULTS)
978 *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."])
982 AC_ARG_WITH(csops-insults, [AS_HELP_STRING([--with-csops-insults], [include CSOps insults])],
983 [case $with_csops_insults in
984 yes) AC_DEFINE(CSOPS_INSULTS)
987 *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."])
991 AC_ARG_WITH(hal-insults, [AS_HELP_STRING([--with-hal-insults], [include 2001-like insults])],
992 [case $with_hal_insults in
993 yes) AC_DEFINE(HAL_INSULTS)
996 *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."])
1000 AC_ARG_WITH(goons-insults, [AS_HELP_STRING([--with-goons-insults], [include the insults from the "Goon Show"])],
1001 [case $with_goons_insults in
1002 yes) AC_DEFINE(GOONS_INSULTS)
1005 *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."])
1009 AC_ARG_WITH(nsswitch, [AS_HELP_STRING([--with-nsswitch[[=PATH]]], [path to nsswitch.conf])],
1010 [case $with_nsswitch in
1012 yes) with_nsswitch="/etc/nsswitch.conf"
1017 AC_ARG_WITH(ldap, [AS_HELP_STRING([--with-ldap[[=DIR]]], [enable LDAP support])],
1020 *) AC_DEFINE(HAVE_LDAP)
1021 AC_MSG_CHECKING(whether to use sudoers from LDAP)
1026 AC_ARG_WITH(ldap-conf-file, [AS_HELP_STRING([--with-ldap-conf-file], [path to LDAP configuration file])])
1027 test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file"
1028 SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$ldap_conf", [Path to the ldap.conf file])
1030 AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path to LDAP secret password file])])
1031 test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file"
1032 SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file])
1034 AC_ARG_WITH(pc-insults, [AS_HELP_STRING([--with-pc-insults], [replace politically incorrect insults with less offensive ones])],
1035 [case $with_pc_insults in
1036 yes) AC_DEFINE(PC_INSULTS)
1039 *) AC_MSG_ERROR(["--with-pc-insults does not take an argument."])
1043 dnl include all insult sets on one line
1044 if test "$insults" = "on"; then
1045 AC_MSG_CHECKING(which insult sets to include)
1047 test "$with_goons_insults" = "yes" && i="goons ${i}"
1048 test "$with_hal_insults" = "yes" && i="hal ${i}"
1049 test "$with_csops_insults" = "yes" && i="csops ${i}"
1050 test "$with_classic_insults" = "yes" && i="classic ${i}"
1054 AC_MSG_CHECKING(whether to override the user's path)
1055 AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])],
1056 [case $with_secure_path in
1057 yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc"
1058 AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
1059 AC_MSG_RESULT([$with_secure_path])
1060 secure_path="set to $with_secure_path"
1062 no) AC_MSG_RESULT(no)
1064 *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
1065 AC_MSG_RESULT([$with_secure_path])
1066 secure_path="set to F<$with_secure_path>"
1068 esac], AC_MSG_RESULT(no))
1070 AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
1071 AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-interfaces], [don't try to read the ip addr of ether interfaces])],
1072 [case $with_interfaces in
1073 yes) AC_MSG_RESULT(yes)
1075 no) AC_DEFINE(STUB_LOAD_INTERFACES)
1078 *) AC_MSG_ERROR(["--with-interfaces does not take an argument."])
1080 esac], AC_MSG_RESULT(yes))
1082 AC_MSG_CHECKING(whether stow should be used)
1083 AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [properly handle GNU stow packaging])],
1085 yes) AC_MSG_RESULT(yes)
1088 no) AC_MSG_RESULT(no)
1090 *) AC_MSG_ERROR(["--with-stow does not take an argument."])
1092 esac], AC_MSG_RESULT(no))
1094 AC_MSG_CHECKING(whether to use an askpass helper)
1095 AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])],
1096 [case $with_askpass in
1097 yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."])
1100 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass])
1102 esac], AC_MSG_RESULT(no))
1104 AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir], [set directory to load plugins from])],
1105 [case $with_plugindir in
1106 no) AC_MSG_ERROR(["illegal argument: --without-plugindir."])
1109 esac], [with_plugindir="$libexecdir"])
1112 dnl Options for --enable
1115 AC_MSG_CHECKING(whether to do user authentication by default)
1116 AC_ARG_ENABLE(authentication,
1117 [AS_HELP_STRING([--disable-authentication], [Do not require authentication by default])],
1118 [ case "$enableval" in
1119 yes) AC_MSG_RESULT(yes)
1121 no) AC_MSG_RESULT(no)
1122 AC_DEFINE(NO_AUTHENTICATION)
1124 *) AC_MSG_RESULT(no)
1125 AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval])
1128 ], AC_MSG_RESULT(yes))
1130 AC_MSG_CHECKING(whether to disable running the mailer as root)
1131 AC_ARG_ENABLE(root-mailer,
1132 [AS_HELP_STRING([--disable-root-mailer], [Don't run the mailer as root, run as the user])],
1133 [ case "$enableval" in
1134 yes) AC_MSG_RESULT(no)
1136 no) AC_MSG_RESULT(yes)
1137 AC_DEFINE(NO_ROOT_MAILER)
1139 *) AC_MSG_RESULT(no)
1140 AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval])
1143 ], AC_MSG_RESULT(no))
1145 AC_ARG_ENABLE(setreuid,
1146 [AS_HELP_STRING([--disable-setreuid], [Don't try to use the setreuid() function])],
1147 [ case "$enableval" in
1148 no) SKIP_SETREUID=yes
1154 AC_ARG_ENABLE(setresuid,
1155 [AS_HELP_STRING([--disable-setresuid], [Don't try to use the setresuid() function])],
1156 [ case "$enableval" in
1157 no) SKIP_SETRESUID=yes
1163 AC_MSG_CHECKING(whether to disable shadow password support)
1164 AC_ARG_ENABLE(shadow,
1165 [AS_HELP_STRING([--disable-shadow], [Never use shadow passwords])],
1166 [ case "$enableval" in
1167 yes) AC_MSG_RESULT(no)
1169 no) AC_MSG_RESULT(yes)
1172 *) AC_MSG_RESULT(no)
1173 AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval])
1176 ], AC_MSG_RESULT(no))
1178 AC_MSG_CHECKING(whether root should be allowed to use sudo)
1179 AC_ARG_ENABLE(root-sudo,
1180 [AS_HELP_STRING([--disable-root-sudo], [Don't allow root to run sudo])],
1181 [ case "$enableval" in
1182 yes) AC_MSG_RESULT(yes)
1184 no) AC_DEFINE(NO_ROOT_SUDO)
1188 *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."])
1191 ], AC_MSG_RESULT(yes))
1193 AC_MSG_CHECKING(whether to log the hostname in the log file)
1194 AC_ARG_ENABLE(log-host,
1195 [AS_HELP_STRING([--enable-log-host], [Log the hostname in the log file])],
1196 [ case "$enableval" in
1197 yes) AC_MSG_RESULT(yes)
1198 AC_DEFINE(HOST_IN_LOG)
1200 no) AC_MSG_RESULT(no)
1202 *) AC_MSG_RESULT(no)
1203 AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval])
1206 ], AC_MSG_RESULT(no))
1208 AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
1209 AC_ARG_ENABLE(noargs-shell,
1210 [AS_HELP_STRING([--enable-noargs-shell], [If sudo is given no arguments run a shell])],
1211 [ case "$enableval" in
1212 yes) AC_MSG_RESULT(yes)
1213 AC_DEFINE(SHELL_IF_NO_ARGS)
1215 no) AC_MSG_RESULT(no)
1217 *) AC_MSG_RESULT(no)
1218 AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval])
1221 ], AC_MSG_RESULT(no))
1223 AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
1224 AC_ARG_ENABLE(shell-sets-home,
1225 [AS_HELP_STRING([--enable-shell-sets-home], [Set $HOME to target user in shell mode])],
1226 [ case "$enableval" in
1227 yes) AC_MSG_RESULT(yes)
1228 AC_DEFINE(SHELL_SETS_HOME)
1230 no) AC_MSG_RESULT(no)
1232 *) AC_MSG_RESULT(no)
1233 AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval])
1236 ], AC_MSG_RESULT(no))
1238 AC_MSG_CHECKING(whether to disable 'command not found' messages)
1239 AC_ARG_ENABLE(path_info,
1240 [AS_HELP_STRING([--disable-path-info], [Print 'command not allowed' not 'command not found'])],
1241 [ case "$enableval" in
1242 yes) AC_MSG_RESULT(no)
1244 no) AC_MSG_RESULT(yes)
1245 AC_DEFINE(DONT_LEAK_PATH_INFO)
1248 *) AC_MSG_RESULT(no)
1249 AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval])
1252 ], AC_MSG_RESULT(no))
1254 AC_MSG_CHECKING(whether to enable environment debugging)
1255 AC_ARG_ENABLE(env_debug,
1256 [AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])],
1257 [ case "$enableval" in
1258 yes) AC_MSG_RESULT(yes)
1259 AC_DEFINE(ENV_DEBUG)
1261 no) AC_MSG_RESULT(no)
1263 *) AC_MSG_RESULT(no)
1264 AC_MSG_WARN([Ignoring unknown argument to --enable-env-debug: $enableval])
1267 ], AC_MSG_RESULT(no))
1270 [AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])],
1271 [], [enable_zlib=yes])
1273 AC_MSG_CHECKING(whether to enable environment resetting by default)
1274 AC_ARG_ENABLE(env_reset,
1275 [AS_HELP_STRING([--enable-env-reset], [Whether to enable environment resetting by default.])],
1276 [ case "$enableval" in
1282 AC_MSG_WARN([Ignoring unknown argument to --enable-env-reset: $enableval])
1286 if test "$env_reset" = "on"; then
1288 AC_DEFINE(ENV_RESET, TRUE)
1291 AC_DEFINE(ENV_RESET, FALSE)
1294 AC_ARG_ENABLE(warnings,
1295 [AS_HELP_STRING([--enable-warnings], [Whether to enable compiler warnings])],
1296 [ case "$enableval" in
1297 yes) if test X"$with_devel" != X"yes" -a -n "$GCC"; then
1298 CFLAGS="${CFLAGS} -Wall"
1302 *) AC_MSG_WARN([Ignoring unknown argument to --enable-warnings: $enableval])
1307 AC_ARG_ENABLE(admin-flag,
1308 [AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])],
1309 [ case "$enableval" in
1310 yes) AC_DEFINE(USE_ADMIN_FLAG)
1313 *) AC_MSG_WARN([Ignoring unknown argument to --enable-admin-flag: $enableval])
1319 [AS_HELP_STRING([--disable-nls], [Disable natural language support using gettext])],
1320 [], [enable_nls=yes])
1322 AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])],
1323 [case $with_selinux in
1324 yes) SELINUX_USAGE="[[-r role]] [[-t type]] "
1325 AC_DEFINE(HAVE_SELINUX)
1326 SUDO_LIBS="${SUDO_LIBS} -lselinux"
1327 SUDO_OBJS="${SUDO_OBJS} selinux.o"
1328 PROGS="${PROGS} sesh"
1330 AC_CHECK_LIB([selinux], [setkeycreatecon],
1331 [AC_DEFINE(HAVE_SETKEYCREATECON)])
1334 *) AC_MSG_ERROR(["--with-selinux does not take an argument."])
1339 dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default
1341 AC_ARG_ENABLE(gss_krb5_ccache_name,
1342 [AS_HELP_STRING([--enable-gss-krb5-ccache-name], [Use GSS-API to set the Kerberos V cred cache name])],
1343 [check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no])
1346 dnl C compiler checks
1348 AC_SEARCH_LIBS([strerror], [cposix])
1350 AC_CHECK_TOOL(AR, ar, false)
1351 AC_CHECK_TOOL(RANLIB, ranlib, :)
1352 if test X"$AR" = X"false"; then
1353 AC_MSG_ERROR([the "ar" utility is required to build sudo])
1356 if test "x$ac_cv_prog_cc_c89" = "xno"; then
1357 AC_MSG_ERROR([Sudo version $PACKAGE_VERSION requires an ANSI C compiler to build.])
1361 dnl Libtool setup, we require libtool 2.2.6b or higher
1364 AC_CONFIG_MACRO_DIR([m4])
1369 dnl Defer with_noexec until after libtool magic runs
1371 if test "$enable_shared" = "no"; then
1377 eval _shrext="$shrext_cmds"
1378 # Darwin uses .dylib for libraries but .so for modules
1379 if test X"$_shrext" = X".dylib"; then
1385 AC_MSG_CHECKING(path to sudo_noexec.so)
1386 AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])],
1387 [case $with_noexec in
1388 yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
1392 esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
1393 AC_MSG_RESULT($with_noexec)
1394 NOEXECFILE="sudo_noexec$_shrext"
1395 NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
1398 dnl It is now safe to modify CFLAGS and CPPFLAGS
1400 if test X"$with_devel" = X"yes" -a -n "$GCC"; then
1401 CFLAGS="${CFLAGS} -Wall"
1405 dnl Find programs we use
1407 AC_CHECK_PROG(UNAMEPROG, [uname], [uname])
1408 AC_CHECK_PROG(TRPROG, [tr], [tr])
1409 AC_CHECK_PROGS(NROFFPROG, [nroff mandoc])
1410 if test -n "$NROFFPROG"; then
1411 AC_CACHE_CHECK([whether $NROFFPROG supports the -c option],
1412 [sudo_cv_var_nroff_opt_c],
1413 [if $NROFFPROG -c </dev/null >/dev/null 2>&1; then
1414 sudo_cv_var_nroff_opt_c=yes
1416 sudo_cv_var_nroff_opt_c=no
1419 if test "$sudo_cv_var_nroff_opt_c" = "yes"; then
1420 NROFFPROG="$NROFFPROG -c"
1422 AC_CACHE_CHECK([whether $NROFFPROG supports the -Tascii option],
1423 [sudo_cv_var_nroff_opt_Tascii],
1424 [if $NROFFPROG -Tascii </dev/null >/dev/null 2>&1; then
1425 sudo_cv_var_nroff_opt_Tascii=yes
1427 sudo_cv_var_nroff_opt_Tascii=no
1429 if test "$sudo_cv_var_nroff_opt_Tascii" = "yes"; then
1430 NROFFPROG="$NROFFPROG -Tascii"
1435 mansrcdir='$(srcdir)'
1439 dnl What kind of beastie are we being run on?
1440 dnl Barf if config.cache was generated on another host.
1442 if test -n "$sudo_cv_prev_host"; then
1443 if test "$sudo_cv_prev_host" != "$host"; then
1444 AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
1446 AC_MSG_CHECKING(previous host type)
1447 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1448 AC_MSG_RESULT([$sudo_cv_prev_host])
1451 # this will produce no output since there is no cached value
1452 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1456 dnl We want to be able to differentiate between different rev's
1458 if test -n "$host_os"; then
1459 OS=`echo $host_os | sed 's/[[0-9]].*//'`
1460 OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'`
1461 OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
1470 # getcwd(3) opens a pipe to getpwd(1)!?!
1473 # system headers lack prototypes but gcc helps...
1474 if test -n "$GCC"; then
1475 OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
1478 shadow_funcs="getpwanam issecure"
1481 # To get the crypt(3) prototype (so we pass -Wall)
1482 OSDEFS="${OSDEFS} -D__EXTENSIONS__"
1483 # AFS support needs -lucb
1484 if test "$with_AFS" = "yes"; then
1485 AFS_LIBS="-lc -lucb"
1488 : ${mansectform='4'}
1489 : ${with_rpath='yes'}
1490 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1491 AC_CHECK_FUNCS(priv_set)
1494 # To get all prototypes (so we pass -Wall)
1495 OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT"
1496 SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
1497 if test X"$with_blibpath" != X"no"; then
1498 AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
1499 O_LDFLAGS="$LDFLAGS"
1500 LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
1501 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [
1502 if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
1503 blibpath="$with_blibpath"
1504 elif test -n "$GCC"; then
1505 blibpath="/usr/lib:/lib:/usr/local/lib"
1507 blibpath="/usr/lib:/lib"
1510 ], [AC_MSG_RESULT(no)])
1512 LDFLAGS="$O_LDFLAGS"
1514 # Use authenticate(3) as the default authentication method
1515 if test X"$with_aixauth" = X""; then
1516 AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
1519 # AIX analog of nsswitch.conf, enabled by default
1520 AC_ARG_WITH(netsvc, [AS_HELP_STRING([--with-netsvc[[=PATH]]], [path to netsvc.conf])],
1521 [case $with_netsvc in
1523 yes) with_netsvc="/etc/netsvc.conf"
1527 if test -z "$with_nsswitch" -a -z "$with_netsvc"; then
1528 with_netsvc="/etc/netsvc.conf"
1531 # For implementing getgrouplist()
1532 AC_CHECK_FUNCS(getgrset)
1534 # LDR_PRELOAD is supported in AIX 5.3 and later
1536 [1-4].*) with_noexec=no ;;
1539 # AIX-specific functions
1540 AC_CHECK_FUNCS(getuserattr setauthdb)
1541 COMMON_OBJS="$COMMON_OBJS aix.lo"
1545 : ${mansectform='4'}
1548 # AFS support needs -lBSD
1549 if test "$with_AFS" = "yes"; then
1550 AFS_LIBS="-lc -lBSD"
1553 : ${mansectform='4'}
1555 # The HP bundled compiler cannot generate shared libs
1556 if test -z "$GCC"; then
1557 AC_CACHE_CHECK([for HP bundled C compiler],
1558 [sudo_cv_var_hpccbundled],
1559 [if $CC -V 2>&1 | grep '^(Bundled)' >/dev/null 2>&1; then
1560 sudo_cv_var_hpccbundled=yes
1562 sudo_cv_var_hpccbundled=no
1565 if test "$sudo_cv_var_hpccbundled" = "yes"; then
1566 AC_MSG_ERROR([The HP bundled C compiler is unable to build Sudo, you must use gcc or the HP ANSI C compiler instead.])
1570 # Build PA-RISC1.1 objects for better portability
1574 if test -n "$GCC"; then
1575 portable_flag="-march=1.1"
1577 portable_flag="+DAportable"
1579 CFLAGS="$CFLAGS $portable_flag"
1580 AC_CACHE_CHECK([whether $CC understands $portable_flag],
1581 [sudo_cv_var_daportable],
1583 [AC_LANG_PROGRAM([[]], [[]])],
1584 [sudo_cv_var_daportable=yes],
1585 [sudo_cv_var_daportable=no]
1589 if test X"$sudo_cv_var_daportable" != X"yes"; then
1597 AC_DEFINE(BROKEN_SYSLOG)
1600 AC_DEFINE(BROKEN_SYSLOG)
1602 shadow_funcs="getspwuid"
1604 # DCE support (requires ANSI C compiler)
1605 if test "$with_DCE" = "yes"; then
1606 # order of libs in 9.X is important. -lc_r must be last
1607 SUDOERS_LIBS="${SUDOERS_LIBS} -ldce -lM -lc_r"
1608 LIBS="${LIBS} -ldce -lM -lc_r"
1609 CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
1613 shadow_funcs="getprpwnam iscomsec"
1615 # HP-UX 10.20 libc has an incompatible getline
1616 ac_cv_func_getline="no"
1619 shadow_funcs="getspnam iscomsec"
1621 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1626 # ignore envariables wrt dynamic lib path
1627 SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-no_library_replacement"
1629 : ${CHECKSIA='true'}
1630 AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
1632 [AS_HELP_STRING([--disable-sia], [Disable SIA on Digital UNIX])],
1633 [ case "$enableval" in
1634 yes) AC_MSG_RESULT(no)
1637 no) AC_MSG_RESULT(yes)
1640 *) AC_MSG_RESULT(no)
1641 AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval])
1644 ], AC_MSG_RESULT(no))
1646 shadow_funcs="getprpwnam dispcrypt"
1647 # OSF/1 4.x and higher need -ldb too
1648 if test $OSMAJOR -lt 4; then
1649 shadow_libs="-lsecurity -laud -lm"
1651 shadow_libs="-lsecurity -ldb -laud -lm"
1654 # use SIA by default, if we have it
1655 test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
1658 # Some versions of Digital Unix ship with a broken
1659 # copy of prot.h, which we need for shadow passwords.
1660 # XXX - make should remove this as part of distclean
1662 AC_MSG_CHECKING([for broken prot.h])
1663 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1664 #include <sys/types.h>
1665 #include <sys/security.h>
1667 ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
1668 sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
1671 : ${mansectform='4'}
1674 OSDEFS="${OSDEFS} -D_BSD_TYPES"
1675 if test -z "$NROFFPROG"; then
1676 MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
1677 if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
1678 if test -d /usr/share/catman/local; then
1679 mandir="/usr/share/catman/local"
1681 mandir="/usr/catman/local"
1685 if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
1686 if test -d "/usr/share/man/local"; then
1687 mandir="/usr/share/man/local"
1689 mandir="/usr/man/local"
1693 # IRIX <= 4 needs -lsun
1694 if test "$OSMAJOR" -le 4; then
1695 AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
1698 : ${mansectform='4'}
1700 *-*-linux*|*-*-k*bsd*-gnu)
1701 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1702 # Some Linux versions need to link with -lshadow
1703 shadow_funcs="getspnam"
1704 shadow_libs_optional="-lshadow"
1705 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1708 OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
1709 if test -z "$GCC"; then
1710 CFLAGS="${CFLAGS} -D__STDC__"
1713 shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
1714 shadow_funcs="getprpwnam"
1715 shadow_libs="-lprot"
1719 shadow_funcs="getauthuid"
1720 shadow_libs="-lauth"
1723 LIBS="${LIBS} -lsun -lbsd"
1724 CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
1725 OSDEFS="${OSDEFS} -D_MIPS"
1727 : ${mansectform='4'}
1730 OSDEFS="${OSDEFS} -D_ISC"
1732 SUDOERS_LIBS="${SUDOERS_LIBS} -lcrypt"
1734 shadow_funcs="getspnam"
1738 : ${mansectform='4'}
1741 shadow_funcs="getprpwnam"
1742 shadow_libs="-lprot -lx"
1744 : ${mansectform='4'}
1746 m88k-motorola-sysv*)
1747 # motorolla's cc (a variant of gcc) does -O but not -O2
1748 CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
1750 : ${mansectform='4'}
1753 shadow_funcs="getspnam"
1756 : ${mansectform='4'}
1757 : ${with_rpath='yes'}
1759 *-ncr-sysv4*|*-ncr-sysvr4*)
1760 AC_CHECK_LIB(c89, strcasecmp, [LIBS="${LIBS} -lc89"])
1762 : ${mansectform='4'}
1763 : ${with_rpath='yes'}
1765 *-ccur-sysv4*|*-ccur-sysvr4*)
1766 LIBS="${LIBS} -lgen"
1768 : ${mansectform='4'}
1769 : ${with_rpath='yes'}
1773 # Use shlicc for BSD/OS [23].x unless asked to do otherwise
1774 if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then
1776 2|3) AC_MSG_NOTICE([using shlicc as CC])
1777 ac_cv_prog_CC=shlicc
1782 # Check for newer BSD auth API (just check for >= 3.0?)
1783 if test -z "$with_bsdauth"; then
1784 AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
1788 # FreeBSD has a real setreuid(2) starting with 2.1 and
1789 # backported to 2.0.5. We just take 2.1 and above...
1795 if test "${with_skey-'no'}" = "yes"; then
1796 SUDOERS_LIBS="${SUDOERS_LIBS} -lmd"
1799 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1800 : ${with_logincap='maybe'}
1803 # OpenBSD has a real setreuid(2) starting with 3.3 but
1804 # we will use setreuid(2) instead.
1807 # OpenBSD >= 3.0 supports BSD auth
1808 if test -z "$with_bsdauth"; then
1813 AUTH_EXCL_DEF="BSD_AUTH"
1817 : ${with_logincap='maybe'}
1820 # NetBSD has a real setreuid(2) starting with 1.3.2
1822 0.9*|1.[012]*|1.3|1.3.1)
1827 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1828 : ${with_logincap='maybe'}
1831 if test "${with_skey-'no'}" = "yes"; then
1832 SUDOERS_LIBS="${SUDOERS_LIBS} -lmd"
1835 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1836 : ${with_logincap='yes'}
1842 # Darwin has a real setreuid(2) starting with 9.0
1843 if test $OSMAJOR -lt 9; then
1847 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1848 : ${with_logincap='yes'}
1851 # lockf() on is broken on the NeXT -- use flock instead
1853 ac_cv_func_flock=yes
1857 : ${mansectform='4'}
1858 : ${with_rpath='yes'}
1862 : ${mansectform='4'}
1865 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1870 dnl Check for mixing mutually exclusive and regular auth methods
1872 AUTH_REG=${AUTH_REG# }
1873 AUTH_EXCL=${AUTH_EXCL# }
1874 if test -n "$AUTH_EXCL"; then
1876 if test $# != 1; then
1877 AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL])
1879 if test -n "$AUTH_REG"; then
1880 AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
1884 dnl Only one of S/Key and OPIE may be specified
1886 if test X"${with_skey}${with_opie}" = X"yesyes"; then
1887 AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
1891 dnl Use BSD-style man sections by default
1894 : ${mansectform='5'}
1897 dnl Add in any libpaths or libraries specified via configure
1899 if test -n "$with_libpath"; then
1900 for i in ${with_libpath}; do
1901 SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
1904 if test -n "$with_libraries"; then
1905 for i in ${with_libraries}; do
1917 dnl C compiler checks (to be done after os checks)
1919 AC_PROG_GCC_TRADITIONAL
1922 if test X"$with_gnu_ld" != "yes" -a -n "$GCC"; then
1924 CFLAGS="$CFLAGS -static-libgcc"
1925 AC_CACHE_CHECK([whether $CC understands -static-libgcc],
1926 [sudo_cv_var_gcc_static_libgcc],
1928 [AC_LANG_PROGRAM([[]], [[]])],
1929 [sudo_cv_var_gcc_static_libgcc=yes],
1930 [sudo_cv_var_gcc_static_libgcc=no]
1935 if test "$sudo_cv_var_gcc_static_libgcc" = "yes"; then
1936 LTLDFLAGS="$LTLDFLAGS -Wc,-static-libgcc"
1943 AC_PATH_PROG([FLEX], [flex], [flex])
1946 if test -z "$with_sendmail"; then
1951 dnl Check for authpriv support in syslog
1953 AC_MSG_CHECKING(which syslog facility sudo should log with)
1954 if test X"$with_logfac" = X""; then
1955 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <syslog.h>]], [[int i = LOG_AUTHPRIV; (void)i;]])], [logfac=authpriv])
1957 AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
1958 AC_MSG_RESULT($logfac)
1960 dnl Header file checks
1965 AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h utmpx.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h)
1967 dnl Check for large file support. HP-UX 11.23 has a broken sys/type.h
1968 dnl when large files support is enabled so work around it.
1973 AC_CACHE_CHECK([whether sys/types.h needs _XOPEN_SOURCE_EXTENDED], [sudo_cv_xopen_source_extended],
1974 [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT
1975 #include <sys/socket.h>], [])], [sudo_cv_xopen_source_extended=no], [
1976 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#define _XOPEN_SOURCE_EXTENDED
1978 #include <sys/socket.h>], [])], [sudo_cv_xopen_source_extended=yes],
1979 [sudo_cv_xopen_source_extended=error])
1981 if test "$sudo_cv_xopen_source_extended" = "yes"; then
1982 OSDEFS="${OSDEFS} -D_XOPEN_SOURCE_EXTENDED"
1983 SUDO_DEFINE(_XOPEN_SOURCE_EXTENDED)
1987 AC_SYS_POSIX_TERMIOS
1988 if test "$ac_cv_sys_posix_termios" != "yes"; then
1989 AC_MSG_ERROR([Must have POSIX termios to build sudo])
1992 if test ${with_logincap-'no'} != "no"; then
1993 AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1
1996 SUDO_LIBS="${SUDO_LIBS} -lutil"
1997 SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
2002 if test ${with_project-'no'} != "no"; then
2003 AC_CHECK_HEADER(project.h, [
2004 AC_CHECK_LIB(project, setproject, [
2005 AC_DEFINE(HAVE_PROJECT_H)
2006 SUDO_LIBS="${SUDO_LIBS} -lproject"
2015 AC_CHECK_TYPE([__signed char], [], [AC_CHECK_TYPE([signed char], [AC_DEFINE(__signed, signed)], [AC_DEFINE(__signed, [])])])
2016 AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
2017 #include <signal.h>])
2018 AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include <sys/types.h>
2019 #include <signal.h>])
2020 AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include <sys/types.h>
2021 #if TIME_WITH_SYS_TIME
2022 # include <sys/time.h>
2025 AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include <sys/types.h>
2026 #include <netinet/in.h>])
2027 AC_TYPE_LONG_LONG_INT
2028 AC_CHECK_SIZEOF([long int])
2036 dnl Check for utmp/utmpx struct members.
2037 dnl We need to include OSDEFS for glibc which only has __e_termination
2038 dnl visible when _GNU_SOURCE is *not* defined.
2041 CFLAGS="$CFLAGS $OSDEFS"
2042 if test $ac_cv_header_utmpx_h = "yes"; then
2043 AC_CHECK_MEMBERS([struct utmpx.ut_id, struct utmpx.ut_pid, struct utmpx.ut_tv, struct utmpx.ut_type], [], [], [
2044 #include <sys/types.h>
2048 dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination
2050 AC_CHECK_MEMBERS([struct utmpx.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [
2051 AC_CHECK_MEMBERS([struct utmpx.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [], [
2052 #include <sys/types.h>
2056 #include <sys/types.h>
2060 AC_CHECK_MEMBERS([struct utmp.ut_id, struct utmp.ut_pid, struct utmp.ut_tv, struct utmp.ut_type, struct utmp.ut_user], [], [], [
2061 #include <sys/types.h>
2065 dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination
2067 AC_CHECK_MEMBERS([struct utmp.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [
2068 AC_CHECK_MEMBERS([struct utmp.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [], [
2069 #include <sys/types.h>
2073 #include <sys/types.h>
2083 AC_CHECK_FUNCS(strrchr sysconf tzset strftime fstat \
2084 regcomp setlocale nl_langinfo getaddrinfo mbr_check_membership \
2086 AC_REPLACE_FUNCS(getgrouplist)
2087 AC_CHECK_FUNCS(getline, [], [
2089 AC_CHECK_FUNCS(fgetln)
2092 AC_CHECK_FUNCS(getutxid getutid, [utmp_style=POSIX; break])
2093 if test "$utmp_style" = "LEGACY"; then
2094 AC_CHECK_FUNCS(getttyent ttyslot, [break])
2097 AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(util.h pty.h, [break])], [
2098 AC_CHECK_LIB(util, openpty, [
2099 AC_CHECK_HEADERS(util.h pty.h, [break])
2100 case "$SUDO_LIBS" in
2102 *) SUDO_LIBS="${SUDO_LIBS} -lutil";;
2104 AC_DEFINE(HAVE_OPENPTY)
2106 AC_CHECK_FUNCS(_getpty, [], [
2107 AC_CHECK_FUNCS(grantpt, [
2108 AC_CHECK_FUNCS(posix_openpt)
2110 AC_CHECK_FUNCS(revoke)
2115 AC_CHECK_FUNCS(unsetenv, [SUDO_FUNC_UNSETENV_VOID], [AC_LIBOBJ(unsetenv)])
2116 if test -z "$SKIP_SETRESUID"; then
2117 AC_CHECK_FUNCS(setresuid, [
2119 AC_CHECK_FUNCS(getresuid)
2122 if test -z "$SKIP_SETREUID"; then
2123 AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
2125 if test -z "$SKIP_SETEUID"; then
2126 AC_CHECK_FUNCS(seteuid)
2128 if test X"$with_interfaces" != X"no"; then
2129 AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
2131 if test -z "$BROKEN_GETCWD"; then
2132 AC_REPLACE_FUNCS(getcwd)
2134 AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h)
2135 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <glob.h>]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB)
2136 AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob)
2137 AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)])
2138 AC_CHECK_FUNCS(lockf flock, [break])
2139 AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
2140 AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
2141 AC_CHECK_FUNCS(killpg, [], [AC_LIBOBJ(killpg)])
2142 SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)])
2144 AC_REPLACE_FUNCS(memrchr strlcpy strlcat setenv)
2145 AC_CHECK_FUNCS(nanosleep, [], [
2146 # On Solaris, nanosleep is in librt
2147 AC_CHECK_LIB(rt, nanosleep, [REPLAY_LIBS="${REPLAY_LIBS} -lrt"], [AC_LIBOBJ(nanosleep)])
2149 AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom)
2150 AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [],
2151 [ #include <limits.h>
2152 #include <fcntl.h> ])
2154 AC_CHECK_FUNCS(mkstemps mkdtemp, [], [
2155 AC_CHECK_FUNCS(random lrand48, [break])
2158 AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
2159 if test X"$ac_cv_type_struct_timespec" != X"no"; then
2160 AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)]
2161 [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))],
2162 [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
2165 dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
2167 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2168 #include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2169 #include <$ac_header_dirent>]], [[DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);]])], [AC_DEFINE(HAVE_DD_FD)], [])])
2171 dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
2172 dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
2174 if test -n "$NEED_SNPRINTF"; then
2178 dnl If socket(2) not in libc, check -lsocket and -linet
2179 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
2180 dnl In this case we look for main(), not socket() to avoid using a cached value
2182 AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl)
2183 AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))])
2185 dnl If inet_addr(3) not in libc, check -lnsl and -linet
2186 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
2188 AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl)
2189 AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))])
2191 dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
2193 AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))])
2195 dnl Check for getprogname() or __progname
2197 AC_CHECK_FUNCS(getprogname, , [
2198 AC_MSG_CHECKING([for __progname])
2199 AC_CACHE_VAL(sudo_cv___progname, [
2200 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
2201 if test "$sudo_cv___progname" = "yes"; then
2202 AC_DEFINE(HAVE___PROGNAME)
2204 AC_LIBOBJ(getprogname)
2206 AC_MSG_RESULT($sudo_cv___progname)
2209 # gettext() and friends may be located in libc (Linux and Solaris)
2210 # or in libintl. However, it is possible to have libintl installed
2211 # even when gettext() is present in libc. In the case of GNU libintl,
2212 # gettext() will be defined to gettext_libintl in libintl.h.
2213 # Since gcc prefers /usr/local/include to /usr/include, we need to
2214 # make sure we use the gettext() that matches the include file.
2215 if test "$enable_nls" != "no"; then
2216 if test "$enable_nls" != "yes"; then
2217 CPPFLAGS="${CPPFLAGS} -I${enable_nls}/include"
2218 SUDO_APPEND_LIBPATH(LDFLAGS, [$enable_nls/lib])
2221 for l in "libc" "-lintl" "-lintl -liconv"; do
2222 if test "$l" = "libc"; then
2223 # If user specified a dir for libintl ignore libc
2224 if test "$enable_nls" != "yes"; then
2227 gettext_name=sudo_cv_gettext
2228 AC_MSG_CHECKING([for gettext])
2231 gettext_name=sudo_cv_gettext"`echo $l|sed -e 's/ //g' -e 's/-/_/g'`"
2232 AC_MSG_CHECKING([for gettext in $l])
2234 AC_CACHE_VAL($gettext_name, [
2237 AC_LANG_PROGRAM([[#include <libintl.h>]], [(void)gettext((char *)0);])
2238 ], [eval $gettext_name=yes], [eval $gettext_name=no]
2241 eval gettext_result="\$$gettext_name"
2242 AC_MSG_RESULT($gettext_result)
2243 test "$gettext_result" = "yes" && break
2247 if test "$sudo_cv_gettext" = "yes"; then
2248 AC_DEFINE(HAVE_LIBINTL_H)
2250 elif test "$sudo_cv_gettext_lintl" = "yes"; then
2251 AC_DEFINE(HAVE_LIBINTL_H)
2254 elif test "$sudo_cv_gettext_lintl_liconv" = "yes"; then
2255 AC_DEFINE(HAVE_LIBINTL_H)
2257 LIBINTL="-lintl -liconv"
2262 dnl Deferred zlib option processing.
2263 dnl By default we use the system zlib if it is present.
2265 case "$enable_zlib" in
2267 AC_CHECK_LIB(z, gzdopen, [
2268 AC_CHECK_HEADERS(zlib.h, [ZLIB="-lz"], [enable_zlib=builtin])
2274 AC_DEFINE(HAVE_ZLIB_H)
2281 AC_DEFINE(HAVE_ZLIB_H)
2282 CPPFLAGS="${CPPFLAGS} -I${enable_zlib}/include"
2283 SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib])
2287 if test X"$enable_zlib" = X"builtin"; then
2288 AC_DEFINE(HAVE_ZLIB_H)
2289 CPPFLAGS="${CPPFLAGS}"' -I$(top_srcdir)/zlib'
2290 ZLIB="${ZLIB}"' $(top_builddir)/zlib/libz.la'
2292 AC_CONFIG_HEADER([zlib/zconf.h])
2293 AC_CONFIG_FILES([zlib/Makefile])
2297 dnl Check for strsignal() or sys_siglist
2299 AC_CHECK_FUNCS(strsignal, [], [
2300 AC_LIBOBJ(strsignal)
2301 HAVE_SIGLIST="false"
2302 AC_CHECK_DECLS([sys_siglist, _sys_siglist, __sys_siglist], [
2309 if test "$HAVE_SIGLIST" != "true"; then
2315 dnl nsswitch.conf and its equivalents
2317 if test ${with_netsvc-"no"} != "no"; then
2318 SUDO_DEFINE_UNQUOTED(_PATH_NETSVC_CONF, "${with_netsvc-/etc/netsvc.conf}")
2319 netsvc_conf=${with_netsvc-/etc/netsvc.conf}
2320 elif test ${with_nsswitch-"yes"} != "no"; then
2321 SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}")
2322 nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf}
2326 dnl Mutually exclusive auth checks come first, followed by
2327 dnl non-exclusive ones. Note: passwd must be last of all!
2331 dnl Convert default authentication methods to with_* if
2332 dnl no explicit authentication scheme was specified.
2334 if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
2335 for auth in $AUTH_EXCL_DEF; do
2337 AIX_AUTH) with_aixauth=maybe;;
2338 BSD_AUTH) with_bsdauth=maybe;;
2339 PAM) with_pam=maybe;;
2340 SIA) CHECKSIA=true;;
2346 dnl PAM support. Systems that use PAM by default set with_pam=default
2347 dnl and we do the actual tests here.
2349 if test ${with_pam-"no"} != "no"; then
2350 # We already link with -ldl (see LIBDL below) so no need for that here.
2351 SUDOERS_LIBS="${SUDOERS_LIBS} -lpam"
2354 dnl Some PAM implementations (MacOS X for example) put the PAM headers
2355 dnl in /usr/include/pam instead of /usr/include/security...
2357 AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break])
2358 if test "$with_pam" = "yes"; then
2360 AUTH_OBJS="$AUTH_OBJS pam.lo";
2363 AC_ARG_WITH(pam-login, [AS_HELP_STRING([--with-pam-login], [enable specific PAM session for sudo -i])],
2364 [case $with_pam_login in
2365 yes) AC_DEFINE([HAVE_PAM_LOGIN])
2366 AC_MSG_CHECKING(whether to use PAM login)
2370 *) AC_MSG_ERROR(["--with-pam-login does not take an argument."])
2374 AC_MSG_CHECKING(whether to use PAM session support)
2375 AC_ARG_ENABLE(pam_session,
2376 [AS_HELP_STRING([--disable-pam-session], [Disable PAM session support])],
2377 [ case "$enableval" in
2378 yes) AC_MSG_RESULT(yes)
2380 no) AC_MSG_RESULT(no)
2381 AC_DEFINE(NO_PAM_SESSION)
2383 *) AC_MSG_RESULT(no)
2384 AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
2386 esac], AC_MSG_RESULT(yes))
2391 dnl AIX general authentication
2392 dnl If set to "maybe" only enable if no other exclusive method in use.
2394 if test ${with_aixauth-'no'} != "no"; then
2395 if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
2396 AC_MSG_NOTICE([using AIX general authentication])
2397 AC_DEFINE(HAVE_AIXAUTH)
2398 AUTH_OBJS="$AUTH_OBJS aix_auth.lo";
2399 SUDOERS_LIBS="${SUDOERS_LIBS} -ls"
2405 dnl BSD authentication
2406 dnl If set to "maybe" only enable if no other exclusive method in use.
2408 if test ${with_bsdauth-'no'} != "no"; then
2409 AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
2410 [AUTH_OBJS="$AUTH_OBJS bsdauth.lo"]
2411 [BSDAUTH_USAGE='[[-a auth_type]] ']
2412 [AUTH_EXCL=BSD_AUTH; BAMAN=1],
2413 [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
2417 dnl SIA authentication for Tru64 Unix
2419 if test ${CHECKSIA-'false'} = "true"; then
2420 AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
2421 if test "$found" = "true"; then
2423 AUTH_OBJS="$AUTH_OBJS sia.lo"
2428 dnl extra FWTK libs + includes
2430 if test ${with_fwtk-'no'} != "no"; then
2431 if test "$with_fwtk" != "yes"; then
2432 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_fwtk}])
2433 CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
2436 SUDOERS_LIBS="${SUDOERS_LIBS} -lauth -lfwall"
2437 AUTH_OBJS="$AUTH_OBJS fwtk.lo"
2441 dnl extra SecurID lib + includes
2443 if test ${with_SecurID-'no'} != "no"; then
2444 if test "$with_SecurID" != "yes"; then
2446 elif test -d /usr/ace/examples; then
2447 with_SecurID=/usr/ace/examples
2449 with_SecurID=/usr/ace
2451 CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
2452 _LDFLAGS="${LDFLAGS}"
2453 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
2455 # Determine whether to use the new or old SecurID API
2457 AC_CHECK_LIB(aceclnt, SD_Init,
2459 AUTH_OBJS="$AUTH_OBJS securid5.lo";
2460 SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread"
2463 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_SecurID}])
2465 AUTH_OBJS="$AUTH_OBJS securid.lo";
2466 SUDOERS_LIBS="${SUDOERS_LIBS} ${with_SecurID}/sdiclient.a"
2472 LDFLAGS="${_LDFLAGS}"
2476 dnl Non-mutually exclusive auth checks come next.
2477 dnl Note: passwd must be last of all!
2481 dnl Convert default authentication methods to with_* if
2482 dnl no explicit authentication scheme was specified.
2484 if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
2485 for auth in $AUTH_DEF; do
2487 passwd) : ${with_passwd='maybe'};;
2495 if test ${with_kerb4-'no'} != "no"; then
2496 AC_DEFINE(HAVE_KERB4)
2498 dnl Use the specified directory, if any, else search for correct inc dir
2500 O_LDFLAGS="$LDFLAGS"
2501 if test "$with_kerb4" = "yes"; then
2503 O_CPPFLAGS="$CPPFLAGS"
2504 for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
2505 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
2506 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]])], [found=yes; break])
2508 test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
2510 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib])
2511 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb4}/lib])
2512 CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
2513 AC_CHECK_HEADER([krb.h], [found=yes], [found=no])
2515 if test X"$found" = X"no"; then
2516 AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
2520 dnl Check for -ldes vs. -ldes425
2522 AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [
2523 AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""])
2526 dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV
2528 AC_MSG_CHECKING(whether we are using KTH Kerberos IV)
2529 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]], [[const char *tmp = krb4_version;]])], [
2531 K4LIBS="${K4LIBS} -lcom_err"
2532 AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"])
2538 dnl The actual Kerberos IV lib might be -lkrb or -lkrb4
2540 AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [
2541 AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"],
2542 [K4LIBS="-lkrb $K4LIBS"]
2543 [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDOERS_LDFLAGS and possibly add Kerberos libs to SUDOERS_LIBS])]
2546 LDFLAGS="$O_LDFLAGS"
2547 SUDOERS_LIBS="${SUDOERS_LIBS} $K4LIBS"
2548 AUTH_OBJS="$AUTH_OBJS kerb4.lo"
2553 dnl There is an easy way and a hard way...
2555 if test ${with_kerb5-'no'} != "no"; then
2556 AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
2557 if test -n "$KRB5CONFIG"; then
2558 AC_DEFINE(HAVE_KERB5)
2559 AUTH_OBJS="$AUTH_OBJS kerb5.lo"
2560 CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
2561 SUDOERS_LIBS="$SUDOERS_LIBS `krb5-config --libs`"
2563 dnl Try to determine whether we have Heimdal or MIT Kerberos
2565 AC_MSG_CHECKING(whether we are using Heimdal)
2566 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2568 AC_DEFINE(HAVE_HEIMDAL)
2574 AC_DEFINE(HAVE_KERB5)
2576 dnl Use the specified directory, if any, else search for correct inc dir
2578 if test "$with_kerb5" = "yes"; then
2580 O_CPPFLAGS="$CPPFLAGS"
2581 for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
2582 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
2583 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]])], [found=yes; break])
2585 if test X"$found" = X"no"; then
2586 CPPFLAGS="$O_CPPFLAGS"
2587 AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
2590 dnl XXX - try to include krb5.h here too
2591 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb5}/lib])
2592 CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
2596 dnl Try to determine whether we have Heimdal or MIT Kerberos
2598 AC_MSG_CHECKING(whether we are using Heimdal)
2599 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2601 AC_DEFINE(HAVE_HEIMDAL)
2602 # XXX - need to check whether -lcrypo is needed!
2603 SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
2604 AC_CHECK_LIB(roken, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lroken"])
2607 SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lk5crypto -lcom_err"
2608 AC_CHECK_LIB(krb5support, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5support"])
2610 AUTH_OBJS="$AUTH_OBJS kerb5.lo"
2613 LIBS="${LIBS} ${SUDOERS_LIBS}"
2614 AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
2615 AC_CHECK_FUNCS(krb5_get_init_creds_opt_alloc, [
2616 AC_CACHE_CHECK([whether krb5_get_init_creds_opt_free takes a context],
2617 sudo_cv_krb5_get_init_creds_opt_free_two_args, [
2620 [[#include <krb5.h>]],
2621 [[krb5_get_init_creds_opt_free(NULL, NULL);]]
2623 [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes],
2624 [sudo_cv_krb5_get_init_creds_opt_free_two_args=no]
2629 if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then
2630 AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS)
2636 dnl extra AFS libs and includes
2638 if test ${with_AFS-'no'} = "yes"; then
2640 # looks like the "standard" place for AFS libs is /usr/afsws/lib
2641 AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
2642 for i in $AFSLIBDIRS; do
2643 if test -d ${i}; then
2644 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [$i])
2645 FOUND_AFSLIBDIR=true
2648 if test -z "$FOUND_AFSLIBDIR"; then
2649 AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options.])
2652 # Order is important here. Note that we build AFS_LIBS from right to left
2653 # since AFS_LIBS may be initialized with BSD compat libs that must go last
2654 AFS_LIBS="-laudit ${AFS_LIBS}"
2655 for i in $AFSLIBDIRS; do
2656 if test -f ${i}/util.a; then
2657 AFS_LIBS="${i}/util.a ${AFS_LIBS}"
2662 if test -z "$FOUND_UTIL_A"; then
2663 AFS_LIBS="-lutil ${AFS_LIBS}"
2665 AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
2667 # AFS includes may live in /usr/include on some machines...
2668 for i in /usr/afsws/include; do
2669 if test -d ${i}; then
2670 CPPFLAGS="${CPPFLAGS} -I${i}"
2671 FOUND_AFSINCDIR=true
2675 if test -z "$FOUND_AFSLIBDIR"; then
2676 AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
2679 AUTH_OBJS="$AUTH_OBJS afs.lo"
2683 dnl extra DCE obj + lib
2684 dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
2686 if test ${with_DCE-'no'} = "yes"; then
2687 DCE_OBJS="${DCE_OBJS} dce_pwent.o"
2688 SUDOERS_LIBS="${SUDOERS_LIBS} -ldce"
2689 AUTH_OBJS="$AUTH_OBJS dce.lo"
2693 dnl extra S/Key lib and includes
2695 if test "${with_skey-'no'}" = "yes"; then
2696 O_LDFLAGS="$LDFLAGS"
2697 if test "$with_skey" != "yes"; then
2698 CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
2699 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
2700 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_skey}/lib])
2701 AC_CHECK_HEADER([skey.h], [found=yes], [found=no], [#include <stdio.h>])
2704 O_CPPFLAGS="$CPPFLAGS"
2705 for dir in "" "/usr/local" "/usr/contrib"; do
2706 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2707 AC_CHECK_HEADER([skey.h], [found=yes; break], [],
2708 [#include <stdio.h>])
2710 if test "$found" = "no" -o -z "$dir"; then
2711 CPPFLAGS="$O_CPPFLAGS"
2713 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2714 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib])
2716 if test "$found" = "no"; then
2717 AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
2720 AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS])])
2721 AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
2723 AC_MSG_CHECKING([for RFC1938-compliant skeychallenge])
2726 [[#include <stdio.h>
2727 #include <skey.h>]],
2728 [[skeychallenge(NULL, NULL, NULL, 0);]]
2730 AC_DEFINE(HAVE_RFC1938_SKEYCHALLENGE)
2731 AC_MSG_RESULT([yes])
2737 LDFLAGS="$O_LDFLAGS"
2738 SUDOERS_LIBS="${SUDOERS_LIBS} -lskey"
2739 AUTH_OBJS="$AUTH_OBJS rfc1938.lo"
2743 dnl extra OPIE lib and includes
2745 if test "${with_opie-'no'}" = "yes"; then
2746 O_LDFLAGS="$LDFLAGS"
2747 if test "$with_opie" != "yes"; then
2748 CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
2749 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
2750 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_opie}/lib])
2751 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes], [found=no])
2754 O_CPPFLAGS="$CPPFLAGS"
2755 for dir in "" "/usr/local" "/usr/contrib"; do
2756 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2757 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes; break])
2759 if test "$found" = "no" -o -z "$dir"; then
2760 CPPFLAGS="$O_CPPFLAGS"
2762 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2763 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib])
2765 if test "$found" = "no"; then
2766 AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
2769 AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS])])
2770 LDFLAGS="$O_LDFLAGS"
2771 SUDOERS_LIBS="${SUDOERS_LIBS} -lopie"
2772 AUTH_OBJS="$AUTH_OBJS rfc1938.lo"
2776 dnl Check for shadow password routines if we have not already done so.
2777 dnl If there is a specific list of functions to check we do that first.
2778 dnl Otherwise, we check for SVR4-style and then SecureWare-style.
2780 if test ${with_passwd-'no'} != "no"; then
2782 dnl if crypt(3) not in libc, look elsewhere
2784 if test -z "$LIB_CRYPT"; then
2786 AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"])
2790 if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
2792 LIBS="$LIBS $shadow_libs"
2794 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2795 if test "$found" = "yes"; then
2796 SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs"
2797 elif test -n "$shadow_libs_optional"; then
2798 LIBS="$LIBS $shadow_libs_optional"
2799 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2800 if test "$found" = "yes"; then
2801 SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs $shadow_libs_optional"
2804 if test "$found" = "yes"; then
2805 case "$shadow_funcs" in
2806 *getprpwnam*) SECUREWARE=1;;
2808 test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
2814 if test "$CHECKSHADOW" = "true"; then
2815 AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"])
2817 if test "$CHECKSHADOW" = "true"; then
2818 AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"])
2820 if test -n "$SECUREWARE"; then
2821 AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
2822 AUTH_OBJS="$AUTH_OBJS secureware.lo"
2827 dnl extra lib and .o file for LDAP support
2829 if test ${with_ldap-'no'} != "no"; then
2831 if test "$with_ldap" != "yes"; then
2832 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_ldap}/lib])
2833 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
2834 CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
2837 SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo"
2840 AC_MSG_CHECKING([for LDAP libraries])
2844 for l in -lldap -llber '-lssl -lcrypto'; do
2846 LDAP_LIBS="${LDAP_LIBS} $l"
2847 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2849 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
2851 dnl if nothing linked just try with -lldap
2852 if test "$found" = "no"; then
2853 LIBS="${_LIBS} -lldap"
2855 AC_MSG_RESULT([not found, using -lldap])
2857 AC_MSG_RESULT([$LDAP_LIBS])
2859 dnl check if we need to link with -llber for ber_set_option
2861 AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
2862 if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
2863 LDAP_LIBS="$LDAP_LIBS -llber"
2865 dnl check if ldap.h includes lber.h for us
2866 AC_MSG_CHECKING([whether lber.h is needed])
2867 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2868 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
2869 AC_MSG_RESULT([yes])
2870 AC_DEFINE(HAVE_LBER_H)])
2872 AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)], [break])
2873 AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
2874 AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_client_init ldap_start_tls_s_np)
2875 AC_CHECK_FUNCS(ldap_search_ext_s ldap_search_st, [break])
2877 if test X"$check_gss_krb5_ccache_name" = X"yes"; then
2878 AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,
2879 AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
2880 [LDAP_LIBS="${LDAP_LIBS} -lgssapi"],
2881 AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,
2882 AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
2883 [LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"])
2886 # gssapi headers may be separate or part of Kerberos V
2888 O_CPPFLAGS="$CPPFLAGS"
2889 for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do
2890 test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
2891 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <gssapi/gssapi.h>]])], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <gssapi.h>]])], [found="gssapi.h"; break])])
2893 if test X"$found" != X"no"; then
2894 AC_CHECK_HEADERS([$found])
2895 if test X"$found" = X"gssapi/gssapi.h"; then
2896 AC_CHECK_HEADERS([gssapi/gssapi_krb5.h])
2899 CPPFLAGS="$O_CPPFLAGS"
2900 AC_MSG_WARN([Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS])
2904 SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}"
2910 # How to do dynamic object loading.
2911 # We support dlopen() and sh_load(), else fall back to static loading.
2913 case "$lt_cv_dlopen" in
2915 AC_DEFINE(HAVE_DLOPEN)
2916 SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo"
2917 LT_STATIC="--tag=disable-static"
2920 AC_DEFINE(HAVE_SHL_LOAD)
2921 SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo"
2922 LT_STATIC="--tag=disable-static"
2926 if test X"${ac_cv_func_dlopen}" = X"yes"; then
2927 AC_MSG_ERROR(["dlopen present but libtool doesn't appear to support your platform."])
2929 # Preload sudoers module symbols
2930 SUDO_OBJS="${SUDO_OBJS} preload.o"
2931 SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la"
2938 # Add library needed for dynamic loading, if any.
2940 LIBDL="$lt_cv_dlopen_libs"
2941 if test X"$LIBDL" != X""; then
2942 SUDO_LIBS="${SUDO_LIBS} $LIBDL"
2943 SUDOERS_LIBS="${SUDOERS_LIBS} $LIBDL"
2946 # On HP-UX, you cannot dlopen() a shared object that uses pthreads
2947 # unless the main program is linked against -lpthread. Since we
2948 # have no knowledge what libraries a plugin may depend on, we always
2949 # link against -lpthread on HP-UX if it is available.
2950 # This check should go after all other libraries tests.
2953 AC_CHECK_LIB(pthread, main, [SUDO_LIBS="${SUDO_LIBS} -lpthread"])
2958 dnl Add $blibpath to SUDOERS_LDFLAGS if specified by the user or if we
2959 dnl added -L dirpaths to SUDOERS_LDFLAGS.
2961 if test -n "$blibpath"; then
2962 if test -n "$blibpath_add"; then
2963 SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
2964 elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
2965 SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}"
2970 dnl Check for log file, timestamp and iolog locations
2972 if test "$utmp_style" = "LEGACY"; then
2980 dnl Use passwd auth module?
2982 case "$with_passwd" in
2984 AUTH_OBJS="$AUTH_OBJS getspwuid.lo passwd.lo"
2987 AC_DEFINE(WITHOUT_PASSWD)
2988 if test -z "$AUTH_OBJS"; then
2989 AC_MSG_ERROR([no authentication methods defined.])
2993 AUTH_OBJS=${AUTH_OBJS# }
2994 _AUTH=`echo "$AUTH_OBJS" | sed -e 's/\.lo//g' -e 's/getspwuid *//'`
2995 AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
2998 dnl LIBS may contain duplicates from SUDO_LIBS, SUDOERS_LIBS, or NET_LIBS
3000 if test -n "$LIBS"; then
3005 for sl in ${SUDO_LIBS} ${SUDOERS_LIBS} ${NET_LIBS}; do
3006 test $l = $sl && dupe=1
3008 test $dupe = 0 && LIBS="${LIBS} $l"
3015 test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
3018 dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
3019 dnl XXX - this is gross!
3021 if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
3022 oexec_prefix="$exec_prefix"
3023 if test "$exec_prefix" = '$(prefix)'; then
3024 if test "$prefix" = "NONE"; then
3025 exec_prefix="$ac_default_prefix"
3027 exec_prefix="$prefix"
3030 if test X"$with_noexec" != X"no"; then
3031 PROGS="${PROGS} libsudo_noexec.la"
3032 INSTALL_NOEXEC="install-noexec"
3034 eval noexec_file="$with_noexec"
3035 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
3037 if test X"$with_selinux" != X"no"; then
3038 eval sesh_file="$libexecdir/sesh"
3039 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
3041 eval PLUGINDIR="$with_plugindir"
3042 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/")
3043 SUDO_DEFINE_UNQUOTED(SUDOERS_PLUGIN, "sudoers${SOEXT}")
3044 exec_prefix="$oexec_prefix"
3048 dnl Override default configure dirs for the Makefile
3050 if test X"$prefix" = X"NONE"; then
3051 test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
3053 test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man'
3055 test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
3056 test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
3057 test "$libexecdir" = '${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec'
3058 test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include'
3059 test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share'
3060 test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
3061 test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
3064 dnl Substitute into the Makefile and man pages
3066 dnl AC_CONFIG_FILES([doc/sudo.man doc/visudo.man doc/sudoers.man doc/sudoers.ldap.man doc/sudoreplay.man src/Makefile src/sudo_usage.h])
3067 AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/sample_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers])
3071 dnl Spew any text the user needs to know about
3073 if test "$with_pam" = "yes"; then
3076 AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
3082 dnl Autoheader templates
3084 AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
3085 AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
3086 AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
3087 AH_TEMPLATE(SUDOERS_PLUGIN, [The name of the sudoers plugin, including extension.])
3088 AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
3089 AH_TEMPLATE(ENV_DEBUG, [Define to 1 to enable environment function debugging.])
3090 AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
3091 AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
3092 AH_TEMPLATE(ENV_RESET, [Define to 1 to enable environment resetting by default.])
3093 AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
3094 AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
3095 AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
3096 AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
3097 AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
3098 AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM audit support.])
3099 AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
3100 AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
3101 AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
3102 AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
3103 AH_TEMPLATE(HAVE_DLOPEN, [Define to 1 if you have the `dlopen' function.])
3104 AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.])
3105 AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
3106 AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
3107 AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
3108 AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)])
3109 AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)])
3110 AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
3111 AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
3112 AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
3113 AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.])
3114 AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
3115 AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if <netinet/in.h> contains struct in6_addr.])
3116 AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
3117 AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
3118 AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.])
3119 AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
3120 AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.])
3121 AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.])
3122 AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.])
3123 AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.])
3124 AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
3125 AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
3126 AH_TEMPLATE(HAVE_LIBINTL_H, [Define to 1 if you have the <libintl.h> header file.])
3127 AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.])
3128 AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
3129 AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
3130 AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.])
3131 AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
3132 AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
3133 AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.])
3134 AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.])
3135 AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.])
3136 AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
3137 AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
3138 AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
3139 AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments])
3140 AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union])
3141 AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
3142 AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
3143 AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h])
3144 AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
3145 AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
3146 AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
3147 AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
3148 AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
3149 AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
3150 AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
3151 AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support])
3152 AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
3153 AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
3154 AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.])
3155 AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
3156 AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
3157 AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
3158 AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
3159 AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
3160 AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
3161 AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
3162 AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
3163 AH_TEMPLATE(UMASK_OVERRIDE, [Define to 1 to use the umask specified in sudoers even when it is less restrictive than the invoking user's.])
3164 AH_TEMPLATE(USE_ADMIN_FLAG, [Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo.])
3165 AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
3166 AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
3167 AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
3168 AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
3169 AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.])
3170 AH_TEMPLATE(HAVE_STRUCT_UTMP_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmp'.])
3171 AH_TEMPLATE(HAVE_STRUCT_UTMPX_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmpx'.])
3174 dnl Bits to copy verbatim into config.h.in
3176 AH_TOP([#ifndef _SUDO_CONFIG_H
3177 #define _SUDO_CONFIG_H])
3180 * Macros to convert ctime and mtime into timevals.
3182 #define timespec2timeval(_ts, _tv) do { \
3183 (_tv)->tv_sec = (_ts)->tv_sec; \
3184 (_tv)->tv_usec = (_ts)->tv_nsec / 1000; \
3188 # ifdef HAVE_ST__TIM
3189 # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim.st__tim, (_y))
3190 # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim.st__tim, (_y))
3192 # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim, (_y))
3193 # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim, (_y))
3196 # ifdef HAVE_ST_MTIMESPEC
3197 # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctimespec, (_y))
3198 # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtimespec, (_y))
3200 # define ctim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_ctime; (_y)->tv_usec = 0; } while (0)
3201 # define mtim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_mtime; (_y)->tv_usec = 0; } while (0)
3202 # endif /* HAVE_ST_MTIMESPEC */
3203 #endif /* HAVE_ST_MTIM */
3205 /* GNU stow needs /etc/sudoers to be a symlink. */
3207 # define stat_sudoers stat
3209 # define stat_sudoers lstat
3212 /* Macros to set/clear/test flags. */
3214 #define SET(t, f) ((t) |= (f))
3216 #define CLR(t, f) ((t) &= ~(f))
3218 #define ISSET(t, f) ((t) & (f))
3220 /* ANSI-style OS defs for HP-UX and ConvexOS. */
3221 #if defined(hpux) && !defined(__hpux)
3225 #if defined(convex) && !defined(__convex__)
3226 # define __convex__ 1
3229 /* BSD compatibility on some SVR4 systems. */
3232 #endif /* __svr4__ */
3234 #endif /* _SUDO_CONFIG_H */])