2 dnl Process this file with GNU autoconf to produce a configure script.
3 dnl $Sudo: configure.in,v 1.413.2.42 2008/01/21 16:08:27 millert Exp $
5 dnl Copyright (c) 1994-1996,1998-2007 Todd C. Miller <Todd.Miller@courtesan.com>
7 AC_INIT([sudo], [1.6.9])
8 AC_CONFIG_HEADER(config.h pathnames.h)
10 dnl This won't work before AC_INIT
12 AC_MSG_NOTICE([Configuring Sudo version 1.6.9])
14 dnl Variables that get substituted in the Makefile and man pages
21 AC_SUBST(SUDO_LDFLAGS)
27 AC_SUBST(GETGROUPS_LIB)
31 AC_SUBST(MAN_POSTINSTALL)
32 AC_SUBST(SUDOERS_MODE)
41 AC_SUBST(INSTALL_NOEXEC)
42 AC_SUBST(DONT_LEAK_PATH_INFO)
44 dnl Variables that get substituted in docs (not overridden by environment)
46 AC_SUBST(timedir)dnl initial value from SUDO_TIMEDIR
48 AC_SUBST(password_timeout)
51 AC_SUBST(long_otp_prompt)
58 AC_SUBST(mail_no_user)
59 AC_SUBST(mail_no_host)
60 AC_SUBST(mail_no_perms)
63 AC_SUBST(badpass_message)
65 AC_SUBST(runas_default)
67 AC_SUBST(passwd_tries)
73 dnl Initial values for above
78 passprompt="Password:"
90 mailsub='*** SECURITY information for %h ***'
91 badpass_message='Sorry, try again.'
102 dnl Initial values for Makefile variables listed above
103 dnl May be overridden by environment variables..
108 : ${SUDOERS_MODE='0440'}
125 shadow_libs_optional=
128 dnl Override default configure dirs...
130 test "$mandir" = '${prefix}/man' && mandir='$(prefix)/man'
131 test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
132 test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
133 test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
136 dnl Deprecated --with options (these all warn or generate an error)
139 AC_ARG_WITH(otp-only, [ --with-otp-only deprecated],
140 [case $with_otp_only in
141 yes) with_passwd="no"
142 AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
146 AC_ARG_WITH(alertmail, [ --with-alertmail deprecated],
147 [case $with_alertmail in
148 *) with_mailto="$with_alertmail"
149 AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
154 dnl Options for --with
157 AC_ARG_WITH(CC, [ --with-CC C compiler to use],
159 yes) AC_MSG_ERROR(["must give --with-CC an argument."])
161 no) AC_MSG_ERROR(["illegal argument: --without-CC."])
167 AC_ARG_WITH(rpath, [ --with-rpath pass -R flag in addition to -L for lib paths],
170 *) AC_MSG_ERROR(["--with-rpath does not take an argument."])
174 AC_ARG_WITH(blibpath, [ --with-blibpath[=PATH] pass -blibpath flag to ld for additional lib paths],
175 [case $with_blibpath in
177 *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
181 AC_ARG_WITH(incpath, [ --with-incpath additional places to look for include files],
182 [case $with_incpath in
183 yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
185 no) AC_MSG_ERROR(["--without-incpath not supported."])
187 *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
188 for i in ${with_incpath}; do
189 CPPFLAGS="${CPPFLAGS} -I${i}"
194 AC_ARG_WITH(libpath, [ --with-libpath additional places to look for libraries],
195 [case $with_libpath in
196 yes) AC_MSG_ERROR(["must give --with-libpath an argument."])
198 no) AC_MSG_ERROR(["--without-libpath not supported."])
200 *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS])
204 AC_ARG_WITH(libraries, [ --with-libraries additional libraries to link with],
205 [case $with_libraries in
206 yes) AC_MSG_ERROR(["must give --with-libraries an argument."])
208 no) AC_MSG_ERROR(["--without-libraries not supported."])
210 *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS])
214 AC_ARG_WITH(devel, [ --with-devel add development options],
216 yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
217 PROGS="${PROGS} testsudoers"
218 OSDEFS="${OSDEFS} -DSUDO_DEVEL"
222 *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
226 AC_ARG_WITH(efence, [ --with-efence link with -lefence for malloc() debugging],
227 [case $with_efence in
228 yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
229 LIBS="${LIBS} -lefence"
230 if test -f /usr/local/lib/libefence.a; then
231 with_libpath="${with_libpath} /usr/local/lib"
235 *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence])
239 AC_ARG_WITH(csops, [ --with-csops add CSOps standard options],
241 yes) AC_MSG_NOTICE([Adding CSOps standard options])
245 with_classic_insults=yes
246 with_csops_insults=yes
252 *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
256 AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for authentication],
257 [case $with_passwd in
258 yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
259 AC_MSG_RESULT($with_passwd)
261 test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
263 *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
267 AC_ARG_WITH(skey, [ --with-skey[=DIR] enable S/Key support ],
271 *) AC_DEFINE(HAVE_SKEY)
272 AC_MSG_CHECKING(whether to try S/Key authentication)
274 AUTH_REG="$AUTH_REG S/Key"
278 AC_ARG_WITH(opie, [ --with-opie[=DIR] enable OPIE support ],
282 *) AC_DEFINE(HAVE_OPIE)
283 AC_MSG_CHECKING(whether to try NRL OPIE authentication)
285 AUTH_REG="$AUTH_REG NRL_OPIE"
289 AC_ARG_WITH(long-otp-prompt, [ --with-long-otp-prompt use a two line OTP (skey/opie) prompt],
290 [case $with_long_otp_prompt in
291 yes) AC_DEFINE(LONG_OTP_PROMPT)
292 AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
296 no) long_otp_prompt=off
298 *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."])
302 AC_ARG_WITH(SecurID, [ --with-SecurID[[=DIR]] enable SecurID support],
303 [case $with_SecurID in
304 no) with_SecurID="";;
305 *) AC_DEFINE(HAVE_SECURID)
306 AC_MSG_CHECKING(whether to use SecurID for authentication)
308 AUTH_EXCL="$AUTH_EXCL SecurID"
312 AC_ARG_WITH(fwtk, [ --with-fwtk[[=DIR]] enable FWTK AuthSRV support],
315 *) AC_DEFINE(HAVE_FWTK)
316 AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
318 AUTH_EXCL="$AUTH_EXCL FWTK"
322 AC_ARG_WITH(kerb4, [ --with-kerb4[[=DIR]] enable Kerberos IV support],
325 *) AC_MSG_CHECKING(whether to try kerberos IV authentication)
327 AUTH_REG="$AUTH_REG kerb4"
331 AC_ARG_WITH(kerb5, [ --with-kerb5[[=DIR]] enable Kerberos V support],
334 *) AC_MSG_CHECKING(whether to try Kerberos V authentication)
336 AUTH_REG="$AUTH_REG kerb5"
340 AC_ARG_WITH(aixauth, [ --with-aixauth enable AIX general authentication support],
341 [case $with_aixauth in
342 yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
344 *) AC_MSG_ERROR(["--with-aixauth does not take an argument."])
348 AC_ARG_WITH(pam, [ --with-pam enable PAM support],
350 yes) AUTH_EXCL="$AUTH_EXCL PAM";;
352 *) AC_MSG_ERROR(["--with-pam does not take an argument."])
356 AC_ARG_WITH(AFS, [ --with-AFS enable AFS support],
358 yes) AC_DEFINE(HAVE_AFS)
359 AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
361 AUTH_REG="$AUTH_REG AFS"
364 *) AC_MSG_ERROR(["--with-AFS does not take an argument."])
368 AC_ARG_WITH(DCE, [ --with-DCE enable DCE support],
370 yes) AC_DEFINE(HAVE_DCE)
371 AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
373 AUTH_REG="$AUTH_REG DCE"
376 *) AC_MSG_ERROR(["--with-DCE does not take an argument."])
380 AC_ARG_WITH(logincap, [ --with-logincap enable BSD login class support],
381 [case $with_logincap in
383 *) AC_MSG_ERROR(["--with-logincap does not take an argument."])
387 AC_ARG_WITH(bsdauth, [ --with-bsdauth enable BSD authentication support],
388 [case $with_bsdauth in
389 yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
391 *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
395 AC_ARG_WITH(project, [ --with-project enable Solaris project support],
396 [case $with_project in
399 *) AC_MSG_ERROR(["--with-project does not take an argument."])
403 AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
404 AC_ARG_WITH(lecture, [ --without-lecture don't print lecture for first-time sudoer],
405 [case $with_lecture in
406 yes|short|always) lecture=once
408 no|none|never) lecture=never
410 *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"])
413 if test "$lecture" = "once"; then
416 AC_DEFINE(NO_LECTURE)
420 AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
421 AC_ARG_WITH(logging, [ --with-logging log via syslog, file, or both],
422 [case $with_logging in
423 yes) AC_MSG_ERROR(["must give --with-logging an argument."])
425 no) AC_MSG_ERROR(["--without-logging not supported."])
427 syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG)
428 AC_MSG_RESULT(syslog)
430 file) AC_DEFINE(LOGGING, SLOG_FILE)
433 both) AC_DEFINE(LOGGING, SLOG_BOTH)
436 *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"])
438 esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
440 AC_MSG_CHECKING(which syslog facility sudo should log with)
441 AC_ARG_WITH(logfac, [ --with-logfac syslog facility to log with (default is "local2")],
442 [case $with_logfac in
443 yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
445 no) AC_MSG_ERROR(["--without-logfac not supported."])
447 authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac
449 *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
452 AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
453 AC_MSG_RESULT($logfac)
455 AC_MSG_CHECKING(at which syslog priority to log commands)
456 AC_ARG_WITH(goodpri, [ --with-goodpri syslog priority for commands (def is "notice")],
457 [case $with_goodpri in
458 yes) AC_MSG_ERROR(["must give --with-goodpri an argument."])
460 no) AC_MSG_ERROR(["--without-goodpri not supported."])
462 alert|crit|debug|emerg|err|info|notice|warning)
463 goodpri=$with_goodpri
465 *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."])
468 AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
469 AC_MSG_RESULT($goodpri)
471 AC_MSG_CHECKING(at which syslog priority to log failures)
472 AC_ARG_WITH(badpri, [ --with-badpri syslog priority for failures (def is "alert")],
473 [case $with_badpri in
474 yes) AC_MSG_ERROR(["must give --with-badpri an argument."])
476 no) AC_MSG_ERROR(["--without-badpri not supported."])
478 alert|crit|debug|emerg|err|info|notice|warning)
481 *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
484 AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
485 AC_MSG_RESULT($badpri)
487 AC_ARG_WITH(logpath, [ --with-logpath path to the sudo log file],
488 [case $with_logpath in
489 yes) AC_MSG_ERROR(["must give --with-logpath an argument."])
491 no) AC_MSG_ERROR(["--without-logpath not supported."])
495 AC_MSG_CHECKING(how long a line in the log file should be)
496 AC_ARG_WITH(loglen, [ --with-loglen maximum length of a log file line (default is 80)],
497 [case $with_loglen in
498 yes) AC_MSG_ERROR(["must give --with-loglen an argument."])
500 no) AC_MSG_ERROR(["--without-loglen not supported."])
502 [[0-9]]*) loglen=$with_loglen
504 *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"])
507 AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
508 AC_MSG_RESULT($loglen)
510 AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
511 AC_ARG_WITH(ignore-dot, [ --with-ignore-dot ignore '.' in the PATH],
512 [case $with_ignore_dot in
517 *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."])
520 if test "$ignore_dot" = "on"; then
521 AC_DEFINE(IGNORE_DOT_PATH)
527 AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
528 AC_ARG_WITH(mail-if-no-user, [ --without-mail-if-no-user do not send mail if user not in sudoers],
529 [case $with_mail_if_no_user in
534 *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."])
537 if test "$mail_no_user" = "on"; then
538 AC_DEFINE(SEND_MAIL_WHEN_NO_USER)
544 AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
545 AC_ARG_WITH(mail-if-no-host, [ --with-mail-if-no-host send mail if user in sudoers but not for this host],
546 [case $with_mail_if_no_host in
551 *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."])
554 if test "$mail_no_host" = "on"; then
555 AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
561 AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
562 AC_ARG_WITH(mail-if-noperms, [ --with-mail-if-noperms send mail if user not allowed to run command],
563 [case $with_mail_if_noperms in
568 *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."])
571 if test "$mail_noperms" = "on"; then
572 AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
578 AC_MSG_CHECKING(who should get the mail that sudo sends)
579 AC_ARG_WITH(mailto, [ --with-mailto who should get sudo mail (default is "root")],
580 [case $with_mailto in
581 yes) AC_MSG_ERROR(["must give --with-mailto an argument."])
583 no) AC_MSG_ERROR(["--without-mailto not supported."])
585 *) mailto=$with_mailto
588 AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
589 AC_MSG_RESULT([$mailto])
591 AC_ARG_WITH(mailsubject, [ --with-mailsubject subject of sudo mail],
592 [case $with_mailsubject in
593 yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."])
595 no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.])
597 *) mailsub="$with_mailsubject"
598 AC_MSG_CHECKING(sudo mail subject)
599 AC_MSG_RESULT([Using alert mail subject: $mailsub])
602 AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
604 AC_MSG_CHECKING(for bad password prompt)
605 AC_ARG_WITH(passprompt, [ --with-passprompt default password prompt],
606 [case $with_passprompt in
607 yes) AC_MSG_ERROR(["must give --with-passprompt an argument."])
609 no) AC_MSG_WARN([Sorry, --without-passprompt not supported.])
611 *) passprompt="$with_passprompt"
613 AC_MSG_RESULT($passprompt)
614 AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
616 AC_MSG_CHECKING(for bad password message)
617 AC_ARG_WITH(badpass-message, [ --with-badpass-message message the user sees when the password is wrong],
618 [case $with_badpass_message in
619 yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
621 no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.])
623 *) badpass_message="$with_badpass_message"
626 AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
627 AC_MSG_RESULT([$badpass_message])
629 AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
630 AC_ARG_WITH(fqdn, [ --with-fqdn expect fully qualified hosts in sudoers],
636 *) AC_MSG_ERROR(["--with-fqdn does not take an argument."])
639 if test "$fqdn" = "on"; then
646 AC_ARG_WITH(timedir, [ --with-timedir path to the sudo timestamp dir],
647 [case $with_timedir in
648 yes) AC_MSG_ERROR(["must give --with-timedir an argument."])
650 no) AC_MSG_ERROR(["--without-timedir not supported."])
654 AC_ARG_WITH(sendmail, [ --with-sendmail=path set path to sendmail
655 --without-sendmail do not send mail at all],
656 [case $with_sendmail in
657 yes) with_sendmail=""
660 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
664 AC_ARG_WITH(sudoers-mode, [ --with-sudoers-mode mode of sudoers file (defaults to 0440)],
665 [case $with_sudoers_mode in
666 yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
668 no) AC_MSG_ERROR(["--without-sudoers-mode not supported."])
670 [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode}
672 0*) SUDOERS_MODE=$with_sudoers_mode
674 *) AC_MSG_ERROR(["you must use an octal mode, not a name."])
678 AC_ARG_WITH(sudoers-uid, [ --with-sudoers-uid uid that owns sudoers file (defaults to 0)],
679 [case $with_sudoers_uid in
680 yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
682 no) AC_MSG_ERROR(["--without-sudoers-uid not supported."])
684 [[0-9]]*) SUDOERS_UID=$with_sudoers_uid
686 *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."])
690 AC_ARG_WITH(sudoers-gid, [ --with-sudoers-gid gid that owns sudoers file (defaults to 0)],
691 [case $with_sudoers_gid in
692 yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
694 no) AC_MSG_ERROR(["--without-sudoers-gid not supported."])
696 [[0-9]]*) SUDOERS_GID=$with_sudoers_gid
698 *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."])
702 AC_MSG_CHECKING(for umask programs should be run with)
703 AC_ARG_WITH(umask, [ --with-umask umask with which the prog should run (default is 022)
704 --without-umask Preserves the umask of the user invoking sudo.],
706 yes) AC_MSG_ERROR(["must give --with-umask an argument."])
710 [[0-9]]*) sudo_umask=$with_umask
712 *) AC_MSG_ERROR(["you must enter a numeric mask."])
715 AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.])
716 if test "$sudo_umask" = "0777"; then
719 AC_MSG_RESULT($sudo_umask)
722 AC_MSG_CHECKING(for default user to run commands as)
723 AC_ARG_WITH(runas-default, [ --with-runas-default User to run commands as (default is "root")],
724 [case $with_runas_default in
725 yes) AC_MSG_ERROR(["must give --with-runas-default an argument."])
727 no) AC_MSG_ERROR(["--without-runas-default not supported."])
729 *) runas_default="$with_runas_default"
732 AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
733 AC_MSG_RESULT([$runas_default])
735 AC_ARG_WITH(exempt, [ --with-exempt=group no passwd needed for users in this group],
736 [case $with_exempt in
737 yes) AC_MSG_ERROR(["must give --with-exempt an argument."])
739 no) AC_MSG_ERROR(["--without-exempt not supported."])
741 *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
742 AC_MSG_CHECKING(for group to be exempt from password)
743 AC_MSG_RESULT([$with_exempt])
747 AC_MSG_CHECKING(for editor that visudo should use)
748 AC_ARG_WITH(editor, [ --with-editor=path Default editor for visudo (defaults to vi)],
749 [case $with_editor in
750 yes) AC_MSG_ERROR(["must give --with-editor an argument."])
752 no) AC_MSG_ERROR(["--without-editor not supported."])
754 *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
755 AC_MSG_RESULT([$with_editor])
757 esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
759 AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
760 AC_ARG_WITH(env-editor, [ --with-env-editor Use the environment variable EDITOR for visudo],
761 [case $with_env_editor in
766 *) AC_MSG_ERROR(["--with-env-editor does not take an argument."])
769 if test "$env_editor" = "on"; then
770 AC_DEFINE(ENV_EDITOR)
776 AC_MSG_CHECKING(number of tries a user gets to enter their password)
777 AC_ARG_WITH(passwd-tries, [ --with-passwd-tries number of tries to enter password (default is 3)],
778 [case $with_passwd_tries in
780 no) AC_MSG_ERROR(["--without-editor not supported."])
782 [[1-9]]*) passwd_tries=$with_passwd_tries
784 *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"])
787 AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
788 AC_MSG_RESULT($passwd_tries)
790 AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
791 AC_ARG_WITH(timeout, [ --with-timeout minutes before sudo asks for passwd again (def is 5 minutes)],
792 [case $with_timeout in
796 [[0-9]]*) timeout=$with_timeout
798 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
801 AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
802 AC_MSG_RESULT($timeout)
804 AC_MSG_CHECKING(time in minutes after the password prompt will time out)
805 AC_ARG_WITH(password-timeout, [ --with-password-timeout passwd prompt timeout in minutes (default is 5 minutes)],
806 [case $with_password_timeout in
808 no) password_timeout=0
810 [[0-9]]*) password_timeout=$with_password_timeout
812 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
815 AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
816 AC_MSG_RESULT($password_timeout)
818 AC_MSG_CHECKING(whether to use per-tty ticket files)
819 AC_ARG_WITH(tty-tickets, [ --with-tty-tickets use a different ticket file for each tty],
820 [case $with_tty_tickets in
825 *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
828 if test "$tty_tickets" = "on"; then
829 AC_DEFINE(USE_TTY_TICKETS)
835 AC_MSG_CHECKING(whether to include insults)
836 AC_ARG_WITH(insults, [ --with-insults insult the user for entering an incorrect password],
837 [case $with_insults in
839 with_classic_insults=yes
840 with_csops_insults=yes
844 *) AC_MSG_ERROR(["--with-insults does not take an argument."])
847 if test "$insults" = "on"; then
848 AC_DEFINE(USE_INSULTS)
854 AC_ARG_WITH(all-insults, [ --with-all-insults include all the sudo insult sets],
855 [case $with_all_insults in
856 yes) with_classic_insults=yes
857 with_csops_insults=yes
859 with_goons_insults=yes
862 *) AC_MSG_ERROR(["--with-all-insults does not take an argument."])
866 AC_ARG_WITH(classic-insults, [ --with-classic-insults include the insults from the "classic" sudo],
867 [case $with_classic_insults in
868 yes) AC_DEFINE(CLASSIC_INSULTS)
871 *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."])
875 AC_ARG_WITH(csops-insults, [ --with-csops-insults include CSOps insults],
876 [case $with_csops_insults in
877 yes) AC_DEFINE(CSOPS_INSULTS)
880 *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."])
884 AC_ARG_WITH(hal-insults, [ --with-hal-insults include 2001-like insults],
885 [case $with_hal_insults in
886 yes) AC_DEFINE(HAL_INSULTS)
889 *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."])
893 AC_ARG_WITH(goons-insults, [ --with-goons-insults include the insults from the "Goon Show"],
894 [case $with_goons_insults in
895 yes) AC_DEFINE(GOONS_INSULTS)
898 *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."])
902 AC_ARG_WITH(ldap, [ --with-ldap[[=DIR]] enable LDAP support],
905 *) AC_DEFINE(HAVE_LDAP)
906 AC_MSG_CHECKING(whether to use sudoers from LDAP)
910 AC_ARG_WITH(ldap-conf-file, [ --with-ldap-conf-file path to LDAP configuration file],
911 [AC_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$with_ldap_conf_file", [Path to the ldap.conf file])])
912 AC_ARG_WITH(ldap-secret-file, [ --with-ldap-secret-file path to LDAP secret password file],
913 [AC_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$with_ldap_secret_file", [Path to the ldap.secret file])])
915 AC_ARG_WITH(pc-insults, [ --with-pc-insults replace politically incorrect insults with less offensive ones],
916 [case $with_pc_insults in
917 yes) AC_DEFINE(PC_INSULTS)
920 *) AC_MSG_ERROR(["--with-pc-insults does not take an argument."])
924 dnl include all insult sets on one line
925 if test "$insults" = "on"; then
926 AC_MSG_CHECKING(which insult sets to include)
928 test "$with_goons_insults" = "yes" && i="goons ${i}"
929 test "$with_hal_insults" = "yes" && i="hal ${i}"
930 test "$with_csops_insults" = "yes" && i="csops ${i}"
931 test "$with_classic_insults" = "yes" && i="classic ${i}"
935 AC_MSG_CHECKING(whether to override the user's path)
936 AC_ARG_WITH(secure-path, [ --with-secure-path override the user's path with a built-in one],
937 [case $with_secure_path in
938 yes) AC_DEFINE_UNQUOTED(SECURE_PATH, "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc")
939 AC_MSG_RESULT([:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc])
941 no) AC_MSG_RESULT(no)
943 *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
944 AC_MSG_RESULT([$with_secure_path])
946 esac], AC_MSG_RESULT(no))
948 AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
949 AC_ARG_WITH(interfaces, [ --without-interfaces don't try to read the ip addr of ether interfaces],
950 [case $with_interfaces in
951 yes) AC_MSG_RESULT(yes)
953 no) AC_DEFINE(STUB_LOAD_INTERFACES)
956 *) AC_MSG_ERROR(["--with-interfaces does not take an argument."])
958 esac], AC_MSG_RESULT(yes))
960 AC_MSG_CHECKING(whether stow should be used)
961 AC_ARG_WITH(stow, [ --with-stow properly handle GNU stow packaging],
963 yes) AC_MSG_RESULT(yes)
966 no) AC_MSG_RESULT(no)
968 *) AC_MSG_ERROR(["--with-stow does not take an argument."])
970 esac], AC_MSG_RESULT(no))
973 dnl Options for --enable
976 AC_MSG_CHECKING(whether to do user authentication by default)
977 AC_ARG_ENABLE(authentication,
978 [ --disable-authentication
979 Do not require authentication by default],
980 [ case "$enableval" in
981 yes) AC_MSG_RESULT(yes)
983 no) AC_MSG_RESULT(no)
984 AC_DEFINE(NO_AUTHENTICATION)
987 AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval])
990 ], AC_MSG_RESULT(yes))
992 AC_MSG_CHECKING(whether to disable running the mailer as root)
993 AC_ARG_ENABLE(root-mailer,
994 [ --disable-root-mailer Don't run the mailer as root, run as the user],
995 [ case "$enableval" in
996 yes) AC_MSG_RESULT(no)
998 no) AC_MSG_RESULT(yes)
999 AC_DEFINE(NO_ROOT_MAILER)
1001 *) AC_MSG_RESULT(no)
1002 AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval])
1005 ], AC_MSG_RESULT(no))
1007 AC_ARG_ENABLE(setreuid,
1008 [ --disable-setreuid Don't try to use the setreuid() function],
1009 [ case "$enableval" in
1010 no) SKIP_SETREUID=yes
1016 AC_ARG_ENABLE(setresuid,
1017 [ --disable-setresuid Don't try to use the setresuid() function],
1018 [ case "$enableval" in
1019 no) SKIP_SETRESUID=yes
1025 AC_MSG_CHECKING(whether to disable shadow password support)
1026 AC_ARG_ENABLE(shadow,
1027 [ --disable-shadow Never use shadow passwords],
1028 [ case "$enableval" in
1029 yes) AC_MSG_RESULT(no)
1031 no) AC_MSG_RESULT(yes)
1034 *) AC_MSG_RESULT(no)
1035 AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval])
1038 ], AC_MSG_RESULT(no))
1040 AC_MSG_CHECKING(whether root should be allowed to use sudo)
1041 AC_ARG_ENABLE(root-sudo,
1042 [ --disable-root-sudo Don't allow root to run sudo],
1043 [ case "$enableval" in
1044 yes) AC_MSG_RESULT(yes)
1046 no) AC_DEFINE(NO_ROOT_SUDO)
1050 *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."])
1053 ], AC_MSG_RESULT(yes))
1055 AC_MSG_CHECKING(whether to log the hostname in the log file)
1056 AC_ARG_ENABLE(log-host,
1057 [ --enable-log-host Log the hostname in the log file],
1058 [ case "$enableval" in
1059 yes) AC_MSG_RESULT(yes)
1060 AC_DEFINE(HOST_IN_LOG)
1062 no) AC_MSG_RESULT(no)
1064 *) AC_MSG_RESULT(no)
1065 AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval])
1068 ], AC_MSG_RESULT(no))
1070 AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
1071 AC_ARG_ENABLE(noargs-shell,
1072 [ --enable-noargs-shell If sudo is given no arguments run a shell],
1073 [ case "$enableval" in
1074 yes) AC_MSG_RESULT(yes)
1075 AC_DEFINE(SHELL_IF_NO_ARGS)
1077 no) AC_MSG_RESULT(no)
1079 *) AC_MSG_RESULT(no)
1080 AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval])
1083 ], AC_MSG_RESULT(no))
1085 AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
1086 AC_ARG_ENABLE(shell-sets-home,
1087 [ --enable-shell-sets-home
1088 set $HOME to target user in shell mode],
1089 [ case "$enableval" in
1090 yes) AC_MSG_RESULT(yes)
1091 AC_DEFINE(SHELL_SETS_HOME)
1093 no) AC_MSG_RESULT(no)
1095 *) AC_MSG_RESULT(no)
1096 AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval])
1099 ], AC_MSG_RESULT(no))
1101 AC_MSG_CHECKING(whether to disable 'command not found' messages)
1102 AC_ARG_ENABLE(path_info,
1103 [ --disable-path-info Print 'command not allowed' not 'command not found'],
1104 [ case "$enableval" in
1105 yes) AC_MSG_RESULT(no)
1107 no) AC_MSG_RESULT(yes)
1108 AC_DEFINE(DONT_LEAK_PATH_INFO)
1111 *) AC_MSG_RESULT(no)
1112 AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval])
1115 ], AC_MSG_RESULT(no))
1118 dnl If we don't have egrep we can't do anything...
1120 AC_CHECK_PROG(EGREPPROG, egrep, egrep)
1121 if test -z "$EGREPPROG"; then
1122 AC_MSG_ERROR([Sorry, configure requires egrep to run.])
1126 dnl Prevent configure from adding the -g flag unless in devel mode
1128 if test "$with_devel" != "yes"; then
1133 dnl C compiler checks
1139 dnl Libtool magic; enable shared libs and disable static libs
1142 AC_CANONICAL_TARGET([])
1147 dnl Defer with_noexec until after libtool magic runs
1149 if test "$enable_shared" = "no"; then
1152 eval _shrext="$shrext_cmds"
1154 AC_MSG_CHECKING(path to sudo_noexec.so)
1155 AC_ARG_WITH(noexec, [ --with-noexec[=PATH] fully qualified pathname of sudo_noexec.so],
1156 [case $with_noexec in
1157 yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
1161 esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
1162 AC_MSG_RESULT($with_noexec)
1163 NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
1166 dnl It is now safe to modify CFLAGS and CPPFLAGS
1168 if test "$with_devel" = "yes" -a -n "$GCC"; then
1169 CFLAGS="${CFLAGS} -Wall"
1173 dnl Find programs we use
1175 AC_CHECK_PROG(UNAMEPROG, uname, uname)
1176 AC_CHECK_PROG(TRPROG, tr, tr)
1177 AC_CHECK_PROG(NROFFPROG, nroff, nroff)
1178 if test -z "$NROFFPROG"; then
1180 mansrcdir='$(srcdir)'
1184 dnl What kind of beastie are we being run on?
1185 dnl Barf if config.cache was generated on another host.
1187 if test -n "$sudo_cv_prev_host"; then
1188 if test "$sudo_cv_prev_host" != "$host"; then
1189 AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
1191 AC_MSG_CHECKING(previous host type)
1192 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1193 AC_MSG_RESULT([$sudo_cv_prev_host])
1196 # this will produce no output since there is no cached value
1197 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1201 dnl We want to be able to differentiate between different rev's
1203 if test -n "$host_os"; then
1204 OS=`echo $host_os | sed 's/[[0-9]].*//'`
1205 OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'`
1206 OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
1215 # getcwd(3) opens a pipe to getpwd(1)!?!
1218 # system headers lack prototypes but gcc helps...
1219 if test -n "$GCC"; then
1220 OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
1223 shadow_funcs="getpwanam issecure"
1226 # To get the crypt(3) prototype (so we pass -Wall)
1227 OSDEFS="${OSDEFS} -D__EXTENSIONS__"
1228 # AFS support needs -lucb
1229 if test "$with_AFS" = "yes"; then
1230 AFS_LIBS="-lc -lucb"
1233 : ${mansectform='4'}
1234 : ${with_rpath='yes'}
1235 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1238 # To get all prototypes (so we pass -Wall)
1239 OSDEFS="${OSDEFS} -D_XOPEN_EXTENDED_SOURCE -D_ALL_SOURCE"
1240 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
1241 if test X"$with_blibpath" != X"no"; then
1242 AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
1243 O_LDFLAGS="$LDFLAGS"
1244 LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
1245 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [
1246 if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
1247 blibpath="$with_blibpath"
1248 elif test -n "$GCC"; then
1249 blibpath="/usr/lib:/lib:/usr/local/lib"
1251 blibpath="/usr/lib:/lib"
1254 ], [AC_MSG_RESULT(no)])
1256 LDFLAGS="$O_LDFLAGS"
1258 # Use authenticate(3) as the default authentication method
1259 if test X"$with_aixauth" = X""; then
1260 AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
1265 : ${mansectform='4'}
1268 # AFS support needs -lBSD
1269 if test "$with_AFS" = "yes"; then
1270 AFS_LIBS="-lc -lBSD"
1273 : ${mansectform='4'}
1277 AC_DEFINE(BROKEN_SYSLOG)
1279 # Not sure if setuid binaries are safe in < 9.x
1280 if test -n "$GCC"; then
1281 SUDO_LDFLAGS="${SUDO_LDFLAGS} -static"
1283 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive"
1287 AC_DEFINE(BROKEN_SYSLOG)
1289 shadow_funcs="getspwuid"
1291 # DCE support (requires ANSI C compiler)
1292 if test "$with_DCE" = "yes"; then
1293 # order of libs in 9.X is important. -lc_r must be last
1294 SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r"
1295 LIBS="${LIBS} -ldce -lM -lc_r"
1296 CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
1300 shadow_funcs="getprpwnam iscomsec"
1304 shadow_funcs="getspnam iscomsec"
1306 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1311 # ignore envariables wrt dynamic lib path
1312 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement"
1314 : ${CHECKSIA='true'}
1315 AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
1317 [ --disable-sia Disable SIA on Digital UNIX],
1318 [ case "$enableval" in
1319 yes) AC_MSG_RESULT(no)
1322 no) AC_MSG_RESULT(yes)
1325 *) AC_MSG_RESULT(no)
1326 AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval])
1329 ], AC_MSG_RESULT(no))
1331 shadow_funcs="getprpwnam dispcrypt"
1332 # OSF/1 4.x and higher need -ldb too
1333 if test $OSMAJOR -lt 4; then
1334 shadow_libs="-lsecurity -laud -lm"
1336 shadow_libs="-lsecurity -ldb -laud -lm"
1339 # use SIA by default, if we have it
1340 test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
1343 # Some versions of Digital Unix ship with a broken
1344 # copy of prot.h, which we need for shadow passwords.
1345 # XXX - make should remove this as part of distclean
1347 AC_MSG_CHECKING([for broken prot.h])
1348 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1349 #include <sys/types.h>
1350 #include <sys/security.h>
1352 ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
1353 sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
1356 : ${mansectform='4'}
1359 OSDEFS="${OSDEFS} -D_BSD_TYPES"
1360 if test -z "$NROFFPROG"; then
1361 MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
1362 if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
1363 if test -d /usr/share/catman/local; then
1364 mandir="/usr/share/catman/local"
1366 mandir="/usr/catman/local"
1370 if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
1371 if test -d "/usr/share/man/local"; then
1372 mandir="/usr/share/man/local"
1374 mandir="/usr/man/local"
1378 # IRIX <= 4 needs -lsun
1379 if test "$OSMAJOR" -le 4; then
1380 AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
1383 : ${mansectform='4'}
1386 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1387 # Some Linux versions need to link with -lshadow
1388 shadow_funcs="getspnam"
1389 shadow_libs_optional="-lshadow"
1390 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1393 OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
1394 if test -z "$GCC"; then
1395 CFLAGS="${CFLAGS} -D__STDC__"
1398 shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
1399 shadow_funcs="getprpwnam"
1400 shadow_libs="-lprot"
1404 shadow_funcs="getauthuid"
1405 shadow_libs="-lauth"
1408 LIBS="${LIBS} -lsun -lbsd"
1409 CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
1410 OSDEFS="${OSDEFS} -D_MIPS"
1412 : ${mansectform='4'}
1415 OSDEFS="${OSDEFS} -D_ISC"
1417 SUDO_LIBS="${SUDO_LIBS} -lcrypt"
1418 LIBS="${LIBS} -lcrypt"
1420 shadow_funcs="getspnam"
1424 : ${mansectform='4'}
1427 shadow_funcs="getprpwnam"
1428 shadow_libs="-lprot -lx"
1430 : ${mansectform='4'}
1432 m88k-motorola-sysv*)
1433 # motorolla's cc (a variant of gcc) does -O but not -O2
1434 CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
1436 : ${mansectform='4'}
1439 shadow_funcs="getspnam"
1442 : ${mansectform='4'}
1443 : ${with_rpath='yes'}
1445 *-ncr-sysv4*|*-ncr-sysvr4*)
1446 AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes])
1448 : ${mansectform='4'}
1449 : ${with_rpath='yes'}
1451 *-ccur-sysv4*|*-ccur-sysvr4*)
1452 LIBS="${LIBS} -lgen"
1453 SUDO_LIBS="${SUDO_LIBS} -lgen"
1455 : ${mansectform='4'}
1456 : ${with_rpath='yes'}
1460 # Use shlicc for BSD/OS [23].x unless asked to do otherwise
1461 if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then
1463 2|3) AC_MSG_NOTICE([using shlicc as CC])
1464 ac_cv_prog_CC=shlicc
1469 # Check for newer BSD auth API (just check for >= 3.0?)
1470 if test -z "$with_bsdauth"; then
1471 AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
1475 # FreeBSD has a real setreuid(2) starting with 2.1 and
1476 # backported to 2.0.5. We just take 2.1 and above...
1482 if test "$with_skey" = "yes"; then
1483 SUDO_LIBS="${SUDO_LIBS} -lmd"
1486 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1487 : ${with_logincap='maybe'}
1490 # OpenBSD has a real setreuid(2) starting with 3.3 but
1491 # we will use setreuid(2) instead.
1494 # OpenBSD >= 3.0 supports BSD auth
1495 if test -z "$with_bsdauth"; then
1500 AUTH_EXCL_DEF="BSD_AUTH"
1504 : ${with_logincap='maybe'}
1507 # NetBSD has a real setreuid(2) starting with 1.3.2
1509 0.9*|1.[012]*|1.3|1.3.1)
1514 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1515 : ${with_logincap='maybe'}
1518 if test "$with_skey" = "yes"; then
1519 SUDO_LIBS="${SUDO_LIBS} -lmd"
1522 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1523 : ${with_logincap='yes'}
1531 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1532 : ${with_logincap='yes'}
1535 # lockf() on is broken on the NeXT -- use flock instead
1537 ac_cv_func_flock=yes
1541 : ${mansectform='4'}
1542 : ${with_rpath='yes'}
1546 : ${mansectform='4'}
1549 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1554 dnl Check for mixing mutually exclusive and regular auth methods
1556 AUTH_REG=${AUTH_REG# }
1557 AUTH_EXCL=${AUTH_EXCL# }
1558 if test -n "$AUTH_EXCL"; then
1560 if test $# != 1; then
1561 AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL])
1563 if test -n "$AUTH_REG"; then
1564 AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
1568 dnl Only one of S/Key and OPIE may be specified
1570 if test X"${with_skey}${with_opie}" = X"yesyes"; then
1571 AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
1575 dnl Use BSD-style man sections by default
1578 : ${mansectform='5'}
1581 dnl Add in any libpaths or libraries specified via configure
1583 if test -n "$with_libpath"; then
1584 for i in ${with_libpath}; do
1585 SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
1588 if test -n "$with_libraries"; then
1589 for i in ${with_libraries}; do
1601 dnl C compiler checks (to be done after os checks)
1603 AC_PROG_GCC_TRADITIONAL
1612 if test -z "$with_sendmail"; then
1615 if test -z "$with_editor"; then
1619 dnl Header file checks
1624 AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h)
1625 AC_CHECK_HEADERS([err.h], [], [AC_LIBOBJ(err)])
1626 dnl ultrix termio/termios are broken
1627 if test "$OS" != "ultrix"; then
1628 AC_SYS_POSIX_TERMIOS
1629 if test "$ac_cv_sys_posix_termios" = "yes"; then
1630 AC_DEFINE(HAVE_TERMIOS_H)
1632 AC_CHECK_HEADERS(termio.h)
1635 if test ${with_logincap-'no'} != "no"; then
1636 AC_CHECK_HEADERS(login_cap.h, [
1638 freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
1643 if test ${with_project-'no'} != "no"; then
1644 AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H)
1645 [SUDO_LIBS="${SUDO_LIBS} -lproject"], -)
1652 AC_CHECK_TYPES([sig_atomic_t], , [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
1653 #include <signal.h>])
1654 AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include <sys/types.h>
1655 #include <signal.h>])
1656 AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include <sys/types.h>
1657 #if TIME_WITH_SYS_TIME
1658 # include <sys/time.h>
1661 AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include <sys/types.h>
1662 #include <netinet/in.h>])
1672 dnl only set RETSIGTYPE if it is not set already
1682 AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
1683 strftime setrlimit initgroups getgroups fstat gettimeofday \
1684 setlocale getaddrinfo)
1685 if test -z "$SKIP_SETRESUID"; then
1686 AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
1688 if test -z "$SKIP_SETREUID"; then
1689 AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
1691 if test -z "$SKIP_SETEUID"; then
1692 AC_CHECK_FUNCS(seteuid)
1694 if test X"$with_interfaces" != X"no"; then
1695 AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
1697 if test -z "$BROKEN_GETCWD"; then
1698 AC_REPLACE_FUNCS(getcwd)
1700 AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h)
1701 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <glob.h>]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB)
1702 AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob)
1703 AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)])
1704 AC_CHECK_FUNCS(lockf flock, [break])
1705 AC_CHECK_FUNCS(waitpid wait3, [break])
1706 AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
1707 AC_CHECK_FUNCS(lsearch, [], [AC_CHECK_LIB([compat], [lsearch], [AC_CHECK_HEADER([search.h], [AC_DEFINE(HAVE_LSEARCH)] [LIBS="${LIBS} -lcompat"], [AC_LIBOBJ(lsearch)], -)], [AC_LIBOBJ(lsearch)])])
1708 AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
1709 SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)])
1711 AC_REPLACE_FUNCS(memrchr strerror strcasecmp sigaction strlcpy strlcat)
1712 AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom)
1713 AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [],
1714 [ #include <limits.h>
1715 #include <fcntl.h> ])
1717 AC_CHECK_FUNCS(mkstemp, [], [SUDO_OBJS="${SUDO_OBJS} mkstemp.o"
1718 AC_CHECK_FUNCS(random lrand48, [break])
1720 AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
1721 if test X"$ac_cv_type_struct_timespec" != X"no"; then
1722 AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)]
1723 [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))],
1724 [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
1725 AC_MSG_CHECKING([for two-parameter timespecsub])
1726 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1727 #include <sys/time.h>]], [[struct timespec ts1, ts2;
1728 ts1.tv_sec = 1; ts1.tv_nsec = 0; ts2.tv_sec = 0; ts2.tv_nsec = 0;
1730 #error missing timespecsub
1732 timespecsub(&ts1, &ts2);]])], [AC_DEFINE(HAVE_TIMESPECSUB2)
1733 AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)])
1736 dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
1738 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1739 #include <$ac_header_dirent>]], [[DIR d; (void)dirfd(&d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_TRY_LINK([#include <sys/types.h>
1740 #include <$ac_header_dirent>], [DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);], [AC_DEFINE(HAVE_DD_FD)])])
1742 dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
1743 dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
1745 if test -n "$NEED_SNPRINTF"; then
1749 dnl If socket(2) not in libc, check -lsocket and -linet
1750 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
1751 dnl In this case we look for main(), not socket() to avoid using a cached value
1753 AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl)
1754 AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))])
1756 dnl If inet_addr(3) not in libc, check -lnsl and -linet
1757 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
1759 AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl)
1760 AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))])
1762 dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
1764 AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))])
1766 dnl Bison and DCE use alloca(3), if not in libc, use the sudo one (from gcc)
1767 dnl (gcc includes its own alloca(3) but other compilers may not)
1769 if test "$with_DCE" = "yes" -o "$ac_cv_prog_YACC" = "bison -y"; then
1773 dnl Check for getprogname() or __progname
1775 AC_CHECK_FUNCS(getprogname, , [
1776 AC_MSG_CHECKING([for __progname])
1777 AC_CACHE_VAL(sudo_cv___progname, [
1778 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
1779 if test "$sudo_cv___progname" = "yes"; then
1780 AC_DEFINE(HAVE___PROGNAME)
1782 AC_LIBOBJ(getprogname)
1784 AC_MSG_RESULT($sudo_cv___progname)
1788 dnl Mutually exclusive auth checks come first, followed by
1789 dnl non-exclusive ones. Note: passwd must be last of all!
1793 dnl Convert default authentication methods to with_* if
1794 dnl no explicit authentication scheme was specified.
1796 if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
1797 for auth in $AUTH_EXCL_DEF; do
1799 AIX_AUTH) with_aixauth=maybe;;
1800 BSD_AUTH) with_bsdauth=maybe;;
1801 PAM) with_pam=maybe;;
1802 SIA) CHECKSIA=true;;
1808 dnl PAM support. Systems that use PAM by default set with_pam=default
1809 dnl and we do the actual tests here.
1811 if test ${with_pam-"no"} != "no"; then
1813 dnl Linux may need this
1815 AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"])
1816 ac_cv_lib_dl=ac_cv_lib_dl_main
1819 dnl Some PAM implementations (MacOS X for example) put the PAM headers
1820 dnl in /usr/include/pam instead of /usr/include/security...
1822 AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break])
1823 if test "$with_pam" = "yes"; then
1825 AUTH_OBJS="$AUTH_OBJS pam.o";
1827 AC_MSG_CHECKING(whether to use PAM session support)
1828 AC_ARG_ENABLE(pam_session,
1829 [ --disable-pam-session Disable PAM session support],
1830 [ case "$enableval" in
1831 yes) AC_MSG_RESULT(yes)
1833 no) AC_MSG_RESULT(no)
1834 AC_DEFINE(NO_PAM_SESSION)
1836 *) AC_MSG_RESULT(no)
1837 AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
1839 esac], AC_MSG_RESULT(yes))
1841 *-*-linux*|*-*-solaris*)
1842 AC_CHECK_FUNCS(dgettext, [],
1843 [AC_CHECK_LIB(intl, dgettext, [LIBS="${LIBS} -lintl"]
1844 [AC_DEFINE(HAVE_DGETTEXT)])])
1851 dnl AIX general authentication
1852 dnl If set to "maybe" only enable if no other exclusive method in use.
1854 if test ${with_aixauth-'no'} != "no"; then
1855 if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
1856 AC_MSG_NOTICE([using AIX general authentication])
1857 AC_DEFINE(HAVE_AIXAUTH)
1858 AUTH_OBJS="$AUTH_OBJS aix_auth.o";
1859 SUDO_LIBS="${SUDO_LIBS} -ls"
1865 dnl BSD authentication
1866 dnl If set to "maybe" only enable if no other exclusive method in use.
1868 if test ${with_bsdauth-'no'} != "no"; then
1869 AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
1870 [AUTH_OBJS="$AUTH_OBJS bsdauth.o"]
1871 [BSDAUTH_USAGE='[[-a auth_type]] ']
1872 [AUTH_EXCL=BSD_AUTH],
1873 [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
1877 dnl SIA authentication for Tru64 Unix
1879 if test ${CHECKSIA-'false'} = "true"; then
1880 AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
1881 if test "$found" = "true"; then
1883 AUTH_OBJS="$AUTH_OBJS sia.o"
1888 dnl extra FWTK libs + includes
1890 if test ${with_fwtk-'no'} != "no"; then
1891 if test "$with_fwtk" != "yes"; then
1892 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}])
1893 CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
1896 SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall"
1897 AUTH_OBJS="$AUTH_OBJS fwtk.o"
1901 dnl extra SecurID lib + includes
1903 if test ${with_SecurID-'no'} != "no"; then
1904 if test "$with_SecurID" != "yes"; then
1906 elif test -d /usr/ace/examples; then
1907 with_SecurID=/usr/ace/examples
1909 with_SecurID=/usr/ace
1911 CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
1912 _LDFLAGS="${LDFLAGS}"
1913 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
1915 # Determine whether to use the new or old SecurID API
1917 AC_CHECK_LIB(aceclnt, SD_Init,
1919 AUTH_OBJS="$AUTH_OBJS securid5.o";
1920 SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"
1923 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}])
1925 AUTH_OBJS="$AUTH_OBJS securid.o";
1926 SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a"
1932 LDFLAGS="${_LDFLAGS}"
1936 dnl Non-mutually exclusive auth checks come next.
1937 dnl Note: passwd must be last of all!
1941 dnl Convert default authentication methods to with_* if
1942 dnl no explicit authentication scheme was specified.
1944 if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
1945 for auth in $AUTH_DEF; do
1947 passwd) : ${with_passwd='maybe'};;
1955 if test ${with_kerb4-'no'} != "no"; then
1956 AC_DEFINE(HAVE_KERB4)
1958 dnl Use the specified directory, if any, else search for correct inc dir
1960 O_LDFLAGS="$LDFLAGS"
1961 if test "$with_kerb4" = "yes"; then
1963 O_CPPFLAGS="$CPPFLAGS"
1964 for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
1965 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
1966 AC_PREPROC_IFELSE([#include <krb.h>], [found=yes; break])
1968 test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
1970 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib])
1971 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib])
1972 CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
1973 AC_CHECK_HEADER([krb.h], [found=yes], [found=no])
1975 if test X"$found" = X"no"; then
1976 AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
1980 dnl Check for -ldes vs. -ldes425
1982 AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [
1983 AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""])
1986 dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV
1988 AC_MSG_CHECKING(whether we are using KTH Kerberos IV)
1989 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]], [[const char *tmp = krb4_version;]])], [
1991 K4LIBS="${K4LIBS} -lcom_err"
1992 AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"])
1998 dnl The actual Kerberos IV lib might be -lkrb or -lkrb4
2000 AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [
2001 AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"],
2002 [K4LIBS="-lkrb $K4LIBS"]
2003 [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])]
2006 LDFLAGS="$O_LDFLAGS"
2007 SUDO_LIBS="${SUDO_LIBS} $K4LIBS"
2008 AUTH_OBJS="$AUTH_OBJS kerb4.o"
2013 dnl There is an easy way and a hard way...
2015 if test ${with_kerb5-'no'} != "no"; then
2016 AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
2017 if test -n "$KRB5CONFIG"; then
2018 AC_DEFINE(HAVE_KERB5)
2019 AUTH_OBJS="$AUTH_OBJS kerb5.o"
2020 CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
2021 SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`"
2023 dnl Try to determine whether we have Heimdal or MIT Kerberos
2025 AC_MSG_CHECKING(whether we are using Heimdal)
2026 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2028 AC_DEFINE(HAVE_HEIMDAL)
2035 if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then
2036 AC_DEFINE(HAVE_KERB5)
2038 dnl Use the specified directory, if any, else search for correct inc dir
2040 if test "$with_kerb5" = "yes"; then
2042 O_CPPFLAGS="$CPPFLAGS"
2043 for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
2044 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
2045 AC_PREPROC_IFELSE([#include <krb5.h>], [found=yes; break])
2047 if test X"$found" = X"no"; then
2048 CPPFLAGS="$O_CPPFLAGS"
2049 AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
2052 dnl XXX - try to include krb5.h here too
2053 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib])
2054 CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
2058 dnl Try to determine whether we have Heimdal or MIT Kerberos
2060 AC_MSG_CHECKING(whether we are using Heimdal)
2061 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2063 AC_DEFINE(HAVE_HEIMDAL)
2064 SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
2065 AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"])
2068 SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
2069 AC_CHECK_LIB(krb5support, main, [SUDO_LIBS="${SUDO_LIBS} -lkrb5support,"])
2071 AUTH_OBJS="$AUTH_OBJS kerb5.o"
2073 LIBS="${LIBS} ${SUDO_LIBS}"
2074 AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
2079 dnl extra AFS libs and includes
2081 if test ${with_AFS-'no'} = "yes"; then
2083 # looks like the "standard" place for AFS libs is /usr/afsws/lib
2084 AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
2085 for i in $AFSLIBDIRS; do
2086 if test -d ${i}; then
2087 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i])
2088 FOUND_AFSLIBDIR=true
2091 if test -z "$FOUND_AFSLIBDIR"; then
2092 AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.])
2095 # Order is important here. Note that we build AFS_LIBS from right to left
2096 # since AFS_LIBS may be initialized with BSD compat libs that must go last
2097 AFS_LIBS="-laudit ${AFS_LIBS}"
2098 for i in $AFSLIBDIRS; do
2099 if test -f ${i}/util.a; then
2100 AFS_LIBS="${i}/util.a ${AFS_LIBS}"
2105 if test -z "$FOUND_UTIL_A"; then
2106 AFS_LIBS="-lutil ${AFS_LIBS}"
2108 AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
2110 # AFS includes may live in /usr/include on some machines...
2111 for i in /usr/afsws/include; do
2112 if test -d ${i}; then
2113 CPPFLAGS="${CPPFLAGS} -I${i}"
2114 FOUND_AFSINCDIR=true
2118 if test -z "$FOUND_AFSLIBDIR"; then
2119 AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
2122 AUTH_OBJS="$AUTH_OBJS afs.o"
2126 dnl extra DCE obj + lib
2127 dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
2129 if test ${with_DCE-'no'} = "yes"; then
2130 DCE_OBJS="${DCE_OBJS} dce_pwent.o"
2131 SUDO_LIBS="${SUDO_LIBS} -ldce"
2132 AUTH_OBJS="$AUTH_OBJS dce.o"
2136 dnl extra S/Key lib and includes
2138 if test ${with_skey-'no'} = "yes"; then
2139 O_LDFLAGS="$LDFLAGS"
2140 if test "$with_skey" != "yes"; then
2141 CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
2142 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
2143 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib])
2144 AC_PREPROC_IFELSE([#include <skey.h>], [found=yes], [found=no])
2147 O_CPPFLAGS="$CPPFLAGS"
2148 for dir in "" "/usr/local" "/usr/contrib"; do
2149 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2150 AC_PREPROC_IFELSE([#include <skey.h>], [found=yes; break])
2152 if test "$found" = "no" -o -z "$dir"; then
2153 CPPFLAGS="$O_CPPFLAGS"
2155 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2156 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
2159 if test "$found" = "no"; then
2160 AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
2162 AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])])
2163 AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
2164 LDFLAGS="$O_LDFLAGS"
2165 SUDO_LIBS="${SUDO_LIBS} -lskey"
2166 AUTH_OBJS="$AUTH_OBJS rfc1938.o"
2170 dnl extra OPIE lib and includes
2172 if test ${with_opie-'no'} = "yes"; then
2173 O_LDFLAGS="$LDFLAGS"
2174 if test "$with_opie" != "yes"; then
2175 CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
2176 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
2177 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib])
2178 AC_PREPROC_IFELSE([#include <opie.h>], [found=yes], [found=no])
2181 O_CPPFLAGS="$CPPFLAGS"
2182 for dir in "" "/usr/local" "/usr/contrib"; do
2183 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2184 AC_PREPROC_IFELSE([#include <opie.h>], [found=yes; break])
2186 if test "$found" = "no" -o -z "$dir"; then
2187 CPPFLAGS="$O_CPPFLAGS"
2189 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2190 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
2193 if test "$found" = "no"; then
2194 AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
2196 AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])])
2197 LDFLAGS="$O_LDFLAGS"
2198 SUDO_LIBS="${SUDO_LIBS} -lopie"
2199 AUTH_OBJS="$AUTH_OBJS rfc1938.o"
2203 dnl Check for shadow password routines if we have not already done so.
2204 dnl If there is a specific list of functions to check we do that first.
2205 dnl Otherwise, we check for SVR4-style and then SecureWare-style.
2207 if test ${with_passwd-'no'} != "no"; then
2209 dnl if crypt(3) not in libc, look elsewhere
2211 if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then
2212 AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2215 if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
2217 LIBS="$LIBS $shadow_libs"
2219 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2220 if test "$found" = "yes"; then
2221 SUDO_LIBS="$SUDO_LIBS $shadow_libs"
2222 elif test -n "$shadow_libs_optional"; then
2223 LIBS="$LIBS $shadow_libs_optional"
2224 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2225 if test "$found" = "yes"; then
2226 SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional"
2229 if test "$found" = "yes"; then
2230 case "$shadow_funcs" in
2231 *getprpwnam*) SECUREWARE=1;;
2233 test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
2239 if test "$CHECKSHADOW" = "true"; then
2240 AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2242 if test "$CHECKSHADOW" = "true"; then
2243 AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2245 if test -n "$SECUREWARE"; then
2246 AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
2247 AUTH_OBJS="$AUTH_OBJS secureware.o"
2252 dnl extra lib and .o file for LDAP support
2254 if test ${with_ldap-'no'} != "no"; then
2256 if test "$with_ldap" != "yes"; then
2257 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib])
2258 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
2259 CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
2262 SUDO_OBJS="${SUDO_OBJS} ldap.o"
2264 AC_MSG_CHECKING([for LDAP libraries])
2268 for l in -lldap -llber '-lssl -lcrypto'; do
2270 LDAP_LIBS="${LDAP_LIBS} $l"
2271 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2273 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
2275 dnl if nothing linked just try with -lldap
2276 if test "$found" = "no"; then
2277 LIBS="${_LIBS} -lldap"
2279 AC_MSG_RESULT([not found, using -lldap])
2281 AC_MSG_RESULT([$LDAP_LIBS])
2283 dnl check if we need to link with -llber for ber_set_option
2285 AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
2286 if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
2287 LDAP_LIBS="$LDAP_LIBS -llber"
2289 dnl check if ldap.h includes lber.h for us
2290 AC_MSG_CHECKING([whether lber.h is needed])
2291 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2292 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
2293 AC_MSG_RESULT([yes])
2294 AC_DEFINE(HAVE_LBER_H)])
2296 AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength)
2297 AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break])
2299 SUDO_LIBS="${SUDO_LIBS}${LDAP_LIBS}"
2302 # XXX - OpenLDAP has deprecated ldap_get_values()
2303 CPPFLAGS="${CPPFLAGS} -DLDAP_DEPRECATED"
2307 dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we
2308 dnl added -L dirpaths to SUDO_LDFLAGS.
2310 if test -n "$blibpath"; then
2311 if test -n "$blibpath_add"; then
2312 SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
2313 elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
2314 SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}"
2319 dnl Check for log file and timestamp locations
2325 dnl Use passwd (and secureware) auth modules?
2327 case "$with_passwd" in
2329 AUTH_OBJS="$AUTH_OBJS passwd.o"
2332 AC_DEFINE(WITHOUT_PASSWD)
2333 if test -z "$AUTH_OBJS"; then
2334 AC_MSG_ERROR([no authentication methods defined.])
2338 AUTH_OBJS=${AUTH_OBJS# }
2339 _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'`
2340 AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
2343 dnl LIBS may contain duplicates from SUDO_LIBS or NET_LIBS so prune it.
2345 if test -n "$LIBS"; then
2350 for sl in ${SUDO_LIBS} ${NET_LIBS}; do
2351 test $l = $sl && dupe=1
2353 test $dupe = 0 && LIBS="${LIBS} $l"
2360 test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
2363 dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
2364 dnl XXX - this is gross!
2366 if test "$with_noexec" != "no"; then
2367 PROGS="${PROGS} sudo_noexec.la"
2368 INSTALL_NOEXEC="install-noexec"
2370 oexec_prefix="$exec_prefix"
2371 if test "$exec_prefix" = '$(prefix)'; then
2372 if test "$prefix" = "NONE"; then
2373 exec_prefix="$ac_default_prefix"
2375 exec_prefix="$prefix"
2378 eval noexec_file="$with_noexec"
2379 AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
2380 exec_prefix="$oexec_prefix"
2384 dnl Substitute into the Makefile and man pages
2386 AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man])
2390 dnl Spew any text the user needs to know about
2392 if test "$with_pam" = "yes"; then
2395 AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
2401 dnl Autoheader templates
2403 AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
2404 AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
2405 AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
2406 AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
2407 AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
2408 AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
2409 AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
2410 AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
2411 AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
2412 AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
2413 AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
2414 AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
2415 AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
2416 AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
2417 AH_TEMPLATE(HAVE_DGETTEXT, [Define to 1 if you have the `dgettext' function.])
2418 AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
2419 AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.])
2420 AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
2421 AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
2422 AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
2423 AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)])
2424 AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)])
2425 AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
2426 AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
2427 AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
2428 AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
2429 AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if <netinet/in.h> contains struct in6_addr.])
2430 AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
2431 AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
2432 AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.])
2433 AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
2434 AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
2435 AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
2436 AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
2437 AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
2438 AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
2439 AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
2440 AH_TEMPLATE(HAVE_SIA, [Define to 1 if you use SIA authentication.])
2441 AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
2442 AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
2443 AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
2444 AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union])
2445 AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
2446 AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
2447 AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.])
2448 AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h])
2449 AH_TEMPLATE(HAVE_TIMESPECSUB2, [Define to 1 if you have a timespecsub macro or function that takes two arguments (not three)])
2450 AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
2451 AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
2452 AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
2453 AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
2454 AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
2455 AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
2456 AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
2457 AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
2458 AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
2459 AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
2460 AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
2461 AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
2462 AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
2463 AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
2464 AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
2465 AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
2466 AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
2467 AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
2468 AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
2469 AH_TEMPLATE(USE_TTY_TICKETS, [Define to 1 if you want a different ticket file for each tty.])
2470 AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
2471 AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
2474 dnl Bits to copy verbatim into config.h.in
2476 AH_TOP([#ifndef _SUDO_CONFIG_H
2477 #define _SUDO_CONFIG_H])
2480 * Macros to pull sec and nsec parts of mtime from struct stat.
2481 * We need to be able to convert between timeval and timespec
2482 * so the last 3 digits of tv_nsec are not significant.
2485 # ifdef HAVE_ST__TIM
2486 # define mtim_getsec(_x) ((_x).st_mtim.st__tim.tv_sec)
2487 # define mtim_getnsec(_x) (((_x).st_mtim.st__tim.tv_nsec / 1000) * 1000)
2489 # define mtim_getsec(_x) ((_x).st_mtim.tv_sec)
2490 # define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000)
2493 # ifdef HAVE_ST_MTIMESPEC
2494 # define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec)
2495 # define mtim_getnsec(_x) (((_x).st_mtimespec.tv_nsec / 1000) * 1000)
2497 # define mtim_getsec(_x) ((_x).st_mtime)
2498 # define mtim_getnsec(_x) (0)
2499 # endif /* HAVE_ST_MTIMESPEC */
2500 #endif /* HAVE_ST_MTIM */
2503 * Emulate a subset of waitpid() if we don't have it.
2506 # define sudo_waitpid(p, s, o) waitpid(p, s, o)
2509 # define sudo_waitpid(p, s, o) wait3(s, o, NULL)
2513 /* GNU stow needs /etc/sudoers to be a symlink. */
2515 # define stat_sudoers stat
2517 # define stat_sudoers lstat
2520 /* Macros to set/clear/test flags. */
2522 #define SET(t, f) ((t) |= (f))
2524 #define CLR(t, f) ((t) &= ~(f))
2526 #define ISSET(t, f) ((t) & (f))
2528 /* New ANSI-style OS defs for HP-UX and ConvexOS. */
2529 #if defined(hpux) && !defined(__hpux)
2533 #if defined(convex) && !defined(__convex__)
2534 # define __convex__ 1
2537 /* BSD compatibility on some SVR4 systems. */
2540 #endif /* __svr4__ */
2542 #endif /* _SUDO_CONFIG_H */])