2 dnl Process this file with GNU autoconf to produce a configure script.
4 dnl Copyright (c) 1994-1996,1998-2013 Todd C. Miller <Todd.Miller@courtesan.com>
6 AC_INIT([sudo], [1.8.6p8], [http://www.sudo.ws/bugs/], [sudo])
7 AC_CONFIG_HEADER([config.h pathnames.h])
9 dnl Note: this must come after AC_INIT
11 AC_MSG_NOTICE([Configuring Sudo version $PACKAGE_VERSION])
13 dnl Variables that get substituted in the Makefile and man pages
15 AC_SUBST([HAVE_BSM_AUDIT])
22 AC_SUBST([SUDOERS_LDFLAGS])
23 AC_SUBST([LT_LDFLAGS])
27 AC_SUBST([LT_LDEXPORTS])
28 AC_SUBST([COMMON_OBJS])
29 AC_SUBST([SUDOERS_OBJS])
33 AC_SUBST([SUDOERS_LIBS])
36 AC_SUBST([REPLAY_LIBS])
37 AC_SUBST([GETGROUPS_LIB])
41 AC_SUBST([MANDIRTYPE])
42 AC_SUBST([MANCOMPRESS])
43 AC_SUBST([MANCOMPRESSEXT])
44 AC_SUBST([SHLIB_MODE])
45 AC_SUBST([SUDOERS_MODE])
46 AC_SUBST([SUDOERS_UID])
47 AC_SUBST([SUDOERS_GID])
55 AC_SUBST([mansectform])
57 AC_SUBST([NOEXECFILE])
61 AC_SUBST([noexec_file])
62 AC_SUBST([INSTALL_NOEXEC])
63 AC_SUBST([DONT_LEAK_PATH_INFO])
64 AC_SUBST([BSDAUTH_USAGE])
65 AC_SUBST([SELINUX_USAGE])
67 AC_SUBST([LOGINCAP_USAGE])
70 AC_SUBST([LIBTOOL_DEPS])
71 AC_SUBST([ac_config_libobj_dir])
72 AC_SUBST([CONFIGURE_ARGS])
77 AC_SUBST([COMPAT_TEST_PROGS])
78 AC_SUBST([CROSS_COMPILING])
79 AC_SUBST([PIE_LDFLAGS])
80 AC_SUBST([PIE_CFLAGS])
81 AC_SUBST([SSP_LDFLAGS])
82 AC_SUBST([SSP_CFLAGS])
85 dnl Variables that get substituted in docs (not overridden by environment)
87 AC_SUBST([iolog_dir])dnl real initial value from SUDO_IO_LOGDIR
88 AC_SUBST([timedir])dnl real initial value from SUDO_TIMEDIR
90 AC_SUBST([password_timeout])
91 AC_SUBST([sudo_umask])
92 AC_SUBST([umask_override])
93 AC_SUBST([passprompt])
94 AC_SUBST([long_otp_prompt])
100 AC_SUBST([ignore_dot])
101 AC_SUBST([mail_no_user])
102 AC_SUBST([mail_no_host])
103 AC_SUBST([mail_no_perms])
106 AC_SUBST([badpass_message])
108 AC_SUBST([runas_default])
109 AC_SUBST([env_editor])
110 AC_SUBST([env_reset])
111 AC_SUBST([passwd_tries])
112 AC_SUBST([tty_tickets])
114 AC_SUBST([root_sudo])
115 AC_SUBST([path_info])
116 AC_SUBST([ldap_conf])
117 AC_SUBST([ldap_secret])
119 AC_SUBST([nsswitch_conf])
120 AC_SUBST([netsvc_conf])
121 AC_SUBST([secure_path])
124 # Begin initial values for man page substitution
126 iolog_dir=/var/log/sudo-io
127 timedir=/var/adm/sudo
132 passprompt="Password:"
144 mailsub="*** SECURITY information for %h ***"
145 badpass_message="Sorry, try again."
156 ldap_conf=/etc/ldap.conf
157 ldap_secret=/etc/ldap.secret
158 netsvc_conf=/etc/netsvc.conf
159 noexec_file=/usr/local/libexec/sudo_noexec.so
160 nsswitch_conf=/etc/nsswitch.conf
161 secure_path="not set"
163 # End initial values for man page substitution
166 dnl Initial values for Makefile variables listed above
167 dnl May be overridden by environment variables..
172 : ${MANDIRTYPE='man'}
174 : ${SHLIB_MODE='0644'}
175 : ${SUDOERS_MODE='0440'}
193 LT_LDEXPORTS="-export-symbols \$(shlib_exp)"
194 LT_LDDEP="\$(shlib_exp)"
204 shadow_libs_optional=
208 dnl LD_PRELOAD equivalents
210 RTLD_PRELOAD_VAR="LD_PRELOAD"
211 RTLD_PRELOAD_ENABLE_VAR=
212 RTLD_PRELOAD_DELIM=":"
213 RTLD_PRELOAD_DEFAULT=
216 dnl libc replacement functions live in compat
218 AC_CONFIG_LIBOBJ_DIR(compat)
221 dnl Deprecated --with options (these all warn or generate an error)
224 AC_ARG_WITH(otp-only, [AS_HELP_STRING([--with-otp-only], [deprecated])],
225 [case $with_otp_only in
226 yes) with_passwd="no"
227 AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
231 AC_ARG_WITH(alertmail, [AS_HELP_STRING([--with-alertmail], [deprecated])],
232 [case $with_alertmail in
233 *) with_mailto="$with_alertmail"
234 AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
239 dnl Options for --with
242 AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])],
244 yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
245 OSDEFS="${OSDEFS} -DSUDO_DEVEL"
250 *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
254 AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])],
256 *) AC_MSG_ERROR([the --with-CC option is no longer supported, please set the CC environment variable instead.])
260 AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [pass -R flag in addition to -L for lib paths])],
263 *) AC_MSG_ERROR(["--with-rpath does not take an argument."])
267 AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [pass -blibpath flag to ld for additional lib paths])],
268 [case $with_blibpath in
270 *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
275 dnl Handle BSM auditing support.
277 AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit support])],
278 [case $with_bsm_audit in
279 yes) AC_DEFINE(HAVE_BSM_AUDIT)
280 SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm"
281 SUDOERS_OBJS="${SUDOERS_OBJS} bsm_audit.lo"
284 *) AC_MSG_ERROR(["--with-bsm-audit does not take an argument."])
289 dnl Handle Linux auditing support.
291 AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux-audit], [enable Linux audit support])],
292 [case $with_linux_audit in
293 yes) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <libaudit.h>]], [[int i = AUDIT_USER_CMD; (void)i;]])], [
294 AC_DEFINE(HAVE_LINUX_AUDIT)
295 SUDO_LIBS="${SUDO_LIBS} -laudit"
296 SUDOERS_LIBS="${SUDO_LIBS} -laudit"
297 SUDOERS_OBJS="${SUDOERS_OBJS} linux_audit.lo"
299 AC_MSG_ERROR([unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit])
303 *) AC_MSG_ERROR(["--with-linux-audit does not take an argument."])
308 dnl Handle SSSD support.
310 AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])],
312 yes) SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo"
316 *) AC_MSG_ERROR(["--with-sssd does not take an argument."])
320 AC_ARG_WITH(sssd-lib, [AS_HELP_STRING([--with-sssd-lib], [path to the SSSD library])])
321 sssd_lib="\"LIBDIR\""
322 test -n "$with_sssd_lib" && sssd_lib="$with_sssd_lib"
323 SUDO_DEFINE_UNQUOTED(_PATH_SSSD_LIB, "$sssd_lib", [Path to the SSSD library])
325 AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])],
326 [case $with_incpath in
327 yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
329 no) AC_MSG_ERROR(["--without-incpath not supported."])
331 *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
332 for i in ${with_incpath}; do
333 CPPFLAGS="${CPPFLAGS} -I${i}"
338 AC_ARG_WITH(libpath, [AS_HELP_STRING([--with-libpath], [additional places to look for libraries])],
339 [case $with_libpath in
340 yes) AC_MSG_ERROR(["must give --with-libpath an argument."])
342 no) AC_MSG_ERROR(["--without-libpath not supported."])
344 *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS])
348 AC_ARG_WITH(libraries, [AS_HELP_STRING([--with-libraries], [additional libraries to link with])],
349 [case $with_libraries in
350 yes) AC_MSG_ERROR(["must give --with-libraries an argument."])
352 no) AC_MSG_ERROR(["--without-libraries not supported."])
354 *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS])
358 AC_ARG_WITH(efence, [AS_HELP_STRING([--with-efence], [link with -lefence for malloc() debugging])],
359 [case $with_efence in
360 yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
361 LIBS="${LIBS} -lefence"
362 if test -f /usr/local/lib/libefence.a; then
363 with_libpath="${with_libpath} /usr/local/lib"
367 *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence])
371 AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])],
373 yes) AC_MSG_NOTICE([Adding CSOps standard options])
377 with_classic_insults=yes
378 with_csops_insults=yes
384 *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
388 AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])],
389 [case $with_passwd in
390 yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
391 AC_MSG_RESULT($with_passwd)
393 test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
395 *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
399 AC_ARG_WITH(skey, [AS_HELP_STRING([--with-skey[=DIR]], [enable S/Key support ])],
402 *) AC_DEFINE(HAVE_SKEY)
403 AC_MSG_CHECKING(whether to try S/Key authentication)
405 AUTH_REG="$AUTH_REG S/Key"
409 AC_ARG_WITH(opie, [AS_HELP_STRING([--with-opie[=DIR]], [enable OPIE support ])],
412 *) AC_DEFINE(HAVE_OPIE)
413 AC_MSG_CHECKING(whether to try NRL OPIE authentication)
415 AUTH_REG="$AUTH_REG NRL_OPIE"
419 AC_ARG_WITH(long-otp-prompt, [AS_HELP_STRING([--with-long-otp-prompt], [use a two line OTP (skey/opie) prompt])],
420 [case $with_long_otp_prompt in
421 yes) AC_DEFINE(LONG_OTP_PROMPT)
422 AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
426 no) long_otp_prompt=off
428 *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."])
432 AC_ARG_WITH(SecurID, [AS_HELP_STRING([--with-SecurID[[=DIR]]], [enable SecurID support])],
433 [case $with_SecurID in
435 *) AC_DEFINE(HAVE_SECURID)
436 AC_MSG_CHECKING(whether to use SecurID for authentication)
438 AUTH_EXCL="$AUTH_EXCL SecurID"
442 AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]]], [enable FWTK AuthSRV support])],
445 *) AC_DEFINE(HAVE_FWTK)
446 AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
448 AUTH_EXCL="$AUTH_EXCL FWTK"
452 AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])],
455 *) AC_MSG_CHECKING(whether to try Kerberos V authentication)
457 AUTH_REG="$AUTH_REG kerb5"
461 AC_ARG_WITH(aixauth, [AS_HELP_STRING([--with-aixauth], [enable AIX general authentication support])],
462 [case $with_aixauth in
463 yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
465 *) AC_MSG_ERROR(["--with-aixauth does not take an argument."])
469 AC_ARG_WITH(pam, [AS_HELP_STRING([--with-pam], [enable PAM support])],
471 yes) AUTH_EXCL="$AUTH_EXCL PAM";;
473 *) AC_MSG_ERROR(["--with-pam does not take an argument."])
477 AC_ARG_WITH(AFS, [AS_HELP_STRING([--with-AFS], [enable AFS support])],
479 yes) AC_DEFINE(HAVE_AFS)
480 AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
482 AUTH_REG="$AUTH_REG AFS"
485 *) AC_MSG_ERROR(["--with-AFS does not take an argument."])
489 AC_ARG_WITH(DCE, [AS_HELP_STRING([--with-DCE], [enable DCE support])],
491 yes) AC_DEFINE(HAVE_DCE)
492 AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
494 AUTH_REG="$AUTH_REG DCE"
497 *) AC_MSG_ERROR(["--with-DCE does not take an argument."])
501 AC_ARG_WITH(logincap, [AS_HELP_STRING([--with-logincap], [enable BSD login class support])],
502 [case $with_logincap in
504 *) AC_MSG_ERROR(["--with-logincap does not take an argument."])
508 AC_ARG_WITH(bsdauth, [AS_HELP_STRING([--with-bsdauth], [enable BSD authentication support])],
509 [case $with_bsdauth in
510 yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
512 *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
516 AC_ARG_WITH(project, [AS_HELP_STRING([--with-project], [enable Solaris project support])],
517 [case $with_project in
520 *) AC_MSG_ERROR(["--with-project does not take an argument."])
524 AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
525 AC_ARG_WITH(lecture, [AS_HELP_STRING([--without-lecture], [don't print lecture for first-time sudoer])],
526 [case $with_lecture in
527 yes|short|always) lecture=once
529 no|none|never) lecture=never
531 *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"])
534 if test "$lecture" = "once"; then
537 AC_DEFINE(NO_LECTURE)
541 AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
542 AC_ARG_WITH(logging, [AS_HELP_STRING([--with-logging], [log via syslog, file, or both])],
543 [case $with_logging in
544 yes) AC_MSG_ERROR(["must give --with-logging an argument."])
546 no) AC_MSG_ERROR(["--without-logging not supported."])
548 syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG)
549 AC_MSG_RESULT(syslog)
551 file) AC_DEFINE(LOGGING, SLOG_FILE)
554 both) AC_DEFINE(LOGGING, SLOG_BOTH)
557 *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"])
559 esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
561 AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "auth")])],
562 [case $with_logfac in
563 yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
565 no) AC_MSG_ERROR(["--without-logfac not supported."])
567 authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac
569 *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
573 AC_MSG_CHECKING(at which syslog priority to log commands)
574 AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])],
575 [case $with_goodpri in
576 yes) AC_MSG_ERROR(["must give --with-goodpri an argument."])
578 no) AC_MSG_ERROR(["--without-goodpri not supported."])
580 alert|crit|debug|emerg|err|info|notice|warning)
581 goodpri=$with_goodpri
583 *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."])
586 AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
587 AC_MSG_RESULT($goodpri)
589 AC_MSG_CHECKING(at which syslog priority to log failures)
590 AC_ARG_WITH(badpri, [AS_HELP_STRING([--with-badpri], [syslog priority for failures (def is "alert")])],
591 [case $with_badpri in
592 yes) AC_MSG_ERROR(["must give --with-badpri an argument."])
594 no) AC_MSG_ERROR(["--without-badpri not supported."])
596 alert|crit|debug|emerg|err|info|notice|warning)
599 *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
602 AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
603 AC_MSG_RESULT($badpri)
605 AC_ARG_WITH(logpath, [AS_HELP_STRING([--with-logpath], [path to the sudo log file])],
606 [case $with_logpath in
607 yes) AC_MSG_ERROR(["must give --with-logpath an argument."])
609 no) AC_MSG_ERROR(["--without-logpath not supported."])
613 AC_MSG_CHECKING(how long a line in the log file should be)
614 AC_ARG_WITH(loglen, [AS_HELP_STRING([--with-loglen], [maximum length of a log file line (default is 80)])],
615 [case $with_loglen in
616 yes) AC_MSG_ERROR(["must give --with-loglen an argument."])
618 no) AC_MSG_ERROR(["--without-loglen not supported."])
620 [[0-9]]*) loglen=$with_loglen
622 *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"])
625 AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
626 AC_MSG_RESULT($loglen)
628 AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
629 AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [ignore '.' in the PATH])],
630 [case $with_ignore_dot in
635 *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."])
638 if test "$ignore_dot" = "on"; then
639 AC_DEFINE(IGNORE_DOT_PATH)
645 AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
646 AC_ARG_WITH(mail-if-no-user, [AS_HELP_STRING([--without-mail-if-no-user], [do not send mail if user not in sudoers])],
647 [case $with_mail_if_no_user in
652 *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."])
655 if test "$mail_no_user" = "on"; then
656 AC_DEFINE(SEND_MAIL_WHEN_NO_USER)
662 AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
663 AC_ARG_WITH(mail-if-no-host, [AS_HELP_STRING([--with-mail-if-no-host], [send mail if user in sudoers but not for this host])],
664 [case $with_mail_if_no_host in
669 *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."])
672 if test "$mail_no_host" = "on"; then
673 AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
679 AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
680 AC_ARG_WITH(mail-if-noperms, [AS_HELP_STRING([--with-mail-if-noperms], [send mail if user not allowed to run command])],
681 [case $with_mail_if_noperms in
686 *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."])
689 if test "$mail_noperms" = "on"; then
690 AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
696 AC_MSG_CHECKING(who should get the mail that sudo sends)
697 AC_ARG_WITH(mailto, [AS_HELP_STRING([--with-mailto], [who should get sudo mail (default is "root")])],
698 [case $with_mailto in
699 yes) AC_MSG_ERROR(["must give --with-mailto an argument."])
701 no) AC_MSG_ERROR(["--without-mailto not supported."])
703 *) mailto=$with_mailto
706 AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
707 AC_MSG_RESULT([$mailto])
709 AC_ARG_WITH(mailsubject, [AS_HELP_STRING([--with-mailsubject], [subject of sudo mail])],
710 [case $with_mailsubject in
711 yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."])
713 no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.])
715 *) mailsub="$with_mailsubject"
716 AC_MSG_CHECKING(sudo mail subject)
717 AC_MSG_RESULT([Using alert mail subject: $mailsub])
720 AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
722 AC_MSG_CHECKING(for bad password prompt)
723 AC_ARG_WITH(passprompt, [AS_HELP_STRING([--with-passprompt], [default password prompt])],
724 [case $with_passprompt in
725 yes) AC_MSG_ERROR(["must give --with-passprompt an argument."])
727 no) AC_MSG_WARN([Sorry, --without-passprompt not supported.])
729 *) passprompt="$with_passprompt"
731 AC_MSG_RESULT($passprompt)
732 AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
734 AC_MSG_CHECKING(for bad password message)
735 AC_ARG_WITH(badpass-message, [AS_HELP_STRING([--with-badpass-message], [message the user sees when the password is wrong])],
736 [case $with_badpass_message in
737 yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
739 no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.])
741 *) badpass_message="$with_badpass_message"
744 AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
745 AC_MSG_RESULT([$badpass_message])
747 AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
748 AC_ARG_WITH(fqdn, [AS_HELP_STRING([--with-fqdn], [expect fully qualified hosts in sudoers])],
754 *) AC_MSG_ERROR(["--with-fqdn does not take an argument."])
757 if test "$fqdn" = "on"; then
764 AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir], [path to the sudo timestamp dir])],
765 [case $with_timedir in
766 yes) AC_MSG_ERROR(["must give --with-timedir an argument."])
768 no) AC_MSG_ERROR(["--without-timedir not supported."])
772 AC_ARG_WITH(iologdir, [AS_HELP_STRING([--with-iologdir=DIR], [directory to store sudo I/O log files in])],
773 [case $with_iologdir in
775 no) AC_MSG_ERROR(["--without-iologdir not supported."])
779 AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail])
780 AS_HELP_STRING([--without-sendmail], [do not send mail at all])],
781 [case $with_sendmail in
782 yes) with_sendmail=""
785 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
789 AC_ARG_WITH(sudoers-mode, [AS_HELP_STRING([--with-sudoers-mode], [mode of sudoers file (defaults to 0440)])],
790 [case $with_sudoers_mode in
791 yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
793 no) AC_MSG_ERROR(["--without-sudoers-mode not supported."])
795 [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode}
797 0*) SUDOERS_MODE=$with_sudoers_mode
799 *) AC_MSG_ERROR(["you must use an octal mode, not a name."])
803 AC_ARG_WITH(sudoers-uid, [AS_HELP_STRING([--with-sudoers-uid], [uid that owns sudoers file (defaults to 0)])],
804 [case $with_sudoers_uid in
805 yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
807 no) AC_MSG_ERROR(["--without-sudoers-uid not supported."])
809 [[0-9]]*) SUDOERS_UID=$with_sudoers_uid
811 *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."])
815 AC_ARG_WITH(sudoers-gid, [AS_HELP_STRING([--with-sudoers-gid], [gid that owns sudoers file (defaults to 0)])],
816 [case $with_sudoers_gid in
817 yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
819 no) AC_MSG_ERROR(["--without-sudoers-gid not supported."])
821 [[0-9]]*) SUDOERS_GID=$with_sudoers_gid
823 *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."])
827 AC_MSG_CHECKING(for umask programs should be run with)
828 AC_ARG_WITH(umask, [AS_HELP_STRING([--with-umask], [umask with which the prog should run (default is 022)])
829 AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo.])],
831 yes) AC_MSG_ERROR(["must give --with-umask an argument."])
835 [[0-9]]*) sudo_umask=$with_umask
837 *) AC_MSG_ERROR(["you must enter a numeric mask."])
840 AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the sudo-run prog should use.])
841 if test "$sudo_umask" = "0777"; then
844 AC_MSG_RESULT($sudo_umask)
847 AC_ARG_WITH(umask-override, [AS_HELP_STRING([--with-umask-override], [Use the umask specified in sudoers even if it is less restrictive than the user's.])],
848 [case $with_umask_override in
849 yes) AC_DEFINE(UMASK_OVERRIDE)
852 no) umask_override=off
854 *) AC_MSG_ERROR(["--with-umask-override does not take an argument."])
858 AC_MSG_CHECKING(for default user to run commands as)
859 AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])],
860 [case $with_runas_default in
861 yes) AC_MSG_ERROR(["must give --with-runas-default an argument."])
863 no) AC_MSG_ERROR(["--without-runas-default not supported."])
865 *) runas_default="$with_runas_default"
868 AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
869 AC_MSG_RESULT([$runas_default])
871 AC_ARG_WITH(exempt, [AS_HELP_STRING([--with-exempt=group], [no passwd needed for users in this group])],
872 [case $with_exempt in
873 yes) AC_MSG_ERROR(["must give --with-exempt an argument."])
875 no) AC_MSG_ERROR(["--without-exempt not supported."])
877 *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
878 AC_MSG_CHECKING(for group to be exempt from password)
879 AC_MSG_RESULT([$with_exempt])
883 AC_MSG_CHECKING(for editor that visudo should use)
884 AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for visudo (defaults to vi)])],
885 [case $with_editor in
886 yes) AC_MSG_ERROR(["must give --with-editor an argument."])
888 no) AC_MSG_ERROR(["--without-editor not supported."])
890 *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
891 AC_MSG_RESULT([$with_editor])
892 editor="$with_editor"
894 esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
896 AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
897 AC_ARG_WITH(env-editor, [AS_HELP_STRING([--with-env-editor], [Use the environment variable EDITOR for visudo])],
898 [case $with_env_editor in
903 *) AC_MSG_ERROR(["--with-env-editor does not take an argument."])
906 if test "$env_editor" = "on"; then
907 AC_DEFINE(ENV_EDITOR)
913 AC_MSG_CHECKING(number of tries a user gets to enter their password)
914 AC_ARG_WITH(passwd-tries, [AS_HELP_STRING([--with-passwd-tries], [number of tries to enter password (default is 3)])],
915 [case $with_passwd_tries in
917 no) AC_MSG_ERROR(["--without-editor not supported."])
919 [[1-9]]*) passwd_tries=$with_passwd_tries
921 *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"])
924 AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
925 AC_MSG_RESULT($passwd_tries)
927 AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
928 AC_ARG_WITH(timeout, [AS_HELP_STRING([--with-timeout], [minutes before sudo asks for passwd again (def is 5 minutes)])],
929 [case $with_timeout in
933 [[0-9]]*) timeout=$with_timeout
935 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
938 AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
939 AC_MSG_RESULT($timeout)
941 AC_MSG_CHECKING(time in minutes after the password prompt will time out)
942 AC_ARG_WITH(password-timeout, [AS_HELP_STRING([--with-password-timeout], [passwd prompt timeout in minutes (default is 5 minutes)])],
943 [case $with_password_timeout in
945 no) password_timeout=0
947 [[0-9]]*) password_timeout=$with_password_timeout
949 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
952 AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
953 AC_MSG_RESULT($password_timeout)
955 AC_MSG_CHECKING(whether to use per-tty ticket files)
956 AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different ticket file for each tty])],
957 [case $with_tty_tickets in
962 *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
965 if test "$tty_tickets" = "off"; then
966 AC_DEFINE(NO_TTY_TICKETS)
972 AC_MSG_CHECKING(whether to include insults)
973 AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for entering an incorrect password])],
974 [case $with_insults in
976 with_classic_insults=yes
977 with_csops_insults=yes
979 disabled) insults=off
980 with_classic_insults=yes
981 with_csops_insults=yes
985 *) AC_MSG_ERROR(["--with-insults does not take an argument."])
988 if test "$insults" = "on"; then
989 AC_DEFINE(USE_INSULTS)
995 AC_ARG_WITH(all-insults, [AS_HELP_STRING([--with-all-insults], [include all the sudo insult sets])],
996 [case $with_all_insults in
997 yes) with_classic_insults=yes
998 with_csops_insults=yes
1000 with_goons_insults=yes
1003 *) AC_MSG_ERROR(["--with-all-insults does not take an argument."])
1007 AC_ARG_WITH(classic-insults, [AS_HELP_STRING([--with-classic-insults], [include the insults from the "classic" sudo])],
1008 [case $with_classic_insults in
1009 yes) AC_DEFINE(CLASSIC_INSULTS)
1012 *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."])
1016 AC_ARG_WITH(csops-insults, [AS_HELP_STRING([--with-csops-insults], [include CSOps insults])],
1017 [case $with_csops_insults in
1018 yes) AC_DEFINE(CSOPS_INSULTS)
1021 *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."])
1025 AC_ARG_WITH(hal-insults, [AS_HELP_STRING([--with-hal-insults], [include 2001-like insults])],
1026 [case $with_hal_insults in
1027 yes) AC_DEFINE(HAL_INSULTS)
1030 *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."])
1034 AC_ARG_WITH(goons-insults, [AS_HELP_STRING([--with-goons-insults], [include the insults from the "Goon Show"])],
1035 [case $with_goons_insults in
1036 yes) AC_DEFINE(GOONS_INSULTS)
1039 *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."])
1043 AC_ARG_WITH(nsswitch, [AS_HELP_STRING([--with-nsswitch[[=PATH]]], [path to nsswitch.conf])],
1044 [case $with_nsswitch in
1046 yes) with_nsswitch="/etc/nsswitch.conf"
1051 AC_ARG_WITH(ldap, [AS_HELP_STRING([--with-ldap[[=DIR]]], [enable LDAP support])],
1054 *) AC_DEFINE(HAVE_LDAP)
1055 AC_MSG_CHECKING(whether to use sudoers from LDAP)
1060 AC_ARG_WITH(ldap-conf-file, [AS_HELP_STRING([--with-ldap-conf-file], [path to LDAP configuration file])])
1061 test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file"
1062 SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$ldap_conf", [Path to the ldap.conf file])
1064 AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path to LDAP secret password file])])
1065 test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file"
1066 SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file])
1068 AC_ARG_WITH(pc-insults, [AS_HELP_STRING([--with-pc-insults], [replace politically incorrect insults with less offensive ones])],
1069 [case $with_pc_insults in
1070 yes) AC_DEFINE(PC_INSULTS)
1073 *) AC_MSG_ERROR(["--with-pc-insults does not take an argument."])
1077 dnl include all insult sets on one line
1078 if test "$insults" = "on"; then
1079 AC_MSG_CHECKING(which insult sets to include)
1081 test "$with_goons_insults" = "yes" && i="goons ${i}"
1082 test "$with_hal_insults" = "yes" && i="hal ${i}"
1083 test "$with_csops_insults" = "yes" && i="csops ${i}"
1084 test "$with_classic_insults" = "yes" && i="classic ${i}"
1088 AC_MSG_CHECKING(whether to override the user's path)
1089 AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])],
1090 [case $with_secure_path in
1091 yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc"
1092 AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
1093 AC_MSG_RESULT([$with_secure_path])
1094 secure_path="set to $with_secure_path"
1096 no) AC_MSG_RESULT(no)
1098 *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
1099 AC_MSG_RESULT([$with_secure_path])
1100 secure_path="set to F<$with_secure_path>"
1102 esac], AC_MSG_RESULT(no))
1104 AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
1105 AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-interfaces], [don't try to read the ip addr of ether interfaces])],
1106 [case $with_interfaces in
1107 yes) AC_MSG_RESULT(yes)
1109 no) AC_DEFINE(STUB_LOAD_INTERFACES)
1112 *) AC_MSG_ERROR(["--with-interfaces does not take an argument."])
1114 esac], AC_MSG_RESULT(yes))
1116 AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [deprecated])],
1118 *) AC_MSG_NOTICE([--with-stow option deprecated, now is defalt behavior])
1122 AC_MSG_CHECKING(whether to use an askpass helper)
1123 AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])],
1124 [case $with_askpass in
1125 yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."])
1128 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass])
1130 esac], AC_MSG_RESULT(no))
1132 AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir], [set directory to load plugins from])],
1133 [case $with_plugindir in
1134 no) AC_MSG_ERROR(["illegal argument: --without-plugindir."])
1137 esac], [with_plugindir="$libexecdir"])
1139 AC_ARG_WITH(man, [AS_HELP_STRING([--with-man], [manual pages use man macros])],
1143 no) AC_MSG_ERROR(["--without-man not supported."])
1145 *) AC_MSG_ERROR(["ignoring unknown argument to --with-man: $with_man."])
1149 AC_ARG_WITH(mdoc, [AS_HELP_STRING([--with-mdoc], [manual pages use mdoc macros])],
1153 no) AC_MSG_ERROR(["--without-mdoc not supported."])
1155 *) AC_MSG_ERROR(["ignoring unknown argument to --with-mdoc: $with_mdoc."])
1160 dnl Options for --enable
1163 AC_MSG_CHECKING(whether to do user authentication by default)
1164 AC_ARG_ENABLE(authentication,
1165 [AS_HELP_STRING([--disable-authentication], [Do not require authentication by default])],
1166 [ case "$enableval" in
1167 yes) AC_MSG_RESULT(yes)
1169 no) AC_MSG_RESULT(no)
1170 AC_DEFINE(NO_AUTHENTICATION)
1172 *) AC_MSG_RESULT(no)
1173 AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval])
1176 ], AC_MSG_RESULT(yes))
1178 AC_MSG_CHECKING(whether to disable running the mailer as root)
1179 AC_ARG_ENABLE(root-mailer,
1180 [AS_HELP_STRING([--disable-root-mailer], [Don't run the mailer as root, run as the user])],
1181 [ case "$enableval" in
1182 yes) AC_MSG_RESULT(no)
1184 no) AC_MSG_RESULT(yes)
1185 AC_DEFINE(NO_ROOT_MAILER)
1187 *) AC_MSG_RESULT(no)
1188 AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval])
1191 ], AC_MSG_RESULT(no))
1193 AC_ARG_ENABLE(setreuid,
1194 [AS_HELP_STRING([--disable-setreuid], [Don't try to use the setreuid() function])],
1195 [ case "$enableval" in
1196 no) SKIP_SETREUID=yes
1202 AC_ARG_ENABLE(setresuid,
1203 [AS_HELP_STRING([--disable-setresuid], [Don't try to use the setresuid() function])],
1204 [ case "$enableval" in
1205 no) SKIP_SETRESUID=yes
1211 AC_MSG_CHECKING(whether to disable shadow password support)
1212 AC_ARG_ENABLE(shadow,
1213 [AS_HELP_STRING([--disable-shadow], [Never use shadow passwords])],
1214 [ case "$enableval" in
1215 yes) AC_MSG_RESULT(no)
1217 no) AC_MSG_RESULT(yes)
1220 *) AC_MSG_RESULT(no)
1221 AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval])
1224 ], AC_MSG_RESULT(no))
1226 AC_MSG_CHECKING(whether root should be allowed to use sudo)
1227 AC_ARG_ENABLE(root-sudo,
1228 [AS_HELP_STRING([--disable-root-sudo], [Don't allow root to run sudo])],
1229 [ case "$enableval" in
1230 yes) AC_MSG_RESULT(yes)
1232 no) AC_DEFINE(NO_ROOT_SUDO)
1236 *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."])
1239 ], AC_MSG_RESULT(yes))
1241 AC_MSG_CHECKING(whether to log the hostname in the log file)
1242 AC_ARG_ENABLE(log-host,
1243 [AS_HELP_STRING([--enable-log-host], [Log the hostname in the log file])],
1244 [ case "$enableval" in
1245 yes) AC_MSG_RESULT(yes)
1246 AC_DEFINE(HOST_IN_LOG)
1248 no) AC_MSG_RESULT(no)
1250 *) AC_MSG_RESULT(no)
1251 AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval])
1254 ], AC_MSG_RESULT(no))
1256 AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
1257 AC_ARG_ENABLE(noargs-shell,
1258 [AS_HELP_STRING([--enable-noargs-shell], [If sudo is given no arguments run a shell])],
1259 [ case "$enableval" in
1260 yes) AC_MSG_RESULT(yes)
1261 AC_DEFINE(SHELL_IF_NO_ARGS)
1263 no) AC_MSG_RESULT(no)
1265 *) AC_MSG_RESULT(no)
1266 AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval])
1269 ], AC_MSG_RESULT(no))
1271 AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
1272 AC_ARG_ENABLE(shell-sets-home,
1273 [AS_HELP_STRING([--enable-shell-sets-home], [Set $HOME to target user in shell mode])],
1274 [ case "$enableval" in
1275 yes) AC_MSG_RESULT(yes)
1276 AC_DEFINE(SHELL_SETS_HOME)
1278 no) AC_MSG_RESULT(no)
1280 *) AC_MSG_RESULT(no)
1281 AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval])
1284 ], AC_MSG_RESULT(no))
1286 AC_MSG_CHECKING(whether to disable 'command not found' messages)
1287 AC_ARG_ENABLE(path_info,
1288 [AS_HELP_STRING([--disable-path-info], [Print 'command not allowed' not 'command not found'])],
1289 [ case "$enableval" in
1290 yes) AC_MSG_RESULT(no)
1292 no) AC_MSG_RESULT(yes)
1293 AC_DEFINE(DONT_LEAK_PATH_INFO)
1296 *) AC_MSG_RESULT(no)
1297 AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval])
1300 ], AC_MSG_RESULT(no))
1302 AC_MSG_CHECKING(whether to enable environment debugging)
1303 AC_ARG_ENABLE(env_debug,
1304 [AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])],
1305 [ case "$enableval" in
1306 yes) AC_MSG_RESULT(yes)
1307 AC_DEFINE(ENV_DEBUG)
1309 no) AC_MSG_RESULT(no)
1311 *) AC_MSG_RESULT(no)
1312 AC_MSG_WARN([Ignoring unknown argument to --enable-env-debug: $enableval])
1315 ], AC_MSG_RESULT(no))
1318 [AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])],
1319 [], [enable_zlib=yes])
1321 AC_MSG_CHECKING(whether to enable environment resetting by default)
1322 AC_ARG_ENABLE(env_reset,
1323 [AS_HELP_STRING([--enable-env-reset], [Whether to enable environment resetting by default.])],
1324 [ case "$enableval" in
1330 AC_MSG_WARN([Ignoring unknown argument to --enable-env-reset: $enableval])
1334 if test "$env_reset" = "on"; then
1336 AC_DEFINE(ENV_RESET, 1)
1339 AC_DEFINE(ENV_RESET, 0)
1342 AC_ARG_ENABLE(warnings,
1343 [AS_HELP_STRING([--enable-warnings], [Whether to enable compiler warnings])],
1344 [ case "$enableval" in
1347 *) AC_MSG_WARN([Ignoring unknown argument to --enable-warnings: $enableval])
1352 AC_ARG_ENABLE(werror,
1353 [AS_HELP_STRING([--enable-werror], [Whether to enable the -Werror compiler option])],
1354 [ case "$enableval" in
1357 *) AC_MSG_WARN([Ignoring unknown argument to --enable-werror: $enableval])
1362 AC_ARG_ENABLE(hardening,
1363 [AS_HELP_STRING([--disable-hardening], [Do not use compiler/linker exploit mitigation options])],
1364 [], [enable_hardening=yes])
1367 [AS_HELP_STRING([--disable-pie], [Do not build position independent executables, even if the compiler/linker supports them])],
1368 [], [enable_pie=yes])
1370 AC_ARG_ENABLE(admin-flag,
1371 [AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])],
1372 [ case "$enableval" in
1373 yes) AC_DEFINE(USE_ADMIN_FLAG)
1376 *) AC_MSG_WARN([Ignoring unknown argument to --enable-admin-flag: $enableval])
1382 [AS_HELP_STRING([--disable-nls], [Disable natural language support using gettext])],
1383 [], [enable_nls=yes])
1385 AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])],
1386 [case $with_selinux in
1387 yes) SELINUX_USAGE="[[-r role]] [[-t type]] "
1388 AC_DEFINE(HAVE_SELINUX)
1389 SUDO_LIBS="${SUDO_LIBS} -lselinux"
1390 SUDO_OBJS="${SUDO_OBJS} selinux.o"
1391 PROGS="${PROGS} sesh"
1393 AC_CHECK_LIB([selinux], [setkeycreatecon],
1394 [AC_DEFINE(HAVE_SETKEYCREATECON)])
1397 *) AC_MSG_ERROR(["--with-selinux does not take an argument."])
1402 dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default
1404 AC_ARG_ENABLE(gss_krb5_ccache_name,
1405 [AS_HELP_STRING([--enable-gss-krb5-ccache-name], [Use GSS-API to set the Kerberos V cred cache name])],
1406 [check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no])
1409 dnl C compiler checks
1411 AC_SEARCH_LIBS([strerror], [cposix])
1413 AC_CHECK_TOOL(AR, ar, false)
1414 AC_CHECK_TOOL(RANLIB, ranlib, :)
1415 if test X"$AR" = X"false"; then
1416 AC_MSG_ERROR([the "ar" utility is required to build sudo])
1419 if test "x$ac_cv_prog_cc_c89" = "xno"; then
1420 AC_MSG_ERROR([Sudo version $PACKAGE_VERSION requires an ANSI C compiler to build.])
1424 dnl If the user specified --disable-static, override them or we'll
1425 dnl be unable to build the executables in the sudoers plugin dir.
1427 if test "$enable_static" = "no"; then
1428 AC_MSG_WARN([Ignoring --disable-static, sudo does not install static libs])
1433 dnl Libtool setup, we require libtool 2.2.6b or higher
1436 AC_CONFIG_MACRO_DIR([m4])
1441 dnl Defer with_noexec until after libtool magic runs
1443 if test "$enable_shared" = "no"; then
1448 ac_cv_func_dlopen=no
1450 eval _shrext="$shrext_cmds"
1451 # Darwin uses .dylib for libraries but .so for modules
1452 if test X"$_shrext" = X".dylib"; then
1458 AC_MSG_CHECKING(path to sudo_noexec.so)
1459 AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])],
1460 [case $with_noexec in
1461 yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
1465 esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
1466 AC_MSG_RESULT($with_noexec)
1467 NOEXECFILE="sudo_noexec$_shrext"
1468 NOEXECDIR="`echo $with_noexec|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`"
1471 dnl Find programs we use
1473 AC_PATH_PROG(UNAMEPROG, [uname], [uname])
1474 AC_PATH_PROG(TRPROG, [tr], [tr])
1475 AC_PATH_PROG(MANDOCPROG, [mandoc], [mandoc])
1476 if test "$MANDOCPROG" != "mandoc"; then
1479 AC_PATH_PROG(NROFFPROG, [nroff])
1480 if test -n "$NROFFPROG"; then
1481 test -n "$MANTYPE" && sudo_cv_var_mantype="$MANTYPE"
1482 AC_CACHE_CHECK([which macro set to use for manual pages],
1483 [sudo_cv_var_mantype],
1485 sudo_cv_var_mantype="man"
1486 echo ".Sh NAME" > conftest
1487 echo ".Nm sudo" >> conftest
1488 echo ".Nd sudo" >> conftest
1489 echo ".Sh DESCRIPTION" >> conftest
1490 echo "sudo" >> conftest
1491 if $NROFFPROG -mdoc conftest >/dev/null 2>&1; then
1492 sudo_cv_var_mantype="mdoc"
1497 MANTYPE="$sudo_cv_var_mantype"
1501 mansrcdir='$(srcdir)'
1506 dnl What kind of beastie are we being run on?
1507 dnl Barf if config.cache was generated on another host.
1509 if test -n "$sudo_cv_prev_host"; then
1510 if test "$sudo_cv_prev_host" != "$host"; then
1511 AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
1513 AC_MSG_CHECKING(previous host type)
1514 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1515 AC_MSG_RESULT([$sudo_cv_prev_host])
1518 # this will produce no output since there is no cached value
1519 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1523 dnl We want to be able to differentiate between different rev's
1525 if test -n "$host_os"; then
1526 OS=`echo $host_os | sed 's/[[0-9]].*//'`
1527 OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'`
1528 OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
1537 # LD_PRELOAD is space-delimited
1538 RTLD_PRELOAD_DELIM=" "
1540 # getcwd(3) opens a pipe to getpwd(1)!?!
1543 # system headers lack prototypes but gcc helps...
1544 if test -n "$GCC"; then
1545 OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
1548 shadow_funcs="getpwanam issecure"
1551 # LD_PRELOAD is space-delimited
1552 RTLD_PRELOAD_DELIM=" "
1554 # For implementing getgrouplist()
1555 AC_CHECK_FUNCS(_getgroupsbymember)
1557 # To get the crypt(3) prototype (so we pass -Wall)
1558 OSDEFS="${OSDEFS} -D__EXTENSIONS__"
1559 # AFS support needs -lucb
1560 if test "$with_AFS" = "yes"; then
1561 AFS_LIBS="-lc -lucb"
1564 : ${mansectform='4'}
1565 : ${with_rpath='yes'}
1566 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1567 AC_CHECK_FUNCS(priv_set, [PSMAN=1])
1570 # To get all prototypes (so we pass -Wall)
1571 OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT"
1572 SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
1573 if test X"$with_blibpath" != X"no"; then
1574 AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
1575 O_LDFLAGS="$LDFLAGS"
1576 LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
1577 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [
1578 if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
1579 blibpath="$with_blibpath"
1580 elif test -n "$GCC"; then
1581 blibpath="/usr/lib:/lib:/usr/local/lib"
1583 blibpath="/usr/lib:/lib"
1586 ], [AC_MSG_RESULT(no)])
1588 LDFLAGS="$O_LDFLAGS"
1590 # On AIX 6 and higher default to PAM, else default to LAM
1591 if test $OSMAJOR -ge 6; then
1592 if test X"$with_pam" = X""; then
1596 if test X"$with_aixauth" = X""; then
1597 AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
1601 # AIX analog of nsswitch.conf, enabled by default
1602 AC_ARG_WITH(netsvc, [AS_HELP_STRING([--with-netsvc[[=PATH]]], [path to netsvc.conf])],
1603 [case $with_netsvc in
1605 yes) with_netsvc="/etc/netsvc.conf"
1609 if test -z "$with_nsswitch" -a -z "$with_netsvc"; then
1610 with_netsvc="/etc/netsvc.conf"
1613 # For implementing getgrouplist()
1614 AC_CHECK_FUNCS(getgrset)
1616 # LDR_PRELOAD is only supported in AIX 5.3 and later
1617 if test $OSMAJOR -lt 5; then
1620 RTLD_PRELOAD_VAR="LDR_PRELOAD"
1623 # AIX-specific functions
1624 AC_CHECK_FUNCS(getuserattr setauthdb)
1625 COMMON_OBJS="$COMMON_OBJS aix.lo"
1629 : ${mansectform='4'}
1631 # HP-UX shared libs must be executable
1635 # AFS support needs -lBSD
1636 if test "$with_AFS" = "yes"; then
1637 AFS_LIBS="-lc -lBSD"
1640 : ${mansectform='4'}
1642 # HP-UX shared libs must be executable
1645 # The HP bundled compiler cannot generate shared libs
1646 if test -z "$GCC"; then
1647 AC_CACHE_CHECK([for HP bundled C compiler],
1648 [sudo_cv_var_hpccbundled],
1649 [if $CC -V 2>&1 | grep '^(Bundled)' >/dev/null 2>&1; then
1650 sudo_cv_var_hpccbundled=yes
1652 sudo_cv_var_hpccbundled=no
1655 if test "$sudo_cv_var_hpccbundled" = "yes"; then
1656 AC_MSG_ERROR([The HP bundled C compiler is unable to build Sudo, you must use gcc or the HP ANSI C compiler instead.])
1660 # Build PA-RISC1.1 objects for better portability
1664 if test -n "$GCC"; then
1665 portable_flag="-march=1.1"
1667 portable_flag="+DAportable"
1669 CFLAGS="$CFLAGS $portable_flag"
1670 AC_CACHE_CHECK([whether $CC understands $portable_flag],
1671 [sudo_cv_var_daportable],
1673 [AC_LANG_PROGRAM([[]], [[]])],
1674 [sudo_cv_var_daportable=yes],
1675 [sudo_cv_var_daportable=no]
1679 if test X"$sudo_cv_var_daportable" != X"yes"; then
1687 AC_DEFINE(BROKEN_SYSLOG)
1690 AC_DEFINE(BROKEN_SYSLOG)
1692 shadow_funcs="getspwuid"
1694 # DCE support (requires ANSI C compiler)
1695 if test "$with_DCE" = "yes"; then
1696 # order of libs in 9.X is important. -lc_r must be last
1697 SUDOERS_LIBS="${SUDOERS_LIBS} -ldce -lM -lc_r"
1698 LIBS="${LIBS} -ldce -lM -lc_r"
1699 CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
1703 shadow_funcs="getprpwnam iscomsec"
1705 # HP-UX 10.20 libc has an incompatible getline
1706 ac_cv_func_getline="no"
1709 shadow_funcs="getspnam iscomsec"
1711 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1716 # ignore envariables wrt dynamic lib path
1717 # XXX - sudo LDFLAGS instead?
1718 SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-no_library_replacement"
1720 : ${CHECKSIA='true'}
1721 AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
1723 [AS_HELP_STRING([--disable-sia], [Disable SIA on Digital UNIX])],
1724 [ case "$enableval" in
1725 yes) AC_MSG_RESULT(no)
1728 no) AC_MSG_RESULT(yes)
1731 *) AC_MSG_RESULT(no)
1732 AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval])
1735 ], AC_MSG_RESULT(no))
1737 shadow_funcs="getprpwnam dispcrypt"
1738 # OSF/1 4.x and higher need -ldb too
1739 if test $OSMAJOR -lt 4; then
1740 shadow_libs="-lsecurity -laud -lm"
1742 shadow_libs="-lsecurity -ldb -laud -lm"
1745 # use SIA by default, if we have it
1746 test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
1749 # Some versions of Digital Unix ship with a broken
1750 # copy of prot.h, which we need for shadow passwords.
1751 # XXX - make should remove this as part of distclean
1753 AC_MSG_CHECKING([for broken prot.h])
1754 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1755 #include <sys/types.h>
1756 #include <sys/security.h>
1758 ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
1759 sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
1761 # ":DEFAULT" must be appended to _RLD_LIST
1762 RTLD_PRELOAD_VAR="_RLD_LIST"
1763 RTLD_PRELOAD_DEFAULT="DEFAULT"
1765 : ${mansectform='4'}
1768 OSDEFS="${OSDEFS} -D_BSD_TYPES"
1769 if test -z "$NROFFPROG"; then
1770 if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
1771 if test -d /usr/share/catman/local; then
1772 mandir="/usr/share/catman/local"
1774 mandir="/usr/catman/local"
1777 # Compress cat pages with pack
1781 if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
1782 if test -d "/usr/share/man/local"; then
1783 mandir="/usr/share/man/local"
1785 mandir="/usr/man/local"
1789 # IRIX <= 4 needs -lsun
1790 if test "$OSMAJOR" -le 4; then
1791 AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
1793 # ":DEFAULT" must be appended to _RLD_LIST
1794 RTLD_PRELOAD_VAR="_RLD_LIST"
1795 RTLD_PRELOAD_DEFAULT="DEFAULT"
1797 : ${mansectform='4'}
1799 *-*-linux*|*-*-k*bsd*-gnu)
1800 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1801 # Some Linux versions need to link with -lshadow
1802 shadow_funcs="getspnam"
1803 shadow_libs_optional="-lshadow"
1804 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1807 OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
1808 if test -z "$GCC"; then
1809 CFLAGS="${CFLAGS} -D__STDC__"
1812 shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
1813 shadow_funcs="getprpwnam"
1814 shadow_libs="-lprot"
1818 shadow_funcs="getauthuid"
1819 shadow_libs="-lauth"
1822 LIBS="${LIBS} -lsun -lbsd"
1823 CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
1824 OSDEFS="${OSDEFS} -D_MIPS"
1826 : ${mansectform='4'}
1829 OSDEFS="${OSDEFS} -D_ISC"
1831 SUDOERS_LIBS="${SUDOERS_LIBS} -lcrypt"
1833 shadow_funcs="getspnam"
1837 : ${mansectform='4'}
1840 shadow_funcs="getprpwnam"
1841 shadow_libs="-lprot -lx"
1843 : ${mansectform='4'}
1845 m88k-motorola-sysv*)
1846 # motorolla's cc (a variant of gcc) does -O but not -O2
1847 CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
1849 : ${mansectform='4'}
1852 shadow_funcs="getspnam"
1855 : ${mansectform='4'}
1856 : ${with_rpath='yes'}
1858 *-ncr-sysv4*|*-ncr-sysvr4*)
1859 AC_CHECK_LIB(c89, strcasecmp, [LIBS="${LIBS} -lc89"])
1861 : ${mansectform='4'}
1862 : ${with_rpath='yes'}
1864 *-ccur-sysv4*|*-ccur-sysvr4*)
1865 LIBS="${LIBS} -lgen"
1867 : ${mansectform='4'}
1868 : ${with_rpath='yes'}
1872 # Check for newer BSD auth API
1873 if test -z "$with_bsdauth"; then
1874 AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
1878 # FreeBSD has a real setreuid(2) starting with 2.1 and
1879 # backported to 2.0.5. We just take 2.1 and above...
1885 OSDEFS="${OSDEFS} -D_BSD_SOURCE"
1886 if test "${with_skey-'no'}" = "yes"; then
1887 SUDOERS_LIBS="${SUDOERS_LIBS} -lmd"
1890 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1891 : ${with_logincap='maybe'}
1892 # PIE is broken on FreeBSD/ia64
1899 # OpenBSD has a real setreuid(2) starting with 3.3 but
1900 # we will use setresuid(2) instead.
1902 OSDEFS="${OSDEFS} -D_BSD_SOURCE"
1904 # OpenBSD >= 3.0 supports BSD auth
1905 if test -z "$with_bsdauth"; then
1906 if test "$OSMAJOR" -ge 3; then
1907 AUTH_EXCL_DEF="BSD_AUTH"
1910 : ${with_logincap='maybe'}
1913 # NetBSD has a real setreuid(2) starting with 1.3.2
1915 0.9*|1.[[012]]*|1.3|1.3.1)
1920 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1921 : ${with_logincap='maybe'}
1924 OSDEFS="${OSDEFS} -D_BSD_SOURCE"
1925 if test "${with_skey-'no'}" = "yes"; then
1926 SUDOERS_LIBS="${SUDOERS_LIBS} -lmd"
1929 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1930 : ${with_logincap='yes'}
1936 # Darwin has a real setreuid(2) starting with 9.0
1937 if test $OSMAJOR -lt 9; then
1941 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1942 : ${with_logincap='yes'}
1943 RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES"
1944 RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE"
1947 # lockf() on is broken on the NeXT -- use flock instead
1949 ac_cv_func_flock=yes
1950 RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES"
1951 RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE"
1955 : ${mansectform='4'}
1956 : ${with_rpath='yes'}
1960 : ${mansectform='4'}
1963 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1968 dnl Library preloading to support NOEXEC
1970 if test -n "$with_noexec"; then
1971 SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_VAR, "$RTLD_PRELOAD_VAR")
1972 SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DELIM, "$RTLD_PRELOAD_DELIM")
1973 if test -n "$RTLD_PRELOAD_DEFAULT"; then
1974 SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DEFAULT, "$RTLD_PRELOAD_DEFAULT")
1976 if test -n "$RTLD_PRELOAD_ENABLE_VAR"; then
1977 SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_ENABLE_VAR, "$RTLD_PRELOAD_ENABLE_VAR")
1982 dnl Check for mixing mutually exclusive and regular auth methods
1984 AUTH_REG=${AUTH_REG# }
1985 AUTH_EXCL=${AUTH_EXCL# }
1986 if test -n "$AUTH_EXCL"; then
1988 if test $# != 1; then
1989 AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL])
1991 if test -n "$AUTH_REG"; then
1992 AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
1996 dnl Only one of S/Key and OPIE may be specified
1998 if test X"${with_skey}${with_opie}" = X"yesyes"; then
1999 AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
2003 dnl Use BSD-style man sections by default
2006 : ${mansectform='5'}
2009 dnl Add in any libpaths or libraries specified via configure
2011 if test -n "$with_libpath"; then
2012 for i in ${with_libpath}; do
2013 SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
2016 if test -n "$with_libraries"; then
2017 for i in ${with_libraries}; do
2029 dnl C compiler checks (to be done after os checks)
2031 AC_PROG_GCC_TRADITIONAL
2034 # Check for variadic macro support in cpp
2035 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
2037 #if defined(__GNUC__) && __GNUC__ == 2
2038 # define sudo_fprintf(fp, fmt...) fprintf((fp), (fmt))
2040 # define sudo_fprintf(fp, ...) fprintf((fp), __VA_ARGS__)
2042 ], [sudo_fprintf(stderr, "a %s", "test");])], [], [AC_MSG_ERROR([Your C compiler doesn't support variadic macros, try building with gcc instead])])
2048 AC_PATH_PROG([FLEX], [flex], [flex])
2051 if test -z "$with_sendmail"; then
2056 dnl Check for authpriv support in syslog
2058 AC_MSG_CHECKING(which syslog facility sudo should log with)
2059 if test X"$with_logfac" = X""; then
2060 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <syslog.h>]], [[int i = LOG_AUTHPRIV; (void)i;]])], [logfac=authpriv])
2062 AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
2063 AC_MSG_RESULT($logfac)
2065 dnl Header file checks
2072 AC_CHECK_HEADERS(malloc.h netgroup.h paths.h spawn.h utime.h utmpx.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h)
2073 AC_CHECK_HEADERS([procfs.h] [sys/procfs.h], [AC_CHECK_MEMBERS(struct psinfo.pr_ttydev, [AC_CHECK_FUNCS(_ttyname_dev)], [], [AC_INCLUDES_DEFAULT
2074 #ifdef HAVE_PROCFS_H
2077 #ifdef HAVE_SYS_PROCFS_H
2078 #include <sys/procfs.h>
2083 dnl Check for large file support. HP-UX 11.23 has a broken sys/type.h
2084 dnl when large files support is enabled so work around it.
2089 AC_CACHE_CHECK([whether sys/types.h needs _XOPEN_SOURCE_EXTENDED], [sudo_cv_xopen_source_extended],
2090 [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT
2091 #include <sys/socket.h>], [])], [sudo_cv_xopen_source_extended=no], [
2092 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#define _XOPEN_SOURCE_EXTENDED
2094 #include <sys/socket.h>], [])], [sudo_cv_xopen_source_extended=yes],
2095 [sudo_cv_xopen_source_extended=error])
2097 if test "$sudo_cv_xopen_source_extended" = "yes"; then
2098 OSDEFS="${OSDEFS} -D_XOPEN_SOURCE_EXTENDED"
2099 SUDO_DEFINE(_XOPEN_SOURCE_EXTENDED)
2103 AC_SYS_POSIX_TERMIOS
2104 if test "$ac_cv_sys_posix_termios" != "yes"; then
2105 AC_MSG_ERROR([Must have POSIX termios to build sudo])
2108 if test ${with_logincap-'no'} != "no"; then
2109 AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1
2112 SUDO_LIBS="${SUDO_LIBS} -lutil"
2113 SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
2118 if test ${with_project-'no'} != "no"; then
2119 AC_CHECK_HEADER(project.h, [
2120 AC_CHECK_LIB(project, setproject, [
2121 AC_DEFINE(HAVE_PROJECT_H)
2122 SUDO_LIBS="${SUDO_LIBS} -lproject"
2131 AC_CHECK_TYPE([__signed char], [], [AC_CHECK_TYPE([signed char], [AC_DEFINE(__signed, signed)], [AC_DEFINE(__signed, [])])])
2132 AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
2133 #include <signal.h>])
2134 AC_CHECK_TYPES([sigaction_t], [], [], [#include <sys/types.h>
2135 #include <signal.h>])
2136 AC_CHECK_TYPES([struct timespec], [], [], [#include <sys/types.h>
2137 #if TIME_WITH_SYS_TIME
2138 # include <sys/time.h>
2141 AC_CHECK_TYPES([struct in6_addr], [], [], [#include <sys/types.h>
2142 #include <netinet/in.h>])
2143 AC_TYPE_LONG_LONG_INT
2144 AC_CHECK_SIZEOF([long int])
2145 AC_CHECK_TYPE(size_t, unsigned int)
2146 AC_CHECK_TYPE(ssize_t, int)
2147 AC_CHECK_TYPE(dev_t, int)
2148 AC_CHECK_TYPE(ino_t, unsigned int)
2149 AC_CHECK_TYPE(socklen_t, [], [AC_DEFINE(socklen_t, unsigned int)], [
2151 #include <sys/socket.h>])
2155 dnl Check for utmp/utmpx struct members.
2156 dnl We need to include OSDEFS for glibc which only has __e_termination
2157 dnl visible when _GNU_SOURCE is *not* defined.
2160 CFLAGS="$CFLAGS $OSDEFS"
2161 if test $ac_cv_header_utmpx_h = "yes"; then
2162 AC_CHECK_MEMBERS([struct utmpx.ut_id, struct utmpx.ut_pid, struct utmpx.ut_tv, struct utmpx.ut_type], [], [], [
2163 #include <sys/types.h>
2167 dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination
2169 AC_CHECK_MEMBERS([struct utmpx.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [
2170 AC_CHECK_MEMBERS([struct utmpx.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [], [
2171 #include <sys/types.h>
2175 #include <sys/types.h>
2179 AC_CHECK_MEMBERS([struct utmp.ut_id, struct utmp.ut_pid, struct utmp.ut_tv, struct utmp.ut_type, struct utmp.ut_user], [], [], [
2180 #include <sys/types.h>
2184 dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination
2186 AC_CHECK_MEMBERS([struct utmp.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [
2187 AC_CHECK_MEMBERS([struct utmp.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [], [
2188 #include <sys/types.h>
2192 #include <sys/types.h>
2202 AC_CHECK_FUNCS(glob strrchr sysconf tzset strftime setenv \
2203 regcomp setlocale nl_langinfo mbr_check_membership \
2205 AC_REPLACE_FUNCS(getgrouplist)
2206 AC_CHECK_FUNCS(getline, [], [
2208 AC_CHECK_FUNCS(fgetln)
2211 dnl If libc supports _FORTIFY_SOURCE check functions, use it.
2213 if test "$enable_hardening" != "no"; then
2214 O_CPPFLAGS="$CPPFLAGS"
2215 CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"
2216 AC_CHECK_FUNC(__sprintf_chk, [
2217 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]])], [OSDEFS="${OSDEFS} -D_FORTIFY_SOURCE=2"], [])
2219 CPPFLAGS="$O_CPPFLAGS"
2223 AC_CHECK_FUNCS(getutxid getutid, [utmp_style=POSIX; break])
2224 if test "$utmp_style" = "LEGACY"; then
2225 AC_CHECK_FUNCS(getttyent ttyslot, [break])
2226 AC_CHECK_FUNCS(fseeko)
2229 AC_CHECK_FUNCS(sysctl, [AC_CHECK_MEMBERS([struct kinfo_proc.ki_tdev], [],
2231 AC_CHECK_MEMBERS([struct kinfo_proc2.p_tdev], [], [
2232 AC_CHECK_MEMBERS([struct kinfo_proc.p_tdev], [], [
2233 AC_CHECK_MEMBERS([struct kinfo_proc.kp_eproc.e_tdev], [], [], [
2234 #include <sys/param.h>
2235 #include <sys/sysctl.h>
2238 #include <sys/param.h>
2239 #include <sys/sysctl.h>
2243 #include <sys/param.h>
2244 #include <sys/sysctl.h>
2248 #include <sys/param.h>
2249 #include <sys/sysctl.h>
2250 #include <sys/user.h>
2254 AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(libutil.h util.h pty.h, [break])], [
2255 AC_CHECK_LIB(util, openpty, [
2256 AC_CHECK_HEADERS(libutil.h util.h pty.h, [break])
2257 case "$SUDO_LIBS" in
2259 *) SUDO_LIBS="${SUDO_LIBS} -lutil";;
2261 AC_DEFINE(HAVE_OPENPTY)
2263 AC_CHECK_FUNCS(_getpty, [], [
2264 AC_CHECK_FUNCS(grantpt, [
2265 AC_CHECK_FUNCS(posix_openpt)
2267 AC_CHECK_FUNCS(revoke)
2272 AC_CHECK_FUNCS(unsetenv, [SUDO_FUNC_UNSETENV_VOID], [])
2273 SUDO_FUNC_PUTENV_CONST
2274 if test -z "$SKIP_SETRESUID"; then
2275 AC_CHECK_FUNCS(setresuid, [
2277 AC_CHECK_FUNCS(getresuid)
2280 if test -z "$SKIP_SETREUID"; then
2281 AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
2283 if test -z "$SKIP_SETEUID"; then
2284 AC_CHECK_FUNCS(seteuid)
2286 if test X"$with_interfaces" != X"no"; then
2287 AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
2289 if test -z "$BROKEN_GETCWD"; then
2290 AC_REPLACE_FUNCS(getcwd)
2292 AC_CHECK_FUNCS(lockf flock, [break])
2293 AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
2294 AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
2295 AC_CHECK_FUNCS(killpg, [], [AC_LIBOBJ(killpg)])
2296 SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)
2297 COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }fnm_test"
2300 AC_REPLACE_FUNCS(memrchr pw_dup strlcpy strlcat)
2301 AC_CHECK_FUNCS(nanosleep, [], [
2302 # On Solaris, nanosleep is in librt
2303 AC_CHECK_LIB(rt, nanosleep, [REPLAY_LIBS="${REPLAY_LIBS} -lrt"], [AC_LIBOBJ(nanosleep)])
2305 AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom)
2306 AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [],
2307 [ #include <limits.h>
2308 #include <fcntl.h> ])
2310 AC_CHECK_FUNCS(mkstemps mkdtemp, [], [
2311 AC_CHECK_FUNCS(random lrand48, [break])
2314 AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
2315 if test X"$ac_cv_type_struct_timespec" != X"no"; then
2316 AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)]
2317 [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))],
2318 [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
2321 dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
2323 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2324 #include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2325 #include <$ac_header_dirent>]], [[DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);]])], [AC_DEFINE(HAVE_DD_FD)], [])])
2326 AC_CHECK_MEMBERS([struct dirent.d_type], [], [], [
2328 #include <$ac_header_dirent>
2331 dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
2332 dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
2334 if test -n "$NEED_SNPRINTF"; then
2338 dnl If socket(2) not in libc, check -lsocket and -linet
2339 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
2341 AC_CHECK_FUNC(socket, [], [
2342 for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
2344 for lib in $libs; do
2347 *) _libs="$_libs $lib";;
2351 test -z "$libs" && continue
2352 lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
2353 extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
2354 SUDO_CHECK_LIB($lib, socket, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs])
2358 dnl If inet_addr(3) not in libc, check -lnsl and -linet
2359 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
2361 AC_CHECK_FUNC(inet_addr, [], [
2362 AC_CHECK_FUNC(__inet_addr, [], [
2363 for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
2365 for lib in $libs; do
2368 *) _libs="$_libs $lib";;
2372 test -z "$libs" && continue
2373 lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
2374 extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
2375 SUDO_CHECK_LIB($lib, inet_addr, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs])
2380 dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
2382 AC_CHECK_FUNC(syslog, [], [
2383 for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
2385 for lib in $libs; do
2388 *) _libs="$_libs $lib";;
2392 test -z "$libs" && continue
2393 lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
2394 extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
2395 SUDO_CHECK_LIB($lib, syslog, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs])
2399 dnl If getaddrinfo(3) not in libc, check -lsocket and -linet
2400 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols.
2402 AC_CHECK_FUNCS(getaddrinfo, [], [
2404 for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
2406 for lib in $libs; do
2409 *) _libs="$_libs $lib";;
2413 test -z "$libs" && continue
2414 lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
2415 extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
2416 SUDO_CHECK_LIB($lib, getaddrinfo, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; found=yes; break], [], [$extralibs])
2418 if test X"$found" != X"no"; then
2419 AC_DEFINE(HAVE_GETADDRINFO)
2423 dnl Check for getprogname() or __progname
2425 AC_CHECK_FUNCS(getprogname, , [
2426 AC_MSG_CHECKING([for __progname])
2427 AC_CACHE_VAL(sudo_cv___progname, [
2428 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
2429 if test "$sudo_cv___progname" = "yes"; then
2430 AC_DEFINE(HAVE___PROGNAME)
2432 AC_LIBOBJ(getprogname)
2434 AC_MSG_RESULT($sudo_cv___progname)
2437 dnl Check for __func__ or __FUNCTION__
2439 AC_MSG_CHECKING([for __func__])
2440 AC_CACHE_VAL(sudo_cv___func__, [
2441 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[(void)puts(__func__);]])], [sudo_cv___func__=yes], [sudo_cv___func__=no])])
2442 AC_MSG_RESULT($sudo_cv___func__)
2443 if test "$sudo_cv___func__" = "yes"; then
2444 AC_DEFINE(HAVE___FUNC__)
2445 elif test -n "$GCC"; then
2446 AC_MSG_CHECKING([for __FUNCTION__])
2447 AC_CACHE_VAL(sudo_cv___FUNCTION__, [
2448 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[(void)puts(__FUNCTION__);]])], [sudo_cv___FUNCTION__=yes], [sudo_cv___FUNCTION__=no])])
2449 AC_MSG_RESULT($sudo_cv___FUNCTION__)
2450 if test "$sudo_cv___FUNCTION__" = "yes"; then
2451 AC_DEFINE(HAVE___FUNC__)
2452 AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler support __FUNCTION__ but not __func__])
2456 # gettext() and friends may be located in libc (Linux and Solaris)
2457 # or in libintl. However, it is possible to have libintl installed
2458 # even when gettext() is present in libc. In the case of GNU libintl,
2459 # gettext() will be defined to gettext_libintl in libintl.h.
2460 # Since gcc prefers /usr/local/include to /usr/include, we need to
2461 # make sure we use the gettext() that matches the include file.
2462 if test "$enable_nls" != "no"; then
2463 if test "$enable_nls" != "yes"; then
2464 CPPFLAGS="${CPPFLAGS} -I${enable_nls}/include"
2465 SUDO_APPEND_LIBPATH(LDFLAGS, [$enable_nls/lib])
2468 for l in "libc" "-lintl" "-lintl -liconv"; do
2469 if test "$l" = "libc"; then
2470 # If user specified a dir for libintl ignore libc
2471 if test "$enable_nls" != "yes"; then
2474 gettext_name=sudo_cv_gettext
2475 AC_MSG_CHECKING([for gettext])
2478 gettext_name=sudo_cv_gettext"`echo $l|sed -e 's/ //g' -e 's/-/_/g'`"
2479 AC_MSG_CHECKING([for gettext in $l])
2481 AC_CACHE_VAL($gettext_name, [
2484 AC_LANG_PROGRAM([[#include <libintl.h>]], [(void)gettext((char *)0);])
2485 ], [eval $gettext_name=yes], [eval $gettext_name=no]
2488 eval gettext_result="\$$gettext_name"
2489 AC_MSG_RESULT($gettext_result)
2490 if test "$gettext_result" = "yes"; then
2491 AC_CHECK_FUNCS(ngettext)
2497 if test "$sudo_cv_gettext" = "yes"; then
2498 AC_DEFINE(HAVE_LIBINTL_H)
2500 elif test "$sudo_cv_gettext_lintl" = "yes"; then
2501 AC_DEFINE(HAVE_LIBINTL_H)
2504 elif test "$sudo_cv_gettext_lintl_liconv" = "yes"; then
2505 AC_DEFINE(HAVE_LIBINTL_H)
2507 LIBINTL="-lintl -liconv"
2512 dnl Deferred zlib option processing.
2513 dnl By default we use the system zlib if it is present.
2514 dnl If a directory was specified for zlib (or we are use sudo's version),
2515 dnl prepend the include dir to make sure we get the right zlib header.
2517 case "$enable_zlib" in
2519 AC_CHECK_LIB(z, gzdopen, [
2520 AC_CHECK_HEADERS(zlib.h, [ZLIB="-lz"], [enable_zlib=builtin])
2526 AC_DEFINE(HAVE_ZLIB_H)
2533 AC_DEFINE(HAVE_ZLIB_H)
2534 CPPFLAGS="-I${enable_zlib}/include ${CPPFLAGS}"
2535 SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib])
2539 if test X"$enable_zlib" = X"builtin"; then
2540 AC_DEFINE(HAVE_ZLIB_H)
2541 CPPFLAGS='-I$(top_builddir)/zlib -I$(top_srcdir)/zlib '"${CPPFLAGS}"
2542 ZLIB="${ZLIB}"' $(top_builddir)/zlib/libz.la'
2544 AC_CONFIG_HEADER([zlib/zconf.h])
2545 AC_CONFIG_FILES([zlib/Makefile])
2549 dnl Check for errno declaration in errno.h
2551 AC_CHECK_DECLS([errno], [], [], [
2557 dnl Check for h_errno declaration in netdb.h
2559 AC_CHECK_DECLS([h_errno], [], [], [
2565 dnl Check for strsignal() or sys_siglist
2567 AC_CHECK_FUNCS(strsignal, [], [
2568 AC_LIBOBJ(strsignal)
2569 HAVE_SIGLIST="false"
2570 AC_CHECK_DECLS([sys_siglist, _sys_siglist, __sys_siglist], [
2577 if test "$HAVE_SIGLIST" != "true"; then
2583 dnl Check for sig2str(), sys_signame or sys_sigabbrev
2585 AC_CHECK_FUNCS(sig2str, [], [
2587 HAVE_SIGNAME="false"
2588 AC_CHECK_DECLS([sys_signame, _sys_signame, __sys_signame, sys_sigabbrev], [
2595 if test "$HAVE_SIGNAME" != "true"; then
2596 AC_CACHE_CHECK([for undeclared sys_sigabbrev],
2597 [sudo_cv_var_sys_sigabbrev],
2599 [AC_LANG_PROGRAM([[extern char **sys_sigabbrev;]], [[return sys_sigabbrev[1];]])],
2600 [sudo_cv_var_sys_sigabbrev=yes],
2601 [sudo_cv_var_sys_sigabbrev=no]
2605 if test "$sudo_cv_var_sys_sigabbrev" = yes; then
2606 AC_DEFINE(HAVE_SYS_SIGABBREV)
2614 dnl nsswitch.conf and its equivalents
2616 if test ${with_netsvc-"no"} != "no"; then
2617 SUDO_DEFINE_UNQUOTED(_PATH_NETSVC_CONF, "${with_netsvc-/etc/netsvc.conf}")
2618 netsvc_conf=${with_netsvc-/etc/netsvc.conf}
2619 elif test ${with_nsswitch-"yes"} != "no"; then
2620 SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}")
2621 nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf}
2625 dnl Mutually exclusive auth checks come first, followed by
2626 dnl non-exclusive ones. Note: passwd must be last of all!
2630 dnl Convert default authentication methods to with_* if
2631 dnl no explicit authentication scheme was specified.
2633 if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
2634 for auth in $AUTH_EXCL_DEF; do
2636 AIX_AUTH) with_aixauth=maybe;;
2637 BSD_AUTH) with_bsdauth=maybe;;
2638 PAM) with_pam=maybe;;
2639 SIA) CHECKSIA=true;;
2645 dnl PAM support. Systems that use PAM by default set with_pam=default
2646 dnl and we do the actual tests here.
2648 if test ${with_pam-"no"} != "no"; then
2650 # Check for pam_start() in libpam first, then for pam_appl.h.
2653 AC_CHECK_LIB(pam, pam_start, [found_pam_lib=yes], [], [$lt_cv_dlopen_libs])
2655 # Some PAM implementations (MacOS X for example) put the PAM headers
2656 # in /usr/include/pam instead of /usr/include/security...
2659 AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [found_pam_hdrs=yes; break])
2660 if test "$found_pam_lib" = "yes" -a "$found_pam_hdrs" = "yes"; then
2661 # Found both PAM libs and headers
2663 elif test "$with_pam" = "yes"; then
2664 if test "$found_pam_lib" = "no"; then
2665 AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development library."])
2667 if test "$found_pam_hdrs" = "no"; then
2668 AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development headers."])
2670 elif test "$found_pam_lib" != "$found_pam_hdrs"; then
2671 if test "$found_pam_lib" = "no"; then
2672 AC_MSG_ERROR(["found PAM headers but no PAM development library; specify --without-pam to build without PAM"])
2674 if test "$found_pam_hdrs" = "no"; then
2675 AC_MSG_ERROR(["found PAM library but no PAM development headers; specify --without-pam to build without PAM"])
2679 if test "$with_pam" = "yes"; then
2680 # Older PAM implementations lack pam_getenvlist
2682 LIBS="$LIBS -lpam $lt_cv_dlopen_libs"
2683 AC_CHECK_FUNCS(pam_getenvlist)
2686 # We already link with -ldl if needed (see LIBDL below)
2687 SUDOERS_LIBS="${SUDOERS_LIBS} -lpam"
2689 AUTH_OBJS="$AUTH_OBJS pam.lo";
2692 AC_ARG_WITH(pam-login, [AS_HELP_STRING([--with-pam-login], [enable specific PAM session for sudo -i])],
2693 [case $with_pam_login in
2694 yes) AC_DEFINE([HAVE_PAM_LOGIN])
2695 AC_MSG_CHECKING(whether to use PAM login)
2699 *) AC_MSG_ERROR(["--with-pam-login does not take an argument."])
2703 AC_MSG_CHECKING(whether to use PAM session support)
2704 AC_ARG_ENABLE(pam_session,
2705 [AS_HELP_STRING([--disable-pam-session], [Disable PAM session support])],
2706 [ case "$enableval" in
2707 yes) AC_MSG_RESULT(yes)
2709 no) AC_MSG_RESULT(no)
2710 AC_DEFINE(NO_PAM_SESSION)
2712 *) AC_MSG_RESULT(no)
2713 AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
2715 esac], AC_MSG_RESULT(yes))
2720 dnl AIX general authentication
2721 dnl If set to "maybe" only enable if no other exclusive method in use.
2723 if test ${with_aixauth-'no'} != "no"; then
2724 if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
2725 AC_MSG_NOTICE([using AIX general authentication])
2726 AC_DEFINE(HAVE_AIXAUTH)
2727 AUTH_OBJS="$AUTH_OBJS aix_auth.lo";
2728 SUDOERS_LIBS="${SUDOERS_LIBS} -ls"
2734 dnl BSD authentication
2735 dnl If set to "maybe" only enable if no other exclusive method in use.
2737 if test ${with_bsdauth-'no'} != "no"; then
2738 AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
2739 [AUTH_OBJS="$AUTH_OBJS bsdauth.lo"]
2740 [BSDAUTH_USAGE='[[-a auth_type]] ']
2741 [AUTH_EXCL=BSD_AUTH; BAMAN=1],
2742 [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
2746 dnl SIA authentication for Tru64 Unix
2748 if test ${CHECKSIA-'false'} = "true"; then
2749 AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
2750 if test "$found" = "true"; then
2752 AUTH_OBJS="$AUTH_OBJS sia.lo"
2757 dnl extra FWTK libs + includes
2759 if test ${with_fwtk-'no'} != "no"; then
2760 if test "$with_fwtk" != "yes"; then
2761 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_fwtk}])
2762 CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
2765 SUDOERS_LIBS="${SUDOERS_LIBS} -lauth -lfwall"
2766 AUTH_OBJS="$AUTH_OBJS fwtk.lo"
2770 dnl extra SecurID lib + includes
2772 if test ${with_SecurID-'no'} != "no"; then
2773 if test "$with_SecurID" != "yes"; then
2775 elif test -d /usr/ace/examples; then
2776 with_SecurID=/usr/ace/examples
2778 with_SecurID=/usr/ace
2780 CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
2781 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
2782 SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread"
2783 AUTH_OBJS="$AUTH_OBJS securid5.lo";
2787 dnl Non-mutually exclusive auth checks come next.
2788 dnl Note: passwd must be last of all!
2792 dnl Convert default authentication methods to with_* if
2793 dnl no explicit authentication scheme was specified.
2795 if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
2796 for auth in $AUTH_DEF; do
2798 passwd) : ${with_passwd='maybe'};;
2805 dnl There is an easy way and a hard way...
2807 if test ${with_kerb5-'no'} != "no"; then
2808 AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
2809 if test -n "$KRB5CONFIG"; then
2810 AC_DEFINE(HAVE_KERB5)
2811 AUTH_OBJS="$AUTH_OBJS kerb5.lo"
2812 CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
2813 SUDOERS_LIBS="$SUDOERS_LIBS `krb5-config --libs`"
2815 dnl Try to determine whether we have Heimdal or MIT Kerberos
2817 AC_MSG_CHECKING(whether we are using Heimdal)
2818 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2820 AC_DEFINE(HAVE_HEIMDAL)
2826 AC_DEFINE(HAVE_KERB5)
2828 dnl Use the specified directory, if any, else search for correct inc dir
2830 if test "$with_kerb5" = "yes"; then
2832 O_CPPFLAGS="$CPPFLAGS"
2833 for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
2834 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
2835 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]])], [found=yes; break])
2837 if test X"$found" = X"no"; then
2838 CPPFLAGS="$O_CPPFLAGS"
2839 AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
2842 dnl XXX - try to include krb5.h here too
2843 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb5}/lib])
2844 CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
2848 dnl Try to determine whether we have Heimdal or MIT Kerberos
2850 AC_MSG_CHECKING(whether we are using Heimdal)
2851 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2853 AC_DEFINE(HAVE_HEIMDAL)
2854 # XXX - need to check whether -lcrypo is needed!
2855 SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
2856 AC_CHECK_LIB(roken, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lroken"])
2859 SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lk5crypto -lcom_err"
2860 AC_CHECK_LIB(krb5support, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5support"])
2862 AUTH_OBJS="$AUTH_OBJS kerb5.lo"
2865 LIBS="${LIBS} ${SUDOERS_LIBS}"
2866 AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
2867 AC_CHECK_FUNCS(krb5_get_init_creds_opt_alloc, [
2868 AC_CACHE_CHECK([whether krb5_get_init_creds_opt_free takes a context],
2869 sudo_cv_krb5_get_init_creds_opt_free_two_args, [
2872 [[#include <krb5.h>]],
2873 [[krb5_get_init_creds_opt_free(NULL, NULL);]]
2875 [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes],
2876 [sudo_cv_krb5_get_init_creds_opt_free_two_args=no]
2881 if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then
2882 AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS)
2885 AC_MSG_CHECKING(whether to use an instance name for Kerberos V)
2886 AC_ARG_ENABLE(kerb5-instance,
2887 [AS_HELP_STRING([--enable-kerb5-instance], [instance string to append to the username (separated by a slash)])],
2888 [ case "$enableval" in
2889 yes) AC_MSG_ERROR(["must give --enable-kerb5-instance an argument."])
2891 no) AC_MSG_RESULT(no)
2893 *) SUDO_DEFINE_UNQUOTED(SUDO_KRB5_INSTANCE, "$enableval")
2894 AC_MSG_RESULT([$enableval])
2896 esac], AC_MSG_RESULT(no))
2900 dnl extra AFS libs and includes
2902 if test ${with_AFS-'no'} = "yes"; then
2904 # looks like the "standard" place for AFS libs is /usr/afsws/lib
2905 AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
2906 for i in $AFSLIBDIRS; do
2907 if test -d ${i}; then
2908 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [$i])
2909 FOUND_AFSLIBDIR=true
2912 if test -z "$FOUND_AFSLIBDIR"; then
2913 AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options.])
2916 # Order is important here. Note that we build AFS_LIBS from right to left
2917 # since AFS_LIBS may be initialized with BSD compat libs that must go last
2918 AFS_LIBS="-laudit ${AFS_LIBS}"
2919 for i in $AFSLIBDIRS; do
2920 if test -f ${i}/util.a; then
2921 AFS_LIBS="${i}/util.a ${AFS_LIBS}"
2926 if test -z "$FOUND_UTIL_A"; then
2927 AFS_LIBS="-lutil ${AFS_LIBS}"
2929 AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
2931 # AFS includes may live in /usr/include on some machines...
2932 for i in /usr/afsws/include; do
2933 if test -d ${i}; then
2934 CPPFLAGS="${CPPFLAGS} -I${i}"
2935 FOUND_AFSINCDIR=true
2939 if test -z "$FOUND_AFSLIBDIR"; then
2940 AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
2943 AUTH_OBJS="$AUTH_OBJS afs.lo"
2947 dnl extra DCE obj + lib
2948 dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
2950 if test ${with_DCE-'no'} = "yes"; then
2951 DCE_OBJS="${DCE_OBJS} dce_pwent.o"
2952 SUDOERS_LIBS="${SUDOERS_LIBS} -ldce"
2953 AUTH_OBJS="$AUTH_OBJS dce.lo"
2957 dnl extra S/Key lib and includes
2959 if test "${with_skey-'no'}" = "yes"; then
2960 O_LDFLAGS="$LDFLAGS"
2961 if test "$with_skey" != "yes"; then
2962 CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
2963 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
2964 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_skey}/lib])
2965 AC_CHECK_HEADER([skey.h], [found=yes], [found=no], [#include <stdio.h>])
2968 O_CPPFLAGS="$CPPFLAGS"
2969 for dir in "" "/usr/local" "/usr/contrib"; do
2970 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2971 AC_CHECK_HEADER([skey.h], [found=yes; break], [],
2972 [#include <stdio.h>])
2974 if test "$found" = "no" -o -z "$dir"; then
2975 CPPFLAGS="$O_CPPFLAGS"
2977 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2978 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib])
2980 if test "$found" = "no"; then
2981 AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
2984 AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS])])
2985 AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
2987 AC_MSG_CHECKING([for RFC1938-compliant skeychallenge])
2990 [[#include <stdio.h>
2991 #include <skey.h>]],
2992 [[skeychallenge(NULL, NULL, NULL, 0);]]
2994 AC_DEFINE(HAVE_RFC1938_SKEYCHALLENGE)
2995 AC_MSG_RESULT([yes])
3001 LDFLAGS="$O_LDFLAGS"
3002 SUDOERS_LIBS="${SUDOERS_LIBS} -lskey"
3003 AUTH_OBJS="$AUTH_OBJS rfc1938.lo"
3007 dnl extra OPIE lib and includes
3009 if test "${with_opie-'no'}" = "yes"; then
3010 O_LDFLAGS="$LDFLAGS"
3011 if test "$with_opie" != "yes"; then
3012 CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
3013 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
3014 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_opie}/lib])
3015 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes], [found=no])
3018 O_CPPFLAGS="$CPPFLAGS"
3019 for dir in "" "/usr/local" "/usr/contrib"; do
3020 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
3021 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes; break])
3023 if test "$found" = "no" -o -z "$dir"; then
3024 CPPFLAGS="$O_CPPFLAGS"
3026 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
3027 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib])
3029 if test "$found" = "no"; then
3030 AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
3033 AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS])])
3034 LDFLAGS="$O_LDFLAGS"
3035 SUDOERS_LIBS="${SUDOERS_LIBS} -lopie"
3036 AUTH_OBJS="$AUTH_OBJS rfc1938.lo"
3040 dnl Check for shadow password routines if we have not already done so.
3041 dnl If there is a specific list of functions to check we do that first.
3042 dnl Otherwise, we check for SVR4-style and then SecureWare-style.
3044 if test ${with_passwd-'no'} != "no"; then
3046 dnl if crypt(3) not in libc, look elsewhere
3048 if test -z "$LIB_CRYPT"; then
3050 AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"])
3054 if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
3056 LIBS="$LIBS $shadow_libs"
3058 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
3059 if test "$found" = "yes"; then
3060 SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs"
3061 elif test -n "$shadow_libs_optional"; then
3062 LIBS="$LIBS $shadow_libs_optional"
3063 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
3064 if test "$found" = "yes"; then
3065 SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs $shadow_libs_optional"
3068 if test "$found" = "yes"; then
3069 case "$shadow_funcs" in
3070 *getprpwnam*) SECUREWARE=1;;
3072 test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
3078 if test "$CHECKSHADOW" = "true"; then
3079 AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"])
3081 if test "$CHECKSHADOW" = "true"; then
3082 AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"])
3084 if test -n "$SECUREWARE"; then
3085 AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
3086 AUTH_OBJS="$AUTH_OBJS secureware.lo"
3091 dnl extra lib and .o file for LDAP support
3093 if test ${with_ldap-'no'} != "no"; then
3095 if test "$with_ldap" != "yes"; then
3096 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_ldap}/lib])
3097 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
3098 CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
3101 SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo"
3104 AC_MSG_CHECKING([for LDAP libraries])
3108 for l in -lldap -llber '-lssl -lcrypto'; do
3110 LDAP_LIBS="${LDAP_LIBS} $l"
3111 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
3113 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
3115 if test "$found" = "no"; then
3118 for l in -libmldap -lidsldif; do
3120 LDAP_LIBS="${LDAP_LIBS} $l"
3121 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
3123 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
3126 dnl if nothing linked just try with -lldap
3127 if test "$found" = "no"; then
3128 LIBS="${_LIBS} -lldap"
3130 AC_MSG_RESULT([not found, using -lldap])
3132 AC_MSG_RESULT([$LDAP_LIBS])
3134 dnl check if we need to link with -llber for ber_set_option
3136 AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
3137 if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
3138 LDAP_LIBS="$LDAP_LIBS -llber"
3140 dnl check if ldap.h includes lber.h for us
3141 AC_MSG_CHECKING([whether lber.h is needed])
3142 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
3143 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
3144 AC_MSG_RESULT([yes])
3145 AC_DEFINE(HAVE_LBER_H)])
3147 AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)], [break])
3148 AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
3149 AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_init ldap_ssl_client_init ldap_start_tls_s_np)
3150 AC_CHECK_FUNCS(ldap_search_ext_s ldap_search_st, [break])
3152 if test X"$check_gss_krb5_ccache_name" = X"yes"; then
3153 AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,
3154 AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
3155 [LDAP_LIBS="${LDAP_LIBS} -lgssapi"],
3156 AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,
3157 AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
3158 [LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"])
3161 # gssapi headers may be separate or part of Kerberos V
3163 O_CPPFLAGS="$CPPFLAGS"
3164 for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do
3165 test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
3166 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <gssapi/gssapi.h>]])], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <gssapi.h>]])], [found="gssapi.h"; break])])
3168 if test X"$found" != X"no"; then
3169 AC_CHECK_HEADERS([$found])
3170 if test X"$found" = X"gssapi/gssapi.h"; then
3171 AC_CHECK_HEADERS([gssapi/gssapi_krb5.h])
3174 CPPFLAGS="$O_CPPFLAGS"
3175 AC_MSG_WARN([Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS])
3179 SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}"
3185 # How to do dynamic object loading.
3186 # We support dlopen() and sh_load(), else fall back to static loading.
3188 case "$lt_cv_dlopen" in
3190 AC_DEFINE(HAVE_DLOPEN)
3191 SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo"
3192 LT_STATIC="--tag=disable-static"
3195 AC_DEFINE(HAVE_SHL_LOAD)
3196 SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo"
3197 LT_STATIC="--tag=disable-static"
3201 if test X"${ac_cv_func_dlopen}" = X"yes"; then
3202 AC_MSG_ERROR(["dlopen present but libtool doesn't appear to support your platform."])
3204 # Preload sudoers module symbols
3205 SUDO_OBJS="${SUDO_OBJS} preload.o"
3206 SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la"
3213 # Add library needed for dynamic loading, if any.
3215 LIBDL="$lt_cv_dlopen_libs"
3216 if test X"$LIBDL" != X""; then
3217 SUDO_LIBS="${SUDO_LIBS} $LIBDL"
3218 SUDOERS_LIBS="${SUDOERS_LIBS} $LIBDL"
3221 # On HP-UX, you cannot dlopen() a shared object that uses pthreads unless
3222 # the main program is linked against -lpthread. We have no knowledge of
3223 # what libraries a plugin may depend on (e.g. HP-UX LDAP which uses pthreads)
3224 # so always link against -lpthread on HP-UX if it is available.
3225 # This check should go after all other libraries tests.
3228 AC_CHECK_LIB(pthread, main, [SUDO_LIBS="${SUDO_LIBS} -lpthread"])
3233 dnl Add $blibpath to SUDOERS_LDFLAGS if specified by the user or if we
3234 dnl added -L dirpaths to SUDOERS_LDFLAGS.
3236 if test -n "$blibpath"; then
3237 if test -n "$blibpath_add"; then
3238 SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
3239 elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
3240 SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}"
3245 dnl Check for log file, timestamp and iolog locations
3247 if test "$utmp_style" = "LEGACY"; then
3255 dnl Turn warnings into errors.
3256 dnl All compiler/loader tests after this point will fail if
3257 dnl a warning is displayed (nornally, warnings are not fata).
3262 dnl If compiler supports the -static-libgcc flag use it unless we have
3263 dnl GNU ld (which can avoid linking in libgcc when it is not needed).
3264 dnl This test relies on AC_LANG_WERROR
3266 if test -n "$GCC" -a "$lt_cv_prog_gnu_ld" != "yes" -a -n "$GCC"; then
3267 AX_CHECK_COMPILE_FLAG([-static-libgcc], [LT_LDFLAGS="$LT_LDFLAGS -Wc,-static-libgcc"])
3271 dnl Check for symbol visibility support.
3272 dnl This test relies on AC_LANG_WERROR
3274 if test -n "$GCC"; then
3275 AX_CHECK_COMPILE_FLAG([-fvisibility=hidden], [
3276 AC_DEFINE(HAVE_DSO_VISIBILITY)
3277 CFLAGS="${CFLAGS} -fvisibility=hidden"
3285 AX_CHECK_COMPILE_FLAG([-Bhidden_def], [
3286 AC_DEFINE(HAVE_DSO_VISIBILITY)
3287 CFLAGS="${CFLAGS} -Bhidden_def"
3293 AX_CHECK_COMPILE_FLAG([-xldscope=hidden], [
3294 AC_DEFINE(HAVE_DSO_VISIBILITY)
3295 CFLAGS="${CFLAGS} -xldscope=hidden"
3304 dnl If the compiler doesn't have symbol visibility support, it may
3305 dnl support version scripts (only GNU and Solaris ld).
3306 dnl This test relies on AC_LANG_WERROR
3308 if test -n "$LT_LDEXPORTS"; then
3309 if test "$lt_cv_prog_gnu_ld" = "yes"; then
3310 AC_CACHE_CHECK([whether ld supports anonymous map files],
3311 [sudo_cv_var_gnu_ld_anon_map],
3313 cat > conftest.map <<-EOF
3320 CFLAGS="$CFLAGS $lt_prog_compiler_pic"
3322 LDFLAGS="$LDFLAGS -fpic -shared -Wl,--version-script,./conftest.map"
3323 AC_TRY_LINK([int foo;], [], [
3324 sudo_cv_var_gnu_ld_anon_map=yes
3330 if test "$sudo_cv_var_gnu_ld_anon_map" = "yes"; then
3331 LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,--version-script,\$(shlib_map)"
3336 AC_CACHE_CHECK([whether ld supports anonymous map files],
3337 [sudo_cv_var_solaris_ld_anon_map],
3339 cat > conftest.map <<-EOF
3346 CFLAGS="$CFLAGS $lt_prog_compiler_pic"
3348 LDFLAGS="$LDFLAGS -shared -Wl,-M,./conftest.map"
3349 AC_TRY_LINK([int foo;], [], [
3350 sudo_cv_var_solaris_ld_anon_map=yes
3356 if test "$sudo_cv_var_solaris_ld_anon_map" = "yes"; then
3357 LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,-M,\$(shlib_map)"
3361 AC_CACHE_CHECK([whether ld supports controlling exported symbols],
3362 [sudo_cv_var_hpux_ld_symbol_export],
3364 echo "+e foo" > conftest.opt
3366 CFLAGS="$CFLAGS $lt_prog_compiler_pic"
3368 if test -n "$GCC"; then
3369 LDFLAGS="$LDFLAGS -shared -Wl,-c,./conftest.opt"
3371 LDFLAGS="$LDFLAGS -Wl,-b -Wl,-c,./conftest.opt"
3373 AC_TRY_LINK([int foo;], [], [
3374 sudo_cv_var_hpux_ld_symbol_export=yes
3380 if test "$sudo_cv_var_hpux_ld_symbol_export" = "yes"; then
3381 LT_LDEXPORTS=; LT_LDDEP="\$(shlib_opt)"; LT_LDOPT="-Wl,-c,\$(shlib_opt)"
3389 dnl Check for PIE executable support if using gcc.
3390 dnl This test relies on AC_LANG_WERROR
3392 if test "$enable_pie" != "no" -a -n "$GCC"; then
3393 AX_CHECK_COMPILE_FLAG([-fPIE], [
3395 CFLAGS="$CFLAGS -fPIE"
3396 AX_CHECK_LINK_FLAG([-pie], [
3405 dnl Check for -fstack-protector and -z relro support
3406 dnl This test relies on AC_LANG_WERROR
3408 if test "$enable_hardening" != "no"; then
3409 if test -n "$GCC"; then
3410 AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [
3411 AX_CHECK_LINK_FLAG([-fstack-protector-all], [
3412 SSP_CFLAGS="-fstack-protector-all"
3413 SSP_LDFLAGS="-Wc,-fstack-protector-all"
3416 if test -z "$SSP_CFLAGS"; then
3417 AX_CHECK_COMPILE_FLAG([-fstack-protector], [
3418 AX_CHECK_LINK_FLAG([-fstack-protector], [
3419 SSP_CFLAGS="-fstack-protector"
3420 SSP_LDFLAGS="-Wc,-fstack-protector"
3425 AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="${LDFLAGS} -Wl,-z,relro"])
3429 dnl Use passwd auth module?
3431 case "$with_passwd" in
3433 AUTH_OBJS="$AUTH_OBJS getspwuid.lo passwd.lo"
3436 AC_DEFINE(WITHOUT_PASSWD)
3437 if test -z "$AUTH_OBJS"; then
3438 AC_MSG_ERROR([no authentication methods defined.])
3442 AUTH_OBJS=${AUTH_OBJS# }
3443 _AUTH=`echo "$AUTH_OBJS" | sed -e 's/\.lo//g' -e 's/getspwuid *//'`
3444 AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
3447 dnl LIBS may contain duplicates from SUDO_LIBS, SUDOERS_LIBS, or NET_LIBS
3449 if test -n "$LIBS"; then
3454 for sl in ${SUDO_LIBS} ${SUDOERS_LIBS} ${NET_LIBS}; do
3455 test $l = $sl && dupe=1
3457 test $dupe = 0 && LIBS="${LIBS} $l"
3462 dnl We add -Wall and -Werror after all tests so they don't cause failures
3464 if test -n "$GCC"; then
3465 if test X"$enable_warnings" = X"yes" -o X"$with_devel" = X"yes"; then
3466 CFLAGS="${CFLAGS} -Wall"
3468 if test X"$enable_werror" = X"yes"; then
3469 CFLAGS="${CFLAGS} -Werror"
3474 dnl Skip regress tests and sudoers sanity check if cross compiling.
3476 CROSS_COMPILING="$cross_compiling"
3481 test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
3484 dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
3485 dnl XXX - this is gross!
3487 if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
3488 oexec_prefix="$exec_prefix"
3489 if test "$exec_prefix" = '$(prefix)'; then
3490 if test "$prefix" = "NONE"; then
3491 exec_prefix="$ac_default_prefix"
3493 exec_prefix="$prefix"
3496 if test X"$with_noexec" != X"no"; then
3497 PROGS="${PROGS} libsudo_noexec.la"
3498 INSTALL_NOEXEC="install-noexec"
3500 noexec_file="$with_noexec"
3502 while test X"$noexec_file" != X"$_noexec_file"; do
3503 _noexec_file="$noexec_file"
3504 eval noexec_file="$_noexec_file"
3506 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
3508 if test X"$with_selinux" != X"no"; then
3509 sesh_file="$libexecdir/sesh"
3511 while test X"$sesh_file" != X"$_sesh_file"; do
3512 _sesh_file="$sesh_file"
3513 eval sesh_file="$_sesh_file"
3515 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
3517 PLUGINDIR="$with_plugindir"
3519 while test X"$PLUGINDIR" != X"$_PLUGINDIR"; do
3520 _PLUGINDIR="$PLUGINDIR"
3521 eval PLUGINDIR="$_PLUGINDIR"
3523 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/")
3524 SUDO_DEFINE_UNQUOTED(SUDOERS_PLUGIN, "sudoers${SOEXT}")
3525 exec_prefix="$oexec_prefix"
3529 dnl Override default configure dirs for the Makefile
3531 if test X"$prefix" = X"NONE"; then
3532 test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
3534 test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man'
3536 test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
3537 test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
3538 test "$libexecdir" = '${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec'
3539 test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include'
3540 test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share'
3541 test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
3542 test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
3543 test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
3544 test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
3547 dnl Substitute into the Makefile and man pages
3549 AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/sample_group/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers])
3553 dnl Spew any text the user needs to know about
3555 if test "$with_pam" = "yes"; then
3558 if test -f /usr/lib/security/libpam_hpsec.so.1; then
3559 AC_MSG_NOTICE([You may wish to add the following line to /etc/pam.conf])
3560 AC_MSG_NOTICE([sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login])
3564 AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
3570 dnl Autoheader templates
3572 AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
3573 AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
3574 AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
3575 AH_TEMPLATE(SUDOERS_PLUGIN, [The name of the sudoers plugin, including extension.])
3576 AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
3577 AH_TEMPLATE(ENV_DEBUG, [Define to 1 to enable environment function debugging.])
3578 AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
3579 AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
3580 AH_TEMPLATE(ENV_RESET, [Define to 1 to enable environment resetting by default.])
3581 AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
3582 AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
3583 AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
3584 AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
3585 AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
3586 AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM audit support.])
3587 AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
3588 AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
3589 AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
3590 AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
3591 AH_TEMPLATE(HAVE_DLOPEN, [Define to 1 if you have the `dlopen' function.])
3592 AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
3593 AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
3594 AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
3595 AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)])
3596 AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)])
3597 AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
3598 AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
3599 AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
3600 AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.])
3601 AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
3602 AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
3603 AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
3604 AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
3605 AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.])
3606 AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.])
3607 AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.])
3608 AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.])
3609 AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
3610 AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
3611 AH_TEMPLATE(HAVE_LIBINTL_H, [Define to 1 if you have the <libintl.h> header file.])
3612 AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.])
3613 AH_TEMPLATE(HAVE_SSSD, [Define to 1 to enable SSSD support.])
3614 AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
3615 AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
3616 AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.])
3617 AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
3618 AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
3619 AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.])
3620 AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.])
3621 AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.])
3622 AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
3623 AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
3624 AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments])
3625 AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union])
3626 AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
3627 AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
3628 AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
3629 AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
3630 AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
3631 AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
3632 AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
3633 AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
3634 AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
3635 AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support])
3636 AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
3637 AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
3638 AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.])
3639 AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
3640 AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
3641 AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
3642 AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
3643 AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
3644 AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
3645 AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
3646 AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
3647 AH_TEMPLATE(UMASK_OVERRIDE, [Define to 1 to use the umask specified in sudoers even when it is less restrictive than the invoking user's.])
3648 AH_TEMPLATE(USE_ADMIN_FLAG, [Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo.])
3649 AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
3650 AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
3651 AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
3652 AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
3653 AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.])
3654 AH_TEMPLATE(socklen_t, [Define to `unsigned int' if <sys/socket.h> doesn't define.])
3655 AH_TEMPLATE(HAVE_STRUCT_UTMP_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmp'.])
3656 AH_TEMPLATE(HAVE_STRUCT_UTMPX_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmpx'.])
3657 AH_TEMPLATE(HAVE___FUNC__, [Define to 1 if the compiler supports the C99 __func__ variable.])
3658 AH_TEMPLATE(SUDO_KRB5_INSTANCE, [An instance string to append to the username (separated by a slash) for Kerberos V authentication])
3659 AH_TEMPLATE(RTLD_PRELOAD_VAR, [The environment variable that controls preloading of dynamic objects.])
3660 AH_TEMPLATE(RTLD_PRELOAD_ENABLE_VAR, [An extra environment variable that is required to enable preloading (if any).])
3661 AH_TEMPLATE(RTLD_PRELOAD_DELIM, [The delimiter to use when defining multiple preloaded objects.])
3662 AH_TEMPLATE(RTLD_PRELOAD_DEFAULT, [The default value of preloaded objects (if any).])
3663 AH_TEMPLATE(HAVE_DSO_VISIBILITY, [Define to 1 if the compiler supports the __visibility__ attribute.])
3664 AH_TEMPLATE(HAVE_SYS_SIGABBREV, [Define to 1 if your libc has the `sys_sigabbrev' symbol.])
3667 dnl Bits to copy verbatim into config.h.in
3669 AH_TOP([#ifndef _SUDO_CONFIG_H
3670 #define _SUDO_CONFIG_H])
3673 * Macros to convert ctime and mtime into timevals.
3675 #define timespec2timeval(_ts, _tv) do { \
3676 (_tv)->tv_sec = (_ts)->tv_sec; \
3677 (_tv)->tv_usec = (_ts)->tv_nsec / 1000; \
3681 # ifdef HAVE_ST__TIM
3682 # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim.st__tim, (_y))
3683 # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim.st__tim, (_y))
3685 # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim, (_y))
3686 # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim, (_y))
3689 # ifdef HAVE_ST_MTIMESPEC
3690 # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctimespec, (_y))
3691 # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtimespec, (_y))
3693 # define ctim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_ctime; (_y)->tv_usec = 0; } while (0)
3694 # define mtim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_mtime; (_y)->tv_usec = 0; } while (0)
3695 # endif /* HAVE_ST_MTIMESPEC */
3696 #endif /* HAVE_ST_MTIM */
3699 # define ignore_result(x) do { \
3700 __typeof__(x) y = (x); \
3704 # define ignore_result(x) (void)(x)
3707 /* Macros to set/clear/test flags. */
3709 #define SET(t, f) ((t) |= (f))
3711 #define CLR(t, f) ((t) &= ~(f))
3713 #define ISSET(t, f) ((t) & (f))
3715 /* ANSI-style OS defs for HP-UX and ConvexOS. */
3716 #if defined(hpux) && !defined(__hpux)
3720 #if defined(convex) && !defined(__convex__)
3721 # define __convex__ 1
3724 /* BSD compatibility on some SVR4 systems. */
3727 #endif /* __svr4__ */
3729 #endif /* _SUDO_CONFIG_H */])