2 dnl Process this file with GNU autoconf to produce a configure script.
4 dnl Copyright (c) 1994-1996,1998-2010 Todd C. Miller <Todd.Miller@courtesan.com>
6 AC_INIT([sudo], [1.7.4p4], [http://www.sudo.ws/bugs/], [sudo])
7 AC_CONFIG_HEADER(config.h pathnames.h)
9 dnl This won't work before AC_INIT
11 AC_MSG_NOTICE([Configuring Sudo version $PACKAGE_VERSION])
13 dnl Variables that get substituted in the Makefile and man pages
15 AC_SUBST([HAVE_BSM_AUDIT])
22 AC_SUBST([COMMON_OBJS])
23 AC_SUBST([SUDO_LDFLAGS])
29 AC_SUBST([GETGROUPS_LIB])
33 AC_SUBST([MAN_POSTINSTALL])
34 AC_SUBST([SUDOERS_MODE])
35 AC_SUBST([SUDOERS_UID])
36 AC_SUBST([SUDOERS_GID])
43 AC_SUBST([mansectform])
45 AC_SUBST([NOEXECFILE])
47 AC_SUBST([noexec_file])
48 AC_SUBST([INSTALL_NOEXEC])
49 AC_SUBST([DONT_LEAK_PATH_INFO])
50 AC_SUBST([BSDAUTH_USAGE])
51 AC_SUBST([SELINUX_USAGE])
54 AC_SUBST([LOGINCAP_USAGE])
56 AC_SUBST([CONFIGURE_ARGS])
58 dnl Variables that get substituted in docs (not overridden by environment)
60 AC_SUBST([timedir])dnl real initial value from SUDO_TIMEDIR
62 AC_SUBST([password_timeout])
63 AC_SUBST([sudo_umask])
64 AC_SUBST([passprompt])
65 AC_SUBST([long_otp_prompt])
71 AC_SUBST([ignore_dot])
72 AC_SUBST([mail_no_user])
73 AC_SUBST([mail_no_host])
74 AC_SUBST([mail_no_perms])
77 AC_SUBST([badpass_message])
79 AC_SUBST([runas_default])
80 AC_SUBST([env_editor])
81 AC_SUBST([passwd_tries])
82 AC_SUBST([tty_tickets])
87 AC_SUBST([ldap_secret])
88 AC_SUBST([nsswitch_conf])
89 AC_SUBST([netsvc_conf])
90 AC_SUBST([secure_path])
93 # Begin initial values for man page substitution
99 passprompt="Password:"
111 mailsub="*** SECURITY information for %h ***"
112 badpass_message="Sorry, try again."
122 ldap_conf=/etc/ldap.conf
123 ldap_secret=/etc/ldap.secret
124 netsvc_conf=/etc/netsvc.conf
125 noexec_file=/usr/local/libexec/sudo_noexec.so
126 nsswitch_conf=/etc/nsswitch.conf
127 secure_path="not set"
129 # End initial values for man page substitution
132 dnl Initial values for Makefile variables listed above
133 dnl May be overridden by environment variables..
140 : ${SUDOERS_MODE='0440'}
163 shadow_libs_optional=
168 dnl Deprecated --with options (these all warn or generate an error)
171 AC_ARG_WITH(otp-only, [AS_HELP_STRING([--with-otp-only], [deprecated])],
172 [case $with_otp_only in
173 yes) with_passwd="no"
174 AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
178 AC_ARG_WITH(alertmail, [AS_HELP_STRING([--with-alertmail], [deprecated])],
179 [case $with_alertmail in
180 *) with_mailto="$with_alertmail"
181 AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
186 dnl Options for --with
189 AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])],
191 yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
192 PROGS="${PROGS} testsudoers"
193 OSDEFS="${OSDEFS} -DSUDO_DEVEL"
198 *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
201 if test X"$with_devel" != X"yes"; then
205 AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])],
207 yes) AC_MSG_ERROR(["must give --with-CC an argument."])
209 no) AC_MSG_ERROR(["illegal argument: --without-CC."])
215 AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [pass -R flag in addition to -L for lib paths])],
218 *) AC_MSG_ERROR(["--with-rpath does not take an argument."])
222 AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [pass -blibpath flag to ld for additional lib paths])],
223 [case $with_blibpath in
225 *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
230 dnl Handle BSM auditing support.
232 AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit support])],
233 [case $with_bsm_audit in
234 yes) AC_DEFINE(HAVE_BSM_AUDIT)
235 SUDO_LIBS="${SUDO_LIBS} -lbsm"
236 SUDO_OBJS="${SUDO_OBJS} bsm_audit.o"
239 *) AC_MSG_ERROR(["--with-bsm-audit does not take an argument."])
244 dnl Handle Linux auditing support.
246 AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux-audit], [enable Linux audit support])],
247 [case $with_linux_audit in
249 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <libaudit.h>]], [[int i = AUDIT_USER_CMD; (void)i;]])], [
250 AC_DEFINE(HAVE_LINUX_AUDIT)
251 SUDO_LIBS="${SUDO_LIBS} -laudit"
252 SUDO_OBJS="${SUDO_OBJS} linux_audit.o"
254 AC_MSG_ERROR([unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit])
258 *) AC_MSG_ERROR(["--with-linux-audit does not take an argument."])
262 AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])],
263 [case $with_incpath in
264 yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
266 no) AC_MSG_ERROR(["--without-incpath not supported."])
268 *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
269 for i in ${with_incpath}; do
270 CPPFLAGS="${CPPFLAGS} -I${i}"
275 AC_ARG_WITH(libpath, [AS_HELP_STRING([--with-libpath], [additional places to look for libraries])],
276 [case $with_libpath in
277 yes) AC_MSG_ERROR(["must give --with-libpath an argument."])
279 no) AC_MSG_ERROR(["--without-libpath not supported."])
281 *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS])
285 AC_ARG_WITH(libraries, [AS_HELP_STRING([--with-libraries], [additional libraries to link with])],
286 [case $with_libraries in
287 yes) AC_MSG_ERROR(["must give --with-libraries an argument."])
289 no) AC_MSG_ERROR(["--without-libraries not supported."])
291 *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS])
295 AC_ARG_WITH(efence, [AS_HELP_STRING([--with-efence], [link with -lefence for malloc() debugging])],
296 [case $with_efence in
297 yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
298 LIBS="${LIBS} -lefence"
299 if test -f /usr/local/lib/libefence.a; then
300 with_libpath="${with_libpath} /usr/local/lib"
304 *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence])
308 AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])],
310 yes) AC_MSG_NOTICE([Adding CSOps standard options])
314 with_classic_insults=yes
315 with_csops_insults=yes
321 *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
325 AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])],
326 [case $with_passwd in
327 yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
328 AC_MSG_RESULT($with_passwd)
330 test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
332 *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
336 AC_ARG_WITH(skey, [AS_HELP_STRING([--with-skey[=DIR]], [enable S/Key support ])],
340 *) AC_DEFINE(HAVE_SKEY)
341 AC_MSG_CHECKING(whether to try S/Key authentication)
343 AUTH_REG="$AUTH_REG S/Key"
347 AC_ARG_WITH(opie, [AS_HELP_STRING([--with-opie[=DIR]], [enable OPIE support ])],
351 *) AC_DEFINE(HAVE_OPIE)
352 AC_MSG_CHECKING(whether to try NRL OPIE authentication)
354 AUTH_REG="$AUTH_REG NRL_OPIE"
358 AC_ARG_WITH(long-otp-prompt, [AS_HELP_STRING([--with-long-otp-prompt], [use a two line OTP (skey/opie) prompt])],
359 [case $with_long_otp_prompt in
360 yes) AC_DEFINE(LONG_OTP_PROMPT)
361 AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
365 no) long_otp_prompt=off
367 *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."])
371 AC_ARG_WITH(SecurID, [AS_HELP_STRING([--with-SecurID[[=DIR]]], [enable SecurID support])],
372 [case $with_SecurID in
373 no) with_SecurID="";;
374 *) AC_DEFINE(HAVE_SECURID)
375 AC_MSG_CHECKING(whether to use SecurID for authentication)
377 AUTH_EXCL="$AUTH_EXCL SecurID"
381 AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]]], [enable FWTK AuthSRV support])],
384 *) AC_DEFINE(HAVE_FWTK)
385 AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
387 AUTH_EXCL="$AUTH_EXCL FWTK"
391 AC_ARG_WITH(kerb4, [AS_HELP_STRING([--with-kerb4[[=DIR]]], [enable Kerberos IV support])],
394 *) AC_MSG_CHECKING(whether to try kerberos IV authentication)
396 AUTH_REG="$AUTH_REG kerb4"
400 AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])],
403 *) AC_MSG_CHECKING(whether to try Kerberos V authentication)
405 AUTH_REG="$AUTH_REG kerb5"
409 AC_ARG_WITH(aixauth, [AS_HELP_STRING([--with-aixauth], [enable AIX general authentication support])],
410 [case $with_aixauth in
411 yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
413 *) AC_MSG_ERROR(["--with-aixauth does not take an argument."])
417 AC_ARG_WITH(pam, [AS_HELP_STRING([--with-pam], [enable PAM support])],
419 yes) AUTH_EXCL="$AUTH_EXCL PAM";;
421 *) AC_MSG_ERROR(["--with-pam does not take an argument."])
425 AC_ARG_WITH(AFS, [AS_HELP_STRING([--with-AFS], [enable AFS support])],
427 yes) AC_DEFINE(HAVE_AFS)
428 AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
430 AUTH_REG="$AUTH_REG AFS"
433 *) AC_MSG_ERROR(["--with-AFS does not take an argument."])
437 AC_ARG_WITH(DCE, [AS_HELP_STRING([--with-DCE], [enable DCE support])],
439 yes) AC_DEFINE(HAVE_DCE)
440 AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
442 AUTH_REG="$AUTH_REG DCE"
445 *) AC_MSG_ERROR(["--with-DCE does not take an argument."])
449 AC_ARG_WITH(logincap, [AS_HELP_STRING([--with-logincap], [enable BSD login class support])],
450 [case $with_logincap in
452 *) AC_MSG_ERROR(["--with-logincap does not take an argument."])
456 AC_ARG_WITH(bsdauth, [AS_HELP_STRING([--with-bsdauth], [enable BSD authentication support])],
457 [case $with_bsdauth in
458 yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
460 *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
464 AC_ARG_WITH(project, [AS_HELP_STRING([--with-project], [enable Solaris project support])],
465 [case $with_project in
468 *) AC_MSG_ERROR(["--with-project does not take an argument."])
472 AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
473 AC_ARG_WITH(lecture, [AS_HELP_STRING([--without-lecture], [don't print lecture for first-time sudoer])],
474 [case $with_lecture in
475 yes|short|always) lecture=once
477 no|none|never) lecture=never
479 *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"])
482 if test "$lecture" = "once"; then
485 AC_DEFINE(NO_LECTURE)
489 AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
490 AC_ARG_WITH(logging, [AS_HELP_STRING([--with-logging], [log via syslog, file, or both])],
491 [case $with_logging in
492 yes) AC_MSG_ERROR(["must give --with-logging an argument."])
494 no) AC_MSG_ERROR(["--without-logging not supported."])
496 syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG)
497 AC_MSG_RESULT(syslog)
499 file) AC_DEFINE(LOGGING, SLOG_FILE)
502 both) AC_DEFINE(LOGGING, SLOG_BOTH)
505 *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"])
507 esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
509 AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "auth")])],
510 [case $with_logfac in
511 yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
513 no) AC_MSG_ERROR(["--without-logfac not supported."])
515 authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac
517 *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
521 AC_MSG_CHECKING(at which syslog priority to log commands)
522 AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])],
523 [case $with_goodpri in
524 yes) AC_MSG_ERROR(["must give --with-goodpri an argument."])
526 no) AC_MSG_ERROR(["--without-goodpri not supported."])
528 alert|crit|debug|emerg|err|info|notice|warning)
529 goodpri=$with_goodpri
531 *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."])
534 AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
535 AC_MSG_RESULT($goodpri)
537 AC_MSG_CHECKING(at which syslog priority to log failures)
538 AC_ARG_WITH(badpri, [AS_HELP_STRING([--with-badpri], [syslog priority for failures (def is "alert")])],
539 [case $with_badpri in
540 yes) AC_MSG_ERROR(["must give --with-badpri an argument."])
542 no) AC_MSG_ERROR(["--without-badpri not supported."])
544 alert|crit|debug|emerg|err|info|notice|warning)
547 *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
550 AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
551 AC_MSG_RESULT($badpri)
553 AC_ARG_WITH(logpath, [AS_HELP_STRING([--with-logpath], [path to the sudo log file])],
554 [case $with_logpath in
555 yes) AC_MSG_ERROR(["must give --with-logpath an argument."])
557 no) AC_MSG_ERROR(["--without-logpath not supported."])
561 AC_MSG_CHECKING(how long a line in the log file should be)
562 AC_ARG_WITH(loglen, [AS_HELP_STRING([--with-loglen], [maximum length of a log file line (default is 80)])],
563 [case $with_loglen in
564 yes) AC_MSG_ERROR(["must give --with-loglen an argument."])
566 no) AC_MSG_ERROR(["--without-loglen not supported."])
568 [[0-9]]*) loglen=$with_loglen
570 *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"])
573 AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
574 AC_MSG_RESULT($loglen)
576 AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
577 AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [ignore '.' in the PATH])],
578 [case $with_ignore_dot in
583 *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."])
586 if test "$ignore_dot" = "on"; then
587 AC_DEFINE(IGNORE_DOT_PATH)
593 AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
594 AC_ARG_WITH(mail-if-no-user, [AS_HELP_STRING([--without-mail-if-no-user], [do not send mail if user not in sudoers])],
595 [case $with_mail_if_no_user in
600 *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."])
603 if test "$mail_no_user" = "on"; then
604 AC_DEFINE(SEND_MAIL_WHEN_NO_USER)
610 AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
611 AC_ARG_WITH(mail-if-no-host, [AS_HELP_STRING([--with-mail-if-no-host], [send mail if user in sudoers but not for this host])],
612 [case $with_mail_if_no_host in
617 *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."])
620 if test "$mail_no_host" = "on"; then
621 AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
627 AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
628 AC_ARG_WITH(mail-if-noperms, [AS_HELP_STRING([--with-mail-if-noperms], [send mail if user not allowed to run command])],
629 [case $with_mail_if_noperms in
634 *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."])
637 if test "$mail_noperms" = "on"; then
638 AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
644 AC_MSG_CHECKING(who should get the mail that sudo sends)
645 AC_ARG_WITH(mailto, [AS_HELP_STRING([--with-mailto], [who should get sudo mail (default is "root")])],
646 [case $with_mailto in
647 yes) AC_MSG_ERROR(["must give --with-mailto an argument."])
649 no) AC_MSG_ERROR(["--without-mailto not supported."])
651 *) mailto=$with_mailto
654 AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
655 AC_MSG_RESULT([$mailto])
657 AC_ARG_WITH(mailsubject, [AS_HELP_STRING([--with-mailsubject], [subject of sudo mail])],
658 [case $with_mailsubject in
659 yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."])
661 no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.])
663 *) mailsub="$with_mailsubject"
664 AC_MSG_CHECKING(sudo mail subject)
665 AC_MSG_RESULT([Using alert mail subject: $mailsub])
668 AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
670 AC_MSG_CHECKING(for bad password prompt)
671 AC_ARG_WITH(passprompt, [AS_HELP_STRING([--with-passprompt], [default password prompt])],
672 [case $with_passprompt in
673 yes) AC_MSG_ERROR(["must give --with-passprompt an argument."])
675 no) AC_MSG_WARN([Sorry, --without-passprompt not supported.])
677 *) passprompt="$with_passprompt"
679 AC_MSG_RESULT($passprompt)
680 AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
682 AC_MSG_CHECKING(for bad password message)
683 AC_ARG_WITH(badpass-message, [AS_HELP_STRING([--with-badpass-message], [message the user sees when the password is wrong])],
684 [case $with_badpass_message in
685 yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
687 no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.])
689 *) badpass_message="$with_badpass_message"
692 AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
693 AC_MSG_RESULT([$badpass_message])
695 AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
696 AC_ARG_WITH(fqdn, [AS_HELP_STRING([--with-fqdn], [expect fully qualified hosts in sudoers])],
702 *) AC_MSG_ERROR(["--with-fqdn does not take an argument."])
705 if test "$fqdn" = "on"; then
712 AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir], [path to the sudo timestamp dir])],
713 [case $with_timedir in
714 yes) AC_MSG_ERROR(["must give --with-timedir an argument."])
716 no) AC_MSG_ERROR(["--without-timedir not supported."])
720 AC_ARG_WITH(iologdir, [AS_HELP_STRING([--with-iologdir=DIR], [directory to store sudo I/O log files in])],
721 [case $with_iologdir in
726 AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail])
727 AS_HELP_STRING([--without-sendmail], [do not send mail at all])],
728 [case $with_sendmail in
729 yes) with_sendmail=""
732 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
736 AC_ARG_WITH(sudoers-mode, [AS_HELP_STRING([--with-sudoers-mode], [mode of sudoers file (defaults to 0440)])],
737 [case $with_sudoers_mode in
738 yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
740 no) AC_MSG_ERROR(["--without-sudoers-mode not supported."])
742 [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode}
744 0*) SUDOERS_MODE=$with_sudoers_mode
746 *) AC_MSG_ERROR(["you must use an octal mode, not a name."])
750 AC_ARG_WITH(sudoers-uid, [AS_HELP_STRING([--with-sudoers-uid], [uid that owns sudoers file (defaults to 0)])],
751 [case $with_sudoers_uid in
752 yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
754 no) AC_MSG_ERROR(["--without-sudoers-uid not supported."])
756 [[0-9]]*) SUDOERS_UID=$with_sudoers_uid
758 *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."])
762 AC_ARG_WITH(sudoers-gid, [AS_HELP_STRING([--with-sudoers-gid], [gid that owns sudoers file (defaults to 0)])],
763 [case $with_sudoers_gid in
764 yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
766 no) AC_MSG_ERROR(["--without-sudoers-gid not supported."])
768 [[0-9]]*) SUDOERS_GID=$with_sudoers_gid
770 *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."])
774 AC_MSG_CHECKING(for umask programs should be run with)
775 AC_ARG_WITH(umask, [AS_HELP_STRING([--with-umask], [umask with which the prog should run (default is 022)])
776 AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo.])],
778 yes) AC_MSG_ERROR(["must give --with-umask an argument."])
782 [[0-9]]*) sudo_umask=$with_umask
784 *) AC_MSG_ERROR(["you must enter a numeric mask."])
787 AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.])
788 if test "$sudo_umask" = "0777"; then
791 AC_MSG_RESULT($sudo_umask)
794 AC_MSG_CHECKING(for default user to run commands as)
795 AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])],
796 [case $with_runas_default in
797 yes) AC_MSG_ERROR(["must give --with-runas-default an argument."])
799 no) AC_MSG_ERROR(["--without-runas-default not supported."])
801 *) runas_default="$with_runas_default"
804 AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
805 AC_MSG_RESULT([$runas_default])
807 AC_ARG_WITH(exempt, [AS_HELP_STRING([--with-exempt=group], [no passwd needed for users in this group])],
808 [case $with_exempt in
809 yes) AC_MSG_ERROR(["must give --with-exempt an argument."])
811 no) AC_MSG_ERROR(["--without-exempt not supported."])
813 *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
814 AC_MSG_CHECKING(for group to be exempt from password)
815 AC_MSG_RESULT([$with_exempt])
819 AC_MSG_CHECKING(for editor that visudo should use)
820 AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for visudo (defaults to vi)])],
821 [case $with_editor in
822 yes) AC_MSG_ERROR(["must give --with-editor an argument."])
824 no) AC_MSG_ERROR(["--without-editor not supported."])
826 *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
827 AC_MSG_RESULT([$with_editor])
828 editor="$with_editor"
830 esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
832 AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
833 AC_ARG_WITH(env-editor, [AS_HELP_STRING([--with-env-editor], [Use the environment variable EDITOR for visudo])],
834 [case $with_env_editor in
839 *) AC_MSG_ERROR(["--with-env-editor does not take an argument."])
842 if test "$env_editor" = "on"; then
843 AC_DEFINE(ENV_EDITOR)
849 AC_MSG_CHECKING(number of tries a user gets to enter their password)
850 AC_ARG_WITH(passwd-tries, [AS_HELP_STRING([--with-passwd-tries], [number of tries to enter password (default is 3)])],
851 [case $with_passwd_tries in
853 no) AC_MSG_ERROR(["--without-editor not supported."])
855 [[1-9]]*) passwd_tries=$with_passwd_tries
857 *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"])
860 AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
861 AC_MSG_RESULT($passwd_tries)
863 AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
864 AC_ARG_WITH(timeout, [AS_HELP_STRING([--with-timeout], [minutes before sudo asks for passwd again (def is 5 minutes)])],
865 [case $with_timeout in
869 [[0-9]]*) timeout=$with_timeout
871 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
874 AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
875 AC_MSG_RESULT($timeout)
877 AC_MSG_CHECKING(time in minutes after the password prompt will time out)
878 AC_ARG_WITH(password-timeout, [AS_HELP_STRING([--with-password-timeout], [passwd prompt timeout in minutes (default is 5 minutes)])],
879 [case $with_password_timeout in
881 no) password_timeout=0
883 [[0-9]]*) password_timeout=$with_password_timeout
885 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
888 AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
889 AC_MSG_RESULT($password_timeout)
891 AC_MSG_CHECKING(whether to use per-tty ticket files)
892 AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different ticket file for each tty])],
893 [case $with_tty_tickets in
898 *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
901 if test "$tty_tickets" = "off"; then
902 AC_DEFINE(NO_TTY_TICKETS)
908 AC_MSG_CHECKING(whether to include insults)
909 AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for entering an incorrect password])],
910 [case $with_insults in
912 with_classic_insults=yes
913 with_csops_insults=yes
915 disabled) insults=off
916 with_classic_insults=yes
917 with_csops_insults=yes
921 *) AC_MSG_ERROR(["--with-insults does not take an argument."])
924 if test "$insults" = "on"; then
925 AC_DEFINE(USE_INSULTS)
931 AC_ARG_WITH(all-insults, [AS_HELP_STRING([--with-all-insults], [include all the sudo insult sets])],
932 [case $with_all_insults in
933 yes) with_classic_insults=yes
934 with_csops_insults=yes
936 with_goons_insults=yes
939 *) AC_MSG_ERROR(["--with-all-insults does not take an argument."])
943 AC_ARG_WITH(classic-insults, [AS_HELP_STRING([--with-classic-insults], [include the insults from the "classic" sudo])],
944 [case $with_classic_insults in
945 yes) AC_DEFINE(CLASSIC_INSULTS)
948 *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."])
952 AC_ARG_WITH(csops-insults, [AS_HELP_STRING([--with-csops-insults], [include CSOps insults])],
953 [case $with_csops_insults in
954 yes) AC_DEFINE(CSOPS_INSULTS)
957 *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."])
961 AC_ARG_WITH(hal-insults, [AS_HELP_STRING([--with-hal-insults], [include 2001-like insults])],
962 [case $with_hal_insults in
963 yes) AC_DEFINE(HAL_INSULTS)
966 *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."])
970 AC_ARG_WITH(goons-insults, [AS_HELP_STRING([--with-goons-insults], [include the insults from the "Goon Show"])],
971 [case $with_goons_insults in
972 yes) AC_DEFINE(GOONS_INSULTS)
975 *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."])
979 AC_ARG_WITH(nsswitch, [AS_HELP_STRING([--with-nsswitch[[=PATH]]], [path to nsswitch.conf])],
980 [case $with_nsswitch in
982 yes) with_nsswitch="/etc/nsswitch.conf"
987 AC_ARG_WITH(ldap, [AS_HELP_STRING([--with-ldap[[=DIR]]], [enable LDAP support])],
990 *) AC_DEFINE(HAVE_LDAP)
991 AC_MSG_CHECKING(whether to use sudoers from LDAP)
996 AC_ARG_WITH(ldap-conf-file, [AS_HELP_STRING([--with-ldap-conf-file], [path to LDAP configuration file])])
997 test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file"
998 SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$ldap_conf", [Path to the ldap.conf file])
1000 AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path to LDAP secret password file])])
1001 test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file"
1002 SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file])
1004 AC_ARG_WITH(pc-insults, [AS_HELP_STRING([--with-pc-insults], [replace politically incorrect insults with less offensive ones])],
1005 [case $with_pc_insults in
1006 yes) AC_DEFINE(PC_INSULTS)
1009 *) AC_MSG_ERROR(["--with-pc-insults does not take an argument."])
1013 dnl include all insult sets on one line
1014 if test "$insults" = "on"; then
1015 AC_MSG_CHECKING(which insult sets to include)
1017 test "$with_goons_insults" = "yes" && i="goons ${i}"
1018 test "$with_hal_insults" = "yes" && i="hal ${i}"
1019 test "$with_csops_insults" = "yes" && i="csops ${i}"
1020 test "$with_classic_insults" = "yes" && i="classic ${i}"
1024 AC_MSG_CHECKING(whether to override the user's path)
1025 AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])],
1026 [case $with_secure_path in
1027 yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc"
1028 AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
1029 AC_MSG_RESULT([$with_secure_path])
1030 secure_path="set to $with_secure_path"
1032 no) AC_MSG_RESULT(no)
1034 *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
1035 AC_MSG_RESULT([$with_secure_path])
1036 secure_path="set to F<$with_secure_path>"
1038 esac], AC_MSG_RESULT(no))
1040 AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
1041 AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-interfaces], [don't try to read the ip addr of ether interfaces])],
1042 [case $with_interfaces in
1043 yes) AC_MSG_RESULT(yes)
1045 no) AC_DEFINE(STUB_LOAD_INTERFACES)
1048 *) AC_MSG_ERROR(["--with-interfaces does not take an argument."])
1050 esac], AC_MSG_RESULT(yes))
1052 AC_MSG_CHECKING(whether stow should be used)
1053 AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [properly handle GNU stow packaging])],
1055 yes) AC_MSG_RESULT(yes)
1058 no) AC_MSG_RESULT(no)
1060 *) AC_MSG_ERROR(["--with-stow does not take an argument."])
1062 esac], AC_MSG_RESULT(no))
1064 AC_MSG_CHECKING(whether to use an askpass helper)
1065 AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])],
1066 [case $with_askpass in
1067 yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."])
1070 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass])
1072 esac], AC_MSG_RESULT(no))
1075 dnl If enabled, set LIBVAS_SO, LIBVAS_RPATH and USING_NONUNIX_GROUPS
1077 AC_ARG_WITH(libvas, [AS_HELP_STRING([--with-libvas=NAME], [Name of the libvas shared library (default=libvas.so)])],
1078 [case $with_libvas in
1079 yes) with_libvas=libvas.so
1082 *) AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_libvas"], [The name of libvas.so])
1085 if test X"$with_libvas" != X"no"; then
1086 AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_libvas"], [The name of libvas.so])
1087 AC_DEFINE(USING_NONUNIX_GROUPS)
1088 COMMON_OBJS="$COMMON_OBJS vasgroups.o"
1089 AC_ARG_WITH([libvas-rpath],
1090 [AS_HELP_STRING([--with-libvas-rpath=PATH],
1091 [Path to look for libvas in [default=/opt/quest/lib]])],
1092 [LIBVAS_RPATH=$withval],
1093 [LIBVAS_RPATH=/opt/quest/lib])
1095 dnl Some platforms require libdl for dlopen()
1097 AC_CHECK_LIB([dl], [main])
1102 dnl Options for --enable
1105 AC_MSG_CHECKING(whether to do user authentication by default)
1106 AC_ARG_ENABLE(authentication,
1107 [AS_HELP_STRING([--disable-authentication], [Do not require authentication by default])],
1108 [ case "$enableval" in
1109 yes) AC_MSG_RESULT(yes)
1111 no) AC_MSG_RESULT(no)
1112 AC_DEFINE(NO_AUTHENTICATION)
1114 *) AC_MSG_RESULT(no)
1115 AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval])
1118 ], AC_MSG_RESULT(yes))
1120 AC_MSG_CHECKING(whether to disable running the mailer as root)
1121 AC_ARG_ENABLE(root-mailer,
1122 [AS_HELP_STRING([--disable-root-mailer], [Don't run the mailer as root, run as the user])],
1123 [ case "$enableval" in
1124 yes) AC_MSG_RESULT(no)
1126 no) AC_MSG_RESULT(yes)
1127 AC_DEFINE(NO_ROOT_MAILER)
1129 *) AC_MSG_RESULT(no)
1130 AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval])
1133 ], AC_MSG_RESULT(no))
1135 AC_ARG_ENABLE(setreuid,
1136 [AS_HELP_STRING([--disable-setreuid], [Don't try to use the setreuid() function])],
1137 [ case "$enableval" in
1138 no) SKIP_SETREUID=yes
1144 AC_ARG_ENABLE(setresuid,
1145 [AS_HELP_STRING([--disable-setresuid], [Don't try to use the setresuid() function])],
1146 [ case "$enableval" in
1147 no) SKIP_SETRESUID=yes
1153 AC_MSG_CHECKING(whether to disable shadow password support)
1154 AC_ARG_ENABLE(shadow,
1155 [AS_HELP_STRING([--disable-shadow], [Never use shadow passwords])],
1156 [ case "$enableval" in
1157 yes) AC_MSG_RESULT(no)
1159 no) AC_MSG_RESULT(yes)
1162 *) AC_MSG_RESULT(no)
1163 AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval])
1166 ], AC_MSG_RESULT(no))
1168 AC_MSG_CHECKING(whether root should be allowed to use sudo)
1169 AC_ARG_ENABLE(root-sudo,
1170 [AS_HELP_STRING([--disable-root-sudo], [Don't allow root to run sudo])],
1171 [ case "$enableval" in
1172 yes) AC_MSG_RESULT(yes)
1174 no) AC_DEFINE(NO_ROOT_SUDO)
1178 *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."])
1181 ], AC_MSG_RESULT(yes))
1183 AC_MSG_CHECKING(whether to log the hostname in the log file)
1184 AC_ARG_ENABLE(log-host,
1185 [AS_HELP_STRING([--enable-log-host], [Log the hostname in the log file])],
1186 [ case "$enableval" in
1187 yes) AC_MSG_RESULT(yes)
1188 AC_DEFINE(HOST_IN_LOG)
1190 no) AC_MSG_RESULT(no)
1192 *) AC_MSG_RESULT(no)
1193 AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval])
1196 ], AC_MSG_RESULT(no))
1198 AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
1199 AC_ARG_ENABLE(noargs-shell,
1200 [AS_HELP_STRING([--enable-noargs-shell], [If sudo is given no arguments run a shell])],
1201 [ case "$enableval" in
1202 yes) AC_MSG_RESULT(yes)
1203 AC_DEFINE(SHELL_IF_NO_ARGS)
1205 no) AC_MSG_RESULT(no)
1207 *) AC_MSG_RESULT(no)
1208 AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval])
1211 ], AC_MSG_RESULT(no))
1213 AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
1214 AC_ARG_ENABLE(shell-sets-home,
1215 [AS_HELP_STRING([--enable-shell-sets-home], [Set $HOME to target user in shell mode])],
1216 [ case "$enableval" in
1217 yes) AC_MSG_RESULT(yes)
1218 AC_DEFINE(SHELL_SETS_HOME)
1220 no) AC_MSG_RESULT(no)
1222 *) AC_MSG_RESULT(no)
1223 AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval])
1226 ], AC_MSG_RESULT(no))
1228 AC_MSG_CHECKING(whether to disable 'command not found' messages)
1229 AC_ARG_ENABLE(path_info,
1230 [AS_HELP_STRING([--disable-path-info], [Print 'command not allowed' not 'command not found'])],
1231 [ case "$enableval" in
1232 yes) AC_MSG_RESULT(no)
1234 no) AC_MSG_RESULT(yes)
1235 AC_DEFINE(DONT_LEAK_PATH_INFO)
1238 *) AC_MSG_RESULT(no)
1239 AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval])
1242 ], AC_MSG_RESULT(no))
1244 AC_MSG_CHECKING(whether to enable environment debugging)
1245 AC_ARG_ENABLE(env_debug,
1246 [AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])],
1247 [ case "$enableval" in
1248 yes) AC_MSG_RESULT(yes)
1249 AC_DEFINE(ENV_DEBUG)
1251 no) AC_MSG_RESULT(no)
1253 *) AC_MSG_RESULT(no)
1254 AC_MSG_WARN([Ignoring unknown argument to --enable-env-debug: $enableval])
1257 ], AC_MSG_RESULT(no))
1259 AC_ARG_ENABLE(warnings,
1260 [AS_HELP_STRING([--enable-warnings], [Whether to enable compiler warnings])],
1261 [ case "$enableval" in
1262 yes) if test X"$with_devel" != X"yes" -a -n "$GCC"; then
1263 CFLAGS="${CFLAGS} -Wall"
1267 *) AC_MSG_WARN([Ignoring unknown argument to --enable-warnings: $enableval])
1272 AC_ARG_ENABLE(admin-flag,
1273 [AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])],
1274 [ case "$enableval" in
1275 yes) AC_DEFINE(USE_ADMIN_FLAG)
1278 *) AC_MSG_WARN([Ignoring unknown argument to --enable-admin-flag: $enableval])
1283 AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])],
1284 [case $with_selinux in
1285 yes) SELINUX_USAGE="[[-r role]] [[-t type]] "
1286 AC_DEFINE(HAVE_SELINUX)
1287 SUDO_LIBS="${SUDO_LIBS} -lselinux"
1288 SUDO_OBJS="${SUDO_OBJS} selinux.o"
1289 PROGS="${PROGS} sesh"
1291 AC_CHECK_LIB([selinux], [setkeycreatecon],
1292 [AC_DEFINE(HAVE_SETKEYCREATECON)])
1295 *) AC_MSG_ERROR(["--with-selinux does not take an argument."])
1300 dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default
1302 AC_ARG_ENABLE(gss_krb5_ccache_name,
1303 [AS_HELP_STRING([--enable-gss-krb5-ccache-name], [Use GSS-API to set the Kerberos V cred cache name])],
1304 [check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no])
1307 dnl C compiler checks
1309 AC_SEARCH_LIBS([strerror], [cposix])
1311 AC_CHECK_TOOL(AR, ar, false)
1312 AC_CHECK_TOOL(RANLIB, ranlib, :)
1315 dnl Libtool setup, we require libtool 2.2.6b or higher
1318 AC_CONFIG_MACRO_DIR([m4])
1323 dnl Defer with_noexec until after libtool magic runs
1325 if test "$enable_shared" = "no"; then
1328 eval _shrext="$shrext_cmds"
1330 AC_MSG_CHECKING(path to sudo_noexec.so)
1331 AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])],
1332 [case $with_noexec in
1333 yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
1337 esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
1338 AC_MSG_RESULT($with_noexec)
1339 NOEXECFILE="sudo_noexec$_shrext"
1340 NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
1343 dnl It is now safe to modify CFLAGS and CPPFLAGS
1345 if test X"$with_devel" = X"yes" -a -n "$GCC"; then
1346 CFLAGS="${CFLAGS} -Wall"
1350 dnl Find programs we use
1352 AC_CHECK_PROG(UNAMEPROG, [uname], [uname])
1353 AC_CHECK_PROG(TRPROG, [tr], [tr])
1354 AC_CHECK_PROGS(NROFFPROG, [nroff mandoc])
1355 if test -z "$NROFFPROG"; then
1357 mansrcdir='$(srcdir)'
1361 dnl What kind of beastie are we being run on?
1362 dnl Barf if config.cache was generated on another host.
1364 if test -n "$sudo_cv_prev_host"; then
1365 if test "$sudo_cv_prev_host" != "$host"; then
1366 AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
1368 AC_MSG_CHECKING(previous host type)
1369 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1370 AC_MSG_RESULT([$sudo_cv_prev_host])
1373 # this will produce no output since there is no cached value
1374 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1378 dnl We want to be able to differentiate between different rev's
1380 if test -n "$host_os"; then
1381 OS=`echo $host_os | sed 's/[[0-9]].*//'`
1382 OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'`
1383 OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
1392 # getcwd(3) opens a pipe to getpwd(1)!?!
1395 # system headers lack prototypes but gcc helps...
1396 if test -n "$GCC"; then
1397 OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
1400 shadow_funcs="getpwanam issecure"
1403 # To get the crypt(3) prototype (so we pass -Wall)
1404 OSDEFS="${OSDEFS} -D__EXTENSIONS__"
1405 # AFS support needs -lucb
1406 if test "$with_AFS" = "yes"; then
1407 AFS_LIBS="-lc -lucb"
1410 : ${mansectform='4'}
1411 : ${with_rpath='yes'}
1412 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1415 # To get all prototypes (so we pass -Wall)
1416 OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT"
1417 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
1418 if test X"$with_blibpath" != X"no"; then
1419 AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
1420 O_LDFLAGS="$LDFLAGS"
1421 LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
1422 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [
1423 if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
1424 blibpath="$with_blibpath"
1425 elif test -n "$GCC"; then
1426 blibpath="/usr/lib:/lib:/usr/local/lib"
1428 blibpath="/usr/lib:/lib"
1431 ], [AC_MSG_RESULT(no)])
1433 LDFLAGS="$O_LDFLAGS"
1435 # Use authenticate(3) as the default authentication method
1436 if test X"$with_aixauth" = X""; then
1437 AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
1440 # AIX analog of nsswitch.conf, enabled by default
1441 AC_ARG_WITH(netsvc, [AS_HELP_STRING([--with-netsvc[[=PATH]]], [path to netsvc.conf])],
1442 [case $with_netsvc in
1444 yes) with_netsvc="/etc/netsvc.conf"
1448 if test -z "$with_nsswitch" -a -z "$with_netsvc"; then
1449 with_netsvc="/etc/netsvc.conf"
1452 # AIX-specific functions
1453 AC_CHECK_FUNCS(getuserattr setauthdb)
1454 COMMON_OBJS="$COMMON_OBJS aix.o"
1458 : ${mansectform='4'}
1461 # AFS support needs -lBSD
1462 if test "$with_AFS" = "yes"; then
1463 AFS_LIBS="-lc -lBSD"
1466 : ${mansectform='4'}
1468 if test -z "$GCC"; then
1469 # HP-UX bundled compiler can't generate shared objects
1470 if -z "$pic_flag"; then
1474 # Use the +DAportable flag on hppa if it is supported
1478 CFLAGS="$CFLAGS +DAportable"
1479 AC_CACHE_CHECK([whether $CC understands +DAportable],
1480 [sudo_cv_var_daportable],
1482 [AC_LANG_PROGRAM([[]], [[]])],
1483 [sudo_cv_var_daportable=yes],
1484 [sudo_cv_var_daportable=no]
1488 if test X"$sudo_cv_var_daportable" != X"yes"; then
1497 AC_DEFINE(BROKEN_SYSLOG)
1499 # Not sure if setuid binaries are safe in < 9.x
1500 if test -n "$GCC"; then
1501 SUDO_LDFLAGS="${SUDO_LDFLAGS} -static"
1503 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive"
1507 AC_DEFINE(BROKEN_SYSLOG)
1509 shadow_funcs="getspwuid"
1511 # DCE support (requires ANSI C compiler)
1512 if test "$with_DCE" = "yes"; then
1513 # order of libs in 9.X is important. -lc_r must be last
1514 SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r"
1515 LIBS="${LIBS} -ldce -lM -lc_r"
1516 CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
1520 shadow_funcs="getprpwnam iscomsec"
1524 shadow_funcs="getspnam iscomsec"
1526 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1531 # ignore envariables wrt dynamic lib path
1532 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement"
1534 : ${CHECKSIA='true'}
1535 AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
1537 [AS_HELP_STRING([--disable-sia], [Disable SIA on Digital UNIX])],
1538 [ case "$enableval" in
1539 yes) AC_MSG_RESULT(no)
1542 no) AC_MSG_RESULT(yes)
1545 *) AC_MSG_RESULT(no)
1546 AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval])
1549 ], AC_MSG_RESULT(no))
1551 shadow_funcs="getprpwnam dispcrypt"
1552 # OSF/1 4.x and higher need -ldb too
1553 if test $OSMAJOR -lt 4; then
1554 shadow_libs="-lsecurity -laud -lm"
1556 shadow_libs="-lsecurity -ldb -laud -lm"
1559 # use SIA by default, if we have it
1560 test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
1563 # Some versions of Digital Unix ship with a broken
1564 # copy of prot.h, which we need for shadow passwords.
1565 # XXX - make should remove this as part of distclean
1567 AC_MSG_CHECKING([for broken prot.h])
1568 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1569 #include <sys/types.h>
1570 #include <sys/security.h>
1572 ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
1573 sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
1576 : ${mansectform='4'}
1579 OSDEFS="${OSDEFS} -D_BSD_TYPES"
1580 if test -z "$NROFFPROG"; then
1581 MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
1582 if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
1583 if test -d /usr/share/catman/local; then
1584 mandir="/usr/share/catman/local"
1586 mandir="/usr/catman/local"
1590 if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
1591 if test -d "/usr/share/man/local"; then
1592 mandir="/usr/share/man/local"
1594 mandir="/usr/man/local"
1598 # IRIX <= 4 needs -lsun
1599 if test "$OSMAJOR" -le 4; then
1600 AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
1603 : ${mansectform='4'}
1605 *-*-linux*|*-*-k*bsd*-gnu)
1606 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1607 # Some Linux versions need to link with -lshadow
1608 shadow_funcs="getspnam"
1609 shadow_libs_optional="-lshadow"
1610 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1613 OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
1614 if test -z "$GCC"; then
1615 CFLAGS="${CFLAGS} -D__STDC__"
1618 shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
1619 shadow_funcs="getprpwnam"
1620 shadow_libs="-lprot"
1624 shadow_funcs="getauthuid"
1625 shadow_libs="-lauth"
1628 LIBS="${LIBS} -lsun -lbsd"
1629 CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
1630 OSDEFS="${OSDEFS} -D_MIPS"
1632 : ${mansectform='4'}
1635 OSDEFS="${OSDEFS} -D_ISC"
1637 SUDO_LIBS="${SUDO_LIBS} -lcrypt"
1638 LIBS="${LIBS} -lcrypt"
1640 shadow_funcs="getspnam"
1644 : ${mansectform='4'}
1647 shadow_funcs="getprpwnam"
1648 shadow_libs="-lprot -lx"
1650 : ${mansectform='4'}
1652 m88k-motorola-sysv*)
1653 # motorolla's cc (a variant of gcc) does -O but not -O2
1654 CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
1656 : ${mansectform='4'}
1659 shadow_funcs="getspnam"
1662 : ${mansectform='4'}
1663 : ${with_rpath='yes'}
1665 *-ncr-sysv4*|*-ncr-sysvr4*)
1666 AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes])
1668 : ${mansectform='4'}
1669 : ${with_rpath='yes'}
1671 *-ccur-sysv4*|*-ccur-sysvr4*)
1672 LIBS="${LIBS} -lgen"
1673 SUDO_LIBS="${SUDO_LIBS} -lgen"
1675 : ${mansectform='4'}
1676 : ${with_rpath='yes'}
1680 # Use shlicc for BSD/OS [23].x unless asked to do otherwise
1681 if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then
1683 2|3) AC_MSG_NOTICE([using shlicc as CC])
1684 ac_cv_prog_CC=shlicc
1689 # Check for newer BSD auth API (just check for >= 3.0?)
1690 if test -z "$with_bsdauth"; then
1691 AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
1695 # FreeBSD has a real setreuid(2) starting with 2.1 and
1696 # backported to 2.0.5. We just take 2.1 and above...
1702 if test "$with_skey" = "yes"; then
1703 SUDO_LIBS="${SUDO_LIBS} -lmd"
1706 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1707 : ${with_logincap='maybe'}
1710 # OpenBSD has a real setreuid(2) starting with 3.3 but
1711 # we will use setreuid(2) instead.
1714 # OpenBSD >= 3.0 supports BSD auth
1715 if test -z "$with_bsdauth"; then
1720 AUTH_EXCL_DEF="BSD_AUTH"
1724 : ${with_logincap='maybe'}
1727 # NetBSD has a real setreuid(2) starting with 1.3.2
1729 0.9*|1.[012]*|1.3|1.3.1)
1734 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1735 : ${with_logincap='maybe'}
1738 if test "$with_skey" = "yes"; then
1739 SUDO_LIBS="${SUDO_LIBS} -lmd"
1742 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1743 : ${with_logincap='yes'}
1749 # Darwin has a real setreuid(2) starting with 9.0
1750 if test $OSMAJOR -lt 9; then
1754 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1755 : ${with_logincap='yes'}
1758 # lockf() on is broken on the NeXT -- use flock instead
1760 ac_cv_func_flock=yes
1764 : ${mansectform='4'}
1765 : ${with_rpath='yes'}
1769 : ${mansectform='4'}
1772 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1777 dnl Check for mixing mutually exclusive and regular auth methods
1779 AUTH_REG=${AUTH_REG# }
1780 AUTH_EXCL=${AUTH_EXCL# }
1781 if test -n "$AUTH_EXCL"; then
1783 if test $# != 1; then
1784 AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL])
1786 if test -n "$AUTH_REG"; then
1787 AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
1791 dnl Only one of S/Key and OPIE may be specified
1793 if test X"${with_skey}${with_opie}" = X"yesyes"; then
1794 AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
1798 dnl Use BSD-style man sections by default
1801 : ${mansectform='5'}
1804 dnl Add in any libpaths or libraries specified via configure
1806 if test -n "$with_libpath"; then
1807 for i in ${with_libpath}; do
1808 SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
1811 if test -n "$with_libraries"; then
1812 for i in ${with_libraries}; do
1824 dnl C compiler checks (to be done after os checks)
1826 AC_PROG_GCC_TRADITIONAL
1833 AC_PATH_PROG([FLEX], [flex], [flex])
1836 if test -z "$with_sendmail"; then
1839 if test -z "$with_editor"; then
1843 dnl Check for authpriv support in syslog
1845 AC_MSG_CHECKING(which syslog facility sudo should log with)
1846 if test X"$with_logfac" = X""; then
1847 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <syslog.h>]], [[int i = LOG_AUTHPRIV; (void)i;]])], [logfac=authpriv])
1849 AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
1850 AC_MSG_RESULT($logfac)
1852 dnl Header file checks
1857 AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h)
1858 AC_SYS_POSIX_TERMIOS
1859 if test "$ac_cv_sys_posix_termios" = "yes"; then
1860 AC_DEFINE(HAVE_TERMIOS_H)
1862 AC_CHECK_HEADERS(termio.h)
1865 if test ${with_logincap-'no'} != "no"; then
1866 AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1
1868 freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
1873 if test ${with_project-'no'} != "no"; then
1874 AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H)
1875 [SUDO_LIBS="${SUDO_LIBS} -lproject"], -)
1882 AC_CHECK_TYPE([__signed char], [], [AC_CHECK_TYPE([signed char], [AC_DEFINE(__signed, signed)], [AC_DEFINE(__signed, [])])])
1883 AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
1884 #include <signal.h>])
1885 AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include <sys/types.h>
1886 #include <signal.h>])
1887 AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include <sys/types.h>
1888 #if TIME_WITH_SYS_TIME
1889 # include <sys/time.h>
1892 AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include <sys/types.h>
1893 #include <netinet/in.h>])
1894 AC_TYPE_LONG_LONG_INT
1895 AC_CHECK_SIZEOF([long int])
1903 dnl only set RETSIGTYPE if it is not set already
1913 AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
1914 strftime setrlimit initgroups getgroups fstat gettimeofday \
1915 regcomp setlocale getaddrinfo setenv vhangup \
1916 mbr_check_membership setrlimit64)
1917 AC_CHECK_FUNCS(getline, [], [
1919 AC_CHECK_FUNCS(fgetln)
1921 AC_CHECK_FUNCS(setsid, [], [
1926 AC_CHECK_FUNCS(sysctl getutid getutxid, [break])
1928 AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(util.h pty.h, [break])], [
1929 AC_CHECK_LIB(util, openpty, [
1930 AC_CHECK_HEADERS(util.h pty.h, [break])
1931 SUDO_LIBS="${SUDO_LIBS} -lutil"
1932 AC_DEFINE(HAVE_OPENPTY)
1934 AC_CHECK_FUNCS(_getpty, [], [
1935 AC_CHECK_FUNCS(grantpt, [
1936 AC_CHECK_FUNCS(posix_openpt)
1938 AC_CHECK_FUNCS(revoke)
1943 AC_CHECK_FUNCS(unsetenv, SUDO_FUNC_UNSETENV_VOID)
1944 SUDO_FUNC_PUTENV_CONST
1945 if test -z "$SKIP_SETRESUID"; then
1946 AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
1948 if test -z "$SKIP_SETREUID"; then
1949 AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
1951 if test -z "$SKIP_SETEUID"; then
1952 AC_CHECK_FUNCS(seteuid)
1954 if test X"$with_interfaces" != X"no"; then
1955 AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
1957 if test -z "$BROKEN_GETCWD"; then
1958 AC_REPLACE_FUNCS(getcwd)
1960 AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h)
1961 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <glob.h>]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB)
1962 AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob)
1963 AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)])
1964 AC_CHECK_FUNCS(lockf flock, [break])
1965 AC_CHECK_FUNCS(waitpid wait3, [break])
1966 AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
1967 AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
1968 AC_CHECK_FUNCS(killpg, [], [AC_LIBOBJ(killpg)])
1969 SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)])
1971 AC_REPLACE_FUNCS(memrchr strerror strcasecmp sigaction strlcpy strlcat)
1972 AC_CHECK_FUNCS(nanosleep, [], [
1973 # On Solaris, nanosleep is in librt
1974 AC_CHECK_LIB(rt, nanosleep, [LIBS="${LIBS} -lrt"], [AC_LIBOBJ(nanosleep)])
1976 AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom)
1977 AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [],
1978 [ #include <limits.h>
1979 #include <fcntl.h> ])
1981 AC_CHECK_FUNCS(mkstemps, [], [SUDO_OBJS="${SUDO_OBJS} mkstemps.o"
1982 AC_CHECK_FUNCS(random lrand48, [break])
1984 AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
1985 if test X"$ac_cv_type_struct_timespec" != X"no"; then
1986 AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)]
1987 [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))],
1988 [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
1991 dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
1993 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1994 #include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1995 #include <$ac_header_dirent>]], [[DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);]])], [AC_DEFINE(HAVE_DD_FD)], [])])
1997 dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
1998 dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
2000 if test -n "$NEED_SNPRINTF"; then
2004 dnl If socket(2) not in libc, check -lsocket and -linet
2005 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
2006 dnl In this case we look for main(), not socket() to avoid using a cached value
2008 AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl)
2009 AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))])
2011 dnl If inet_addr(3) not in libc, check -lnsl and -linet
2012 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
2014 AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl)
2015 AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))])
2017 dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
2019 AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))])
2021 dnl Check for getprogname() or __progname
2023 AC_CHECK_FUNCS(getprogname, , [
2024 AC_MSG_CHECKING([for __progname])
2025 AC_CACHE_VAL(sudo_cv___progname, [
2026 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
2027 if test "$sudo_cv___progname" = "yes"; then
2028 AC_DEFINE(HAVE___PROGNAME)
2030 AC_LIBOBJ(getprogname)
2032 AC_MSG_RESULT($sudo_cv___progname)
2036 dnl Check for strsignal() or sys_siglist
2038 AC_CHECK_FUNCS(strsignal, [], [
2039 AC_LIBOBJ(strsignal)
2040 HAVE_SIGLIST="false"
2041 AC_CHECK_DECLS([sys_siglist, _sys_siglist, __sys_siglist], [
2048 if test "$HAVE_SIGLIST" != "true"; then
2054 dnl nsswitch.conf and its equivalents
2056 if test ${with_netsvc-"no"} != "no"; then
2057 SUDO_DEFINE_UNQUOTED(_PATH_NETSVC_CONF, "${with_netsvc-/etc/netsvc.conf}")
2058 netsvc_conf=${with_netsvc-/etc/netsvc.conf}
2059 elif test ${with_nsswitch-"yes"} != "no"; then
2060 SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}")
2061 nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf}
2065 dnl Mutually exclusive auth checks come first, followed by
2066 dnl non-exclusive ones. Note: passwd must be last of all!
2070 dnl Convert default authentication methods to with_* if
2071 dnl no explicit authentication scheme was specified.
2073 if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
2074 for auth in $AUTH_EXCL_DEF; do
2076 AIX_AUTH) with_aixauth=maybe;;
2077 BSD_AUTH) with_bsdauth=maybe;;
2078 PAM) with_pam=maybe;;
2079 SIA) CHECKSIA=true;;
2085 dnl PAM support. Systems that use PAM by default set with_pam=default
2086 dnl and we do the actual tests here.
2088 if test ${with_pam-"no"} != "no"; then
2090 dnl Some platforms need libdl for dlopen
2093 *-ldl*) SUDO_LIBS="${SUDO_LIBS} -lpam"
2095 *) AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"])
2096 ac_cv_lib_dl=ac_cv_lib_dl_main
2101 dnl Some PAM implementations (MacOS X for example) put the PAM headers
2102 dnl in /usr/include/pam instead of /usr/include/security...
2104 AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break])
2105 if test "$with_pam" = "yes"; then
2107 AUTH_OBJS="$AUTH_OBJS pam.o";
2110 AC_ARG_WITH(pam-login, [AS_HELP_STRING([--with-pam-login], [enable specific PAM session for sudo -i])],
2111 [case $with_pam_login in
2112 yes) AC_DEFINE([HAVE_PAM_LOGIN])
2113 AC_MSG_CHECKING(whether to use PAM login)
2117 *) AC_MSG_ERROR(["--with-pam-login does not take an argument."])
2121 AC_MSG_CHECKING(whether to use PAM session support)
2122 AC_ARG_ENABLE(pam_session,
2123 [AS_HELP_STRING([--disable-pam-session], [Disable PAM session support])],
2124 [ case "$enableval" in
2125 yes) AC_MSG_RESULT(yes)
2127 no) AC_MSG_RESULT(no)
2128 AC_DEFINE([NO_PAM_SESSION], [], [PAM session support disabled])
2130 *) AC_MSG_RESULT(no)
2131 AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
2133 esac], AC_MSG_RESULT(yes))
2136 *-*-linux*|*-*-solaris*)
2137 # dgettext() may be defined to dgettext_libintl in the
2138 # header file, so first check that it links w/ additional
2139 # libs, then try with -lintl
2140 AC_LINK_IFELSE([AC_LANG_PROGRAM(
2141 [[#include <libintl.h>]], [(void)dgettext((char *)0, (char *)0);])],
2142 [AC_DEFINE(HAVE_DGETTEXT)],
2143 [AC_CHECK_LIB(intl, dgettext, [LIBS="${LIBS} -lintl"]
2144 [AC_DEFINE(HAVE_DGETTEXT)])])
2151 dnl AIX general authentication
2152 dnl If set to "maybe" only enable if no other exclusive method in use.
2154 if test ${with_aixauth-'no'} != "no"; then
2155 if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
2156 AC_MSG_NOTICE([using AIX general authentication])
2157 AC_DEFINE(HAVE_AIXAUTH)
2158 AUTH_OBJS="$AUTH_OBJS aix_auth.o";
2159 SUDO_LIBS="${SUDO_LIBS} -ls"
2165 dnl BSD authentication
2166 dnl If set to "maybe" only enable if no other exclusive method in use.
2168 if test ${with_bsdauth-'no'} != "no"; then
2169 AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
2170 [AUTH_OBJS="$AUTH_OBJS bsdauth.o"]
2171 [BSDAUTH_USAGE='[[-a auth_type]] ']
2172 [AUTH_EXCL=BSD_AUTH; BAMAN=1],
2173 [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
2177 dnl SIA authentication for Tru64 Unix
2179 if test ${CHECKSIA-'false'} = "true"; then
2180 AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
2181 if test "$found" = "true"; then
2183 AUTH_OBJS="$AUTH_OBJS sia.o"
2188 dnl extra FWTK libs + includes
2190 if test ${with_fwtk-'no'} != "no"; then
2191 if test "$with_fwtk" != "yes"; then
2192 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}])
2193 CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
2196 SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall"
2197 AUTH_OBJS="$AUTH_OBJS fwtk.o"
2201 dnl extra SecurID lib + includes
2203 if test ${with_SecurID-'no'} != "no"; then
2204 if test "$with_SecurID" != "yes"; then
2206 elif test -d /usr/ace/examples; then
2207 with_SecurID=/usr/ace/examples
2209 with_SecurID=/usr/ace
2211 CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
2212 _LDFLAGS="${LDFLAGS}"
2213 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
2215 # Determine whether to use the new or old SecurID API
2217 AC_CHECK_LIB(aceclnt, SD_Init,
2219 AUTH_OBJS="$AUTH_OBJS securid5.o";
2220 SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"
2223 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}])
2225 AUTH_OBJS="$AUTH_OBJS securid.o";
2226 SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a"
2232 LDFLAGS="${_LDFLAGS}"
2236 dnl Non-mutually exclusive auth checks come next.
2237 dnl Note: passwd must be last of all!
2241 dnl Convert default authentication methods to with_* if
2242 dnl no explicit authentication scheme was specified.
2244 if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
2245 for auth in $AUTH_DEF; do
2247 passwd) : ${with_passwd='maybe'};;
2255 if test ${with_kerb4-'no'} != "no"; then
2256 AC_DEFINE(HAVE_KERB4)
2258 dnl Use the specified directory, if any, else search for correct inc dir
2260 O_LDFLAGS="$LDFLAGS"
2261 if test "$with_kerb4" = "yes"; then
2263 O_CPPFLAGS="$CPPFLAGS"
2264 for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
2265 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
2266 AC_PREPROC_IFELSE([#include <krb.h>], [found=yes; break])
2268 test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
2270 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib])
2271 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib])
2272 CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
2273 AC_CHECK_HEADER([krb.h], [found=yes], [found=no])
2275 if test X"$found" = X"no"; then
2276 AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
2280 dnl Check for -ldes vs. -ldes425
2282 AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [
2283 AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""])
2286 dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV
2288 AC_MSG_CHECKING(whether we are using KTH Kerberos IV)
2289 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]], [[const char *tmp = krb4_version;]])], [
2291 K4LIBS="${K4LIBS} -lcom_err"
2292 AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"])
2298 dnl The actual Kerberos IV lib might be -lkrb or -lkrb4
2300 AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [
2301 AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"],
2302 [K4LIBS="-lkrb $K4LIBS"]
2303 [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])]
2306 LDFLAGS="$O_LDFLAGS"
2307 SUDO_LIBS="${SUDO_LIBS} $K4LIBS"
2308 AUTH_OBJS="$AUTH_OBJS kerb4.o"
2313 dnl There is an easy way and a hard way...
2315 if test ${with_kerb5-'no'} != "no"; then
2316 AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
2317 if test -n "$KRB5CONFIG"; then
2318 AC_DEFINE(HAVE_KERB5)
2319 AUTH_OBJS="$AUTH_OBJS kerb5.o"
2320 CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
2321 SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`"
2323 dnl Try to determine whether we have Heimdal or MIT Kerberos
2325 AC_MSG_CHECKING(whether we are using Heimdal)
2326 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2328 AC_DEFINE(HAVE_HEIMDAL)
2335 if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then
2336 AC_DEFINE(HAVE_KERB5)
2338 dnl Use the specified directory, if any, else search for correct inc dir
2340 if test "$with_kerb5" = "yes"; then
2342 O_CPPFLAGS="$CPPFLAGS"
2343 for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
2344 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
2345 AC_PREPROC_IFELSE([#include <krb5.h>], [found=yes; break])
2347 if test X"$found" = X"no"; then
2348 CPPFLAGS="$O_CPPFLAGS"
2349 AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
2352 dnl XXX - try to include krb5.h here too
2353 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib])
2354 CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
2358 dnl Try to determine whether we have Heimdal or MIT Kerberos
2360 AC_MSG_CHECKING(whether we are using Heimdal)
2361 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2363 AC_DEFINE(HAVE_HEIMDAL)
2364 # XXX - need to check whether -lcrypo is needed!
2365 SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
2366 AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"])
2369 SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
2370 AC_CHECK_LIB(krb5support, main, [SUDO_LIBS="${SUDO_LIBS} -lkrb5support"])
2372 AUTH_OBJS="$AUTH_OBJS kerb5.o"
2374 LIBS="${LIBS} ${SUDO_LIBS}"
2375 AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
2376 AC_CHECK_FUNCS(krb5_get_init_creds_opt_alloc, [
2377 AC_CACHE_CHECK([whether krb5_get_init_creds_opt_free takes a context],
2378 sudo_cv_krb5_get_init_creds_opt_free_two_args, [
2381 [[#include <krb5.h>]],
2382 [[krb5_get_init_creds_opt_free(NULL, NULL);]]
2384 [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes],
2385 [sudo_cv_krb5_get_init_creds_opt_free_two_args=no]
2390 if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then
2391 AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS)
2397 dnl extra AFS libs and includes
2399 if test ${with_AFS-'no'} = "yes"; then
2401 # looks like the "standard" place for AFS libs is /usr/afsws/lib
2402 AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
2403 for i in $AFSLIBDIRS; do
2404 if test -d ${i}; then
2405 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i])
2406 FOUND_AFSLIBDIR=true
2409 if test -z "$FOUND_AFSLIBDIR"; then
2410 AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.])
2413 # Order is important here. Note that we build AFS_LIBS from right to left
2414 # since AFS_LIBS may be initialized with BSD compat libs that must go last
2415 AFS_LIBS="-laudit ${AFS_LIBS}"
2416 for i in $AFSLIBDIRS; do
2417 if test -f ${i}/util.a; then
2418 AFS_LIBS="${i}/util.a ${AFS_LIBS}"
2423 if test -z "$FOUND_UTIL_A"; then
2424 AFS_LIBS="-lutil ${AFS_LIBS}"
2426 AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
2428 # AFS includes may live in /usr/include on some machines...
2429 for i in /usr/afsws/include; do
2430 if test -d ${i}; then
2431 CPPFLAGS="${CPPFLAGS} -I${i}"
2432 FOUND_AFSINCDIR=true
2436 if test -z "$FOUND_AFSLIBDIR"; then
2437 AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
2440 AUTH_OBJS="$AUTH_OBJS afs.o"
2444 dnl extra DCE obj + lib
2445 dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
2447 if test ${with_DCE-'no'} = "yes"; then
2448 DCE_OBJS="${DCE_OBJS} dce_pwent.o"
2449 SUDO_LIBS="${SUDO_LIBS} -ldce"
2450 AUTH_OBJS="$AUTH_OBJS dce.o"
2454 dnl extra S/Key lib and includes
2456 if test ${with_skey-'no'} = "yes"; then
2457 O_LDFLAGS="$LDFLAGS"
2458 if test "$with_skey" != "yes"; then
2459 CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
2460 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
2461 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib])
2462 AC_PREPROC_IFELSE([#include <skey.h>], [found=yes], [found=no])
2465 O_CPPFLAGS="$CPPFLAGS"
2466 for dir in "" "/usr/local" "/usr/contrib"; do
2467 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2468 AC_PREPROC_IFELSE([#include <skey.h>], [found=yes; break])
2470 if test "$found" = "no" -o -z "$dir"; then
2471 CPPFLAGS="$O_CPPFLAGS"
2473 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2474 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
2477 if test "$found" = "no"; then
2478 AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
2480 AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])])
2481 AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
2482 LDFLAGS="$O_LDFLAGS"
2483 SUDO_LIBS="${SUDO_LIBS} -lskey"
2484 AUTH_OBJS="$AUTH_OBJS rfc1938.o"
2488 dnl extra OPIE lib and includes
2490 if test ${with_opie-'no'} = "yes"; then
2491 O_LDFLAGS="$LDFLAGS"
2492 if test "$with_opie" != "yes"; then
2493 CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
2494 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
2495 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib])
2496 AC_PREPROC_IFELSE([#include <opie.h>], [found=yes], [found=no])
2499 O_CPPFLAGS="$CPPFLAGS"
2500 for dir in "" "/usr/local" "/usr/contrib"; do
2501 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2502 AC_PREPROC_IFELSE([#include <opie.h>], [found=yes; break])
2504 if test "$found" = "no" -o -z "$dir"; then
2505 CPPFLAGS="$O_CPPFLAGS"
2507 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2508 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
2511 if test "$found" = "no"; then
2512 AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
2514 AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])])
2515 LDFLAGS="$O_LDFLAGS"
2516 SUDO_LIBS="${SUDO_LIBS} -lopie"
2517 AUTH_OBJS="$AUTH_OBJS rfc1938.o"
2521 dnl Check for shadow password routines if we have not already done so.
2522 dnl If there is a specific list of functions to check we do that first.
2523 dnl Otherwise, we check for SVR4-style and then SecureWare-style.
2525 if test ${with_passwd-'no'} != "no"; then
2527 dnl if crypt(3) not in libc, look elsewhere
2529 if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then
2530 AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2533 if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
2535 LIBS="$LIBS $shadow_libs"
2537 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2538 if test "$found" = "yes"; then
2539 SUDO_LIBS="$SUDO_LIBS $shadow_libs"
2540 elif test -n "$shadow_libs_optional"; then
2541 LIBS="$LIBS $shadow_libs_optional"
2542 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2543 if test "$found" = "yes"; then
2544 SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional"
2547 if test "$found" = "yes"; then
2548 case "$shadow_funcs" in
2549 *getprpwnam*) SECUREWARE=1;;
2551 test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
2557 if test "$CHECKSHADOW" = "true"; then
2558 AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2560 if test "$CHECKSHADOW" = "true"; then
2561 AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2563 if test -n "$SECUREWARE"; then
2564 AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
2565 AUTH_OBJS="$AUTH_OBJS secureware.o"
2570 dnl extra lib and .o file for LDAP support
2572 if test ${with_ldap-'no'} != "no"; then
2574 if test "$with_ldap" != "yes"; then
2575 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib])
2576 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
2577 CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
2580 SUDO_OBJS="${SUDO_OBJS} ldap.o"
2583 AC_MSG_CHECKING([for LDAP libraries])
2587 for l in -lldap -llber '-lssl -lcrypto'; do
2589 LDAP_LIBS="${LDAP_LIBS} $l"
2590 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2592 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
2594 dnl if nothing linked just try with -lldap
2595 if test "$found" = "no"; then
2596 LIBS="${_LIBS} -lldap"
2598 AC_MSG_RESULT([not found, using -lldap])
2600 AC_MSG_RESULT([$LDAP_LIBS])
2602 dnl check if we need to link with -llber for ber_set_option
2604 AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
2605 if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
2606 LDAP_LIBS="$LDAP_LIBS -llber"
2608 dnl check if ldap.h includes lber.h for us
2609 AC_MSG_CHECKING([whether lber.h is needed])
2610 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2611 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
2612 AC_MSG_RESULT([yes])
2613 AC_DEFINE(HAVE_LBER_H)])
2615 AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)], [break])
2616 AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
2617 AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_search_ext_s ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_client_init ldap_start_tls_s_np)
2619 if test X"$check_gss_krb5_ccache_name" = X"yes"; then
2620 AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,
2621 AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
2622 [LDAP_LIBS="${LDAP_LIBS} -lgssapi"],
2623 AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,
2624 AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
2625 [LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"])
2628 # gssapi headers may be separate or part of Kerberos V
2630 O_CPPFLAGS="$CPPFLAGS"
2631 for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do
2632 test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
2633 AC_PREPROC_IFELSE([#include <gssapi/gssapi.h>], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([#include <gssapi.h>], [found="gssapi.h"; break])])
2635 if test X"$found" != X"no"; then
2636 AC_CHECK_HEADERS([$found])
2637 if test X"$found" = X"gssapi/gssapi.h"; then
2638 AC_CHECK_HEADERS([gssapi/gssapi_krb5.h])
2641 CPPFLAGS="$O_CPPFLAGS"
2642 AC_MSG_WARN([Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS])
2646 SUDO_LIBS="${SUDO_LIBS} ${LDAP_LIBS}"
2652 dnl Add LIBVAS_RPATH to LDFLAGS
2653 dnl GNU ld accepts -R/path/ as an alias for -rpath /path/
2655 if test X"$LIBVAS_RPATH" != X""; then
2656 if test -n "$blibpath"; then
2657 blibpath_add="${blibpath_add}:$LIBVAS_RPATH"
2660 *-*-hpux*) LDFLAGS="$LDFLAGS -Wl,+b,$LIBVAS_RPATH"
2662 *) LDFLAGS="$LDFLAGS -Wl,-R$LIBVAS_RPATH"
2669 dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we
2670 dnl added -L dirpaths to SUDO_LDFLAGS.
2672 if test -n "$blibpath"; then
2673 if test -n "$blibpath_add"; then
2674 SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
2675 elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
2676 SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}"
2681 dnl Check for log file, timestamp and iolog locations
2688 dnl If I/O logging is enabled, build sudoreplay and exec_pty get_pty.o iolog.o
2690 if test "${with_iologdir-yes}" != "no"; then
2691 # Require POSIX job control for I/O log support
2692 AC_CHECK_FUNCS(tcsetpgrp, [
2693 SUDO_OBJS="${SUDO_OBJS} exec_pty.o get_pty.o iolog.o"
2694 PROGS="$PROGS sudoreplay"
2698 [AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])],
2699 [ case "$enable_zlib" in
2700 yes) AC_DEFINE(HAVE_ZLIB_H)
2704 *) AC_DEFINE(HAVE_ZLIB_H)
2705 CPPFLAGS="${CPPFLAGS} -I${enable_zlib}/include"
2706 SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib])
2711 if test X"$enable_zlib" = X""; then
2712 AC_CHECK_LIB(z, gzdopen, [
2713 AC_CHECK_HEADERS(zlib.h, [ZLIB="-lz"])
2717 AC_MSG_WARN([Disabling I/O log support due to lack of tcsetpgrp function])
2723 dnl Use passwd (and secureware) auth modules?
2725 case "$with_passwd" in
2727 AUTH_OBJS="$AUTH_OBJS passwd.o"
2730 AC_DEFINE(WITHOUT_PASSWD)
2731 if test -z "$AUTH_OBJS"; then
2732 AC_MSG_ERROR([no authentication methods defined.])
2736 AUTH_OBJS=${AUTH_OBJS# }
2737 _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'`
2738 AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
2741 dnl LIBS may contain duplicates from SUDO_LIBS or NET_LIBS so prune it.
2743 if test -n "$LIBS"; then
2748 for sl in ${SUDO_LIBS} ${NET_LIBS}; do
2749 test $l = $sl && dupe=1
2751 test $dupe = 0 && LIBS="${LIBS} $l"
2758 test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
2761 dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
2762 dnl XXX - this is gross!
2764 if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
2765 oexec_prefix="$exec_prefix"
2766 if test "$exec_prefix" = '$(prefix)'; then
2767 if test "$prefix" = "NONE"; then
2768 exec_prefix="$ac_default_prefix"
2770 exec_prefix="$prefix"
2773 if test X"$with_noexec" != X"no"; then
2774 PROGS="${PROGS} libsudo_noexec.la"
2775 INSTALL_NOEXEC="install-noexec"
2777 eval noexec_file="$with_noexec"
2778 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
2780 if test X"$with_selinux" != X"no"; then
2781 eval sesh_file="$libexecdir/sesh"
2782 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
2784 exec_prefix="$oexec_prefix"
2788 dnl Override default configure dirs for the Makefile
2790 if test X"$prefix" = X"NONE"; then
2791 test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
2793 test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man'
2795 test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
2796 test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
2797 test "$libexecdir" = '${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec'
2798 test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include'
2799 test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share'
2800 test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
2801 test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
2804 dnl Substitute into the Makefile and man pages
2806 AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudoreplay.man sudo_usage.h sudoers])
2810 dnl Spew any text the user needs to know about
2812 if test "$with_pam" = "yes"; then
2815 AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
2821 dnl Autoheader templates
2823 AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
2824 AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
2825 AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
2826 AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
2827 AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
2828 AH_TEMPLATE(ENV_DEBUG, [Define to 1 to enable environment function debugging.])
2829 AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
2830 AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
2831 AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
2832 AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
2833 AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
2834 AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
2835 AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM audit support.])
2836 AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
2837 AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
2838 AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
2839 AH_TEMPLATE(HAVE_DGETTEXT, [Define to 1 if you have the `dgettext' function.])
2840 AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
2841 AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.])
2842 AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
2843 AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
2844 AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
2845 AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)])
2846 AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)])
2847 AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
2848 AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
2849 AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
2850 AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.])
2851 AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
2852 AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if <netinet/in.h> contains struct in6_addr.])
2853 AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
2854 AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
2855 AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.])
2856 AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
2857 AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.])
2858 AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.])
2859 AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.])
2860 AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.])
2861 AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
2862 AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
2863 AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.])
2864 AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
2865 AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
2866 AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.])
2867 AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
2868 AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
2869 AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.])
2870 AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.])
2871 AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
2872 AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
2873 AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
2874 AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union])
2875 AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
2876 AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
2877 AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.])
2878 AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h])
2879 AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
2880 AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
2881 AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
2882 AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
2883 AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
2884 AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
2885 AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
2886 AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support])
2887 AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
2888 AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
2889 AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.])
2890 AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
2891 AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
2892 AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
2893 AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
2894 AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
2895 AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
2896 AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
2897 AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
2898 AH_TEMPLATE(USE_ADMIN_FLAG, [Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo.])
2899 AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
2900 AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
2901 AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
2902 AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
2903 AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.])
2904 AH_TEMPLATE(USING_NONUNIX_GROUPS, [Define to 1 if using a non-Unix group lookup implementation.])
2907 dnl Bits to copy verbatim into config.h.in
2909 AH_TOP([#ifndef _SUDO_CONFIG_H
2910 #define _SUDO_CONFIG_H])
2913 * Macros to convert ctime and mtime into timevals.
2915 #define timespec2timeval(_ts, _tv) do { \
2916 (_tv)->tv_sec = (_ts)->tv_sec; \
2917 (_tv)->tv_usec = (_ts)->tv_nsec / 1000; \
2921 # ifdef HAVE_ST__TIM
2922 # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim.st__tim, (_y))
2923 # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim.st__tim, (_y))
2925 # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim, (_y))
2926 # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim, (_y))
2929 # ifdef HAVE_ST_MTIMESPEC
2930 # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctimespec, (_y))
2931 # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtimespec, (_y))
2933 # define ctim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_ctime; (_y)->tv_usec = 0; } while (0)
2934 # define mtim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_mtime; (_y)->tv_usec = 0; } while (0)
2935 # endif /* HAVE_ST_MTIMESPEC */
2936 #endif /* HAVE_ST_MTIM */
2939 * Emulate a subset of waitpid() if we don't have it.
2942 # define sudo_waitpid(p, s, o) waitpid(p, s, o)
2945 # define sudo_waitpid(p, s, o) wait3(s, o, NULL)
2949 /* GNU stow needs /etc/sudoers to be a symlink. */
2951 # define stat_sudoers stat
2953 # define stat_sudoers lstat
2956 /* Macros to set/clear/test flags. */
2958 #define SET(t, f) ((t) |= (f))
2960 #define CLR(t, f) ((t) &= ~(f))
2962 #define ISSET(t, f) ((t) & (f))
2964 /* New ANSI-style OS defs for HP-UX and ConvexOS. */
2965 #if defined(hpux) && !defined(__hpux)
2969 #if defined(convex) && !defined(__convex__)
2970 # define __convex__ 1
2973 /* BSD compatibility on some SVR4 systems. */
2976 #endif /* __svr4__ */
2978 #endif /* _SUDO_CONFIG_H */])