2 dnl Process this file with GNU autoconf to produce a configure script.
3 dnl $Sudo: configure.in,v 1.413.2.49 2008/03/23 14:22:33 millert Exp $
5 dnl Copyright (c) 1994-1996,1998-2007 Todd C. Miller <Todd.Miller@courtesan.com>
7 AC_INIT([sudo], [1.6.9])
8 AC_CONFIG_HEADER(config.h pathnames.h)
10 dnl This won't work before AC_INIT
12 AC_MSG_NOTICE([Configuring Sudo version 1.6.9])
14 dnl Variables that get substituted in the Makefile and man pages
21 AC_SUBST(SUDO_LDFLAGS)
27 AC_SUBST(GETGROUPS_LIB)
31 AC_SUBST(MAN_POSTINSTALL)
32 AC_SUBST(SUDOERS_MODE)
46 AC_SUBST(INSTALL_NOEXEC)
47 AC_SUBST(DONT_LEAK_PATH_INFO)
49 dnl Variables that get substituted in docs (not overridden by environment)
51 AC_SUBST(timedir)dnl initial value from SUDO_TIMEDIR
53 AC_SUBST(password_timeout)
56 AC_SUBST(long_otp_prompt)
63 AC_SUBST(mail_no_user)
64 AC_SUBST(mail_no_host)
65 AC_SUBST(mail_no_perms)
68 AC_SUBST(badpass_message)
70 AC_SUBST(runas_default)
72 AC_SUBST(passwd_tries)
78 dnl Initial values for above
83 passprompt="Password:"
95 mailsub='*** SECURITY information for %h ***'
96 badpass_message='Sorry, try again.'
107 dnl Initial values for Makefile variables listed above
108 dnl May be overridden by environment variables..
113 : ${SUDOERS_MODE='0440'}
134 shadow_libs_optional=
137 dnl Override default configure dirs...
139 if test X"$prefix" = X"NONE"; then
140 test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
142 test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man'
144 test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
145 test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
146 test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
149 dnl Deprecated --with options (these all warn or generate an error)
152 AC_ARG_WITH(otp-only, [ --with-otp-only deprecated],
153 [case $with_otp_only in
154 yes) with_passwd="no"
155 AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
159 AC_ARG_WITH(alertmail, [ --with-alertmail deprecated],
160 [case $with_alertmail in
161 *) with_mailto="$with_alertmail"
162 AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
167 dnl Options for --with
170 AC_ARG_WITH(CC, [ --with-CC C compiler to use],
172 yes) AC_MSG_ERROR(["must give --with-CC an argument."])
174 no) AC_MSG_ERROR(["illegal argument: --without-CC."])
180 AC_ARG_WITH(rpath, [ --with-rpath pass -R flag in addition to -L for lib paths],
183 *) AC_MSG_ERROR(["--with-rpath does not take an argument."])
187 AC_ARG_WITH(blibpath, [ --with-blibpath[=PATH] pass -blibpath flag to ld for additional lib paths],
188 [case $with_blibpath in
190 *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
194 AC_ARG_WITH(incpath, [ --with-incpath additional places to look for include files],
195 [case $with_incpath in
196 yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
198 no) AC_MSG_ERROR(["--without-incpath not supported."])
200 *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
201 for i in ${with_incpath}; do
202 CPPFLAGS="${CPPFLAGS} -I${i}"
207 AC_ARG_WITH(libpath, [ --with-libpath additional places to look for libraries],
208 [case $with_libpath in
209 yes) AC_MSG_ERROR(["must give --with-libpath an argument."])
211 no) AC_MSG_ERROR(["--without-libpath not supported."])
213 *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS])
217 AC_ARG_WITH(libraries, [ --with-libraries additional libraries to link with],
218 [case $with_libraries in
219 yes) AC_MSG_ERROR(["must give --with-libraries an argument."])
221 no) AC_MSG_ERROR(["--without-libraries not supported."])
223 *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS])
227 AC_ARG_WITH(devel, [ --with-devel add development options],
229 yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
230 PROGS="${PROGS} testsudoers"
231 OSDEFS="${OSDEFS} -DSUDO_DEVEL"
235 *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
239 AC_ARG_WITH(efence, [ --with-efence link with -lefence for malloc() debugging],
240 [case $with_efence in
241 yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
242 LIBS="${LIBS} -lefence"
243 if test -f /usr/local/lib/libefence.a; then
244 with_libpath="${with_libpath} /usr/local/lib"
248 *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence])
252 AC_ARG_WITH(csops, [ --with-csops add CSOps standard options],
254 yes) AC_MSG_NOTICE([Adding CSOps standard options])
258 with_classic_insults=yes
259 with_csops_insults=yes
265 *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
269 AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for authentication],
270 [case $with_passwd in
271 yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
272 AC_MSG_RESULT($with_passwd)
274 test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
276 *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
280 AC_ARG_WITH(skey, [ --with-skey[=DIR] enable S/Key support ],
284 *) AC_DEFINE(HAVE_SKEY)
285 AC_MSG_CHECKING(whether to try S/Key authentication)
287 AUTH_REG="$AUTH_REG S/Key"
291 AC_ARG_WITH(opie, [ --with-opie[=DIR] enable OPIE support ],
295 *) AC_DEFINE(HAVE_OPIE)
296 AC_MSG_CHECKING(whether to try NRL OPIE authentication)
298 AUTH_REG="$AUTH_REG NRL_OPIE"
302 AC_ARG_WITH(long-otp-prompt, [ --with-long-otp-prompt use a two line OTP (skey/opie) prompt],
303 [case $with_long_otp_prompt in
304 yes) AC_DEFINE(LONG_OTP_PROMPT)
305 AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
309 no) long_otp_prompt=off
311 *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."])
315 AC_ARG_WITH(SecurID, [ --with-SecurID[[=DIR]] enable SecurID support],
316 [case $with_SecurID in
317 no) with_SecurID="";;
318 *) AC_DEFINE(HAVE_SECURID)
319 AC_MSG_CHECKING(whether to use SecurID for authentication)
321 AUTH_EXCL="$AUTH_EXCL SecurID"
325 AC_ARG_WITH(fwtk, [ --with-fwtk[[=DIR]] enable FWTK AuthSRV support],
328 *) AC_DEFINE(HAVE_FWTK)
329 AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
331 AUTH_EXCL="$AUTH_EXCL FWTK"
335 AC_ARG_WITH(kerb4, [ --with-kerb4[[=DIR]] enable Kerberos IV support],
338 *) AC_MSG_CHECKING(whether to try kerberos IV authentication)
340 AUTH_REG="$AUTH_REG kerb4"
344 AC_ARG_WITH(kerb5, [ --with-kerb5[[=DIR]] enable Kerberos V support],
347 *) AC_MSG_CHECKING(whether to try Kerberos V authentication)
349 AUTH_REG="$AUTH_REG kerb5"
353 AC_ARG_WITH(aixauth, [ --with-aixauth enable AIX general authentication support],
354 [case $with_aixauth in
355 yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
357 *) AC_MSG_ERROR(["--with-aixauth does not take an argument."])
361 AC_ARG_WITH(pam, [ --with-pam enable PAM support],
363 yes) AUTH_EXCL="$AUTH_EXCL PAM";;
365 *) AC_MSG_ERROR(["--with-pam does not take an argument."])
369 AC_ARG_WITH(AFS, [ --with-AFS enable AFS support],
371 yes) AC_DEFINE(HAVE_AFS)
372 AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
374 AUTH_REG="$AUTH_REG AFS"
377 *) AC_MSG_ERROR(["--with-AFS does not take an argument."])
381 AC_ARG_WITH(DCE, [ --with-DCE enable DCE support],
383 yes) AC_DEFINE(HAVE_DCE)
384 AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
386 AUTH_REG="$AUTH_REG DCE"
389 *) AC_MSG_ERROR(["--with-DCE does not take an argument."])
393 AC_ARG_WITH(logincap, [ --with-logincap enable BSD login class support],
394 [case $with_logincap in
396 *) AC_MSG_ERROR(["--with-logincap does not take an argument."])
400 AC_ARG_WITH(bsdauth, [ --with-bsdauth enable BSD authentication support],
401 [case $with_bsdauth in
402 yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
404 *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
408 AC_ARG_WITH(project, [ --with-project enable Solaris project support],
409 [case $with_project in
412 *) AC_MSG_ERROR(["--with-project does not take an argument."])
416 AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
417 AC_ARG_WITH(lecture, [ --without-lecture don't print lecture for first-time sudoer],
418 [case $with_lecture in
419 yes|short|always) lecture=once
421 no|none|never) lecture=never
423 *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"])
426 if test "$lecture" = "once"; then
429 AC_DEFINE(NO_LECTURE)
433 AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
434 AC_ARG_WITH(logging, [ --with-logging log via syslog, file, or both],
435 [case $with_logging in
436 yes) AC_MSG_ERROR(["must give --with-logging an argument."])
438 no) AC_MSG_ERROR(["--without-logging not supported."])
440 syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG)
441 AC_MSG_RESULT(syslog)
443 file) AC_DEFINE(LOGGING, SLOG_FILE)
446 both) AC_DEFINE(LOGGING, SLOG_BOTH)
449 *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"])
451 esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
453 AC_MSG_CHECKING(which syslog facility sudo should log with)
454 AC_ARG_WITH(logfac, [ --with-logfac syslog facility to log with (default is "local2")],
455 [case $with_logfac in
456 yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
458 no) AC_MSG_ERROR(["--without-logfac not supported."])
460 authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac
462 *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
465 AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
466 AC_MSG_RESULT($logfac)
468 AC_MSG_CHECKING(at which syslog priority to log commands)
469 AC_ARG_WITH(goodpri, [ --with-goodpri syslog priority for commands (def is "notice")],
470 [case $with_goodpri in
471 yes) AC_MSG_ERROR(["must give --with-goodpri an argument."])
473 no) AC_MSG_ERROR(["--without-goodpri not supported."])
475 alert|crit|debug|emerg|err|info|notice|warning)
476 goodpri=$with_goodpri
478 *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."])
481 AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
482 AC_MSG_RESULT($goodpri)
484 AC_MSG_CHECKING(at which syslog priority to log failures)
485 AC_ARG_WITH(badpri, [ --with-badpri syslog priority for failures (def is "alert")],
486 [case $with_badpri in
487 yes) AC_MSG_ERROR(["must give --with-badpri an argument."])
489 no) AC_MSG_ERROR(["--without-badpri not supported."])
491 alert|crit|debug|emerg|err|info|notice|warning)
494 *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
497 AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
498 AC_MSG_RESULT($badpri)
500 AC_ARG_WITH(logpath, [ --with-logpath path to the sudo log file],
501 [case $with_logpath in
502 yes) AC_MSG_ERROR(["must give --with-logpath an argument."])
504 no) AC_MSG_ERROR(["--without-logpath not supported."])
508 AC_MSG_CHECKING(how long a line in the log file should be)
509 AC_ARG_WITH(loglen, [ --with-loglen maximum length of a log file line (default is 80)],
510 [case $with_loglen in
511 yes) AC_MSG_ERROR(["must give --with-loglen an argument."])
513 no) AC_MSG_ERROR(["--without-loglen not supported."])
515 [[0-9]]*) loglen=$with_loglen
517 *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"])
520 AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
521 AC_MSG_RESULT($loglen)
523 AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
524 AC_ARG_WITH(ignore-dot, [ --with-ignore-dot ignore '.' in the PATH],
525 [case $with_ignore_dot in
530 *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."])
533 if test "$ignore_dot" = "on"; then
534 AC_DEFINE(IGNORE_DOT_PATH)
540 AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
541 AC_ARG_WITH(mail-if-no-user, [ --without-mail-if-no-user do not send mail if user not in sudoers],
542 [case $with_mail_if_no_user in
547 *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."])
550 if test "$mail_no_user" = "on"; then
551 AC_DEFINE(SEND_MAIL_WHEN_NO_USER)
557 AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
558 AC_ARG_WITH(mail-if-no-host, [ --with-mail-if-no-host send mail if user in sudoers but not for this host],
559 [case $with_mail_if_no_host in
564 *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."])
567 if test "$mail_no_host" = "on"; then
568 AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
574 AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
575 AC_ARG_WITH(mail-if-noperms, [ --with-mail-if-noperms send mail if user not allowed to run command],
576 [case $with_mail_if_noperms in
581 *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."])
584 if test "$mail_noperms" = "on"; then
585 AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
591 AC_MSG_CHECKING(who should get the mail that sudo sends)
592 AC_ARG_WITH(mailto, [ --with-mailto who should get sudo mail (default is "root")],
593 [case $with_mailto in
594 yes) AC_MSG_ERROR(["must give --with-mailto an argument."])
596 no) AC_MSG_ERROR(["--without-mailto not supported."])
598 *) mailto=$with_mailto
601 AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
602 AC_MSG_RESULT([$mailto])
604 AC_ARG_WITH(mailsubject, [ --with-mailsubject subject of sudo mail],
605 [case $with_mailsubject in
606 yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."])
608 no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.])
610 *) mailsub="$with_mailsubject"
611 AC_MSG_CHECKING(sudo mail subject)
612 AC_MSG_RESULT([Using alert mail subject: $mailsub])
615 AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
617 AC_MSG_CHECKING(for bad password prompt)
618 AC_ARG_WITH(passprompt, [ --with-passprompt default password prompt],
619 [case $with_passprompt in
620 yes) AC_MSG_ERROR(["must give --with-passprompt an argument."])
622 no) AC_MSG_WARN([Sorry, --without-passprompt not supported.])
624 *) passprompt="$with_passprompt"
626 AC_MSG_RESULT($passprompt)
627 AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
629 AC_MSG_CHECKING(for bad password message)
630 AC_ARG_WITH(badpass-message, [ --with-badpass-message message the user sees when the password is wrong],
631 [case $with_badpass_message in
632 yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
634 no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.])
636 *) badpass_message="$with_badpass_message"
639 AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
640 AC_MSG_RESULT([$badpass_message])
642 AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
643 AC_ARG_WITH(fqdn, [ --with-fqdn expect fully qualified hosts in sudoers],
649 *) AC_MSG_ERROR(["--with-fqdn does not take an argument."])
652 if test "$fqdn" = "on"; then
659 AC_ARG_WITH(timedir, [ --with-timedir path to the sudo timestamp dir],
660 [case $with_timedir in
661 yes) AC_MSG_ERROR(["must give --with-timedir an argument."])
663 no) AC_MSG_ERROR(["--without-timedir not supported."])
667 AC_ARG_WITH(sendmail, [ --with-sendmail=path set path to sendmail
668 --without-sendmail do not send mail at all],
669 [case $with_sendmail in
670 yes) with_sendmail=""
673 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
677 AC_ARG_WITH(sudoers-mode, [ --with-sudoers-mode mode of sudoers file (defaults to 0440)],
678 [case $with_sudoers_mode in
679 yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
681 no) AC_MSG_ERROR(["--without-sudoers-mode not supported."])
683 [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode}
685 0*) SUDOERS_MODE=$with_sudoers_mode
687 *) AC_MSG_ERROR(["you must use an octal mode, not a name."])
691 AC_ARG_WITH(sudoers-uid, [ --with-sudoers-uid uid that owns sudoers file (defaults to 0)],
692 [case $with_sudoers_uid in
693 yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
695 no) AC_MSG_ERROR(["--without-sudoers-uid not supported."])
697 [[0-9]]*) SUDOERS_UID=$with_sudoers_uid
699 *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."])
703 AC_ARG_WITH(sudoers-gid, [ --with-sudoers-gid gid that owns sudoers file (defaults to 0)],
704 [case $with_sudoers_gid in
705 yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
707 no) AC_MSG_ERROR(["--without-sudoers-gid not supported."])
709 [[0-9]]*) SUDOERS_GID=$with_sudoers_gid
711 *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."])
715 AC_MSG_CHECKING(for umask programs should be run with)
716 AC_ARG_WITH(umask, [ --with-umask umask with which the prog should run (default is 022)
717 --without-umask Preserves the umask of the user invoking sudo.],
719 yes) AC_MSG_ERROR(["must give --with-umask an argument."])
723 [[0-9]]*) sudo_umask=$with_umask
725 *) AC_MSG_ERROR(["you must enter a numeric mask."])
728 AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.])
729 if test "$sudo_umask" = "0777"; then
732 AC_MSG_RESULT($sudo_umask)
735 AC_MSG_CHECKING(for default user to run commands as)
736 AC_ARG_WITH(runas-default, [ --with-runas-default User to run commands as (default is "root")],
737 [case $with_runas_default in
738 yes) AC_MSG_ERROR(["must give --with-runas-default an argument."])
740 no) AC_MSG_ERROR(["--without-runas-default not supported."])
742 *) runas_default="$with_runas_default"
745 AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
746 AC_MSG_RESULT([$runas_default])
748 AC_ARG_WITH(exempt, [ --with-exempt=group no passwd needed for users in this group],
749 [case $with_exempt in
750 yes) AC_MSG_ERROR(["must give --with-exempt an argument."])
752 no) AC_MSG_ERROR(["--without-exempt not supported."])
754 *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
755 AC_MSG_CHECKING(for group to be exempt from password)
756 AC_MSG_RESULT([$with_exempt])
760 AC_MSG_CHECKING(for editor that visudo should use)
761 AC_ARG_WITH(editor, [ --with-editor=path Default editor for visudo (defaults to vi)],
762 [case $with_editor in
763 yes) AC_MSG_ERROR(["must give --with-editor an argument."])
765 no) AC_MSG_ERROR(["--without-editor not supported."])
767 *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
768 AC_MSG_RESULT([$with_editor])
770 esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
772 AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
773 AC_ARG_WITH(env-editor, [ --with-env-editor Use the environment variable EDITOR for visudo],
774 [case $with_env_editor in
779 *) AC_MSG_ERROR(["--with-env-editor does not take an argument."])
782 if test "$env_editor" = "on"; then
783 AC_DEFINE(ENV_EDITOR)
789 AC_MSG_CHECKING(number of tries a user gets to enter their password)
790 AC_ARG_WITH(passwd-tries, [ --with-passwd-tries number of tries to enter password (default is 3)],
791 [case $with_passwd_tries in
793 no) AC_MSG_ERROR(["--without-editor not supported."])
795 [[1-9]]*) passwd_tries=$with_passwd_tries
797 *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"])
800 AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
801 AC_MSG_RESULT($passwd_tries)
803 AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
804 AC_ARG_WITH(timeout, [ --with-timeout minutes before sudo asks for passwd again (def is 5 minutes)],
805 [case $with_timeout in
809 [[0-9]]*) timeout=$with_timeout
811 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
814 AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
815 AC_MSG_RESULT($timeout)
817 AC_MSG_CHECKING(time in minutes after the password prompt will time out)
818 AC_ARG_WITH(password-timeout, [ --with-password-timeout passwd prompt timeout in minutes (default is 5 minutes)],
819 [case $with_password_timeout in
821 no) password_timeout=0
823 [[0-9]]*) password_timeout=$with_password_timeout
825 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
828 AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
829 AC_MSG_RESULT($password_timeout)
831 AC_MSG_CHECKING(whether to use per-tty ticket files)
832 AC_ARG_WITH(tty-tickets, [ --with-tty-tickets use a different ticket file for each tty],
833 [case $with_tty_tickets in
838 *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
841 if test "$tty_tickets" = "on"; then
842 AC_DEFINE(USE_TTY_TICKETS)
848 AC_MSG_CHECKING(whether to include insults)
849 AC_ARG_WITH(insults, [ --with-insults insult the user for entering an incorrect password],
850 [case $with_insults in
852 with_classic_insults=yes
853 with_csops_insults=yes
857 *) AC_MSG_ERROR(["--with-insults does not take an argument."])
860 if test "$insults" = "on"; then
861 AC_DEFINE(USE_INSULTS)
867 AC_ARG_WITH(all-insults, [ --with-all-insults include all the sudo insult sets],
868 [case $with_all_insults in
869 yes) with_classic_insults=yes
870 with_csops_insults=yes
872 with_goons_insults=yes
875 *) AC_MSG_ERROR(["--with-all-insults does not take an argument."])
879 AC_ARG_WITH(classic-insults, [ --with-classic-insults include the insults from the "classic" sudo],
880 [case $with_classic_insults in
881 yes) AC_DEFINE(CLASSIC_INSULTS)
884 *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."])
888 AC_ARG_WITH(csops-insults, [ --with-csops-insults include CSOps insults],
889 [case $with_csops_insults in
890 yes) AC_DEFINE(CSOPS_INSULTS)
893 *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."])
897 AC_ARG_WITH(hal-insults, [ --with-hal-insults include 2001-like insults],
898 [case $with_hal_insults in
899 yes) AC_DEFINE(HAL_INSULTS)
902 *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."])
906 AC_ARG_WITH(goons-insults, [ --with-goons-insults include the insults from the "Goon Show"],
907 [case $with_goons_insults in
908 yes) AC_DEFINE(GOONS_INSULTS)
911 *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."])
915 AC_ARG_WITH(ldap, [ --with-ldap[[=DIR]] enable LDAP support],
918 *) AC_DEFINE(HAVE_LDAP)
919 AC_MSG_CHECKING(whether to use sudoers from LDAP)
923 AC_ARG_WITH(ldap-conf-file, [ --with-ldap-conf-file path to LDAP configuration file],
924 [AC_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$with_ldap_conf_file", [Path to the ldap.conf file])])
925 AC_ARG_WITH(ldap-secret-file, [ --with-ldap-secret-file path to LDAP secret password file],
926 [AC_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$with_ldap_secret_file", [Path to the ldap.secret file])])
928 AC_ARG_WITH(pc-insults, [ --with-pc-insults replace politically incorrect insults with less offensive ones],
929 [case $with_pc_insults in
930 yes) AC_DEFINE(PC_INSULTS)
933 *) AC_MSG_ERROR(["--with-pc-insults does not take an argument."])
937 dnl include all insult sets on one line
938 if test "$insults" = "on"; then
939 AC_MSG_CHECKING(which insult sets to include)
941 test "$with_goons_insults" = "yes" && i="goons ${i}"
942 test "$with_hal_insults" = "yes" && i="hal ${i}"
943 test "$with_csops_insults" = "yes" && i="csops ${i}"
944 test "$with_classic_insults" = "yes" && i="classic ${i}"
948 AC_MSG_CHECKING(whether to override the user's path)
949 AC_ARG_WITH(secure-path, [ --with-secure-path override the user's path with a built-in one],
950 [case $with_secure_path in
951 yes) AC_DEFINE_UNQUOTED(SECURE_PATH, "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc")
952 AC_MSG_RESULT([:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc])
954 no) AC_MSG_RESULT(no)
956 *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
957 AC_MSG_RESULT([$with_secure_path])
959 esac], AC_MSG_RESULT(no))
961 AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
962 AC_ARG_WITH(interfaces, [ --without-interfaces don't try to read the ip addr of ether interfaces],
963 [case $with_interfaces in
964 yes) AC_MSG_RESULT(yes)
966 no) AC_DEFINE(STUB_LOAD_INTERFACES)
969 *) AC_MSG_ERROR(["--with-interfaces does not take an argument."])
971 esac], AC_MSG_RESULT(yes))
973 AC_MSG_CHECKING(whether stow should be used)
974 AC_ARG_WITH(stow, [ --with-stow properly handle GNU stow packaging],
976 yes) AC_MSG_RESULT(yes)
979 no) AC_MSG_RESULT(no)
981 *) AC_MSG_ERROR(["--with-stow does not take an argument."])
983 esac], AC_MSG_RESULT(no))
986 dnl Options for --enable
989 AC_MSG_CHECKING(whether to do user authentication by default)
990 AC_ARG_ENABLE(authentication,
991 [ --disable-authentication
992 Do not require authentication by default],
993 [ case "$enableval" in
994 yes) AC_MSG_RESULT(yes)
996 no) AC_MSG_RESULT(no)
997 AC_DEFINE(NO_AUTHENTICATION)
1000 AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval])
1003 ], AC_MSG_RESULT(yes))
1005 AC_MSG_CHECKING(whether to disable running the mailer as root)
1006 AC_ARG_ENABLE(root-mailer,
1007 [ --disable-root-mailer Don't run the mailer as root, run as the user],
1008 [ case "$enableval" in
1009 yes) AC_MSG_RESULT(no)
1011 no) AC_MSG_RESULT(yes)
1012 AC_DEFINE(NO_ROOT_MAILER)
1014 *) AC_MSG_RESULT(no)
1015 AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval])
1018 ], AC_MSG_RESULT(no))
1020 AC_ARG_ENABLE(setreuid,
1021 [ --disable-setreuid Don't try to use the setreuid() function],
1022 [ case "$enableval" in
1023 no) SKIP_SETREUID=yes
1029 AC_ARG_ENABLE(setresuid,
1030 [ --disable-setresuid Don't try to use the setresuid() function],
1031 [ case "$enableval" in
1032 no) SKIP_SETRESUID=yes
1038 AC_MSG_CHECKING(whether to disable shadow password support)
1039 AC_ARG_ENABLE(shadow,
1040 [ --disable-shadow Never use shadow passwords],
1041 [ case "$enableval" in
1042 yes) AC_MSG_RESULT(no)
1044 no) AC_MSG_RESULT(yes)
1047 *) AC_MSG_RESULT(no)
1048 AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval])
1051 ], AC_MSG_RESULT(no))
1053 AC_MSG_CHECKING(whether root should be allowed to use sudo)
1054 AC_ARG_ENABLE(root-sudo,
1055 [ --disable-root-sudo Don't allow root to run sudo],
1056 [ case "$enableval" in
1057 yes) AC_MSG_RESULT(yes)
1059 no) AC_DEFINE(NO_ROOT_SUDO)
1063 *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."])
1066 ], AC_MSG_RESULT(yes))
1068 AC_MSG_CHECKING(whether to log the hostname in the log file)
1069 AC_ARG_ENABLE(log-host,
1070 [ --enable-log-host Log the hostname in the log file],
1071 [ case "$enableval" in
1072 yes) AC_MSG_RESULT(yes)
1073 AC_DEFINE(HOST_IN_LOG)
1075 no) AC_MSG_RESULT(no)
1077 *) AC_MSG_RESULT(no)
1078 AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval])
1081 ], AC_MSG_RESULT(no))
1083 AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
1084 AC_ARG_ENABLE(noargs-shell,
1085 [ --enable-noargs-shell If sudo is given no arguments run a shell],
1086 [ case "$enableval" in
1087 yes) AC_MSG_RESULT(yes)
1088 AC_DEFINE(SHELL_IF_NO_ARGS)
1090 no) AC_MSG_RESULT(no)
1092 *) AC_MSG_RESULT(no)
1093 AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval])
1096 ], AC_MSG_RESULT(no))
1098 AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
1099 AC_ARG_ENABLE(shell-sets-home,
1100 [ --enable-shell-sets-home
1101 set $HOME to target user in shell mode],
1102 [ case "$enableval" in
1103 yes) AC_MSG_RESULT(yes)
1104 AC_DEFINE(SHELL_SETS_HOME)
1106 no) AC_MSG_RESULT(no)
1108 *) AC_MSG_RESULT(no)
1109 AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval])
1112 ], AC_MSG_RESULT(no))
1114 AC_MSG_CHECKING(whether to disable 'command not found' messages)
1115 AC_ARG_ENABLE(path_info,
1116 [ --disable-path-info Print 'command not allowed' not 'command not found'],
1117 [ case "$enableval" in
1118 yes) AC_MSG_RESULT(no)
1120 no) AC_MSG_RESULT(yes)
1121 AC_DEFINE(DONT_LEAK_PATH_INFO)
1124 *) AC_MSG_RESULT(no)
1125 AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval])
1128 ], AC_MSG_RESULT(no))
1130 AC_ARG_WITH(selinux, [ --with-selinux enable SELinux support],
1131 [case $with_selinux in
1132 yes) AC_DEFINE(HAVE_SELINUX)
1133 SUDO_LIBS="${SUDO_LIBS} -lselinux"
1134 SUDO_OBJS="${SUDO_OBJS} selinux.o"
1135 PROGS="${PROGS} sesh"
1140 *) AC_MSG_ERROR(["--with-selinux does not take an argument."])
1145 dnl If we don't have egrep we can't do anything...
1147 AC_CHECK_PROG(EGREPPROG, egrep, egrep)
1148 if test -z "$EGREPPROG"; then
1149 AC_MSG_ERROR([Sorry, configure requires egrep to run.])
1153 dnl Prevent configure from adding the -g flag unless in devel mode
1155 if test "$with_devel" != "yes"; then
1160 dnl C compiler checks
1166 dnl Libtool magic; enable shared libs and disable static libs
1169 AC_CANONICAL_TARGET([])
1174 dnl Defer with_noexec until after libtool magic runs
1176 if test "$enable_shared" = "no"; then
1179 eval _shrext="$shrext_cmds"
1181 AC_MSG_CHECKING(path to sudo_noexec.so)
1182 AC_ARG_WITH(noexec, [ --with-noexec[=PATH] fully qualified pathname of sudo_noexec.so],
1183 [case $with_noexec in
1184 yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
1188 esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
1189 AC_MSG_RESULT($with_noexec)
1190 NOEXECFILE="sudo_noexec$_shrext"
1191 NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
1194 dnl It is now safe to modify CFLAGS and CPPFLAGS
1196 if test "$with_devel" = "yes" -a -n "$GCC"; then
1197 CFLAGS="${CFLAGS} -Wall"
1201 dnl Find programs we use
1203 AC_CHECK_PROG(UNAMEPROG, uname, uname)
1204 AC_CHECK_PROG(TRPROG, tr, tr)
1205 AC_CHECK_PROG(NROFFPROG, nroff, nroff)
1206 if test -z "$NROFFPROG"; then
1208 mansrcdir='$(srcdir)'
1212 dnl What kind of beastie are we being run on?
1213 dnl Barf if config.cache was generated on another host.
1215 if test -n "$sudo_cv_prev_host"; then
1216 if test "$sudo_cv_prev_host" != "$host"; then
1217 AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
1219 AC_MSG_CHECKING(previous host type)
1220 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1221 AC_MSG_RESULT([$sudo_cv_prev_host])
1224 # this will produce no output since there is no cached value
1225 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1229 dnl We want to be able to differentiate between different rev's
1231 if test -n "$host_os"; then
1232 OS=`echo $host_os | sed 's/[[0-9]].*//'`
1233 OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'`
1234 OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
1243 # getcwd(3) opens a pipe to getpwd(1)!?!
1246 # system headers lack prototypes but gcc helps...
1247 if test -n "$GCC"; then
1248 OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
1251 shadow_funcs="getpwanam issecure"
1254 # To get the crypt(3) prototype (so we pass -Wall)
1255 OSDEFS="${OSDEFS} -D__EXTENSIONS__"
1256 # AFS support needs -lucb
1257 if test "$with_AFS" = "yes"; then
1258 AFS_LIBS="-lc -lucb"
1261 : ${mansectform='4'}
1262 : ${with_rpath='yes'}
1263 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1266 # To get all prototypes (so we pass -Wall)
1267 OSDEFS="${OSDEFS} -D_XOPEN_EXTENDED_SOURCE -D_ALL_SOURCE"
1268 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
1269 if test X"$with_blibpath" != X"no"; then
1270 AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
1271 O_LDFLAGS="$LDFLAGS"
1272 LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
1273 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [
1274 if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
1275 blibpath="$with_blibpath"
1276 elif test -n "$GCC"; then
1277 blibpath="/usr/lib:/lib:/usr/local/lib"
1279 blibpath="/usr/lib:/lib"
1282 ], [AC_MSG_RESULT(no)])
1284 LDFLAGS="$O_LDFLAGS"
1286 # Use authenticate(3) as the default authentication method
1287 if test X"$with_aixauth" = X""; then
1288 AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
1293 : ${mansectform='4'}
1296 # AFS support needs -lBSD
1297 if test "$with_AFS" = "yes"; then
1298 AFS_LIBS="-lc -lBSD"
1301 : ${mansectform='4'}
1305 AC_DEFINE(BROKEN_SYSLOG)
1307 # Not sure if setuid binaries are safe in < 9.x
1308 if test -n "$GCC"; then
1309 SUDO_LDFLAGS="${SUDO_LDFLAGS} -static"
1311 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive"
1315 AC_DEFINE(BROKEN_SYSLOG)
1317 shadow_funcs="getspwuid"
1319 # DCE support (requires ANSI C compiler)
1320 if test "$with_DCE" = "yes"; then
1321 # order of libs in 9.X is important. -lc_r must be last
1322 SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r"
1323 LIBS="${LIBS} -ldce -lM -lc_r"
1324 CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
1328 shadow_funcs="getprpwnam iscomsec"
1332 shadow_funcs="getspnam iscomsec"
1334 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1339 # ignore envariables wrt dynamic lib path
1340 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement"
1342 : ${CHECKSIA='true'}
1343 AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
1345 [ --disable-sia Disable SIA on Digital UNIX],
1346 [ case "$enableval" in
1347 yes) AC_MSG_RESULT(no)
1350 no) AC_MSG_RESULT(yes)
1353 *) AC_MSG_RESULT(no)
1354 AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval])
1357 ], AC_MSG_RESULT(no))
1359 shadow_funcs="getprpwnam dispcrypt"
1360 # OSF/1 4.x and higher need -ldb too
1361 if test $OSMAJOR -lt 4; then
1362 shadow_libs="-lsecurity -laud -lm"
1364 shadow_libs="-lsecurity -ldb -laud -lm"
1367 # use SIA by default, if we have it
1368 test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
1371 # Some versions of Digital Unix ship with a broken
1372 # copy of prot.h, which we need for shadow passwords.
1373 # XXX - make should remove this as part of distclean
1375 AC_MSG_CHECKING([for broken prot.h])
1376 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1377 #include <sys/types.h>
1378 #include <sys/security.h>
1380 ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
1381 sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
1384 : ${mansectform='4'}
1387 OSDEFS="${OSDEFS} -D_BSD_TYPES"
1388 if test -z "$NROFFPROG"; then
1389 MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
1390 if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
1391 if test -d /usr/share/catman/local; then
1392 mandir="/usr/share/catman/local"
1394 mandir="/usr/catman/local"
1398 if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
1399 if test -d "/usr/share/man/local"; then
1400 mandir="/usr/share/man/local"
1402 mandir="/usr/man/local"
1406 # IRIX <= 4 needs -lsun
1407 if test "$OSMAJOR" -le 4; then
1408 AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
1411 : ${mansectform='4'}
1413 *-*-linux*|*-*-k*bsd*-gnu)
1414 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1415 # Some Linux versions need to link with -lshadow
1416 shadow_funcs="getspnam"
1417 shadow_libs_optional="-lshadow"
1418 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1421 OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
1422 if test -z "$GCC"; then
1423 CFLAGS="${CFLAGS} -D__STDC__"
1426 shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
1427 shadow_funcs="getprpwnam"
1428 shadow_libs="-lprot"
1432 shadow_funcs="getauthuid"
1433 shadow_libs="-lauth"
1436 LIBS="${LIBS} -lsun -lbsd"
1437 CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
1438 OSDEFS="${OSDEFS} -D_MIPS"
1440 : ${mansectform='4'}
1443 OSDEFS="${OSDEFS} -D_ISC"
1445 SUDO_LIBS="${SUDO_LIBS} -lcrypt"
1446 LIBS="${LIBS} -lcrypt"
1448 shadow_funcs="getspnam"
1452 : ${mansectform='4'}
1455 shadow_funcs="getprpwnam"
1456 shadow_libs="-lprot -lx"
1458 : ${mansectform='4'}
1460 m88k-motorola-sysv*)
1461 # motorolla's cc (a variant of gcc) does -O but not -O2
1462 CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
1464 : ${mansectform='4'}
1467 shadow_funcs="getspnam"
1470 : ${mansectform='4'}
1471 : ${with_rpath='yes'}
1473 *-ncr-sysv4*|*-ncr-sysvr4*)
1474 AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes])
1476 : ${mansectform='4'}
1477 : ${with_rpath='yes'}
1479 *-ccur-sysv4*|*-ccur-sysvr4*)
1480 LIBS="${LIBS} -lgen"
1481 SUDO_LIBS="${SUDO_LIBS} -lgen"
1483 : ${mansectform='4'}
1484 : ${with_rpath='yes'}
1488 # Use shlicc for BSD/OS [23].x unless asked to do otherwise
1489 if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then
1491 2|3) AC_MSG_NOTICE([using shlicc as CC])
1492 ac_cv_prog_CC=shlicc
1497 # Check for newer BSD auth API (just check for >= 3.0?)
1498 if test -z "$with_bsdauth"; then
1499 AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
1503 # FreeBSD has a real setreuid(2) starting with 2.1 and
1504 # backported to 2.0.5. We just take 2.1 and above...
1510 if test "$with_skey" = "yes"; then
1511 SUDO_LIBS="${SUDO_LIBS} -lmd"
1514 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1515 : ${with_logincap='maybe'}
1518 # OpenBSD has a real setreuid(2) starting with 3.3 but
1519 # we will use setreuid(2) instead.
1522 # OpenBSD >= 3.0 supports BSD auth
1523 if test -z "$with_bsdauth"; then
1528 AUTH_EXCL_DEF="BSD_AUTH"
1532 : ${with_logincap='maybe'}
1535 # NetBSD has a real setreuid(2) starting with 1.3.2
1537 0.9*|1.[012]*|1.3|1.3.1)
1542 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1543 : ${with_logincap='maybe'}
1546 if test "$with_skey" = "yes"; then
1547 SUDO_LIBS="${SUDO_LIBS} -lmd"
1550 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1551 : ${with_logincap='yes'}
1559 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1560 : ${with_logincap='yes'}
1563 # lockf() on is broken on the NeXT -- use flock instead
1565 ac_cv_func_flock=yes
1569 : ${mansectform='4'}
1570 : ${with_rpath='yes'}
1574 : ${mansectform='4'}
1577 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1582 dnl Check for mixing mutually exclusive and regular auth methods
1584 AUTH_REG=${AUTH_REG# }
1585 AUTH_EXCL=${AUTH_EXCL# }
1586 if test -n "$AUTH_EXCL"; then
1588 if test $# != 1; then
1589 AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL])
1591 if test -n "$AUTH_REG"; then
1592 AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
1596 dnl Only one of S/Key and OPIE may be specified
1598 if test X"${with_skey}${with_opie}" = X"yesyes"; then
1599 AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
1603 dnl Use BSD-style man sections by default
1606 : ${mansectform='5'}
1609 dnl Add in any libpaths or libraries specified via configure
1611 if test -n "$with_libpath"; then
1612 for i in ${with_libpath}; do
1613 SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
1616 if test -n "$with_libraries"; then
1617 for i in ${with_libraries}; do
1629 dnl C compiler checks (to be done after os checks)
1631 AC_PROG_GCC_TRADITIONAL
1640 if test -z "$with_sendmail"; then
1643 if test -z "$with_editor"; then
1647 dnl Header file checks
1652 AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h)
1653 AC_CHECK_HEADERS([err.h], [], [AC_LIBOBJ(err)])
1654 dnl ultrix termio/termios are broken
1655 if test "$OS" != "ultrix"; then
1656 AC_SYS_POSIX_TERMIOS
1657 if test "$ac_cv_sys_posix_termios" = "yes"; then
1658 AC_DEFINE(HAVE_TERMIOS_H)
1660 AC_CHECK_HEADERS(termio.h)
1663 if test ${with_logincap-'no'} != "no"; then
1664 AC_CHECK_HEADERS(login_cap.h, [LCMAN=""
1666 freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
1671 if test ${with_project-'no'} != "no"; then
1672 AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H)
1673 [SUDO_LIBS="${SUDO_LIBS} -lproject"], -)
1680 AC_CHECK_TYPES([sig_atomic_t], , [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
1681 #include <signal.h>])
1682 AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include <sys/types.h>
1683 #include <signal.h>])
1684 AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include <sys/types.h>
1685 #if TIME_WITH_SYS_TIME
1686 # include <sys/time.h>
1689 AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include <sys/types.h>
1690 #include <netinet/in.h>])
1700 dnl only set RETSIGTYPE if it is not set already
1710 AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
1711 strftime setrlimit initgroups getgroups fstat gettimeofday \
1712 setlocale getaddrinfo)
1713 if test -z "$SKIP_SETRESUID"; then
1714 AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
1716 if test -z "$SKIP_SETREUID"; then
1717 AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
1719 if test -z "$SKIP_SETEUID"; then
1720 AC_CHECK_FUNCS(seteuid)
1722 if test X"$with_interfaces" != X"no"; then
1723 AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
1725 if test -z "$BROKEN_GETCWD"; then
1726 AC_REPLACE_FUNCS(getcwd)
1728 AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h)
1729 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <glob.h>]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB)
1730 AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob)
1731 AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)])
1732 AC_CHECK_FUNCS(lockf flock, [break])
1733 AC_CHECK_FUNCS(waitpid wait3, [break])
1734 AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
1735 AC_CHECK_FUNCS(lsearch, [], [AC_CHECK_LIB([compat], [lsearch], [AC_CHECK_HEADER([search.h], [AC_DEFINE(HAVE_LSEARCH)] [LIBS="${LIBS} -lcompat"], [AC_LIBOBJ(lsearch)], -)], [AC_LIBOBJ(lsearch)])])
1736 AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
1737 SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)])
1739 AC_REPLACE_FUNCS(memrchr strerror strcasecmp sigaction strlcpy strlcat)
1740 AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom)
1741 AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [],
1742 [ #include <limits.h>
1743 #include <fcntl.h> ])
1745 AC_CHECK_FUNCS(mkstemp, [], [SUDO_OBJS="${SUDO_OBJS} mkstemp.o"
1746 AC_CHECK_FUNCS(random lrand48, [break])
1748 AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
1749 if test X"$ac_cv_type_struct_timespec" != X"no"; then
1750 AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)]
1751 [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))],
1752 [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
1753 AC_MSG_CHECKING([for two-parameter timespecsub])
1754 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1755 #include <sys/time.h>]], [[struct timespec ts1, ts2;
1756 ts1.tv_sec = 1; ts1.tv_nsec = 0; ts2.tv_sec = 0; ts2.tv_nsec = 0;
1758 #error missing timespecsub
1760 timespecsub(&ts1, &ts2);]])], [AC_DEFINE(HAVE_TIMESPECSUB2)
1761 AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)])
1764 dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
1766 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1767 #include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_TRY_LINK([#include <sys/types.h>
1768 #include <$ac_header_dirent>], [DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);], [AC_DEFINE(HAVE_DD_FD)])])
1770 dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
1771 dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
1773 if test -n "$NEED_SNPRINTF"; then
1777 dnl If socket(2) not in libc, check -lsocket and -linet
1778 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
1779 dnl In this case we look for main(), not socket() to avoid using a cached value
1781 AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl)
1782 AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))])
1784 dnl If inet_addr(3) not in libc, check -lnsl and -linet
1785 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
1787 AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl)
1788 AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))])
1790 dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
1792 AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))])
1794 dnl Bison and DCE use alloca(3), if not in libc, use the sudo one (from gcc)
1795 dnl (gcc includes its own alloca(3) but other compilers may not)
1797 if test "$with_DCE" = "yes" -o "$ac_cv_prog_YACC" = "bison -y"; then
1801 dnl Check for getprogname() or __progname
1803 AC_CHECK_FUNCS(getprogname, , [
1804 AC_MSG_CHECKING([for __progname])
1805 AC_CACHE_VAL(sudo_cv___progname, [
1806 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
1807 if test "$sudo_cv___progname" = "yes"; then
1808 AC_DEFINE(HAVE___PROGNAME)
1810 AC_LIBOBJ(getprogname)
1812 AC_MSG_RESULT($sudo_cv___progname)
1816 dnl Mutually exclusive auth checks come first, followed by
1817 dnl non-exclusive ones. Note: passwd must be last of all!
1821 dnl Convert default authentication methods to with_* if
1822 dnl no explicit authentication scheme was specified.
1824 if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
1825 for auth in $AUTH_EXCL_DEF; do
1827 AIX_AUTH) with_aixauth=maybe;;
1828 BSD_AUTH) with_bsdauth=maybe;;
1829 PAM) with_pam=maybe;;
1830 SIA) CHECKSIA=true;;
1836 dnl PAM support. Systems that use PAM by default set with_pam=default
1837 dnl and we do the actual tests here.
1839 if test ${with_pam-"no"} != "no"; then
1841 dnl Linux may need this
1843 AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"])
1844 ac_cv_lib_dl=ac_cv_lib_dl_main
1847 dnl Some PAM implementations (MacOS X for example) put the PAM headers
1848 dnl in /usr/include/pam instead of /usr/include/security...
1850 AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break])
1851 if test "$with_pam" = "yes"; then
1853 AUTH_OBJS="$AUTH_OBJS pam.o";
1855 AC_MSG_CHECKING(whether to use PAM session support)
1856 AC_ARG_ENABLE(pam_session,
1857 [ --disable-pam-session Disable PAM session support],
1858 [ case "$enableval" in
1859 yes) AC_MSG_RESULT(yes)
1861 no) AC_MSG_RESULT(no)
1862 AC_DEFINE(NO_PAM_SESSION)
1864 *) AC_MSG_RESULT(no)
1865 AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
1867 esac], AC_MSG_RESULT(yes))
1869 *-*-linux*|*-*-solaris*)
1870 AC_CHECK_FUNCS(dgettext, [],
1871 [AC_CHECK_LIB(intl, dgettext, [LIBS="${LIBS} -lintl"]
1872 [AC_DEFINE(HAVE_DGETTEXT)])])
1879 dnl AIX general authentication
1880 dnl If set to "maybe" only enable if no other exclusive method in use.
1882 if test ${with_aixauth-'no'} != "no"; then
1883 if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
1884 AC_MSG_NOTICE([using AIX general authentication])
1885 AC_DEFINE(HAVE_AIXAUTH)
1886 AUTH_OBJS="$AUTH_OBJS aix_auth.o";
1887 SUDO_LIBS="${SUDO_LIBS} -ls"
1893 dnl BSD authentication
1894 dnl If set to "maybe" only enable if no other exclusive method in use.
1896 if test ${with_bsdauth-'no'} != "no"; then
1897 AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
1898 [AUTH_OBJS="$AUTH_OBJS bsdauth.o"]
1899 [AUTH_EXCL=BSD_AUTH; BAMAN=""],
1900 [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
1904 dnl SIA authentication for Tru64 Unix
1906 if test ${CHECKSIA-'false'} = "true"; then
1907 AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
1908 if test "$found" = "true"; then
1910 AUTH_OBJS="$AUTH_OBJS sia.o"
1915 dnl extra FWTK libs + includes
1917 if test ${with_fwtk-'no'} != "no"; then
1918 if test "$with_fwtk" != "yes"; then
1919 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}])
1920 CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
1923 SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall"
1924 AUTH_OBJS="$AUTH_OBJS fwtk.o"
1928 dnl extra SecurID lib + includes
1930 if test ${with_SecurID-'no'} != "no"; then
1931 if test "$with_SecurID" != "yes"; then
1933 elif test -d /usr/ace/examples; then
1934 with_SecurID=/usr/ace/examples
1936 with_SecurID=/usr/ace
1938 CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
1939 _LDFLAGS="${LDFLAGS}"
1940 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
1942 # Determine whether to use the new or old SecurID API
1944 AC_CHECK_LIB(aceclnt, SD_Init,
1946 AUTH_OBJS="$AUTH_OBJS securid5.o";
1947 SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"
1950 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}])
1952 AUTH_OBJS="$AUTH_OBJS securid.o";
1953 SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a"
1959 LDFLAGS="${_LDFLAGS}"
1963 dnl Non-mutually exclusive auth checks come next.
1964 dnl Note: passwd must be last of all!
1968 dnl Convert default authentication methods to with_* if
1969 dnl no explicit authentication scheme was specified.
1971 if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
1972 for auth in $AUTH_DEF; do
1974 passwd) : ${with_passwd='maybe'};;
1982 if test ${with_kerb4-'no'} != "no"; then
1983 AC_DEFINE(HAVE_KERB4)
1985 dnl Use the specified directory, if any, else search for correct inc dir
1987 O_LDFLAGS="$LDFLAGS"
1988 if test "$with_kerb4" = "yes"; then
1990 O_CPPFLAGS="$CPPFLAGS"
1991 for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
1992 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
1993 AC_PREPROC_IFELSE([#include <krb.h>], [found=yes; break])
1995 test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
1997 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib])
1998 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib])
1999 CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
2000 AC_CHECK_HEADER([krb.h], [found=yes], [found=no])
2002 if test X"$found" = X"no"; then
2003 AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
2007 dnl Check for -ldes vs. -ldes425
2009 AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [
2010 AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""])
2013 dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV
2015 AC_MSG_CHECKING(whether we are using KTH Kerberos IV)
2016 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]], [[const char *tmp = krb4_version;]])], [
2018 K4LIBS="${K4LIBS} -lcom_err"
2019 AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"])
2025 dnl The actual Kerberos IV lib might be -lkrb or -lkrb4
2027 AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [
2028 AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"],
2029 [K4LIBS="-lkrb $K4LIBS"]
2030 [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])]
2033 LDFLAGS="$O_LDFLAGS"
2034 SUDO_LIBS="${SUDO_LIBS} $K4LIBS"
2035 AUTH_OBJS="$AUTH_OBJS kerb4.o"
2040 dnl There is an easy way and a hard way...
2042 if test ${with_kerb5-'no'} != "no"; then
2043 AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
2044 if test -n "$KRB5CONFIG"; then
2045 AC_DEFINE(HAVE_KERB5)
2046 AUTH_OBJS="$AUTH_OBJS kerb5.o"
2047 CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
2048 SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`"
2050 dnl Try to determine whether we have Heimdal or MIT Kerberos
2052 AC_MSG_CHECKING(whether we are using Heimdal)
2053 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2055 AC_DEFINE(HAVE_HEIMDAL)
2062 if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then
2063 AC_DEFINE(HAVE_KERB5)
2065 dnl Use the specified directory, if any, else search for correct inc dir
2067 if test "$with_kerb5" = "yes"; then
2069 O_CPPFLAGS="$CPPFLAGS"
2070 for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
2071 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
2072 AC_PREPROC_IFELSE([#include <krb5.h>], [found=yes; break])
2074 if test X"$found" = X"no"; then
2075 CPPFLAGS="$O_CPPFLAGS"
2076 AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
2079 dnl XXX - try to include krb5.h here too
2080 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib])
2081 CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
2085 dnl Try to determine whether we have Heimdal or MIT Kerberos
2087 AC_MSG_CHECKING(whether we are using Heimdal)
2088 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2090 AC_DEFINE(HAVE_HEIMDAL)
2091 SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
2092 AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"])
2095 SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
2096 AC_CHECK_LIB(krb5support, main, [SUDO_LIBS="${SUDO_LIBS} -lkrb5support,"])
2098 AUTH_OBJS="$AUTH_OBJS kerb5.o"
2100 LIBS="${LIBS} ${SUDO_LIBS}"
2101 AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
2106 dnl extra AFS libs and includes
2108 if test ${with_AFS-'no'} = "yes"; then
2110 # looks like the "standard" place for AFS libs is /usr/afsws/lib
2111 AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
2112 for i in $AFSLIBDIRS; do
2113 if test -d ${i}; then
2114 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i])
2115 FOUND_AFSLIBDIR=true
2118 if test -z "$FOUND_AFSLIBDIR"; then
2119 AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.])
2122 # Order is important here. Note that we build AFS_LIBS from right to left
2123 # since AFS_LIBS may be initialized with BSD compat libs that must go last
2124 AFS_LIBS="-laudit ${AFS_LIBS}"
2125 for i in $AFSLIBDIRS; do
2126 if test -f ${i}/util.a; then
2127 AFS_LIBS="${i}/util.a ${AFS_LIBS}"
2132 if test -z "$FOUND_UTIL_A"; then
2133 AFS_LIBS="-lutil ${AFS_LIBS}"
2135 AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
2137 # AFS includes may live in /usr/include on some machines...
2138 for i in /usr/afsws/include; do
2139 if test -d ${i}; then
2140 CPPFLAGS="${CPPFLAGS} -I${i}"
2141 FOUND_AFSINCDIR=true
2145 if test -z "$FOUND_AFSLIBDIR"; then
2146 AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
2149 AUTH_OBJS="$AUTH_OBJS afs.o"
2153 dnl extra DCE obj + lib
2154 dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
2156 if test ${with_DCE-'no'} = "yes"; then
2157 DCE_OBJS="${DCE_OBJS} dce_pwent.o"
2158 SUDO_LIBS="${SUDO_LIBS} -ldce"
2159 AUTH_OBJS="$AUTH_OBJS dce.o"
2163 dnl extra S/Key lib and includes
2165 if test ${with_skey-'no'} = "yes"; then
2166 O_LDFLAGS="$LDFLAGS"
2167 if test "$with_skey" != "yes"; then
2168 CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
2169 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
2170 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib])
2171 AC_PREPROC_IFELSE([#include <skey.h>], [found=yes], [found=no])
2174 O_CPPFLAGS="$CPPFLAGS"
2175 for dir in "" "/usr/local" "/usr/contrib"; do
2176 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2177 AC_PREPROC_IFELSE([#include <skey.h>], [found=yes; break])
2179 if test "$found" = "no" -o -z "$dir"; then
2180 CPPFLAGS="$O_CPPFLAGS"
2182 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2183 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
2186 if test "$found" = "no"; then
2187 AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
2189 AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])])
2190 AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
2191 LDFLAGS="$O_LDFLAGS"
2192 SUDO_LIBS="${SUDO_LIBS} -lskey"
2193 AUTH_OBJS="$AUTH_OBJS rfc1938.o"
2197 dnl extra OPIE lib and includes
2199 if test ${with_opie-'no'} = "yes"; then
2200 O_LDFLAGS="$LDFLAGS"
2201 if test "$with_opie" != "yes"; then
2202 CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
2203 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
2204 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib])
2205 AC_PREPROC_IFELSE([#include <opie.h>], [found=yes], [found=no])
2208 O_CPPFLAGS="$CPPFLAGS"
2209 for dir in "" "/usr/local" "/usr/contrib"; do
2210 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2211 AC_PREPROC_IFELSE([#include <opie.h>], [found=yes; break])
2213 if test "$found" = "no" -o -z "$dir"; then
2214 CPPFLAGS="$O_CPPFLAGS"
2216 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2217 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
2220 if test "$found" = "no"; then
2221 AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
2223 AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])])
2224 LDFLAGS="$O_LDFLAGS"
2225 SUDO_LIBS="${SUDO_LIBS} -lopie"
2226 AUTH_OBJS="$AUTH_OBJS rfc1938.o"
2230 dnl Check for shadow password routines if we have not already done so.
2231 dnl If there is a specific list of functions to check we do that first.
2232 dnl Otherwise, we check for SVR4-style and then SecureWare-style.
2234 if test ${with_passwd-'no'} != "no"; then
2236 dnl if crypt(3) not in libc, look elsewhere
2238 if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then
2239 AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2242 if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
2244 LIBS="$LIBS $shadow_libs"
2246 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2247 if test "$found" = "yes"; then
2248 SUDO_LIBS="$SUDO_LIBS $shadow_libs"
2249 elif test -n "$shadow_libs_optional"; then
2250 LIBS="$LIBS $shadow_libs_optional"
2251 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2252 if test "$found" = "yes"; then
2253 SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional"
2256 if test "$found" = "yes"; then
2257 case "$shadow_funcs" in
2258 *getprpwnam*) SECUREWARE=1;;
2260 test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
2266 if test "$CHECKSHADOW" = "true"; then
2267 AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2269 if test "$CHECKSHADOW" = "true"; then
2270 AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2272 if test -n "$SECUREWARE"; then
2273 AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
2274 AUTH_OBJS="$AUTH_OBJS secureware.o"
2279 dnl extra lib and .o file for LDAP support
2281 if test ${with_ldap-'no'} != "no"; then
2283 if test "$with_ldap" != "yes"; then
2284 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib])
2285 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
2286 CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
2289 SUDO_OBJS="${SUDO_OBJS} ldap.o"
2291 AC_MSG_CHECKING([for LDAP libraries])
2295 for l in -lldap -llber '-lssl -lcrypto'; do
2297 LDAP_LIBS="${LDAP_LIBS} $l"
2298 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2300 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
2302 dnl if nothing linked just try with -lldap
2303 if test "$found" = "no"; then
2304 LIBS="${_LIBS} -lldap"
2306 AC_MSG_RESULT([not found, using -lldap])
2308 AC_MSG_RESULT([$LDAP_LIBS])
2310 dnl check if we need to link with -llber for ber_set_option
2312 AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
2313 if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
2314 LDAP_LIBS="$LDAP_LIBS -llber"
2316 dnl check if ldap.h includes lber.h for us
2317 AC_MSG_CHECKING([whether lber.h is needed])
2318 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2319 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
2320 AC_MSG_RESULT([yes])
2321 AC_DEFINE(HAVE_LBER_H)])
2323 AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength)
2324 AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
2326 SUDO_LIBS="${SUDO_LIBS}${LDAP_LIBS}"
2329 # XXX - OpenLDAP has deprecated ldap_get_values()
2330 CPPFLAGS="${CPPFLAGS} -DLDAP_DEPRECATED"
2334 dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we
2335 dnl added -L dirpaths to SUDO_LDFLAGS.
2337 if test -n "$blibpath"; then
2338 if test -n "$blibpath_add"; then
2339 SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
2340 elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
2341 SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}"
2346 dnl Check for log file and timestamp locations
2352 dnl Use passwd (and secureware) auth modules?
2354 case "$with_passwd" in
2356 AUTH_OBJS="$AUTH_OBJS passwd.o"
2359 AC_DEFINE(WITHOUT_PASSWD)
2360 if test -z "$AUTH_OBJS"; then
2361 AC_MSG_ERROR([no authentication methods defined.])
2365 AUTH_OBJS=${AUTH_OBJS# }
2366 _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'`
2367 AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
2370 dnl LIBS may contain duplicates from SUDO_LIBS or NET_LIBS so prune it.
2372 if test -n "$LIBS"; then
2377 for sl in ${SUDO_LIBS} ${NET_LIBS}; do
2378 test $l = $sl && dupe=1
2380 test $dupe = 0 && LIBS="${LIBS} $l"
2387 test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
2390 dnl Defer setting _PATH_SUDO_NOEXEC and _PATH_SUDO_SESH
2391 dnl until after exec_prefix is set
2392 dnl XXX - this is gross!
2394 if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
2395 oexec_prefix="$exec_prefix"
2396 if test "$exec_prefix" = '$(prefix)'; then
2397 if test "$prefix" = "NONE"; then
2398 exec_prefix="$ac_default_prefix"
2400 exec_prefix="$prefix"
2403 if test X"$with_noexec" != X"no"; then
2404 PROGS="${PROGS} sudo_noexec.la"
2405 INSTALL_NOEXEC="install-noexec"
2407 eval noexec_file="$with_noexec"
2408 AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
2410 if test X"$with_selinux" != X"no"; then
2411 eval sesh_file="$libexecdir/sesh"
2412 AC_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
2414 exec_prefix="$oexec_prefix"
2418 dnl Substitute into the Makefile and man pages
2420 AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man])
2424 dnl Spew any text the user needs to know about
2426 if test "$with_pam" = "yes"; then
2429 AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
2435 dnl Autoheader templates
2437 AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
2438 AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
2439 AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
2440 AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
2441 AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
2442 AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
2443 AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
2444 AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
2445 AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
2446 AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
2447 AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
2448 AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
2449 AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
2450 AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
2451 AH_TEMPLATE(HAVE_DGETTEXT, [Define to 1 if you have the `dgettext' function.])
2452 AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
2453 AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.])
2454 AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
2455 AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
2456 AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
2457 AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)])
2458 AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)])
2459 AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
2460 AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
2461 AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
2462 AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
2463 AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if <netinet/in.h> contains struct in6_addr.])
2464 AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
2465 AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
2466 AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.])
2467 AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
2468 AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
2469 AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
2470 AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
2471 AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
2472 AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
2473 AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
2474 AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.])
2475 AH_TEMPLATE(HAVE_SIA, [Define to 1 if you use SIA authentication.])
2476 AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
2477 AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
2478 AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
2479 AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union])
2480 AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
2481 AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
2482 AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.])
2483 AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h])
2484 AH_TEMPLATE(HAVE_TIMESPECSUB2, [Define to 1 if you have a timespecsub macro or function that takes two arguments (not three)])
2485 AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
2486 AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
2487 AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
2488 AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
2489 AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
2490 AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
2491 AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
2492 AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
2493 AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
2494 AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
2495 AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
2496 AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
2497 AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
2498 AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
2499 AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
2500 AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
2501 AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
2502 AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
2503 AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
2504 AH_TEMPLATE(USE_TTY_TICKETS, [Define to 1 if you want a different ticket file for each tty.])
2505 AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
2506 AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
2509 dnl Bits to copy verbatim into config.h.in
2511 AH_TOP([#ifndef _SUDO_CONFIG_H
2512 #define _SUDO_CONFIG_H])
2515 * Macros to pull sec and nsec parts of mtime from struct stat.
2516 * We need to be able to convert between timeval and timespec
2517 * so the last 3 digits of tv_nsec are not significant.
2520 # ifdef HAVE_ST__TIM
2521 # define mtim_getsec(_x) ((_x).st_mtim.st__tim.tv_sec)
2522 # define mtim_getnsec(_x) (((_x).st_mtim.st__tim.tv_nsec / 1000) * 1000)
2524 # define mtim_getsec(_x) ((_x).st_mtim.tv_sec)
2525 # define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000)
2528 # ifdef HAVE_ST_MTIMESPEC
2529 # define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec)
2530 # define mtim_getnsec(_x) (((_x).st_mtimespec.tv_nsec / 1000) * 1000)
2532 # define mtim_getsec(_x) ((_x).st_mtime)
2533 # define mtim_getnsec(_x) (0)
2534 # endif /* HAVE_ST_MTIMESPEC */
2535 #endif /* HAVE_ST_MTIM */
2538 * Emulate a subset of waitpid() if we don't have it.
2541 # define sudo_waitpid(p, s, o) waitpid(p, s, o)
2544 # define sudo_waitpid(p, s, o) wait3(s, o, NULL)
2548 /* GNU stow needs /etc/sudoers to be a symlink. */
2550 # define stat_sudoers stat
2552 # define stat_sudoers lstat
2555 /* Macros to set/clear/test flags. */
2557 #define SET(t, f) ((t) |= (f))
2559 #define CLR(t, f) ((t) &= ~(f))
2561 #define ISSET(t, f) ((t) & (f))
2563 /* New ANSI-style OS defs for HP-UX and ConvexOS. */
2564 #if defined(hpux) && !defined(__hpux)
2568 #if defined(convex) && !defined(__convex__)
2569 # define __convex__ 1
2572 /* BSD compatibility on some SVR4 systems. */
2575 #endif /* __svr4__ */
2577 #endif /* _SUDO_CONFIG_H */])