2 dnl Process this file with GNU autoconf to produce a configure script.
4 dnl Copyright (c) 1994-1996,1998-2011 Todd C. Miller <Todd.Miller@courtesan.com>
6 AC_INIT([sudo], [1.8.3], [http://www.sudo.ws/bugs/], [sudo])
7 AC_CONFIG_HEADER([config.h pathnames.h])
9 dnl Note: this must come after AC_INIT
11 AC_MSG_NOTICE([Configuring Sudo version $PACKAGE_VERSION])
13 dnl Variables that get substituted in the Makefile and man pages
15 AC_SUBST([HAVE_BSM_AUDIT])
22 AC_SUBST([SUDOERS_LDFLAGS])
24 AC_SUBST([COMMON_OBJS])
25 AC_SUBST([SUDOERS_OBJS])
29 AC_SUBST([SUDOERS_LIBS])
32 AC_SUBST([REPLAY_LIBS])
33 AC_SUBST([GETGROUPS_LIB])
37 AC_SUBST([MAN_POSTINSTALL])
38 AC_SUBST([SUDOERS_MODE])
39 AC_SUBST([SUDOERS_UID])
40 AC_SUBST([SUDOERS_GID])
47 AC_SUBST([mansectform])
49 AC_SUBST([NOEXECFILE])
53 AC_SUBST([noexec_file])
54 AC_SUBST([INSTALL_NOEXEC])
55 AC_SUBST([DONT_LEAK_PATH_INFO])
56 AC_SUBST([BSDAUTH_USAGE])
57 AC_SUBST([SELINUX_USAGE])
59 AC_SUBST([LOGINCAP_USAGE])
62 AC_SUBST([LIBTOOL_DEPS])
63 AC_SUBST([ac_config_libobj_dir])
64 AC_SUBST([CONFIGURE_ARGS])
70 dnl Variables that get substituted in docs (not overridden by environment)
72 AC_SUBST([iolog_dir])dnl real initial value from SUDO_IO_LOGDIR
73 AC_SUBST([timedir])dnl real initial value from SUDO_TIMEDIR
75 AC_SUBST([password_timeout])
76 AC_SUBST([sudo_umask])
77 AC_SUBST([umask_override])
78 AC_SUBST([passprompt])
79 AC_SUBST([long_otp_prompt])
85 AC_SUBST([ignore_dot])
86 AC_SUBST([mail_no_user])
87 AC_SUBST([mail_no_host])
88 AC_SUBST([mail_no_perms])
91 AC_SUBST([badpass_message])
93 AC_SUBST([runas_default])
94 AC_SUBST([env_editor])
96 AC_SUBST([passwd_tries])
97 AC_SUBST([tty_tickets])
100 AC_SUBST([path_info])
101 AC_SUBST([ldap_conf])
102 AC_SUBST([ldap_secret])
103 AC_SUBST([nsswitch_conf])
104 AC_SUBST([netsvc_conf])
105 AC_SUBST([secure_path])
108 # Begin initial values for man page substitution
110 iolog_dir=/var/log/sudo-io
111 timedir=/var/adm/sudo
116 passprompt="Password:"
128 mailsub="*** SECURITY information for %h ***"
129 badpass_message="Sorry, try again."
140 ldap_conf=/etc/ldap.conf
141 ldap_secret=/etc/ldap.secret
142 netsvc_conf=/etc/netsvc.conf
143 noexec_file=/usr/local/libexec/sudo_noexec.so
144 nsswitch_conf=/etc/nsswitch.conf
145 secure_path="not set"
147 # End initial values for man page substitution
150 dnl Initial values for Makefile variables listed above
151 dnl May be overridden by environment variables..
158 : ${SUDOERS_MODE='0440'}
183 shadow_libs_optional=
187 dnl libc replacement functions live in compat
189 AC_CONFIG_LIBOBJ_DIR(compat)
192 dnl Deprecated --with options (these all warn or generate an error)
195 AC_ARG_WITH(otp-only, [AS_HELP_STRING([--with-otp-only], [deprecated])],
196 [case $with_otp_only in
197 yes) with_passwd="no"
198 AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
202 AC_ARG_WITH(alertmail, [AS_HELP_STRING([--with-alertmail], [deprecated])],
203 [case $with_alertmail in
204 *) with_mailto="$with_alertmail"
205 AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
210 dnl Options for --with
213 AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])],
215 yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
216 OSDEFS="${OSDEFS} -DSUDO_DEVEL"
221 *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
225 AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])],
227 *) AC_MSG_ERROR([the --with-CC option is no longer supported, please set the CC environment variable instead.])
231 AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [pass -R flag in addition to -L for lib paths])],
234 *) AC_MSG_ERROR(["--with-rpath does not take an argument."])
238 AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [pass -blibpath flag to ld for additional lib paths])],
239 [case $with_blibpath in
241 *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
246 dnl Handle BSM auditing support.
248 AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit support])],
249 [case $with_bsm_audit in
250 yes) AC_DEFINE(HAVE_BSM_AUDIT)
251 SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm"
252 SUDOERS_OBJS="${SUDOERS_OBJS} bsm_audit.lo"
255 *) AC_MSG_ERROR(["--with-bsm-audit does not take an argument."])
260 dnl Handle Linux auditing support.
262 AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux-audit], [enable Linux audit support])],
263 [case $with_linux_audit in
264 yes) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <libaudit.h>]], [[int i = AUDIT_USER_CMD; (void)i;]])], [
265 AC_DEFINE(HAVE_LINUX_AUDIT)
266 SUDO_LIBS="${SUDO_LIBS} -laudit"
267 SUDOERS_LIBS="${SUDO_LIBS} -laudit"
268 SUDOERS_OBJS="${SUDOERS_OBJS} linux_audit.lo"
270 AC_MSG_ERROR([unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit])
274 *) AC_MSG_ERROR(["--with-linux-audit does not take an argument."])
278 AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])],
279 [case $with_incpath in
280 yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
282 no) AC_MSG_ERROR(["--without-incpath not supported."])
284 *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
285 for i in ${with_incpath}; do
286 CPPFLAGS="${CPPFLAGS} -I${i}"
291 AC_ARG_WITH(libpath, [AS_HELP_STRING([--with-libpath], [additional places to look for libraries])],
292 [case $with_libpath in
293 yes) AC_MSG_ERROR(["must give --with-libpath an argument."])
295 no) AC_MSG_ERROR(["--without-libpath not supported."])
297 *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS])
301 AC_ARG_WITH(libraries, [AS_HELP_STRING([--with-libraries], [additional libraries to link with])],
302 [case $with_libraries in
303 yes) AC_MSG_ERROR(["must give --with-libraries an argument."])
305 no) AC_MSG_ERROR(["--without-libraries not supported."])
307 *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS])
311 AC_ARG_WITH(efence, [AS_HELP_STRING([--with-efence], [link with -lefence for malloc() debugging])],
312 [case $with_efence in
313 yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
314 LIBS="${LIBS} -lefence"
315 if test -f /usr/local/lib/libefence.a; then
316 with_libpath="${with_libpath} /usr/local/lib"
320 *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence])
324 AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])],
326 yes) AC_MSG_NOTICE([Adding CSOps standard options])
330 with_classic_insults=yes
331 with_csops_insults=yes
337 *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
341 AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])],
342 [case $with_passwd in
343 yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
344 AC_MSG_RESULT($with_passwd)
346 test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
348 *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
352 AC_ARG_WITH(skey, [AS_HELP_STRING([--with-skey[=DIR]], [enable S/Key support ])],
355 *) AC_DEFINE(HAVE_SKEY)
356 AC_MSG_CHECKING(whether to try S/Key authentication)
358 AUTH_REG="$AUTH_REG S/Key"
362 AC_ARG_WITH(opie, [AS_HELP_STRING([--with-opie[=DIR]], [enable OPIE support ])],
365 *) AC_DEFINE(HAVE_OPIE)
366 AC_MSG_CHECKING(whether to try NRL OPIE authentication)
368 AUTH_REG="$AUTH_REG NRL_OPIE"
372 AC_ARG_WITH(long-otp-prompt, [AS_HELP_STRING([--with-long-otp-prompt], [use a two line OTP (skey/opie) prompt])],
373 [case $with_long_otp_prompt in
374 yes) AC_DEFINE(LONG_OTP_PROMPT)
375 AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
379 no) long_otp_prompt=off
381 *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."])
385 AC_ARG_WITH(SecurID, [AS_HELP_STRING([--with-SecurID[[=DIR]]], [enable SecurID support])],
386 [case $with_SecurID in
388 *) AC_DEFINE(HAVE_SECURID)
389 AC_MSG_CHECKING(whether to use SecurID for authentication)
391 AUTH_EXCL="$AUTH_EXCL SecurID"
395 AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]]], [enable FWTK AuthSRV support])],
398 *) AC_DEFINE(HAVE_FWTK)
399 AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
401 AUTH_EXCL="$AUTH_EXCL FWTK"
405 AC_ARG_WITH(kerb4, [AS_HELP_STRING([--with-kerb4[[=DIR]]], [enable Kerberos IV support])],
408 *) AC_MSG_CHECKING(whether to try kerberos IV authentication)
410 AUTH_REG="$AUTH_REG kerb4"
414 AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])],
417 *) AC_MSG_CHECKING(whether to try Kerberos V authentication)
419 AUTH_REG="$AUTH_REG kerb5"
423 AC_ARG_WITH(aixauth, [AS_HELP_STRING([--with-aixauth], [enable AIX general authentication support])],
424 [case $with_aixauth in
425 yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
427 *) AC_MSG_ERROR(["--with-aixauth does not take an argument."])
431 AC_ARG_WITH(pam, [AS_HELP_STRING([--with-pam], [enable PAM support])],
433 yes) AUTH_EXCL="$AUTH_EXCL PAM";;
435 *) AC_MSG_ERROR(["--with-pam does not take an argument."])
439 AC_ARG_WITH(AFS, [AS_HELP_STRING([--with-AFS], [enable AFS support])],
441 yes) AC_DEFINE(HAVE_AFS)
442 AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
444 AUTH_REG="$AUTH_REG AFS"
447 *) AC_MSG_ERROR(["--with-AFS does not take an argument."])
451 AC_ARG_WITH(DCE, [AS_HELP_STRING([--with-DCE], [enable DCE support])],
453 yes) AC_DEFINE(HAVE_DCE)
454 AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
456 AUTH_REG="$AUTH_REG DCE"
459 *) AC_MSG_ERROR(["--with-DCE does not take an argument."])
463 AC_ARG_WITH(logincap, [AS_HELP_STRING([--with-logincap], [enable BSD login class support])],
464 [case $with_logincap in
466 *) AC_MSG_ERROR(["--with-logincap does not take an argument."])
470 AC_ARG_WITH(bsdauth, [AS_HELP_STRING([--with-bsdauth], [enable BSD authentication support])],
471 [case $with_bsdauth in
472 yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
474 *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
478 AC_ARG_WITH(project, [AS_HELP_STRING([--with-project], [enable Solaris project support])],
479 [case $with_project in
482 *) AC_MSG_ERROR(["--with-project does not take an argument."])
486 AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
487 AC_ARG_WITH(lecture, [AS_HELP_STRING([--without-lecture], [don't print lecture for first-time sudoer])],
488 [case $with_lecture in
489 yes|short|always) lecture=once
491 no|none|never) lecture=never
493 *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"])
496 if test "$lecture" = "once"; then
499 AC_DEFINE(NO_LECTURE)
503 AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
504 AC_ARG_WITH(logging, [AS_HELP_STRING([--with-logging], [log via syslog, file, or both])],
505 [case $with_logging in
506 yes) AC_MSG_ERROR(["must give --with-logging an argument."])
508 no) AC_MSG_ERROR(["--without-logging not supported."])
510 syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG)
511 AC_MSG_RESULT(syslog)
513 file) AC_DEFINE(LOGGING, SLOG_FILE)
516 both) AC_DEFINE(LOGGING, SLOG_BOTH)
519 *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"])
521 esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
523 AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "auth")])],
524 [case $with_logfac in
525 yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
527 no) AC_MSG_ERROR(["--without-logfac not supported."])
529 authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac
531 *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
535 AC_MSG_CHECKING(at which syslog priority to log commands)
536 AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])],
537 [case $with_goodpri in
538 yes) AC_MSG_ERROR(["must give --with-goodpri an argument."])
540 no) AC_MSG_ERROR(["--without-goodpri not supported."])
542 alert|crit|debug|emerg|err|info|notice|warning)
543 goodpri=$with_goodpri
545 *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."])
548 AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
549 AC_MSG_RESULT($goodpri)
551 AC_MSG_CHECKING(at which syslog priority to log failures)
552 AC_ARG_WITH(badpri, [AS_HELP_STRING([--with-badpri], [syslog priority for failures (def is "alert")])],
553 [case $with_badpri in
554 yes) AC_MSG_ERROR(["must give --with-badpri an argument."])
556 no) AC_MSG_ERROR(["--without-badpri not supported."])
558 alert|crit|debug|emerg|err|info|notice|warning)
561 *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
564 AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
565 AC_MSG_RESULT($badpri)
567 AC_ARG_WITH(logpath, [AS_HELP_STRING([--with-logpath], [path to the sudo log file])],
568 [case $with_logpath in
569 yes) AC_MSG_ERROR(["must give --with-logpath an argument."])
571 no) AC_MSG_ERROR(["--without-logpath not supported."])
575 AC_MSG_CHECKING(how long a line in the log file should be)
576 AC_ARG_WITH(loglen, [AS_HELP_STRING([--with-loglen], [maximum length of a log file line (default is 80)])],
577 [case $with_loglen in
578 yes) AC_MSG_ERROR(["must give --with-loglen an argument."])
580 no) AC_MSG_ERROR(["--without-loglen not supported."])
582 [[0-9]]*) loglen=$with_loglen
584 *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"])
587 AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
588 AC_MSG_RESULT($loglen)
590 AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
591 AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [ignore '.' in the PATH])],
592 [case $with_ignore_dot in
597 *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."])
600 if test "$ignore_dot" = "on"; then
601 AC_DEFINE(IGNORE_DOT_PATH)
607 AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
608 AC_ARG_WITH(mail-if-no-user, [AS_HELP_STRING([--without-mail-if-no-user], [do not send mail if user not in sudoers])],
609 [case $with_mail_if_no_user in
614 *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."])
617 if test "$mail_no_user" = "on"; then
618 AC_DEFINE(SEND_MAIL_WHEN_NO_USER)
624 AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
625 AC_ARG_WITH(mail-if-no-host, [AS_HELP_STRING([--with-mail-if-no-host], [send mail if user in sudoers but not for this host])],
626 [case $with_mail_if_no_host in
631 *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."])
634 if test "$mail_no_host" = "on"; then
635 AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
641 AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
642 AC_ARG_WITH(mail-if-noperms, [AS_HELP_STRING([--with-mail-if-noperms], [send mail if user not allowed to run command])],
643 [case $with_mail_if_noperms in
648 *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."])
651 if test "$mail_noperms" = "on"; then
652 AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
658 AC_MSG_CHECKING(who should get the mail that sudo sends)
659 AC_ARG_WITH(mailto, [AS_HELP_STRING([--with-mailto], [who should get sudo mail (default is "root")])],
660 [case $with_mailto in
661 yes) AC_MSG_ERROR(["must give --with-mailto an argument."])
663 no) AC_MSG_ERROR(["--without-mailto not supported."])
665 *) mailto=$with_mailto
668 AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
669 AC_MSG_RESULT([$mailto])
671 AC_ARG_WITH(mailsubject, [AS_HELP_STRING([--with-mailsubject], [subject of sudo mail])],
672 [case $with_mailsubject in
673 yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."])
675 no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.])
677 *) mailsub="$with_mailsubject"
678 AC_MSG_CHECKING(sudo mail subject)
679 AC_MSG_RESULT([Using alert mail subject: $mailsub])
682 AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
684 AC_MSG_CHECKING(for bad password prompt)
685 AC_ARG_WITH(passprompt, [AS_HELP_STRING([--with-passprompt], [default password prompt])],
686 [case $with_passprompt in
687 yes) AC_MSG_ERROR(["must give --with-passprompt an argument."])
689 no) AC_MSG_WARN([Sorry, --without-passprompt not supported.])
691 *) passprompt="$with_passprompt"
693 AC_MSG_RESULT($passprompt)
694 AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
696 AC_MSG_CHECKING(for bad password message)
697 AC_ARG_WITH(badpass-message, [AS_HELP_STRING([--with-badpass-message], [message the user sees when the password is wrong])],
698 [case $with_badpass_message in
699 yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
701 no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.])
703 *) badpass_message="$with_badpass_message"
706 AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
707 AC_MSG_RESULT([$badpass_message])
709 AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
710 AC_ARG_WITH(fqdn, [AS_HELP_STRING([--with-fqdn], [expect fully qualified hosts in sudoers])],
716 *) AC_MSG_ERROR(["--with-fqdn does not take an argument."])
719 if test "$fqdn" = "on"; then
726 AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir], [path to the sudo timestamp dir])],
727 [case $with_timedir in
728 yes) AC_MSG_ERROR(["must give --with-timedir an argument."])
730 no) AC_MSG_ERROR(["--without-timedir not supported."])
734 AC_ARG_WITH(iologdir, [AS_HELP_STRING([--with-iologdir=DIR], [directory to store sudo I/O log files in])],
735 [case $with_iologdir in
737 no) AC_MSG_ERROR(["--without-iologdir not supported."])
741 AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail])
742 AS_HELP_STRING([--without-sendmail], [do not send mail at all])],
743 [case $with_sendmail in
744 yes) with_sendmail=""
747 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
751 AC_ARG_WITH(sudoers-mode, [AS_HELP_STRING([--with-sudoers-mode], [mode of sudoers file (defaults to 0440)])],
752 [case $with_sudoers_mode in
753 yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
755 no) AC_MSG_ERROR(["--without-sudoers-mode not supported."])
757 [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode}
759 0*) SUDOERS_MODE=$with_sudoers_mode
761 *) AC_MSG_ERROR(["you must use an octal mode, not a name."])
765 AC_ARG_WITH(sudoers-uid, [AS_HELP_STRING([--with-sudoers-uid], [uid that owns sudoers file (defaults to 0)])],
766 [case $with_sudoers_uid in
767 yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
769 no) AC_MSG_ERROR(["--without-sudoers-uid not supported."])
771 [[0-9]]*) SUDOERS_UID=$with_sudoers_uid
773 *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."])
777 AC_ARG_WITH(sudoers-gid, [AS_HELP_STRING([--with-sudoers-gid], [gid that owns sudoers file (defaults to 0)])],
778 [case $with_sudoers_gid in
779 yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
781 no) AC_MSG_ERROR(["--without-sudoers-gid not supported."])
783 [[0-9]]*) SUDOERS_GID=$with_sudoers_gid
785 *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."])
789 AC_MSG_CHECKING(for umask programs should be run with)
790 AC_ARG_WITH(umask, [AS_HELP_STRING([--with-umask], [umask with which the prog should run (default is 022)])
791 AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo.])],
793 yes) AC_MSG_ERROR(["must give --with-umask an argument."])
797 [[0-9]]*) sudo_umask=$with_umask
799 *) AC_MSG_ERROR(["you must enter a numeric mask."])
802 AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the sudo-run prog should use.])
803 if test "$sudo_umask" = "0777"; then
806 AC_MSG_RESULT($sudo_umask)
809 AC_ARG_WITH(umask-override, [AS_HELP_STRING([--with-umask-override], [Use the umask specified in sudoers even if it is less restrictive than the user's.])],
810 [case $with_umask_override in
811 yes) AC_DEFINE(UMASK_OVERRIDE)
814 no) umask_override=off
816 *) AC_MSG_ERROR(["--with-umask-override does not take an argument."])
820 AC_MSG_CHECKING(for default user to run commands as)
821 AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])],
822 [case $with_runas_default in
823 yes) AC_MSG_ERROR(["must give --with-runas-default an argument."])
825 no) AC_MSG_ERROR(["--without-runas-default not supported."])
827 *) runas_default="$with_runas_default"
830 AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
831 AC_MSG_RESULT([$runas_default])
833 AC_ARG_WITH(exempt, [AS_HELP_STRING([--with-exempt=group], [no passwd needed for users in this group])],
834 [case $with_exempt in
835 yes) AC_MSG_ERROR(["must give --with-exempt an argument."])
837 no) AC_MSG_ERROR(["--without-exempt not supported."])
839 *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
840 AC_MSG_CHECKING(for group to be exempt from password)
841 AC_MSG_RESULT([$with_exempt])
845 AC_MSG_CHECKING(for editor that visudo should use)
846 AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for visudo (defaults to vi)])],
847 [case $with_editor in
848 yes) AC_MSG_ERROR(["must give --with-editor an argument."])
850 no) AC_MSG_ERROR(["--without-editor not supported."])
852 *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
853 AC_MSG_RESULT([$with_editor])
854 editor="$with_editor"
856 esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
858 AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
859 AC_ARG_WITH(env-editor, [AS_HELP_STRING([--with-env-editor], [Use the environment variable EDITOR for visudo])],
860 [case $with_env_editor in
865 *) AC_MSG_ERROR(["--with-env-editor does not take an argument."])
868 if test "$env_editor" = "on"; then
869 AC_DEFINE(ENV_EDITOR)
875 AC_MSG_CHECKING(number of tries a user gets to enter their password)
876 AC_ARG_WITH(passwd-tries, [AS_HELP_STRING([--with-passwd-tries], [number of tries to enter password (default is 3)])],
877 [case $with_passwd_tries in
879 no) AC_MSG_ERROR(["--without-editor not supported."])
881 [[1-9]]*) passwd_tries=$with_passwd_tries
883 *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"])
886 AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
887 AC_MSG_RESULT($passwd_tries)
889 AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
890 AC_ARG_WITH(timeout, [AS_HELP_STRING([--with-timeout], [minutes before sudo asks for passwd again (def is 5 minutes)])],
891 [case $with_timeout in
895 [[0-9]]*) timeout=$with_timeout
897 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
900 AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
901 AC_MSG_RESULT($timeout)
903 AC_MSG_CHECKING(time in minutes after the password prompt will time out)
904 AC_ARG_WITH(password-timeout, [AS_HELP_STRING([--with-password-timeout], [passwd prompt timeout in minutes (default is 5 minutes)])],
905 [case $with_password_timeout in
907 no) password_timeout=0
909 [[0-9]]*) password_timeout=$with_password_timeout
911 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
914 AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
915 AC_MSG_RESULT($password_timeout)
917 AC_MSG_CHECKING(whether to use per-tty ticket files)
918 AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different ticket file for each tty])],
919 [case $with_tty_tickets in
924 *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
927 if test "$tty_tickets" = "off"; then
928 AC_DEFINE(NO_TTY_TICKETS)
934 AC_MSG_CHECKING(whether to include insults)
935 AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for entering an incorrect password])],
936 [case $with_insults in
938 with_classic_insults=yes
939 with_csops_insults=yes
941 disabled) insults=off
942 with_classic_insults=yes
943 with_csops_insults=yes
947 *) AC_MSG_ERROR(["--with-insults does not take an argument."])
950 if test "$insults" = "on"; then
951 AC_DEFINE(USE_INSULTS)
957 AC_ARG_WITH(all-insults, [AS_HELP_STRING([--with-all-insults], [include all the sudo insult sets])],
958 [case $with_all_insults in
959 yes) with_classic_insults=yes
960 with_csops_insults=yes
962 with_goons_insults=yes
965 *) AC_MSG_ERROR(["--with-all-insults does not take an argument."])
969 AC_ARG_WITH(classic-insults, [AS_HELP_STRING([--with-classic-insults], [include the insults from the "classic" sudo])],
970 [case $with_classic_insults in
971 yes) AC_DEFINE(CLASSIC_INSULTS)
974 *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."])
978 AC_ARG_WITH(csops-insults, [AS_HELP_STRING([--with-csops-insults], [include CSOps insults])],
979 [case $with_csops_insults in
980 yes) AC_DEFINE(CSOPS_INSULTS)
983 *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."])
987 AC_ARG_WITH(hal-insults, [AS_HELP_STRING([--with-hal-insults], [include 2001-like insults])],
988 [case $with_hal_insults in
989 yes) AC_DEFINE(HAL_INSULTS)
992 *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."])
996 AC_ARG_WITH(goons-insults, [AS_HELP_STRING([--with-goons-insults], [include the insults from the "Goon Show"])],
997 [case $with_goons_insults in
998 yes) AC_DEFINE(GOONS_INSULTS)
1001 *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."])
1005 AC_ARG_WITH(nsswitch, [AS_HELP_STRING([--with-nsswitch[[=PATH]]], [path to nsswitch.conf])],
1006 [case $with_nsswitch in
1008 yes) with_nsswitch="/etc/nsswitch.conf"
1013 AC_ARG_WITH(ldap, [AS_HELP_STRING([--with-ldap[[=DIR]]], [enable LDAP support])],
1016 *) AC_DEFINE(HAVE_LDAP)
1017 AC_MSG_CHECKING(whether to use sudoers from LDAP)
1022 AC_ARG_WITH(ldap-conf-file, [AS_HELP_STRING([--with-ldap-conf-file], [path to LDAP configuration file])])
1023 test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file"
1024 SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$ldap_conf", [Path to the ldap.conf file])
1026 AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path to LDAP secret password file])])
1027 test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file"
1028 SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file])
1030 AC_ARG_WITH(pc-insults, [AS_HELP_STRING([--with-pc-insults], [replace politically incorrect insults with less offensive ones])],
1031 [case $with_pc_insults in
1032 yes) AC_DEFINE(PC_INSULTS)
1035 *) AC_MSG_ERROR(["--with-pc-insults does not take an argument."])
1039 dnl include all insult sets on one line
1040 if test "$insults" = "on"; then
1041 AC_MSG_CHECKING(which insult sets to include)
1043 test "$with_goons_insults" = "yes" && i="goons ${i}"
1044 test "$with_hal_insults" = "yes" && i="hal ${i}"
1045 test "$with_csops_insults" = "yes" && i="csops ${i}"
1046 test "$with_classic_insults" = "yes" && i="classic ${i}"
1050 AC_MSG_CHECKING(whether to override the user's path)
1051 AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])],
1052 [case $with_secure_path in
1053 yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc"
1054 AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
1055 AC_MSG_RESULT([$with_secure_path])
1056 secure_path="set to $with_secure_path"
1058 no) AC_MSG_RESULT(no)
1060 *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
1061 AC_MSG_RESULT([$with_secure_path])
1062 secure_path="set to F<$with_secure_path>"
1064 esac], AC_MSG_RESULT(no))
1066 AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
1067 AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-interfaces], [don't try to read the ip addr of ether interfaces])],
1068 [case $with_interfaces in
1069 yes) AC_MSG_RESULT(yes)
1071 no) AC_DEFINE(STUB_LOAD_INTERFACES)
1074 *) AC_MSG_ERROR(["--with-interfaces does not take an argument."])
1076 esac], AC_MSG_RESULT(yes))
1078 AC_MSG_CHECKING(whether stow should be used)
1079 AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [properly handle GNU stow packaging])],
1081 yes) AC_MSG_RESULT(yes)
1084 no) AC_MSG_RESULT(no)
1086 *) AC_MSG_ERROR(["--with-stow does not take an argument."])
1088 esac], AC_MSG_RESULT(no))
1090 AC_MSG_CHECKING(whether to use an askpass helper)
1091 AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])],
1092 [case $with_askpass in
1093 yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."])
1096 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass])
1098 esac], AC_MSG_RESULT(no))
1100 AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir], [set directory to load plugins from])],
1101 [case $with_plugindir in
1102 no) AC_MSG_ERROR(["illegal argument: --without-plugindir."])
1105 esac], [with_plugindir="$libexecdir"])
1108 dnl Options for --enable
1111 AC_MSG_CHECKING(whether to do user authentication by default)
1112 AC_ARG_ENABLE(authentication,
1113 [AS_HELP_STRING([--disable-authentication], [Do not require authentication by default])],
1114 [ case "$enableval" in
1115 yes) AC_MSG_RESULT(yes)
1117 no) AC_MSG_RESULT(no)
1118 AC_DEFINE(NO_AUTHENTICATION)
1120 *) AC_MSG_RESULT(no)
1121 AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval])
1124 ], AC_MSG_RESULT(yes))
1126 AC_MSG_CHECKING(whether to disable running the mailer as root)
1127 AC_ARG_ENABLE(root-mailer,
1128 [AS_HELP_STRING([--disable-root-mailer], [Don't run the mailer as root, run as the user])],
1129 [ case "$enableval" in
1130 yes) AC_MSG_RESULT(no)
1132 no) AC_MSG_RESULT(yes)
1133 AC_DEFINE(NO_ROOT_MAILER)
1135 *) AC_MSG_RESULT(no)
1136 AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval])
1139 ], AC_MSG_RESULT(no))
1141 AC_ARG_ENABLE(setreuid,
1142 [AS_HELP_STRING([--disable-setreuid], [Don't try to use the setreuid() function])],
1143 [ case "$enableval" in
1144 no) SKIP_SETREUID=yes
1150 AC_ARG_ENABLE(setresuid,
1151 [AS_HELP_STRING([--disable-setresuid], [Don't try to use the setresuid() function])],
1152 [ case "$enableval" in
1153 no) SKIP_SETRESUID=yes
1159 AC_MSG_CHECKING(whether to disable shadow password support)
1160 AC_ARG_ENABLE(shadow,
1161 [AS_HELP_STRING([--disable-shadow], [Never use shadow passwords])],
1162 [ case "$enableval" in
1163 yes) AC_MSG_RESULT(no)
1165 no) AC_MSG_RESULT(yes)
1168 *) AC_MSG_RESULT(no)
1169 AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval])
1172 ], AC_MSG_RESULT(no))
1174 AC_MSG_CHECKING(whether root should be allowed to use sudo)
1175 AC_ARG_ENABLE(root-sudo,
1176 [AS_HELP_STRING([--disable-root-sudo], [Don't allow root to run sudo])],
1177 [ case "$enableval" in
1178 yes) AC_MSG_RESULT(yes)
1180 no) AC_DEFINE(NO_ROOT_SUDO)
1184 *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."])
1187 ], AC_MSG_RESULT(yes))
1189 AC_MSG_CHECKING(whether to log the hostname in the log file)
1190 AC_ARG_ENABLE(log-host,
1191 [AS_HELP_STRING([--enable-log-host], [Log the hostname in the log file])],
1192 [ case "$enableval" in
1193 yes) AC_MSG_RESULT(yes)
1194 AC_DEFINE(HOST_IN_LOG)
1196 no) AC_MSG_RESULT(no)
1198 *) AC_MSG_RESULT(no)
1199 AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval])
1202 ], AC_MSG_RESULT(no))
1204 AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
1205 AC_ARG_ENABLE(noargs-shell,
1206 [AS_HELP_STRING([--enable-noargs-shell], [If sudo is given no arguments run a shell])],
1207 [ case "$enableval" in
1208 yes) AC_MSG_RESULT(yes)
1209 AC_DEFINE(SHELL_IF_NO_ARGS)
1211 no) AC_MSG_RESULT(no)
1213 *) AC_MSG_RESULT(no)
1214 AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval])
1217 ], AC_MSG_RESULT(no))
1219 AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
1220 AC_ARG_ENABLE(shell-sets-home,
1221 [AS_HELP_STRING([--enable-shell-sets-home], [Set $HOME to target user in shell mode])],
1222 [ case "$enableval" in
1223 yes) AC_MSG_RESULT(yes)
1224 AC_DEFINE(SHELL_SETS_HOME)
1226 no) AC_MSG_RESULT(no)
1228 *) AC_MSG_RESULT(no)
1229 AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval])
1232 ], AC_MSG_RESULT(no))
1234 AC_MSG_CHECKING(whether to disable 'command not found' messages)
1235 AC_ARG_ENABLE(path_info,
1236 [AS_HELP_STRING([--disable-path-info], [Print 'command not allowed' not 'command not found'])],
1237 [ case "$enableval" in
1238 yes) AC_MSG_RESULT(no)
1240 no) AC_MSG_RESULT(yes)
1241 AC_DEFINE(DONT_LEAK_PATH_INFO)
1244 *) AC_MSG_RESULT(no)
1245 AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval])
1248 ], AC_MSG_RESULT(no))
1250 AC_MSG_CHECKING(whether to enable environment debugging)
1251 AC_ARG_ENABLE(env_debug,
1252 [AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])],
1253 [ case "$enableval" in
1254 yes) AC_MSG_RESULT(yes)
1255 AC_DEFINE(ENV_DEBUG)
1257 no) AC_MSG_RESULT(no)
1259 *) AC_MSG_RESULT(no)
1260 AC_MSG_WARN([Ignoring unknown argument to --enable-env-debug: $enableval])
1263 ], AC_MSG_RESULT(no))
1266 [AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])],
1267 [], [enable_zlib=yes])
1269 AC_MSG_CHECKING(whether to enable environment resetting by default)
1270 AC_ARG_ENABLE(env_reset,
1271 [AS_HELP_STRING([--enable-env-reset], [Whether to enable environment resetting by default.])],
1272 [ case "$enableval" in
1278 AC_MSG_WARN([Ignoring unknown argument to --enable-env-reset: $enableval])
1282 if test "$env_reset" = "on"; then
1284 AC_DEFINE(ENV_RESET, TRUE)
1287 AC_DEFINE(ENV_RESET, FALSE)
1290 AC_ARG_ENABLE(warnings,
1291 [AS_HELP_STRING([--enable-warnings], [Whether to enable compiler warnings])],
1292 [ case "$enableval" in
1295 *) AC_MSG_WARN([Ignoring unknown argument to --enable-warnings: $enableval])
1300 AC_ARG_ENABLE(werror,
1301 [AS_HELP_STRING([--enable-werror], [Whether to enable the -Werror compiler option])],
1302 [ case "$enableval" in
1305 *) AC_MSG_WARN([Ignoring unknown argument to --enable-werror: $enableval])
1310 AC_ARG_ENABLE(admin-flag,
1311 [AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])],
1312 [ case "$enableval" in
1313 yes) AC_DEFINE(USE_ADMIN_FLAG)
1316 *) AC_MSG_WARN([Ignoring unknown argument to --enable-admin-flag: $enableval])
1322 [AS_HELP_STRING([--disable-nls], [Disable natural language support using gettext])],
1323 [], [enable_nls=yes])
1325 AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])],
1326 [case $with_selinux in
1327 yes) SELINUX_USAGE="[[-r role]] [[-t type]] "
1328 AC_DEFINE(HAVE_SELINUX)
1329 SUDO_LIBS="${SUDO_LIBS} -lselinux"
1330 SUDO_OBJS="${SUDO_OBJS} selinux.o"
1331 PROGS="${PROGS} sesh"
1333 AC_CHECK_LIB([selinux], [setkeycreatecon],
1334 [AC_DEFINE(HAVE_SETKEYCREATECON)])
1337 *) AC_MSG_ERROR(["--with-selinux does not take an argument."])
1342 dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default
1344 AC_ARG_ENABLE(gss_krb5_ccache_name,
1345 [AS_HELP_STRING([--enable-gss-krb5-ccache-name], [Use GSS-API to set the Kerberos V cred cache name])],
1346 [check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no])
1349 dnl C compiler checks
1351 AC_SEARCH_LIBS([strerror], [cposix])
1353 AC_CHECK_TOOL(AR, ar, false)
1354 AC_CHECK_TOOL(RANLIB, ranlib, :)
1355 if test X"$AR" = X"false"; then
1356 AC_MSG_ERROR([the "ar" utility is required to build sudo])
1359 if test "x$ac_cv_prog_cc_c89" = "xno"; then
1360 AC_MSG_ERROR([Sudo version $PACKAGE_VERSION requires an ANSI C compiler to build.])
1364 dnl If the user specified --disable-static, override them or we'll
1365 dnl be unable to build the executables in the sudoers plugin dir.
1367 if test "$enable_static" = "no"; then
1368 AC_MSG_WARN([Ignoring --disable-static, sudo does not install static libs])
1373 dnl Libtool setup, we require libtool 2.2.6b or higher
1376 AC_CONFIG_MACRO_DIR([m4])
1381 dnl Defer with_noexec until after libtool magic runs
1383 if test "$enable_shared" = "no"; then
1389 eval _shrext="$shrext_cmds"
1390 # Darwin uses .dylib for libraries but .so for modules
1391 if test X"$_shrext" = X".dylib"; then
1397 AC_MSG_CHECKING(path to sudo_noexec.so)
1398 AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])],
1399 [case $with_noexec in
1400 yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
1404 esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
1405 AC_MSG_RESULT($with_noexec)
1406 NOEXECFILE="sudo_noexec$_shrext"
1407 NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
1410 dnl Find programs we use
1412 AC_CHECK_PROG(UNAMEPROG, [uname], [uname])
1413 AC_CHECK_PROG(TRPROG, [tr], [tr])
1414 AC_CHECK_PROGS(NROFFPROG, [nroff mandoc])
1415 if test -n "$NROFFPROG"; then
1416 AC_CACHE_CHECK([whether $NROFFPROG supports the -c option],
1417 [sudo_cv_var_nroff_opt_c],
1418 [if $NROFFPROG -c </dev/null >/dev/null 2>&1; then
1419 sudo_cv_var_nroff_opt_c=yes
1421 sudo_cv_var_nroff_opt_c=no
1424 if test "$sudo_cv_var_nroff_opt_c" = "yes"; then
1425 NROFFPROG="$NROFFPROG -c"
1427 AC_CACHE_CHECK([whether $NROFFPROG supports the -Tascii option],
1428 [sudo_cv_var_nroff_opt_Tascii],
1429 [if $NROFFPROG -Tascii </dev/null >/dev/null 2>&1; then
1430 sudo_cv_var_nroff_opt_Tascii=yes
1432 sudo_cv_var_nroff_opt_Tascii=no
1434 if test "$sudo_cv_var_nroff_opt_Tascii" = "yes"; then
1435 NROFFPROG="$NROFFPROG -Tascii"
1440 mansrcdir='$(srcdir)'
1444 dnl What kind of beastie are we being run on?
1445 dnl Barf if config.cache was generated on another host.
1447 if test -n "$sudo_cv_prev_host"; then
1448 if test "$sudo_cv_prev_host" != "$host"; then
1449 AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
1451 AC_MSG_CHECKING(previous host type)
1452 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1453 AC_MSG_RESULT([$sudo_cv_prev_host])
1456 # this will produce no output since there is no cached value
1457 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1461 dnl We want to be able to differentiate between different rev's
1463 if test -n "$host_os"; then
1464 OS=`echo $host_os | sed 's/[[0-9]].*//'`
1465 OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'`
1466 OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
1475 # getcwd(3) opens a pipe to getpwd(1)!?!
1478 # system headers lack prototypes but gcc helps...
1479 if test -n "$GCC"; then
1480 OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
1483 shadow_funcs="getpwanam issecure"
1486 # To get the crypt(3) prototype (so we pass -Wall)
1487 OSDEFS="${OSDEFS} -D__EXTENSIONS__"
1488 # AFS support needs -lucb
1489 if test "$with_AFS" = "yes"; then
1490 AFS_LIBS="-lc -lucb"
1493 : ${mansectform='4'}
1494 : ${with_rpath='yes'}
1495 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1496 AC_CHECK_FUNCS(priv_set)
1499 # To get all prototypes (so we pass -Wall)
1500 OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT"
1501 SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
1502 if test X"$with_blibpath" != X"no"; then
1503 AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
1504 O_LDFLAGS="$LDFLAGS"
1505 LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
1506 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [
1507 if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
1508 blibpath="$with_blibpath"
1509 elif test -n "$GCC"; then
1510 blibpath="/usr/lib:/lib:/usr/local/lib"
1512 blibpath="/usr/lib:/lib"
1515 ], [AC_MSG_RESULT(no)])
1517 LDFLAGS="$O_LDFLAGS"
1519 # On AIX 6 and higher default to PAM, else default to LAM
1520 if test $OSMAJOR -ge 6; then
1521 if test X"$with_pam" = X""; then
1525 if test X"$with_aixauth" = X""; then
1526 AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
1530 # AIX analog of nsswitch.conf, enabled by default
1531 AC_ARG_WITH(netsvc, [AS_HELP_STRING([--with-netsvc[[=PATH]]], [path to netsvc.conf])],
1532 [case $with_netsvc in
1534 yes) with_netsvc="/etc/netsvc.conf"
1538 if test -z "$with_nsswitch" -a -z "$with_netsvc"; then
1539 with_netsvc="/etc/netsvc.conf"
1542 # For implementing getgrouplist()
1543 AC_CHECK_FUNCS(getgrset)
1545 # LDR_PRELOAD is only supported in AIX 5.3 and later
1546 if test $OSMAJOR -lt 5; then
1550 # AIX-specific functions
1551 AC_CHECK_FUNCS(getuserattr setauthdb)
1552 COMMON_OBJS="$COMMON_OBJS aix.lo"
1556 : ${mansectform='4'}
1559 # AFS support needs -lBSD
1560 if test "$with_AFS" = "yes"; then
1561 AFS_LIBS="-lc -lBSD"
1564 : ${mansectform='4'}
1566 # The HP bundled compiler cannot generate shared libs
1567 if test -z "$GCC"; then
1568 AC_CACHE_CHECK([for HP bundled C compiler],
1569 [sudo_cv_var_hpccbundled],
1570 [if $CC -V 2>&1 | grep '^(Bundled)' >/dev/null 2>&1; then
1571 sudo_cv_var_hpccbundled=yes
1573 sudo_cv_var_hpccbundled=no
1576 if test "$sudo_cv_var_hpccbundled" = "yes"; then
1577 AC_MSG_ERROR([The HP bundled C compiler is unable to build Sudo, you must use gcc or the HP ANSI C compiler instead.])
1581 # Build PA-RISC1.1 objects for better portability
1585 if test -n "$GCC"; then
1586 portable_flag="-march=1.1"
1588 portable_flag="+DAportable"
1590 CFLAGS="$CFLAGS $portable_flag"
1591 AC_CACHE_CHECK([whether $CC understands $portable_flag],
1592 [sudo_cv_var_daportable],
1594 [AC_LANG_PROGRAM([[]], [[]])],
1595 [sudo_cv_var_daportable=yes],
1596 [sudo_cv_var_daportable=no]
1600 if test X"$sudo_cv_var_daportable" != X"yes"; then
1608 AC_DEFINE(BROKEN_SYSLOG)
1611 AC_DEFINE(BROKEN_SYSLOG)
1613 shadow_funcs="getspwuid"
1615 # DCE support (requires ANSI C compiler)
1616 if test "$with_DCE" = "yes"; then
1617 # order of libs in 9.X is important. -lc_r must be last
1618 SUDOERS_LIBS="${SUDOERS_LIBS} -ldce -lM -lc_r"
1619 LIBS="${LIBS} -ldce -lM -lc_r"
1620 CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
1624 shadow_funcs="getprpwnam iscomsec"
1626 # HP-UX 10.20 libc has an incompatible getline
1627 ac_cv_func_getline="no"
1630 shadow_funcs="getspnam iscomsec"
1632 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1637 # ignore envariables wrt dynamic lib path
1638 SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-no_library_replacement"
1640 : ${CHECKSIA='true'}
1641 AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
1643 [AS_HELP_STRING([--disable-sia], [Disable SIA on Digital UNIX])],
1644 [ case "$enableval" in
1645 yes) AC_MSG_RESULT(no)
1648 no) AC_MSG_RESULT(yes)
1651 *) AC_MSG_RESULT(no)
1652 AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval])
1655 ], AC_MSG_RESULT(no))
1657 shadow_funcs="getprpwnam dispcrypt"
1658 # OSF/1 4.x and higher need -ldb too
1659 if test $OSMAJOR -lt 4; then
1660 shadow_libs="-lsecurity -laud -lm"
1662 shadow_libs="-lsecurity -ldb -laud -lm"
1665 # use SIA by default, if we have it
1666 test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
1669 # Some versions of Digital Unix ship with a broken
1670 # copy of prot.h, which we need for shadow passwords.
1671 # XXX - make should remove this as part of distclean
1673 AC_MSG_CHECKING([for broken prot.h])
1674 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1675 #include <sys/types.h>
1676 #include <sys/security.h>
1678 ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
1679 sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
1682 : ${mansectform='4'}
1685 OSDEFS="${OSDEFS} -D_BSD_TYPES"
1686 if test -z "$NROFFPROG"; then
1687 MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
1688 if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
1689 if test -d /usr/share/catman/local; then
1690 mandir="/usr/share/catman/local"
1692 mandir="/usr/catman/local"
1696 if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
1697 if test -d "/usr/share/man/local"; then
1698 mandir="/usr/share/man/local"
1700 mandir="/usr/man/local"
1704 # IRIX <= 4 needs -lsun
1705 if test "$OSMAJOR" -le 4; then
1706 AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
1709 : ${mansectform='4'}
1711 *-*-linux*|*-*-k*bsd*-gnu)
1712 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1713 # Some Linux versions need to link with -lshadow
1714 shadow_funcs="getspnam"
1715 shadow_libs_optional="-lshadow"
1716 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1719 OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
1720 if test -z "$GCC"; then
1721 CFLAGS="${CFLAGS} -D__STDC__"
1724 shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
1725 shadow_funcs="getprpwnam"
1726 shadow_libs="-lprot"
1730 shadow_funcs="getauthuid"
1731 shadow_libs="-lauth"
1734 LIBS="${LIBS} -lsun -lbsd"
1735 CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
1736 OSDEFS="${OSDEFS} -D_MIPS"
1738 : ${mansectform='4'}
1741 OSDEFS="${OSDEFS} -D_ISC"
1743 SUDOERS_LIBS="${SUDOERS_LIBS} -lcrypt"
1745 shadow_funcs="getspnam"
1749 : ${mansectform='4'}
1752 shadow_funcs="getprpwnam"
1753 shadow_libs="-lprot -lx"
1755 : ${mansectform='4'}
1757 m88k-motorola-sysv*)
1758 # motorolla's cc (a variant of gcc) does -O but not -O2
1759 CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
1761 : ${mansectform='4'}
1764 shadow_funcs="getspnam"
1767 : ${mansectform='4'}
1768 : ${with_rpath='yes'}
1770 *-ncr-sysv4*|*-ncr-sysvr4*)
1771 AC_CHECK_LIB(c89, strcasecmp, [LIBS="${LIBS} -lc89"])
1773 : ${mansectform='4'}
1774 : ${with_rpath='yes'}
1776 *-ccur-sysv4*|*-ccur-sysvr4*)
1777 LIBS="${LIBS} -lgen"
1779 : ${mansectform='4'}
1780 : ${with_rpath='yes'}
1784 # Check for newer BSD auth API
1785 if test -z "$with_bsdauth"; then
1786 AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
1790 # FreeBSD has a real setreuid(2) starting with 2.1 and
1791 # backported to 2.0.5. We just take 2.1 and above...
1797 OSDEFS="${OSDEFS} -D_BSD_SOURCE"
1798 if test "${with_skey-'no'}" = "yes"; then
1799 SUDOERS_LIBS="${SUDOERS_LIBS} -lmd"
1802 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1803 : ${with_logincap='maybe'}
1806 # OpenBSD has a real setreuid(2) starting with 3.3 but
1807 # we will use setresuid(2) instead.
1809 OSDEFS="${OSDEFS} -D_BSD_SOURCE"
1811 # OpenBSD >= 3.0 supports BSD auth
1812 if test -z "$with_bsdauth"; then
1813 if test "$OSMAJOR" -ge 3; then
1814 AUTH_EXCL_DEF="BSD_AUTH"
1817 : ${with_logincap='maybe'}
1820 # NetBSD has a real setreuid(2) starting with 1.3.2
1822 0.9*|1.[[012]]*|1.3|1.3.1)
1827 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1828 : ${with_logincap='maybe'}
1831 OSDEFS="${OSDEFS} -D_BSD_SOURCE"
1832 if test "${with_skey-'no'}" = "yes"; then
1833 SUDOERS_LIBS="${SUDOERS_LIBS} -lmd"
1836 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1837 : ${with_logincap='yes'}
1843 # Darwin has a real setreuid(2) starting with 9.0
1844 if test $OSMAJOR -lt 9; then
1848 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1849 : ${with_logincap='yes'}
1852 # lockf() on is broken on the NeXT -- use flock instead
1854 ac_cv_func_flock=yes
1858 : ${mansectform='4'}
1859 : ${with_rpath='yes'}
1863 : ${mansectform='4'}
1866 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1871 dnl Check for mixing mutually exclusive and regular auth methods
1873 AUTH_REG=${AUTH_REG# }
1874 AUTH_EXCL=${AUTH_EXCL# }
1875 if test -n "$AUTH_EXCL"; then
1877 if test $# != 1; then
1878 AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL])
1880 if test -n "$AUTH_REG"; then
1881 AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
1885 dnl Only one of S/Key and OPIE may be specified
1887 if test X"${with_skey}${with_opie}" = X"yesyes"; then
1888 AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
1892 dnl Use BSD-style man sections by default
1895 : ${mansectform='5'}
1898 dnl Add in any libpaths or libraries specified via configure
1900 if test -n "$with_libpath"; then
1901 for i in ${with_libpath}; do
1902 SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
1905 if test -n "$with_libraries"; then
1906 for i in ${with_libraries}; do
1918 dnl C compiler checks (to be done after os checks)
1920 AC_PROG_GCC_TRADITIONAL
1923 if test X"$with_gnu_ld" != "yes" -a -n "$GCC"; then
1925 CFLAGS="$CFLAGS -static-libgcc"
1926 AC_CACHE_CHECK([whether $CC understands -static-libgcc],
1927 [sudo_cv_var_gcc_static_libgcc],
1929 [AC_LANG_PROGRAM([[]], [[]])],
1930 [sudo_cv_var_gcc_static_libgcc=yes],
1931 [sudo_cv_var_gcc_static_libgcc=no]
1936 if test "$sudo_cv_var_gcc_static_libgcc" = "yes"; then
1937 LTLDFLAGS="$LTLDFLAGS -Wc,-static-libgcc"
1944 AC_PATH_PROG([FLEX], [flex], [flex])
1947 if test -z "$with_sendmail"; then
1952 dnl Check for authpriv support in syslog
1954 AC_MSG_CHECKING(which syslog facility sudo should log with)
1955 if test X"$with_logfac" = X""; then
1956 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <syslog.h>]], [[int i = LOG_AUTHPRIV; (void)i;]])], [logfac=authpriv])
1958 AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
1959 AC_MSG_RESULT($logfac)
1961 dnl Header file checks
1966 AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h utmpx.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h)
1968 dnl Check for large file support. HP-UX 11.23 has a broken sys/type.h
1969 dnl when large files support is enabled so work around it.
1974 AC_CACHE_CHECK([whether sys/types.h needs _XOPEN_SOURCE_EXTENDED], [sudo_cv_xopen_source_extended],
1975 [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT
1976 #include <sys/socket.h>], [])], [sudo_cv_xopen_source_extended=no], [
1977 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#define _XOPEN_SOURCE_EXTENDED
1979 #include <sys/socket.h>], [])], [sudo_cv_xopen_source_extended=yes],
1980 [sudo_cv_xopen_source_extended=error])
1982 if test "$sudo_cv_xopen_source_extended" = "yes"; then
1983 OSDEFS="${OSDEFS} -D_XOPEN_SOURCE_EXTENDED"
1984 SUDO_DEFINE(_XOPEN_SOURCE_EXTENDED)
1988 AC_SYS_POSIX_TERMIOS
1989 if test "$ac_cv_sys_posix_termios" != "yes"; then
1990 AC_MSG_ERROR([Must have POSIX termios to build sudo])
1993 if test ${with_logincap-'no'} != "no"; then
1994 AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1
1997 SUDO_LIBS="${SUDO_LIBS} -lutil"
1998 SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
2003 if test ${with_project-'no'} != "no"; then
2004 AC_CHECK_HEADER(project.h, [
2005 AC_CHECK_LIB(project, setproject, [
2006 AC_DEFINE(HAVE_PROJECT_H)
2007 SUDO_LIBS="${SUDO_LIBS} -lproject"
2016 AC_CHECK_TYPE([__signed char], [], [AC_CHECK_TYPE([signed char], [AC_DEFINE(__signed, signed)], [AC_DEFINE(__signed, [])])])
2017 AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
2018 #include <signal.h>])
2019 AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include <sys/types.h>
2020 #include <signal.h>])
2021 AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include <sys/types.h>
2022 #if TIME_WITH_SYS_TIME
2023 # include <sys/time.h>
2026 AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include <sys/types.h>
2027 #include <netinet/in.h>])
2028 AC_TYPE_LONG_LONG_INT
2029 AC_CHECK_SIZEOF([long int])
2037 dnl Check for utmp/utmpx struct members.
2038 dnl We need to include OSDEFS for glibc which only has __e_termination
2039 dnl visible when _GNU_SOURCE is *not* defined.
2042 CFLAGS="$CFLAGS $OSDEFS"
2043 if test $ac_cv_header_utmpx_h = "yes"; then
2044 AC_CHECK_MEMBERS([struct utmpx.ut_id, struct utmpx.ut_pid, struct utmpx.ut_tv, struct utmpx.ut_type], [], [], [
2045 #include <sys/types.h>
2049 dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination
2051 AC_CHECK_MEMBERS([struct utmpx.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [
2052 AC_CHECK_MEMBERS([struct utmpx.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [], [
2053 #include <sys/types.h>
2057 #include <sys/types.h>
2061 AC_CHECK_MEMBERS([struct utmp.ut_id, struct utmp.ut_pid, struct utmp.ut_tv, struct utmp.ut_type, struct utmp.ut_user], [], [], [
2062 #include <sys/types.h>
2066 dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination
2068 AC_CHECK_MEMBERS([struct utmp.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [
2069 AC_CHECK_MEMBERS([struct utmp.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [], [
2070 #include <sys/types.h>
2074 #include <sys/types.h>
2084 AC_CHECK_FUNCS(strrchr sysconf tzset strftime \
2085 regcomp setlocale nl_langinfo getaddrinfo mbr_check_membership \
2087 AC_REPLACE_FUNCS(getgrouplist)
2088 AC_CHECK_FUNCS(getline, [], [
2090 AC_CHECK_FUNCS(fgetln)
2093 AC_CHECK_FUNCS(getutxid getutid, [utmp_style=POSIX; break])
2094 if test "$utmp_style" = "LEGACY"; then
2095 AC_CHECK_FUNCS(getttyent ttyslot, [break])
2098 AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(libutil.h util.h pty.h, [break])], [
2099 AC_CHECK_LIB(util, openpty, [
2100 AC_CHECK_HEADERS(libutil.h util.h pty.h, [break])
2101 case "$SUDO_LIBS" in
2103 *) SUDO_LIBS="${SUDO_LIBS} -lutil";;
2105 AC_DEFINE(HAVE_OPENPTY)
2107 AC_CHECK_FUNCS(_getpty, [], [
2108 AC_CHECK_FUNCS(grantpt, [
2109 AC_CHECK_FUNCS(posix_openpt)
2111 AC_CHECK_FUNCS(revoke)
2116 AC_CHECK_FUNCS(unsetenv, [SUDO_FUNC_UNSETENV_VOID], [AC_LIBOBJ(unsetenv)])
2117 if test -z "$SKIP_SETRESUID"; then
2118 AC_CHECK_FUNCS(setresuid, [
2120 AC_CHECK_FUNCS(getresuid)
2123 if test -z "$SKIP_SETREUID"; then
2124 AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
2126 if test -z "$SKIP_SETEUID"; then
2127 AC_CHECK_FUNCS(seteuid)
2129 if test X"$with_interfaces" != X"no"; then
2130 AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
2132 if test -z "$BROKEN_GETCWD"; then
2133 AC_REPLACE_FUNCS(getcwd)
2135 AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h)
2136 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <glob.h>]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB)
2137 AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob)
2138 AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)])
2139 AC_CHECK_FUNCS(lockf flock, [break])
2140 AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
2141 AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
2142 AC_CHECK_FUNCS(killpg, [], [AC_LIBOBJ(killpg)])
2143 SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)])
2145 AC_REPLACE_FUNCS(memrchr strlcpy strlcat setenv)
2146 AC_CHECK_FUNCS(nanosleep, [], [
2147 # On Solaris, nanosleep is in librt
2148 AC_CHECK_LIB(rt, nanosleep, [REPLAY_LIBS="${REPLAY_LIBS} -lrt"], [AC_LIBOBJ(nanosleep)])
2150 AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom)
2151 AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [],
2152 [ #include <limits.h>
2153 #include <fcntl.h> ])
2155 AC_CHECK_FUNCS(mkstemps mkdtemp, [], [
2156 AC_CHECK_FUNCS(random lrand48, [break])
2159 AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
2160 if test X"$ac_cv_type_struct_timespec" != X"no"; then
2161 AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)]
2162 [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))],
2163 [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
2166 dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
2168 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2169 #include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2170 #include <$ac_header_dirent>]], [[DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);]])], [AC_DEFINE(HAVE_DD_FD)], [])])
2172 dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
2173 dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
2175 if test -n "$NEED_SNPRINTF"; then
2179 dnl If socket(2) not in libc, check -lsocket and -linet
2180 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
2181 dnl In this case we look for main(), not socket() to avoid using a cached value
2183 AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl)
2184 AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))])
2186 dnl If inet_addr(3) not in libc, check -lnsl and -linet
2187 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
2189 AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl)
2190 AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))])
2192 dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
2194 AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))])
2196 dnl Check for getprogname() or __progname
2198 AC_CHECK_FUNCS(getprogname, , [
2199 AC_MSG_CHECKING([for __progname])
2200 AC_CACHE_VAL(sudo_cv___progname, [
2201 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
2202 if test "$sudo_cv___progname" = "yes"; then
2203 AC_DEFINE(HAVE___PROGNAME)
2205 AC_LIBOBJ(getprogname)
2207 AC_MSG_RESULT($sudo_cv___progname)
2210 # gettext() and friends may be located in libc (Linux and Solaris)
2211 # or in libintl. However, it is possible to have libintl installed
2212 # even when gettext() is present in libc. In the case of GNU libintl,
2213 # gettext() will be defined to gettext_libintl in libintl.h.
2214 # Since gcc prefers /usr/local/include to /usr/include, we need to
2215 # make sure we use the gettext() that matches the include file.
2216 if test "$enable_nls" != "no"; then
2217 if test "$enable_nls" != "yes"; then
2218 CPPFLAGS="${CPPFLAGS} -I${enable_nls}/include"
2219 SUDO_APPEND_LIBPATH(LDFLAGS, [$enable_nls/lib])
2222 for l in "libc" "-lintl" "-lintl -liconv"; do
2223 if test "$l" = "libc"; then
2224 # If user specified a dir for libintl ignore libc
2225 if test "$enable_nls" != "yes"; then
2228 gettext_name=sudo_cv_gettext
2229 AC_MSG_CHECKING([for gettext])
2232 gettext_name=sudo_cv_gettext"`echo $l|sed -e 's/ //g' -e 's/-/_/g'`"
2233 AC_MSG_CHECKING([for gettext in $l])
2235 AC_CACHE_VAL($gettext_name, [
2238 AC_LANG_PROGRAM([[#include <libintl.h>]], [(void)gettext((char *)0);])
2239 ], [eval $gettext_name=yes], [eval $gettext_name=no]
2242 eval gettext_result="\$$gettext_name"
2243 AC_MSG_RESULT($gettext_result)
2244 test "$gettext_result" = "yes" && break
2248 if test "$sudo_cv_gettext" = "yes"; then
2249 AC_DEFINE(HAVE_LIBINTL_H)
2251 elif test "$sudo_cv_gettext_lintl" = "yes"; then
2252 AC_DEFINE(HAVE_LIBINTL_H)
2255 elif test "$sudo_cv_gettext_lintl_liconv" = "yes"; then
2256 AC_DEFINE(HAVE_LIBINTL_H)
2258 LIBINTL="-lintl -liconv"
2263 dnl Deferred zlib option processing.
2264 dnl By default we use the system zlib if it is present.
2266 case "$enable_zlib" in
2268 AC_CHECK_LIB(z, gzdopen, [
2269 AC_CHECK_HEADERS(zlib.h, [ZLIB="-lz"], [enable_zlib=builtin])
2275 AC_DEFINE(HAVE_ZLIB_H)
2282 AC_DEFINE(HAVE_ZLIB_H)
2283 CPPFLAGS="${CPPFLAGS} -I${enable_zlib}/include"
2284 SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib])
2288 if test X"$enable_zlib" = X"builtin"; then
2289 AC_DEFINE(HAVE_ZLIB_H)
2290 CPPFLAGS="${CPPFLAGS}"' -I$(top_srcdir)/zlib'
2291 ZLIB="${ZLIB}"' $(top_builddir)/zlib/libz.la'
2293 AC_CONFIG_HEADER([zlib/zconf.h])
2294 AC_CONFIG_FILES([zlib/Makefile])
2298 dnl Check for errno declaration in errno.h
2300 AC_CHECK_DECLS([errno], [], [], [
2306 dnl Check for strsignal() or sys_siglist
2308 AC_CHECK_FUNCS(strsignal, [], [
2309 AC_LIBOBJ(strsignal)
2310 HAVE_SIGLIST="false"
2311 AC_CHECK_DECLS([sys_siglist, _sys_siglist, __sys_siglist], [
2318 if test "$HAVE_SIGLIST" != "true"; then
2324 dnl nsswitch.conf and its equivalents
2326 if test ${with_netsvc-"no"} != "no"; then
2327 SUDO_DEFINE_UNQUOTED(_PATH_NETSVC_CONF, "${with_netsvc-/etc/netsvc.conf}")
2328 netsvc_conf=${with_netsvc-/etc/netsvc.conf}
2329 elif test ${with_nsswitch-"yes"} != "no"; then
2330 SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}")
2331 nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf}
2335 dnl Mutually exclusive auth checks come first, followed by
2336 dnl non-exclusive ones. Note: passwd must be last of all!
2340 dnl Convert default authentication methods to with_* if
2341 dnl no explicit authentication scheme was specified.
2343 if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
2344 for auth in $AUTH_EXCL_DEF; do
2346 AIX_AUTH) with_aixauth=maybe;;
2347 BSD_AUTH) with_bsdauth=maybe;;
2348 PAM) with_pam=maybe;;
2349 SIA) CHECKSIA=true;;
2355 dnl PAM support. Systems that use PAM by default set with_pam=default
2356 dnl and we do the actual tests here.
2358 if test ${with_pam-"no"} != "no"; then
2359 # We already link with -ldl (see LIBDL below) so no need for that here.
2360 SUDOERS_LIBS="${SUDOERS_LIBS} -lpam"
2363 dnl Some PAM implementations (MacOS X for example) put the PAM headers
2364 dnl in /usr/include/pam instead of /usr/include/security...
2366 AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break])
2367 if test "$with_pam" = "yes"; then
2369 AUTH_OBJS="$AUTH_OBJS pam.lo";
2372 AC_ARG_WITH(pam-login, [AS_HELP_STRING([--with-pam-login], [enable specific PAM session for sudo -i])],
2373 [case $with_pam_login in
2374 yes) AC_DEFINE([HAVE_PAM_LOGIN])
2375 AC_MSG_CHECKING(whether to use PAM login)
2379 *) AC_MSG_ERROR(["--with-pam-login does not take an argument."])
2383 AC_MSG_CHECKING(whether to use PAM session support)
2384 AC_ARG_ENABLE(pam_session,
2385 [AS_HELP_STRING([--disable-pam-session], [Disable PAM session support])],
2386 [ case "$enableval" in
2387 yes) AC_MSG_RESULT(yes)
2389 no) AC_MSG_RESULT(no)
2390 AC_DEFINE(NO_PAM_SESSION)
2392 *) AC_MSG_RESULT(no)
2393 AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
2395 esac], AC_MSG_RESULT(yes))
2400 dnl AIX general authentication
2401 dnl If set to "maybe" only enable if no other exclusive method in use.
2403 if test ${with_aixauth-'no'} != "no"; then
2404 if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
2405 AC_MSG_NOTICE([using AIX general authentication])
2406 AC_DEFINE(HAVE_AIXAUTH)
2407 AUTH_OBJS="$AUTH_OBJS aix_auth.lo";
2408 SUDOERS_LIBS="${SUDOERS_LIBS} -ls"
2414 dnl BSD authentication
2415 dnl If set to "maybe" only enable if no other exclusive method in use.
2417 if test ${with_bsdauth-'no'} != "no"; then
2418 AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
2419 [AUTH_OBJS="$AUTH_OBJS bsdauth.lo"]
2420 [BSDAUTH_USAGE='[[-a auth_type]] ']
2421 [AUTH_EXCL=BSD_AUTH; BAMAN=1],
2422 [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
2426 dnl SIA authentication for Tru64 Unix
2428 if test ${CHECKSIA-'false'} = "true"; then
2429 AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
2430 if test "$found" = "true"; then
2432 AUTH_OBJS="$AUTH_OBJS sia.lo"
2437 dnl extra FWTK libs + includes
2439 if test ${with_fwtk-'no'} != "no"; then
2440 if test "$with_fwtk" != "yes"; then
2441 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_fwtk}])
2442 CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
2445 SUDOERS_LIBS="${SUDOERS_LIBS} -lauth -lfwall"
2446 AUTH_OBJS="$AUTH_OBJS fwtk.lo"
2450 dnl extra SecurID lib + includes
2452 if test ${with_SecurID-'no'} != "no"; then
2453 if test "$with_SecurID" != "yes"; then
2455 elif test -d /usr/ace/examples; then
2456 with_SecurID=/usr/ace/examples
2458 with_SecurID=/usr/ace
2460 CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
2461 _LDFLAGS="${LDFLAGS}"
2462 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
2464 # Determine whether to use the new or old SecurID API
2466 AC_CHECK_LIB(aceclnt, SD_Init,
2468 AUTH_OBJS="$AUTH_OBJS securid5.lo";
2469 SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread"
2472 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_SecurID}])
2474 AUTH_OBJS="$AUTH_OBJS securid.lo";
2475 SUDOERS_LIBS="${SUDOERS_LIBS} ${with_SecurID}/sdiclient.a"
2481 LDFLAGS="${_LDFLAGS}"
2485 dnl Non-mutually exclusive auth checks come next.
2486 dnl Note: passwd must be last of all!
2490 dnl Convert default authentication methods to with_* if
2491 dnl no explicit authentication scheme was specified.
2493 if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
2494 for auth in $AUTH_DEF; do
2496 passwd) : ${with_passwd='maybe'};;
2504 if test ${with_kerb4-'no'} != "no"; then
2505 AC_DEFINE(HAVE_KERB4)
2507 dnl Use the specified directory, if any, else search for correct inc dir
2509 O_LDFLAGS="$LDFLAGS"
2510 if test "$with_kerb4" = "yes"; then
2512 O_CPPFLAGS="$CPPFLAGS"
2513 for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
2514 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
2515 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]])], [found=yes; break])
2517 test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
2519 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib])
2520 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb4}/lib])
2521 CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
2522 AC_CHECK_HEADER([krb.h], [found=yes], [found=no])
2524 if test X"$found" = X"no"; then
2525 AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
2529 dnl Check for -ldes vs. -ldes425
2531 AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [
2532 AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""])
2535 dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV
2537 AC_MSG_CHECKING(whether we are using KTH Kerberos IV)
2538 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]], [[const char *tmp = krb4_version;]])], [
2540 K4LIBS="${K4LIBS} -lcom_err"
2541 AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"])
2547 dnl The actual Kerberos IV lib might be -lkrb or -lkrb4
2549 AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [
2550 AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"],
2551 [K4LIBS="-lkrb $K4LIBS"]
2552 [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDOERS_LDFLAGS and possibly add Kerberos libs to SUDOERS_LIBS])]
2555 LDFLAGS="$O_LDFLAGS"
2556 SUDOERS_LIBS="${SUDOERS_LIBS} $K4LIBS"
2557 AUTH_OBJS="$AUTH_OBJS kerb4.lo"
2562 dnl There is an easy way and a hard way...
2564 if test ${with_kerb5-'no'} != "no"; then
2565 AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
2566 if test -n "$KRB5CONFIG"; then
2567 AC_DEFINE(HAVE_KERB5)
2568 AUTH_OBJS="$AUTH_OBJS kerb5.lo"
2569 CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
2570 SUDOERS_LIBS="$SUDOERS_LIBS `krb5-config --libs`"
2572 dnl Try to determine whether we have Heimdal or MIT Kerberos
2574 AC_MSG_CHECKING(whether we are using Heimdal)
2575 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2577 AC_DEFINE(HAVE_HEIMDAL)
2583 AC_DEFINE(HAVE_KERB5)
2585 dnl Use the specified directory, if any, else search for correct inc dir
2587 if test "$with_kerb5" = "yes"; then
2589 O_CPPFLAGS="$CPPFLAGS"
2590 for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
2591 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
2592 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]])], [found=yes; break])
2594 if test X"$found" = X"no"; then
2595 CPPFLAGS="$O_CPPFLAGS"
2596 AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
2599 dnl XXX - try to include krb5.h here too
2600 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb5}/lib])
2601 CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
2605 dnl Try to determine whether we have Heimdal or MIT Kerberos
2607 AC_MSG_CHECKING(whether we are using Heimdal)
2608 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2610 AC_DEFINE(HAVE_HEIMDAL)
2611 # XXX - need to check whether -lcrypo is needed!
2612 SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
2613 AC_CHECK_LIB(roken, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lroken"])
2616 SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lk5crypto -lcom_err"
2617 AC_CHECK_LIB(krb5support, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5support"])
2619 AUTH_OBJS="$AUTH_OBJS kerb5.lo"
2622 LIBS="${LIBS} ${SUDOERS_LIBS}"
2623 AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
2624 AC_CHECK_FUNCS(krb5_get_init_creds_opt_alloc, [
2625 AC_CACHE_CHECK([whether krb5_get_init_creds_opt_free takes a context],
2626 sudo_cv_krb5_get_init_creds_opt_free_two_args, [
2629 [[#include <krb5.h>]],
2630 [[krb5_get_init_creds_opt_free(NULL, NULL);]]
2632 [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes],
2633 [sudo_cv_krb5_get_init_creds_opt_free_two_args=no]
2638 if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then
2639 AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS)
2645 dnl extra AFS libs and includes
2647 if test ${with_AFS-'no'} = "yes"; then
2649 # looks like the "standard" place for AFS libs is /usr/afsws/lib
2650 AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
2651 for i in $AFSLIBDIRS; do
2652 if test -d ${i}; then
2653 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [$i])
2654 FOUND_AFSLIBDIR=true
2657 if test -z "$FOUND_AFSLIBDIR"; then
2658 AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options.])
2661 # Order is important here. Note that we build AFS_LIBS from right to left
2662 # since AFS_LIBS may be initialized with BSD compat libs that must go last
2663 AFS_LIBS="-laudit ${AFS_LIBS}"
2664 for i in $AFSLIBDIRS; do
2665 if test -f ${i}/util.a; then
2666 AFS_LIBS="${i}/util.a ${AFS_LIBS}"
2671 if test -z "$FOUND_UTIL_A"; then
2672 AFS_LIBS="-lutil ${AFS_LIBS}"
2674 AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
2676 # AFS includes may live in /usr/include on some machines...
2677 for i in /usr/afsws/include; do
2678 if test -d ${i}; then
2679 CPPFLAGS="${CPPFLAGS} -I${i}"
2680 FOUND_AFSINCDIR=true
2684 if test -z "$FOUND_AFSLIBDIR"; then
2685 AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
2688 AUTH_OBJS="$AUTH_OBJS afs.lo"
2692 dnl extra DCE obj + lib
2693 dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
2695 if test ${with_DCE-'no'} = "yes"; then
2696 DCE_OBJS="${DCE_OBJS} dce_pwent.o"
2697 SUDOERS_LIBS="${SUDOERS_LIBS} -ldce"
2698 AUTH_OBJS="$AUTH_OBJS dce.lo"
2702 dnl extra S/Key lib and includes
2704 if test "${with_skey-'no'}" = "yes"; then
2705 O_LDFLAGS="$LDFLAGS"
2706 if test "$with_skey" != "yes"; then
2707 CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
2708 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
2709 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_skey}/lib])
2710 AC_CHECK_HEADER([skey.h], [found=yes], [found=no], [#include <stdio.h>])
2713 O_CPPFLAGS="$CPPFLAGS"
2714 for dir in "" "/usr/local" "/usr/contrib"; do
2715 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2716 AC_CHECK_HEADER([skey.h], [found=yes; break], [],
2717 [#include <stdio.h>])
2719 if test "$found" = "no" -o -z "$dir"; then
2720 CPPFLAGS="$O_CPPFLAGS"
2722 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2723 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib])
2725 if test "$found" = "no"; then
2726 AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
2729 AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS])])
2730 AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
2732 AC_MSG_CHECKING([for RFC1938-compliant skeychallenge])
2735 [[#include <stdio.h>
2736 #include <skey.h>]],
2737 [[skeychallenge(NULL, NULL, NULL, 0);]]
2739 AC_DEFINE(HAVE_RFC1938_SKEYCHALLENGE)
2740 AC_MSG_RESULT([yes])
2746 LDFLAGS="$O_LDFLAGS"
2747 SUDOERS_LIBS="${SUDOERS_LIBS} -lskey"
2748 AUTH_OBJS="$AUTH_OBJS rfc1938.lo"
2752 dnl extra OPIE lib and includes
2754 if test "${with_opie-'no'}" = "yes"; then
2755 O_LDFLAGS="$LDFLAGS"
2756 if test "$with_opie" != "yes"; then
2757 CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
2758 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
2759 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_opie}/lib])
2760 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes], [found=no])
2763 O_CPPFLAGS="$CPPFLAGS"
2764 for dir in "" "/usr/local" "/usr/contrib"; do
2765 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2766 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes; break])
2768 if test "$found" = "no" -o -z "$dir"; then
2769 CPPFLAGS="$O_CPPFLAGS"
2771 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2772 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib])
2774 if test "$found" = "no"; then
2775 AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
2778 AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS])])
2779 LDFLAGS="$O_LDFLAGS"
2780 SUDOERS_LIBS="${SUDOERS_LIBS} -lopie"
2781 AUTH_OBJS="$AUTH_OBJS rfc1938.lo"
2785 dnl Check for shadow password routines if we have not already done so.
2786 dnl If there is a specific list of functions to check we do that first.
2787 dnl Otherwise, we check for SVR4-style and then SecureWare-style.
2789 if test ${with_passwd-'no'} != "no"; then
2791 dnl if crypt(3) not in libc, look elsewhere
2793 if test -z "$LIB_CRYPT"; then
2795 AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"])
2799 if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
2801 LIBS="$LIBS $shadow_libs"
2803 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2804 if test "$found" = "yes"; then
2805 SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs"
2806 elif test -n "$shadow_libs_optional"; then
2807 LIBS="$LIBS $shadow_libs_optional"
2808 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2809 if test "$found" = "yes"; then
2810 SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs $shadow_libs_optional"
2813 if test "$found" = "yes"; then
2814 case "$shadow_funcs" in
2815 *getprpwnam*) SECUREWARE=1;;
2817 test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
2823 if test "$CHECKSHADOW" = "true"; then
2824 AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"])
2826 if test "$CHECKSHADOW" = "true"; then
2827 AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"])
2829 if test -n "$SECUREWARE"; then
2830 AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
2831 AUTH_OBJS="$AUTH_OBJS secureware.lo"
2836 dnl extra lib and .o file for LDAP support
2838 if test ${with_ldap-'no'} != "no"; then
2840 if test "$with_ldap" != "yes"; then
2841 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_ldap}/lib])
2842 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
2843 CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
2846 SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo"
2849 AC_MSG_CHECKING([for LDAP libraries])
2853 for l in -lldap -llber '-lssl -lcrypto'; do
2855 LDAP_LIBS="${LDAP_LIBS} $l"
2856 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2858 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
2860 if test "$found" = "no"; then
2863 for l in -libmldap -lidsldif; do
2865 LDAP_LIBS="${LDAP_LIBS} $l"
2866 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2868 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
2871 dnl if nothing linked just try with -lldap
2872 if test "$found" = "no"; then
2873 LIBS="${_LIBS} -lldap"
2875 AC_MSG_RESULT([not found, using -lldap])
2877 AC_MSG_RESULT([$LDAP_LIBS])
2879 dnl check if we need to link with -llber for ber_set_option
2881 AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
2882 if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
2883 LDAP_LIBS="$LDAP_LIBS -llber"
2885 dnl check if ldap.h includes lber.h for us
2886 AC_MSG_CHECKING([whether lber.h is needed])
2887 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2888 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
2889 AC_MSG_RESULT([yes])
2890 AC_DEFINE(HAVE_LBER_H)])
2892 AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)], [break])
2893 AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
2894 AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_client_init ldap_start_tls_s_np)
2895 AC_CHECK_FUNCS(ldap_search_ext_s ldap_search_st, [break])
2897 if test X"$check_gss_krb5_ccache_name" = X"yes"; then
2898 AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,
2899 AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
2900 [LDAP_LIBS="${LDAP_LIBS} -lgssapi"],
2901 AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,
2902 AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
2903 [LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"])
2906 # gssapi headers may be separate or part of Kerberos V
2908 O_CPPFLAGS="$CPPFLAGS"
2909 for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do
2910 test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
2911 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <gssapi/gssapi.h>]])], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <gssapi.h>]])], [found="gssapi.h"; break])])
2913 if test X"$found" != X"no"; then
2914 AC_CHECK_HEADERS([$found])
2915 if test X"$found" = X"gssapi/gssapi.h"; then
2916 AC_CHECK_HEADERS([gssapi/gssapi_krb5.h])
2919 CPPFLAGS="$O_CPPFLAGS"
2920 AC_MSG_WARN([Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS])
2924 SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}"
2930 # How to do dynamic object loading.
2931 # We support dlopen() and sh_load(), else fall back to static loading.
2933 case "$lt_cv_dlopen" in
2935 AC_DEFINE(HAVE_DLOPEN)
2936 SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo"
2937 LT_STATIC="--tag=disable-static"
2940 AC_DEFINE(HAVE_SHL_LOAD)
2941 SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo"
2942 LT_STATIC="--tag=disable-static"
2946 if test X"${ac_cv_func_dlopen}" = X"yes"; then
2947 AC_MSG_ERROR(["dlopen present but libtool doesn't appear to support your platform."])
2949 # Preload sudoers module symbols
2950 SUDO_OBJS="${SUDO_OBJS} preload.o"
2951 SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la"
2958 # Add library needed for dynamic loading, if any.
2960 LIBDL="$lt_cv_dlopen_libs"
2961 if test X"$LIBDL" != X""; then
2962 SUDO_LIBS="${SUDO_LIBS} $LIBDL"
2963 SUDOERS_LIBS="${SUDOERS_LIBS} $LIBDL"
2966 # On HP-UX, you cannot dlopen() a shared object that uses pthreads
2967 # unless the main program is linked against -lpthread. Since we
2968 # have no knowledge what libraries a plugin may depend on, we always
2969 # link against -lpthread on HP-UX if it is available.
2970 # This check should go after all other libraries tests.
2973 AC_CHECK_LIB(pthread, main, [SUDO_LIBS="${SUDO_LIBS} -lpthread"])
2978 dnl Add $blibpath to SUDOERS_LDFLAGS if specified by the user or if we
2979 dnl added -L dirpaths to SUDOERS_LDFLAGS.
2981 if test -n "$blibpath"; then
2982 if test -n "$blibpath_add"; then
2983 SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
2984 elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
2985 SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}"
2990 dnl Check for log file, timestamp and iolog locations
2992 if test "$utmp_style" = "LEGACY"; then
3000 dnl Use passwd auth module?
3002 case "$with_passwd" in
3004 AUTH_OBJS="$AUTH_OBJS getspwuid.lo passwd.lo"
3007 AC_DEFINE(WITHOUT_PASSWD)
3008 if test -z "$AUTH_OBJS"; then
3009 AC_MSG_ERROR([no authentication methods defined.])
3013 AUTH_OBJS=${AUTH_OBJS# }
3014 _AUTH=`echo "$AUTH_OBJS" | sed -e 's/\.lo//g' -e 's/getspwuid *//'`
3015 AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
3018 dnl LIBS may contain duplicates from SUDO_LIBS, SUDOERS_LIBS, or NET_LIBS
3020 if test -n "$LIBS"; then
3025 for sl in ${SUDO_LIBS} ${SUDOERS_LIBS} ${NET_LIBS}; do
3026 test $l = $sl && dupe=1
3028 test $dupe = 0 && LIBS="${LIBS} $l"
3033 dnl We add -Wall and -Werror after all tests so they don't cause failures
3035 if test -n "$GCC"; then
3036 if test X"$enable_warnings" = X"yes" -o X"$with_devel" = X"yes"; then
3037 CFLAGS="${CFLAGS} -Wall"
3039 if test X"$enable_werror" = X"yes"; then
3040 CFLAGS="${CFLAGS} -Werror"
3047 test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
3050 dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
3051 dnl XXX - this is gross!
3053 if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
3054 oexec_prefix="$exec_prefix"
3055 if test "$exec_prefix" = '$(prefix)'; then
3056 if test "$prefix" = "NONE"; then
3057 exec_prefix="$ac_default_prefix"
3059 exec_prefix="$prefix"
3062 if test X"$with_noexec" != X"no"; then
3063 PROGS="${PROGS} libsudo_noexec.la"
3064 INSTALL_NOEXEC="install-noexec"
3066 eval noexec_file="$with_noexec"
3067 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
3069 if test X"$with_selinux" != X"no"; then
3070 eval sesh_file="$libexecdir/sesh"
3071 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
3073 eval PLUGINDIR="$with_plugindir"
3074 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/")
3075 SUDO_DEFINE_UNQUOTED(SUDOERS_PLUGIN, "sudoers${SOEXT}")
3076 exec_prefix="$oexec_prefix"
3080 dnl Override default configure dirs for the Makefile
3082 if test X"$prefix" = X"NONE"; then
3083 test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
3085 test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man'
3087 test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
3088 test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
3089 test "$libexecdir" = '${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec'
3090 test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include'
3091 test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share'
3092 test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
3093 test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
3096 dnl Substitute into the Makefile and man pages
3098 dnl AC_CONFIG_FILES([doc/sudo.man doc/visudo.man doc/sudoers.man doc/sudoers.ldap.man doc/sudoreplay.man src/Makefile src/sudo_usage.h])
3099 AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/sample_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers])
3103 dnl Spew any text the user needs to know about
3105 if test "$with_pam" = "yes"; then
3108 AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
3114 dnl Autoheader templates
3116 AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
3117 AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
3118 AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
3119 AH_TEMPLATE(SUDOERS_PLUGIN, [The name of the sudoers plugin, including extension.])
3120 AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
3121 AH_TEMPLATE(ENV_DEBUG, [Define to 1 to enable environment function debugging.])
3122 AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
3123 AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
3124 AH_TEMPLATE(ENV_RESET, [Define to 1 to enable environment resetting by default.])
3125 AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
3126 AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
3127 AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
3128 AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
3129 AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
3130 AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM audit support.])
3131 AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
3132 AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
3133 AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
3134 AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
3135 AH_TEMPLATE(HAVE_DLOPEN, [Define to 1 if you have the `dlopen' function.])
3136 AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.])
3137 AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
3138 AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
3139 AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
3140 AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)])
3141 AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)])
3142 AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
3143 AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
3144 AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
3145 AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.])
3146 AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
3147 AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if <netinet/in.h> contains struct in6_addr.])
3148 AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
3149 AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
3150 AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.])
3151 AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
3152 AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.])
3153 AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.])
3154 AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.])
3155 AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.])
3156 AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
3157 AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
3158 AH_TEMPLATE(HAVE_LIBINTL_H, [Define to 1 if you have the <libintl.h> header file.])
3159 AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.])
3160 AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
3161 AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
3162 AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.])
3163 AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
3164 AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
3165 AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.])
3166 AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.])
3167 AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.])
3168 AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
3169 AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
3170 AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
3171 AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments])
3172 AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union])
3173 AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
3174 AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
3175 AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h])
3176 AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
3177 AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
3178 AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
3179 AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
3180 AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
3181 AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
3182 AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
3183 AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support])
3184 AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
3185 AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
3186 AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.])
3187 AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
3188 AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
3189 AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
3190 AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
3191 AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
3192 AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
3193 AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
3194 AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
3195 AH_TEMPLATE(UMASK_OVERRIDE, [Define to 1 to use the umask specified in sudoers even when it is less restrictive than the invoking user's.])
3196 AH_TEMPLATE(USE_ADMIN_FLAG, [Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo.])
3197 AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
3198 AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
3199 AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
3200 AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
3201 AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.])
3202 AH_TEMPLATE(HAVE_STRUCT_UTMP_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmp'.])
3203 AH_TEMPLATE(HAVE_STRUCT_UTMPX_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmpx'.])
3206 dnl Bits to copy verbatim into config.h.in
3208 AH_TOP([#ifndef _SUDO_CONFIG_H
3209 #define _SUDO_CONFIG_H])
3212 * Macros to convert ctime and mtime into timevals.
3214 #define timespec2timeval(_ts, _tv) do { \
3215 (_tv)->tv_sec = (_ts)->tv_sec; \
3216 (_tv)->tv_usec = (_ts)->tv_nsec / 1000; \
3220 # ifdef HAVE_ST__TIM
3221 # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim.st__tim, (_y))
3222 # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim.st__tim, (_y))
3224 # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim, (_y))
3225 # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim, (_y))
3228 # ifdef HAVE_ST_MTIMESPEC
3229 # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctimespec, (_y))
3230 # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtimespec, (_y))
3232 # define ctim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_ctime; (_y)->tv_usec = 0; } while (0)
3233 # define mtim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_mtime; (_y)->tv_usec = 0; } while (0)
3234 # endif /* HAVE_ST_MTIMESPEC */
3235 #endif /* HAVE_ST_MTIM */
3237 /* GNU stow needs /etc/sudoers to be a symlink. */
3239 # define stat_sudoers stat
3241 # define stat_sudoers lstat
3244 /* Macros to set/clear/test flags. */
3246 #define SET(t, f) ((t) |= (f))
3248 #define CLR(t, f) ((t) &= ~(f))
3250 #define ISSET(t, f) ((t) & (f))
3252 /* ANSI-style OS defs for HP-UX and ConvexOS. */
3253 #if defined(hpux) && !defined(__hpux)
3257 #if defined(convex) && !defined(__convex__)
3258 # define __convex__ 1
3261 /* BSD compatibility on some SVR4 systems. */
3264 #endif /* __svr4__ */
3266 #endif /* _SUDO_CONFIG_H */])