2 dnl Process this file with GNU autoconf to produce a configure script.
3 dnl $Sudo: configure.in,v 1.413.2.34 2007/12/19 19:29:29 millert Exp $
5 dnl Copyright (c) 1994-1996,1998-2007 Todd C. Miller <Todd.Miller@courtesan.com>
7 AC_INIT([sudo], [1.6.9])
8 AC_CONFIG_HEADER(config.h pathnames.h)
10 dnl This won't work before AC_INIT
12 AC_MSG_NOTICE([Configuring Sudo version 1.6.9])
14 dnl Variables that get substituted in the Makefile and man pages
21 AC_SUBST(SUDO_LDFLAGS)
27 AC_SUBST(GETGROUPS_LIB)
31 AC_SUBST(MAN_POSTINSTALL)
32 AC_SUBST(SUDOERS_MODE)
41 AC_SUBST(INSTALL_NOEXEC)
42 AC_SUBST(DONT_LEAK_PATH_INFO)
44 dnl Variables that get substituted in docs (not overridden by environment)
46 AC_SUBST(timedir)dnl initial value from SUDO_TIMEDIR
48 AC_SUBST(password_timeout)
51 AC_SUBST(long_otp_prompt)
58 AC_SUBST(mail_no_user)
59 AC_SUBST(mail_no_host)
60 AC_SUBST(mail_no_perms)
63 AC_SUBST(badpass_message)
65 AC_SUBST(runas_default)
67 AC_SUBST(passwd_tries)
73 dnl Initial values for above
78 passprompt="Password:"
90 mailsub='*** SECURITY information for %h ***'
91 badpass_message='Sorry, try again.'
102 dnl Initial values for Makefile variables listed above
103 dnl May be overridden by environment variables..
108 : ${SUDOERS_MODE='0440'}
125 shadow_libs_optional=
128 dnl Override default configure dirs...
130 test "$mandir" = '${prefix}/man' && mandir='$(prefix)/man'
131 test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
132 test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
133 test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
136 dnl Deprecated --with options (these all warn or generate an error)
139 AC_ARG_WITH(otp-only, [ --with-otp-only deprecated],
140 [case $with_otp_only in
141 yes) with_passwd="no"
142 AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
146 AC_ARG_WITH(alertmail, [ --with-alertmail deprecated],
147 [case $with_alertmail in
148 *) with_mailto="$with_alertmail"
149 AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
154 dnl Options for --with
157 AC_ARG_WITH(CC, [ --with-CC C compiler to use],
159 yes) AC_MSG_ERROR(["must give --with-CC an argument."])
161 no) AC_MSG_ERROR(["illegal argument: --without-CC."])
167 AC_ARG_WITH(rpath, [ --with-rpath pass -R flag in addition to -L for lib paths],
170 *) AC_MSG_ERROR(["--with-rpath does not take an argument."])
174 AC_ARG_WITH(blibpath, [ --with-blibpath[=PATH] pass -blibpath flag to ld for additional lib paths],
175 [case $with_blibpath in
177 *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
181 AC_ARG_WITH(incpath, [ --with-incpath additional places to look for include files],
182 [case $with_incpath in
183 yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
185 no) AC_MSG_ERROR(["--without-incpath not supported."])
187 *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
188 for i in ${with_incpath}; do
189 CPPFLAGS="${CPPFLAGS} -I${i}"
194 AC_ARG_WITH(libpath, [ --with-libpath additional places to look for libraries],
195 [case $with_libpath in
196 yes) AC_MSG_ERROR(["must give --with-libpath an argument."])
198 no) AC_MSG_ERROR(["--without-libpath not supported."])
200 *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS])
204 AC_ARG_WITH(libraries, [ --with-libraries additional libraries to link with],
205 [case $with_libraries in
206 yes) AC_MSG_ERROR(["must give --with-libraries an argument."])
208 no) AC_MSG_ERROR(["--without-libraries not supported."])
210 *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS])
214 AC_ARG_WITH(devel, [ --with-devel add development options],
216 yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
217 PROGS="${PROGS} testsudoers"
218 OSDEFS="${OSDEFS} -DSUDO_DEVEL"
222 *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
226 AC_ARG_WITH(efence, [ --with-efence link with -lefence for malloc() debugging],
227 [case $with_efence in
228 yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
229 LIBS="${LIBS} -lefence"
230 if test -f /usr/local/lib/libefence.a; then
231 with_libpath="${with_libpath} /usr/local/lib"
235 *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence])
239 AC_ARG_WITH(csops, [ --with-csops add CSOps standard options],
241 yes) AC_MSG_NOTICE([Adding CSOps standard options])
245 with_classic_insults=yes
246 with_csops_insults=yes
252 *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
256 AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for authentication],
257 [case $with_passwd in
258 yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
259 AC_MSG_RESULT($with_passwd)
261 test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
263 *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
267 AC_ARG_WITH(skey, [ --with-skey[=DIR] enable S/Key support ],
271 *) AC_DEFINE(HAVE_SKEY)
272 AC_MSG_CHECKING(whether to try S/Key authentication)
274 AUTH_REG="$AUTH_REG S/Key"
278 AC_ARG_WITH(opie, [ --with-opie[=DIR] enable OPIE support ],
282 *) AC_DEFINE(HAVE_OPIE)
283 AC_MSG_CHECKING(whether to try NRL OPIE authentication)
285 AUTH_REG="$AUTH_REG NRL_OPIE"
289 AC_ARG_WITH(long-otp-prompt, [ --with-long-otp-prompt use a two line OTP (skey/opie) prompt],
290 [case $with_long_otp_prompt in
291 yes) AC_DEFINE(LONG_OTP_PROMPT)
292 AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
296 no) long_otp_prompt=off
298 *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."])
302 AC_ARG_WITH(SecurID, [ --with-SecurID[[=DIR]] enable SecurID support],
303 [case $with_SecurID in
304 no) with_SecurID="";;
305 *) AC_DEFINE(HAVE_SECURID)
306 AC_MSG_CHECKING(whether to use SecurID for authentication)
308 AUTH_EXCL="$AUTH_EXCL SecurID"
312 AC_ARG_WITH(fwtk, [ --with-fwtk[[=DIR]] enable FWTK AuthSRV support],
315 *) AC_DEFINE(HAVE_FWTK)
316 AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
318 AUTH_EXCL="$AUTH_EXCL FWTK"
322 AC_ARG_WITH(kerb4, [ --with-kerb4[[=DIR]] enable Kerberos IV support],
325 *) AC_MSG_CHECKING(whether to try kerberos IV authentication)
327 AUTH_REG="$AUTH_REG kerb4"
331 AC_ARG_WITH(kerb5, [ --with-kerb5[[=DIR]] enable Kerberos V support],
334 *) AC_MSG_CHECKING(whether to try Kerberos V authentication)
336 AUTH_REG="$AUTH_REG kerb5"
340 AC_ARG_WITH(aixauth, [ --with-aixauth enable AIX general authentication support],
341 [case $with_aixauth in
342 yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
344 *) AC_MSG_ERROR(["--with-aixauth does not take an argument."])
348 AC_ARG_WITH(pam, [ --with-pam enable PAM support],
350 yes) AUTH_EXCL="$AUTH_EXCL PAM";;
352 *) AC_MSG_ERROR(["--with-pam does not take an argument."])
356 AC_ARG_WITH(AFS, [ --with-AFS enable AFS support],
358 yes) AC_DEFINE(HAVE_AFS)
359 AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
361 AUTH_REG="$AUTH_REG AFS"
364 *) AC_MSG_ERROR(["--with-AFS does not take an argument."])
368 AC_ARG_WITH(DCE, [ --with-DCE enable DCE support],
370 yes) AC_DEFINE(HAVE_DCE)
371 AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
373 AUTH_REG="$AUTH_REG DCE"
376 *) AC_MSG_ERROR(["--with-DCE does not take an argument."])
380 AC_ARG_WITH(logincap, [ --with-logincap enable BSD login class support],
381 [case $with_logincap in
383 *) AC_MSG_ERROR(["--with-logincap does not take an argument."])
387 AC_ARG_WITH(bsdauth, [ --with-bsdauth enable BSD authentication support],
388 [case $with_bsdauth in
389 yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
391 *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
395 AC_ARG_WITH(project, [ --with-project enable Solaris project support],
396 [case $with_project in
399 *) AC_MSG_ERROR(["--with-project does not take an argument."])
403 AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
404 AC_ARG_WITH(lecture, [ --without-lecture don't print lecture for first-time sudoer],
405 [case $with_lecture in
406 yes|short|always) lecture=once
408 no|none|never) lecture=never
410 *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"])
413 if test "$lecture" = "once"; then
416 AC_DEFINE(NO_LECTURE)
420 AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
421 AC_ARG_WITH(logging, [ --with-logging log via syslog, file, or both],
422 [case $with_logging in
423 yes) AC_MSG_ERROR(["must give --with-logging an argument."])
425 no) AC_MSG_ERROR(["--without-logging not supported."])
427 syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG)
428 AC_MSG_RESULT(syslog)
430 file) AC_DEFINE(LOGGING, SLOG_FILE)
433 both) AC_DEFINE(LOGGING, SLOG_BOTH)
436 *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"])
438 esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
440 AC_MSG_CHECKING(which syslog facility sudo should log with)
441 AC_ARG_WITH(logfac, [ --with-logfac syslog facility to log with (default is "local2")],
442 [case $with_logfac in
443 yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
445 no) AC_MSG_ERROR(["--without-logfac not supported."])
447 authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac
449 *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
452 AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
453 AC_MSG_RESULT($logfac)
455 AC_MSG_CHECKING(at which syslog priority to log commands)
456 AC_ARG_WITH(goodpri, [ --with-goodpri syslog priority for commands (def is "notice")],
457 [case $with_goodpri in
458 yes) AC_MSG_ERROR(["must give --with-goodpri an argument."])
460 no) AC_MSG_ERROR(["--without-goodpri not supported."])
462 alert|crit|debug|emerg|err|info|notice|warning)
463 goodpri=$with_goodpri
465 *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."])
468 AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
469 AC_MSG_RESULT($goodpri)
471 AC_MSG_CHECKING(at which syslog priority to log failures)
472 AC_ARG_WITH(badpri, [ --with-badpri syslog priority for failures (def is "alert")],
473 [case $with_badpri in
474 yes) AC_MSG_ERROR(["must give --with-badpri an argument."])
476 no) AC_MSG_ERROR(["--without-badpri not supported."])
478 alert|crit|debug|emerg|err|info|notice|warning)
481 *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
484 AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
485 AC_MSG_RESULT($badpri)
487 AC_ARG_WITH(logpath, [ --with-logpath path to the sudo log file],
488 [case $with_logpath in
489 yes) AC_MSG_ERROR(["must give --with-logpath an argument."])
491 no) AC_MSG_ERROR(["--without-logpath not supported."])
495 AC_MSG_CHECKING(how long a line in the log file should be)
496 AC_ARG_WITH(loglen, [ --with-loglen maximum length of a log file line (default is 80)],
497 [case $with_loglen in
498 yes) AC_MSG_ERROR(["must give --with-loglen an argument."])
500 no) AC_MSG_ERROR(["--without-loglen not supported."])
502 [[0-9]]*) loglen=$with_loglen
504 *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"])
507 AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
508 AC_MSG_RESULT($loglen)
510 AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
511 AC_ARG_WITH(ignore-dot, [ --with-ignore-dot ignore '.' in the PATH],
512 [case $with_ignore_dot in
517 *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."])
520 if test "$ignore_dot" = "on"; then
521 AC_DEFINE(IGNORE_DOT_PATH)
527 AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
528 AC_ARG_WITH(mail-if-no-user, [ --without-mail-if-no-user do not send mail if user not in sudoers],
529 [case $with_mail_if_no_user in
534 *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."])
537 if test "$mail_no_user" = "on"; then
538 AC_DEFINE(SEND_MAIL_WHEN_NO_USER)
544 AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
545 AC_ARG_WITH(mail-if-no-host, [ --with-mail-if-no-host send mail if user in sudoers but not for this host],
546 [case $with_mail_if_no_host in
551 *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."])
554 if test "$mail_no_host" = "on"; then
555 AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
561 AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
562 AC_ARG_WITH(mail-if-noperms, [ --with-mail-if-noperms send mail if user not allowed to run command],
563 [case $with_mail_if_noperms in
568 *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."])
571 if test "$mail_noperms" = "on"; then
572 AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
578 AC_MSG_CHECKING(who should get the mail that sudo sends)
579 AC_ARG_WITH(mailto, [ --with-mailto who should get sudo mail (default is "root")],
580 [case $with_mailto in
581 yes) AC_MSG_ERROR(["must give --with-mailto an argument."])
583 no) AC_MSG_ERROR(["--without-mailto not supported."])
585 *) mailto=$with_mailto
588 AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
589 AC_MSG_RESULT([$mailto])
591 AC_ARG_WITH(mailsubject, [ --with-mailsubject subject of sudo mail],
592 [case $with_mailsubject in
593 yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."])
595 no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.])
597 *) mailsub="$with_mailsubject"
598 AC_MSG_CHECKING(sudo mail subject)
599 AC_MSG_RESULT([Using alert mail subject: $mailsub])
602 AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
604 AC_MSG_CHECKING(for bad password prompt)
605 AC_ARG_WITH(passprompt, [ --with-passprompt default password prompt],
606 [case $with_passprompt in
607 yes) AC_MSG_ERROR(["must give --with-passprompt an argument."])
609 no) AC_MSG_WARN([Sorry, --without-passprompt not supported.])
611 *) passprompt="$with_passprompt"
613 AC_MSG_RESULT($passprompt)
614 AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
616 AC_MSG_CHECKING(for bad password message)
617 AC_ARG_WITH(badpass-message, [ --with-badpass-message message the user sees when the password is wrong],
618 [case $with_badpass_message in
619 yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
621 no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.])
623 *) badpass_message="$with_badpass_message"
626 AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
627 AC_MSG_RESULT([$badpass_message])
629 AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
630 AC_ARG_WITH(fqdn, [ --with-fqdn expect fully qualified hosts in sudoers],
636 *) AC_MSG_ERROR(["--with-fqdn does not take an argument."])
639 if test "$fqdn" = "on"; then
646 AC_ARG_WITH(timedir, [ --with-timedir path to the sudo timestamp dir],
647 [case $with_timedir in
648 yes) AC_MSG_ERROR(["must give --with-timedir an argument."])
650 no) AC_MSG_ERROR(["--without-timedir not supported."])
654 AC_ARG_WITH(sendmail, [ --with-sendmail=path set path to sendmail
655 --without-sendmail do not send mail at all],
656 [case $with_sendmail in
657 yes) with_sendmail=""
660 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
664 AC_ARG_WITH(sudoers-mode, [ --with-sudoers-mode mode of sudoers file (defaults to 0440)],
665 [case $with_sudoers_mode in
666 yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
668 no) AC_MSG_ERROR(["--without-sudoers-mode not supported."])
670 [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode}
672 0*) SUDOERS_MODE=$with_sudoers_mode
674 *) AC_MSG_ERROR(["you must use an octal mode, not a name."])
678 AC_ARG_WITH(sudoers-uid, [ --with-sudoers-uid uid that owns sudoers file (defaults to 0)],
679 [case $with_sudoers_uid in
680 yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
682 no) AC_MSG_ERROR(["--without-sudoers-uid not supported."])
684 [[0-9]]*) SUDOERS_UID=$with_sudoers_uid
686 *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."])
690 AC_ARG_WITH(sudoers-gid, [ --with-sudoers-gid gid that owns sudoers file (defaults to 0)],
691 [case $with_sudoers_gid in
692 yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
694 no) AC_MSG_ERROR(["--without-sudoers-gid not supported."])
696 [[0-9]]*) SUDOERS_GID=$with_sudoers_gid
698 *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."])
702 AC_MSG_CHECKING(for umask programs should be run with)
703 AC_ARG_WITH(umask, [ --with-umask umask with which the prog should run (default is 022)
704 --without-umask Preserves the umask of the user invoking sudo.],
706 yes) AC_MSG_ERROR(["must give --with-umask an argument."])
710 [[0-9]]*) sudo_umask=$with_umask
712 *) AC_MSG_ERROR(["you must enter a numeric mask."])
715 AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.])
716 if test "$sudo_umask" = "0777"; then
719 AC_MSG_RESULT($sudo_umask)
722 AC_MSG_CHECKING(for default user to run commands as)
723 AC_ARG_WITH(runas-default, [ --with-runas-default User to run commands as (default is "root")],
724 [case $with_runas_default in
725 yes) AC_MSG_ERROR(["must give --with-runas-default an argument."])
727 no) AC_MSG_ERROR(["--without-runas-default not supported."])
729 *) runas_default="$with_runas_default"
732 AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
733 AC_MSG_RESULT([$runas_default])
735 AC_ARG_WITH(exempt, [ --with-exempt=group no passwd needed for users in this group],
736 [case $with_exempt in
737 yes) AC_MSG_ERROR(["must give --with-exempt an argument."])
739 no) AC_MSG_ERROR(["--without-exempt not supported."])
741 *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
742 AC_MSG_CHECKING(for group to be exempt from password)
743 AC_MSG_RESULT([$with_exempt])
747 AC_MSG_CHECKING(for editor that visudo should use)
748 AC_ARG_WITH(editor, [ --with-editor=path Default editor for visudo (defaults to vi)],
749 [case $with_editor in
750 yes) AC_MSG_ERROR(["must give --with-editor an argument."])
752 no) AC_MSG_ERROR(["--without-editor not supported."])
754 *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
755 AC_MSG_RESULT([$with_editor])
757 esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
759 AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
760 AC_ARG_WITH(env-editor, [ --with-env-editor Use the environment variable EDITOR for visudo],
761 [case $with_env_editor in
766 *) AC_MSG_ERROR(["--with-env-editor does not take an argument."])
769 if test "$env_editor" = "on"; then
770 AC_DEFINE(ENV_EDITOR)
776 AC_MSG_CHECKING(number of tries a user gets to enter their password)
777 AC_ARG_WITH(passwd-tries, [ --with-passwd-tries number of tries to enter password (default is 3)],
778 [case $with_passwd_tries in
780 no) AC_MSG_ERROR(["--without-editor not supported."])
782 [[1-9]]*) passwd_tries=$with_passwd_tries
784 *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"])
787 AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
788 AC_MSG_RESULT($passwd_tries)
790 AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
791 AC_ARG_WITH(timeout, [ --with-timeout minutes before sudo asks for passwd again (def is 5 minutes)],
792 [case $with_timeout in
796 [[0-9]]*) timeout=$with_timeout
798 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
801 AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
802 AC_MSG_RESULT($timeout)
804 AC_MSG_CHECKING(time in minutes after the password prompt will time out)
805 AC_ARG_WITH(password-timeout, [ --with-password-timeout passwd prompt timeout in minutes (default is 5 minutes)],
806 [case $with_password_timeout in
808 no) password_timeout=0
810 [[0-9]]*) password_timeout=$with_password_timeout
812 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
815 AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
816 AC_MSG_RESULT($password_timeout)
818 AC_MSG_CHECKING(whether to use per-tty ticket files)
819 AC_ARG_WITH(tty-tickets, [ --with-tty-tickets use a different ticket file for each tty],
820 [case $with_tty_tickets in
825 *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
828 if test "$tty_tickets" = "on"; then
829 AC_DEFINE(USE_TTY_TICKETS)
835 AC_MSG_CHECKING(whether to include insults)
836 AC_ARG_WITH(insults, [ --with-insults insult the user for entering an incorrect password],
837 [case $with_insults in
839 with_classic_insults=yes
840 with_csops_insults=yes
844 *) AC_MSG_ERROR(["--with-insults does not take an argument."])
847 if test "$insults" = "on"; then
848 AC_DEFINE(USE_INSULTS)
854 AC_ARG_WITH(all-insults, [ --with-all-insults include all the sudo insult sets],
855 [case $with_all_insults in
856 yes) with_classic_insults=yes
857 with_csops_insults=yes
859 with_goons_insults=yes
862 *) AC_MSG_ERROR(["--with-all-insults does not take an argument."])
866 AC_ARG_WITH(classic-insults, [ --with-classic-insults include the insults from the "classic" sudo],
867 [case $with_classic_insults in
868 yes) AC_DEFINE(CLASSIC_INSULTS)
871 *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."])
875 AC_ARG_WITH(csops-insults, [ --with-csops-insults include CSOps insults],
876 [case $with_csops_insults in
877 yes) AC_DEFINE(CSOPS_INSULTS)
880 *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."])
884 AC_ARG_WITH(hal-insults, [ --with-hal-insults include 2001-like insults],
885 [case $with_hal_insults in
886 yes) AC_DEFINE(HAL_INSULTS)
889 *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."])
893 AC_ARG_WITH(goons-insults, [ --with-goons-insults include the insults from the "Goon Show"],
894 [case $with_goons_insults in
895 yes) AC_DEFINE(GOONS_INSULTS)
898 *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."])
902 AC_ARG_WITH(ldap, [ --with-ldap[[=DIR]] enable LDAP support],
905 *) AC_DEFINE(HAVE_LDAP)
906 AC_MSG_CHECKING(whether to use sudoers from LDAP)
910 AC_ARG_WITH(ldap-conf-file, [ --with-ldap-conf-file path to LDAP configuration file],
911 [AC_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$with_ldap_conf_file", [Path to the ldap.conf file])])
912 AC_ARG_WITH(ldap-secret-file, [ --with-ldap-secret-file path to LDAP secret password file],
913 [AC_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$with_ldap_secret_file", [Path to the ldap.secret file])])
915 AC_ARG_WITH(pc-insults, [ --with-pc-insults replace politically incorrect insults with less offensive ones],
916 [case $with_pc_insults in
917 yes) AC_DEFINE(PC_INSULTS)
920 *) AC_MSG_ERROR(["--with-pc-insults does not take an argument."])
924 dnl include all insult sets on one line
925 if test "$insults" = "on"; then
926 AC_MSG_CHECKING(which insult sets to include)
928 test "$with_goons_insults" = "yes" && i="goons ${i}"
929 test "$with_hal_insults" = "yes" && i="hal ${i}"
930 test "$with_csops_insults" = "yes" && i="csops ${i}"
931 test "$with_classic_insults" = "yes" && i="classic ${i}"
935 AC_MSG_CHECKING(whether to override the user's path)
936 AC_ARG_WITH(secure-path, [ --with-secure-path override the user's path with a built-in one],
937 [case $with_secure_path in
938 yes) AC_DEFINE_UNQUOTED(SECURE_PATH, "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc")
939 AC_MSG_RESULT([:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc])
941 no) AC_MSG_RESULT(no)
943 *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
944 AC_MSG_RESULT([$with_secure_path])
946 esac], AC_MSG_RESULT(no))
948 AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
949 AC_ARG_WITH(interfaces, [ --without-interfaces don't try to read the ip addr of ether interfaces],
950 [case $with_interfaces in
951 yes) AC_MSG_RESULT(yes)
953 no) AC_DEFINE(STUB_LOAD_INTERFACES)
956 *) AC_MSG_ERROR(["--with-interfaces does not take an argument."])
958 esac], AC_MSG_RESULT(yes))
960 AC_MSG_CHECKING(whether stow should be used)
961 AC_ARG_WITH(stow, [ --with-stow properly handle GNU stow packaging],
963 yes) AC_MSG_RESULT(yes)
966 no) AC_MSG_RESULT(no)
968 *) AC_MSG_ERROR(["--with-stow does not take an argument."])
970 esac], AC_MSG_RESULT(no))
973 dnl Options for --enable
976 AC_MSG_CHECKING(whether to do user authentication by default)
977 AC_ARG_ENABLE(authentication,
978 [ --disable-authentication
979 Do not require authentication by default],
980 [ case "$enableval" in
981 yes) AC_MSG_RESULT(yes)
983 no) AC_MSG_RESULT(no)
984 AC_DEFINE(NO_AUTHENTICATION)
987 AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval])
990 ], AC_MSG_RESULT(yes))
992 AC_MSG_CHECKING(whether to disable running the mailer as root)
993 AC_ARG_ENABLE(root-mailer,
994 [ --disable-root-mailer Don't run the mailer as root, run as the user],
995 [ case "$enableval" in
996 yes) AC_MSG_RESULT(no)
998 no) AC_MSG_RESULT(yes)
999 AC_DEFINE(NO_ROOT_MAILER)
1001 *) AC_MSG_RESULT(no)
1002 AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval])
1005 ], AC_MSG_RESULT(no))
1007 AC_ARG_ENABLE(setreuid,
1008 [ --disable-setreuid Don't try to use the setreuid() function],
1009 [ case "$enableval" in
1010 no) SKIP_SETREUID=yes
1016 AC_ARG_ENABLE(setresuid,
1017 [ --disable-setresuid Don't try to use the setresuid() function],
1018 [ case "$enableval" in
1019 no) SKIP_SETRESUID=yes
1025 AC_MSG_CHECKING(whether to disable shadow password support)
1026 AC_ARG_ENABLE(shadow,
1027 [ --disable-shadow Never use shadow passwords],
1028 [ case "$enableval" in
1029 yes) AC_MSG_RESULT(no)
1031 no) AC_MSG_RESULT(yes)
1034 *) AC_MSG_RESULT(no)
1035 AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval])
1038 ], AC_MSG_RESULT(no))
1040 AC_MSG_CHECKING(whether root should be allowed to use sudo)
1041 AC_ARG_ENABLE(root-sudo,
1042 [ --disable-root-sudo Don't allow root to run sudo],
1043 [ case "$enableval" in
1044 yes) AC_MSG_RESULT(yes)
1046 no) AC_DEFINE(NO_ROOT_SUDO)
1050 *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."])
1053 ], AC_MSG_RESULT(yes))
1055 AC_MSG_CHECKING(whether to log the hostname in the log file)
1056 AC_ARG_ENABLE(log-host,
1057 [ --enable-log-host Log the hostname in the log file],
1058 [ case "$enableval" in
1059 yes) AC_MSG_RESULT(yes)
1060 AC_DEFINE(HOST_IN_LOG)
1062 no) AC_MSG_RESULT(no)
1064 *) AC_MSG_RESULT(no)
1065 AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval])
1068 ], AC_MSG_RESULT(no))
1070 AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
1071 AC_ARG_ENABLE(noargs-shell,
1072 [ --enable-noargs-shell If sudo is given no arguments run a shell],
1073 [ case "$enableval" in
1074 yes) AC_MSG_RESULT(yes)
1075 AC_DEFINE(SHELL_IF_NO_ARGS)
1077 no) AC_MSG_RESULT(no)
1079 *) AC_MSG_RESULT(no)
1080 AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval])
1083 ], AC_MSG_RESULT(no))
1085 AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
1086 AC_ARG_ENABLE(shell-sets-home,
1087 [ --enable-shell-sets-home
1088 set $HOME to target user in shell mode],
1089 [ case "$enableval" in
1090 yes) AC_MSG_RESULT(yes)
1091 AC_DEFINE(SHELL_SETS_HOME)
1093 no) AC_MSG_RESULT(no)
1095 *) AC_MSG_RESULT(no)
1096 AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval])
1099 ], AC_MSG_RESULT(no))
1101 AC_MSG_CHECKING(whether to disable 'command not found' messages)
1102 AC_ARG_ENABLE(path_info,
1103 [ --disable-path-info Print 'command not allowed' not 'command not found'],
1104 [ case "$enableval" in
1105 yes) AC_MSG_RESULT(no)
1107 no) AC_MSG_RESULT(yes)
1108 AC_DEFINE(DONT_LEAK_PATH_INFO)
1111 *) AC_MSG_RESULT(no)
1112 AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval])
1115 ], AC_MSG_RESULT(no))
1118 dnl If we don't have egrep we can't do anything...
1120 AC_CHECK_PROG(EGREPPROG, egrep, egrep)
1121 if test -z "$EGREPPROG"; then
1122 AC_MSG_ERROR([Sorry, configure requires egrep to run.])
1126 dnl Prevent configure from adding the -g flag unless in devel mode
1128 if test "$with_devel" != "yes"; then
1133 dnl C compiler checks
1139 dnl Libtool magic; enable shared libs and disable static libs
1142 AC_CANONICAL_TARGET([])
1147 dnl Defer with_noexec until after libtool magic runs
1149 if test "$enable_shared" = "no"; then
1152 eval _shrext="$shrext_cmds"
1154 AC_MSG_CHECKING(path to sudo_noexec.so)
1155 AC_ARG_WITH(noexec, [ --with-noexec[=PATH] fully qualified pathname of sudo_noexec.so],
1156 [case $with_noexec in
1157 yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
1161 esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
1162 AC_MSG_RESULT($with_noexec)
1163 NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
1166 dnl It is now safe to modify CFLAGS and CPPFLAGS
1168 if test "$with_devel" = "yes" -a -n "$GCC"; then
1169 CFLAGS="${CFLAGS} -Wall"
1173 dnl Find programs we use
1175 AC_CHECK_PROG(UNAMEPROG, uname, uname)
1176 AC_CHECK_PROG(TRPROG, tr, tr)
1177 AC_CHECK_PROG(NROFFPROG, nroff, nroff)
1178 if test -z "$NROFFPROG"; then
1180 mansrcdir='$(srcdir)'
1184 dnl What kind of beastie are we being run on?
1185 dnl Barf if config.cache was generated on another host.
1187 if test -n "$sudo_cv_prev_host"; then
1188 if test "$sudo_cv_prev_host" != "$host"; then
1189 AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
1191 AC_MSG_CHECKING(previous host type)
1192 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1193 AC_MSG_RESULT([$sudo_cv_prev_host])
1196 # this will produce no output since there is no cached value
1197 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1201 dnl We want to be able to differentiate between different rev's
1203 if test -n "$host_os"; then
1204 OS=`echo $host_os | sed 's/[[0-9]].*//'`
1205 OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'`
1206 OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
1215 # getcwd(3) opens a pipe to getpwd(1)!?!
1218 # system headers lack prototypes but gcc helps...
1219 if test -n "$GCC"; then
1220 OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
1223 shadow_funcs="getpwanam issecure"
1226 # To get the crypt(3) prototype (so we pass -Wall)
1227 OSDEFS="${OSDEFS} -D__EXTENSIONS__"
1228 # AFS support needs -lucb
1229 if test "$with_AFS" = "yes"; then
1230 AFS_LIBS="-lc -lucb"
1233 : ${mansectform='4'}
1234 : ${with_rpath='yes'}
1235 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1238 # To get all prototypes (so we pass -Wall)
1239 OSDEFS="${OSDEFS} -D_XOPEN_EXTENDED_SOURCE -D_ALL_SOURCE"
1240 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
1241 if test X"$with_blibpath" != X"no"; then
1242 AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
1243 O_LDFLAGS="$LDFLAGS"
1244 LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
1245 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [
1246 if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
1247 blibpath="$with_blibpath"
1248 elif test -n "$GCC"; then
1249 blibpath="/usr/lib:/lib:/usr/local/lib"
1251 blibpath="/usr/lib:/lib"
1254 ], [AC_MSG_RESULT(no)])
1256 LDFLAGS="$O_LDFLAGS"
1258 # Use authenticate(3) as the default authentication method
1259 if test X"$with_aixauth" = X""; then
1260 AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
1265 : ${mansectform='4'}
1268 # AFS support needs -lBSD
1269 if test "$with_AFS" = "yes"; then
1270 AFS_LIBS="-lc -lBSD"
1273 : ${mansectform='4'}
1277 AC_DEFINE(BROKEN_SYSLOG)
1279 # Not sure if setuid binaries are safe in < 9.x
1280 if test -n "$GCC"; then
1281 SUDO_LDFLAGS="${SUDO_LDFLAGS} -static"
1283 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive"
1287 AC_DEFINE(BROKEN_SYSLOG)
1289 shadow_funcs="getspwuid"
1291 # DCE support (requires ANSI C compiler)
1292 if test "$with_DCE" = "yes"; then
1293 # order of libs in 9.X is important. -lc_r must be last
1294 SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r"
1295 LIBS="${LIBS} -ldce -lM -lc_r"
1296 CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
1300 shadow_funcs="getprpwnam iscomsec"
1304 shadow_funcs="getspnam iscomsec"
1306 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1311 # ignore envariables wrt dynamic lib path
1312 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement"
1314 : ${CHECKSIA='true'}
1315 AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
1317 [ --disable-sia Disable SIA on Digital UNIX],
1318 [ case "$enableval" in
1319 yes) AC_MSG_RESULT(no)
1322 no) AC_MSG_RESULT(yes)
1325 *) AC_MSG_RESULT(no)
1326 AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval])
1329 ], AC_MSG_RESULT(no))
1331 shadow_funcs="getprpwnam dispcrypt"
1332 # OSF/1 4.x and higher need -ldb too
1333 if test $OSMAJOR -lt 4; then
1334 shadow_libs="-lsecurity -laud -lm"
1336 shadow_libs="-lsecurity -ldb -laud -lm"
1339 # use SIA by default, if we have it
1340 test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
1343 # Some versions of Digital Unix ship with a broken
1344 # copy of prot.h, which we need for shadow passwords.
1345 # XXX - make should remove this as part of distclean
1347 AC_MSG_CHECKING([for broken prot.h])
1348 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1349 #include <sys/types.h>
1350 #include <sys/security.h>
1352 ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
1353 sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
1356 : ${mansectform='4'}
1359 OSDEFS="${OSDEFS} -D_BSD_TYPES"
1360 if test -z "$NROFFPROG"; then
1361 MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
1362 if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
1363 if test -d /usr/share/catman/local; then
1364 mandir="/usr/share/catman/local"
1366 mandir="/usr/catman/local"
1370 if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
1371 if test -d "/usr/share/man/local"; then
1372 mandir="/usr/share/man/local"
1374 mandir="/usr/man/local"
1378 # IRIX <= 4 needs -lsun
1379 if test "$OSMAJOR" -le 4; then
1380 AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
1383 : ${mansectform='4'}
1386 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1387 # Some Linux versions need to link with -lshadow
1388 shadow_funcs="getspnam"
1389 shadow_libs_optional="-lshadow"
1390 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1393 OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
1394 if test -z "$GCC"; then
1395 CFLAGS="${CFLAGS} -D__STDC__"
1398 shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
1399 shadow_funcs="getprpwnam"
1400 shadow_libs="-lprot"
1404 shadow_funcs="getauthuid"
1405 shadow_libs="-lauth"
1408 LIBS="${LIBS} -lsun -lbsd"
1409 CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
1410 OSDEFS="${OSDEFS} -D_MIPS"
1412 : ${mansectform='4'}
1415 OSDEFS="${OSDEFS} -D_ISC"
1417 SUDO_LIBS="${SUDO_LIBS} -lcrypt"
1418 LIBS="${LIBS} -lcrypt"
1420 shadow_funcs="getspnam"
1424 : ${mansectform='4'}
1427 shadow_funcs="getprpwnam"
1428 shadow_libs="-lprot -lx"
1430 : ${mansectform='4'}
1432 m88k-motorola-sysv*)
1433 # motorolla's cc (a variant of gcc) does -O but not -O2
1434 CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
1436 : ${mansectform='4'}
1439 shadow_funcs="getspnam"
1442 : ${mansectform='4'}
1443 : ${with_rpath='yes'}
1445 *-ncr-sysv4*|*-ncr-sysvr4*)
1446 AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes])
1448 : ${mansectform='4'}
1449 : ${with_rpath='yes'}
1451 *-ccur-sysv4*|*-ccur-sysvr4*)
1452 LIBS="${LIBS} -lgen"
1453 SUDO_LIBS="${SUDO_LIBS} -lgen"
1455 : ${mansectform='4'}
1456 : ${with_rpath='yes'}
1460 # Use shlicc for BSD/OS [23].x unless asked to do otherwise
1461 if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then
1463 2|3) AC_MSG_NOTICE([using shlicc as CC])
1464 ac_cv_prog_CC=shlicc
1469 # Check for newer BSD auth API (just check for >= 3.0?)
1470 if test -z "$with_bsdauth"; then
1471 AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
1475 # FreeBSD has a real setreuid(2) starting with 2.1 and
1476 # backported to 2.0.5. We just take 2.1 and above...
1482 if test "$with_skey" = "yes"; then
1483 SUDO_LIBS="${SUDO_LIBS} -lmd"
1486 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1487 : ${with_logincap='maybe'}
1490 # OpenBSD has a real setreuid(2) starting with 3.3 but
1491 # we will use setreuid(2) instead.
1494 # OpenBSD >= 3.0 supports BSD auth
1495 if test -z "$with_bsdauth"; then
1500 AUTH_EXCL_DEF="BSD_AUTH"
1504 : ${with_logincap='maybe'}
1507 # NetBSD has a real setreuid(2) starting with 1.3.2
1509 0.9*|1.[012]*|1.3|1.3.1)
1514 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1515 : ${with_logincap='maybe'}
1518 if test "$with_skey" = "yes"; then
1519 SUDO_LIBS="${SUDO_LIBS} -lmd"
1522 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1523 : ${with_logincap='yes'}
1531 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1532 : ${with_logincap='yes'}
1535 # lockf() on is broken on the NeXT -- use flock instead
1537 ac_cv_func_flock=yes
1541 : ${mansectform='4'}
1542 : ${with_rpath='yes'}
1546 : ${mansectform='4'}
1549 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1554 dnl Check for mixing mutually exclusive and regular auth methods
1556 AUTH_REG=${AUTH_REG# }
1557 AUTH_EXCL=${AUTH_EXCL# }
1558 if test -n "$AUTH_EXCL"; then
1560 if test $# != 1; then
1561 AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL])
1563 if test -n "$AUTH_REG"; then
1564 AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
1568 dnl Only one of S/Key and OPIE may be specified
1570 if test X"${with_skey}${with_opie}" = X"yesyes"; then
1571 AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
1575 dnl Use BSD-style man sections by default
1578 : ${mansectform='5'}
1581 dnl Add in any libpaths or libraries specified via configure
1583 if test -n "$with_libpath"; then
1584 for i in ${with_libpath}; do
1585 SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
1588 if test -n "$with_libraries"; then
1589 for i in ${with_libraries}; do
1601 dnl C compiler checks (to be done after os checks)
1603 AC_PROG_GCC_TRADITIONAL
1612 if test -z "$with_sendmail"; then
1615 if test -z "$with_editor"; then
1619 dnl Header file checks
1624 AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h)
1625 AC_CHECK_HEADERS([err.h], [], [AC_LIBOBJ(err)])
1626 dnl ultrix termio/termios are broken
1627 if test "$OS" != "ultrix"; then
1628 AC_SYS_POSIX_TERMIOS
1629 if test "$ac_cv_sys_posix_termios" = "yes"; then
1630 AC_DEFINE(HAVE_TERMIOS_H)
1632 AC_CHECK_HEADERS(termio.h)
1635 if test ${with_logincap-'no'} != "no"; then
1636 AC_CHECK_HEADERS(login_cap.h, [
1638 freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
1643 if test ${with_project-'no'} != "no"; then
1644 AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H)
1645 [SUDO_LIBS="${SUDO_LIBS} -lproject"], -)
1652 AC_CHECK_TYPES([sig_atomic_t], , [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
1653 #include <signal.h>])
1654 AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include <sys/types.h>
1655 #include <signal.h>])
1656 AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include <sys/types.h>
1657 #if TIME_WITH_SYS_TIME
1658 # include <sys/time.h>
1661 AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include <sys/types.h>
1662 #include <netinet/in.h>])
1672 dnl only set RETSIGTYPE if it is not set already
1682 AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
1683 strftime setrlimit initgroups getgroups fstat gettimeofday \
1684 setlocale getaddrinfo)
1685 if test -z "$SKIP_SETRESUID"; then
1686 AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
1688 if test -z "$SKIP_SETREUID"; then
1689 AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
1691 if test -z "$SKIP_SETEUID"; then
1692 AC_CHECK_FUNCS(seteuid)
1694 if test X"$with_interfaces" != X"no"; then
1695 AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
1697 if test -z "$BROKEN_GETCWD"; then
1698 AC_REPLACE_FUNCS(getcwd)
1700 AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h)
1701 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <glob.h>]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB)
1702 AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob)
1703 AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)])
1704 AC_CHECK_FUNCS(lockf flock, [break])
1705 AC_CHECK_FUNCS(waitpid wait3, [break])
1706 AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
1707 AC_CHECK_FUNCS(lsearch, [], [AC_CHECK_LIB([compat], [lsearch], [AC_CHECK_HEADER([search.h], [AC_DEFINE(HAVE_LSEARCH)] [LIBS="${LIBS} -lcompat"], [AC_LIBOBJ(lsearch)], -)], [AC_LIBOBJ(lsearch)])])
1708 AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
1709 SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)])
1711 AC_REPLACE_FUNCS(memrchr strerror strcasecmp sigaction strlcpy strlcat)
1712 AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom)
1713 AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [],
1714 [ #include <limits.h>
1715 #include <fcntl.h> ])
1717 AC_CHECK_FUNCS(mkstemp, [], [SUDO_OBJS="${SUDO_OBJS} mkstemp.o"
1718 AC_CHECK_FUNCS(random lrand48, [break])
1720 AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
1721 if test X"$ac_cv_type_struct_timespec" != X"no"; then
1722 AC_CHECK_MEMBER([struct stat.st_mtim], AC_DEFINE(HAVE_ST_MTIM), [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
1723 AC_MSG_CHECKING([for two-parameter timespecsub])
1724 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1725 #include <sys/time.h>]], [[struct timespec ts1, ts2;
1726 ts1.tv_sec = 1; ts1.tv_nsec = 0; ts2.tv_sec = 0; ts2.tv_nsec = 0;
1728 #error missing timespecsub
1730 timespecsub(&ts1, &ts2);]])], [AC_DEFINE(HAVE_TIMESPECSUB2)
1731 AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)])
1734 dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
1736 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1737 #include <$ac_header_dirent>]], [[DIR d; (void)dirfd(&d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_TRY_LINK([#include <sys/types.h>
1738 #include <$ac_header_dirent>], [DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);], [AC_DEFINE(HAVE_DD_FD)])])
1740 dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
1741 dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
1743 if test -n "$NEED_SNPRINTF"; then
1747 dnl If socket(2) not in libc, check -lsocket and -linet
1748 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
1749 dnl In this case we look for main(), not socket() to avoid using a cached value
1751 AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl)
1752 AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))])
1754 dnl If inet_addr(3) not in libc, check -lnsl and -linet
1755 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
1757 AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl)
1758 AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))])
1760 dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
1762 AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))])
1764 dnl Bison and DCE use alloca(3), if not in libc, use the sudo one (from gcc)
1765 dnl (gcc includes its own alloca(3) but other compilers may not)
1767 if test "$with_DCE" = "yes" -o "$ac_cv_prog_YACC" = "bison -y"; then
1771 dnl Check for getprogname() or __progname
1773 AC_CHECK_FUNCS(getprogname, , [
1774 AC_MSG_CHECKING([for __progname])
1775 AC_CACHE_VAL(sudo_cv___progname, [
1776 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
1777 if test "$sudo_cv___progname" = "yes"; then
1778 AC_DEFINE(HAVE___PROGNAME)
1780 AC_LIBOBJ(getprogname)
1782 AC_MSG_RESULT($sudo_cv___progname)
1786 dnl Mutually exclusive auth checks come first, followed by
1787 dnl non-exclusive ones. Note: passwd must be last of all!
1791 dnl Convert default authentication methods to with_* if
1792 dnl no explicit authentication scheme was specified.
1794 if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
1795 for auth in $AUTH_EXCL_DEF; do
1797 AIX_AUTH) with_aixauth=maybe;;
1798 BSD_AUTH) with_bsdauth=maybe;;
1799 PAM) with_pam=maybe;;
1800 SIA) CHECKSIA=true;;
1806 dnl PAM support. Systems that use PAM by default set with_pam=default
1807 dnl and we do the actual tests here.
1809 if test ${with_pam-"no"} != "no"; then
1811 dnl Linux may need this
1813 AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"])
1814 ac_cv_lib_dl=ac_cv_lib_dl_main
1817 dnl Some PAM implementations (MacOS X for example) put the PAM headers
1818 dnl in /usr/include/pam instead of /usr/include/security...
1820 AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break])
1821 if test "$with_pam" = "yes"; then
1823 AUTH_OBJS="$AUTH_OBJS pam.o";
1825 AC_MSG_CHECKING(whether to use PAM session support)
1826 AC_ARG_ENABLE(pam_session,
1827 [ --disable-pam-session Disable PAM session support],
1828 [ case "$enableval" in
1829 yes) AC_MSG_RESULT(yes)
1831 no) AC_MSG_RESULT(no)
1832 AC_DEFINE(NO_PAM_SESSION)
1834 *) AC_MSG_RESULT(no)
1835 AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
1837 esac], AC_MSG_RESULT(yes))
1839 *-*-linux*|*-*-solaris*)
1840 AC_CHECK_FUNCS(dgettext, [],
1841 [AC_CHECK_LIB(intl, dgettext, [LIBS="${LIBS} -lintl"]
1842 [AC_DEFINE(HAVE_DGETTEXT)])])
1849 dnl AIX general authentication
1850 dnl If set to "maybe" only enable if no other exclusive method in use.
1852 if test ${with_aixauth-'no'} != "no"; then
1853 if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
1854 AC_MSG_NOTICE([using AIX general authentication])
1855 AC_DEFINE(HAVE_AIXAUTH)
1856 AUTH_OBJS="$AUTH_OBJS aix_auth.o";
1857 SUDO_LIBS="${SUDO_LIBS} -ls"
1863 dnl BSD authentication
1864 dnl If set to "maybe" only enable if no other exclusive method in use.
1866 if test ${with_bsdauth-'no'} != "no"; then
1867 AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
1868 [AUTH_OBJS="$AUTH_OBJS bsdauth.o"]
1869 [BSDAUTH_USAGE='[[-a auth_type]] ']
1870 [AUTH_EXCL=BSD_AUTH],
1871 [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
1875 dnl SIA authentication for Tru64 Unix
1877 if test ${CHECKSIA-'false'} = "true"; then
1878 AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
1879 if test "$found" = "true"; then
1881 AUTH_OBJS="$AUTH_OBJS sia.o"
1886 dnl extra FWTK libs + includes
1888 if test ${with_fwtk-'no'} != "no"; then
1889 if test "$with_fwtk" != "yes"; then
1890 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}])
1891 CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
1894 SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall"
1895 AUTH_OBJS="$AUTH_OBJS fwtk.o"
1899 dnl extra SecurID lib + includes
1901 if test ${with_SecurID-'no'} != "no"; then
1902 if test "$with_SecurID" != "yes"; then
1904 elif test -d /usr/ace/examples; then
1905 with_SecurID=/usr/ace/examples
1907 with_SecurID=/usr/ace
1909 CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
1910 _LDFLAGS="${LDFLAGS}"
1911 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
1913 # Determine whether to use the new or old SecurID API
1915 AC_CHECK_LIB(aceclnt, SD_Init,
1917 AUTH_OBJS="$AUTH_OBJS securid5.o";
1918 SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"
1921 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}])
1923 AUTH_OBJS="$AUTH_OBJS securid.o";
1924 SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a"
1930 LDFLAGS="${_LDFLAGS}"
1934 dnl Non-mutually exclusive auth checks come next.
1935 dnl Note: passwd must be last of all!
1939 dnl Convert default authentication methods to with_* if
1940 dnl no explicit authentication scheme was specified.
1942 if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
1943 for auth in $AUTH_DEF; do
1945 passwd) : ${with_passwd='maybe'};;
1953 if test ${with_kerb4-'no'} != "no"; then
1954 AC_DEFINE(HAVE_KERB4)
1956 dnl Use the specified directory, if any, else search for correct inc dir
1958 O_LDFLAGS="$LDFLAGS"
1959 if test "$with_kerb4" = "yes"; then
1961 O_CPPFLAGS="$CPPFLAGS"
1962 for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
1963 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
1964 AC_PREPROC_IFELSE([#include <krb.h>], [found=yes; break])
1966 test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
1968 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib])
1969 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib])
1970 CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
1971 AC_CHECK_HEADER([krb.h], [found=yes], [found=no])
1973 if test X"$found" = X"no"; then
1974 AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
1978 dnl Check for -ldes vs. -ldes425
1980 AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [
1981 AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""])
1984 dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV
1986 AC_MSG_CHECKING(whether we are using KTH Kerberos IV)
1987 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]], [[const char *tmp = krb4_version;]])], [
1989 K4LIBS="${K4LIBS} -lcom_err"
1990 AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"])
1996 dnl The actual Kerberos IV lib might be -lkrb or -lkrb4
1998 AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [
1999 AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"],
2000 [K4LIBS="-lkrb $K4LIBS"]
2001 [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])]
2004 LDFLAGS="$O_LDFLAGS"
2005 SUDO_LIBS="${SUDO_LIBS} $K4LIBS"
2006 AUTH_OBJS="$AUTH_OBJS kerb4.o"
2011 dnl There is an easy way and a hard way...
2013 if test ${with_kerb5-'no'} != "no"; then
2014 AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
2015 if test -n "$KRB5CONFIG"; then
2016 AC_DEFINE(HAVE_KERB5)
2017 AUTH_OBJS="$AUTH_OBJS kerb5.o"
2018 CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
2019 SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`"
2021 dnl Try to determine whether we have Heimdal or MIT Kerberos
2023 AC_MSG_CHECKING(whether we are using Heimdal)
2024 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2026 AC_DEFINE(HAVE_HEIMDAL)
2033 if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then
2034 AC_DEFINE(HAVE_KERB5)
2036 dnl Use the specified directory, if any, else search for correct inc dir
2038 if test "$with_kerb5" = "yes"; then
2040 O_CPPFLAGS="$CPPFLAGS"
2041 for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
2042 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
2043 AC_PREPROC_IFELSE([#include <krb5.h>], [found=yes; break])
2045 if test X"$found" = X"no"; then
2046 CPPFLAGS="$O_CPPFLAGS"
2047 AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
2050 dnl XXX - try to include krb5.h here too
2051 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib])
2052 CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
2056 dnl Try to determine whether we have Heimdal or MIT Kerberos
2058 AC_MSG_CHECKING(whether we are using Heimdal)
2059 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2061 AC_DEFINE(HAVE_HEIMDAL)
2062 SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
2063 AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"])
2066 SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
2067 AC_CHECK_LIB(krb5support, main, [SUDO_LIBS="${SUDO_LIBS} -lkrb5support,"])
2069 AUTH_OBJS="$AUTH_OBJS kerb5.o"
2071 LIBS="${LIBS} ${SUDO_LIBS}"
2072 AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
2077 dnl extra AFS libs and includes
2079 if test ${with_AFS-'no'} = "yes"; then
2081 # looks like the "standard" place for AFS libs is /usr/afsws/lib
2082 AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
2083 for i in $AFSLIBDIRS; do
2084 if test -d ${i}; then
2085 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i])
2086 FOUND_AFSLIBDIR=true
2089 if test -z "$FOUND_AFSLIBDIR"; then
2090 AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.])
2093 # Order is important here. Note that we build AFS_LIBS from right to left
2094 # since AFS_LIBS may be initialized with BSD compat libs that must go last
2095 AFS_LIBS="-laudit ${AFS_LIBS}"
2096 for i in $AFSLIBDIRS; do
2097 if test -f ${i}/util.a; then
2098 AFS_LIBS="${i}/util.a ${AFS_LIBS}"
2103 if test -z "$FOUND_UTIL_A"; then
2104 AFS_LIBS="-lutil ${AFS_LIBS}"
2106 AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
2108 # AFS includes may live in /usr/include on some machines...
2109 for i in /usr/afsws/include; do
2110 if test -d ${i}; then
2111 CPPFLAGS="${CPPFLAGS} -I${i}"
2112 FOUND_AFSINCDIR=true
2116 if test -z "$FOUND_AFSLIBDIR"; then
2117 AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
2120 AUTH_OBJS="$AUTH_OBJS afs.o"
2124 dnl extra DCE obj + lib
2125 dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
2127 if test ${with_DCE-'no'} = "yes"; then
2128 DCE_OBJS="${DCE_OBJS} dce_pwent.o"
2129 SUDO_LIBS="${SUDO_LIBS} -ldce"
2130 AUTH_OBJS="$AUTH_OBJS dce.o"
2134 dnl extra S/Key lib and includes
2136 if test ${with_skey-'no'} = "yes"; then
2137 O_LDFLAGS="$LDFLAGS"
2138 if test "$with_skey" != "yes"; then
2139 CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
2140 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
2141 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib])
2142 AC_PREPROC_IFELSE([#include <skey.h>], [found=yes], [found=no])
2145 O_CPPFLAGS="$CPPFLAGS"
2146 for dir in "" "/usr/local" "/usr/contrib"; do
2147 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2148 AC_PREPROC_IFELSE([#include <skey.h>], [found=yes; break])
2150 if test "$found" = "no" -o -z "$dir"; then
2151 CPPFLAGS="$O_CPPFLAGS"
2153 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2154 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
2157 if test "$found" = "no"; then
2158 AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
2160 AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])])
2161 AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
2162 LDFLAGS="$O_LDFLAGS"
2163 SUDO_LIBS="${SUDO_LIBS} -lskey"
2164 AUTH_OBJS="$AUTH_OBJS rfc1938.o"
2168 dnl extra OPIE lib and includes
2170 if test ${with_opie-'no'} = "yes"; then
2171 O_LDFLAGS="$LDFLAGS"
2172 if test "$with_opie" != "yes"; then
2173 CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
2174 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
2175 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib])
2176 AC_PREPROC_IFELSE([#include <opie.h>], [found=yes], [found=no])
2179 O_CPPFLAGS="$CPPFLAGS"
2180 for dir in "" "/usr/local" "/usr/contrib"; do
2181 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2182 AC_PREPROC_IFELSE([#include <opie.h>], [found=yes; break])
2184 if test "$found" = "no" -o -z "$dir"; then
2185 CPPFLAGS="$O_CPPFLAGS"
2187 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2188 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
2191 if test "$found" = "no"; then
2192 AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
2194 AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])])
2195 LDFLAGS="$O_LDFLAGS"
2196 SUDO_LIBS="${SUDO_LIBS} -lopie"
2197 AUTH_OBJS="$AUTH_OBJS rfc1938.o"
2201 dnl Check for shadow password routines if we have not already done so.
2202 dnl If there is a specific list of functions to check we do that first.
2203 dnl Otherwise, we check for SVR4-style and then SecureWare-style.
2205 if test ${with_passwd-'no'} != "no"; then
2207 dnl if crypt(3) not in libc, look elsewhere
2209 if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then
2210 AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2213 if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
2215 LIBS="$LIBS $shadow_libs"
2217 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2218 if test "$found" = "yes"; then
2219 SUDO_LIBS="$SUDO_LIBS $shadow_libs"
2220 elif test -n "$shadow_libs_optional"; then
2221 LIBS="$LIBS $shadow_libs_optional"
2222 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2223 if test "$found" = "yes"; then
2224 SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional"
2227 if test "$found" = "yes"; then
2228 case "$shadow_funcs" in
2229 *getprpwnam*) SECUREWARE=1;;
2231 test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
2237 if test "$CHECKSHADOW" = "true"; then
2238 AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2240 if test "$CHECKSHADOW" = "true"; then
2241 AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2243 if test -n "$SECUREWARE"; then
2244 AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
2245 AUTH_OBJS="$AUTH_OBJS secureware.o"
2250 dnl extra lib and .o file for LDAP support
2252 if test ${with_ldap-'no'} != "no"; then
2254 if test "$with_ldap" != "yes"; then
2255 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib])
2256 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
2257 CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
2260 SUDO_OBJS="${SUDO_OBJS} ldap.o"
2262 AC_MSG_CHECKING([for LDAP libraries])
2266 for l in -lldap -llber '-lssl -lcrypto'; do
2268 LDAP_LIBS="${LDAP_LIBS} $l"
2269 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2271 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
2273 dnl if nothing linked just try with -lldap
2274 if test "$found" = "no"; then
2276 AC_MSG_RESULT([not found, using -lldap])
2278 AC_MSG_RESULT([$LDAP_LIBS])
2280 dnl try again w/o explicitly including lber.h
2281 AC_MSG_CHECKING([whether lber.h is needed])
2282 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2283 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
2284 AC_MSG_RESULT([yes])
2285 AC_DEFINE(HAVE_LBER_H)])
2287 AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init)
2289 SUDO_LIBS="${SUDO_LIBS}${LDAP_LIBS}"
2292 # XXX - OpenLDAP has deprecated ldap_get_values()
2293 CPPFLAGS="${CPPFLAGS} -DLDAP_DEPRECATED"
2297 dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we
2298 dnl added -L dirpaths to SUDO_LDFLAGS.
2300 if test -n "$blibpath"; then
2301 if test -n "$blibpath_add"; then
2302 SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
2303 elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
2304 SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}"
2309 dnl Check for log file and timestamp locations
2315 dnl Use passwd (and secureware) auth modules?
2317 case "$with_passwd" in
2319 AUTH_OBJS="$AUTH_OBJS passwd.o"
2322 AC_DEFINE(WITHOUT_PASSWD)
2323 if test -z "$AUTH_OBJS"; then
2324 AC_MSG_ERROR([no authentication methods defined.])
2328 AUTH_OBJS=${AUTH_OBJS# }
2329 _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'`
2330 AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
2333 dnl LIBS may contain duplicates from SUDO_LIBS or NET_LIBS so prune it.
2335 if test -n "$LIBS"; then
2340 for sl in ${SUDO_LIBS} ${NET_LIBS}; do
2341 test $l = $sl && dupe=1
2343 test $dupe = 0 && LIBS="${LIBS} $l"
2350 test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
2353 dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
2354 dnl XXX - this is gross!
2356 if test "$with_noexec" != "no"; then
2357 PROGS="${PROGS} sudo_noexec.la"
2358 INSTALL_NOEXEC="install-noexec"
2360 oexec_prefix="$exec_prefix"
2361 if test "$exec_prefix" = '$(prefix)'; then
2362 if test "$prefix" = "NONE"; then
2363 exec_prefix="$ac_default_prefix"
2365 exec_prefix="$prefix"
2368 eval noexec_file="$with_noexec"
2369 AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
2370 exec_prefix="$oexec_prefix"
2374 dnl Substitute into the Makefile and man pages
2376 AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man])
2380 dnl Spew any text the user needs to know about
2382 if test "$with_pam" = "yes"; then
2385 AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
2391 dnl Autoheader templates
2393 AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
2394 AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
2395 AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
2396 AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
2397 AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
2398 AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
2399 AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
2400 AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
2401 AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
2402 AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
2403 AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
2404 AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
2405 AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
2406 AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
2407 AH_TEMPLATE(HAVE_DGETTEXT, [Define to 1 if you have the `dgettext' function.])
2408 AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
2409 AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.])
2410 AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
2411 AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
2412 AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
2413 AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)])
2414 AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)])
2415 AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
2416 AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
2417 AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
2418 AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
2419 AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if <netinet/in.h> contains struct in6_addr.])
2420 AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
2421 AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
2422 AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.])
2423 AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
2424 AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
2425 AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
2426 AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
2427 AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
2428 AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
2429 AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
2430 AH_TEMPLATE(HAVE_SIA, [Define to 1 if you use SIA authentication.])
2431 AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
2432 AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
2433 AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
2434 AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
2435 AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
2436 AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.])
2437 AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h])
2438 AH_TEMPLATE(HAVE_TIMESPECSUB2, [Define to 1 if you have a timespecsub macro or function that takes two arguments (not three)])
2439 AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
2440 AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
2441 AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
2442 AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
2443 AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
2444 AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
2445 AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
2446 AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
2447 AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
2448 AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
2449 AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
2450 AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
2451 AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
2452 AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
2453 AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
2454 AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
2455 AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
2456 AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
2457 AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
2458 AH_TEMPLATE(USE_TTY_TICKETS, [Define to 1 if you want a different ticket file for each tty.])
2459 AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
2460 AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
2463 dnl Bits to copy verbatim into config.h.in
2465 AH_TOP([#ifndef _SUDO_CONFIG_H
2466 #define _SUDO_CONFIG_H])
2469 * Macros to pull sec and nsec parts of mtime from struct stat.
2470 * We need to be able to convert between timeval and timespec
2471 * so the last 3 digits of tv_nsec are not significant.
2474 # define mtim_getsec(_x) ((_x).st_mtim.tv_sec)
2475 # define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000)
2477 # ifdef HAVE_ST_MTIMESPEC
2478 # define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec)
2479 # define mtim_getnsec(_x) (((_x).st_mtimespec.tv_nsec / 1000) * 1000)
2481 # define mtim_getsec(_x) ((_x).st_mtime)
2482 # define mtim_getnsec(_x) (0)
2483 # endif /* HAVE_ST_MTIMESPEC */
2484 #endif /* HAVE_ST_MTIM */
2487 * Emulate a subset of waitpid() if we don't have it.
2490 # define sudo_waitpid(p, s, o) waitpid(p, s, o)
2493 # define sudo_waitpid(p, s, o) wait3(s, o, NULL)
2497 /* GNU stow needs /etc/sudoers to be a symlink. */
2499 # define stat_sudoers stat
2501 # define stat_sudoers lstat
2504 /* Macros to set/clear/test flags. */
2506 #define SET(t, f) ((t) |= (f))
2508 #define CLR(t, f) ((t) &= ~(f))
2510 #define ISSET(t, f) ((t) & (f))
2512 /* New ANSI-style OS defs for HP-UX and ConvexOS. */
2513 #if defined(hpux) && !defined(__hpux)
2517 #if defined(convex) && !defined(__convex__)
2518 # define __convex__ 1
2521 /* BSD compatibility on some SVR4 systems. */
2524 #endif /* __svr4__ */
2526 #endif /* _SUDO_CONFIG_H */])