2 dnl Process this file with GNU autoconf to produce a configure script.
3 dnl $Sudo: configure.in,v 1.413.2.24 2007/10/09 00:06:05 millert Exp $
5 dnl Copyright (c) 1994-1996,1998-2007 Todd C. Miller <Todd.Miller@courtesan.com>
7 AC_INIT([sudo], [1.6.9])
8 AC_CONFIG_HEADER(config.h pathnames.h)
10 dnl This won't work before AC_INIT
12 AC_MSG_NOTICE([Configuring Sudo version 1.6.9])
14 dnl Variables that get substituted in the Makefile and man pages
21 AC_SUBST(SUDO_LDFLAGS)
30 AC_SUBST(MAN_POSTINSTALL)
31 AC_SUBST(SUDOERS_MODE)
40 AC_SUBST(INSTALL_NOEXEC)
41 AC_SUBST(DONT_LEAK_PATH_INFO)
43 dnl Variables that get substituted in docs (not overridden by environment)
45 AC_SUBST(timedir)dnl initial value from SUDO_TIMEDIR
47 AC_SUBST(password_timeout)
50 AC_SUBST(long_otp_prompt)
57 AC_SUBST(mail_no_user)
58 AC_SUBST(mail_no_host)
59 AC_SUBST(mail_no_perms)
62 AC_SUBST(badpass_message)
64 AC_SUBST(runas_default)
66 AC_SUBST(passwd_tries)
72 dnl Initial values for above
77 passprompt="Password:"
89 mailsub='*** SECURITY information for %h ***'
90 badpass_message='Sorry, try again.'
101 dnl Initial values for Makefile variables listed above
102 dnl May be overridden by environment variables..
107 : ${SUDOERS_MODE='0440'}
124 shadow_libs_optional=
127 dnl Override default configure dirs...
129 test "$mandir" = '${prefix}/man' && mandir='$(prefix)/man'
130 test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
131 test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
132 test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
135 dnl Deprecated --with options (these all warn or generate an error)
138 AC_ARG_WITH(otp-only, [ --with-otp-only deprecated],
139 [case $with_otp_only in
140 yes) with_passwd="no"
141 AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
145 AC_ARG_WITH(alertmail, [ --with-alertmail deprecated],
146 [case $with_alertmail in
147 *) with_mailto="$with_alertmail"
148 AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
153 dnl Options for --with
156 AC_ARG_WITH(CC, [ --with-CC C compiler to use],
158 yes) AC_MSG_ERROR(["must give --with-CC an argument."])
160 no) AC_MSG_ERROR(["illegal argument: --without-CC."])
166 AC_ARG_WITH(rpath, [ --with-rpath pass -R flag in addition to -L for lib paths],
169 *) AC_MSG_ERROR(["--with-rpath does not take an argument."])
173 AC_ARG_WITH(blibpath, [ --with-blibpath[=PATH] pass -blibpath flag to ld for additional lib paths],
174 [case $with_blibpath in
176 *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
180 AC_ARG_WITH(incpath, [ --with-incpath additional places to look for include files],
181 [case $with_incpath in
182 yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
184 no) AC_MSG_ERROR(["--without-incpath not supported."])
186 *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
187 for i in ${with_incpath}; do
188 CPPFLAGS="${CPPFLAGS} -I${i}"
193 AC_ARG_WITH(libpath, [ --with-libpath additional places to look for libraries],
194 [case $with_libpath in
195 yes) AC_MSG_ERROR(["must give --with-libpath an argument."])
197 no) AC_MSG_ERROR(["--without-libpath not supported."])
199 *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS])
203 AC_ARG_WITH(libraries, [ --with-libraries additional libraries to link with],
204 [case $with_libraries in
205 yes) AC_MSG_ERROR(["must give --with-libraries an argument."])
207 no) AC_MSG_ERROR(["--without-libraries not supported."])
209 *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS])
213 AC_ARG_WITH(devel, [ --with-devel add development options],
215 yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
216 PROGS="${PROGS} testsudoers"
217 OSDEFS="${OSDEFS} -DSUDO_DEVEL"
221 *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
225 AC_ARG_WITH(efence, [ --with-efence link with -lefence for malloc() debugging],
226 [case $with_efence in
227 yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
228 LIBS="${LIBS} -lefence"
229 if test -f /usr/local/lib/libefence.a; then
230 with_libpath="${with_libpath} /usr/local/lib"
234 *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence])
238 AC_ARG_WITH(csops, [ --with-csops add CSOps standard options],
240 yes) AC_MSG_NOTICE([Adding CSOps standard options])
244 with_classic_insults=yes
245 with_csops_insults=yes
251 *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
255 AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for authentication],
256 [case $with_passwd in
257 yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
258 AC_MSG_RESULT($with_passwd)
260 test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
262 *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
266 AC_ARG_WITH(skey, [ --with-skey[=DIR] enable S/Key support ],
270 *) AC_DEFINE(HAVE_SKEY)
271 AC_MSG_CHECKING(whether to try S/Key authentication)
273 AUTH_REG="$AUTH_REG S/Key"
277 AC_ARG_WITH(opie, [ --with-opie[=DIR] enable OPIE support ],
281 *) AC_DEFINE(HAVE_OPIE)
282 AC_MSG_CHECKING(whether to try NRL OPIE authentication)
284 AUTH_REG="$AUTH_REG NRL_OPIE"
288 AC_ARG_WITH(long-otp-prompt, [ --with-long-otp-prompt use a two line OTP (skey/opie) prompt],
289 [case $with_long_otp_prompt in
290 yes) AC_DEFINE(LONG_OTP_PROMPT)
291 AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
295 no) long_otp_prompt=off
297 *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."])
301 AC_ARG_WITH(SecurID, [ --with-SecurID[[=DIR]] enable SecurID support],
302 [case $with_SecurID in
303 no) with_SecurID="";;
304 *) AC_DEFINE(HAVE_SECURID)
305 AC_MSG_CHECKING(whether to use SecurID for authentication)
307 AUTH_EXCL="$AUTH_EXCL SecurID"
311 AC_ARG_WITH(fwtk, [ --with-fwtk[[=DIR]] enable FWTK AuthSRV support],
314 *) AC_DEFINE(HAVE_FWTK)
315 AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
317 AUTH_EXCL="$AUTH_EXCL FWTK"
321 AC_ARG_WITH(kerb4, [ --with-kerb4[[=DIR]] enable Kerberos IV support],
324 *) AC_MSG_CHECKING(whether to try kerberos IV authentication)
326 AUTH_REG="$AUTH_REG kerb4"
330 AC_ARG_WITH(kerb5, [ --with-kerb5[[=DIR]] enable Kerberos V support],
333 *) AC_MSG_CHECKING(whether to try Kerberos V authentication)
335 AUTH_REG="$AUTH_REG kerb5"
339 AC_ARG_WITH(aixauth, [ --with-aixauth enable AIX general authentication support],
340 [case $with_aixauth in
341 yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
343 *) AC_MSG_ERROR(["--with-aixauth does not take an argument."])
347 AC_ARG_WITH(pam, [ --with-pam enable PAM support],
349 yes) AUTH_EXCL="$AUTH_EXCL PAM";;
351 *) AC_MSG_ERROR(["--with-pam does not take an argument."])
355 AC_ARG_WITH(AFS, [ --with-AFS enable AFS support],
357 yes) AC_DEFINE(HAVE_AFS)
358 AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
360 AUTH_REG="$AUTH_REG AFS"
363 *) AC_MSG_ERROR(["--with-AFS does not take an argument."])
367 AC_ARG_WITH(DCE, [ --with-DCE enable DCE support],
369 yes) AC_DEFINE(HAVE_DCE)
370 AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
372 AUTH_REG="$AUTH_REG DCE"
375 *) AC_MSG_ERROR(["--with-DCE does not take an argument."])
379 AC_ARG_WITH(logincap, [ --with-logincap enable BSD login class support],
380 [case $with_logincap in
382 *) AC_MSG_ERROR(["--with-logincap does not take an argument."])
386 AC_ARG_WITH(bsdauth, [ --with-bsdauth enable BSD authentication support],
387 [case $with_bsdauth in
388 yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
390 *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
394 AC_ARG_WITH(project, [ --with-project enable Solaris project support],
395 [case $with_project in
398 *) AC_MSG_ERROR(["--with-project does not take an argument."])
402 AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
403 AC_ARG_WITH(lecture, [ --without-lecture don't print lecture for first-time sudoer],
404 [case $with_lecture in
405 yes|short|always) lecture=once
407 no|none|never) lecture=never
409 *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"])
412 if test "$lecture" = "once"; then
415 AC_DEFINE(NO_LECTURE)
419 AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
420 AC_ARG_WITH(logging, [ --with-logging log via syslog, file, or both],
421 [case $with_logging in
422 yes) AC_MSG_ERROR(["must give --with-logging an argument."])
424 no) AC_MSG_ERROR(["--without-logging not supported."])
426 syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG)
427 AC_MSG_RESULT(syslog)
429 file) AC_DEFINE(LOGGING, SLOG_FILE)
432 both) AC_DEFINE(LOGGING, SLOG_BOTH)
435 *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"])
437 esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
439 AC_MSG_CHECKING(which syslog facility sudo should log with)
440 AC_ARG_WITH(logfac, [ --with-logfac syslog facility to log with (default is "local2")],
441 [case $with_logfac in
442 yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
444 no) AC_MSG_ERROR(["--without-logfac not supported."])
446 authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac
448 *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
451 AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
452 AC_MSG_RESULT($logfac)
454 AC_MSG_CHECKING(at which syslog priority to log commands)
455 AC_ARG_WITH(goodpri, [ --with-goodpri syslog priority for commands (def is "notice")],
456 [case $with_goodpri in
457 yes) AC_MSG_ERROR(["must give --with-goodpri an argument."])
459 no) AC_MSG_ERROR(["--without-goodpri not supported."])
461 alert|crit|debug|emerg|err|info|notice|warning)
462 goodpri=$with_goodpri
464 *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."])
467 AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
468 AC_MSG_RESULT($goodpri)
470 AC_MSG_CHECKING(at which syslog priority to log failures)
471 AC_ARG_WITH(badpri, [ --with-badpri syslog priority for failures (def is "alert")],
472 [case $with_badpri in
473 yes) AC_MSG_ERROR(["must give --with-badpri an argument."])
475 no) AC_MSG_ERROR(["--without-badpri not supported."])
477 alert|crit|debug|emerg|err|info|notice|warning)
480 *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
483 AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
484 AC_MSG_RESULT($badpri)
486 AC_ARG_WITH(logpath, [ --with-logpath path to the sudo log file],
487 [case $with_logpath in
488 yes) AC_MSG_ERROR(["must give --with-logpath an argument."])
490 no) AC_MSG_ERROR(["--without-logpath not supported."])
494 AC_MSG_CHECKING(how long a line in the log file should be)
495 AC_ARG_WITH(loglen, [ --with-loglen maximum length of a log file line (default is 80)],
496 [case $with_loglen in
497 yes) AC_MSG_ERROR(["must give --with-loglen an argument."])
499 no) AC_MSG_ERROR(["--without-loglen not supported."])
501 [[0-9]]*) loglen=$with_loglen
503 *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"])
506 AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
507 AC_MSG_RESULT($loglen)
509 AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
510 AC_ARG_WITH(ignore-dot, [ --with-ignore-dot ignore '.' in the PATH],
511 [case $with_ignore_dot in
516 *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."])
519 if test "$ignore_dot" = "on"; then
520 AC_DEFINE(IGNORE_DOT_PATH)
526 AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
527 AC_ARG_WITH(mail-if-no-user, [ --without-mail-if-no-user do not send mail if user not in sudoers],
528 [case $with_mail_if_no_user in
533 *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."])
536 if test "$mail_no_user" = "on"; then
537 AC_DEFINE(SEND_MAIL_WHEN_NO_USER)
543 AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
544 AC_ARG_WITH(mail-if-no-host, [ --with-mail-if-no-host send mail if user in sudoers but not for this host],
545 [case $with_mail_if_no_host in
550 *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."])
553 if test "$mail_no_host" = "on"; then
554 AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
560 AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
561 AC_ARG_WITH(mail-if-noperms, [ --with-mail-if-noperms send mail if user not allowed to run command],
562 [case $with_mail_if_noperms in
567 *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."])
570 if test "$mail_noperms" = "on"; then
571 AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
577 AC_MSG_CHECKING(who should get the mail that sudo sends)
578 AC_ARG_WITH(mailto, [ --with-mailto who should get sudo mail (default is "root")],
579 [case $with_mailto in
580 yes) AC_MSG_ERROR(["must give --with-mailto an argument."])
582 no) AC_MSG_ERROR(["--without-mailto not supported."])
584 *) mailto=$with_mailto
587 AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
588 AC_MSG_RESULT([$mailto])
590 AC_ARG_WITH(mailsubject, [ --with-mailsubject subject of sudo mail],
591 [case $with_mailsubject in
592 yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."])
594 no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.])
596 *) mailsub="$with_mailsubject"
597 AC_MSG_CHECKING(sudo mail subject)
598 AC_MSG_RESULT([Using alert mail subject: $mailsub])
601 AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
603 AC_MSG_CHECKING(for bad password prompt)
604 AC_ARG_WITH(passprompt, [ --with-passprompt default password prompt],
605 [case $with_passprompt in
606 yes) AC_MSG_ERROR(["must give --with-passprompt an argument."])
608 no) AC_MSG_WARN([Sorry, --without-passprompt not supported.])
610 *) passprompt="$with_passprompt"
612 AC_MSG_RESULT($passprompt)
613 AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
615 AC_MSG_CHECKING(for bad password message)
616 AC_ARG_WITH(badpass-message, [ --with-badpass-message message the user sees when the password is wrong],
617 [case $with_badpass_message in
618 yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
620 no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.])
622 *) badpass_message="$with_badpass_message"
625 AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
626 AC_MSG_RESULT([$badpass_message])
628 AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
629 AC_ARG_WITH(fqdn, [ --with-fqdn expect fully qualified hosts in sudoers],
635 *) AC_MSG_ERROR(["--with-fqdn does not take an argument."])
638 if test "$fqdn" = "on"; then
645 AC_ARG_WITH(timedir, [ --with-timedir path to the sudo timestamp dir],
646 [case $with_timedir in
647 yes) AC_MSG_ERROR(["must give --with-timedir an argument."])
649 no) AC_MSG_ERROR(["--without-timedir not supported."])
653 AC_ARG_WITH(sendmail, [ --with-sendmail=path set path to sendmail
654 --without-sendmail do not send mail at all],
655 [case $with_sendmail in
656 yes) with_sendmail=""
659 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
663 AC_ARG_WITH(sudoers-mode, [ --with-sudoers-mode mode of sudoers file (defaults to 0440)],
664 [case $with_sudoers_mode in
665 yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
667 no) AC_MSG_ERROR(["--without-sudoers-mode not supported."])
669 [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode}
671 0*) SUDOERS_MODE=$with_sudoers_mode
673 *) AC_MSG_ERROR(["you must use an octal mode, not a name."])
677 AC_ARG_WITH(sudoers-uid, [ --with-sudoers-uid uid that owns sudoers file (defaults to 0)],
678 [case $with_sudoers_uid in
679 yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
681 no) AC_MSG_ERROR(["--without-sudoers-uid not supported."])
683 [[0-9]]*) SUDOERS_UID=$with_sudoers_uid
685 *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."])
689 AC_ARG_WITH(sudoers-gid, [ --with-sudoers-gid gid that owns sudoers file (defaults to 0)],
690 [case $with_sudoers_gid in
691 yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
693 no) AC_MSG_ERROR(["--without-sudoers-gid not supported."])
695 [[0-9]]*) SUDOERS_GID=$with_sudoers_gid
697 *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."])
701 AC_MSG_CHECKING(for umask programs should be run with)
702 AC_ARG_WITH(umask, [ --with-umask umask with which the prog should run (default is 022)
703 --without-umask Preserves the umask of the user invoking sudo.],
705 yes) AC_MSG_ERROR(["must give --with-umask an argument."])
709 [[0-9]]*) sudo_umask=$with_umask
711 *) AC_MSG_ERROR(["you must enter a numeric mask."])
714 AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.])
715 if test "$sudo_umask" = "0777"; then
718 AC_MSG_RESULT($sudo_umask)
721 AC_MSG_CHECKING(for default user to run commands as)
722 AC_ARG_WITH(runas-default, [ --with-runas-default User to run commands as (default is "root")],
723 [case $with_runas_default in
724 yes) AC_MSG_ERROR(["must give --with-runas-default an argument."])
726 no) AC_MSG_ERROR(["--without-runas-default not supported."])
728 *) runas_default="$with_runas_default"
731 AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
732 AC_MSG_RESULT([$runas_default])
734 AC_ARG_WITH(exempt, [ --with-exempt=group no passwd needed for users in this group],
735 [case $with_exempt in
736 yes) AC_MSG_ERROR(["must give --with-exempt an argument."])
738 no) AC_MSG_ERROR(["--without-exempt not supported."])
740 *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
741 AC_MSG_CHECKING(for group to be exempt from password)
742 AC_MSG_RESULT([$with_exempt])
746 AC_MSG_CHECKING(for editor that visudo should use)
747 AC_ARG_WITH(editor, [ --with-editor=path Default editor for visudo (defaults to vi)],
748 [case $with_editor in
749 yes) AC_MSG_ERROR(["must give --with-editor an argument."])
751 no) AC_MSG_ERROR(["--without-editor not supported."])
753 *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
754 AC_MSG_RESULT([$with_editor])
756 esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
758 AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
759 AC_ARG_WITH(env-editor, [ --with-env-editor Use the environment variable EDITOR for visudo],
760 [case $with_env_editor in
765 *) AC_MSG_ERROR(["--with-env-editor does not take an argument."])
768 if test "$env_editor" = "on"; then
769 AC_DEFINE(ENV_EDITOR)
775 AC_MSG_CHECKING(number of tries a user gets to enter their password)
776 AC_ARG_WITH(passwd-tries, [ --with-passwd-tries number of tries to enter password (default is 3)],
777 [case $with_passwd_tries in
779 no) AC_MSG_ERROR(["--without-editor not supported."])
781 [[1-9]]*) passwd_tries=$with_passwd_tries
783 *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"])
786 AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
787 AC_MSG_RESULT($passwd_tries)
789 AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
790 AC_ARG_WITH(timeout, [ --with-timeout minutes before sudo asks for passwd again (def is 5 minutes)],
791 [case $with_timeout in
795 [[0-9]]*) timeout=$with_timeout
797 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
800 AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
801 AC_MSG_RESULT($timeout)
803 AC_MSG_CHECKING(time in minutes after the password prompt will time out)
804 AC_ARG_WITH(password-timeout, [ --with-password-timeout passwd prompt timeout in minutes (default is 5 minutes)],
805 [case $with_password_timeout in
807 no) password_timeout=0
809 [[0-9]]*) password_timeout=$with_password_timeout
811 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
814 AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
815 AC_MSG_RESULT($password_timeout)
817 AC_MSG_CHECKING(whether to use per-tty ticket files)
818 AC_ARG_WITH(tty-tickets, [ --with-tty-tickets use a different ticket file for each tty],
819 [case $with_tty_tickets in
824 *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
827 if test "$tty_tickets" = "on"; then
828 AC_DEFINE(USE_TTY_TICKETS)
834 AC_MSG_CHECKING(whether to include insults)
835 AC_ARG_WITH(insults, [ --with-insults insult the user for entering an incorrect password],
836 [case $with_insults in
838 with_classic_insults=yes
839 with_csops_insults=yes
843 *) AC_MSG_ERROR(["--with-insults does not take an argument."])
846 if test "$insults" = "on"; then
847 AC_DEFINE(USE_INSULTS)
853 AC_ARG_WITH(all-insults, [ --with-all-insults include all the sudo insult sets],
854 [case $with_all_insults in
855 yes) with_classic_insults=yes
856 with_csops_insults=yes
858 with_goons_insults=yes
861 *) AC_MSG_ERROR(["--with-all-insults does not take an argument."])
865 AC_ARG_WITH(classic-insults, [ --with-classic-insults include the insults from the "classic" sudo],
866 [case $with_classic_insults in
867 yes) AC_DEFINE(CLASSIC_INSULTS)
870 *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."])
874 AC_ARG_WITH(csops-insults, [ --with-csops-insults include CSOps insults],
875 [case $with_csops_insults in
876 yes) AC_DEFINE(CSOPS_INSULTS)
879 *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."])
883 AC_ARG_WITH(hal-insults, [ --with-hal-insults include 2001-like insults],
884 [case $with_hal_insults in
885 yes) AC_DEFINE(HAL_INSULTS)
888 *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."])
892 AC_ARG_WITH(goons-insults, [ --with-goons-insults include the insults from the "Goon Show"],
893 [case $with_goons_insults in
894 yes) AC_DEFINE(GOONS_INSULTS)
897 *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."])
901 AC_ARG_WITH(ldap, [ --with-ldap[[=DIR]] enable LDAP support],
904 *) AC_DEFINE(HAVE_LDAP)
905 AC_MSG_CHECKING(whether to use sudoers from LDAP)
909 AC_ARG_WITH(ldap-conf-file, [ --with-ldap-conf-file path to LDAP configuration file],
910 [AC_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$with_ldap_conf_file", [Path to the ldap.conf file])])
911 AC_ARG_WITH(ldap-secret-file, [ --with-ldap-secret-file path to LDAP secret pasdword file],
912 [AC_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$with_ldap_secret_file", [Path to the ldap.secret file])])
914 AC_ARG_WITH(pc-insults, [ --with-pc-insults replace politically incorrect insults with less offensive ones],
915 [case $with_pc_insults in
916 yes) AC_DEFINE(PC_INSULTS)
919 *) AC_MSG_ERROR(["--with-pc-insults does not take an argument."])
923 dnl include all insult sets on one line
924 if test "$insults" = "on"; then
925 AC_MSG_CHECKING(which insult sets to include)
927 test "$with_goons_insults" = "yes" && i="goons ${i}"
928 test "$with_hal_insults" = "yes" && i="hal ${i}"
929 test "$with_csops_insults" = "yes" && i="csops ${i}"
930 test "$with_classic_insults" = "yes" && i="classic ${i}"
934 AC_MSG_CHECKING(whether to override the user's path)
935 AC_ARG_WITH(secure-path, [ --with-secure-path override the user's path with a built-in one],
936 [case $with_secure_path in
937 yes) AC_DEFINE_UNQUOTED(SECURE_PATH, "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc")
938 AC_MSG_RESULT([:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc])
940 no) AC_MSG_RESULT(no)
942 *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
943 AC_MSG_RESULT([$with_secure_path])
945 esac], AC_MSG_RESULT(no))
947 AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
948 AC_ARG_WITH(interfaces, [ --without-interfaces don't try to read the ip addr of ether interfaces],
949 [case $with_interfaces in
950 yes) AC_MSG_RESULT(yes)
952 no) AC_DEFINE(STUB_LOAD_INTERFACES)
955 *) AC_MSG_ERROR(["--with-interfaces does not take an argument."])
957 esac], AC_MSG_RESULT(yes))
959 AC_MSG_CHECKING(whether stow should be used)
960 AC_ARG_WITH(stow, [ --with-stow properly handle GNU stow packaging],
962 yes) AC_MSG_RESULT(yes)
965 no) AC_MSG_RESULT(no)
967 *) AC_MSG_ERROR(["--with-stow does not take an argument."])
969 esac], AC_MSG_RESULT(no))
972 dnl Options for --enable
975 AC_MSG_CHECKING(whether to do user authentication by default)
976 AC_ARG_ENABLE(authentication,
977 [ --disable-authentication
978 Do not require authentication by default],
979 [ case "$enableval" in
980 yes) AC_MSG_RESULT(yes)
982 no) AC_MSG_RESULT(no)
983 AC_DEFINE(NO_AUTHENTICATION)
986 AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval])
989 ], AC_MSG_RESULT(yes))
991 AC_MSG_CHECKING(whether to disable running the mailer as root)
992 AC_ARG_ENABLE(root-mailer,
993 [ --disable-root-mailer Don't run the mailer as root, run as the user],
994 [ case "$enableval" in
995 yes) AC_MSG_RESULT(no)
997 no) AC_MSG_RESULT(yes)
998 AC_DEFINE(NO_ROOT_MAILER)
1000 *) AC_MSG_RESULT(no)
1001 AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval])
1004 ], AC_MSG_RESULT(no))
1006 AC_ARG_ENABLE(setreuid,
1007 [ --disable-setreuid Don't try to use the setreuid() function],
1008 [ case "$enableval" in
1009 no) SKIP_SETREUID=yes
1015 AC_ARG_ENABLE(setresuid,
1016 [ --disable-setresuid Don't try to use the setresuid() function],
1017 [ case "$enableval" in
1018 no) SKIP_SETRESUID=yes
1024 AC_MSG_CHECKING(whether to disable shadow password support)
1025 AC_ARG_ENABLE(shadow,
1026 [ --disable-shadow Never use shadow passwords],
1027 [ case "$enableval" in
1028 yes) AC_MSG_RESULT(no)
1030 no) AC_MSG_RESULT(yes)
1033 *) AC_MSG_RESULT(no)
1034 AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval])
1037 ], AC_MSG_RESULT(no))
1039 AC_MSG_CHECKING(whether root should be allowed to use sudo)
1040 AC_ARG_ENABLE(root-sudo,
1041 [ --disable-root-sudo Don't allow root to run sudo],
1042 [ case "$enableval" in
1043 yes) AC_MSG_RESULT(yes)
1045 no) AC_DEFINE(NO_ROOT_SUDO)
1049 *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."])
1052 ], AC_MSG_RESULT(yes))
1054 AC_MSG_CHECKING(whether to log the hostname in the log file)
1055 AC_ARG_ENABLE(log-host,
1056 [ --enable-log-host Log the hostname in the log file],
1057 [ case "$enableval" in
1058 yes) AC_MSG_RESULT(yes)
1059 AC_DEFINE(HOST_IN_LOG)
1061 no) AC_MSG_RESULT(no)
1063 *) AC_MSG_RESULT(no)
1064 AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval])
1067 ], AC_MSG_RESULT(no))
1069 AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
1070 AC_ARG_ENABLE(noargs-shell,
1071 [ --enable-noargs-shell If sudo is given no arguments run a shell],
1072 [ case "$enableval" in
1073 yes) AC_MSG_RESULT(yes)
1074 AC_DEFINE(SHELL_IF_NO_ARGS)
1076 no) AC_MSG_RESULT(no)
1078 *) AC_MSG_RESULT(no)
1079 AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval])
1082 ], AC_MSG_RESULT(no))
1084 AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
1085 AC_ARG_ENABLE(shell-sets-home,
1086 [ --enable-shell-sets-home
1087 set $HOME to target user in shell mode],
1088 [ case "$enableval" in
1089 yes) AC_MSG_RESULT(yes)
1090 AC_DEFINE(SHELL_SETS_HOME)
1092 no) AC_MSG_RESULT(no)
1094 *) AC_MSG_RESULT(no)
1095 AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval])
1098 ], AC_MSG_RESULT(no))
1100 AC_MSG_CHECKING(whether to disable 'command not found' messages)
1101 AC_ARG_ENABLE(path_info,
1102 [ --disable-path-info Print 'command not allowed' not 'command not found'],
1103 [ case "$enableval" in
1104 yes) AC_MSG_RESULT(no)
1106 no) AC_MSG_RESULT(yes)
1107 AC_DEFINE(DONT_LEAK_PATH_INFO)
1110 *) AC_MSG_RESULT(no)
1111 AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval])
1114 ], AC_MSG_RESULT(no))
1117 dnl If we don't have egrep we can't do anything...
1119 AC_CHECK_PROG(EGREPPROG, egrep, egrep)
1120 if test -z "$EGREPPROG"; then
1121 AC_MSG_ERROR([Sorry, configure requires egrep to run.])
1125 dnl Prevent configure from adding the -g flag unless in devel mode
1127 if test "$with_devel" != "yes"; then
1132 dnl C compiler checks
1138 dnl Libtool magic; enable shared libs and disable static libs
1141 AC_CANONICAL_TARGET([])
1146 dnl Defer with_noexec until after libtool magic runs
1148 if test "$enable_shared" = "no"; then
1151 eval _shrext="$shrext_cmds"
1153 AC_MSG_CHECKING(path to sudo_noexec.so)
1154 AC_ARG_WITH(noexec, [ --with-noexec[=PATH] fully qualified pathname of sudo_noexec.so],
1155 [case $with_noexec in
1156 yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
1160 esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
1161 AC_MSG_RESULT($with_noexec)
1162 NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
1165 dnl It is now safe to modify CFLAGS and CPPFLAGS
1167 if test "$with_devel" = "yes" -a -n "$GCC"; then
1168 CFLAGS="${CFLAGS} -Wall"
1172 dnl Find programs we use
1174 AC_CHECK_PROG(UNAMEPROG, uname, uname)
1175 AC_CHECK_PROG(TRPROG, tr, tr)
1176 AC_CHECK_PROG(NROFFPROG, nroff, nroff)
1177 if test -z "$NROFFPROG"; then
1179 mansrcdir='$(srcdir)'
1183 dnl What kind of beastie are we being run on?
1184 dnl Barf if config.cache was generated on another host.
1186 if test -n "$sudo_cv_prev_host"; then
1187 if test "$sudo_cv_prev_host" != "$host"; then
1188 AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
1190 AC_MSG_CHECKING(previous host type)
1191 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1192 AC_MSG_RESULT([$sudo_cv_prev_host])
1195 # this will produce no output since there is no cached value
1196 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1200 dnl We want to be able to differentiate between different rev's
1202 if test -n "$host_os"; then
1203 OS=`echo $host_os | sed 's/[[0-9]].*//'`
1204 OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'`
1205 OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
1214 # getcwd(3) opens a pipe to getpwd(1)!?!
1217 # system headers lack prototypes but gcc helps...
1218 if test -n "$GCC"; then
1219 OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
1222 shadow_funcs="getpwanam issecure"
1225 # To get the crypt(3) prototype (so we pass -Wall)
1226 OSDEFS="${OSDEFS} -D__EXTENSIONS__"
1227 # AFS support needs -lucb
1228 if test "$with_AFS" = "yes"; then
1229 AFS_LIBS="-lc -lucb"
1232 : ${mansectform='4'}
1233 : ${with_rpath='yes'}
1234 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1237 # To get all prototypes (so we pass -Wall)
1238 OSDEFS="${OSDEFS} -D_XOPEN_EXTENDED_SOURCE -D_ALL_SOURCE"
1239 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
1240 if test X"$with_blibpath" != X"no"; then
1241 AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
1242 O_LDFLAGS="$LDFLAGS"
1243 LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
1244 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [
1245 if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
1246 blibpath="$with_blibpath"
1247 elif test -n "$GCC"; then
1248 blibpath="/usr/lib:/lib:/usr/local/lib"
1250 blibpath="/usr/lib:/lib"
1253 ], [AC_MSG_RESULT(no)])
1255 LDFLAGS="$O_LDFLAGS"
1257 # Use authenticate(3) as the default authentication method
1258 if test X"$with_aixauth" = X""; then
1259 AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
1264 : ${mansectform='4'}
1267 # AFS support needs -lBSD
1268 if test "$with_AFS" = "yes"; then
1269 AFS_LIBS="-lc -lBSD"
1272 : ${mansectform='4'}
1276 AC_DEFINE(BROKEN_SYSLOG)
1278 # Not sure if setuid binaries are safe in < 9.x
1279 if test -n "$GCC"; then
1280 SUDO_LDFLAGS="${SUDO_LDFLAGS} -static"
1282 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive"
1286 AC_DEFINE(BROKEN_SYSLOG)
1288 shadow_funcs="getspwuid"
1290 # DCE support (requires ANSI C compiler)
1291 if test "$with_DCE" = "yes"; then
1292 # order of libs in 9.X is important. -lc_r must be last
1293 SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r"
1294 LIBS="${LIBS} -ldce -lM -lc_r"
1295 CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
1299 shadow_funcs="getprpwnam iscomsec"
1303 shadow_funcs="getspnam iscomsec"
1305 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1310 # ignore envariables wrt dynamic lib path
1311 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement"
1313 : ${CHECKSIA='true'}
1314 AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
1316 [ --disable-sia Disable SIA on Digital UNIX],
1317 [ case "$enableval" in
1318 yes) AC_MSG_RESULT(no)
1321 no) AC_MSG_RESULT(yes)
1324 *) AC_MSG_RESULT(no)
1325 AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval])
1328 ], AC_MSG_RESULT(no))
1330 shadow_funcs="getprpwnam dispcrypt"
1331 # OSF/1 4.x and higher need -ldb too
1332 if test $OSMAJOR -lt 4; then
1333 shadow_libs="-lsecurity -laud -lm"
1335 shadow_libs="-lsecurity -ldb -laud -lm"
1338 # use SIA by default, if we have it
1339 test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
1342 # Some versions of Digital Unix ship with a broken
1343 # copy of prot.h, which we need for shadow passwords.
1344 # XXX - make should remove this as part of distclean
1346 AC_MSG_CHECKING([for broken prot.h])
1347 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1348 #include <sys/types.h>
1349 #include <sys/security.h>
1351 ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
1352 sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
1355 : ${mansectform='4'}
1358 OSDEFS="${OSDEFS} -D_BSD_TYPES"
1359 if test -z "$NROFFPROG"; then
1360 MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
1361 if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
1362 if test -d /usr/share/catman/local; then
1363 mandir="/usr/share/catman/local"
1365 mandir="/usr/catman/local"
1369 if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
1370 if test -d "/usr/share/man/local"; then
1371 mandir="/usr/share/man/local"
1373 mandir="/usr/man/local"
1377 # IRIX <= 4 needs -lsun
1378 if test "$OSMAJOR" -le 4; then
1379 AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
1382 : ${mansectform='4'}
1385 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1386 # Some Linux versions need to link with -lshadow
1387 shadow_funcs="getspnam"
1388 shadow_libs_optional="-lshadow"
1389 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1392 OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
1393 if test -z "$GCC"; then
1394 CFLAGS="${CFLAGS} -D__STDC__"
1397 shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
1398 shadow_funcs="getprpwnam"
1399 shadow_libs="-lprot"
1403 shadow_funcs="getauthuid"
1404 shadow_libs="-lauth"
1407 LIBS="${LIBS} -lsun -lbsd"
1408 CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
1409 OSDEFS="${OSDEFS} -D_MIPS"
1411 : ${mansectform='4'}
1414 OSDEFS="${OSDEFS} -D_ISC"
1416 SUDO_LIBS="${SUDO_LIBS} -lcrypt"
1417 LIBS="${LIBS} -lcrypt"
1419 shadow_funcs="getspnam"
1423 : ${mansectform='4'}
1426 shadow_funcs="getprpwnam"
1427 shadow_libs="-lprot -lx"
1429 : ${mansectform='4'}
1431 m88k-motorola-sysv*)
1432 # motorolla's cc (a variant of gcc) does -O but not -O2
1433 CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
1435 : ${mansectform='4'}
1438 shadow_funcs="getspnam"
1441 : ${mansectform='4'}
1442 : ${with_rpath='yes'}
1444 *-ncr-sysv4*|*-ncr-sysvr4*)
1445 AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes])
1447 : ${mansectform='4'}
1448 : ${with_rpath='yes'}
1450 *-ccur-sysv4*|*-ccur-sysvr4*)
1451 LIBS="${LIBS} -lgen"
1452 SUDO_LIBS="${SUDO_LIBS} -lgen"
1454 : ${mansectform='4'}
1455 : ${with_rpath='yes'}
1459 # Use shlicc for BSD/OS [23].x unless asked to do otherwise
1460 if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then
1462 2|3) AC_MSG_NOTICE([using shlicc as CC])
1463 ac_cv_prog_CC=shlicc
1468 # Check for newer BSD auth API (just check for >= 3.0?)
1469 if test -z "$with_bsdauth"; then
1470 AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
1474 # FreeBSD has a real setreuid(2) starting with 2.1 and
1475 # backported to 2.0.5. We just take 2.1 and above...
1481 if test "$with_skey" = "yes"; then
1482 SUDO_LIBS="${SUDO_LIBS} -lmd"
1485 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1486 : ${with_logincap='maybe'}
1489 # OpenBSD has a real setreuid(2) starting with 3.3 but
1490 # we will use setreuid(2) instead.
1493 # OpenBSD >= 3.0 supports BSD auth
1494 if test -z "$with_bsdauth"; then
1499 AUTH_EXCL_DEF="BSD_AUTH"
1503 : ${with_logincap='maybe'}
1506 # NetBSD has a real setreuid(2) starting with 1.3.2
1508 0.9*|1.[012]*|1.3|1.3.1)
1513 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1514 : ${with_logincap='maybe'}
1517 if test "$with_skey" = "yes"; then
1518 SUDO_LIBS="${SUDO_LIBS} -lmd"
1521 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1522 : ${with_logincap='yes'}
1530 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1531 : ${with_logincap='yes'}
1534 # lockf() on is broken on the NeXT -- use flock instead
1536 ac_cv_func_flock=yes
1540 : ${mansectform='4'}
1541 : ${with_rpath='yes'}
1545 : ${mansectform='4'}
1548 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1553 dnl Check for mixing mutually exclusive and regular auth methods
1555 AUTH_REG=${AUTH_REG# }
1556 AUTH_EXCL=${AUTH_EXCL# }
1557 if test -n "$AUTH_EXCL"; then
1559 if test $# != 1; then
1560 AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL])
1562 if test -n "$AUTH_REG"; then
1563 AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
1567 dnl Only one of S/Key and OPIE may be specified
1569 if test X"${with_skey}${with_opie}" = X"yesyes"; then
1570 AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
1574 dnl Use BSD-style man sections by default
1577 : ${mansectform='5'}
1580 dnl Add in any libpaths or libraries specified via configure
1582 if test -n "$with_libpath"; then
1583 for i in ${with_libpath}; do
1584 SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
1587 if test -n "$with_libraries"; then
1588 for i in ${with_libraries}; do
1600 dnl C compiler checks (to be done after os checks)
1602 AC_PROG_GCC_TRADITIONAL
1611 if test -z "$with_sendmail"; then
1614 if test -z "$with_editor"; then
1618 dnl Header file checks
1623 AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h)
1624 AC_CHECK_HEADERS([err.h], [], [AC_LIBOBJ(err)])
1625 dnl ultrix termio/termios are broken
1626 if test "$OS" != "ultrix"; then
1627 AC_SYS_POSIX_TERMIOS
1628 if test "$ac_cv_sys_posix_termios" = "yes"; then
1629 AC_DEFINE(HAVE_TERMIOS_H)
1631 AC_CHECK_HEADERS(termio.h)
1634 if test ${with_logincap-'no'} != "no"; then
1635 AC_CHECK_HEADERS(login_cap.h)
1637 if test ${with_project-'no'} != "no"; then
1638 AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H)
1639 [SUDO_LIBS="${SUDO_LIBS} -lproject"], -)
1646 AC_CHECK_TYPES([sig_atomic_t], , [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
1647 #include <signal.h>])
1648 AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include <sys/types.h>
1649 #include <signal.h>])
1650 AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include <sys/types.h>
1651 #if TIME_WITH_SYS_TIME
1652 # include <sys/time.h>
1655 # include <sys/time.h>
1666 dnl only set RETSIGTYPE if it is not set already
1675 AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
1676 strftime setrlimit initgroups getgroups fstat gettimeofday \
1677 setlocale getaddrinfo)
1678 if test -z "$SKIP_SETRESUID"; then
1679 AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
1681 if test -z "$SKIP_SETREUID"; then
1682 AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
1684 if test -z "$SKIP_SETEUID"; then
1685 AC_CHECK_FUNCS(seteuid)
1687 if test X"$with_interfaces" != X"no"; then
1688 AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
1690 if test -z "$BROKEN_GETCWD"; then
1691 AC_REPLACE_FUNCS(getcwd)
1693 AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h)
1694 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <glob.h>]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB)
1695 AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob)
1696 AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)])
1697 AC_CHECK_FUNCS(lockf flock, [break])
1698 AC_CHECK_FUNCS(waitpid wait3, [break])
1699 AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
1700 AC_CHECK_FUNCS(lsearch, [], [AC_CHECK_LIB([compat], [lsearch], [AC_CHECK_HEADER([search.h], [AC_DEFINE(HAVE_LSEARCH)] [LIBS="${LIBS} -lcompat"], [AC_LIBOBJ(lsearch)], -)], [AC_LIBOBJ(lsearch)])])
1701 AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
1702 SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)])
1704 AC_REPLACE_FUNCS(memrchr strerror strcasecmp sigaction strlcpy strlcat)
1705 AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom)
1706 AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [],
1707 [ #include <limits.h>
1708 #include <fcntl.h> ])
1710 AC_CHECK_FUNCS(mkstemp, [], [SUDO_OBJS="${SUDO_OBJS} mkstemp.o"
1711 AC_CHECK_FUNCS(random lrand48, [break])
1713 AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
1714 if test X"$ac_cv_type_struct_timespec" != X"no"; then
1715 AC_CHECK_MEMBER([struct stat.st_mtim], AC_DEFINE(HAVE_ST_MTIM), [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
1716 AC_MSG_CHECKING([for two-parameter timespecsub])
1717 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1718 #include <sys/time.h>]], [[struct timespec ts1, ts2;
1719 ts1.tv_sec = 1; ts1.tv_nsec = 0; ts2.tv_sec = 0; ts2.tv_nsec = 0;
1721 #error missing timespecsub
1723 timespecsub(&ts1, &ts2);]])], [AC_DEFINE(HAVE_TIMESPECSUB2)
1724 AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)])
1727 dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
1729 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1730 #include <$ac_header_dirent>]], [[DIR d; (void)dirfd(&d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_TRY_LINK([#include <sys/types.h>
1731 #include <$ac_header_dirent>], [DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);], [AC_DEFINE(HAVE_DD_FD)])])
1733 dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
1734 dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
1736 if test -n "$NEED_SNPRINTF"; then
1740 dnl If socket(2) not in libc, check -lsocket and -linet
1741 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
1742 dnl In this case we look for main(), not socket() to avoid using a cached value
1744 AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl)
1745 AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))])
1747 dnl If inet_addr(3) not in libc, check -lnsl and -linet
1748 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
1750 AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl)
1751 AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))])
1753 dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
1755 AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))])
1757 dnl Bison and DCE use alloca(3), if not in libc, use the sudo one (from gcc)
1758 dnl (gcc includes its own alloca(3) but other compilers may not)
1760 if test "$with_DCE" = "yes" -o "$ac_cv_prog_YACC" = "bison -y"; then
1764 dnl Check for getprogname() or __progname
1766 AC_CHECK_FUNCS(getprogname, , [
1767 AC_MSG_CHECKING([for __progname])
1768 AC_CACHE_VAL(sudo_cv___progname, [
1769 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
1770 if test "$sudo_cv___progname" = "yes"; then
1771 AC_DEFINE(HAVE___PROGNAME)
1773 AC_LIBOBJ(getprogname)
1775 AC_MSG_RESULT($sudo_cv___progname)
1779 dnl Mutually exclusive auth checks come first, followed by
1780 dnl non-exclusive ones. Note: passwd must be last of all!
1784 dnl Convert default authentication methods to with_* if
1785 dnl no explicit authentication scheme was specified.
1787 if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
1788 for auth in $AUTH_EXCL_DEF; do
1790 AIX_AUTH) with_aixauth=maybe;;
1791 BSD_AUTH) with_bsdauth=maybe;;
1792 PAM) with_pam=maybe;;
1793 SIA) CHECKSIA=true;;
1799 dnl PAM support. Systems that use PAM by default set with_pam=default
1800 dnl and we do the actual tests here.
1802 if test ${with_pam-"no"} != "no"; then
1804 dnl Linux may need this
1806 AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"])
1807 ac_cv_lib_dl=ac_cv_lib_dl_main
1810 dnl Some PAM implementations (MacOS X for example) put the PAM headers
1811 dnl in /usr/include/pam instead of /usr/include/security...
1813 AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break])
1814 if test "$with_pam" = "yes"; then
1816 AUTH_OBJS="$AUTH_OBJS pam.o";
1818 AC_MSG_CHECKING(whether to use PAM session support)
1819 AC_ARG_ENABLE(pam_session,
1820 [ --disable-pam-session Disable PAM session support],
1821 [ case "$enableval" in
1822 yes) AC_MSG_RESULT(yes)
1824 no) AC_MSG_RESULT(no)
1825 AC_DEFINE(NO_PAM_SESSION)
1827 *) AC_MSG_RESULT(no)
1828 AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
1830 esac], AC_MSG_RESULT(yes))
1835 dnl AIX general authentication
1836 dnl If set to "maybe" only enable if no other exclusive method in use.
1838 if test ${with_aixauth-'no'} != "no"; then
1839 if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
1840 AC_MSG_NOTICE([using AIX general authentication])
1841 AC_DEFINE(HAVE_AIXAUTH)
1842 AUTH_OBJS="$AUTH_OBJS aix_auth.o";
1843 SUDO_LIBS="${SUDO_LIBS} -ls"
1849 dnl BSD authentication
1850 dnl If set to "maybe" only enable if no other exclusive method in use.
1852 if test ${with_bsdauth-'no'} != "no"; then
1853 AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
1854 [AUTH_OBJS="$AUTH_OBJS bsdauth.o"]
1855 [BSDAUTH_USAGE='[[-a auth_type]] ']
1856 [AUTH_EXCL=BSD_AUTH],
1857 [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
1861 dnl SIA authentication for Tru64 Unix
1863 if test ${CHECKSIA-'false'} = "true"; then
1864 AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
1865 if test "$found" = "true"; then
1867 AUTH_OBJS="$AUTH_OBJS sia.o"
1872 dnl extra FWTK libs + includes
1874 if test ${with_fwtk-'no'} != "no"; then
1875 if test "$with_fwtk" != "yes"; then
1876 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}])
1877 CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
1880 SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall"
1881 AUTH_OBJS="$AUTH_OBJS fwtk.o"
1885 dnl extra SecurID lib + includes
1887 if test ${with_SecurID-'no'} != "no"; then
1888 if test "$with_SecurID" != "yes"; then
1890 elif test -d /usr/ace/examples; then
1891 with_SecurID=/usr/ace/examples
1893 with_SecurID=/usr/ace
1895 CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
1896 _LDFLAGS="${LDFLAGS}"
1897 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
1899 # Determine whether to use the new or old SecurID API
1901 AC_CHECK_LIB(aceclnt, SD_Init,
1903 AUTH_OBJS="$AUTH_OBJS securid5.o";
1904 SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"
1907 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}])
1909 AUTH_OBJS="$AUTH_OBJS securid.o";
1910 SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a"
1916 LDFLAGS="${_LDFLAGS}"
1920 dnl Non-mutually exclusive auth checks come next.
1921 dnl Note: passwd must be last of all!
1925 dnl Convert default authentication methods to with_* if
1926 dnl no explicit authentication scheme was specified.
1928 if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
1929 for auth in $AUTH_DEF; do
1931 passwd) : ${with_passwd='maybe'};;
1939 if test ${with_kerb4-'no'} != "no"; then
1940 AC_DEFINE(HAVE_KERB4)
1942 dnl Use the specified directory, if any, else search for correct inc dir
1944 O_LDFLAGS="$LDFLAGS"
1945 if test "$with_kerb4" = "yes"; then
1947 O_CPPFLAGS="$CPPFLAGS"
1948 for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
1949 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
1950 AC_PREPROC_IFELSE([#include <krb.h>], [found=yes; break])
1952 test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
1954 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib])
1955 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib])
1956 CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
1957 AC_CHECK_HEADER([krb.h], [found=yes], [found=no])
1959 if test X"$found" = X"no"; then
1960 AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
1964 dnl Check for -ldes vs. -ldes425
1966 AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [
1967 AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""])
1970 dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV
1972 AC_MSG_CHECKING(whether we are using KTH Kerberos IV)
1973 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]], [[const char *tmp = krb4_version;]])], [
1975 K4LIBS="${K4LIBS} -lcom_err"
1976 AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"])
1982 dnl The actual Kerberos IV lib might be -lkrb or -lkrb4
1984 AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [
1985 AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"],
1986 [K4LIBS="-lkrb $K4LIBS"]
1987 [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])]
1990 LDFLAGS="$O_LDFLAGS"
1991 SUDO_LIBS="${SUDO_LIBS} $K4LIBS"
1992 AUTH_OBJS="$AUTH_OBJS kerb4.o"
1997 dnl There is an easy way and a hard way...
1999 if test ${with_kerb5-'no'} != "no"; then
2000 AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
2001 if test -n "$KRB5CONFIG"; then
2002 AC_DEFINE(HAVE_KERB5)
2003 AUTH_OBJS="$AUTH_OBJS kerb5.o"
2004 CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
2005 SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`"
2007 dnl Try to determine whether we have Heimdal or MIT Kerberos
2009 AC_MSG_CHECKING(whether we are using Heimdal)
2010 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2012 AC_DEFINE(HAVE_HEIMDAL)
2019 if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then
2020 AC_DEFINE(HAVE_KERB5)
2022 dnl Use the specified directory, if any, else search for correct inc dir
2024 if test "$with_kerb5" = "yes"; then
2026 O_CPPFLAGS="$CPPFLAGS"
2027 for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
2028 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
2029 AC_PREPROC_IFELSE([#include <krb5.h>], [found=yes; break])
2031 if test X"$found" = X"no"; then
2032 CPPFLAGS="$O_CPPFLAGS"
2033 AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
2036 dnl XXX - try to include krb5.h here too
2037 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib])
2038 CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
2042 dnl Try to determine whether we have Heimdal or MIT Kerberos
2044 AC_MSG_CHECKING(whether we are using Heimdal)
2045 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2047 AC_DEFINE(HAVE_HEIMDAL)
2048 SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
2049 AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"])
2052 SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
2055 AUTH_OBJS="$AUTH_OBJS kerb5.o"
2057 LIBS="${LIBS} ${SUDO_LIBS}"
2058 AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
2063 dnl Some systems put login_cap(3) in libutil
2065 if test ${with_logincap-'no'} = "yes"; then
2067 freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
2073 dnl extra AFS libs and includes
2075 if test ${with_AFS-'no'} = "yes"; then
2077 # looks like the "standard" place for AFS libs is /usr/afsws/lib
2078 AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
2079 for i in $AFSLIBDIRS; do
2080 if test -d ${i}; then
2081 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i])
2082 FOUND_AFSLIBDIR=true
2085 if test -z "$FOUND_AFSLIBDIR"; then
2086 AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.])
2089 # Order is important here. Note that we build AFS_LIBS from right to left
2090 # since AFS_LIBS may be initialized with BSD compat libs that must go last
2091 AFS_LIBS="-laudit ${AFS_LIBS}"
2092 for i in $AFSLIBDIRS; do
2093 if test -f ${i}/util.a; then
2094 AFS_LIBS="${i}/util.a ${AFS_LIBS}"
2099 if test -z "$FOUND_UTIL_A"; then
2100 AFS_LIBS="-lutil ${AFS_LIBS}"
2102 AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
2104 # AFS includes may live in /usr/include on some machines...
2105 for i in /usr/afsws/include; do
2106 if test -d ${i}; then
2107 CPPFLAGS="${CPPFLAGS} -I${i}"
2108 FOUND_AFSINCDIR=true
2112 if test -z "$FOUND_AFSLIBDIR"; then
2113 AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
2116 AUTH_OBJS="$AUTH_OBJS afs.o"
2120 dnl extra DCE obj + lib
2121 dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
2123 if test ${with_DCE-'no'} = "yes"; then
2124 DCE_OBJS="${DCE_OBJS} dce_pwent.o"
2125 SUDO_LIBS="${SUDO_LIBS} -ldce"
2126 AUTH_OBJS="$AUTH_OBJS dce.o"
2130 dnl extra S/Key lib and includes
2132 if test ${with_skey-'no'} = "yes"; then
2133 O_LDFLAGS="$LDFLAGS"
2134 if test "$with_skey" != "yes"; then
2135 CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
2136 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
2137 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib])
2138 AC_PREPROC_IFELSE([#include <skey.h>], [found=yes], [found=no])
2141 O_CPPFLAGS="$CPPFLAGS"
2142 for dir in "" "/usr/local" "/usr/contrib"; do
2143 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2144 AC_PREPROC_IFELSE([#include <skey.h>], [found=yes; break])
2146 if test "$found" = "no" -o -z "$dir"; then
2147 CPPFLAGS="$O_CPPFLAGS"
2149 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2150 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
2153 if test "$found" = "no"; then
2154 AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
2156 AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])])
2157 AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
2158 LDFLAGS="$O_LDFLAGS"
2159 SUDO_LIBS="${SUDO_LIBS} -lskey"
2160 AUTH_OBJS="$AUTH_OBJS rfc1938.o"
2164 dnl extra OPIE lib and includes
2166 if test ${with_opie-'no'} = "yes"; then
2167 O_LDFLAGS="$LDFLAGS"
2168 if test "$with_opie" != "yes"; then
2169 CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
2170 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
2171 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib])
2172 AC_PREPROC_IFELSE([#include <opie.h>], [found=yes], [found=no])
2175 O_CPPFLAGS="$CPPFLAGS"
2176 for dir in "" "/usr/local" "/usr/contrib"; do
2177 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2178 AC_PREPROC_IFELSE([#include <opie.h>], [found=yes; break])
2180 if test "$found" = "no" -o -z "$dir"; then
2181 CPPFLAGS="$O_CPPFLAGS"
2183 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2184 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
2187 if test "$found" = "no"; then
2188 AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
2190 AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])])
2191 LDFLAGS="$O_LDFLAGS"
2192 SUDO_LIBS="${SUDO_LIBS} -lopie"
2193 AUTH_OBJS="$AUTH_OBJS rfc1938.o"
2197 dnl Check for shadow password routines if we have not already done so.
2198 dnl If there is a specific list of functions to check we do that first.
2199 dnl Otherwise, we check for SVR4-style and then SecureWare-style.
2201 if test ${with_passwd-'no'} != "no"; then
2203 dnl if crypt(3) not in libc, look elsewhere
2205 if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then
2206 AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2209 if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
2211 LIBS="$LIBS $shadow_libs"
2213 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2214 if test "$found" = "yes"; then
2215 SUDO_LIBS="$SUDO_LIBS $shadow_libs"
2216 elif test -n "$shadow_libs_optional"; then
2217 LIBS="$LIBS $shadow_libs_optional"
2218 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2219 if test "$found" = "yes"; then
2220 SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional"
2223 if test "$found" = "yes"; then
2224 case "$shadow_funcs" in
2225 *getprpwnam*) SECUREWARE=1;;
2227 test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
2233 if test "$CHECKSHADOW" = "true"; then
2234 AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2236 if test "$CHECKSHADOW" = "true"; then
2237 AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2239 if test -n "$SECUREWARE"; then
2240 AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
2241 AUTH_OBJS="$AUTH_OBJS secureware.o"
2246 dnl extra lib and .o file for LDAP support
2248 if test ${with_ldap-'no'} != "no"; then
2250 if test "$with_ldap" != "yes"; then
2251 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib])
2252 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
2253 CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
2256 SUDO_OBJS="${SUDO_OBJS} ldap.o"
2258 AC_MSG_CHECKING([for LDAP libraries])
2262 for l in -lldap -llber '-lssl -lcrypto'; do
2264 LDAP_LIBS="${LDAP_LIBS} $l"
2265 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2267 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
2269 dnl if nothing linked just try with -lldap
2270 if test "$found" = "no"; then
2272 AC_MSG_RESULT([not found, using -lldap])
2274 AC_MSG_RESULT([$LDAP_LIBS])
2276 dnl try again w/o explicitly including lber.h
2277 AC_MSG_CHECKING([whether lber.h is needed])
2278 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2279 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
2280 AC_MSG_RESULT([yes])
2281 AC_DEFINE(HAVE_LBER_H)])
2283 AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s)
2285 SUDO_LIBS="${SUDO_LIBS}${LDAP_LIBS}"
2288 # XXX - OpenLDAP has deprecated ldap_get_values()
2289 CPPFLAGS="${CPPFLAGS} -DLDAP_DEPRECATED"
2293 dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we
2294 dnl added -L dirpaths to SUDO_LDFLAGS.
2296 if test -n "$blibpath"; then
2297 if test -n "$blibpath_add"; then
2298 SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
2299 elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
2300 SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}"
2305 dnl Check for log file and timestamp locations
2311 dnl Use passwd (and secureware) auth modules?
2313 case "$with_passwd" in
2315 AUTH_OBJS="$AUTH_OBJS passwd.o"
2318 AC_DEFINE(WITHOUT_PASSWD)
2319 if test -z "$AUTH_OBJS"; then
2320 AC_MSG_ERROR([no authentication methods defined.])
2324 AUTH_OBJS=${AUTH_OBJS# }
2325 _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'`
2326 AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
2329 dnl LIBS may contain duplicates from SUDO_LIBS or NET_LIBS so prune it.
2331 if test -n "$LIBS"; then
2336 for sl in ${SUDO_LIBS} ${NET_LIBS}; do
2337 test $l = $sl && dupe=1
2339 test $dupe = 0 && LIBS="${LIBS} $l"
2346 test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
2349 dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
2350 dnl XXX - this is gross!
2352 if test "$with_noexec" != "no"; then
2353 PROGS="${PROGS} sudo_noexec.la"
2354 INSTALL_NOEXEC="install-noexec"
2356 oexec_prefix="$exec_prefix"
2357 if test "$exec_prefix" = '$(prefix)'; then
2358 if test "$prefix" = "NONE"; then
2359 exec_prefix="$ac_default_prefix"
2361 exec_prefix="$prefix"
2364 eval noexec_file="$with_noexec"
2365 AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
2366 exec_prefix="$oexec_prefix"
2370 dnl Substitute into the Makefile and man pages
2372 AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man])
2376 dnl Spew any text the user needs to know about
2378 if test "$with_pam" = "yes"; then
2381 AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
2387 dnl Autoheader templates
2389 AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
2390 AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
2391 AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
2392 AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
2393 AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
2394 AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
2395 AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
2396 AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
2397 AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
2398 AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
2399 AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
2400 AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
2401 AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
2402 AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
2403 AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
2404 AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.])
2405 AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
2406 AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
2407 AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
2408 AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)])
2409 AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)])
2410 AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
2411 AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
2412 AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
2413 AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
2414 AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
2415 AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
2416 AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.])
2417 AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
2418 AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
2419 AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
2420 AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
2421 AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
2422 AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
2423 AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
2424 AH_TEMPLATE(HAVE_SIA, [Define to 1 if you use SIA authentication.])
2425 AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
2426 AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
2427 AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
2428 AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
2429 AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
2430 AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.])
2431 AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h])
2432 AH_TEMPLATE(HAVE_TIMESPECSUB2, [Define to 1 if you have a timespecsub macro or function that takes two arguments (not three)])
2433 AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
2434 AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
2435 AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
2436 AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
2437 AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
2438 AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
2439 AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
2440 AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
2441 AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
2442 AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
2443 AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
2444 AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
2445 AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
2446 AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
2447 AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
2448 AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
2449 AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
2450 AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
2451 AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
2452 AH_TEMPLATE(USE_TTY_TICKETS, [Define to 1 if you want a different ticket file for each tty.])
2453 AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
2454 AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
2457 dnl Bits to copy verbatim into config.h.in
2459 AH_TOP([#ifndef _SUDO_CONFIG_H
2460 #define _SUDO_CONFIG_H])
2463 * Macros to pull sec and nsec parts of mtime from struct stat.
2464 * We need to be able to convert between timeval and timespec
2465 * so the last 3 digits of tv_nsec are not significant.
2468 # define mtim_getsec(_x) ((_x).st_mtim.tv_sec)
2469 # define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000)
2471 # ifdef HAVE_ST_MTIMESPEC
2472 # define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec)
2473 # define mtim_getnsec(_x) (((_x).st_mtimespec.tv_nsec / 1000) * 1000)
2475 # define mtim_getsec(_x) ((_x).st_mtime)
2476 # define mtim_getnsec(_x) (0)
2477 # endif /* HAVE_ST_MTIMESPEC */
2478 #endif /* HAVE_ST_MTIM */
2481 * Emulate a subset of waitpid() if we don't have it.
2484 # define sudo_waitpid(p, s, o) waitpid(p, s, o)
2487 # define sudo_waitpid(p, s, o) wait3(s, o, NULL)
2491 /* GNU stow needs /etc/sudoers to be a symlink. */
2493 # define stat_sudoers stat
2495 # define stat_sudoers lstat
2498 /* Macros to set/clear/test flags. */
2500 #define SET(t, f) ((t) |= (f))
2502 #define CLR(t, f) ((t) &= ~(f))
2504 #define ISSET(t, f) ((t) & (f))
2506 /* New ANSI-style OS defs for HP-UX and ConvexOS. */
2507 #if defined(hpux) && !defined(__hpux)
2511 #if defined(convex) && !defined(__convex__)
2512 # define __convex__ 1
2515 /* BSD compatibility on some SVR4 systems. */
2518 #endif /* __svr4__ */
2520 #endif /* _SUDO_CONFIG_H */])