2 dnl Process this file with GNU autoconf to produce a configure script.
4 dnl Copyright (c) 1994-1996,1998-2012 Todd C. Miller <Todd.Miller@courtesan.com>
6 AC_INIT([sudo], [1.8.4p4], [http://www.sudo.ws/bugs/], [sudo])
7 AC_CONFIG_HEADER([config.h pathnames.h])
9 dnl Note: this must come after AC_INIT
11 AC_MSG_NOTICE([Configuring Sudo version $PACKAGE_VERSION])
13 dnl Variables that get substituted in the Makefile and man pages
15 AC_SUBST([HAVE_BSM_AUDIT])
22 AC_SUBST([SUDOERS_LDFLAGS])
24 AC_SUBST([COMMON_OBJS])
25 AC_SUBST([SUDOERS_OBJS])
29 AC_SUBST([SUDOERS_LIBS])
32 AC_SUBST([REPLAY_LIBS])
33 AC_SUBST([GETGROUPS_LIB])
37 AC_SUBST([MAN_POSTINSTALL])
38 AC_SUBST([SUDOERS_MODE])
39 AC_SUBST([SUDOERS_UID])
40 AC_SUBST([SUDOERS_GID])
47 AC_SUBST([mansectform])
49 AC_SUBST([NOEXECFILE])
53 AC_SUBST([noexec_file])
54 AC_SUBST([INSTALL_NOEXEC])
55 AC_SUBST([DONT_LEAK_PATH_INFO])
56 AC_SUBST([BSDAUTH_USAGE])
57 AC_SUBST([SELINUX_USAGE])
59 AC_SUBST([LOGINCAP_USAGE])
62 AC_SUBST([LIBTOOL_DEPS])
63 AC_SUBST([ac_config_libobj_dir])
64 AC_SUBST([CONFIGURE_ARGS])
69 AC_SUBST([COMPAT_TEST_PROGS])
71 dnl Variables that get substituted in docs (not overridden by environment)
73 AC_SUBST([iolog_dir])dnl real initial value from SUDO_IO_LOGDIR
74 AC_SUBST([timedir])dnl real initial value from SUDO_TIMEDIR
76 AC_SUBST([password_timeout])
77 AC_SUBST([sudo_umask])
78 AC_SUBST([umask_override])
79 AC_SUBST([passprompt])
80 AC_SUBST([long_otp_prompt])
86 AC_SUBST([ignore_dot])
87 AC_SUBST([mail_no_user])
88 AC_SUBST([mail_no_host])
89 AC_SUBST([mail_no_perms])
92 AC_SUBST([badpass_message])
94 AC_SUBST([runas_default])
95 AC_SUBST([env_editor])
97 AC_SUBST([passwd_tries])
98 AC_SUBST([tty_tickets])
100 AC_SUBST([root_sudo])
101 AC_SUBST([path_info])
102 AC_SUBST([ldap_conf])
103 AC_SUBST([ldap_secret])
104 AC_SUBST([nsswitch_conf])
105 AC_SUBST([netsvc_conf])
106 AC_SUBST([secure_path])
109 # Begin initial values for man page substitution
111 iolog_dir=/var/log/sudo-io
112 timedir=/var/adm/sudo
117 passprompt="Password:"
129 mailsub="*** SECURITY information for %h ***"
130 badpass_message="Sorry, try again."
141 ldap_conf=/etc/ldap.conf
142 ldap_secret=/etc/ldap.secret
143 netsvc_conf=/etc/netsvc.conf
144 noexec_file=/usr/local/libexec/sudo_noexec.so
145 nsswitch_conf=/etc/nsswitch.conf
146 secure_path="not set"
148 # End initial values for man page substitution
151 dnl Initial values for Makefile variables listed above
152 dnl May be overridden by environment variables..
159 : ${SUDOERS_MODE='0440'}
184 shadow_libs_optional=
188 dnl libc replacement functions live in compat
190 AC_CONFIG_LIBOBJ_DIR(compat)
193 dnl Deprecated --with options (these all warn or generate an error)
196 AC_ARG_WITH(otp-only, [AS_HELP_STRING([--with-otp-only], [deprecated])],
197 [case $with_otp_only in
198 yes) with_passwd="no"
199 AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
203 AC_ARG_WITH(alertmail, [AS_HELP_STRING([--with-alertmail], [deprecated])],
204 [case $with_alertmail in
205 *) with_mailto="$with_alertmail"
206 AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
211 dnl Options for --with
214 AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])],
216 yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
217 OSDEFS="${OSDEFS} -DSUDO_DEVEL"
222 *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
226 AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])],
228 *) AC_MSG_ERROR([the --with-CC option is no longer supported, please set the CC environment variable instead.])
232 AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [pass -R flag in addition to -L for lib paths])],
235 *) AC_MSG_ERROR(["--with-rpath does not take an argument."])
239 AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [pass -blibpath flag to ld for additional lib paths])],
240 [case $with_blibpath in
242 *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
247 dnl Handle BSM auditing support.
249 AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit support])],
250 [case $with_bsm_audit in
251 yes) AC_DEFINE(HAVE_BSM_AUDIT)
252 SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm"
253 SUDOERS_OBJS="${SUDOERS_OBJS} bsm_audit.lo"
256 *) AC_MSG_ERROR(["--with-bsm-audit does not take an argument."])
261 dnl Handle Linux auditing support.
263 AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux-audit], [enable Linux audit support])],
264 [case $with_linux_audit in
265 yes) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <libaudit.h>]], [[int i = AUDIT_USER_CMD; (void)i;]])], [
266 AC_DEFINE(HAVE_LINUX_AUDIT)
267 SUDO_LIBS="${SUDO_LIBS} -laudit"
268 SUDOERS_LIBS="${SUDO_LIBS} -laudit"
269 SUDOERS_OBJS="${SUDOERS_OBJS} linux_audit.lo"
271 AC_MSG_ERROR([unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit])
275 *) AC_MSG_ERROR(["--with-linux-audit does not take an argument."])
279 AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])],
280 [case $with_incpath in
281 yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
283 no) AC_MSG_ERROR(["--without-incpath not supported."])
285 *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
286 for i in ${with_incpath}; do
287 CPPFLAGS="${CPPFLAGS} -I${i}"
292 AC_ARG_WITH(libpath, [AS_HELP_STRING([--with-libpath], [additional places to look for libraries])],
293 [case $with_libpath in
294 yes) AC_MSG_ERROR(["must give --with-libpath an argument."])
296 no) AC_MSG_ERROR(["--without-libpath not supported."])
298 *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS])
302 AC_ARG_WITH(libraries, [AS_HELP_STRING([--with-libraries], [additional libraries to link with])],
303 [case $with_libraries in
304 yes) AC_MSG_ERROR(["must give --with-libraries an argument."])
306 no) AC_MSG_ERROR(["--without-libraries not supported."])
308 *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS])
312 AC_ARG_WITH(efence, [AS_HELP_STRING([--with-efence], [link with -lefence for malloc() debugging])],
313 [case $with_efence in
314 yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
315 LIBS="${LIBS} -lefence"
316 if test -f /usr/local/lib/libefence.a; then
317 with_libpath="${with_libpath} /usr/local/lib"
321 *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence])
325 AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])],
327 yes) AC_MSG_NOTICE([Adding CSOps standard options])
331 with_classic_insults=yes
332 with_csops_insults=yes
338 *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
342 AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])],
343 [case $with_passwd in
344 yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
345 AC_MSG_RESULT($with_passwd)
347 test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
349 *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
353 AC_ARG_WITH(skey, [AS_HELP_STRING([--with-skey[=DIR]], [enable S/Key support ])],
356 *) AC_DEFINE(HAVE_SKEY)
357 AC_MSG_CHECKING(whether to try S/Key authentication)
359 AUTH_REG="$AUTH_REG S/Key"
363 AC_ARG_WITH(opie, [AS_HELP_STRING([--with-opie[=DIR]], [enable OPIE support ])],
366 *) AC_DEFINE(HAVE_OPIE)
367 AC_MSG_CHECKING(whether to try NRL OPIE authentication)
369 AUTH_REG="$AUTH_REG NRL_OPIE"
373 AC_ARG_WITH(long-otp-prompt, [AS_HELP_STRING([--with-long-otp-prompt], [use a two line OTP (skey/opie) prompt])],
374 [case $with_long_otp_prompt in
375 yes) AC_DEFINE(LONG_OTP_PROMPT)
376 AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
380 no) long_otp_prompt=off
382 *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."])
386 AC_ARG_WITH(SecurID, [AS_HELP_STRING([--with-SecurID[[=DIR]]], [enable SecurID support])],
387 [case $with_SecurID in
389 *) AC_DEFINE(HAVE_SECURID)
390 AC_MSG_CHECKING(whether to use SecurID for authentication)
392 AUTH_EXCL="$AUTH_EXCL SecurID"
396 AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]]], [enable FWTK AuthSRV support])],
399 *) AC_DEFINE(HAVE_FWTK)
400 AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
402 AUTH_EXCL="$AUTH_EXCL FWTK"
406 AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])],
409 *) AC_MSG_CHECKING(whether to try Kerberos V authentication)
411 AUTH_REG="$AUTH_REG kerb5"
415 AC_ARG_WITH(aixauth, [AS_HELP_STRING([--with-aixauth], [enable AIX general authentication support])],
416 [case $with_aixauth in
417 yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
419 *) AC_MSG_ERROR(["--with-aixauth does not take an argument."])
423 AC_ARG_WITH(pam, [AS_HELP_STRING([--with-pam], [enable PAM support])],
425 yes) AUTH_EXCL="$AUTH_EXCL PAM";;
427 *) AC_MSG_ERROR(["--with-pam does not take an argument."])
431 AC_ARG_WITH(AFS, [AS_HELP_STRING([--with-AFS], [enable AFS support])],
433 yes) AC_DEFINE(HAVE_AFS)
434 AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
436 AUTH_REG="$AUTH_REG AFS"
439 *) AC_MSG_ERROR(["--with-AFS does not take an argument."])
443 AC_ARG_WITH(DCE, [AS_HELP_STRING([--with-DCE], [enable DCE support])],
445 yes) AC_DEFINE(HAVE_DCE)
446 AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
448 AUTH_REG="$AUTH_REG DCE"
451 *) AC_MSG_ERROR(["--with-DCE does not take an argument."])
455 AC_ARG_WITH(logincap, [AS_HELP_STRING([--with-logincap], [enable BSD login class support])],
456 [case $with_logincap in
458 *) AC_MSG_ERROR(["--with-logincap does not take an argument."])
462 AC_ARG_WITH(bsdauth, [AS_HELP_STRING([--with-bsdauth], [enable BSD authentication support])],
463 [case $with_bsdauth in
464 yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
466 *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
470 AC_ARG_WITH(project, [AS_HELP_STRING([--with-project], [enable Solaris project support])],
471 [case $with_project in
474 *) AC_MSG_ERROR(["--with-project does not take an argument."])
478 AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
479 AC_ARG_WITH(lecture, [AS_HELP_STRING([--without-lecture], [don't print lecture for first-time sudoer])],
480 [case $with_lecture in
481 yes|short|always) lecture=once
483 no|none|never) lecture=never
485 *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"])
488 if test "$lecture" = "once"; then
491 AC_DEFINE(NO_LECTURE)
495 AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
496 AC_ARG_WITH(logging, [AS_HELP_STRING([--with-logging], [log via syslog, file, or both])],
497 [case $with_logging in
498 yes) AC_MSG_ERROR(["must give --with-logging an argument."])
500 no) AC_MSG_ERROR(["--without-logging not supported."])
502 syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG)
503 AC_MSG_RESULT(syslog)
505 file) AC_DEFINE(LOGGING, SLOG_FILE)
508 both) AC_DEFINE(LOGGING, SLOG_BOTH)
511 *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"])
513 esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
515 AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "auth")])],
516 [case $with_logfac in
517 yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
519 no) AC_MSG_ERROR(["--without-logfac not supported."])
521 authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac
523 *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
527 AC_MSG_CHECKING(at which syslog priority to log commands)
528 AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])],
529 [case $with_goodpri in
530 yes) AC_MSG_ERROR(["must give --with-goodpri an argument."])
532 no) AC_MSG_ERROR(["--without-goodpri not supported."])
534 alert|crit|debug|emerg|err|info|notice|warning)
535 goodpri=$with_goodpri
537 *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."])
540 AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
541 AC_MSG_RESULT($goodpri)
543 AC_MSG_CHECKING(at which syslog priority to log failures)
544 AC_ARG_WITH(badpri, [AS_HELP_STRING([--with-badpri], [syslog priority for failures (def is "alert")])],
545 [case $with_badpri in
546 yes) AC_MSG_ERROR(["must give --with-badpri an argument."])
548 no) AC_MSG_ERROR(["--without-badpri not supported."])
550 alert|crit|debug|emerg|err|info|notice|warning)
553 *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
556 AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
557 AC_MSG_RESULT($badpri)
559 AC_ARG_WITH(logpath, [AS_HELP_STRING([--with-logpath], [path to the sudo log file])],
560 [case $with_logpath in
561 yes) AC_MSG_ERROR(["must give --with-logpath an argument."])
563 no) AC_MSG_ERROR(["--without-logpath not supported."])
567 AC_MSG_CHECKING(how long a line in the log file should be)
568 AC_ARG_WITH(loglen, [AS_HELP_STRING([--with-loglen], [maximum length of a log file line (default is 80)])],
569 [case $with_loglen in
570 yes) AC_MSG_ERROR(["must give --with-loglen an argument."])
572 no) AC_MSG_ERROR(["--without-loglen not supported."])
574 [[0-9]]*) loglen=$with_loglen
576 *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"])
579 AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
580 AC_MSG_RESULT($loglen)
582 AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
583 AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [ignore '.' in the PATH])],
584 [case $with_ignore_dot in
589 *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."])
592 if test "$ignore_dot" = "on"; then
593 AC_DEFINE(IGNORE_DOT_PATH)
599 AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
600 AC_ARG_WITH(mail-if-no-user, [AS_HELP_STRING([--without-mail-if-no-user], [do not send mail if user not in sudoers])],
601 [case $with_mail_if_no_user in
606 *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."])
609 if test "$mail_no_user" = "on"; then
610 AC_DEFINE(SEND_MAIL_WHEN_NO_USER)
616 AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
617 AC_ARG_WITH(mail-if-no-host, [AS_HELP_STRING([--with-mail-if-no-host], [send mail if user in sudoers but not for this host])],
618 [case $with_mail_if_no_host in
623 *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."])
626 if test "$mail_no_host" = "on"; then
627 AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
633 AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
634 AC_ARG_WITH(mail-if-noperms, [AS_HELP_STRING([--with-mail-if-noperms], [send mail if user not allowed to run command])],
635 [case $with_mail_if_noperms in
640 *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."])
643 if test "$mail_noperms" = "on"; then
644 AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
650 AC_MSG_CHECKING(who should get the mail that sudo sends)
651 AC_ARG_WITH(mailto, [AS_HELP_STRING([--with-mailto], [who should get sudo mail (default is "root")])],
652 [case $with_mailto in
653 yes) AC_MSG_ERROR(["must give --with-mailto an argument."])
655 no) AC_MSG_ERROR(["--without-mailto not supported."])
657 *) mailto=$with_mailto
660 AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
661 AC_MSG_RESULT([$mailto])
663 AC_ARG_WITH(mailsubject, [AS_HELP_STRING([--with-mailsubject], [subject of sudo mail])],
664 [case $with_mailsubject in
665 yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."])
667 no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.])
669 *) mailsub="$with_mailsubject"
670 AC_MSG_CHECKING(sudo mail subject)
671 AC_MSG_RESULT([Using alert mail subject: $mailsub])
674 AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
676 AC_MSG_CHECKING(for bad password prompt)
677 AC_ARG_WITH(passprompt, [AS_HELP_STRING([--with-passprompt], [default password prompt])],
678 [case $with_passprompt in
679 yes) AC_MSG_ERROR(["must give --with-passprompt an argument."])
681 no) AC_MSG_WARN([Sorry, --without-passprompt not supported.])
683 *) passprompt="$with_passprompt"
685 AC_MSG_RESULT($passprompt)
686 AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
688 AC_MSG_CHECKING(for bad password message)
689 AC_ARG_WITH(badpass-message, [AS_HELP_STRING([--with-badpass-message], [message the user sees when the password is wrong])],
690 [case $with_badpass_message in
691 yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
693 no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.])
695 *) badpass_message="$with_badpass_message"
698 AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
699 AC_MSG_RESULT([$badpass_message])
701 AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
702 AC_ARG_WITH(fqdn, [AS_HELP_STRING([--with-fqdn], [expect fully qualified hosts in sudoers])],
708 *) AC_MSG_ERROR(["--with-fqdn does not take an argument."])
711 if test "$fqdn" = "on"; then
718 AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir], [path to the sudo timestamp dir])],
719 [case $with_timedir in
720 yes) AC_MSG_ERROR(["must give --with-timedir an argument."])
722 no) AC_MSG_ERROR(["--without-timedir not supported."])
726 AC_ARG_WITH(iologdir, [AS_HELP_STRING([--with-iologdir=DIR], [directory to store sudo I/O log files in])],
727 [case $with_iologdir in
729 no) AC_MSG_ERROR(["--without-iologdir not supported."])
733 AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail])
734 AS_HELP_STRING([--without-sendmail], [do not send mail at all])],
735 [case $with_sendmail in
736 yes) with_sendmail=""
739 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
743 AC_ARG_WITH(sudoers-mode, [AS_HELP_STRING([--with-sudoers-mode], [mode of sudoers file (defaults to 0440)])],
744 [case $with_sudoers_mode in
745 yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
747 no) AC_MSG_ERROR(["--without-sudoers-mode not supported."])
749 [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode}
751 0*) SUDOERS_MODE=$with_sudoers_mode
753 *) AC_MSG_ERROR(["you must use an octal mode, not a name."])
757 AC_ARG_WITH(sudoers-uid, [AS_HELP_STRING([--with-sudoers-uid], [uid that owns sudoers file (defaults to 0)])],
758 [case $with_sudoers_uid in
759 yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
761 no) AC_MSG_ERROR(["--without-sudoers-uid not supported."])
763 [[0-9]]*) SUDOERS_UID=$with_sudoers_uid
765 *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."])
769 AC_ARG_WITH(sudoers-gid, [AS_HELP_STRING([--with-sudoers-gid], [gid that owns sudoers file (defaults to 0)])],
770 [case $with_sudoers_gid in
771 yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
773 no) AC_MSG_ERROR(["--without-sudoers-gid not supported."])
775 [[0-9]]*) SUDOERS_GID=$with_sudoers_gid
777 *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."])
781 AC_MSG_CHECKING(for umask programs should be run with)
782 AC_ARG_WITH(umask, [AS_HELP_STRING([--with-umask], [umask with which the prog should run (default is 022)])
783 AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo.])],
785 yes) AC_MSG_ERROR(["must give --with-umask an argument."])
789 [[0-9]]*) sudo_umask=$with_umask
791 *) AC_MSG_ERROR(["you must enter a numeric mask."])
794 AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the sudo-run prog should use.])
795 if test "$sudo_umask" = "0777"; then
798 AC_MSG_RESULT($sudo_umask)
801 AC_ARG_WITH(umask-override, [AS_HELP_STRING([--with-umask-override], [Use the umask specified in sudoers even if it is less restrictive than the user's.])],
802 [case $with_umask_override in
803 yes) AC_DEFINE(UMASK_OVERRIDE)
806 no) umask_override=off
808 *) AC_MSG_ERROR(["--with-umask-override does not take an argument."])
812 AC_MSG_CHECKING(for default user to run commands as)
813 AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])],
814 [case $with_runas_default in
815 yes) AC_MSG_ERROR(["must give --with-runas-default an argument."])
817 no) AC_MSG_ERROR(["--without-runas-default not supported."])
819 *) runas_default="$with_runas_default"
822 AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
823 AC_MSG_RESULT([$runas_default])
825 AC_ARG_WITH(exempt, [AS_HELP_STRING([--with-exempt=group], [no passwd needed for users in this group])],
826 [case $with_exempt in
827 yes) AC_MSG_ERROR(["must give --with-exempt an argument."])
829 no) AC_MSG_ERROR(["--without-exempt not supported."])
831 *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
832 AC_MSG_CHECKING(for group to be exempt from password)
833 AC_MSG_RESULT([$with_exempt])
837 AC_MSG_CHECKING(for editor that visudo should use)
838 AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for visudo (defaults to vi)])],
839 [case $with_editor in
840 yes) AC_MSG_ERROR(["must give --with-editor an argument."])
842 no) AC_MSG_ERROR(["--without-editor not supported."])
844 *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
845 AC_MSG_RESULT([$with_editor])
846 editor="$with_editor"
848 esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
850 AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
851 AC_ARG_WITH(env-editor, [AS_HELP_STRING([--with-env-editor], [Use the environment variable EDITOR for visudo])],
852 [case $with_env_editor in
857 *) AC_MSG_ERROR(["--with-env-editor does not take an argument."])
860 if test "$env_editor" = "on"; then
861 AC_DEFINE(ENV_EDITOR)
867 AC_MSG_CHECKING(number of tries a user gets to enter their password)
868 AC_ARG_WITH(passwd-tries, [AS_HELP_STRING([--with-passwd-tries], [number of tries to enter password (default is 3)])],
869 [case $with_passwd_tries in
871 no) AC_MSG_ERROR(["--without-editor not supported."])
873 [[1-9]]*) passwd_tries=$with_passwd_tries
875 *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"])
878 AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
879 AC_MSG_RESULT($passwd_tries)
881 AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
882 AC_ARG_WITH(timeout, [AS_HELP_STRING([--with-timeout], [minutes before sudo asks for passwd again (def is 5 minutes)])],
883 [case $with_timeout in
887 [[0-9]]*) timeout=$with_timeout
889 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
892 AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
893 AC_MSG_RESULT($timeout)
895 AC_MSG_CHECKING(time in minutes after the password prompt will time out)
896 AC_ARG_WITH(password-timeout, [AS_HELP_STRING([--with-password-timeout], [passwd prompt timeout in minutes (default is 5 minutes)])],
897 [case $with_password_timeout in
899 no) password_timeout=0
901 [[0-9]]*) password_timeout=$with_password_timeout
903 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
906 AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
907 AC_MSG_RESULT($password_timeout)
909 AC_MSG_CHECKING(whether to use per-tty ticket files)
910 AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different ticket file for each tty])],
911 [case $with_tty_tickets in
916 *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
919 if test "$tty_tickets" = "off"; then
920 AC_DEFINE(NO_TTY_TICKETS)
926 AC_MSG_CHECKING(whether to include insults)
927 AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for entering an incorrect password])],
928 [case $with_insults in
930 with_classic_insults=yes
931 with_csops_insults=yes
933 disabled) insults=off
934 with_classic_insults=yes
935 with_csops_insults=yes
939 *) AC_MSG_ERROR(["--with-insults does not take an argument."])
942 if test "$insults" = "on"; then
943 AC_DEFINE(USE_INSULTS)
949 AC_ARG_WITH(all-insults, [AS_HELP_STRING([--with-all-insults], [include all the sudo insult sets])],
950 [case $with_all_insults in
951 yes) with_classic_insults=yes
952 with_csops_insults=yes
954 with_goons_insults=yes
957 *) AC_MSG_ERROR(["--with-all-insults does not take an argument."])
961 AC_ARG_WITH(classic-insults, [AS_HELP_STRING([--with-classic-insults], [include the insults from the "classic" sudo])],
962 [case $with_classic_insults in
963 yes) AC_DEFINE(CLASSIC_INSULTS)
966 *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."])
970 AC_ARG_WITH(csops-insults, [AS_HELP_STRING([--with-csops-insults], [include CSOps insults])],
971 [case $with_csops_insults in
972 yes) AC_DEFINE(CSOPS_INSULTS)
975 *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."])
979 AC_ARG_WITH(hal-insults, [AS_HELP_STRING([--with-hal-insults], [include 2001-like insults])],
980 [case $with_hal_insults in
981 yes) AC_DEFINE(HAL_INSULTS)
984 *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."])
988 AC_ARG_WITH(goons-insults, [AS_HELP_STRING([--with-goons-insults], [include the insults from the "Goon Show"])],
989 [case $with_goons_insults in
990 yes) AC_DEFINE(GOONS_INSULTS)
993 *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."])
997 AC_ARG_WITH(nsswitch, [AS_HELP_STRING([--with-nsswitch[[=PATH]]], [path to nsswitch.conf])],
998 [case $with_nsswitch in
1000 yes) with_nsswitch="/etc/nsswitch.conf"
1005 AC_ARG_WITH(ldap, [AS_HELP_STRING([--with-ldap[[=DIR]]], [enable LDAP support])],
1008 *) AC_DEFINE(HAVE_LDAP)
1009 AC_MSG_CHECKING(whether to use sudoers from LDAP)
1014 AC_ARG_WITH(ldap-conf-file, [AS_HELP_STRING([--with-ldap-conf-file], [path to LDAP configuration file])])
1015 test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file"
1016 SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$ldap_conf", [Path to the ldap.conf file])
1018 AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path to LDAP secret password file])])
1019 test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file"
1020 SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file])
1022 AC_ARG_WITH(pc-insults, [AS_HELP_STRING([--with-pc-insults], [replace politically incorrect insults with less offensive ones])],
1023 [case $with_pc_insults in
1024 yes) AC_DEFINE(PC_INSULTS)
1027 *) AC_MSG_ERROR(["--with-pc-insults does not take an argument."])
1031 dnl include all insult sets on one line
1032 if test "$insults" = "on"; then
1033 AC_MSG_CHECKING(which insult sets to include)
1035 test "$with_goons_insults" = "yes" && i="goons ${i}"
1036 test "$with_hal_insults" = "yes" && i="hal ${i}"
1037 test "$with_csops_insults" = "yes" && i="csops ${i}"
1038 test "$with_classic_insults" = "yes" && i="classic ${i}"
1042 AC_MSG_CHECKING(whether to override the user's path)
1043 AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])],
1044 [case $with_secure_path in
1045 yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc"
1046 AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
1047 AC_MSG_RESULT([$with_secure_path])
1048 secure_path="set to $with_secure_path"
1050 no) AC_MSG_RESULT(no)
1052 *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
1053 AC_MSG_RESULT([$with_secure_path])
1054 secure_path="set to F<$with_secure_path>"
1056 esac], AC_MSG_RESULT(no))
1058 AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
1059 AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-interfaces], [don't try to read the ip addr of ether interfaces])],
1060 [case $with_interfaces in
1061 yes) AC_MSG_RESULT(yes)
1063 no) AC_DEFINE(STUB_LOAD_INTERFACES)
1066 *) AC_MSG_ERROR(["--with-interfaces does not take an argument."])
1068 esac], AC_MSG_RESULT(yes))
1070 AC_MSG_CHECKING(whether stow should be used)
1071 AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [properly handle GNU stow packaging])],
1073 yes) AC_MSG_RESULT(yes)
1076 no) AC_MSG_RESULT(no)
1078 *) AC_MSG_ERROR(["--with-stow does not take an argument."])
1080 esac], AC_MSG_RESULT(no))
1082 AC_MSG_CHECKING(whether to use an askpass helper)
1083 AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])],
1084 [case $with_askpass in
1085 yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."])
1088 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass])
1090 esac], AC_MSG_RESULT(no))
1092 AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir], [set directory to load plugins from])],
1093 [case $with_plugindir in
1094 no) AC_MSG_ERROR(["illegal argument: --without-plugindir."])
1097 esac], [with_plugindir="$libexecdir"])
1100 dnl Options for --enable
1103 AC_MSG_CHECKING(whether to do user authentication by default)
1104 AC_ARG_ENABLE(authentication,
1105 [AS_HELP_STRING([--disable-authentication], [Do not require authentication by default])],
1106 [ case "$enableval" in
1107 yes) AC_MSG_RESULT(yes)
1109 no) AC_MSG_RESULT(no)
1110 AC_DEFINE(NO_AUTHENTICATION)
1112 *) AC_MSG_RESULT(no)
1113 AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval])
1116 ], AC_MSG_RESULT(yes))
1118 AC_MSG_CHECKING(whether to disable running the mailer as root)
1119 AC_ARG_ENABLE(root-mailer,
1120 [AS_HELP_STRING([--disable-root-mailer], [Don't run the mailer as root, run as the user])],
1121 [ case "$enableval" in
1122 yes) AC_MSG_RESULT(no)
1124 no) AC_MSG_RESULT(yes)
1125 AC_DEFINE(NO_ROOT_MAILER)
1127 *) AC_MSG_RESULT(no)
1128 AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval])
1131 ], AC_MSG_RESULT(no))
1133 AC_ARG_ENABLE(setreuid,
1134 [AS_HELP_STRING([--disable-setreuid], [Don't try to use the setreuid() function])],
1135 [ case "$enableval" in
1136 no) SKIP_SETREUID=yes
1142 AC_ARG_ENABLE(setresuid,
1143 [AS_HELP_STRING([--disable-setresuid], [Don't try to use the setresuid() function])],
1144 [ case "$enableval" in
1145 no) SKIP_SETRESUID=yes
1151 AC_MSG_CHECKING(whether to disable shadow password support)
1152 AC_ARG_ENABLE(shadow,
1153 [AS_HELP_STRING([--disable-shadow], [Never use shadow passwords])],
1154 [ case "$enableval" in
1155 yes) AC_MSG_RESULT(no)
1157 no) AC_MSG_RESULT(yes)
1160 *) AC_MSG_RESULT(no)
1161 AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval])
1164 ], AC_MSG_RESULT(no))
1166 AC_MSG_CHECKING(whether root should be allowed to use sudo)
1167 AC_ARG_ENABLE(root-sudo,
1168 [AS_HELP_STRING([--disable-root-sudo], [Don't allow root to run sudo])],
1169 [ case "$enableval" in
1170 yes) AC_MSG_RESULT(yes)
1172 no) AC_DEFINE(NO_ROOT_SUDO)
1176 *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."])
1179 ], AC_MSG_RESULT(yes))
1181 AC_MSG_CHECKING(whether to log the hostname in the log file)
1182 AC_ARG_ENABLE(log-host,
1183 [AS_HELP_STRING([--enable-log-host], [Log the hostname in the log file])],
1184 [ case "$enableval" in
1185 yes) AC_MSG_RESULT(yes)
1186 AC_DEFINE(HOST_IN_LOG)
1188 no) AC_MSG_RESULT(no)
1190 *) AC_MSG_RESULT(no)
1191 AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval])
1194 ], AC_MSG_RESULT(no))
1196 AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
1197 AC_ARG_ENABLE(noargs-shell,
1198 [AS_HELP_STRING([--enable-noargs-shell], [If sudo is given no arguments run a shell])],
1199 [ case "$enableval" in
1200 yes) AC_MSG_RESULT(yes)
1201 AC_DEFINE(SHELL_IF_NO_ARGS)
1203 no) AC_MSG_RESULT(no)
1205 *) AC_MSG_RESULT(no)
1206 AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval])
1209 ], AC_MSG_RESULT(no))
1211 AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
1212 AC_ARG_ENABLE(shell-sets-home,
1213 [AS_HELP_STRING([--enable-shell-sets-home], [Set $HOME to target user in shell mode])],
1214 [ case "$enableval" in
1215 yes) AC_MSG_RESULT(yes)
1216 AC_DEFINE(SHELL_SETS_HOME)
1218 no) AC_MSG_RESULT(no)
1220 *) AC_MSG_RESULT(no)
1221 AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval])
1224 ], AC_MSG_RESULT(no))
1226 AC_MSG_CHECKING(whether to disable 'command not found' messages)
1227 AC_ARG_ENABLE(path_info,
1228 [AS_HELP_STRING([--disable-path-info], [Print 'command not allowed' not 'command not found'])],
1229 [ case "$enableval" in
1230 yes) AC_MSG_RESULT(no)
1232 no) AC_MSG_RESULT(yes)
1233 AC_DEFINE(DONT_LEAK_PATH_INFO)
1236 *) AC_MSG_RESULT(no)
1237 AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval])
1240 ], AC_MSG_RESULT(no))
1242 AC_MSG_CHECKING(whether to enable environment debugging)
1243 AC_ARG_ENABLE(env_debug,
1244 [AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])],
1245 [ case "$enableval" in
1246 yes) AC_MSG_RESULT(yes)
1247 AC_DEFINE(ENV_DEBUG)
1249 no) AC_MSG_RESULT(no)
1251 *) AC_MSG_RESULT(no)
1252 AC_MSG_WARN([Ignoring unknown argument to --enable-env-debug: $enableval])
1255 ], AC_MSG_RESULT(no))
1258 [AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])],
1259 [], [enable_zlib=yes])
1261 AC_MSG_CHECKING(whether to enable environment resetting by default)
1262 AC_ARG_ENABLE(env_reset,
1263 [AS_HELP_STRING([--enable-env-reset], [Whether to enable environment resetting by default.])],
1264 [ case "$enableval" in
1270 AC_MSG_WARN([Ignoring unknown argument to --enable-env-reset: $enableval])
1274 if test "$env_reset" = "on"; then
1276 AC_DEFINE(ENV_RESET, 1)
1279 AC_DEFINE(ENV_RESET, 0)
1282 AC_ARG_ENABLE(warnings,
1283 [AS_HELP_STRING([--enable-warnings], [Whether to enable compiler warnings])],
1284 [ case "$enableval" in
1287 *) AC_MSG_WARN([Ignoring unknown argument to --enable-warnings: $enableval])
1292 AC_ARG_ENABLE(werror,
1293 [AS_HELP_STRING([--enable-werror], [Whether to enable the -Werror compiler option])],
1294 [ case "$enableval" in
1297 *) AC_MSG_WARN([Ignoring unknown argument to --enable-werror: $enableval])
1302 AC_ARG_ENABLE(admin-flag,
1303 [AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])],
1304 [ case "$enableval" in
1305 yes) AC_DEFINE(USE_ADMIN_FLAG)
1308 *) AC_MSG_WARN([Ignoring unknown argument to --enable-admin-flag: $enableval])
1314 [AS_HELP_STRING([--disable-nls], [Disable natural language support using gettext])],
1315 [], [enable_nls=yes])
1317 AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])],
1318 [case $with_selinux in
1319 yes) SELINUX_USAGE="[[-r role]] [[-t type]] "
1320 AC_DEFINE(HAVE_SELINUX)
1321 SUDO_LIBS="${SUDO_LIBS} -lselinux"
1322 SUDO_OBJS="${SUDO_OBJS} selinux.o"
1323 PROGS="${PROGS} sesh"
1325 AC_CHECK_LIB([selinux], [setkeycreatecon],
1326 [AC_DEFINE(HAVE_SETKEYCREATECON)])
1329 *) AC_MSG_ERROR(["--with-selinux does not take an argument."])
1334 dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default
1336 AC_ARG_ENABLE(gss_krb5_ccache_name,
1337 [AS_HELP_STRING([--enable-gss-krb5-ccache-name], [Use GSS-API to set the Kerberos V cred cache name])],
1338 [check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no])
1341 dnl C compiler checks
1343 AC_SEARCH_LIBS([strerror], [cposix])
1345 AC_CHECK_TOOL(AR, ar, false)
1346 AC_CHECK_TOOL(RANLIB, ranlib, :)
1347 if test X"$AR" = X"false"; then
1348 AC_MSG_ERROR([the "ar" utility is required to build sudo])
1351 if test "x$ac_cv_prog_cc_c89" = "xno"; then
1352 AC_MSG_ERROR([Sudo version $PACKAGE_VERSION requires an ANSI C compiler to build.])
1356 dnl If the user specified --disable-static, override them or we'll
1357 dnl be unable to build the executables in the sudoers plugin dir.
1359 if test "$enable_static" = "no"; then
1360 AC_MSG_WARN([Ignoring --disable-static, sudo does not install static libs])
1365 dnl Libtool setup, we require libtool 2.2.6b or higher
1368 AC_CONFIG_MACRO_DIR([m4])
1373 dnl Defer with_noexec until after libtool magic runs
1375 if test "$enable_shared" = "no"; then
1380 ac_cv_func_dlopen=no
1382 eval _shrext="$shrext_cmds"
1383 # Darwin uses .dylib for libraries but .so for modules
1384 if test X"$_shrext" = X".dylib"; then
1390 AC_MSG_CHECKING(path to sudo_noexec.so)
1391 AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])],
1392 [case $with_noexec in
1393 yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
1397 esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
1398 AC_MSG_RESULT($with_noexec)
1399 NOEXECFILE="sudo_noexec$_shrext"
1400 NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
1403 dnl Find programs we use
1405 AC_CHECK_PROG(UNAMEPROG, [uname], [uname])
1406 AC_CHECK_PROG(TRPROG, [tr], [tr])
1407 AC_CHECK_PROGS(NROFFPROG, [nroff mandoc])
1408 if test -n "$NROFFPROG"; then
1409 AC_CACHE_CHECK([whether $NROFFPROG supports the -c option],
1410 [sudo_cv_var_nroff_opt_c],
1411 [if $NROFFPROG -c </dev/null >/dev/null 2>&1; then
1412 sudo_cv_var_nroff_opt_c=yes
1414 sudo_cv_var_nroff_opt_c=no
1417 if test "$sudo_cv_var_nroff_opt_c" = "yes"; then
1418 NROFFPROG="$NROFFPROG -c"
1420 AC_CACHE_CHECK([whether $NROFFPROG supports the -Tascii option],
1421 [sudo_cv_var_nroff_opt_Tascii],
1422 [if $NROFFPROG -Tascii </dev/null >/dev/null 2>&1; then
1423 sudo_cv_var_nroff_opt_Tascii=yes
1425 sudo_cv_var_nroff_opt_Tascii=no
1427 if test "$sudo_cv_var_nroff_opt_Tascii" = "yes"; then
1428 NROFFPROG="$NROFFPROG -Tascii"
1433 mansrcdir='$(srcdir)'
1437 dnl What kind of beastie are we being run on?
1438 dnl Barf if config.cache was generated on another host.
1440 if test -n "$sudo_cv_prev_host"; then
1441 if test "$sudo_cv_prev_host" != "$host"; then
1442 AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
1444 AC_MSG_CHECKING(previous host type)
1445 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1446 AC_MSG_RESULT([$sudo_cv_prev_host])
1449 # this will produce no output since there is no cached value
1450 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1454 dnl We want to be able to differentiate between different rev's
1456 if test -n "$host_os"; then
1457 OS=`echo $host_os | sed 's/[[0-9]].*//'`
1458 OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'`
1459 OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
1468 # getcwd(3) opens a pipe to getpwd(1)!?!
1471 # system headers lack prototypes but gcc helps...
1472 if test -n "$GCC"; then
1473 OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
1476 shadow_funcs="getpwanam issecure"
1479 # To get the crypt(3) prototype (so we pass -Wall)
1480 OSDEFS="${OSDEFS} -D__EXTENSIONS__"
1481 # AFS support needs -lucb
1482 if test "$with_AFS" = "yes"; then
1483 AFS_LIBS="-lc -lucb"
1486 : ${mansectform='4'}
1487 : ${with_rpath='yes'}
1488 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1489 AC_CHECK_FUNCS(priv_set)
1492 # To get all prototypes (so we pass -Wall)
1493 OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT"
1494 SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
1495 if test X"$with_blibpath" != X"no"; then
1496 AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
1497 O_LDFLAGS="$LDFLAGS"
1498 LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
1499 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [
1500 if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
1501 blibpath="$with_blibpath"
1502 elif test -n "$GCC"; then
1503 blibpath="/usr/lib:/lib:/usr/local/lib"
1505 blibpath="/usr/lib:/lib"
1508 ], [AC_MSG_RESULT(no)])
1510 LDFLAGS="$O_LDFLAGS"
1512 # On AIX 6 and higher default to PAM, else default to LAM
1513 if test $OSMAJOR -ge 6; then
1514 if test X"$with_pam" = X""; then
1518 if test X"$with_aixauth" = X""; then
1519 AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
1523 # AIX analog of nsswitch.conf, enabled by default
1524 AC_ARG_WITH(netsvc, [AS_HELP_STRING([--with-netsvc[[=PATH]]], [path to netsvc.conf])],
1525 [case $with_netsvc in
1527 yes) with_netsvc="/etc/netsvc.conf"
1531 if test -z "$with_nsswitch" -a -z "$with_netsvc"; then
1532 with_netsvc="/etc/netsvc.conf"
1535 # For implementing getgrouplist()
1536 AC_CHECK_FUNCS(getgrset)
1538 # LDR_PRELOAD is only supported in AIX 5.3 and later
1539 if test $OSMAJOR -lt 5; then
1543 # AIX-specific functions
1544 AC_CHECK_FUNCS(getuserattr setauthdb)
1545 COMMON_OBJS="$COMMON_OBJS aix.lo"
1549 : ${mansectform='4'}
1552 # AFS support needs -lBSD
1553 if test "$with_AFS" = "yes"; then
1554 AFS_LIBS="-lc -lBSD"
1557 : ${mansectform='4'}
1559 # The HP bundled compiler cannot generate shared libs
1560 if test -z "$GCC"; then
1561 AC_CACHE_CHECK([for HP bundled C compiler],
1562 [sudo_cv_var_hpccbundled],
1563 [if $CC -V 2>&1 | grep '^(Bundled)' >/dev/null 2>&1; then
1564 sudo_cv_var_hpccbundled=yes
1566 sudo_cv_var_hpccbundled=no
1569 if test "$sudo_cv_var_hpccbundled" = "yes"; then
1570 AC_MSG_ERROR([The HP bundled C compiler is unable to build Sudo, you must use gcc or the HP ANSI C compiler instead.])
1574 # Build PA-RISC1.1 objects for better portability
1578 if test -n "$GCC"; then
1579 portable_flag="-march=1.1"
1581 portable_flag="+DAportable"
1583 CFLAGS="$CFLAGS $portable_flag"
1584 AC_CACHE_CHECK([whether $CC understands $portable_flag],
1585 [sudo_cv_var_daportable],
1587 [AC_LANG_PROGRAM([[]], [[]])],
1588 [sudo_cv_var_daportable=yes],
1589 [sudo_cv_var_daportable=no]
1593 if test X"$sudo_cv_var_daportable" != X"yes"; then
1601 AC_DEFINE(BROKEN_SYSLOG)
1604 AC_DEFINE(BROKEN_SYSLOG)
1606 shadow_funcs="getspwuid"
1608 # DCE support (requires ANSI C compiler)
1609 if test "$with_DCE" = "yes"; then
1610 # order of libs in 9.X is important. -lc_r must be last
1611 SUDOERS_LIBS="${SUDOERS_LIBS} -ldce -lM -lc_r"
1612 LIBS="${LIBS} -ldce -lM -lc_r"
1613 CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
1617 shadow_funcs="getprpwnam iscomsec"
1619 # HP-UX 10.20 libc has an incompatible getline
1620 ac_cv_func_getline="no"
1623 shadow_funcs="getspnam iscomsec"
1625 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1630 # ignore envariables wrt dynamic lib path
1631 SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-no_library_replacement"
1633 : ${CHECKSIA='true'}
1634 AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
1636 [AS_HELP_STRING([--disable-sia], [Disable SIA on Digital UNIX])],
1637 [ case "$enableval" in
1638 yes) AC_MSG_RESULT(no)
1641 no) AC_MSG_RESULT(yes)
1644 *) AC_MSG_RESULT(no)
1645 AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval])
1648 ], AC_MSG_RESULT(no))
1650 shadow_funcs="getprpwnam dispcrypt"
1651 # OSF/1 4.x and higher need -ldb too
1652 if test $OSMAJOR -lt 4; then
1653 shadow_libs="-lsecurity -laud -lm"
1655 shadow_libs="-lsecurity -ldb -laud -lm"
1658 # use SIA by default, if we have it
1659 test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
1662 # Some versions of Digital Unix ship with a broken
1663 # copy of prot.h, which we need for shadow passwords.
1664 # XXX - make should remove this as part of distclean
1666 AC_MSG_CHECKING([for broken prot.h])
1667 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1668 #include <sys/types.h>
1669 #include <sys/security.h>
1671 ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
1672 sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
1675 : ${mansectform='4'}
1678 OSDEFS="${OSDEFS} -D_BSD_TYPES"
1679 if test -z "$NROFFPROG"; then
1680 MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
1681 if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
1682 if test -d /usr/share/catman/local; then
1683 mandir="/usr/share/catman/local"
1685 mandir="/usr/catman/local"
1689 if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
1690 if test -d "/usr/share/man/local"; then
1691 mandir="/usr/share/man/local"
1693 mandir="/usr/man/local"
1697 # IRIX <= 4 needs -lsun
1698 if test "$OSMAJOR" -le 4; then
1699 AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
1702 : ${mansectform='4'}
1704 *-*-linux*|*-*-k*bsd*-gnu)
1705 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1706 # Some Linux versions need to link with -lshadow
1707 shadow_funcs="getspnam"
1708 shadow_libs_optional="-lshadow"
1709 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1712 OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
1713 if test -z "$GCC"; then
1714 CFLAGS="${CFLAGS} -D__STDC__"
1717 shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
1718 shadow_funcs="getprpwnam"
1719 shadow_libs="-lprot"
1723 shadow_funcs="getauthuid"
1724 shadow_libs="-lauth"
1727 LIBS="${LIBS} -lsun -lbsd"
1728 CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
1729 OSDEFS="${OSDEFS} -D_MIPS"
1731 : ${mansectform='4'}
1734 OSDEFS="${OSDEFS} -D_ISC"
1736 SUDOERS_LIBS="${SUDOERS_LIBS} -lcrypt"
1738 shadow_funcs="getspnam"
1742 : ${mansectform='4'}
1745 shadow_funcs="getprpwnam"
1746 shadow_libs="-lprot -lx"
1748 : ${mansectform='4'}
1750 m88k-motorola-sysv*)
1751 # motorolla's cc (a variant of gcc) does -O but not -O2
1752 CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
1754 : ${mansectform='4'}
1757 shadow_funcs="getspnam"
1760 : ${mansectform='4'}
1761 : ${with_rpath='yes'}
1763 *-ncr-sysv4*|*-ncr-sysvr4*)
1764 AC_CHECK_LIB(c89, strcasecmp, [LIBS="${LIBS} -lc89"])
1766 : ${mansectform='4'}
1767 : ${with_rpath='yes'}
1769 *-ccur-sysv4*|*-ccur-sysvr4*)
1770 LIBS="${LIBS} -lgen"
1772 : ${mansectform='4'}
1773 : ${with_rpath='yes'}
1777 # Check for newer BSD auth API
1778 if test -z "$with_bsdauth"; then
1779 AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
1783 # FreeBSD has a real setreuid(2) starting with 2.1 and
1784 # backported to 2.0.5. We just take 2.1 and above...
1790 OSDEFS="${OSDEFS} -D_BSD_SOURCE"
1791 if test "${with_skey-'no'}" = "yes"; then
1792 SUDOERS_LIBS="${SUDOERS_LIBS} -lmd"
1795 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1796 : ${with_logincap='maybe'}
1799 # OpenBSD has a real setreuid(2) starting with 3.3 but
1800 # we will use setresuid(2) instead.
1802 OSDEFS="${OSDEFS} -D_BSD_SOURCE"
1804 # OpenBSD >= 3.0 supports BSD auth
1805 if test -z "$with_bsdauth"; then
1806 if test "$OSMAJOR" -ge 3; then
1807 AUTH_EXCL_DEF="BSD_AUTH"
1810 : ${with_logincap='maybe'}
1813 # NetBSD has a real setreuid(2) starting with 1.3.2
1815 0.9*|1.[[012]]*|1.3|1.3.1)
1820 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1821 : ${with_logincap='maybe'}
1824 OSDEFS="${OSDEFS} -D_BSD_SOURCE"
1825 if test "${with_skey-'no'}" = "yes"; then
1826 SUDOERS_LIBS="${SUDOERS_LIBS} -lmd"
1829 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1830 : ${with_logincap='yes'}
1836 # Darwin has a real setreuid(2) starting with 9.0
1837 if test $OSMAJOR -lt 9; then
1841 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1842 : ${with_logincap='yes'}
1845 # lockf() on is broken on the NeXT -- use flock instead
1847 ac_cv_func_flock=yes
1851 : ${mansectform='4'}
1852 : ${with_rpath='yes'}
1856 : ${mansectform='4'}
1859 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1864 dnl Check for mixing mutually exclusive and regular auth methods
1866 AUTH_REG=${AUTH_REG# }
1867 AUTH_EXCL=${AUTH_EXCL# }
1868 if test -n "$AUTH_EXCL"; then
1870 if test $# != 1; then
1871 AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL])
1873 if test -n "$AUTH_REG"; then
1874 AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
1878 dnl Only one of S/Key and OPIE may be specified
1880 if test X"${with_skey}${with_opie}" = X"yesyes"; then
1881 AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
1885 dnl Use BSD-style man sections by default
1888 : ${mansectform='5'}
1891 dnl Add in any libpaths or libraries specified via configure
1893 if test -n "$with_libpath"; then
1894 for i in ${with_libpath}; do
1895 SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
1898 if test -n "$with_libraries"; then
1899 for i in ${with_libraries}; do
1911 dnl C compiler checks (to be done after os checks)
1913 AC_PROG_GCC_TRADITIONAL
1916 # Check for variadic macro support in cpp
1917 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
1919 #if defined(__GNUC__) && __GNUC__ == 2
1920 # define sudo_fprintf(fp, fmt...) fprintf((fp), (fmt))
1922 # define sudo_fprintf(fp, ...) fprintf((fp), __VA_ARGS__)
1924 ], [sudo_fprintf(stderr, "a %s", "test");])], [], [AC_MSG_ERROR([Your C compiler doesn't support variadic macros, try building with gcc instead])])
1925 if test X"$with_gnu_ld" != "yes" -a -n "$GCC"; then
1927 CFLAGS="$CFLAGS -static-libgcc"
1928 AC_CACHE_CHECK([whether $CC understands -static-libgcc],
1929 [sudo_cv_var_gcc_static_libgcc],
1931 [AC_LANG_PROGRAM([[]], [[]])],
1932 [sudo_cv_var_gcc_static_libgcc=yes],
1933 [sudo_cv_var_gcc_static_libgcc=no]
1938 if test "$sudo_cv_var_gcc_static_libgcc" = "yes"; then
1939 LTLDFLAGS="$LTLDFLAGS -Wc,-static-libgcc"
1946 AC_PATH_PROG([FLEX], [flex], [flex])
1949 if test -z "$with_sendmail"; then
1954 dnl Check for authpriv support in syslog
1956 AC_MSG_CHECKING(which syslog facility sudo should log with)
1957 if test X"$with_logfac" = X""; then
1958 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <syslog.h>]], [[int i = LOG_AUTHPRIV; (void)i;]])], [logfac=authpriv])
1960 AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
1961 AC_MSG_RESULT($logfac)
1963 dnl Header file checks
1969 AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h utmpx.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h)
1971 dnl Check for large file support. HP-UX 11.23 has a broken sys/type.h
1972 dnl when large files support is enabled so work around it.
1977 AC_CACHE_CHECK([whether sys/types.h needs _XOPEN_SOURCE_EXTENDED], [sudo_cv_xopen_source_extended],
1978 [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT
1979 #include <sys/socket.h>], [])], [sudo_cv_xopen_source_extended=no], [
1980 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#define _XOPEN_SOURCE_EXTENDED
1982 #include <sys/socket.h>], [])], [sudo_cv_xopen_source_extended=yes],
1983 [sudo_cv_xopen_source_extended=error])
1985 if test "$sudo_cv_xopen_source_extended" = "yes"; then
1986 OSDEFS="${OSDEFS} -D_XOPEN_SOURCE_EXTENDED"
1987 SUDO_DEFINE(_XOPEN_SOURCE_EXTENDED)
1991 AC_SYS_POSIX_TERMIOS
1992 if test "$ac_cv_sys_posix_termios" != "yes"; then
1993 AC_MSG_ERROR([Must have POSIX termios to build sudo])
1996 if test ${with_logincap-'no'} != "no"; then
1997 AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1
2000 SUDO_LIBS="${SUDO_LIBS} -lutil"
2001 SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
2006 if test ${with_project-'no'} != "no"; then
2007 AC_CHECK_HEADER(project.h, [
2008 AC_CHECK_LIB(project, setproject, [
2009 AC_DEFINE(HAVE_PROJECT_H)
2010 SUDO_LIBS="${SUDO_LIBS} -lproject"
2019 AC_CHECK_TYPE([__signed char], [], [AC_CHECK_TYPE([signed char], [AC_DEFINE(__signed, signed)], [AC_DEFINE(__signed, [])])])
2020 AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
2021 #include <signal.h>])
2022 AC_CHECK_TYPES([sigaction_t], [], [], [#include <sys/types.h>
2023 #include <signal.h>])
2024 AC_CHECK_TYPES([struct timespec], [], [], [#include <sys/types.h>
2025 #if TIME_WITH_SYS_TIME
2026 # include <sys/time.h>
2029 AC_CHECK_TYPES([struct in6_addr], [], [], [#include <sys/types.h>
2030 #include <netinet/in.h>])
2031 AC_TYPE_LONG_LONG_INT
2032 AC_CHECK_SIZEOF([long int])
2033 AC_CHECK_TYPE(size_t, unsigned int)
2034 AC_CHECK_TYPE(ssize_t, int)
2035 AC_CHECK_TYPE(dev_t, int)
2036 AC_CHECK_TYPE(ino_t, unsigned int)
2037 AC_CHECK_TYPE(socklen_t, [], [AC_DEFINE(socklen_t, unsigned int)], [
2039 #include <sys/socket.h>])
2043 dnl Check for utmp/utmpx struct members.
2044 dnl We need to include OSDEFS for glibc which only has __e_termination
2045 dnl visible when _GNU_SOURCE is *not* defined.
2048 CFLAGS="$CFLAGS $OSDEFS"
2049 if test $ac_cv_header_utmpx_h = "yes"; then
2050 AC_CHECK_MEMBERS([struct utmpx.ut_id, struct utmpx.ut_pid, struct utmpx.ut_tv, struct utmpx.ut_type], [], [], [
2051 #include <sys/types.h>
2055 dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination
2057 AC_CHECK_MEMBERS([struct utmpx.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [
2058 AC_CHECK_MEMBERS([struct utmpx.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [], [
2059 #include <sys/types.h>
2063 #include <sys/types.h>
2067 AC_CHECK_MEMBERS([struct utmp.ut_id, struct utmp.ut_pid, struct utmp.ut_tv, struct utmp.ut_type, struct utmp.ut_user], [], [], [
2068 #include <sys/types.h>
2072 dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination
2074 AC_CHECK_MEMBERS([struct utmp.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [
2075 AC_CHECK_MEMBERS([struct utmp.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [], [
2076 #include <sys/types.h>
2080 #include <sys/types.h>
2090 AC_CHECK_FUNCS(strrchr sysconf tzset strftime \
2091 regcomp setlocale nl_langinfo mbr_check_membership \
2093 AC_REPLACE_FUNCS(getgrouplist)
2094 AC_CHECK_FUNCS(getline, [], [
2096 AC_CHECK_FUNCS(fgetln)
2099 dnl If libc supports _FORTIFY_SOURCE check functions, use it.
2101 O_CPPFLAGS="$CPPFLAGS"
2102 CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"
2103 AC_CHECK_FUNC(__sprintf_chk, [
2104 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]])], [OSDEFS="${OSDEFS} -D_FORTIFY_SOURCE=2"], [])
2106 CPPFLAGS="$O_CPPFLAGS"
2109 AC_CHECK_FUNCS(getutxid getutid, [utmp_style=POSIX; break])
2110 if test "$utmp_style" = "LEGACY"; then
2111 AC_CHECK_FUNCS(getttyent ttyslot, [break])
2114 AC_CHECK_FUNCS(sysctl, [AC_CHECK_MEMBERS([struct kinfo_proc.ki_tdev], [],
2116 AC_CHECK_MEMBERS([struct kinfo_proc2.p_tdev], [], [
2117 AC_CHECK_MEMBERS([struct kinfo_proc.p_tdev], [], [
2118 AC_CHECK_MEMBERS([struct kinfo_proc.kp_eproc.e_tdev], [], [], [
2119 #include <sys/param.h>
2120 #include <sys/sysctl.h>
2123 #include <sys/param.h>
2124 #include <sys/sysctl.h>
2128 #include <sys/param.h>
2129 #include <sys/sysctl.h>
2133 #include <sys/param.h>
2134 #include <sys/sysctl.h>
2135 #include <sys/user.h>
2139 AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(libutil.h util.h pty.h, [break])], [
2140 AC_CHECK_LIB(util, openpty, [
2141 AC_CHECK_HEADERS(libutil.h util.h pty.h, [break])
2142 case "$SUDO_LIBS" in
2144 *) SUDO_LIBS="${SUDO_LIBS} -lutil";;
2146 AC_DEFINE(HAVE_OPENPTY)
2148 AC_CHECK_FUNCS(_getpty, [], [
2149 AC_CHECK_FUNCS(grantpt, [
2150 AC_CHECK_FUNCS(posix_openpt)
2152 AC_CHECK_FUNCS(revoke)
2157 AC_CHECK_FUNCS(unsetenv, [SUDO_FUNC_UNSETENV_VOID], [AC_LIBOBJ(unsetenv)])
2158 if test -z "$SKIP_SETRESUID"; then
2159 AC_CHECK_FUNCS(setresuid, [
2161 AC_CHECK_FUNCS(getresuid)
2164 if test -z "$SKIP_SETREUID"; then
2165 AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
2167 if test -z "$SKIP_SETEUID"; then
2168 AC_CHECK_FUNCS(seteuid)
2170 if test X"$with_interfaces" != X"no"; then
2171 AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
2173 if test -z "$BROKEN_GETCWD"; then
2174 AC_REPLACE_FUNCS(getcwd)
2176 AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h)
2177 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <glob.h>]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB)
2178 AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob)
2179 COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }globtest"
2180 AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)]
2181 COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }globtest"
2183 AC_CHECK_FUNCS(lockf flock, [break])
2184 AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
2185 AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
2186 AC_CHECK_FUNCS(killpg, [], [AC_LIBOBJ(killpg)])
2187 SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)
2188 COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }fnm_test"
2191 AC_REPLACE_FUNCS(memrchr pw_dup strlcpy strlcat setenv)
2192 AC_CHECK_FUNCS(nanosleep, [], [
2193 # On Solaris, nanosleep is in librt
2194 AC_CHECK_LIB(rt, nanosleep, [REPLAY_LIBS="${REPLAY_LIBS} -lrt"], [AC_LIBOBJ(nanosleep)])
2196 AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom)
2197 AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [],
2198 [ #include <limits.h>
2199 #include <fcntl.h> ])
2201 AC_CHECK_FUNCS(mkstemps mkdtemp, [], [
2202 AC_CHECK_FUNCS(random lrand48, [break])
2205 AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
2206 if test X"$ac_cv_type_struct_timespec" != X"no"; then
2207 AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)]
2208 [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))],
2209 [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
2212 dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
2214 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2215 #include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2216 #include <$ac_header_dirent>]], [[DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);]])], [AC_DEFINE(HAVE_DD_FD)], [])])
2218 dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
2219 dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
2221 if test -n "$NEED_SNPRINTF"; then
2225 dnl If socket(2) not in libc, check -lsocket and -linet
2226 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
2228 AC_CHECK_FUNC(socket, [], [
2229 for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
2231 for lib in $libs; do
2234 *) _libs="$_libs $lib";;
2238 test -z "$libs" && continue
2239 lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
2240 extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
2241 SUDO_CHECK_LIB($lib, socket, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs])
2245 dnl If inet_addr(3) not in libc, check -lnsl and -linet
2246 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
2248 AC_CHECK_FUNC(inet_addr, [], [
2249 AC_CHECK_FUNC(__inet_addr, [], [
2250 for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
2252 for lib in $libs; do
2255 *) _libs="$_libs $lib";;
2259 test -z "$libs" && continue
2260 lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
2261 extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
2262 SUDO_CHECK_LIB($lib, inet_addr, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs])
2267 dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
2269 AC_CHECK_FUNC(syslog, [], [
2270 for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
2272 for lib in $libs; do
2275 *) _libs="$_libs $lib";;
2279 test -z "$libs" && continue
2280 lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
2281 extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
2282 SUDO_CHECK_LIB($lib, syslog, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs])
2286 dnl If getaddrinfo(3) not in libc, check -lsocket and -linet
2287 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols.
2289 AC_CHECK_FUNCS(getaddrinfo, [], [
2291 for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
2293 for lib in $libs; do
2296 *) _libs="$_libs $lib";;
2300 test -z "$libs" && continue
2301 lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
2302 extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
2303 SUDO_CHECK_LIB($lib, getaddrinfo, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; found=yes; break], [], [$extralibs])
2305 if test X"$found" != X"no"; then
2306 AC_DEFINE(HAVE_GETADDRINFO)
2310 dnl Check for getprogname() or __progname
2312 AC_CHECK_FUNCS(getprogname, , [
2313 AC_MSG_CHECKING([for __progname])
2314 AC_CACHE_VAL(sudo_cv___progname, [
2315 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
2316 if test "$sudo_cv___progname" = "yes"; then
2317 AC_DEFINE(HAVE___PROGNAME)
2319 AC_LIBOBJ(getprogname)
2321 AC_MSG_RESULT($sudo_cv___progname)
2324 dnl Check for __func__ or __FUNCTION__
2326 AC_MSG_CHECKING([for __func__])
2327 AC_CACHE_VAL(sudo_cv___func__, [
2328 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[(void)puts(__func__);]])], [sudo_cv___func__=yes], [sudo_cv___func__=no])])
2329 AC_MSG_RESULT($sudo_cv___func__)
2330 if test "$sudo_cv___func__" = "yes"; then
2331 AC_DEFINE(HAVE___FUNC__)
2332 elif test -n "$GCC"; then
2333 AC_MSG_CHECKING([for __FUNCTION__])
2334 AC_CACHE_VAL(sudo_cv___FUNCTION__, [
2335 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[(void)puts(__FUNCTION__);]])], [sudo_cv___FUNCTION__=yes], [sudo_cv___FUNCTION__=no])])
2336 AC_MSG_RESULT($sudo_cv___FUNCTION__)
2337 if test "$sudo_cv___FUNCTION__" = "yes"; then
2338 AC_DEFINE(HAVE___FUNC__)
2339 AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler support __FUNCTION__ but not __func__])
2343 # gettext() and friends may be located in libc (Linux and Solaris)
2344 # or in libintl. However, it is possible to have libintl installed
2345 # even when gettext() is present in libc. In the case of GNU libintl,
2346 # gettext() will be defined to gettext_libintl in libintl.h.
2347 # Since gcc prefers /usr/local/include to /usr/include, we need to
2348 # make sure we use the gettext() that matches the include file.
2349 if test "$enable_nls" != "no"; then
2350 if test "$enable_nls" != "yes"; then
2351 CPPFLAGS="${CPPFLAGS} -I${enable_nls}/include"
2352 SUDO_APPEND_LIBPATH(LDFLAGS, [$enable_nls/lib])
2355 for l in "libc" "-lintl" "-lintl -liconv"; do
2356 if test "$l" = "libc"; then
2357 # If user specified a dir for libintl ignore libc
2358 if test "$enable_nls" != "yes"; then
2361 gettext_name=sudo_cv_gettext
2362 AC_MSG_CHECKING([for gettext])
2365 gettext_name=sudo_cv_gettext"`echo $l|sed -e 's/ //g' -e 's/-/_/g'`"
2366 AC_MSG_CHECKING([for gettext in $l])
2368 AC_CACHE_VAL($gettext_name, [
2371 AC_LANG_PROGRAM([[#include <libintl.h>]], [(void)gettext((char *)0);])
2372 ], [eval $gettext_name=yes], [eval $gettext_name=no]
2375 eval gettext_result="\$$gettext_name"
2376 AC_MSG_RESULT($gettext_result)
2377 test "$gettext_result" = "yes" && break
2381 if test "$sudo_cv_gettext" = "yes"; then
2382 AC_DEFINE(HAVE_LIBINTL_H)
2384 elif test "$sudo_cv_gettext_lintl" = "yes"; then
2385 AC_DEFINE(HAVE_LIBINTL_H)
2388 elif test "$sudo_cv_gettext_lintl_liconv" = "yes"; then
2389 AC_DEFINE(HAVE_LIBINTL_H)
2391 LIBINTL="-lintl -liconv"
2396 dnl Deferred zlib option processing.
2397 dnl By default we use the system zlib if it is present.
2399 case "$enable_zlib" in
2401 AC_CHECK_LIB(z, gzdopen, [
2402 AC_CHECK_HEADERS(zlib.h, [ZLIB="-lz"], [enable_zlib=builtin])
2408 AC_DEFINE(HAVE_ZLIB_H)
2415 AC_DEFINE(HAVE_ZLIB_H)
2416 CPPFLAGS="${CPPFLAGS} -I${enable_zlib}/include"
2417 SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib])
2421 if test X"$enable_zlib" = X"builtin"; then
2422 AC_DEFINE(HAVE_ZLIB_H)
2423 CPPFLAGS="${CPPFLAGS}"' -I$(top_srcdir)/zlib'
2424 ZLIB="${ZLIB}"' $(top_builddir)/zlib/libz.la'
2426 AC_CONFIG_HEADER([zlib/zconf.h])
2427 AC_CONFIG_FILES([zlib/Makefile])
2431 dnl Check for errno declaration in errno.h
2433 AC_CHECK_DECLS([errno], [], [], [
2439 dnl Check for h_errno declaration in netdb.h
2441 AC_CHECK_DECLS([h_errno], [], [], [
2447 dnl Check for strsignal() or sys_siglist
2449 AC_CHECK_FUNCS(strsignal, [], [
2450 AC_LIBOBJ(strsignal)
2451 HAVE_SIGLIST="false"
2452 AC_CHECK_DECLS([sys_siglist, _sys_siglist, __sys_siglist], [
2459 if test "$HAVE_SIGLIST" != "true"; then
2465 dnl nsswitch.conf and its equivalents
2467 if test ${with_netsvc-"no"} != "no"; then
2468 SUDO_DEFINE_UNQUOTED(_PATH_NETSVC_CONF, "${with_netsvc-/etc/netsvc.conf}")
2469 netsvc_conf=${with_netsvc-/etc/netsvc.conf}
2470 elif test ${with_nsswitch-"yes"} != "no"; then
2471 SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}")
2472 nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf}
2476 dnl Mutually exclusive auth checks come first, followed by
2477 dnl non-exclusive ones. Note: passwd must be last of all!
2481 dnl Convert default authentication methods to with_* if
2482 dnl no explicit authentication scheme was specified.
2484 if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
2485 for auth in $AUTH_EXCL_DEF; do
2487 AIX_AUTH) with_aixauth=maybe;;
2488 BSD_AUTH) with_bsdauth=maybe;;
2489 PAM) with_pam=maybe;;
2490 SIA) CHECKSIA=true;;
2496 dnl PAM support. Systems that use PAM by default set with_pam=default
2497 dnl and we do the actual tests here.
2499 if test ${with_pam-"no"} != "no"; then
2501 # Check for pam_start() in libpam first, then for pam_appl.h.
2504 AC_CHECK_LIB(pam, pam_start, [found_pam_lib=yes], [], [$lt_cv_dlopen_libs])
2506 # Some PAM implementations (MacOS X for example) put the PAM headers
2507 # in /usr/include/pam instead of /usr/include/security...
2510 AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [found_pam_hdrs=yes; break])
2511 if test "$found_pam_lib" = "yes" -a "$found_pam_hdrs" = "yes"; then
2512 # Found both PAM libs and headers
2514 elif test "$with_pam" = "yes"; then
2515 if test "$found_pam_lib" = "no"; then
2516 AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development library."])
2518 if test "$found_pam_hdrs" = "no"; then
2519 AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development headers."])
2521 elif test "$found_pam_lib" != "$found_pam_hdrs"; then
2522 if test "$found_pam_lib" = "no"; then
2523 AC_MSG_ERROR(["found PAM headers but no PAM development library; specify --without-pam to build without PAM"])
2525 if test "$found_pam_hdrs" = "no"; then
2526 AC_MSG_ERROR(["found PAM library but no PAM development headers; specify --without-pam to build without PAM"])
2530 if test "$with_pam" = "yes"; then
2531 # We already link with -ldl if needed (see LIBDL below)
2532 SUDOERS_LIBS="${SUDOERS_LIBS} -lpam"
2534 AUTH_OBJS="$AUTH_OBJS pam.lo";
2537 AC_ARG_WITH(pam-login, [AS_HELP_STRING([--with-pam-login], [enable specific PAM session for sudo -i])],
2538 [case $with_pam_login in
2539 yes) AC_DEFINE([HAVE_PAM_LOGIN])
2540 AC_MSG_CHECKING(whether to use PAM login)
2544 *) AC_MSG_ERROR(["--with-pam-login does not take an argument."])
2548 AC_MSG_CHECKING(whether to use PAM session support)
2549 AC_ARG_ENABLE(pam_session,
2550 [AS_HELP_STRING([--disable-pam-session], [Disable PAM session support])],
2551 [ case "$enableval" in
2552 yes) AC_MSG_RESULT(yes)
2554 no) AC_MSG_RESULT(no)
2555 AC_DEFINE(NO_PAM_SESSION)
2557 *) AC_MSG_RESULT(no)
2558 AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
2560 esac], AC_MSG_RESULT(yes))
2565 dnl AIX general authentication
2566 dnl If set to "maybe" only enable if no other exclusive method in use.
2568 if test ${with_aixauth-'no'} != "no"; then
2569 if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
2570 AC_MSG_NOTICE([using AIX general authentication])
2571 AC_DEFINE(HAVE_AIXAUTH)
2572 AUTH_OBJS="$AUTH_OBJS aix_auth.lo";
2573 SUDOERS_LIBS="${SUDOERS_LIBS} -ls"
2579 dnl BSD authentication
2580 dnl If set to "maybe" only enable if no other exclusive method in use.
2582 if test ${with_bsdauth-'no'} != "no"; then
2583 AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
2584 [AUTH_OBJS="$AUTH_OBJS bsdauth.lo"]
2585 [BSDAUTH_USAGE='[[-a auth_type]] ']
2586 [AUTH_EXCL=BSD_AUTH; BAMAN=1],
2587 [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
2591 dnl SIA authentication for Tru64 Unix
2593 if test ${CHECKSIA-'false'} = "true"; then
2594 AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
2595 if test "$found" = "true"; then
2597 AUTH_OBJS="$AUTH_OBJS sia.lo"
2602 dnl extra FWTK libs + includes
2604 if test ${with_fwtk-'no'} != "no"; then
2605 if test "$with_fwtk" != "yes"; then
2606 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_fwtk}])
2607 CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
2610 SUDOERS_LIBS="${SUDOERS_LIBS} -lauth -lfwall"
2611 AUTH_OBJS="$AUTH_OBJS fwtk.lo"
2615 dnl extra SecurID lib + includes
2617 if test ${with_SecurID-'no'} != "no"; then
2618 if test "$with_SecurID" != "yes"; then
2620 elif test -d /usr/ace/examples; then
2621 with_SecurID=/usr/ace/examples
2623 with_SecurID=/usr/ace
2625 CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
2626 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
2627 SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread"
2628 AUTH_OBJS="$AUTH_OBJS securid5.lo";
2632 dnl Non-mutually exclusive auth checks come next.
2633 dnl Note: passwd must be last of all!
2637 dnl Convert default authentication methods to with_* if
2638 dnl no explicit authentication scheme was specified.
2640 if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
2641 for auth in $AUTH_DEF; do
2643 passwd) : ${with_passwd='maybe'};;
2650 dnl There is an easy way and a hard way...
2652 if test ${with_kerb5-'no'} != "no"; then
2653 AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
2654 if test -n "$KRB5CONFIG"; then
2655 AC_DEFINE(HAVE_KERB5)
2656 AUTH_OBJS="$AUTH_OBJS kerb5.lo"
2657 CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
2658 SUDOERS_LIBS="$SUDOERS_LIBS `krb5-config --libs`"
2660 dnl Try to determine whether we have Heimdal or MIT Kerberos
2662 AC_MSG_CHECKING(whether we are using Heimdal)
2663 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2665 AC_DEFINE(HAVE_HEIMDAL)
2671 AC_DEFINE(HAVE_KERB5)
2673 dnl Use the specified directory, if any, else search for correct inc dir
2675 if test "$with_kerb5" = "yes"; then
2677 O_CPPFLAGS="$CPPFLAGS"
2678 for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
2679 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
2680 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]])], [found=yes; break])
2682 if test X"$found" = X"no"; then
2683 CPPFLAGS="$O_CPPFLAGS"
2684 AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
2687 dnl XXX - try to include krb5.h here too
2688 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb5}/lib])
2689 CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
2693 dnl Try to determine whether we have Heimdal or MIT Kerberos
2695 AC_MSG_CHECKING(whether we are using Heimdal)
2696 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2698 AC_DEFINE(HAVE_HEIMDAL)
2699 # XXX - need to check whether -lcrypo is needed!
2700 SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
2701 AC_CHECK_LIB(roken, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lroken"])
2704 SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lk5crypto -lcom_err"
2705 AC_CHECK_LIB(krb5support, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5support"])
2707 AUTH_OBJS="$AUTH_OBJS kerb5.lo"
2710 LIBS="${LIBS} ${SUDOERS_LIBS}"
2711 AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
2712 AC_CHECK_FUNCS(krb5_get_init_creds_opt_alloc, [
2713 AC_CACHE_CHECK([whether krb5_get_init_creds_opt_free takes a context],
2714 sudo_cv_krb5_get_init_creds_opt_free_two_args, [
2717 [[#include <krb5.h>]],
2718 [[krb5_get_init_creds_opt_free(NULL, NULL);]]
2720 [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes],
2721 [sudo_cv_krb5_get_init_creds_opt_free_two_args=no]
2726 if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then
2727 AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS)
2730 AC_MSG_CHECKING(whether to use an instance name for Kerberos V)
2731 AC_ARG_ENABLE(kerb5-instance,
2732 [AS_HELP_STRING([--enable-kerb5-instance], [instance string to append to the username (separated by a slash)])],
2733 [ case "$enableval" in
2734 yes) AC_MSG_ERROR(["must give --enable-kerb5-instance an argument."])
2736 no) AC_MSG_RESULT(no)
2738 *) SUDO_DEFINE_UNQUOTED(SUDO_KRB5_INSTANCE, "$enableval")
2739 AC_MSG_RESULT([$enableval])
2741 esac], AC_MSG_RESULT(no))
2745 dnl extra AFS libs and includes
2747 if test ${with_AFS-'no'} = "yes"; then
2749 # looks like the "standard" place for AFS libs is /usr/afsws/lib
2750 AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
2751 for i in $AFSLIBDIRS; do
2752 if test -d ${i}; then
2753 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [$i])
2754 FOUND_AFSLIBDIR=true
2757 if test -z "$FOUND_AFSLIBDIR"; then
2758 AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options.])
2761 # Order is important here. Note that we build AFS_LIBS from right to left
2762 # since AFS_LIBS may be initialized with BSD compat libs that must go last
2763 AFS_LIBS="-laudit ${AFS_LIBS}"
2764 for i in $AFSLIBDIRS; do
2765 if test -f ${i}/util.a; then
2766 AFS_LIBS="${i}/util.a ${AFS_LIBS}"
2771 if test -z "$FOUND_UTIL_A"; then
2772 AFS_LIBS="-lutil ${AFS_LIBS}"
2774 AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
2776 # AFS includes may live in /usr/include on some machines...
2777 for i in /usr/afsws/include; do
2778 if test -d ${i}; then
2779 CPPFLAGS="${CPPFLAGS} -I${i}"
2780 FOUND_AFSINCDIR=true
2784 if test -z "$FOUND_AFSLIBDIR"; then
2785 AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
2788 AUTH_OBJS="$AUTH_OBJS afs.lo"
2792 dnl extra DCE obj + lib
2793 dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
2795 if test ${with_DCE-'no'} = "yes"; then
2796 DCE_OBJS="${DCE_OBJS} dce_pwent.o"
2797 SUDOERS_LIBS="${SUDOERS_LIBS} -ldce"
2798 AUTH_OBJS="$AUTH_OBJS dce.lo"
2802 dnl extra S/Key lib and includes
2804 if test "${with_skey-'no'}" = "yes"; then
2805 O_LDFLAGS="$LDFLAGS"
2806 if test "$with_skey" != "yes"; then
2807 CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
2808 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
2809 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_skey}/lib])
2810 AC_CHECK_HEADER([skey.h], [found=yes], [found=no], [#include <stdio.h>])
2813 O_CPPFLAGS="$CPPFLAGS"
2814 for dir in "" "/usr/local" "/usr/contrib"; do
2815 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2816 AC_CHECK_HEADER([skey.h], [found=yes; break], [],
2817 [#include <stdio.h>])
2819 if test "$found" = "no" -o -z "$dir"; then
2820 CPPFLAGS="$O_CPPFLAGS"
2822 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2823 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib])
2825 if test "$found" = "no"; then
2826 AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
2829 AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS])])
2830 AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
2832 AC_MSG_CHECKING([for RFC1938-compliant skeychallenge])
2835 [[#include <stdio.h>
2836 #include <skey.h>]],
2837 [[skeychallenge(NULL, NULL, NULL, 0);]]
2839 AC_DEFINE(HAVE_RFC1938_SKEYCHALLENGE)
2840 AC_MSG_RESULT([yes])
2846 LDFLAGS="$O_LDFLAGS"
2847 SUDOERS_LIBS="${SUDOERS_LIBS} -lskey"
2848 AUTH_OBJS="$AUTH_OBJS rfc1938.lo"
2852 dnl extra OPIE lib and includes
2854 if test "${with_opie-'no'}" = "yes"; then
2855 O_LDFLAGS="$LDFLAGS"
2856 if test "$with_opie" != "yes"; then
2857 CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
2858 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
2859 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_opie}/lib])
2860 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes], [found=no])
2863 O_CPPFLAGS="$CPPFLAGS"
2864 for dir in "" "/usr/local" "/usr/contrib"; do
2865 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2866 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes; break])
2868 if test "$found" = "no" -o -z "$dir"; then
2869 CPPFLAGS="$O_CPPFLAGS"
2871 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2872 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib])
2874 if test "$found" = "no"; then
2875 AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
2878 AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS])])
2879 LDFLAGS="$O_LDFLAGS"
2880 SUDOERS_LIBS="${SUDOERS_LIBS} -lopie"
2881 AUTH_OBJS="$AUTH_OBJS rfc1938.lo"
2885 dnl Check for shadow password routines if we have not already done so.
2886 dnl If there is a specific list of functions to check we do that first.
2887 dnl Otherwise, we check for SVR4-style and then SecureWare-style.
2889 if test ${with_passwd-'no'} != "no"; then
2891 dnl if crypt(3) not in libc, look elsewhere
2893 if test -z "$LIB_CRYPT"; then
2895 AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"])
2899 if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
2901 LIBS="$LIBS $shadow_libs"
2903 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2904 if test "$found" = "yes"; then
2905 SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs"
2906 elif test -n "$shadow_libs_optional"; then
2907 LIBS="$LIBS $shadow_libs_optional"
2908 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2909 if test "$found" = "yes"; then
2910 SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs $shadow_libs_optional"
2913 if test "$found" = "yes"; then
2914 case "$shadow_funcs" in
2915 *getprpwnam*) SECUREWARE=1;;
2917 test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
2923 if test "$CHECKSHADOW" = "true"; then
2924 AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"])
2926 if test "$CHECKSHADOW" = "true"; then
2927 AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"])
2929 if test -n "$SECUREWARE"; then
2930 AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
2931 AUTH_OBJS="$AUTH_OBJS secureware.lo"
2936 dnl extra lib and .o file for LDAP support
2938 if test ${with_ldap-'no'} != "no"; then
2940 if test "$with_ldap" != "yes"; then
2941 SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_ldap}/lib])
2942 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
2943 CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
2946 SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo"
2949 AC_MSG_CHECKING([for LDAP libraries])
2953 for l in -lldap -llber '-lssl -lcrypto'; do
2955 LDAP_LIBS="${LDAP_LIBS} $l"
2956 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2958 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
2960 if test "$found" = "no"; then
2963 for l in -libmldap -lidsldif; do
2965 LDAP_LIBS="${LDAP_LIBS} $l"
2966 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2968 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
2971 dnl if nothing linked just try with -lldap
2972 if test "$found" = "no"; then
2973 LIBS="${_LIBS} -lldap"
2975 AC_MSG_RESULT([not found, using -lldap])
2977 AC_MSG_RESULT([$LDAP_LIBS])
2979 dnl check if we need to link with -llber for ber_set_option
2981 AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
2982 if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
2983 LDAP_LIBS="$LDAP_LIBS -llber"
2985 dnl check if ldap.h includes lber.h for us
2986 AC_MSG_CHECKING([whether lber.h is needed])
2987 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2988 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
2989 AC_MSG_RESULT([yes])
2990 AC_DEFINE(HAVE_LBER_H)])
2992 AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)], [break])
2993 AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
2994 AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_client_init ldap_start_tls_s_np)
2995 AC_CHECK_FUNCS(ldap_search_ext_s ldap_search_st, [break])
2997 if test X"$check_gss_krb5_ccache_name" = X"yes"; then
2998 AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,
2999 AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
3000 [LDAP_LIBS="${LDAP_LIBS} -lgssapi"],
3001 AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,
3002 AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
3003 [LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"])
3006 # gssapi headers may be separate or part of Kerberos V
3008 O_CPPFLAGS="$CPPFLAGS"
3009 for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do
3010 test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
3011 AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <gssapi/gssapi.h>]])], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <gssapi.h>]])], [found="gssapi.h"; break])])
3013 if test X"$found" != X"no"; then
3014 AC_CHECK_HEADERS([$found])
3015 if test X"$found" = X"gssapi/gssapi.h"; then
3016 AC_CHECK_HEADERS([gssapi/gssapi_krb5.h])
3019 CPPFLAGS="$O_CPPFLAGS"
3020 AC_MSG_WARN([Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS])
3024 SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}"
3030 # How to do dynamic object loading.
3031 # We support dlopen() and sh_load(), else fall back to static loading.
3033 case "$lt_cv_dlopen" in
3035 AC_DEFINE(HAVE_DLOPEN)
3036 SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo"
3037 LT_STATIC="--tag=disable-static"
3040 AC_DEFINE(HAVE_SHL_LOAD)
3041 SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo"
3042 LT_STATIC="--tag=disable-static"
3046 if test X"${ac_cv_func_dlopen}" = X"yes"; then
3047 AC_MSG_ERROR(["dlopen present but libtool doesn't appear to support your platform."])
3049 # Preload sudoers module symbols
3050 SUDO_OBJS="${SUDO_OBJS} preload.o"
3051 SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la"
3058 # Add library needed for dynamic loading, if any.
3060 LIBDL="$lt_cv_dlopen_libs"
3061 if test X"$LIBDL" != X""; then
3062 SUDO_LIBS="${SUDO_LIBS} $LIBDL"
3063 SUDOERS_LIBS="${SUDOERS_LIBS} $LIBDL"
3066 # On HP-UX, you cannot dlopen() a shared object that uses pthreads
3067 # unless the main program is linked against -lpthread. Since we
3068 # have no knowledge what libraries a plugin may depend on, we always
3069 # link against -lpthread on HP-UX if it is available.
3070 # This check should go after all other libraries tests.
3073 AC_CHECK_LIB(pthread, main, [SUDO_LIBS="${SUDO_LIBS} -lpthread"])
3078 dnl Add $blibpath to SUDOERS_LDFLAGS if specified by the user or if we
3079 dnl added -L dirpaths to SUDOERS_LDFLAGS.
3081 if test -n "$blibpath"; then
3082 if test -n "$blibpath_add"; then
3083 SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
3084 elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
3085 SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}"
3090 dnl Check for log file, timestamp and iolog locations
3092 if test "$utmp_style" = "LEGACY"; then
3100 dnl Use passwd auth module?
3102 case "$with_passwd" in
3104 AUTH_OBJS="$AUTH_OBJS getspwuid.lo passwd.lo"
3107 AC_DEFINE(WITHOUT_PASSWD)
3108 if test -z "$AUTH_OBJS"; then
3109 AC_MSG_ERROR([no authentication methods defined.])
3113 AUTH_OBJS=${AUTH_OBJS# }
3114 _AUTH=`echo "$AUTH_OBJS" | sed -e 's/\.lo//g' -e 's/getspwuid *//'`
3115 AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
3118 dnl LIBS may contain duplicates from SUDO_LIBS, SUDOERS_LIBS, or NET_LIBS
3120 if test -n "$LIBS"; then
3125 for sl in ${SUDO_LIBS} ${SUDOERS_LIBS} ${NET_LIBS}; do
3126 test $l = $sl && dupe=1
3128 test $dupe = 0 && LIBS="${LIBS} $l"
3133 dnl We add -Wall and -Werror after all tests so they don't cause failures
3135 if test -n "$GCC"; then
3136 if test X"$enable_warnings" = X"yes" -o X"$with_devel" = X"yes"; then
3137 CFLAGS="${CFLAGS} -Wall"
3139 if test X"$enable_werror" = X"yes"; then
3140 CFLAGS="${CFLAGS} -Werror"
3147 test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
3150 dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
3151 dnl XXX - this is gross!
3153 if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
3154 oexec_prefix="$exec_prefix"
3155 if test "$exec_prefix" = '$(prefix)'; then
3156 if test "$prefix" = "NONE"; then
3157 exec_prefix="$ac_default_prefix"
3159 exec_prefix="$prefix"
3162 if test X"$with_noexec" != X"no"; then
3163 PROGS="${PROGS} libsudo_noexec.la"
3164 INSTALL_NOEXEC="install-noexec"
3166 noexec_file="$with_noexec"
3168 while test X"$noexec_file" != X"$_noexec_file"; do
3169 _noexec_file="$noexec_file"
3170 eval noexec_file="$_noexec_file"
3172 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
3174 if test X"$with_selinux" != X"no"; then
3175 sesh_file="$libexecdir/sesh"
3177 while test X"$sesh_file" != X"$_sesh_file"; do
3178 _sesh_file="$sesh_file"
3179 eval sesh_file="$_sesh_file"
3181 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
3183 PLUGINDIR="$with_plugindir"
3185 while test X"$PLUGINDIR" != X"$_PLUGINDIR"; do
3186 _PLUGINDIR="$PLUGINDIR"
3187 eval PLUGINDIR="$_PLUGINDIR"
3189 SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/")
3190 SUDO_DEFINE_UNQUOTED(SUDOERS_PLUGIN, "sudoers${SOEXT}")
3191 exec_prefix="$oexec_prefix"
3195 dnl Override default configure dirs for the Makefile
3197 if test X"$prefix" = X"NONE"; then
3198 test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
3200 test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man'
3202 test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
3203 test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
3204 test "$libexecdir" = '${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec'
3205 test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include'
3206 test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share'
3207 test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
3208 test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
3211 dnl Substitute into the Makefile and man pages
3213 dnl AC_CONFIG_FILES([doc/sudo.man doc/visudo.man doc/sudoers.man doc/sudoers.ldap.man doc/sudoreplay.man src/Makefile src/sudo_usage.h])
3214 AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/sample_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers])
3218 dnl Spew any text the user needs to know about
3220 if test "$with_pam" = "yes"; then
3223 if test -f /usr/lib/security/libpam_hpsec.so.1; then
3224 AC_MSG_NOTICE([You may wish to add the following line to /etc/pam.conf])
3225 AC_MSG_NOTICE([sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login])
3229 AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
3235 dnl Autoheader templates
3237 AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
3238 AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
3239 AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
3240 AH_TEMPLATE(SUDOERS_PLUGIN, [The name of the sudoers plugin, including extension.])
3241 AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
3242 AH_TEMPLATE(ENV_DEBUG, [Define to 1 to enable environment function debugging.])
3243 AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
3244 AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
3245 AH_TEMPLATE(ENV_RESET, [Define to 1 to enable environment resetting by default.])
3246 AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
3247 AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
3248 AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
3249 AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
3250 AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
3251 AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM audit support.])
3252 AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
3253 AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
3254 AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
3255 AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
3256 AH_TEMPLATE(HAVE_DLOPEN, [Define to 1 if you have the `dlopen' function.])
3257 AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.])
3258 AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
3259 AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
3260 AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
3261 AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)])
3262 AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)])
3263 AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
3264 AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
3265 AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
3266 AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.])
3267 AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
3268 AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
3269 AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
3270 AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
3271 AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.])
3272 AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.])
3273 AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.])
3274 AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.])
3275 AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
3276 AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
3277 AH_TEMPLATE(HAVE_LIBINTL_H, [Define to 1 if you have the <libintl.h> header file.])
3278 AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.])
3279 AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
3280 AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
3281 AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.])
3282 AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
3283 AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
3284 AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.])
3285 AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.])
3286 AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.])
3287 AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
3288 AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
3289 AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments])
3290 AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union])
3291 AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
3292 AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
3293 AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
3294 AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
3295 AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
3296 AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
3297 AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
3298 AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
3299 AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
3300 AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support])
3301 AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
3302 AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
3303 AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.])
3304 AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
3305 AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
3306 AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
3307 AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
3308 AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
3309 AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
3310 AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
3311 AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
3312 AH_TEMPLATE(UMASK_OVERRIDE, [Define to 1 to use the umask specified in sudoers even when it is less restrictive than the invoking user's.])
3313 AH_TEMPLATE(USE_ADMIN_FLAG, [Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo.])
3314 AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
3315 AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
3316 AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
3317 AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
3318 AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.])
3319 AH_TEMPLATE(socklen_t, [Define to `unsigned int' if <sys/socket.h> doesn't define.])
3320 AH_TEMPLATE(HAVE_STRUCT_UTMP_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmp'.])
3321 AH_TEMPLATE(HAVE_STRUCT_UTMPX_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmpx'.])
3322 AH_TEMPLATE(HAVE___FUNC__, [Define to 1 if the compiler supports the C99 __func__ variable.])
3323 AH_TEMPLATE(SUDO_KRB5_INSTANCE, [An instance string to append to the username (separated by a slash) for Kerberos V authentication])
3326 dnl Bits to copy verbatim into config.h.in
3328 AH_TOP([#ifndef _SUDO_CONFIG_H
3329 #define _SUDO_CONFIG_H])
3332 * Macros to convert ctime and mtime into timevals.
3334 #define timespec2timeval(_ts, _tv) do { \
3335 (_tv)->tv_sec = (_ts)->tv_sec; \
3336 (_tv)->tv_usec = (_ts)->tv_nsec / 1000; \
3340 # ifdef HAVE_ST__TIM
3341 # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim.st__tim, (_y))
3342 # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim.st__tim, (_y))
3344 # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim, (_y))
3345 # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim, (_y))
3348 # ifdef HAVE_ST_MTIMESPEC
3349 # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctimespec, (_y))
3350 # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtimespec, (_y))
3352 # define ctim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_ctime; (_y)->tv_usec = 0; } while (0)
3353 # define mtim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_mtime; (_y)->tv_usec = 0; } while (0)
3354 # endif /* HAVE_ST_MTIMESPEC */
3355 #endif /* HAVE_ST_MTIM */
3357 /* GNU stow needs /etc/sudoers to be a symlink. */
3359 # define stat_sudoers stat
3361 # define stat_sudoers lstat
3364 /* Macros to set/clear/test flags. */
3366 #define SET(t, f) ((t) |= (f))
3368 #define CLR(t, f) ((t) &= ~(f))
3370 #define ISSET(t, f) ((t) & (f))
3372 /* ANSI-style OS defs for HP-UX and ConvexOS. */
3373 #if defined(hpux) && !defined(__hpux)
3377 #if defined(convex) && !defined(__convex__)
3378 # define __convex__ 1
3381 /* BSD compatibility on some SVR4 systems. */
3384 #endif /* __svr4__ */
3386 #endif /* _SUDO_CONFIG_H */])