2 dnl Process this file with GNU autoconf to produce a configure script.
3 dnl $Sudo: configure.in,v 1.413.2.47 2008/02/19 18:27:32 millert Exp $
5 dnl Copyright (c) 1994-1996,1998-2007 Todd C. Miller <Todd.Miller@courtesan.com>
7 AC_INIT([sudo], [1.6.9])
8 AC_CONFIG_HEADER(config.h pathnames.h)
10 dnl This won't work before AC_INIT
12 AC_MSG_NOTICE([Configuring Sudo version 1.6.9])
14 dnl Variables that get substituted in the Makefile and man pages
21 AC_SUBST(SUDO_LDFLAGS)
27 AC_SUBST(GETGROUPS_LIB)
31 AC_SUBST(MAN_POSTINSTALL)
32 AC_SUBST(SUDOERS_MODE)
45 AC_SUBST(INSTALL_NOEXEC)
46 AC_SUBST(DONT_LEAK_PATH_INFO)
48 dnl Variables that get substituted in docs (not overridden by environment)
50 AC_SUBST(timedir)dnl initial value from SUDO_TIMEDIR
52 AC_SUBST(password_timeout)
55 AC_SUBST(long_otp_prompt)
62 AC_SUBST(mail_no_user)
63 AC_SUBST(mail_no_host)
64 AC_SUBST(mail_no_perms)
67 AC_SUBST(badpass_message)
69 AC_SUBST(runas_default)
71 AC_SUBST(passwd_tries)
77 dnl Initial values for above
82 passprompt="Password:"
94 mailsub='*** SECURITY information for %h ***'
95 badpass_message='Sorry, try again.'
106 dnl Initial values for Makefile variables listed above
107 dnl May be overridden by environment variables..
112 : ${SUDOERS_MODE='0440'}
133 shadow_libs_optional=
136 dnl Override default configure dirs...
138 if test X"$prefix" = X"NONE"; then
139 test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
141 test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man'
143 test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
144 test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
145 test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
148 dnl Deprecated --with options (these all warn or generate an error)
151 AC_ARG_WITH(otp-only, [ --with-otp-only deprecated],
152 [case $with_otp_only in
153 yes) with_passwd="no"
154 AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
158 AC_ARG_WITH(alertmail, [ --with-alertmail deprecated],
159 [case $with_alertmail in
160 *) with_mailto="$with_alertmail"
161 AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
166 dnl Options for --with
169 AC_ARG_WITH(CC, [ --with-CC C compiler to use],
171 yes) AC_MSG_ERROR(["must give --with-CC an argument."])
173 no) AC_MSG_ERROR(["illegal argument: --without-CC."])
179 AC_ARG_WITH(rpath, [ --with-rpath pass -R flag in addition to -L for lib paths],
182 *) AC_MSG_ERROR(["--with-rpath does not take an argument."])
186 AC_ARG_WITH(blibpath, [ --with-blibpath[=PATH] pass -blibpath flag to ld for additional lib paths],
187 [case $with_blibpath in
189 *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
193 AC_ARG_WITH(incpath, [ --with-incpath additional places to look for include files],
194 [case $with_incpath in
195 yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
197 no) AC_MSG_ERROR(["--without-incpath not supported."])
199 *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
200 for i in ${with_incpath}; do
201 CPPFLAGS="${CPPFLAGS} -I${i}"
206 AC_ARG_WITH(libpath, [ --with-libpath additional places to look for libraries],
207 [case $with_libpath in
208 yes) AC_MSG_ERROR(["must give --with-libpath an argument."])
210 no) AC_MSG_ERROR(["--without-libpath not supported."])
212 *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS])
216 AC_ARG_WITH(libraries, [ --with-libraries additional libraries to link with],
217 [case $with_libraries in
218 yes) AC_MSG_ERROR(["must give --with-libraries an argument."])
220 no) AC_MSG_ERROR(["--without-libraries not supported."])
222 *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS])
226 AC_ARG_WITH(devel, [ --with-devel add development options],
228 yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
229 PROGS="${PROGS} testsudoers"
230 OSDEFS="${OSDEFS} -DSUDO_DEVEL"
234 *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
238 AC_ARG_WITH(efence, [ --with-efence link with -lefence for malloc() debugging],
239 [case $with_efence in
240 yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
241 LIBS="${LIBS} -lefence"
242 if test -f /usr/local/lib/libefence.a; then
243 with_libpath="${with_libpath} /usr/local/lib"
247 *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence])
251 AC_ARG_WITH(csops, [ --with-csops add CSOps standard options],
253 yes) AC_MSG_NOTICE([Adding CSOps standard options])
257 with_classic_insults=yes
258 with_csops_insults=yes
264 *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
268 AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for authentication],
269 [case $with_passwd in
270 yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
271 AC_MSG_RESULT($with_passwd)
273 test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
275 *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
279 AC_ARG_WITH(skey, [ --with-skey[=DIR] enable S/Key support ],
283 *) AC_DEFINE(HAVE_SKEY)
284 AC_MSG_CHECKING(whether to try S/Key authentication)
286 AUTH_REG="$AUTH_REG S/Key"
290 AC_ARG_WITH(opie, [ --with-opie[=DIR] enable OPIE support ],
294 *) AC_DEFINE(HAVE_OPIE)
295 AC_MSG_CHECKING(whether to try NRL OPIE authentication)
297 AUTH_REG="$AUTH_REG NRL_OPIE"
301 AC_ARG_WITH(long-otp-prompt, [ --with-long-otp-prompt use a two line OTP (skey/opie) prompt],
302 [case $with_long_otp_prompt in
303 yes) AC_DEFINE(LONG_OTP_PROMPT)
304 AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
308 no) long_otp_prompt=off
310 *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."])
314 AC_ARG_WITH(SecurID, [ --with-SecurID[[=DIR]] enable SecurID support],
315 [case $with_SecurID in
316 no) with_SecurID="";;
317 *) AC_DEFINE(HAVE_SECURID)
318 AC_MSG_CHECKING(whether to use SecurID for authentication)
320 AUTH_EXCL="$AUTH_EXCL SecurID"
324 AC_ARG_WITH(fwtk, [ --with-fwtk[[=DIR]] enable FWTK AuthSRV support],
327 *) AC_DEFINE(HAVE_FWTK)
328 AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
330 AUTH_EXCL="$AUTH_EXCL FWTK"
334 AC_ARG_WITH(kerb4, [ --with-kerb4[[=DIR]] enable Kerberos IV support],
337 *) AC_MSG_CHECKING(whether to try kerberos IV authentication)
339 AUTH_REG="$AUTH_REG kerb4"
343 AC_ARG_WITH(kerb5, [ --with-kerb5[[=DIR]] enable Kerberos V support],
346 *) AC_MSG_CHECKING(whether to try Kerberos V authentication)
348 AUTH_REG="$AUTH_REG kerb5"
352 AC_ARG_WITH(aixauth, [ --with-aixauth enable AIX general authentication support],
353 [case $with_aixauth in
354 yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
356 *) AC_MSG_ERROR(["--with-aixauth does not take an argument."])
360 AC_ARG_WITH(pam, [ --with-pam enable PAM support],
362 yes) AUTH_EXCL="$AUTH_EXCL PAM";;
364 *) AC_MSG_ERROR(["--with-pam does not take an argument."])
368 AC_ARG_WITH(AFS, [ --with-AFS enable AFS support],
370 yes) AC_DEFINE(HAVE_AFS)
371 AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
373 AUTH_REG="$AUTH_REG AFS"
376 *) AC_MSG_ERROR(["--with-AFS does not take an argument."])
380 AC_ARG_WITH(DCE, [ --with-DCE enable DCE support],
382 yes) AC_DEFINE(HAVE_DCE)
383 AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
385 AUTH_REG="$AUTH_REG DCE"
388 *) AC_MSG_ERROR(["--with-DCE does not take an argument."])
392 AC_ARG_WITH(logincap, [ --with-logincap enable BSD login class support],
393 [case $with_logincap in
395 *) AC_MSG_ERROR(["--with-logincap does not take an argument."])
399 AC_ARG_WITH(bsdauth, [ --with-bsdauth enable BSD authentication support],
400 [case $with_bsdauth in
401 yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
403 *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
407 AC_ARG_WITH(project, [ --with-project enable Solaris project support],
408 [case $with_project in
411 *) AC_MSG_ERROR(["--with-project does not take an argument."])
415 AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
416 AC_ARG_WITH(lecture, [ --without-lecture don't print lecture for first-time sudoer],
417 [case $with_lecture in
418 yes|short|always) lecture=once
420 no|none|never) lecture=never
422 *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"])
425 if test "$lecture" = "once"; then
428 AC_DEFINE(NO_LECTURE)
432 AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
433 AC_ARG_WITH(logging, [ --with-logging log via syslog, file, or both],
434 [case $with_logging in
435 yes) AC_MSG_ERROR(["must give --with-logging an argument."])
437 no) AC_MSG_ERROR(["--without-logging not supported."])
439 syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG)
440 AC_MSG_RESULT(syslog)
442 file) AC_DEFINE(LOGGING, SLOG_FILE)
445 both) AC_DEFINE(LOGGING, SLOG_BOTH)
448 *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"])
450 esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
452 AC_MSG_CHECKING(which syslog facility sudo should log with)
453 AC_ARG_WITH(logfac, [ --with-logfac syslog facility to log with (default is "local2")],
454 [case $with_logfac in
455 yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
457 no) AC_MSG_ERROR(["--without-logfac not supported."])
459 authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac
461 *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
464 AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
465 AC_MSG_RESULT($logfac)
467 AC_MSG_CHECKING(at which syslog priority to log commands)
468 AC_ARG_WITH(goodpri, [ --with-goodpri syslog priority for commands (def is "notice")],
469 [case $with_goodpri in
470 yes) AC_MSG_ERROR(["must give --with-goodpri an argument."])
472 no) AC_MSG_ERROR(["--without-goodpri not supported."])
474 alert|crit|debug|emerg|err|info|notice|warning)
475 goodpri=$with_goodpri
477 *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."])
480 AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
481 AC_MSG_RESULT($goodpri)
483 AC_MSG_CHECKING(at which syslog priority to log failures)
484 AC_ARG_WITH(badpri, [ --with-badpri syslog priority for failures (def is "alert")],
485 [case $with_badpri in
486 yes) AC_MSG_ERROR(["must give --with-badpri an argument."])
488 no) AC_MSG_ERROR(["--without-badpri not supported."])
490 alert|crit|debug|emerg|err|info|notice|warning)
493 *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
496 AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
497 AC_MSG_RESULT($badpri)
499 AC_ARG_WITH(logpath, [ --with-logpath path to the sudo log file],
500 [case $with_logpath in
501 yes) AC_MSG_ERROR(["must give --with-logpath an argument."])
503 no) AC_MSG_ERROR(["--without-logpath not supported."])
507 AC_MSG_CHECKING(how long a line in the log file should be)
508 AC_ARG_WITH(loglen, [ --with-loglen maximum length of a log file line (default is 80)],
509 [case $with_loglen in
510 yes) AC_MSG_ERROR(["must give --with-loglen an argument."])
512 no) AC_MSG_ERROR(["--without-loglen not supported."])
514 [[0-9]]*) loglen=$with_loglen
516 *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"])
519 AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
520 AC_MSG_RESULT($loglen)
522 AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
523 AC_ARG_WITH(ignore-dot, [ --with-ignore-dot ignore '.' in the PATH],
524 [case $with_ignore_dot in
529 *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."])
532 if test "$ignore_dot" = "on"; then
533 AC_DEFINE(IGNORE_DOT_PATH)
539 AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
540 AC_ARG_WITH(mail-if-no-user, [ --without-mail-if-no-user do not send mail if user not in sudoers],
541 [case $with_mail_if_no_user in
546 *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."])
549 if test "$mail_no_user" = "on"; then
550 AC_DEFINE(SEND_MAIL_WHEN_NO_USER)
556 AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
557 AC_ARG_WITH(mail-if-no-host, [ --with-mail-if-no-host send mail if user in sudoers but not for this host],
558 [case $with_mail_if_no_host in
563 *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."])
566 if test "$mail_no_host" = "on"; then
567 AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
573 AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
574 AC_ARG_WITH(mail-if-noperms, [ --with-mail-if-noperms send mail if user not allowed to run command],
575 [case $with_mail_if_noperms in
580 *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."])
583 if test "$mail_noperms" = "on"; then
584 AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
590 AC_MSG_CHECKING(who should get the mail that sudo sends)
591 AC_ARG_WITH(mailto, [ --with-mailto who should get sudo mail (default is "root")],
592 [case $with_mailto in
593 yes) AC_MSG_ERROR(["must give --with-mailto an argument."])
595 no) AC_MSG_ERROR(["--without-mailto not supported."])
597 *) mailto=$with_mailto
600 AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
601 AC_MSG_RESULT([$mailto])
603 AC_ARG_WITH(mailsubject, [ --with-mailsubject subject of sudo mail],
604 [case $with_mailsubject in
605 yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."])
607 no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.])
609 *) mailsub="$with_mailsubject"
610 AC_MSG_CHECKING(sudo mail subject)
611 AC_MSG_RESULT([Using alert mail subject: $mailsub])
614 AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
616 AC_MSG_CHECKING(for bad password prompt)
617 AC_ARG_WITH(passprompt, [ --with-passprompt default password prompt],
618 [case $with_passprompt in
619 yes) AC_MSG_ERROR(["must give --with-passprompt an argument."])
621 no) AC_MSG_WARN([Sorry, --without-passprompt not supported.])
623 *) passprompt="$with_passprompt"
625 AC_MSG_RESULT($passprompt)
626 AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
628 AC_MSG_CHECKING(for bad password message)
629 AC_ARG_WITH(badpass-message, [ --with-badpass-message message the user sees when the password is wrong],
630 [case $with_badpass_message in
631 yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
633 no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.])
635 *) badpass_message="$with_badpass_message"
638 AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
639 AC_MSG_RESULT([$badpass_message])
641 AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
642 AC_ARG_WITH(fqdn, [ --with-fqdn expect fully qualified hosts in sudoers],
648 *) AC_MSG_ERROR(["--with-fqdn does not take an argument."])
651 if test "$fqdn" = "on"; then
658 AC_ARG_WITH(timedir, [ --with-timedir path to the sudo timestamp dir],
659 [case $with_timedir in
660 yes) AC_MSG_ERROR(["must give --with-timedir an argument."])
662 no) AC_MSG_ERROR(["--without-timedir not supported."])
666 AC_ARG_WITH(sendmail, [ --with-sendmail=path set path to sendmail
667 --without-sendmail do not send mail at all],
668 [case $with_sendmail in
669 yes) with_sendmail=""
672 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
676 AC_ARG_WITH(sudoers-mode, [ --with-sudoers-mode mode of sudoers file (defaults to 0440)],
677 [case $with_sudoers_mode in
678 yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
680 no) AC_MSG_ERROR(["--without-sudoers-mode not supported."])
682 [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode}
684 0*) SUDOERS_MODE=$with_sudoers_mode
686 *) AC_MSG_ERROR(["you must use an octal mode, not a name."])
690 AC_ARG_WITH(sudoers-uid, [ --with-sudoers-uid uid that owns sudoers file (defaults to 0)],
691 [case $with_sudoers_uid in
692 yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
694 no) AC_MSG_ERROR(["--without-sudoers-uid not supported."])
696 [[0-9]]*) SUDOERS_UID=$with_sudoers_uid
698 *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."])
702 AC_ARG_WITH(sudoers-gid, [ --with-sudoers-gid gid that owns sudoers file (defaults to 0)],
703 [case $with_sudoers_gid in
704 yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
706 no) AC_MSG_ERROR(["--without-sudoers-gid not supported."])
708 [[0-9]]*) SUDOERS_GID=$with_sudoers_gid
710 *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."])
714 AC_MSG_CHECKING(for umask programs should be run with)
715 AC_ARG_WITH(umask, [ --with-umask umask with which the prog should run (default is 022)
716 --without-umask Preserves the umask of the user invoking sudo.],
718 yes) AC_MSG_ERROR(["must give --with-umask an argument."])
722 [[0-9]]*) sudo_umask=$with_umask
724 *) AC_MSG_ERROR(["you must enter a numeric mask."])
727 AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.])
728 if test "$sudo_umask" = "0777"; then
731 AC_MSG_RESULT($sudo_umask)
734 AC_MSG_CHECKING(for default user to run commands as)
735 AC_ARG_WITH(runas-default, [ --with-runas-default User to run commands as (default is "root")],
736 [case $with_runas_default in
737 yes) AC_MSG_ERROR(["must give --with-runas-default an argument."])
739 no) AC_MSG_ERROR(["--without-runas-default not supported."])
741 *) runas_default="$with_runas_default"
744 AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
745 AC_MSG_RESULT([$runas_default])
747 AC_ARG_WITH(exempt, [ --with-exempt=group no passwd needed for users in this group],
748 [case $with_exempt in
749 yes) AC_MSG_ERROR(["must give --with-exempt an argument."])
751 no) AC_MSG_ERROR(["--without-exempt not supported."])
753 *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
754 AC_MSG_CHECKING(for group to be exempt from password)
755 AC_MSG_RESULT([$with_exempt])
759 AC_MSG_CHECKING(for editor that visudo should use)
760 AC_ARG_WITH(editor, [ --with-editor=path Default editor for visudo (defaults to vi)],
761 [case $with_editor in
762 yes) AC_MSG_ERROR(["must give --with-editor an argument."])
764 no) AC_MSG_ERROR(["--without-editor not supported."])
766 *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
767 AC_MSG_RESULT([$with_editor])
769 esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
771 AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
772 AC_ARG_WITH(env-editor, [ --with-env-editor Use the environment variable EDITOR for visudo],
773 [case $with_env_editor in
778 *) AC_MSG_ERROR(["--with-env-editor does not take an argument."])
781 if test "$env_editor" = "on"; then
782 AC_DEFINE(ENV_EDITOR)
788 AC_MSG_CHECKING(number of tries a user gets to enter their password)
789 AC_ARG_WITH(passwd-tries, [ --with-passwd-tries number of tries to enter password (default is 3)],
790 [case $with_passwd_tries in
792 no) AC_MSG_ERROR(["--without-editor not supported."])
794 [[1-9]]*) passwd_tries=$with_passwd_tries
796 *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"])
799 AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
800 AC_MSG_RESULT($passwd_tries)
802 AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
803 AC_ARG_WITH(timeout, [ --with-timeout minutes before sudo asks for passwd again (def is 5 minutes)],
804 [case $with_timeout in
808 [[0-9]]*) timeout=$with_timeout
810 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
813 AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
814 AC_MSG_RESULT($timeout)
816 AC_MSG_CHECKING(time in minutes after the password prompt will time out)
817 AC_ARG_WITH(password-timeout, [ --with-password-timeout passwd prompt timeout in minutes (default is 5 minutes)],
818 [case $with_password_timeout in
820 no) password_timeout=0
822 [[0-9]]*) password_timeout=$with_password_timeout
824 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
827 AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
828 AC_MSG_RESULT($password_timeout)
830 AC_MSG_CHECKING(whether to use per-tty ticket files)
831 AC_ARG_WITH(tty-tickets, [ --with-tty-tickets use a different ticket file for each tty],
832 [case $with_tty_tickets in
837 *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
840 if test "$tty_tickets" = "on"; then
841 AC_DEFINE(USE_TTY_TICKETS)
847 AC_MSG_CHECKING(whether to include insults)
848 AC_ARG_WITH(insults, [ --with-insults insult the user for entering an incorrect password],
849 [case $with_insults in
851 with_classic_insults=yes
852 with_csops_insults=yes
856 *) AC_MSG_ERROR(["--with-insults does not take an argument."])
859 if test "$insults" = "on"; then
860 AC_DEFINE(USE_INSULTS)
866 AC_ARG_WITH(all-insults, [ --with-all-insults include all the sudo insult sets],
867 [case $with_all_insults in
868 yes) with_classic_insults=yes
869 with_csops_insults=yes
871 with_goons_insults=yes
874 *) AC_MSG_ERROR(["--with-all-insults does not take an argument."])
878 AC_ARG_WITH(classic-insults, [ --with-classic-insults include the insults from the "classic" sudo],
879 [case $with_classic_insults in
880 yes) AC_DEFINE(CLASSIC_INSULTS)
883 *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."])
887 AC_ARG_WITH(csops-insults, [ --with-csops-insults include CSOps insults],
888 [case $with_csops_insults in
889 yes) AC_DEFINE(CSOPS_INSULTS)
892 *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."])
896 AC_ARG_WITH(hal-insults, [ --with-hal-insults include 2001-like insults],
897 [case $with_hal_insults in
898 yes) AC_DEFINE(HAL_INSULTS)
901 *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."])
905 AC_ARG_WITH(goons-insults, [ --with-goons-insults include the insults from the "Goon Show"],
906 [case $with_goons_insults in
907 yes) AC_DEFINE(GOONS_INSULTS)
910 *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."])
914 AC_ARG_WITH(ldap, [ --with-ldap[[=DIR]] enable LDAP support],
917 *) AC_DEFINE(HAVE_LDAP)
918 AC_MSG_CHECKING(whether to use sudoers from LDAP)
922 AC_ARG_WITH(ldap-conf-file, [ --with-ldap-conf-file path to LDAP configuration file],
923 [AC_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$with_ldap_conf_file", [Path to the ldap.conf file])])
924 AC_ARG_WITH(ldap-secret-file, [ --with-ldap-secret-file path to LDAP secret password file],
925 [AC_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$with_ldap_secret_file", [Path to the ldap.secret file])])
927 AC_ARG_WITH(pc-insults, [ --with-pc-insults replace politically incorrect insults with less offensive ones],
928 [case $with_pc_insults in
929 yes) AC_DEFINE(PC_INSULTS)
932 *) AC_MSG_ERROR(["--with-pc-insults does not take an argument."])
936 dnl include all insult sets on one line
937 if test "$insults" = "on"; then
938 AC_MSG_CHECKING(which insult sets to include)
940 test "$with_goons_insults" = "yes" && i="goons ${i}"
941 test "$with_hal_insults" = "yes" && i="hal ${i}"
942 test "$with_csops_insults" = "yes" && i="csops ${i}"
943 test "$with_classic_insults" = "yes" && i="classic ${i}"
947 AC_MSG_CHECKING(whether to override the user's path)
948 AC_ARG_WITH(secure-path, [ --with-secure-path override the user's path with a built-in one],
949 [case $with_secure_path in
950 yes) AC_DEFINE_UNQUOTED(SECURE_PATH, "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc")
951 AC_MSG_RESULT([:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc])
953 no) AC_MSG_RESULT(no)
955 *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
956 AC_MSG_RESULT([$with_secure_path])
958 esac], AC_MSG_RESULT(no))
960 AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
961 AC_ARG_WITH(interfaces, [ --without-interfaces don't try to read the ip addr of ether interfaces],
962 [case $with_interfaces in
963 yes) AC_MSG_RESULT(yes)
965 no) AC_DEFINE(STUB_LOAD_INTERFACES)
968 *) AC_MSG_ERROR(["--with-interfaces does not take an argument."])
970 esac], AC_MSG_RESULT(yes))
972 AC_MSG_CHECKING(whether stow should be used)
973 AC_ARG_WITH(stow, [ --with-stow properly handle GNU stow packaging],
975 yes) AC_MSG_RESULT(yes)
978 no) AC_MSG_RESULT(no)
980 *) AC_MSG_ERROR(["--with-stow does not take an argument."])
982 esac], AC_MSG_RESULT(no))
985 dnl Options for --enable
988 AC_MSG_CHECKING(whether to do user authentication by default)
989 AC_ARG_ENABLE(authentication,
990 [ --disable-authentication
991 Do not require authentication by default],
992 [ case "$enableval" in
993 yes) AC_MSG_RESULT(yes)
995 no) AC_MSG_RESULT(no)
996 AC_DEFINE(NO_AUTHENTICATION)
999 AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval])
1002 ], AC_MSG_RESULT(yes))
1004 AC_MSG_CHECKING(whether to disable running the mailer as root)
1005 AC_ARG_ENABLE(root-mailer,
1006 [ --disable-root-mailer Don't run the mailer as root, run as the user],
1007 [ case "$enableval" in
1008 yes) AC_MSG_RESULT(no)
1010 no) AC_MSG_RESULT(yes)
1011 AC_DEFINE(NO_ROOT_MAILER)
1013 *) AC_MSG_RESULT(no)
1014 AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval])
1017 ], AC_MSG_RESULT(no))
1019 AC_ARG_ENABLE(setreuid,
1020 [ --disable-setreuid Don't try to use the setreuid() function],
1021 [ case "$enableval" in
1022 no) SKIP_SETREUID=yes
1028 AC_ARG_ENABLE(setresuid,
1029 [ --disable-setresuid Don't try to use the setresuid() function],
1030 [ case "$enableval" in
1031 no) SKIP_SETRESUID=yes
1037 AC_MSG_CHECKING(whether to disable shadow password support)
1038 AC_ARG_ENABLE(shadow,
1039 [ --disable-shadow Never use shadow passwords],
1040 [ case "$enableval" in
1041 yes) AC_MSG_RESULT(no)
1043 no) AC_MSG_RESULT(yes)
1046 *) AC_MSG_RESULT(no)
1047 AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval])
1050 ], AC_MSG_RESULT(no))
1052 AC_MSG_CHECKING(whether root should be allowed to use sudo)
1053 AC_ARG_ENABLE(root-sudo,
1054 [ --disable-root-sudo Don't allow root to run sudo],
1055 [ case "$enableval" in
1056 yes) AC_MSG_RESULT(yes)
1058 no) AC_DEFINE(NO_ROOT_SUDO)
1062 *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."])
1065 ], AC_MSG_RESULT(yes))
1067 AC_MSG_CHECKING(whether to log the hostname in the log file)
1068 AC_ARG_ENABLE(log-host,
1069 [ --enable-log-host Log the hostname in the log file],
1070 [ case "$enableval" in
1071 yes) AC_MSG_RESULT(yes)
1072 AC_DEFINE(HOST_IN_LOG)
1074 no) AC_MSG_RESULT(no)
1076 *) AC_MSG_RESULT(no)
1077 AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval])
1080 ], AC_MSG_RESULT(no))
1082 AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
1083 AC_ARG_ENABLE(noargs-shell,
1084 [ --enable-noargs-shell If sudo is given no arguments run a shell],
1085 [ case "$enableval" in
1086 yes) AC_MSG_RESULT(yes)
1087 AC_DEFINE(SHELL_IF_NO_ARGS)
1089 no) AC_MSG_RESULT(no)
1091 *) AC_MSG_RESULT(no)
1092 AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval])
1095 ], AC_MSG_RESULT(no))
1097 AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
1098 AC_ARG_ENABLE(shell-sets-home,
1099 [ --enable-shell-sets-home
1100 set $HOME to target user in shell mode],
1101 [ case "$enableval" in
1102 yes) AC_MSG_RESULT(yes)
1103 AC_DEFINE(SHELL_SETS_HOME)
1105 no) AC_MSG_RESULT(no)
1107 *) AC_MSG_RESULT(no)
1108 AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval])
1111 ], AC_MSG_RESULT(no))
1113 AC_MSG_CHECKING(whether to disable 'command not found' messages)
1114 AC_ARG_ENABLE(path_info,
1115 [ --disable-path-info Print 'command not allowed' not 'command not found'],
1116 [ case "$enableval" in
1117 yes) AC_MSG_RESULT(no)
1119 no) AC_MSG_RESULT(yes)
1120 AC_DEFINE(DONT_LEAK_PATH_INFO)
1123 *) AC_MSG_RESULT(no)
1124 AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval])
1127 ], AC_MSG_RESULT(no))
1129 AC_ARG_WITH(selinux, [ --with-selinux enable SELinux support],
1130 [case $with_selinux in
1131 yes) AC_DEFINE(HAVE_SELINUX)
1132 SUDO_LIBS="${SUDO_LIBS} -lselinux"
1133 SUDO_OBJS="${SUDO_OBJS} selinux.o"
1134 PROGS="${PROGS} sesh"
1139 *) AC_MSG_ERROR(["--with-selinux does not take an argument."])
1144 dnl If we don't have egrep we can't do anything...
1146 AC_CHECK_PROG(EGREPPROG, egrep, egrep)
1147 if test -z "$EGREPPROG"; then
1148 AC_MSG_ERROR([Sorry, configure requires egrep to run.])
1152 dnl Prevent configure from adding the -g flag unless in devel mode
1154 if test "$with_devel" != "yes"; then
1159 dnl C compiler checks
1165 dnl Libtool magic; enable shared libs and disable static libs
1168 AC_CANONICAL_TARGET([])
1173 dnl Defer with_noexec until after libtool magic runs
1175 if test "$enable_shared" = "no"; then
1178 eval _shrext="$shrext_cmds"
1180 AC_MSG_CHECKING(path to sudo_noexec.so)
1181 AC_ARG_WITH(noexec, [ --with-noexec[=PATH] fully qualified pathname of sudo_noexec.so],
1182 [case $with_noexec in
1183 yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
1187 esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
1188 AC_MSG_RESULT($with_noexec)
1189 NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
1192 dnl It is now safe to modify CFLAGS and CPPFLAGS
1194 if test "$with_devel" = "yes" -a -n "$GCC"; then
1195 CFLAGS="${CFLAGS} -Wall"
1199 dnl Find programs we use
1201 AC_CHECK_PROG(UNAMEPROG, uname, uname)
1202 AC_CHECK_PROG(TRPROG, tr, tr)
1203 AC_CHECK_PROG(NROFFPROG, nroff, nroff)
1204 if test -z "$NROFFPROG"; then
1206 mansrcdir='$(srcdir)'
1210 dnl What kind of beastie are we being run on?
1211 dnl Barf if config.cache was generated on another host.
1213 if test -n "$sudo_cv_prev_host"; then
1214 if test "$sudo_cv_prev_host" != "$host"; then
1215 AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
1217 AC_MSG_CHECKING(previous host type)
1218 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1219 AC_MSG_RESULT([$sudo_cv_prev_host])
1222 # this will produce no output since there is no cached value
1223 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1227 dnl We want to be able to differentiate between different rev's
1229 if test -n "$host_os"; then
1230 OS=`echo $host_os | sed 's/[[0-9]].*//'`
1231 OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'`
1232 OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
1241 # getcwd(3) opens a pipe to getpwd(1)!?!
1244 # system headers lack prototypes but gcc helps...
1245 if test -n "$GCC"; then
1246 OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
1249 shadow_funcs="getpwanam issecure"
1252 # To get the crypt(3) prototype (so we pass -Wall)
1253 OSDEFS="${OSDEFS} -D__EXTENSIONS__"
1254 # AFS support needs -lucb
1255 if test "$with_AFS" = "yes"; then
1256 AFS_LIBS="-lc -lucb"
1259 : ${mansectform='4'}
1260 : ${with_rpath='yes'}
1261 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1264 # To get all prototypes (so we pass -Wall)
1265 OSDEFS="${OSDEFS} -D_XOPEN_EXTENDED_SOURCE -D_ALL_SOURCE"
1266 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
1267 if test X"$with_blibpath" != X"no"; then
1268 AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
1269 O_LDFLAGS="$LDFLAGS"
1270 LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
1271 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [
1272 if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
1273 blibpath="$with_blibpath"
1274 elif test -n "$GCC"; then
1275 blibpath="/usr/lib:/lib:/usr/local/lib"
1277 blibpath="/usr/lib:/lib"
1280 ], [AC_MSG_RESULT(no)])
1282 LDFLAGS="$O_LDFLAGS"
1284 # Use authenticate(3) as the default authentication method
1285 if test X"$with_aixauth" = X""; then
1286 AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
1291 : ${mansectform='4'}
1294 # AFS support needs -lBSD
1295 if test "$with_AFS" = "yes"; then
1296 AFS_LIBS="-lc -lBSD"
1299 : ${mansectform='4'}
1303 AC_DEFINE(BROKEN_SYSLOG)
1305 # Not sure if setuid binaries are safe in < 9.x
1306 if test -n "$GCC"; then
1307 SUDO_LDFLAGS="${SUDO_LDFLAGS} -static"
1309 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive"
1313 AC_DEFINE(BROKEN_SYSLOG)
1315 shadow_funcs="getspwuid"
1317 # DCE support (requires ANSI C compiler)
1318 if test "$with_DCE" = "yes"; then
1319 # order of libs in 9.X is important. -lc_r must be last
1320 SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r"
1321 LIBS="${LIBS} -ldce -lM -lc_r"
1322 CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
1326 shadow_funcs="getprpwnam iscomsec"
1330 shadow_funcs="getspnam iscomsec"
1332 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1337 # ignore envariables wrt dynamic lib path
1338 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement"
1340 : ${CHECKSIA='true'}
1341 AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
1343 [ --disable-sia Disable SIA on Digital UNIX],
1344 [ case "$enableval" in
1345 yes) AC_MSG_RESULT(no)
1348 no) AC_MSG_RESULT(yes)
1351 *) AC_MSG_RESULT(no)
1352 AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval])
1355 ], AC_MSG_RESULT(no))
1357 shadow_funcs="getprpwnam dispcrypt"
1358 # OSF/1 4.x and higher need -ldb too
1359 if test $OSMAJOR -lt 4; then
1360 shadow_libs="-lsecurity -laud -lm"
1362 shadow_libs="-lsecurity -ldb -laud -lm"
1365 # use SIA by default, if we have it
1366 test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
1369 # Some versions of Digital Unix ship with a broken
1370 # copy of prot.h, which we need for shadow passwords.
1371 # XXX - make should remove this as part of distclean
1373 AC_MSG_CHECKING([for broken prot.h])
1374 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1375 #include <sys/types.h>
1376 #include <sys/security.h>
1378 ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
1379 sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
1382 : ${mansectform='4'}
1385 OSDEFS="${OSDEFS} -D_BSD_TYPES"
1386 if test -z "$NROFFPROG"; then
1387 MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
1388 if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
1389 if test -d /usr/share/catman/local; then
1390 mandir="/usr/share/catman/local"
1392 mandir="/usr/catman/local"
1396 if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
1397 if test -d "/usr/share/man/local"; then
1398 mandir="/usr/share/man/local"
1400 mandir="/usr/man/local"
1404 # IRIX <= 4 needs -lsun
1405 if test "$OSMAJOR" -le 4; then
1406 AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
1409 : ${mansectform='4'}
1411 *-*-linux*|*-*-k*bsd*-gnu)
1412 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1413 # Some Linux versions need to link with -lshadow
1414 shadow_funcs="getspnam"
1415 shadow_libs_optional="-lshadow"
1416 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1419 OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
1420 if test -z "$GCC"; then
1421 CFLAGS="${CFLAGS} -D__STDC__"
1424 shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
1425 shadow_funcs="getprpwnam"
1426 shadow_libs="-lprot"
1430 shadow_funcs="getauthuid"
1431 shadow_libs="-lauth"
1434 LIBS="${LIBS} -lsun -lbsd"
1435 CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
1436 OSDEFS="${OSDEFS} -D_MIPS"
1438 : ${mansectform='4'}
1441 OSDEFS="${OSDEFS} -D_ISC"
1443 SUDO_LIBS="${SUDO_LIBS} -lcrypt"
1444 LIBS="${LIBS} -lcrypt"
1446 shadow_funcs="getspnam"
1450 : ${mansectform='4'}
1453 shadow_funcs="getprpwnam"
1454 shadow_libs="-lprot -lx"
1456 : ${mansectform='4'}
1458 m88k-motorola-sysv*)
1459 # motorolla's cc (a variant of gcc) does -O but not -O2
1460 CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
1462 : ${mansectform='4'}
1465 shadow_funcs="getspnam"
1468 : ${mansectform='4'}
1469 : ${with_rpath='yes'}
1471 *-ncr-sysv4*|*-ncr-sysvr4*)
1472 AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes])
1474 : ${mansectform='4'}
1475 : ${with_rpath='yes'}
1477 *-ccur-sysv4*|*-ccur-sysvr4*)
1478 LIBS="${LIBS} -lgen"
1479 SUDO_LIBS="${SUDO_LIBS} -lgen"
1481 : ${mansectform='4'}
1482 : ${with_rpath='yes'}
1486 # Use shlicc for BSD/OS [23].x unless asked to do otherwise
1487 if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then
1489 2|3) AC_MSG_NOTICE([using shlicc as CC])
1490 ac_cv_prog_CC=shlicc
1495 # Check for newer BSD auth API (just check for >= 3.0?)
1496 if test -z "$with_bsdauth"; then
1497 AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
1501 # FreeBSD has a real setreuid(2) starting with 2.1 and
1502 # backported to 2.0.5. We just take 2.1 and above...
1508 if test "$with_skey" = "yes"; then
1509 SUDO_LIBS="${SUDO_LIBS} -lmd"
1512 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1513 : ${with_logincap='maybe'}
1516 # OpenBSD has a real setreuid(2) starting with 3.3 but
1517 # we will use setreuid(2) instead.
1520 # OpenBSD >= 3.0 supports BSD auth
1521 if test -z "$with_bsdauth"; then
1526 AUTH_EXCL_DEF="BSD_AUTH"
1530 : ${with_logincap='maybe'}
1533 # NetBSD has a real setreuid(2) starting with 1.3.2
1535 0.9*|1.[012]*|1.3|1.3.1)
1540 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1541 : ${with_logincap='maybe'}
1544 if test "$with_skey" = "yes"; then
1545 SUDO_LIBS="${SUDO_LIBS} -lmd"
1548 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1549 : ${with_logincap='yes'}
1557 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1558 : ${with_logincap='yes'}
1561 # lockf() on is broken on the NeXT -- use flock instead
1563 ac_cv_func_flock=yes
1567 : ${mansectform='4'}
1568 : ${with_rpath='yes'}
1572 : ${mansectform='4'}
1575 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1580 dnl Check for mixing mutually exclusive and regular auth methods
1582 AUTH_REG=${AUTH_REG# }
1583 AUTH_EXCL=${AUTH_EXCL# }
1584 if test -n "$AUTH_EXCL"; then
1586 if test $# != 1; then
1587 AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL])
1589 if test -n "$AUTH_REG"; then
1590 AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
1594 dnl Only one of S/Key and OPIE may be specified
1596 if test X"${with_skey}${with_opie}" = X"yesyes"; then
1597 AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
1601 dnl Use BSD-style man sections by default
1604 : ${mansectform='5'}
1607 dnl Add in any libpaths or libraries specified via configure
1609 if test -n "$with_libpath"; then
1610 for i in ${with_libpath}; do
1611 SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
1614 if test -n "$with_libraries"; then
1615 for i in ${with_libraries}; do
1627 dnl C compiler checks (to be done after os checks)
1629 AC_PROG_GCC_TRADITIONAL
1638 if test -z "$with_sendmail"; then
1641 if test -z "$with_editor"; then
1645 dnl Header file checks
1650 AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h)
1651 AC_CHECK_HEADERS([err.h], [], [AC_LIBOBJ(err)])
1652 dnl ultrix termio/termios are broken
1653 if test "$OS" != "ultrix"; then
1654 AC_SYS_POSIX_TERMIOS
1655 if test "$ac_cv_sys_posix_termios" = "yes"; then
1656 AC_DEFINE(HAVE_TERMIOS_H)
1658 AC_CHECK_HEADERS(termio.h)
1661 if test ${with_logincap-'no'} != "no"; then
1662 AC_CHECK_HEADERS(login_cap.h, [LCMAN=""
1664 freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
1669 if test ${with_project-'no'} != "no"; then
1670 AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H)
1671 [SUDO_LIBS="${SUDO_LIBS} -lproject"], -)
1678 AC_CHECK_TYPES([sig_atomic_t], , [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
1679 #include <signal.h>])
1680 AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include <sys/types.h>
1681 #include <signal.h>])
1682 AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include <sys/types.h>
1683 #if TIME_WITH_SYS_TIME
1684 # include <sys/time.h>
1687 AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include <sys/types.h>
1688 #include <netinet/in.h>])
1698 dnl only set RETSIGTYPE if it is not set already
1708 AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
1709 strftime setrlimit initgroups getgroups fstat gettimeofday \
1710 setlocale getaddrinfo)
1711 if test -z "$SKIP_SETRESUID"; then
1712 AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
1714 if test -z "$SKIP_SETREUID"; then
1715 AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
1717 if test -z "$SKIP_SETEUID"; then
1718 AC_CHECK_FUNCS(seteuid)
1720 if test X"$with_interfaces" != X"no"; then
1721 AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
1723 if test -z "$BROKEN_GETCWD"; then
1724 AC_REPLACE_FUNCS(getcwd)
1726 AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h)
1727 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <glob.h>]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB)
1728 AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob)
1729 AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)])
1730 AC_CHECK_FUNCS(lockf flock, [break])
1731 AC_CHECK_FUNCS(waitpid wait3, [break])
1732 AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
1733 AC_CHECK_FUNCS(lsearch, [], [AC_CHECK_LIB([compat], [lsearch], [AC_CHECK_HEADER([search.h], [AC_DEFINE(HAVE_LSEARCH)] [LIBS="${LIBS} -lcompat"], [AC_LIBOBJ(lsearch)], -)], [AC_LIBOBJ(lsearch)])])
1734 AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
1735 SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)])
1737 AC_REPLACE_FUNCS(memrchr strerror strcasecmp sigaction strlcpy strlcat)
1738 AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom)
1739 AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [],
1740 [ #include <limits.h>
1741 #include <fcntl.h> ])
1743 AC_CHECK_FUNCS(mkstemp, [], [SUDO_OBJS="${SUDO_OBJS} mkstemp.o"
1744 AC_CHECK_FUNCS(random lrand48, [break])
1746 AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
1747 if test X"$ac_cv_type_struct_timespec" != X"no"; then
1748 AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)]
1749 [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))],
1750 [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
1751 AC_MSG_CHECKING([for two-parameter timespecsub])
1752 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1753 #include <sys/time.h>]], [[struct timespec ts1, ts2;
1754 ts1.tv_sec = 1; ts1.tv_nsec = 0; ts2.tv_sec = 0; ts2.tv_nsec = 0;
1756 #error missing timespecsub
1758 timespecsub(&ts1, &ts2);]])], [AC_DEFINE(HAVE_TIMESPECSUB2)
1759 AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)])
1762 dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
1764 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1765 #include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_TRY_LINK([#include <sys/types.h>
1766 #include <$ac_header_dirent>], [DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);], [AC_DEFINE(HAVE_DD_FD)])])
1768 dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
1769 dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
1771 if test -n "$NEED_SNPRINTF"; then
1775 dnl If socket(2) not in libc, check -lsocket and -linet
1776 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
1777 dnl In this case we look for main(), not socket() to avoid using a cached value
1779 AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl)
1780 AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))])
1782 dnl If inet_addr(3) not in libc, check -lnsl and -linet
1783 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
1785 AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl)
1786 AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))])
1788 dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
1790 AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))])
1792 dnl Bison and DCE use alloca(3), if not in libc, use the sudo one (from gcc)
1793 dnl (gcc includes its own alloca(3) but other compilers may not)
1795 if test "$with_DCE" = "yes" -o "$ac_cv_prog_YACC" = "bison -y"; then
1799 dnl Check for getprogname() or __progname
1801 AC_CHECK_FUNCS(getprogname, , [
1802 AC_MSG_CHECKING([for __progname])
1803 AC_CACHE_VAL(sudo_cv___progname, [
1804 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
1805 if test "$sudo_cv___progname" = "yes"; then
1806 AC_DEFINE(HAVE___PROGNAME)
1808 AC_LIBOBJ(getprogname)
1810 AC_MSG_RESULT($sudo_cv___progname)
1814 dnl Mutually exclusive auth checks come first, followed by
1815 dnl non-exclusive ones. Note: passwd must be last of all!
1819 dnl Convert default authentication methods to with_* if
1820 dnl no explicit authentication scheme was specified.
1822 if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
1823 for auth in $AUTH_EXCL_DEF; do
1825 AIX_AUTH) with_aixauth=maybe;;
1826 BSD_AUTH) with_bsdauth=maybe;;
1827 PAM) with_pam=maybe;;
1828 SIA) CHECKSIA=true;;
1834 dnl PAM support. Systems that use PAM by default set with_pam=default
1835 dnl and we do the actual tests here.
1837 if test ${with_pam-"no"} != "no"; then
1839 dnl Linux may need this
1841 AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"])
1842 ac_cv_lib_dl=ac_cv_lib_dl_main
1845 dnl Some PAM implementations (MacOS X for example) put the PAM headers
1846 dnl in /usr/include/pam instead of /usr/include/security...
1848 AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break])
1849 if test "$with_pam" = "yes"; then
1851 AUTH_OBJS="$AUTH_OBJS pam.o";
1853 AC_MSG_CHECKING(whether to use PAM session support)
1854 AC_ARG_ENABLE(pam_session,
1855 [ --disable-pam-session Disable PAM session support],
1856 [ case "$enableval" in
1857 yes) AC_MSG_RESULT(yes)
1859 no) AC_MSG_RESULT(no)
1860 AC_DEFINE(NO_PAM_SESSION)
1862 *) AC_MSG_RESULT(no)
1863 AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
1865 esac], AC_MSG_RESULT(yes))
1867 *-*-linux*|*-*-solaris*)
1868 AC_CHECK_FUNCS(dgettext, [],
1869 [AC_CHECK_LIB(intl, dgettext, [LIBS="${LIBS} -lintl"]
1870 [AC_DEFINE(HAVE_DGETTEXT)])])
1877 dnl AIX general authentication
1878 dnl If set to "maybe" only enable if no other exclusive method in use.
1880 if test ${with_aixauth-'no'} != "no"; then
1881 if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
1882 AC_MSG_NOTICE([using AIX general authentication])
1883 AC_DEFINE(HAVE_AIXAUTH)
1884 AUTH_OBJS="$AUTH_OBJS aix_auth.o";
1885 SUDO_LIBS="${SUDO_LIBS} -ls"
1891 dnl BSD authentication
1892 dnl If set to "maybe" only enable if no other exclusive method in use.
1894 if test ${with_bsdauth-'no'} != "no"; then
1895 AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
1896 [AUTH_OBJS="$AUTH_OBJS bsdauth.o"]
1897 [AUTH_EXCL=BSD_AUTH; BAMAN=""],
1898 [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
1902 dnl SIA authentication for Tru64 Unix
1904 if test ${CHECKSIA-'false'} = "true"; then
1905 AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
1906 if test "$found" = "true"; then
1908 AUTH_OBJS="$AUTH_OBJS sia.o"
1913 dnl extra FWTK libs + includes
1915 if test ${with_fwtk-'no'} != "no"; then
1916 if test "$with_fwtk" != "yes"; then
1917 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}])
1918 CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
1921 SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall"
1922 AUTH_OBJS="$AUTH_OBJS fwtk.o"
1926 dnl extra SecurID lib + includes
1928 if test ${with_SecurID-'no'} != "no"; then
1929 if test "$with_SecurID" != "yes"; then
1931 elif test -d /usr/ace/examples; then
1932 with_SecurID=/usr/ace/examples
1934 with_SecurID=/usr/ace
1936 CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
1937 _LDFLAGS="${LDFLAGS}"
1938 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
1940 # Determine whether to use the new or old SecurID API
1942 AC_CHECK_LIB(aceclnt, SD_Init,
1944 AUTH_OBJS="$AUTH_OBJS securid5.o";
1945 SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"
1948 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}])
1950 AUTH_OBJS="$AUTH_OBJS securid.o";
1951 SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a"
1957 LDFLAGS="${_LDFLAGS}"
1961 dnl Non-mutually exclusive auth checks come next.
1962 dnl Note: passwd must be last of all!
1966 dnl Convert default authentication methods to with_* if
1967 dnl no explicit authentication scheme was specified.
1969 if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
1970 for auth in $AUTH_DEF; do
1972 passwd) : ${with_passwd='maybe'};;
1980 if test ${with_kerb4-'no'} != "no"; then
1981 AC_DEFINE(HAVE_KERB4)
1983 dnl Use the specified directory, if any, else search for correct inc dir
1985 O_LDFLAGS="$LDFLAGS"
1986 if test "$with_kerb4" = "yes"; then
1988 O_CPPFLAGS="$CPPFLAGS"
1989 for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
1990 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
1991 AC_PREPROC_IFELSE([#include <krb.h>], [found=yes; break])
1993 test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
1995 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib])
1996 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib])
1997 CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
1998 AC_CHECK_HEADER([krb.h], [found=yes], [found=no])
2000 if test X"$found" = X"no"; then
2001 AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
2005 dnl Check for -ldes vs. -ldes425
2007 AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [
2008 AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""])
2011 dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV
2013 AC_MSG_CHECKING(whether we are using KTH Kerberos IV)
2014 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]], [[const char *tmp = krb4_version;]])], [
2016 K4LIBS="${K4LIBS} -lcom_err"
2017 AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"])
2023 dnl The actual Kerberos IV lib might be -lkrb or -lkrb4
2025 AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [
2026 AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"],
2027 [K4LIBS="-lkrb $K4LIBS"]
2028 [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])]
2031 LDFLAGS="$O_LDFLAGS"
2032 SUDO_LIBS="${SUDO_LIBS} $K4LIBS"
2033 AUTH_OBJS="$AUTH_OBJS kerb4.o"
2038 dnl There is an easy way and a hard way...
2040 if test ${with_kerb5-'no'} != "no"; then
2041 AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
2042 if test -n "$KRB5CONFIG"; then
2043 AC_DEFINE(HAVE_KERB5)
2044 AUTH_OBJS="$AUTH_OBJS kerb5.o"
2045 CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
2046 SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`"
2048 dnl Try to determine whether we have Heimdal or MIT Kerberos
2050 AC_MSG_CHECKING(whether we are using Heimdal)
2051 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2053 AC_DEFINE(HAVE_HEIMDAL)
2060 if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then
2061 AC_DEFINE(HAVE_KERB5)
2063 dnl Use the specified directory, if any, else search for correct inc dir
2065 if test "$with_kerb5" = "yes"; then
2067 O_CPPFLAGS="$CPPFLAGS"
2068 for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
2069 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
2070 AC_PREPROC_IFELSE([#include <krb5.h>], [found=yes; break])
2072 if test X"$found" = X"no"; then
2073 CPPFLAGS="$O_CPPFLAGS"
2074 AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
2077 dnl XXX - try to include krb5.h here too
2078 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib])
2079 CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
2083 dnl Try to determine whether we have Heimdal or MIT Kerberos
2085 AC_MSG_CHECKING(whether we are using Heimdal)
2086 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2088 AC_DEFINE(HAVE_HEIMDAL)
2089 SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
2090 AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"])
2093 SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
2094 AC_CHECK_LIB(krb5support, main, [SUDO_LIBS="${SUDO_LIBS} -lkrb5support,"])
2096 AUTH_OBJS="$AUTH_OBJS kerb5.o"
2098 LIBS="${LIBS} ${SUDO_LIBS}"
2099 AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
2104 dnl extra AFS libs and includes
2106 if test ${with_AFS-'no'} = "yes"; then
2108 # looks like the "standard" place for AFS libs is /usr/afsws/lib
2109 AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
2110 for i in $AFSLIBDIRS; do
2111 if test -d ${i}; then
2112 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i])
2113 FOUND_AFSLIBDIR=true
2116 if test -z "$FOUND_AFSLIBDIR"; then
2117 AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.])
2120 # Order is important here. Note that we build AFS_LIBS from right to left
2121 # since AFS_LIBS may be initialized with BSD compat libs that must go last
2122 AFS_LIBS="-laudit ${AFS_LIBS}"
2123 for i in $AFSLIBDIRS; do
2124 if test -f ${i}/util.a; then
2125 AFS_LIBS="${i}/util.a ${AFS_LIBS}"
2130 if test -z "$FOUND_UTIL_A"; then
2131 AFS_LIBS="-lutil ${AFS_LIBS}"
2133 AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
2135 # AFS includes may live in /usr/include on some machines...
2136 for i in /usr/afsws/include; do
2137 if test -d ${i}; then
2138 CPPFLAGS="${CPPFLAGS} -I${i}"
2139 FOUND_AFSINCDIR=true
2143 if test -z "$FOUND_AFSLIBDIR"; then
2144 AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
2147 AUTH_OBJS="$AUTH_OBJS afs.o"
2151 dnl extra DCE obj + lib
2152 dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
2154 if test ${with_DCE-'no'} = "yes"; then
2155 DCE_OBJS="${DCE_OBJS} dce_pwent.o"
2156 SUDO_LIBS="${SUDO_LIBS} -ldce"
2157 AUTH_OBJS="$AUTH_OBJS dce.o"
2161 dnl extra S/Key lib and includes
2163 if test ${with_skey-'no'} = "yes"; then
2164 O_LDFLAGS="$LDFLAGS"
2165 if test "$with_skey" != "yes"; then
2166 CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
2167 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
2168 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib])
2169 AC_PREPROC_IFELSE([#include <skey.h>], [found=yes], [found=no])
2172 O_CPPFLAGS="$CPPFLAGS"
2173 for dir in "" "/usr/local" "/usr/contrib"; do
2174 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2175 AC_PREPROC_IFELSE([#include <skey.h>], [found=yes; break])
2177 if test "$found" = "no" -o -z "$dir"; then
2178 CPPFLAGS="$O_CPPFLAGS"
2180 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2181 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
2184 if test "$found" = "no"; then
2185 AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
2187 AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])])
2188 AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
2189 LDFLAGS="$O_LDFLAGS"
2190 SUDO_LIBS="${SUDO_LIBS} -lskey"
2191 AUTH_OBJS="$AUTH_OBJS rfc1938.o"
2195 dnl extra OPIE lib and includes
2197 if test ${with_opie-'no'} = "yes"; then
2198 O_LDFLAGS="$LDFLAGS"
2199 if test "$with_opie" != "yes"; then
2200 CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
2201 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
2202 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib])
2203 AC_PREPROC_IFELSE([#include <opie.h>], [found=yes], [found=no])
2206 O_CPPFLAGS="$CPPFLAGS"
2207 for dir in "" "/usr/local" "/usr/contrib"; do
2208 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2209 AC_PREPROC_IFELSE([#include <opie.h>], [found=yes; break])
2211 if test "$found" = "no" -o -z "$dir"; then
2212 CPPFLAGS="$O_CPPFLAGS"
2214 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2215 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
2218 if test "$found" = "no"; then
2219 AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
2221 AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])])
2222 LDFLAGS="$O_LDFLAGS"
2223 SUDO_LIBS="${SUDO_LIBS} -lopie"
2224 AUTH_OBJS="$AUTH_OBJS rfc1938.o"
2228 dnl Check for shadow password routines if we have not already done so.
2229 dnl If there is a specific list of functions to check we do that first.
2230 dnl Otherwise, we check for SVR4-style and then SecureWare-style.
2232 if test ${with_passwd-'no'} != "no"; then
2234 dnl if crypt(3) not in libc, look elsewhere
2236 if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then
2237 AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2240 if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
2242 LIBS="$LIBS $shadow_libs"
2244 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2245 if test "$found" = "yes"; then
2246 SUDO_LIBS="$SUDO_LIBS $shadow_libs"
2247 elif test -n "$shadow_libs_optional"; then
2248 LIBS="$LIBS $shadow_libs_optional"
2249 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2250 if test "$found" = "yes"; then
2251 SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional"
2254 if test "$found" = "yes"; then
2255 case "$shadow_funcs" in
2256 *getprpwnam*) SECUREWARE=1;;
2258 test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
2264 if test "$CHECKSHADOW" = "true"; then
2265 AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2267 if test "$CHECKSHADOW" = "true"; then
2268 AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2270 if test -n "$SECUREWARE"; then
2271 AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
2272 AUTH_OBJS="$AUTH_OBJS secureware.o"
2277 dnl extra lib and .o file for LDAP support
2279 if test ${with_ldap-'no'} != "no"; then
2281 if test "$with_ldap" != "yes"; then
2282 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib])
2283 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
2284 CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
2287 SUDO_OBJS="${SUDO_OBJS} ldap.o"
2289 AC_MSG_CHECKING([for LDAP libraries])
2293 for l in -lldap -llber '-lssl -lcrypto'; do
2295 LDAP_LIBS="${LDAP_LIBS} $l"
2296 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2298 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
2300 dnl if nothing linked just try with -lldap
2301 if test "$found" = "no"; then
2302 LIBS="${_LIBS} -lldap"
2304 AC_MSG_RESULT([not found, using -lldap])
2306 AC_MSG_RESULT([$LDAP_LIBS])
2308 dnl check if we need to link with -llber for ber_set_option
2310 AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
2311 if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
2312 LDAP_LIBS="$LDAP_LIBS -llber"
2314 dnl check if ldap.h includes lber.h for us
2315 AC_MSG_CHECKING([whether lber.h is needed])
2316 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2317 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
2318 AC_MSG_RESULT([yes])
2319 AC_DEFINE(HAVE_LBER_H)])
2321 AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength)
2322 AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
2324 SUDO_LIBS="${SUDO_LIBS}${LDAP_LIBS}"
2327 # XXX - OpenLDAP has deprecated ldap_get_values()
2328 CPPFLAGS="${CPPFLAGS} -DLDAP_DEPRECATED"
2332 dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we
2333 dnl added -L dirpaths to SUDO_LDFLAGS.
2335 if test -n "$blibpath"; then
2336 if test -n "$blibpath_add"; then
2337 SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
2338 elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
2339 SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}"
2344 dnl Check for log file and timestamp locations
2350 dnl Use passwd (and secureware) auth modules?
2352 case "$with_passwd" in
2354 AUTH_OBJS="$AUTH_OBJS passwd.o"
2357 AC_DEFINE(WITHOUT_PASSWD)
2358 if test -z "$AUTH_OBJS"; then
2359 AC_MSG_ERROR([no authentication methods defined.])
2363 AUTH_OBJS=${AUTH_OBJS# }
2364 _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'`
2365 AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
2368 dnl LIBS may contain duplicates from SUDO_LIBS or NET_LIBS so prune it.
2370 if test -n "$LIBS"; then
2375 for sl in ${SUDO_LIBS} ${NET_LIBS}; do
2376 test $l = $sl && dupe=1
2378 test $dupe = 0 && LIBS="${LIBS} $l"
2385 test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
2388 dnl Defer setting _PATH_SUDO_NOEXEC and _PATH_SUDO_SESH
2389 dnl until after exec_prefix is set
2390 dnl XXX - this is gross!
2392 if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
2393 oexec_prefix="$exec_prefix"
2394 if test "$exec_prefix" = '$(prefix)'; then
2395 if test "$prefix" = "NONE"; then
2396 exec_prefix="$ac_default_prefix"
2398 exec_prefix="$prefix"
2401 if test X"$with_noexec" != X"no"; then
2402 PROGS="${PROGS} sudo_noexec.la"
2403 INSTALL_NOEXEC="install-noexec"
2405 eval noexec_file="$with_noexec"
2406 AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
2408 if test X"$with_selinux" != X"no"; then
2409 eval sesh_file="$libexecdir/sesh"
2410 AC_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
2412 exec_prefix="$oexec_prefix"
2416 dnl Substitute into the Makefile and man pages
2418 AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man])
2422 dnl Spew any text the user needs to know about
2424 if test "$with_pam" = "yes"; then
2427 AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
2433 dnl Autoheader templates
2435 AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
2436 AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
2437 AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
2438 AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
2439 AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
2440 AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
2441 AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
2442 AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
2443 AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
2444 AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
2445 AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
2446 AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
2447 AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
2448 AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
2449 AH_TEMPLATE(HAVE_DGETTEXT, [Define to 1 if you have the `dgettext' function.])
2450 AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
2451 AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.])
2452 AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
2453 AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
2454 AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
2455 AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)])
2456 AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)])
2457 AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
2458 AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
2459 AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
2460 AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
2461 AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if <netinet/in.h> contains struct in6_addr.])
2462 AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
2463 AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
2464 AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.])
2465 AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
2466 AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
2467 AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
2468 AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
2469 AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
2470 AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
2471 AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
2472 AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.])
2473 AH_TEMPLATE(HAVE_SIA, [Define to 1 if you use SIA authentication.])
2474 AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
2475 AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
2476 AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
2477 AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union])
2478 AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
2479 AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
2480 AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.])
2481 AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h])
2482 AH_TEMPLATE(HAVE_TIMESPECSUB2, [Define to 1 if you have a timespecsub macro or function that takes two arguments (not three)])
2483 AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
2484 AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
2485 AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
2486 AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
2487 AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
2488 AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
2489 AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
2490 AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
2491 AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
2492 AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
2493 AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
2494 AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
2495 AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
2496 AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
2497 AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
2498 AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
2499 AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
2500 AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
2501 AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
2502 AH_TEMPLATE(USE_TTY_TICKETS, [Define to 1 if you want a different ticket file for each tty.])
2503 AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
2504 AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
2507 dnl Bits to copy verbatim into config.h.in
2509 AH_TOP([#ifndef _SUDO_CONFIG_H
2510 #define _SUDO_CONFIG_H])
2513 * Macros to pull sec and nsec parts of mtime from struct stat.
2514 * We need to be able to convert between timeval and timespec
2515 * so the last 3 digits of tv_nsec are not significant.
2518 # ifdef HAVE_ST__TIM
2519 # define mtim_getsec(_x) ((_x).st_mtim.st__tim.tv_sec)
2520 # define mtim_getnsec(_x) (((_x).st_mtim.st__tim.tv_nsec / 1000) * 1000)
2522 # define mtim_getsec(_x) ((_x).st_mtim.tv_sec)
2523 # define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000)
2526 # ifdef HAVE_ST_MTIMESPEC
2527 # define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec)
2528 # define mtim_getnsec(_x) (((_x).st_mtimespec.tv_nsec / 1000) * 1000)
2530 # define mtim_getsec(_x) ((_x).st_mtime)
2531 # define mtim_getnsec(_x) (0)
2532 # endif /* HAVE_ST_MTIMESPEC */
2533 #endif /* HAVE_ST_MTIM */
2536 * Emulate a subset of waitpid() if we don't have it.
2539 # define sudo_waitpid(p, s, o) waitpid(p, s, o)
2542 # define sudo_waitpid(p, s, o) wait3(s, o, NULL)
2546 /* GNU stow needs /etc/sudoers to be a symlink. */
2548 # define stat_sudoers stat
2550 # define stat_sudoers lstat
2553 /* Macros to set/clear/test flags. */
2555 #define SET(t, f) ((t) |= (f))
2557 #define CLR(t, f) ((t) &= ~(f))
2559 #define ISSET(t, f) ((t) & (f))
2561 /* New ANSI-style OS defs for HP-UX and ConvexOS. */
2562 #if defined(hpux) && !defined(__hpux)
2566 #if defined(convex) && !defined(__convex__)
2567 # define __convex__ 1
2570 /* BSD compatibility on some SVR4 systems. */
2573 #endif /* __svr4__ */
2575 #endif /* _SUDO_CONFIG_H */])