2 dnl Process this file with GNU autoconf to produce a configure script.
3 dnl $Sudo: configure.in,v 1.413.2.27 2007/10/24 16:43:25 millert Exp $
5 dnl Copyright (c) 1994-1996,1998-2007 Todd C. Miller <Todd.Miller@courtesan.com>
7 AC_INIT([sudo], [1.6.9])
8 AC_CONFIG_HEADER(config.h pathnames.h)
10 dnl This won't work before AC_INIT
12 AC_MSG_NOTICE([Configuring Sudo version 1.6.9])
14 dnl Variables that get substituted in the Makefile and man pages
21 AC_SUBST(SUDO_LDFLAGS)
30 AC_SUBST(MAN_POSTINSTALL)
31 AC_SUBST(SUDOERS_MODE)
40 AC_SUBST(INSTALL_NOEXEC)
41 AC_SUBST(DONT_LEAK_PATH_INFO)
43 dnl Variables that get substituted in docs (not overridden by environment)
45 AC_SUBST(timedir)dnl initial value from SUDO_TIMEDIR
47 AC_SUBST(password_timeout)
50 AC_SUBST(long_otp_prompt)
57 AC_SUBST(mail_no_user)
58 AC_SUBST(mail_no_host)
59 AC_SUBST(mail_no_perms)
62 AC_SUBST(badpass_message)
64 AC_SUBST(runas_default)
66 AC_SUBST(passwd_tries)
72 dnl Initial values for above
77 passprompt="Password:"
89 mailsub='*** SECURITY information for %h ***'
90 badpass_message='Sorry, try again.'
101 dnl Initial values for Makefile variables listed above
102 dnl May be overridden by environment variables..
107 : ${SUDOERS_MODE='0440'}
124 shadow_libs_optional=
127 dnl Override default configure dirs...
129 test "$mandir" = '${prefix}/man' && mandir='$(prefix)/man'
130 test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
131 test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
132 test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
135 dnl Deprecated --with options (these all warn or generate an error)
138 AC_ARG_WITH(otp-only, [ --with-otp-only deprecated],
139 [case $with_otp_only in
140 yes) with_passwd="no"
141 AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
145 AC_ARG_WITH(alertmail, [ --with-alertmail deprecated],
146 [case $with_alertmail in
147 *) with_mailto="$with_alertmail"
148 AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
153 dnl Options for --with
156 AC_ARG_WITH(CC, [ --with-CC C compiler to use],
158 yes) AC_MSG_ERROR(["must give --with-CC an argument."])
160 no) AC_MSG_ERROR(["illegal argument: --without-CC."])
166 AC_ARG_WITH(rpath, [ --with-rpath pass -R flag in addition to -L for lib paths],
169 *) AC_MSG_ERROR(["--with-rpath does not take an argument."])
173 AC_ARG_WITH(blibpath, [ --with-blibpath[=PATH] pass -blibpath flag to ld for additional lib paths],
174 [case $with_blibpath in
176 *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
180 AC_ARG_WITH(incpath, [ --with-incpath additional places to look for include files],
181 [case $with_incpath in
182 yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
184 no) AC_MSG_ERROR(["--without-incpath not supported."])
186 *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
187 for i in ${with_incpath}; do
188 CPPFLAGS="${CPPFLAGS} -I${i}"
193 AC_ARG_WITH(libpath, [ --with-libpath additional places to look for libraries],
194 [case $with_libpath in
195 yes) AC_MSG_ERROR(["must give --with-libpath an argument."])
197 no) AC_MSG_ERROR(["--without-libpath not supported."])
199 *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS])
203 AC_ARG_WITH(libraries, [ --with-libraries additional libraries to link with],
204 [case $with_libraries in
205 yes) AC_MSG_ERROR(["must give --with-libraries an argument."])
207 no) AC_MSG_ERROR(["--without-libraries not supported."])
209 *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS])
213 AC_ARG_WITH(devel, [ --with-devel add development options],
215 yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
216 PROGS="${PROGS} testsudoers"
217 OSDEFS="${OSDEFS} -DSUDO_DEVEL"
221 *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
225 AC_ARG_WITH(efence, [ --with-efence link with -lefence for malloc() debugging],
226 [case $with_efence in
227 yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
228 LIBS="${LIBS} -lefence"
229 if test -f /usr/local/lib/libefence.a; then
230 with_libpath="${with_libpath} /usr/local/lib"
234 *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence])
238 AC_ARG_WITH(csops, [ --with-csops add CSOps standard options],
240 yes) AC_MSG_NOTICE([Adding CSOps standard options])
244 with_classic_insults=yes
245 with_csops_insults=yes
251 *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops])
255 AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for authentication],
256 [case $with_passwd in
257 yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
258 AC_MSG_RESULT($with_passwd)
260 test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd"
262 *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."])
266 AC_ARG_WITH(skey, [ --with-skey[=DIR] enable S/Key support ],
270 *) AC_DEFINE(HAVE_SKEY)
271 AC_MSG_CHECKING(whether to try S/Key authentication)
273 AUTH_REG="$AUTH_REG S/Key"
277 AC_ARG_WITH(opie, [ --with-opie[=DIR] enable OPIE support ],
281 *) AC_DEFINE(HAVE_OPIE)
282 AC_MSG_CHECKING(whether to try NRL OPIE authentication)
284 AUTH_REG="$AUTH_REG NRL_OPIE"
288 AC_ARG_WITH(long-otp-prompt, [ --with-long-otp-prompt use a two line OTP (skey/opie) prompt],
289 [case $with_long_otp_prompt in
290 yes) AC_DEFINE(LONG_OTP_PROMPT)
291 AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
295 no) long_otp_prompt=off
297 *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."])
301 AC_ARG_WITH(SecurID, [ --with-SecurID[[=DIR]] enable SecurID support],
302 [case $with_SecurID in
303 no) with_SecurID="";;
304 *) AC_DEFINE(HAVE_SECURID)
305 AC_MSG_CHECKING(whether to use SecurID for authentication)
307 AUTH_EXCL="$AUTH_EXCL SecurID"
311 AC_ARG_WITH(fwtk, [ --with-fwtk[[=DIR]] enable FWTK AuthSRV support],
314 *) AC_DEFINE(HAVE_FWTK)
315 AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
317 AUTH_EXCL="$AUTH_EXCL FWTK"
321 AC_ARG_WITH(kerb4, [ --with-kerb4[[=DIR]] enable Kerberos IV support],
324 *) AC_MSG_CHECKING(whether to try kerberos IV authentication)
326 AUTH_REG="$AUTH_REG kerb4"
330 AC_ARG_WITH(kerb5, [ --with-kerb5[[=DIR]] enable Kerberos V support],
333 *) AC_MSG_CHECKING(whether to try Kerberos V authentication)
335 AUTH_REG="$AUTH_REG kerb5"
339 AC_ARG_WITH(aixauth, [ --with-aixauth enable AIX general authentication support],
340 [case $with_aixauth in
341 yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
343 *) AC_MSG_ERROR(["--with-aixauth does not take an argument."])
347 AC_ARG_WITH(pam, [ --with-pam enable PAM support],
349 yes) AUTH_EXCL="$AUTH_EXCL PAM";;
351 *) AC_MSG_ERROR(["--with-pam does not take an argument."])
355 AC_ARG_WITH(AFS, [ --with-AFS enable AFS support],
357 yes) AC_DEFINE(HAVE_AFS)
358 AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
360 AUTH_REG="$AUTH_REG AFS"
363 *) AC_MSG_ERROR(["--with-AFS does not take an argument."])
367 AC_ARG_WITH(DCE, [ --with-DCE enable DCE support],
369 yes) AC_DEFINE(HAVE_DCE)
370 AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
372 AUTH_REG="$AUTH_REG DCE"
375 *) AC_MSG_ERROR(["--with-DCE does not take an argument."])
379 AC_ARG_WITH(logincap, [ --with-logincap enable BSD login class support],
380 [case $with_logincap in
382 *) AC_MSG_ERROR(["--with-logincap does not take an argument."])
386 AC_ARG_WITH(bsdauth, [ --with-bsdauth enable BSD authentication support],
387 [case $with_bsdauth in
388 yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
390 *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."])
394 AC_ARG_WITH(project, [ --with-project enable Solaris project support],
395 [case $with_project in
398 *) AC_MSG_ERROR(["--with-project does not take an argument."])
402 AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
403 AC_ARG_WITH(lecture, [ --without-lecture don't print lecture for first-time sudoer],
404 [case $with_lecture in
405 yes|short|always) lecture=once
407 no|none|never) lecture=never
409 *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"])
412 if test "$lecture" = "once"; then
415 AC_DEFINE(NO_LECTURE)
419 AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
420 AC_ARG_WITH(logging, [ --with-logging log via syslog, file, or both],
421 [case $with_logging in
422 yes) AC_MSG_ERROR(["must give --with-logging an argument."])
424 no) AC_MSG_ERROR(["--without-logging not supported."])
426 syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG)
427 AC_MSG_RESULT(syslog)
429 file) AC_DEFINE(LOGGING, SLOG_FILE)
432 both) AC_DEFINE(LOGGING, SLOG_BOTH)
435 *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"])
437 esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
439 AC_MSG_CHECKING(which syslog facility sudo should log with)
440 AC_ARG_WITH(logfac, [ --with-logfac syslog facility to log with (default is "local2")],
441 [case $with_logfac in
442 yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
444 no) AC_MSG_ERROR(["--without-logfac not supported."])
446 authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac
448 *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
451 AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
452 AC_MSG_RESULT($logfac)
454 AC_MSG_CHECKING(at which syslog priority to log commands)
455 AC_ARG_WITH(goodpri, [ --with-goodpri syslog priority for commands (def is "notice")],
456 [case $with_goodpri in
457 yes) AC_MSG_ERROR(["must give --with-goodpri an argument."])
459 no) AC_MSG_ERROR(["--without-goodpri not supported."])
461 alert|crit|debug|emerg|err|info|notice|warning)
462 goodpri=$with_goodpri
464 *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."])
467 AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.])
468 AC_MSG_RESULT($goodpri)
470 AC_MSG_CHECKING(at which syslog priority to log failures)
471 AC_ARG_WITH(badpri, [ --with-badpri syslog priority for failures (def is "alert")],
472 [case $with_badpri in
473 yes) AC_MSG_ERROR(["must give --with-badpri an argument."])
475 no) AC_MSG_ERROR(["--without-badpri not supported."])
477 alert|crit|debug|emerg|err|info|notice|warning)
480 *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.])
483 AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
484 AC_MSG_RESULT($badpri)
486 AC_ARG_WITH(logpath, [ --with-logpath path to the sudo log file],
487 [case $with_logpath in
488 yes) AC_MSG_ERROR(["must give --with-logpath an argument."])
490 no) AC_MSG_ERROR(["--without-logpath not supported."])
494 AC_MSG_CHECKING(how long a line in the log file should be)
495 AC_ARG_WITH(loglen, [ --with-loglen maximum length of a log file line (default is 80)],
496 [case $with_loglen in
497 yes) AC_MSG_ERROR(["must give --with-loglen an argument."])
499 no) AC_MSG_ERROR(["--without-loglen not supported."])
501 [[0-9]]*) loglen=$with_loglen
503 *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"])
506 AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).])
507 AC_MSG_RESULT($loglen)
509 AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
510 AC_ARG_WITH(ignore-dot, [ --with-ignore-dot ignore '.' in the PATH],
511 [case $with_ignore_dot in
516 *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."])
519 if test "$ignore_dot" = "on"; then
520 AC_DEFINE(IGNORE_DOT_PATH)
526 AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
527 AC_ARG_WITH(mail-if-no-user, [ --without-mail-if-no-user do not send mail if user not in sudoers],
528 [case $with_mail_if_no_user in
533 *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."])
536 if test "$mail_no_user" = "on"; then
537 AC_DEFINE(SEND_MAIL_WHEN_NO_USER)
543 AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
544 AC_ARG_WITH(mail-if-no-host, [ --with-mail-if-no-host send mail if user in sudoers but not for this host],
545 [case $with_mail_if_no_host in
550 *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."])
553 if test "$mail_no_host" = "on"; then
554 AC_DEFINE(SEND_MAIL_WHEN_NO_HOST)
560 AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
561 AC_ARG_WITH(mail-if-noperms, [ --with-mail-if-noperms send mail if user not allowed to run command],
562 [case $with_mail_if_noperms in
567 *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."])
570 if test "$mail_noperms" = "on"; then
571 AC_DEFINE(SEND_MAIL_WHEN_NOT_OK)
577 AC_MSG_CHECKING(who should get the mail that sudo sends)
578 AC_ARG_WITH(mailto, [ --with-mailto who should get sudo mail (default is "root")],
579 [case $with_mailto in
580 yes) AC_MSG_ERROR(["must give --with-mailto an argument."])
582 no) AC_MSG_ERROR(["--without-mailto not supported."])
584 *) mailto=$with_mailto
587 AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
588 AC_MSG_RESULT([$mailto])
590 AC_ARG_WITH(mailsubject, [ --with-mailsubject subject of sudo mail],
591 [case $with_mailsubject in
592 yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."])
594 no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.])
596 *) mailsub="$with_mailsubject"
597 AC_MSG_CHECKING(sudo mail subject)
598 AC_MSG_RESULT([Using alert mail subject: $mailsub])
601 AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
603 AC_MSG_CHECKING(for bad password prompt)
604 AC_ARG_WITH(passprompt, [ --with-passprompt default password prompt],
605 [case $with_passprompt in
606 yes) AC_MSG_ERROR(["must give --with-passprompt an argument."])
608 no) AC_MSG_WARN([Sorry, --without-passprompt not supported.])
610 *) passprompt="$with_passprompt"
612 AC_MSG_RESULT($passprompt)
613 AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
615 AC_MSG_CHECKING(for bad password message)
616 AC_ARG_WITH(badpass-message, [ --with-badpass-message message the user sees when the password is wrong],
617 [case $with_badpass_message in
618 yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
620 no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.])
622 *) badpass_message="$with_badpass_message"
625 AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.])
626 AC_MSG_RESULT([$badpass_message])
628 AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
629 AC_ARG_WITH(fqdn, [ --with-fqdn expect fully qualified hosts in sudoers],
635 *) AC_MSG_ERROR(["--with-fqdn does not take an argument."])
638 if test "$fqdn" = "on"; then
645 AC_ARG_WITH(timedir, [ --with-timedir path to the sudo timestamp dir],
646 [case $with_timedir in
647 yes) AC_MSG_ERROR(["must give --with-timedir an argument."])
649 no) AC_MSG_ERROR(["--without-timedir not supported."])
653 AC_ARG_WITH(sendmail, [ --with-sendmail=path set path to sendmail
654 --without-sendmail do not send mail at all],
655 [case $with_sendmail in
656 yes) with_sendmail=""
659 *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail")
663 AC_ARG_WITH(sudoers-mode, [ --with-sudoers-mode mode of sudoers file (defaults to 0440)],
664 [case $with_sudoers_mode in
665 yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
667 no) AC_MSG_ERROR(["--without-sudoers-mode not supported."])
669 [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode}
671 0*) SUDOERS_MODE=$with_sudoers_mode
673 *) AC_MSG_ERROR(["you must use an octal mode, not a name."])
677 AC_ARG_WITH(sudoers-uid, [ --with-sudoers-uid uid that owns sudoers file (defaults to 0)],
678 [case $with_sudoers_uid in
679 yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
681 no) AC_MSG_ERROR(["--without-sudoers-uid not supported."])
683 [[0-9]]*) SUDOERS_UID=$with_sudoers_uid
685 *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."])
689 AC_ARG_WITH(sudoers-gid, [ --with-sudoers-gid gid that owns sudoers file (defaults to 0)],
690 [case $with_sudoers_gid in
691 yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
693 no) AC_MSG_ERROR(["--without-sudoers-gid not supported."])
695 [[0-9]]*) SUDOERS_GID=$with_sudoers_gid
697 *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."])
701 AC_MSG_CHECKING(for umask programs should be run with)
702 AC_ARG_WITH(umask, [ --with-umask umask with which the prog should run (default is 022)
703 --without-umask Preserves the umask of the user invoking sudo.],
705 yes) AC_MSG_ERROR(["must give --with-umask an argument."])
709 [[0-9]]*) sudo_umask=$with_umask
711 *) AC_MSG_ERROR(["you must enter a numeric mask."])
714 AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.])
715 if test "$sudo_umask" = "0777"; then
718 AC_MSG_RESULT($sudo_umask)
721 AC_MSG_CHECKING(for default user to run commands as)
722 AC_ARG_WITH(runas-default, [ --with-runas-default User to run commands as (default is "root")],
723 [case $with_runas_default in
724 yes) AC_MSG_ERROR(["must give --with-runas-default an argument."])
726 no) AC_MSG_ERROR(["--without-runas-default not supported."])
728 *) runas_default="$with_runas_default"
731 AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
732 AC_MSG_RESULT([$runas_default])
734 AC_ARG_WITH(exempt, [ --with-exempt=group no passwd needed for users in this group],
735 [case $with_exempt in
736 yes) AC_MSG_ERROR(["must give --with-exempt an argument."])
738 no) AC_MSG_ERROR(["--without-exempt not supported."])
740 *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").])
741 AC_MSG_CHECKING(for group to be exempt from password)
742 AC_MSG_RESULT([$with_exempt])
746 AC_MSG_CHECKING(for editor that visudo should use)
747 AC_ARG_WITH(editor, [ --with-editor=path Default editor for visudo (defaults to vi)],
748 [case $with_editor in
749 yes) AC_MSG_ERROR(["must give --with-editor an argument."])
751 no) AC_MSG_ERROR(["--without-editor not supported."])
753 *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
754 AC_MSG_RESULT([$with_editor])
756 esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
758 AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
759 AC_ARG_WITH(env-editor, [ --with-env-editor Use the environment variable EDITOR for visudo],
760 [case $with_env_editor in
765 *) AC_MSG_ERROR(["--with-env-editor does not take an argument."])
768 if test "$env_editor" = "on"; then
769 AC_DEFINE(ENV_EDITOR)
775 AC_MSG_CHECKING(number of tries a user gets to enter their password)
776 AC_ARG_WITH(passwd-tries, [ --with-passwd-tries number of tries to enter password (default is 3)],
777 [case $with_passwd_tries in
779 no) AC_MSG_ERROR(["--without-editor not supported."])
781 [[1-9]]*) passwd_tries=$with_passwd_tries
783 *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"])
786 AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.])
787 AC_MSG_RESULT($passwd_tries)
789 AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
790 AC_ARG_WITH(timeout, [ --with-timeout minutes before sudo asks for passwd again (def is 5 minutes)],
791 [case $with_timeout in
795 [[0-9]]*) timeout=$with_timeout
797 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
800 AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.])
801 AC_MSG_RESULT($timeout)
803 AC_MSG_CHECKING(time in minutes after the password prompt will time out)
804 AC_ARG_WITH(password-timeout, [ --with-password-timeout passwd prompt timeout in minutes (default is 5 minutes)],
805 [case $with_password_timeout in
807 no) password_timeout=0
809 [[0-9]]*) password_timeout=$with_password_timeout
811 *) AC_MSG_ERROR(["you must enter the numer of minutes."])
814 AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).])
815 AC_MSG_RESULT($password_timeout)
817 AC_MSG_CHECKING(whether to use per-tty ticket files)
818 AC_ARG_WITH(tty-tickets, [ --with-tty-tickets use a different ticket file for each tty],
819 [case $with_tty_tickets in
824 *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
827 if test "$tty_tickets" = "on"; then
828 AC_DEFINE(USE_TTY_TICKETS)
834 AC_MSG_CHECKING(whether to include insults)
835 AC_ARG_WITH(insults, [ --with-insults insult the user for entering an incorrect password],
836 [case $with_insults in
838 with_classic_insults=yes
839 with_csops_insults=yes
843 *) AC_MSG_ERROR(["--with-insults does not take an argument."])
846 if test "$insults" = "on"; then
847 AC_DEFINE(USE_INSULTS)
853 AC_ARG_WITH(all-insults, [ --with-all-insults include all the sudo insult sets],
854 [case $with_all_insults in
855 yes) with_classic_insults=yes
856 with_csops_insults=yes
858 with_goons_insults=yes
861 *) AC_MSG_ERROR(["--with-all-insults does not take an argument."])
865 AC_ARG_WITH(classic-insults, [ --with-classic-insults include the insults from the "classic" sudo],
866 [case $with_classic_insults in
867 yes) AC_DEFINE(CLASSIC_INSULTS)
870 *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."])
874 AC_ARG_WITH(csops-insults, [ --with-csops-insults include CSOps insults],
875 [case $with_csops_insults in
876 yes) AC_DEFINE(CSOPS_INSULTS)
879 *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."])
883 AC_ARG_WITH(hal-insults, [ --with-hal-insults include 2001-like insults],
884 [case $with_hal_insults in
885 yes) AC_DEFINE(HAL_INSULTS)
888 *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."])
892 AC_ARG_WITH(goons-insults, [ --with-goons-insults include the insults from the "Goon Show"],
893 [case $with_goons_insults in
894 yes) AC_DEFINE(GOONS_INSULTS)
897 *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."])
901 AC_ARG_WITH(ldap, [ --with-ldap[[=DIR]] enable LDAP support],
904 *) AC_DEFINE(HAVE_LDAP)
905 AC_MSG_CHECKING(whether to use sudoers from LDAP)
909 AC_ARG_WITH(ldap-conf-file, [ --with-ldap-conf-file path to LDAP configuration file],
910 [AC_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$with_ldap_conf_file", [Path to the ldap.conf file])])
911 AC_ARG_WITH(ldap-secret-file, [ --with-ldap-secret-file path to LDAP secret pasdword file],
912 [AC_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$with_ldap_secret_file", [Path to the ldap.secret file])])
914 AC_ARG_WITH(pc-insults, [ --with-pc-insults replace politically incorrect insults with less offensive ones],
915 [case $with_pc_insults in
916 yes) AC_DEFINE(PC_INSULTS)
919 *) AC_MSG_ERROR(["--with-pc-insults does not take an argument."])
923 dnl include all insult sets on one line
924 if test "$insults" = "on"; then
925 AC_MSG_CHECKING(which insult sets to include)
927 test "$with_goons_insults" = "yes" && i="goons ${i}"
928 test "$with_hal_insults" = "yes" && i="hal ${i}"
929 test "$with_csops_insults" = "yes" && i="csops ${i}"
930 test "$with_classic_insults" = "yes" && i="classic ${i}"
934 AC_MSG_CHECKING(whether to override the user's path)
935 AC_ARG_WITH(secure-path, [ --with-secure-path override the user's path with a built-in one],
936 [case $with_secure_path in
937 yes) AC_DEFINE_UNQUOTED(SECURE_PATH, "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc")
938 AC_MSG_RESULT([:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc])
940 no) AC_MSG_RESULT(no)
942 *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
943 AC_MSG_RESULT([$with_secure_path])
945 esac], AC_MSG_RESULT(no))
947 AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
948 AC_ARG_WITH(interfaces, [ --without-interfaces don't try to read the ip addr of ether interfaces],
949 [case $with_interfaces in
950 yes) AC_MSG_RESULT(yes)
952 no) AC_DEFINE(STUB_LOAD_INTERFACES)
955 *) AC_MSG_ERROR(["--with-interfaces does not take an argument."])
957 esac], AC_MSG_RESULT(yes))
959 AC_MSG_CHECKING(whether stow should be used)
960 AC_ARG_WITH(stow, [ --with-stow properly handle GNU stow packaging],
962 yes) AC_MSG_RESULT(yes)
965 no) AC_MSG_RESULT(no)
967 *) AC_MSG_ERROR(["--with-stow does not take an argument."])
969 esac], AC_MSG_RESULT(no))
972 dnl Options for --enable
975 AC_MSG_CHECKING(whether to do user authentication by default)
976 AC_ARG_ENABLE(authentication,
977 [ --disable-authentication
978 Do not require authentication by default],
979 [ case "$enableval" in
980 yes) AC_MSG_RESULT(yes)
982 no) AC_MSG_RESULT(no)
983 AC_DEFINE(NO_AUTHENTICATION)
986 AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval])
989 ], AC_MSG_RESULT(yes))
991 AC_MSG_CHECKING(whether to disable running the mailer as root)
992 AC_ARG_ENABLE(root-mailer,
993 [ --disable-root-mailer Don't run the mailer as root, run as the user],
994 [ case "$enableval" in
995 yes) AC_MSG_RESULT(no)
997 no) AC_MSG_RESULT(yes)
998 AC_DEFINE(NO_ROOT_MAILER)
1000 *) AC_MSG_RESULT(no)
1001 AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval])
1004 ], AC_MSG_RESULT(no))
1006 AC_ARG_ENABLE(setreuid,
1007 [ --disable-setreuid Don't try to use the setreuid() function],
1008 [ case "$enableval" in
1009 no) SKIP_SETREUID=yes
1015 AC_ARG_ENABLE(setresuid,
1016 [ --disable-setresuid Don't try to use the setresuid() function],
1017 [ case "$enableval" in
1018 no) SKIP_SETRESUID=yes
1024 AC_MSG_CHECKING(whether to disable shadow password support)
1025 AC_ARG_ENABLE(shadow,
1026 [ --disable-shadow Never use shadow passwords],
1027 [ case "$enableval" in
1028 yes) AC_MSG_RESULT(no)
1030 no) AC_MSG_RESULT(yes)
1033 *) AC_MSG_RESULT(no)
1034 AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval])
1037 ], AC_MSG_RESULT(no))
1039 AC_MSG_CHECKING(whether root should be allowed to use sudo)
1040 AC_ARG_ENABLE(root-sudo,
1041 [ --disable-root-sudo Don't allow root to run sudo],
1042 [ case "$enableval" in
1043 yes) AC_MSG_RESULT(yes)
1045 no) AC_DEFINE(NO_ROOT_SUDO)
1049 *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."])
1052 ], AC_MSG_RESULT(yes))
1054 AC_MSG_CHECKING(whether to log the hostname in the log file)
1055 AC_ARG_ENABLE(log-host,
1056 [ --enable-log-host Log the hostname in the log file],
1057 [ case "$enableval" in
1058 yes) AC_MSG_RESULT(yes)
1059 AC_DEFINE(HOST_IN_LOG)
1061 no) AC_MSG_RESULT(no)
1063 *) AC_MSG_RESULT(no)
1064 AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval])
1067 ], AC_MSG_RESULT(no))
1069 AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
1070 AC_ARG_ENABLE(noargs-shell,
1071 [ --enable-noargs-shell If sudo is given no arguments run a shell],
1072 [ case "$enableval" in
1073 yes) AC_MSG_RESULT(yes)
1074 AC_DEFINE(SHELL_IF_NO_ARGS)
1076 no) AC_MSG_RESULT(no)
1078 *) AC_MSG_RESULT(no)
1079 AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval])
1082 ], AC_MSG_RESULT(no))
1084 AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
1085 AC_ARG_ENABLE(shell-sets-home,
1086 [ --enable-shell-sets-home
1087 set $HOME to target user in shell mode],
1088 [ case "$enableval" in
1089 yes) AC_MSG_RESULT(yes)
1090 AC_DEFINE(SHELL_SETS_HOME)
1092 no) AC_MSG_RESULT(no)
1094 *) AC_MSG_RESULT(no)
1095 AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval])
1098 ], AC_MSG_RESULT(no))
1100 AC_MSG_CHECKING(whether to disable 'command not found' messages)
1101 AC_ARG_ENABLE(path_info,
1102 [ --disable-path-info Print 'command not allowed' not 'command not found'],
1103 [ case "$enableval" in
1104 yes) AC_MSG_RESULT(no)
1106 no) AC_MSG_RESULT(yes)
1107 AC_DEFINE(DONT_LEAK_PATH_INFO)
1110 *) AC_MSG_RESULT(no)
1111 AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval])
1114 ], AC_MSG_RESULT(no))
1117 dnl If we don't have egrep we can't do anything...
1119 AC_CHECK_PROG(EGREPPROG, egrep, egrep)
1120 if test -z "$EGREPPROG"; then
1121 AC_MSG_ERROR([Sorry, configure requires egrep to run.])
1125 dnl Prevent configure from adding the -g flag unless in devel mode
1127 if test "$with_devel" != "yes"; then
1132 dnl C compiler checks
1138 dnl Libtool magic; enable shared libs and disable static libs
1141 AC_CANONICAL_TARGET([])
1146 dnl Defer with_noexec until after libtool magic runs
1148 if test "$enable_shared" = "no"; then
1151 eval _shrext="$shrext_cmds"
1153 AC_MSG_CHECKING(path to sudo_noexec.so)
1154 AC_ARG_WITH(noexec, [ --with-noexec[=PATH] fully qualified pathname of sudo_noexec.so],
1155 [case $with_noexec in
1156 yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
1160 esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
1161 AC_MSG_RESULT($with_noexec)
1162 NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
1165 dnl It is now safe to modify CFLAGS and CPPFLAGS
1167 if test "$with_devel" = "yes" -a -n "$GCC"; then
1168 CFLAGS="${CFLAGS} -Wall"
1172 dnl Find programs we use
1174 AC_CHECK_PROG(UNAMEPROG, uname, uname)
1175 AC_CHECK_PROG(TRPROG, tr, tr)
1176 AC_CHECK_PROG(NROFFPROG, nroff, nroff)
1177 if test -z "$NROFFPROG"; then
1179 mansrcdir='$(srcdir)'
1183 dnl What kind of beastie are we being run on?
1184 dnl Barf if config.cache was generated on another host.
1186 if test -n "$sudo_cv_prev_host"; then
1187 if test "$sudo_cv_prev_host" != "$host"; then
1188 AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.])
1190 AC_MSG_CHECKING(previous host type)
1191 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1192 AC_MSG_RESULT([$sudo_cv_prev_host])
1195 # this will produce no output since there is no cached value
1196 AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host")
1200 dnl We want to be able to differentiate between different rev's
1202 if test -n "$host_os"; then
1203 OS=`echo $host_os | sed 's/[[0-9]].*//'`
1204 OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'`
1205 OSMAJOR=`echo $OSREV | sed 's/\..*$//'`
1214 # getcwd(3) opens a pipe to getpwd(1)!?!
1217 # system headers lack prototypes but gcc helps...
1218 if test -n "$GCC"; then
1219 OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__"
1222 shadow_funcs="getpwanam issecure"
1225 # To get the crypt(3) prototype (so we pass -Wall)
1226 OSDEFS="${OSDEFS} -D__EXTENSIONS__"
1227 # AFS support needs -lucb
1228 if test "$with_AFS" = "yes"; then
1229 AFS_LIBS="-lc -lucb"
1232 : ${mansectform='4'}
1233 : ${with_rpath='yes'}
1234 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1237 # To get all prototypes (so we pass -Wall)
1238 OSDEFS="${OSDEFS} -D_XOPEN_EXTENDED_SOURCE -D_ALL_SOURCE"
1239 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
1240 if test X"$with_blibpath" != X"no"; then
1241 AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
1242 O_LDFLAGS="$LDFLAGS"
1243 LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
1244 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [
1245 if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
1246 blibpath="$with_blibpath"
1247 elif test -n "$GCC"; then
1248 blibpath="/usr/lib:/lib:/usr/local/lib"
1250 blibpath="/usr/lib:/lib"
1253 ], [AC_MSG_RESULT(no)])
1255 LDFLAGS="$O_LDFLAGS"
1257 # Use authenticate(3) as the default authentication method
1258 if test X"$with_aixauth" = X""; then
1259 AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
1264 : ${mansectform='4'}
1267 # AFS support needs -lBSD
1268 if test "$with_AFS" = "yes"; then
1269 AFS_LIBS="-lc -lBSD"
1272 : ${mansectform='4'}
1276 AC_DEFINE(BROKEN_SYSLOG)
1278 # Not sure if setuid binaries are safe in < 9.x
1279 if test -n "$GCC"; then
1280 SUDO_LDFLAGS="${SUDO_LDFLAGS} -static"
1282 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive"
1286 AC_DEFINE(BROKEN_SYSLOG)
1288 shadow_funcs="getspwuid"
1290 # DCE support (requires ANSI C compiler)
1291 if test "$with_DCE" = "yes"; then
1292 # order of libs in 9.X is important. -lc_r must be last
1293 SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r"
1294 LIBS="${LIBS} -ldce -lM -lc_r"
1295 CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
1299 shadow_funcs="getprpwnam iscomsec"
1303 shadow_funcs="getspnam iscomsec"
1305 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1310 # ignore envariables wrt dynamic lib path
1311 SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement"
1313 : ${CHECKSIA='true'}
1314 AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
1316 [ --disable-sia Disable SIA on Digital UNIX],
1317 [ case "$enableval" in
1318 yes) AC_MSG_RESULT(no)
1321 no) AC_MSG_RESULT(yes)
1324 *) AC_MSG_RESULT(no)
1325 AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval])
1328 ], AC_MSG_RESULT(no))
1330 shadow_funcs="getprpwnam dispcrypt"
1331 # OSF/1 4.x and higher need -ldb too
1332 if test $OSMAJOR -lt 4; then
1333 shadow_libs="-lsecurity -laud -lm"
1335 shadow_libs="-lsecurity -ldb -laud -lm"
1338 # use SIA by default, if we have it
1339 test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA"
1342 # Some versions of Digital Unix ship with a broken
1343 # copy of prot.h, which we need for shadow passwords.
1344 # XXX - make should remove this as part of distclean
1346 AC_MSG_CHECKING([for broken prot.h])
1347 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1348 #include <sys/types.h>
1349 #include <sys/security.h>
1351 ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
1352 sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
1355 : ${mansectform='4'}
1358 OSDEFS="${OSDEFS} -D_BSD_TYPES"
1359 if test -z "$NROFFPROG"; then
1360 MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
1361 if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
1362 if test -d /usr/share/catman/local; then
1363 mandir="/usr/share/catman/local"
1365 mandir="/usr/catman/local"
1369 if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
1370 if test -d "/usr/share/man/local"; then
1371 mandir="/usr/share/man/local"
1373 mandir="/usr/man/local"
1377 # IRIX <= 4 needs -lsun
1378 if test "$OSMAJOR" -le 4; then
1379 AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
1382 : ${mansectform='4'}
1385 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1386 # Some Linux versions need to link with -lshadow
1387 shadow_funcs="getspnam"
1388 shadow_libs_optional="-lshadow"
1389 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1392 OSDEFS="${OSDEFS} -D_CONVEX_SOURCE"
1393 if test -z "$GCC"; then
1394 CFLAGS="${CFLAGS} -D__STDC__"
1397 shadow_defs="-D_AUDIT -D_ACL -DSecureWare"
1398 shadow_funcs="getprpwnam"
1399 shadow_libs="-lprot"
1403 shadow_funcs="getauthuid"
1404 shadow_libs="-lauth"
1407 LIBS="${LIBS} -lsun -lbsd"
1408 CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
1409 OSDEFS="${OSDEFS} -D_MIPS"
1411 : ${mansectform='4'}
1414 OSDEFS="${OSDEFS} -D_ISC"
1416 SUDO_LIBS="${SUDO_LIBS} -lcrypt"
1417 LIBS="${LIBS} -lcrypt"
1419 shadow_funcs="getspnam"
1423 : ${mansectform='4'}
1426 shadow_funcs="getprpwnam"
1427 shadow_libs="-lprot -lx"
1429 : ${mansectform='4'}
1431 m88k-motorola-sysv*)
1432 # motorolla's cc (a variant of gcc) does -O but not -O2
1433 CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'`
1435 : ${mansectform='4'}
1438 shadow_funcs="getspnam"
1441 : ${mansectform='4'}
1442 : ${with_rpath='yes'}
1444 *-ncr-sysv4*|*-ncr-sysvr4*)
1445 AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes])
1447 : ${mansectform='4'}
1448 : ${with_rpath='yes'}
1450 *-ccur-sysv4*|*-ccur-sysvr4*)
1451 LIBS="${LIBS} -lgen"
1452 SUDO_LIBS="${SUDO_LIBS} -lgen"
1454 : ${mansectform='4'}
1455 : ${with_rpath='yes'}
1459 # Use shlicc for BSD/OS [23].x unless asked to do otherwise
1460 if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then
1462 2|3) AC_MSG_NOTICE([using shlicc as CC])
1463 ac_cv_prog_CC=shlicc
1468 # Check for newer BSD auth API (just check for >= 3.0?)
1469 if test -z "$with_bsdauth"; then
1470 AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
1474 # FreeBSD has a real setreuid(2) starting with 2.1 and
1475 # backported to 2.0.5. We just take 2.1 and above...
1481 if test "$with_skey" = "yes"; then
1482 SUDO_LIBS="${SUDO_LIBS} -lmd"
1485 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1486 : ${with_logincap='maybe'}
1489 # OpenBSD has a real setreuid(2) starting with 3.3 but
1490 # we will use setreuid(2) instead.
1493 # OpenBSD >= 3.0 supports BSD auth
1494 if test -z "$with_bsdauth"; then
1499 AUTH_EXCL_DEF="BSD_AUTH"
1503 : ${with_logincap='maybe'}
1506 # NetBSD has a real setreuid(2) starting with 1.3.2
1508 0.9*|1.[012]*|1.3|1.3.1)
1513 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1514 : ${with_logincap='maybe'}
1517 if test "$with_skey" = "yes"; then
1518 SUDO_LIBS="${SUDO_LIBS} -lmd"
1521 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1522 : ${with_logincap='yes'}
1530 test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
1531 : ${with_logincap='yes'}
1534 # lockf() on is broken on the NeXT -- use flock instead
1536 ac_cv_func_flock=yes
1540 : ${mansectform='4'}
1541 : ${with_rpath='yes'}
1545 : ${mansectform='4'}
1548 OSDEFS="${OSDEFS} -D_GNU_SOURCE"
1553 dnl Check for mixing mutually exclusive and regular auth methods
1555 AUTH_REG=${AUTH_REG# }
1556 AUTH_EXCL=${AUTH_EXCL# }
1557 if test -n "$AUTH_EXCL"; then
1559 if test $# != 1; then
1560 AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL])
1562 if test -n "$AUTH_REG"; then
1563 AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods])
1567 dnl Only one of S/Key and OPIE may be specified
1569 if test X"${with_skey}${with_opie}" = X"yesyes"; then
1570 AC_MSG_ERROR(["cannot use both S/Key and OPIE"])
1574 dnl Use BSD-style man sections by default
1577 : ${mansectform='5'}
1580 dnl Add in any libpaths or libraries specified via configure
1582 if test -n "$with_libpath"; then
1583 for i in ${with_libpath}; do
1584 SUDO_APPEND_LIBPATH(LDFLAGS, [$i])
1587 if test -n "$with_libraries"; then
1588 for i in ${with_libraries}; do
1600 dnl C compiler checks (to be done after os checks)
1602 AC_PROG_GCC_TRADITIONAL
1611 if test -z "$with_sendmail"; then
1614 if test -z "$with_editor"; then
1618 dnl Header file checks
1623 AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h)
1624 AC_CHECK_HEADERS([err.h], [], [AC_LIBOBJ(err)])
1625 dnl ultrix termio/termios are broken
1626 if test "$OS" != "ultrix"; then
1627 AC_SYS_POSIX_TERMIOS
1628 if test "$ac_cv_sys_posix_termios" = "yes"; then
1629 AC_DEFINE(HAVE_TERMIOS_H)
1631 AC_CHECK_HEADERS(termio.h)
1634 if test ${with_logincap-'no'} != "no"; then
1635 AC_CHECK_HEADERS(login_cap.h, [
1637 freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
1642 if test ${with_project-'no'} != "no"; then
1643 AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H)
1644 [SUDO_LIBS="${SUDO_LIBS} -lproject"], -)
1651 AC_CHECK_TYPES([sig_atomic_t], , [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
1652 #include <signal.h>])
1653 AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include <sys/types.h>
1654 #include <signal.h>])
1655 AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include <sys/types.h>
1656 #if TIME_WITH_SYS_TIME
1657 # include <sys/time.h>
1660 AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include <sys/types.h>
1661 #include <netinet/in.h>])
1671 dnl only set RETSIGTYPE if it is not set already
1680 AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
1681 strftime setrlimit initgroups getgroups fstat gettimeofday \
1682 setlocale getaddrinfo)
1683 if test -z "$SKIP_SETRESUID"; then
1684 AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
1686 if test -z "$SKIP_SETREUID"; then
1687 AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
1689 if test -z "$SKIP_SETEUID"; then
1690 AC_CHECK_FUNCS(seteuid)
1692 if test X"$with_interfaces" != X"no"; then
1693 AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
1695 if test -z "$BROKEN_GETCWD"; then
1696 AC_REPLACE_FUNCS(getcwd)
1698 AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h)
1699 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <glob.h>]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB)
1700 AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob)
1701 AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)])
1702 AC_CHECK_FUNCS(lockf flock, [break])
1703 AC_CHECK_FUNCS(waitpid wait3, [break])
1704 AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
1705 AC_CHECK_FUNCS(lsearch, [], [AC_CHECK_LIB([compat], [lsearch], [AC_CHECK_HEADER([search.h], [AC_DEFINE(HAVE_LSEARCH)] [LIBS="${LIBS} -lcompat"], [AC_LIBOBJ(lsearch)], -)], [AC_LIBOBJ(lsearch)])])
1706 AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
1707 SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)])
1709 AC_REPLACE_FUNCS(memrchr strerror strcasecmp sigaction strlcpy strlcat)
1710 AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom)
1711 AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [],
1712 [ #include <limits.h>
1713 #include <fcntl.h> ])
1715 AC_CHECK_FUNCS(mkstemp, [], [SUDO_OBJS="${SUDO_OBJS} mkstemp.o"
1716 AC_CHECK_FUNCS(random lrand48, [break])
1718 AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
1719 if test X"$ac_cv_type_struct_timespec" != X"no"; then
1720 AC_CHECK_MEMBER([struct stat.st_mtim], AC_DEFINE(HAVE_ST_MTIM), [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
1721 AC_MSG_CHECKING([for two-parameter timespecsub])
1722 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1723 #include <sys/time.h>]], [[struct timespec ts1, ts2;
1724 ts1.tv_sec = 1; ts1.tv_nsec = 0; ts2.tv_sec = 0; ts2.tv_nsec = 0;
1726 #error missing timespecsub
1728 timespecsub(&ts1, &ts2);]])], [AC_DEFINE(HAVE_TIMESPECSUB2)
1729 AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)])
1732 dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
1734 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
1735 #include <$ac_header_dirent>]], [[DIR d; (void)dirfd(&d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_TRY_LINK([#include <sys/types.h>
1736 #include <$ac_header_dirent>], [DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);], [AC_DEFINE(HAVE_DD_FD)])])
1738 dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
1739 dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
1741 if test -n "$NEED_SNPRINTF"; then
1745 dnl If socket(2) not in libc, check -lsocket and -linet
1746 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
1747 dnl In this case we look for main(), not socket() to avoid using a cached value
1749 AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl)
1750 AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))])
1752 dnl If inet_addr(3) not in libc, check -lnsl and -linet
1753 dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
1755 AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl)
1756 AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))])
1758 dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
1760 AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))])
1762 dnl Bison and DCE use alloca(3), if not in libc, use the sudo one (from gcc)
1763 dnl (gcc includes its own alloca(3) but other compilers may not)
1765 if test "$with_DCE" = "yes" -o "$ac_cv_prog_YACC" = "bison -y"; then
1769 dnl Check for getprogname() or __progname
1771 AC_CHECK_FUNCS(getprogname, , [
1772 AC_MSG_CHECKING([for __progname])
1773 AC_CACHE_VAL(sudo_cv___progname, [
1774 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])])
1775 if test "$sudo_cv___progname" = "yes"; then
1776 AC_DEFINE(HAVE___PROGNAME)
1778 AC_LIBOBJ(getprogname)
1780 AC_MSG_RESULT($sudo_cv___progname)
1784 dnl Mutually exclusive auth checks come first, followed by
1785 dnl non-exclusive ones. Note: passwd must be last of all!
1789 dnl Convert default authentication methods to with_* if
1790 dnl no explicit authentication scheme was specified.
1792 if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then
1793 for auth in $AUTH_EXCL_DEF; do
1795 AIX_AUTH) with_aixauth=maybe;;
1796 BSD_AUTH) with_bsdauth=maybe;;
1797 PAM) with_pam=maybe;;
1798 SIA) CHECKSIA=true;;
1804 dnl PAM support. Systems that use PAM by default set with_pam=default
1805 dnl and we do the actual tests here.
1807 if test ${with_pam-"no"} != "no"; then
1809 dnl Linux may need this
1811 AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"])
1812 ac_cv_lib_dl=ac_cv_lib_dl_main
1815 dnl Some PAM implementations (MacOS X for example) put the PAM headers
1816 dnl in /usr/include/pam instead of /usr/include/security...
1818 AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break])
1819 if test "$with_pam" = "yes"; then
1821 AUTH_OBJS="$AUTH_OBJS pam.o";
1823 AC_MSG_CHECKING(whether to use PAM session support)
1824 AC_ARG_ENABLE(pam_session,
1825 [ --disable-pam-session Disable PAM session support],
1826 [ case "$enableval" in
1827 yes) AC_MSG_RESULT(yes)
1829 no) AC_MSG_RESULT(no)
1830 AC_DEFINE(NO_PAM_SESSION)
1832 *) AC_MSG_RESULT(no)
1833 AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
1835 esac], AC_MSG_RESULT(yes))
1840 dnl AIX general authentication
1841 dnl If set to "maybe" only enable if no other exclusive method in use.
1843 if test ${with_aixauth-'no'} != "no"; then
1844 if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
1845 AC_MSG_NOTICE([using AIX general authentication])
1846 AC_DEFINE(HAVE_AIXAUTH)
1847 AUTH_OBJS="$AUTH_OBJS aix_auth.o";
1848 SUDO_LIBS="${SUDO_LIBS} -ls"
1854 dnl BSD authentication
1855 dnl If set to "maybe" only enable if no other exclusive method in use.
1857 if test ${with_bsdauth-'no'} != "no"; then
1858 AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
1859 [AUTH_OBJS="$AUTH_OBJS bsdauth.o"]
1860 [BSDAUTH_USAGE='[[-a auth_type]] ']
1861 [AUTH_EXCL=BSD_AUTH],
1862 [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
1866 dnl SIA authentication for Tru64 Unix
1868 if test ${CHECKSIA-'false'} = "true"; then
1869 AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
1870 if test "$found" = "true"; then
1872 AUTH_OBJS="$AUTH_OBJS sia.o"
1877 dnl extra FWTK libs + includes
1879 if test ${with_fwtk-'no'} != "no"; then
1880 if test "$with_fwtk" != "yes"; then
1881 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}])
1882 CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
1885 SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall"
1886 AUTH_OBJS="$AUTH_OBJS fwtk.o"
1890 dnl extra SecurID lib + includes
1892 if test ${with_SecurID-'no'} != "no"; then
1893 if test "$with_SecurID" != "yes"; then
1895 elif test -d /usr/ace/examples; then
1896 with_SecurID=/usr/ace/examples
1898 with_SecurID=/usr/ace
1900 CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
1901 _LDFLAGS="${LDFLAGS}"
1902 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
1904 # Determine whether to use the new or old SecurID API
1906 AC_CHECK_LIB(aceclnt, SD_Init,
1908 AUTH_OBJS="$AUTH_OBJS securid5.o";
1909 SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"
1912 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}])
1914 AUTH_OBJS="$AUTH_OBJS securid.o";
1915 SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a"
1921 LDFLAGS="${_LDFLAGS}"
1925 dnl Non-mutually exclusive auth checks come next.
1926 dnl Note: passwd must be last of all!
1930 dnl Convert default authentication methods to with_* if
1931 dnl no explicit authentication scheme was specified.
1933 if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then
1934 for auth in $AUTH_DEF; do
1936 passwd) : ${with_passwd='maybe'};;
1944 if test ${with_kerb4-'no'} != "no"; then
1945 AC_DEFINE(HAVE_KERB4)
1947 dnl Use the specified directory, if any, else search for correct inc dir
1949 O_LDFLAGS="$LDFLAGS"
1950 if test "$with_kerb4" = "yes"; then
1952 O_CPPFLAGS="$CPPFLAGS"
1953 for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
1954 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
1955 AC_PREPROC_IFELSE([#include <krb.h>], [found=yes; break])
1957 test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
1959 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib])
1960 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib])
1961 CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
1962 AC_CHECK_HEADER([krb.h], [found=yes], [found=no])
1964 if test X"$found" = X"no"; then
1965 AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
1969 dnl Check for -ldes vs. -ldes425
1971 AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [
1972 AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""])
1975 dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV
1977 AC_MSG_CHECKING(whether we are using KTH Kerberos IV)
1978 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]], [[const char *tmp = krb4_version;]])], [
1980 K4LIBS="${K4LIBS} -lcom_err"
1981 AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"])
1987 dnl The actual Kerberos IV lib might be -lkrb or -lkrb4
1989 AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [
1990 AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"],
1991 [K4LIBS="-lkrb $K4LIBS"]
1992 [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])]
1995 LDFLAGS="$O_LDFLAGS"
1996 SUDO_LIBS="${SUDO_LIBS} $K4LIBS"
1997 AUTH_OBJS="$AUTH_OBJS kerb4.o"
2002 dnl There is an easy way and a hard way...
2004 if test ${with_kerb5-'no'} != "no"; then
2005 AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
2006 if test -n "$KRB5CONFIG"; then
2007 AC_DEFINE(HAVE_KERB5)
2008 AUTH_OBJS="$AUTH_OBJS kerb5.o"
2009 CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
2010 SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`"
2012 dnl Try to determine whether we have Heimdal or MIT Kerberos
2014 AC_MSG_CHECKING(whether we are using Heimdal)
2015 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2017 AC_DEFINE(HAVE_HEIMDAL)
2024 if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then
2025 AC_DEFINE(HAVE_KERB5)
2027 dnl Use the specified directory, if any, else search for correct inc dir
2029 if test "$with_kerb5" = "yes"; then
2031 O_CPPFLAGS="$CPPFLAGS"
2032 for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
2033 CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
2034 AC_PREPROC_IFELSE([#include <krb5.h>], [found=yes; break])
2036 if test X"$found" = X"no"; then
2037 CPPFLAGS="$O_CPPFLAGS"
2038 AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
2041 dnl XXX - try to include krb5.h here too
2042 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib])
2043 CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
2047 dnl Try to determine whether we have Heimdal or MIT Kerberos
2049 AC_MSG_CHECKING(whether we are using Heimdal)
2050 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
2052 AC_DEFINE(HAVE_HEIMDAL)
2053 SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
2054 AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"])
2057 SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
2060 AUTH_OBJS="$AUTH_OBJS kerb5.o"
2062 LIBS="${LIBS} ${SUDO_LIBS}"
2063 AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
2068 dnl extra AFS libs and includes
2070 if test ${with_AFS-'no'} = "yes"; then
2072 # looks like the "standard" place for AFS libs is /usr/afsws/lib
2073 AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
2074 for i in $AFSLIBDIRS; do
2075 if test -d ${i}; then
2076 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i])
2077 FOUND_AFSLIBDIR=true
2080 if test -z "$FOUND_AFSLIBDIR"; then
2081 AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.])
2084 # Order is important here. Note that we build AFS_LIBS from right to left
2085 # since AFS_LIBS may be initialized with BSD compat libs that must go last
2086 AFS_LIBS="-laudit ${AFS_LIBS}"
2087 for i in $AFSLIBDIRS; do
2088 if test -f ${i}/util.a; then
2089 AFS_LIBS="${i}/util.a ${AFS_LIBS}"
2094 if test -z "$FOUND_UTIL_A"; then
2095 AFS_LIBS="-lutil ${AFS_LIBS}"
2097 AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}"
2099 # AFS includes may live in /usr/include on some machines...
2100 for i in /usr/afsws/include; do
2101 if test -d ${i}; then
2102 CPPFLAGS="${CPPFLAGS} -I${i}"
2103 FOUND_AFSINCDIR=true
2107 if test -z "$FOUND_AFSLIBDIR"; then
2108 AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
2111 AUTH_OBJS="$AUTH_OBJS afs.o"
2115 dnl extra DCE obj + lib
2116 dnl Order of libs in HP-UX 10.x is important, -ldce must be last.
2118 if test ${with_DCE-'no'} = "yes"; then
2119 DCE_OBJS="${DCE_OBJS} dce_pwent.o"
2120 SUDO_LIBS="${SUDO_LIBS} -ldce"
2121 AUTH_OBJS="$AUTH_OBJS dce.o"
2125 dnl extra S/Key lib and includes
2127 if test ${with_skey-'no'} = "yes"; then
2128 O_LDFLAGS="$LDFLAGS"
2129 if test "$with_skey" != "yes"; then
2130 CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
2131 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
2132 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib])
2133 AC_PREPROC_IFELSE([#include <skey.h>], [found=yes], [found=no])
2136 O_CPPFLAGS="$CPPFLAGS"
2137 for dir in "" "/usr/local" "/usr/contrib"; do
2138 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2139 AC_PREPROC_IFELSE([#include <skey.h>], [found=yes; break])
2141 if test "$found" = "no" -o -z "$dir"; then
2142 CPPFLAGS="$O_CPPFLAGS"
2144 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2145 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
2148 if test "$found" = "no"; then
2149 AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
2151 AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])])
2152 AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
2153 LDFLAGS="$O_LDFLAGS"
2154 SUDO_LIBS="${SUDO_LIBS} -lskey"
2155 AUTH_OBJS="$AUTH_OBJS rfc1938.o"
2159 dnl extra OPIE lib and includes
2161 if test ${with_opie-'no'} = "yes"; then
2162 O_LDFLAGS="$LDFLAGS"
2163 if test "$with_opie" != "yes"; then
2164 CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
2165 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
2166 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib])
2167 AC_PREPROC_IFELSE([#include <opie.h>], [found=yes], [found=no])
2170 O_CPPFLAGS="$CPPFLAGS"
2171 for dir in "" "/usr/local" "/usr/contrib"; do
2172 test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
2173 AC_PREPROC_IFELSE([#include <opie.h>], [found=yes; break])
2175 if test "$found" = "no" -o -z "$dir"; then
2176 CPPFLAGS="$O_CPPFLAGS"
2178 SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
2179 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
2182 if test "$found" = "no"; then
2183 AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
2185 AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])])
2186 LDFLAGS="$O_LDFLAGS"
2187 SUDO_LIBS="${SUDO_LIBS} -lopie"
2188 AUTH_OBJS="$AUTH_OBJS rfc1938.o"
2192 dnl Check for shadow password routines if we have not already done so.
2193 dnl If there is a specific list of functions to check we do that first.
2194 dnl Otherwise, we check for SVR4-style and then SecureWare-style.
2196 if test ${with_passwd-'no'} != "no"; then
2198 dnl if crypt(3) not in libc, look elsewhere
2200 if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then
2201 AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2204 if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
2206 LIBS="$LIBS $shadow_libs"
2208 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2209 if test "$found" = "yes"; then
2210 SUDO_LIBS="$SUDO_LIBS $shadow_libs"
2211 elif test -n "$shadow_libs_optional"; then
2212 LIBS="$LIBS $shadow_libs_optional"
2213 AC_CHECK_FUNCS($shadow_funcs, [found=yes])
2214 if test "$found" = "yes"; then
2215 SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional"
2218 if test "$found" = "yes"; then
2219 case "$shadow_funcs" in
2220 *getprpwnam*) SECUREWARE=1;;
2222 test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs"
2228 if test "$CHECKSHADOW" = "true"; then
2229 AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2231 if test "$CHECKSHADOW" = "true"; then
2232 AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
2234 if test -n "$SECUREWARE"; then
2235 AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
2236 AUTH_OBJS="$AUTH_OBJS secureware.o"
2241 dnl extra lib and .o file for LDAP support
2243 if test ${with_ldap-'no'} != "no"; then
2245 if test "$with_ldap" != "yes"; then
2246 SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib])
2247 SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
2248 CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
2251 SUDO_OBJS="${SUDO_OBJS} ldap.o"
2253 AC_MSG_CHECKING([for LDAP libraries])
2257 for l in -lldap -llber '-lssl -lcrypto'; do
2259 LDAP_LIBS="${LDAP_LIBS} $l"
2260 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2262 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
2264 dnl if nothing linked just try with -lldap
2265 if test "$found" = "no"; then
2267 AC_MSG_RESULT([not found, using -lldap])
2269 AC_MSG_RESULT([$LDAP_LIBS])
2271 dnl try again w/o explicitly including lber.h
2272 AC_MSG_CHECKING([whether lber.h is needed])
2273 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
2274 #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
2275 AC_MSG_RESULT([yes])
2276 AC_DEFINE(HAVE_LBER_H)])
2278 AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s)
2280 SUDO_LIBS="${SUDO_LIBS}${LDAP_LIBS}"
2283 # XXX - OpenLDAP has deprecated ldap_get_values()
2284 CPPFLAGS="${CPPFLAGS} -DLDAP_DEPRECATED"
2288 dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we
2289 dnl added -L dirpaths to SUDO_LDFLAGS.
2291 if test -n "$blibpath"; then
2292 if test -n "$blibpath_add"; then
2293 SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
2294 elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
2295 SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}"
2300 dnl Check for log file and timestamp locations
2306 dnl Use passwd (and secureware) auth modules?
2308 case "$with_passwd" in
2310 AUTH_OBJS="$AUTH_OBJS passwd.o"
2313 AC_DEFINE(WITHOUT_PASSWD)
2314 if test -z "$AUTH_OBJS"; then
2315 AC_MSG_ERROR([no authentication methods defined.])
2319 AUTH_OBJS=${AUTH_OBJS# }
2320 _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'`
2321 AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
2324 dnl LIBS may contain duplicates from SUDO_LIBS or NET_LIBS so prune it.
2326 if test -n "$LIBS"; then
2331 for sl in ${SUDO_LIBS} ${NET_LIBS}; do
2332 test $l = $sl && dupe=1
2334 test $dupe = 0 && LIBS="${LIBS} $l"
2341 test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
2344 dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
2345 dnl XXX - this is gross!
2347 if test "$with_noexec" != "no"; then
2348 PROGS="${PROGS} sudo_noexec.la"
2349 INSTALL_NOEXEC="install-noexec"
2351 oexec_prefix="$exec_prefix"
2352 if test "$exec_prefix" = '$(prefix)'; then
2353 if test "$prefix" = "NONE"; then
2354 exec_prefix="$ac_default_prefix"
2356 exec_prefix="$prefix"
2359 eval noexec_file="$with_noexec"
2360 AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
2361 exec_prefix="$oexec_prefix"
2365 dnl Substitute into the Makefile and man pages
2367 AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man])
2371 dnl Spew any text the user needs to know about
2373 if test "$with_pam" = "yes"; then
2376 AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
2382 dnl Autoheader templates
2384 AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
2385 AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
2386 AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
2387 AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
2388 AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
2389 AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
2390 AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
2391 AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
2392 AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
2393 AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
2394 AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
2395 AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
2396 AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
2397 AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
2398 AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
2399 AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.])
2400 AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
2401 AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
2402 AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
2403 AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)])
2404 AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)])
2405 AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
2406 AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
2407 AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
2408 AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
2409 AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if <netinet/in.h> contains struct in6_addr.])
2410 AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
2411 AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
2412 AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.])
2413 AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
2414 AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
2415 AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
2416 AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
2417 AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
2418 AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
2419 AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
2420 AH_TEMPLATE(HAVE_SIA, [Define to 1 if you use SIA authentication.])
2421 AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
2422 AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
2423 AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
2424 AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
2425 AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
2426 AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.])
2427 AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h])
2428 AH_TEMPLATE(HAVE_TIMESPECSUB2, [Define to 1 if you have a timespecsub macro or function that takes two arguments (not three)])
2429 AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
2430 AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
2431 AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
2432 AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
2433 AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
2434 AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
2435 AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
2436 AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
2437 AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
2438 AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
2439 AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
2440 AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
2441 AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])
2442 AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.])
2443 AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
2444 AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
2445 AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
2446 AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
2447 AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
2448 AH_TEMPLATE(USE_TTY_TICKETS, [Define to 1 if you want a different ticket file for each tty.])
2449 AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
2450 AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
2453 dnl Bits to copy verbatim into config.h.in
2455 AH_TOP([#ifndef _SUDO_CONFIG_H
2456 #define _SUDO_CONFIG_H])
2459 * Macros to pull sec and nsec parts of mtime from struct stat.
2460 * We need to be able to convert between timeval and timespec
2461 * so the last 3 digits of tv_nsec are not significant.
2464 # define mtim_getsec(_x) ((_x).st_mtim.tv_sec)
2465 # define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000)
2467 # ifdef HAVE_ST_MTIMESPEC
2468 # define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec)
2469 # define mtim_getnsec(_x) (((_x).st_mtimespec.tv_nsec / 1000) * 1000)
2471 # define mtim_getsec(_x) ((_x).st_mtime)
2472 # define mtim_getnsec(_x) (0)
2473 # endif /* HAVE_ST_MTIMESPEC */
2474 #endif /* HAVE_ST_MTIM */
2477 * Emulate a subset of waitpid() if we don't have it.
2480 # define sudo_waitpid(p, s, o) waitpid(p, s, o)
2483 # define sudo_waitpid(p, s, o) wait3(s, o, NULL)
2487 /* GNU stow needs /etc/sudoers to be a symlink. */
2489 # define stat_sudoers stat
2491 # define stat_sudoers lstat
2494 /* Macros to set/clear/test flags. */
2496 #define SET(t, f) ((t) |= (f))
2498 #define CLR(t, f) ((t) &= ~(f))
2500 #define ISSET(t, f) ((t) & (f))
2502 /* New ANSI-style OS defs for HP-UX and ConvexOS. */
2503 #if defined(hpux) && !defined(__hpux)
2507 #if defined(convex) && !defined(__convex__)
2508 # define __convex__ 1
2511 /* BSD compatibility on some SVR4 systems. */
2514 #endif /* __svr4__ */
2516 #endif /* _SUDO_CONFIG_H */])