dnl
dnl Process this file with GNU autoconf to produce a configure script.
-dnl $Sudo: configure.in,v 1.413.2.27 2007/10/24 16:43:25 millert Exp $
+dnl $Sudo: configure.in,v 1.413.2.53 2008/06/22 20:23:56 millert Exp $
dnl
dnl Copyright (c) 1994-1996,1998-2007 Todd C. Miller <Todd.Miller@courtesan.com>
dnl
AC_SUBST(SUDO_LIBS)
AC_SUBST(NET_LIBS)
AC_SUBST(AFS_LIBS)
+AC_SUBST(GETGROUPS_LIB)
AC_SUBST(OSDEFS)
AC_SUBST(AUTH_OBJS)
AC_SUBST(MANTYPE)
AC_SUBST(SUDOERS_UID)
AC_SUBST(SUDOERS_GID)
AC_SUBST(DEV)
+AC_SUBST(SELINUX)
+AC_SUBST(BAMAN)
+AC_SUBST(LCMAN)
+AC_SUBST(SEMAN)
AC_SUBST(mansectsu)
AC_SUBST(mansectform)
AC_SUBST(mansrcdir)
+AC_SUBST(NOEXECFILE)
AC_SUBST(NOEXECDIR)
AC_SUBST(noexec_file)
AC_SUBST(INSTALL_NOEXEC)
: ${SUDOERS_UID='0'}
: ${SUDOERS_GID='0'}
DEV="#"
+SELINUX="#"
+BAMAN='.\" '
+LCMAN='.\" '
+SEMAN='.\" '
AUTH_OBJS=
AUTH_REG=
AUTH_EXCL=
dnl
dnl Override default configure dirs...
dnl
-test "$mandir" = '${prefix}/man' && mandir='$(prefix)/man'
+if test X"$prefix" = X"NONE"; then
+ test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
+else
+ test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man'
+fi
test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
esac])
AC_ARG_WITH(ldap-conf-file, [ --with-ldap-conf-file path to LDAP configuration file],
[AC_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$with_ldap_conf_file", [Path to the ldap.conf file])])
-AC_ARG_WITH(ldap-secret-file, [ --with-ldap-secret-file path to LDAP secret pasdword file],
+AC_ARG_WITH(ldap-secret-file, [ --with-ldap-secret-file path to LDAP secret password file],
[AC_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$with_ldap_secret_file", [Path to the ldap.secret file])])
AC_ARG_WITH(pc-insults, [ --with-pc-insults replace politically incorrect insults with less offensive ones],
esac
], AC_MSG_RESULT(no))
+AC_ARG_WITH(selinux, [ --with-selinux enable SELinux support],
+[case $with_selinux in
+ yes) AC_DEFINE(HAVE_SELINUX)
+ SUDO_LIBS="${SUDO_LIBS} -lselinux"
+ SUDO_OBJS="${SUDO_OBJS} selinux.o"
+ PROGS="${PROGS} sesh"
+ SELINUX=""
+ SEMAN=""
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-selinux does not take an argument."])
+ ;;
+esac])
+
dnl
dnl If we don't have egrep we can't do anything...
dnl
*) ;;
esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
AC_MSG_RESULT($with_noexec)
+NOEXECFILE="sudo_noexec$_shrext"
NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
dnl
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
- *-*-linux*)
+ *-*-linux*|*-*-k*bsd*-gnu)
OSDEFS="${OSDEFS} -D_GNU_SOURCE"
# Some Linux versions need to link with -lshadow
shadow_funcs="getspnam"
fi
fi
if test ${with_logincap-'no'} != "no"; then
- AC_CHECK_HEADERS(login_cap.h, [
+ AC_CHECK_HEADERS(login_cap.h, [LCMAN=""
case "$OS" in
freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
;;
dnl
dnl Function checks
dnl
+AC_FUNC_GETGROUPS
AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
strftime setrlimit initgroups getgroups fstat gettimeofday \
- setlocale getaddrinfo)
+ setlocale getaddrinfo setsid)
if test -z "$SKIP_SETRESUID"; then
AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
fi
])
AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
if test X"$ac_cv_type_struct_timespec" != X"no"; then
- AC_CHECK_MEMBER([struct stat.st_mtim], AC_DEFINE(HAVE_ST_MTIM), [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
+ AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)]
+ [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))],
+ [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
AC_MSG_CHECKING([for two-parameter timespecsub])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
#include <sys/time.h>]], [[struct timespec ts1, ts2;
dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
dnl
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
-#include <$ac_header_dirent>]], [[DIR d; (void)dirfd(&d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_TRY_LINK([#include <sys/types.h>
+#include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_TRY_LINK([#include <sys/types.h>
#include <$ac_header_dirent>], [DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);], [AC_DEFINE(HAVE_DD_FD)])])
dnl
dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
;;
esac], AC_MSG_RESULT(yes))
+ case $host in
+ *-*-linux*|*-*-solaris*)
+ # dgettext() may be defined to dgettext_libintl in the
+ # header file, so first check that it links w/ additional
+ # libs, then try with -lintl
+ AC_LINK_IFELSE([AC_LANG_PROGRAM(
+ [[#include <libintl.h>]], [(void)dgettext((char *)0, (char *)0);])],
+ [AC_DEFINE(HAVE_DGETTEXT)],
+ [AC_CHECK_LIB(intl, dgettext, [LIBS="${LIBS} -lintl"]
+ [AC_DEFINE(HAVE_DGETTEXT)])])
+ ;;
+ esac
fi
fi
if test ${with_bsdauth-'no'} != "no"; then
AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
[AUTH_OBJS="$AUTH_OBJS bsdauth.o"]
- [BSDAUTH_USAGE='[[-a auth_type]] ']
- [AUTH_EXCL=BSD_AUTH],
+ [AUTH_EXCL=BSD_AUTH; BAMAN=""],
[AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
fi
], [
AC_MSG_RESULT(no)
SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
-
+ AC_CHECK_LIB(krb5support, main, [SUDO_LIBS="${SUDO_LIBS} -lkrb5support,"])
])
AUTH_OBJS="$AUTH_OBJS kerb5.o"
_LIBS="$LIBS"
done
dnl if nothing linked just try with -lldap
if test "$found" = "no"; then
- LDAP_LIBS=" -lldap"
+ LIBS="${_LIBS} -lldap"
+ LDAP_LIBS="-lldap"
AC_MSG_RESULT([not found, using -lldap])
else
AC_MSG_RESULT([$LDAP_LIBS])
fi
- dnl try again w/o explicitly including lber.h
+ dnl check if we need to link with -llber for ber_set_option
+ OLIBS="$LIBS"
+ AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
+ if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
+ LDAP_LIBS="$LDAP_LIBS -llber"
+ fi
+ dnl check if ldap.h includes lber.h for us
AC_MSG_CHECKING([whether lber.h is needed])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
#include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
AC_MSG_RESULT([yes])
AC_DEFINE(HAVE_LBER_H)])
- AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s)
+ AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength)
+ AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
- SUDO_LIBS="${SUDO_LIBS}${LDAP_LIBS}"
+ SUDO_LIBS="${SUDO_LIBS} ${LDAP_LIBS}"
LIBS="$_LIBS"
LDFLAGS="$_LDFLAGS"
# XXX - OpenLDAP has deprecated ldap_get_values()
test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
dnl
-dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
+dnl Defer setting _PATH_SUDO_NOEXEC and _PATH_SUDO_SESH
+dnl until after exec_prefix is set
dnl XXX - this is gross!
dnl
-if test "$with_noexec" != "no"; then
- PROGS="${PROGS} sudo_noexec.la"
- INSTALL_NOEXEC="install-noexec"
-
+if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
oexec_prefix="$exec_prefix"
if test "$exec_prefix" = '$(prefix)'; then
if test "$prefix" = "NONE"; then
exec_prefix="$prefix"
fi
fi
- eval noexec_file="$with_noexec"
- AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
+ if test X"$with_noexec" != X"no"; then
+ PROGS="${PROGS} sudo_noexec.la"
+ INSTALL_NOEXEC="install-noexec"
+
+ eval noexec_file="$with_noexec"
+ AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
+ fi
+ if test X"$with_selinux" != X"no"; then
+ eval sesh_file="$libexecdir/sesh"
+ AC_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
+ fi
exec_prefix="$oexec_prefix"
fi
AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
+AH_TEMPLATE(HAVE_DGETTEXT, [Define to 1 if you have the `dgettext' function.])
AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.])
AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
+AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.])
AH_TEMPLATE(HAVE_SIA, [Define to 1 if you use SIA authentication.])
AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
+AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union])
AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.])
* so the last 3 digits of tv_nsec are not significant.
*/
#ifdef HAVE_ST_MTIM
-# define mtim_getsec(_x) ((_x).st_mtim.tv_sec)
-# define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000)
+# ifdef HAVE_ST__TIM
+# define mtim_getsec(_x) ((_x).st_mtim.st__tim.tv_sec)
+# define mtim_getnsec(_x) (((_x).st_mtim.st__tim.tv_nsec / 1000) * 1000)
+# else
+# define mtim_getsec(_x) ((_x).st_mtim.tv_sec)
+# define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000)
+# endif
#else
# ifdef HAVE_ST_MTIMESPEC
# define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec)