dnl
dnl Process this file with GNU autoconf to produce a configure script.
dnl
-dnl Copyright (c) 1994-1996,1998-2011 Todd C. Miller <Todd.Miller@courtesan.com>
+dnl Copyright (c) 1994-1996,1998-2013 Todd C. Miller <Todd.Miller@courtesan.com>
dnl
-AC_INIT([sudo], [1.8.1p2], [http://www.sudo.ws/bugs/], [sudo])
+AC_INIT([sudo], [1.8.6p8], [http://www.sudo.ws/bugs/], [sudo])
AC_CONFIG_HEADER([config.h pathnames.h])
dnl
dnl Note: this must come after AC_INIT
AC_SUBST([CPPFLAGS])
AC_SUBST([LDFLAGS])
AC_SUBST([SUDOERS_LDFLAGS])
-AC_SUBST([LTLDFLAGS])
+AC_SUBST([LT_LDFLAGS])
+AC_SUBST([LT_LDMAP])
+AC_SUBST([LT_LDOPT])
+AC_SUBST([LT_LDDEP])
+AC_SUBST([LT_LDEXPORTS])
AC_SUBST([COMMON_OBJS])
AC_SUBST([SUDOERS_OBJS])
AC_SUBST([SUDO_OBJS])
AC_SUBST([OSDEFS])
AC_SUBST([AUTH_OBJS])
AC_SUBST([MANTYPE])
-AC_SUBST([MAN_POSTINSTALL])
+AC_SUBST([MANDIRTYPE])
+AC_SUBST([MANCOMPRESS])
+AC_SUBST([MANCOMPRESSEXT])
+AC_SUBST([SHLIB_MODE])
AC_SUBST([SUDOERS_MODE])
AC_SUBST([SUDOERS_UID])
AC_SUBST([SUDOERS_GID])
-AC_SUBST([DEV])
+AC_SUBST([DEVEL])
AC_SUBST([BAMAN])
AC_SUBST([LCMAN])
+AC_SUBST([PSMAN])
AC_SUBST([SEMAN])
AC_SUBST([devdir])
AC_SUBST([mansectsu])
AC_SUBST([CONFIGURE_ARGS])
AC_SUBST([LIBDL])
AC_SUBST([LT_STATIC])
+AC_SUBST([LIBINTL])
+AC_SUBST([SUDO_NLS])
+AC_SUBST([COMPAT_TEST_PROGS])
+AC_SUBST([CROSS_COMPILING])
+AC_SUBST([PIE_LDFLAGS])
+AC_SUBST([PIE_CFLAGS])
+AC_SUBST([SSP_LDFLAGS])
+AC_SUBST([SSP_CFLAGS])
+AC_SUBST([NO_VIZ])
dnl
dnl Variables that get substituted in docs (not overridden by environment)
dnl
AC_SUBST([path_info])
AC_SUBST([ldap_conf])
AC_SUBST([ldap_secret])
+AC_SUBST([sssd_lib])
AC_SUBST([nsswitch_conf])
AC_SUBST([netsvc_conf])
AC_SUBST([secure_path])
INSTALL_NOEXEC=
devdir='$(srcdir)'
PROGS="sudo"
-: ${MANTYPE='man'}
+: ${MANDIRTYPE='man'}
: ${mansrcdir='.'}
+: ${SHLIB_MODE='0644'}
: ${SUDOERS_MODE='0440'}
: ${SUDOERS_UID='0'}
: ${SUDOERS_GID='0'}
-DEV="#"
+DEVEL=
LDAP="#"
BAMAN=0
LCMAN=0
+PSMAN=0
SEMAN=0
+LIBINTL=
ZLIB=
ZLIB_SRC=
AUTH_OBJS=
AUTH_EXCL=
AUTH_EXCL_DEF=
AUTH_DEF=passwd
+SUDO_NLS=disabled
+LT_LDEXPORTS="-export-symbols \$(shlib_exp)"
+LT_LDDEP="\$(shlib_exp)"
+NO_VIZ="-DNO_VIZ"
dnl
dnl Other vaiables
shadow_libs_optional=
CONFIGURE_ARGS="$@"
+dnl
+dnl LD_PRELOAD equivalents
+dnl
+RTLD_PRELOAD_VAR="LD_PRELOAD"
+RTLD_PRELOAD_ENABLE_VAR=
+RTLD_PRELOAD_DELIM=":"
+RTLD_PRELOAD_DEFAULT=
+
dnl
dnl libc replacement functions live in compat
dnl
[case $with_devel in
yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
OSDEFS="${OSDEFS} -DSUDO_DEVEL"
- DEV=""
+ DEVEL="true"
devdir=.
;;
no) ;;
AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])],
[case $with_CC in
- yes) AC_MSG_ERROR(["must give --with-CC an argument."])
- ;;
- no) AC_MSG_ERROR(["illegal argument: --without-CC."])
- ;;
- *) CC=$with_CC
+ *) AC_MSG_ERROR([the --with-CC option is no longer supported, please set the CC environment variable instead.])
;;
esac])
;;
esac])
+dnl
+dnl Handle SSSD support.
+dnl
+AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])],
+[case $with_sssd in
+ yes) SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo"
+ AC_DEFINE(HAVE_SSSD)
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-sssd does not take an argument."])
+ ;;
+esac])
+
+AC_ARG_WITH(sssd-lib, [AS_HELP_STRING([--with-sssd-lib], [path to the SSSD library])])
+sssd_lib="\"LIBDIR\""
+test -n "$with_sssd_lib" && sssd_lib="$with_sssd_lib"
+SUDO_DEFINE_UNQUOTED(_PATH_SSSD_LIB, "$sssd_lib", [Path to the SSSD library])
+
AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])],
[case $with_incpath in
yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
;;
esac])
-AC_ARG_WITH(kerb4, [AS_HELP_STRING([--with-kerb4[[=DIR]]], [enable Kerberos IV support])],
-[case $with_kerb4 in
- no) ;;
- *) AC_MSG_CHECKING(whether to try kerberos IV authentication)
- AC_MSG_RESULT(yes)
- AUTH_REG="$AUTH_REG kerb4"
- ;;
-esac])
-
AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])],
[case $with_kerb5 in
no) ;;
;;
esac], AC_MSG_RESULT(yes))
-AC_MSG_CHECKING(whether stow should be used)
-AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [properly handle GNU stow packaging])],
+AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [deprecated])],
[case $with_stow in
- yes) AC_MSG_RESULT(yes)
- AC_DEFINE(USE_STOW)
+ *) AC_MSG_NOTICE([--with-stow option deprecated, now is defalt behavior])
;;
- no) AC_MSG_RESULT(no)
- ;;
- *) AC_MSG_ERROR(["--with-stow does not take an argument."])
- ;;
-esac], AC_MSG_RESULT(no))
+esac])
AC_MSG_CHECKING(whether to use an askpass helper)
AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])],
*) ;;
esac], [with_plugindir="$libexecdir"])
+AC_ARG_WITH(man, [AS_HELP_STRING([--with-man], [manual pages use man macros])],
+[case $with_man in
+ yes) MANTYPE=man
+ ;;
+ no) AC_MSG_ERROR(["--without-man not supported."])
+ ;;
+ *) AC_MSG_ERROR(["ignoring unknown argument to --with-man: $with_man."])
+ ;;
+esac])
+
+AC_ARG_WITH(mdoc, [AS_HELP_STRING([--with-mdoc], [manual pages use mdoc macros])],
+[case $with_mdoc in
+ yes) MANTYPE=mdoc
+ ;;
+ no) AC_MSG_ERROR(["--without-mdoc not supported."])
+ ;;
+ *) AC_MSG_ERROR(["ignoring unknown argument to --with-mdoc: $with_mdoc."])
+ ;;
+esac])
+
dnl
dnl Options for --enable
dnl
AC_ARG_ENABLE(zlib,
[AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])],
-[])
+[], [enable_zlib=yes])
AC_MSG_CHECKING(whether to enable environment resetting by default)
AC_ARG_ENABLE(env_reset,
])
if test "$env_reset" = "on"; then
AC_MSG_RESULT(yes)
- AC_DEFINE(ENV_RESET, TRUE)
+ AC_DEFINE(ENV_RESET, 1)
else
AC_MSG_RESULT(no)
- AC_DEFINE(ENV_RESET, FALSE)
+ AC_DEFINE(ENV_RESET, 0)
fi
AC_ARG_ENABLE(warnings,
[AS_HELP_STRING([--enable-warnings], [Whether to enable compiler warnings])],
[ case "$enableval" in
- yes) if test X"$with_devel" != X"yes" -a -n "$GCC"; then
- CFLAGS="${CFLAGS} -Wall"
- fi
- ;;
+ yes) ;;
no) ;;
*) AC_MSG_WARN([Ignoring unknown argument to --enable-warnings: $enableval])
;;
esac
])
+AC_ARG_ENABLE(werror,
+[AS_HELP_STRING([--enable-werror], [Whether to enable the -Werror compiler option])],
+[ case "$enableval" in
+ yes) ;;
+ no) ;;
+ *) AC_MSG_WARN([Ignoring unknown argument to --enable-werror: $enableval])
+ ;;
+ esac
+])
+
+AC_ARG_ENABLE(hardening,
+[AS_HELP_STRING([--disable-hardening], [Do not use compiler/linker exploit mitigation options])],
+[], [enable_hardening=yes])
+
+AC_ARG_ENABLE(pie,
+[AS_HELP_STRING([--disable-pie], [Do not build position independent executables, even if the compiler/linker supports them])],
+[], [enable_pie=yes])
+
AC_ARG_ENABLE(admin-flag,
[AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])],
[ case "$enableval" in
esac
])
+AC_ARG_ENABLE(nls,
+[AS_HELP_STRING([--disable-nls], [Disable natural language support using gettext])],
+[], [enable_nls=yes])
+
AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])],
[case $with_selinux in
yes) SELINUX_USAGE="[[-r role]] [[-t type]] "
AC_MSG_ERROR([Sudo version $PACKAGE_VERSION requires an ANSI C compiler to build.])
fi
+dnl
+dnl If the user specified --disable-static, override them or we'll
+dnl be unable to build the executables in the sudoers plugin dir.
+dnl
+if test "$enable_static" = "no"; then
+ AC_MSG_WARN([Ignoring --disable-static, sudo does not install static libs])
+ enable_static=yes
+fi
+
dnl
dnl Libtool setup, we require libtool 2.2.6b or higher
dnl
enable_dlopen=no
lt_cv_dlopen=none
lt_cv_dlopen_libs=
+ ac_cv_func_dlopen=no
else
eval _shrext="$shrext_cmds"
# Darwin uses .dylib for libraries but .so for modules
esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
AC_MSG_RESULT($with_noexec)
NOEXECFILE="sudo_noexec$_shrext"
-NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
-
-dnl
-dnl It is now safe to modify CFLAGS and CPPFLAGS
-dnl
-if test X"$with_devel" = X"yes" -a -n "$GCC"; then
- CFLAGS="${CFLAGS} -Wall"
-fi
+NOEXECDIR="`echo $with_noexec|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`"
dnl
dnl Find programs we use
dnl
-AC_CHECK_PROG(UNAMEPROG, [uname], [uname])
-AC_CHECK_PROG(TRPROG, [tr], [tr])
-AC_CHECK_PROGS(NROFFPROG, [nroff mandoc])
-if test -z "$NROFFPROG"; then
- MANTYPE="cat"
- mansrcdir='$(srcdir)'
+AC_PATH_PROG(UNAMEPROG, [uname], [uname])
+AC_PATH_PROG(TRPROG, [tr], [tr])
+AC_PATH_PROG(MANDOCPROG, [mandoc], [mandoc])
+if test "$MANDOCPROG" != "mandoc"; then
+ : ${MANTYPE='mdoc'}
+else
+ AC_PATH_PROG(NROFFPROG, [nroff])
+ if test -n "$NROFFPROG"; then
+ test -n "$MANTYPE" && sudo_cv_var_mantype="$MANTYPE"
+ AC_CACHE_CHECK([which macro set to use for manual pages],
+ [sudo_cv_var_mantype],
+ [
+ sudo_cv_var_mantype="man"
+ echo ".Sh NAME" > conftest
+ echo ".Nm sudo" >> conftest
+ echo ".Nd sudo" >> conftest
+ echo ".Sh DESCRIPTION" >> conftest
+ echo "sudo" >> conftest
+ if $NROFFPROG -mdoc conftest >/dev/null 2>&1; then
+ sudo_cv_var_mantype="mdoc"
+ fi
+ rm -f conftest
+ ]
+ )
+ MANTYPE="$sudo_cv_var_mantype"
+ else
+ MANTYPE=cat
+ MANDIRTYPE=cat
+ mansrcdir='$(srcdir)'
+ fi
fi
dnl
case "$host" in
*-*-sunos4*)
+ # LD_PRELOAD is space-delimited
+ RTLD_PRELOAD_DELIM=" "
+
# getcwd(3) opens a pipe to getpwd(1)!?!
BROKEN_GETCWD=1
shadow_funcs="getpwanam issecure"
;;
*-*-solaris2*)
+ # LD_PRELOAD is space-delimited
+ RTLD_PRELOAD_DELIM=" "
+
+ # For implementing getgrouplist()
+ AC_CHECK_FUNCS(_getgroupsbymember)
+
# To get the crypt(3) prototype (so we pass -Wall)
OSDEFS="${OSDEFS} -D__EXTENSIONS__"
# AFS support needs -lucb
: ${mansectform='4'}
: ${with_rpath='yes'}
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
- AC_CHECK_FUNCS(priv_set)
+ AC_CHECK_FUNCS(priv_set, [PSMAN=1])
;;
*-*-aix*)
# To get all prototypes (so we pass -Wall)
fi
LDFLAGS="$O_LDFLAGS"
- # Use authenticate(3) as the default authentication method
- if test X"$with_aixauth" = X""; then
- AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
+ # On AIX 6 and higher default to PAM, else default to LAM
+ if test $OSMAJOR -ge 6; then
+ if test X"$with_pam" = X""; then
+ AUTH_EXCL_DEF="PAM"
+ fi
+ else
+ if test X"$with_aixauth" = X""; then
+ AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
+ fi
fi
# AIX analog of nsswitch.conf, enabled by default
with_netsvc="/etc/netsvc.conf"
fi
+ # For implementing getgrouplist()
+ AC_CHECK_FUNCS(getgrset)
+
+ # LDR_PRELOAD is only supported in AIX 5.3 and later
+ if test $OSMAJOR -lt 5; then
+ with_noexec=no
+ else
+ RTLD_PRELOAD_VAR="LDR_PRELOAD"
+ fi
+
# AIX-specific functions
AC_CHECK_FUNCS(getuserattr setauthdb)
COMMON_OBJS="$COMMON_OBJS aix.lo"
*-*-hiuxmpp*)
: ${mansectsu='1m'}
: ${mansectform='4'}
+
+ # HP-UX shared libs must be executable
+ SHLIB_MODE=0755
;;
*-*-hpux*)
# AFS support needs -lBSD
: ${mansectsu='1m'}
: ${mansectform='4'}
+ # HP-UX shared libs must be executable
+ SHLIB_MODE=0755
+
+ # The HP bundled compiler cannot generate shared libs
if test -z "$GCC"; then
- # Use the +DAportable flag on hppa if it is supported
- case "$host_cpu" in
- hppa*)
+ AC_CACHE_CHECK([for HP bundled C compiler],
+ [sudo_cv_var_hpccbundled],
+ [if $CC -V 2>&1 | grep '^(Bundled)' >/dev/null 2>&1; then
+ sudo_cv_var_hpccbundled=yes
+ else
+ sudo_cv_var_hpccbundled=no
+ fi]
+ )
+ if test "$sudo_cv_var_hpccbundled" = "yes"; then
+ AC_MSG_ERROR([The HP bundled C compiler is unable to build Sudo, you must use gcc or the HP ANSI C compiler instead.])
+ fi
+ fi
+
+ # Build PA-RISC1.1 objects for better portability
+ case "$host_cpu" in
+ hppa[[2-9]]*)
_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS +DAportable"
- AC_CACHE_CHECK([whether $CC understands +DAportable],
+ if test -n "$GCC"; then
+ portable_flag="-march=1.1"
+ else
+ portable_flag="+DAportable"
+ fi
+ CFLAGS="$CFLAGS $portable_flag"
+ AC_CACHE_CHECK([whether $CC understands $portable_flag],
[sudo_cv_var_daportable],
[AC_LINK_IFELSE(
[AC_LANG_PROGRAM([[]], [[]])],
CFLAGS="$_CFLAGS"
fi
;;
- esac
- fi
+ esac
case "$host" in
- *-*-hpux[1-8].*)
+ *-*-hpux[[1-8]].*)
AC_DEFINE(BROKEN_SYSLOG)
;;
*-*-hpux9.*)
;;
*-dec-osf*)
# ignore envariables wrt dynamic lib path
+ # XXX - sudo LDFLAGS instead?
SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-no_library_replacement"
: ${CHECKSIA='true'}
]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally])
sed 's:<acl.h>:<sys/acl.h>:g' < /usr/include/prot.h > prot.h
])
+ # ":DEFAULT" must be appended to _RLD_LIST
+ RTLD_PRELOAD_VAR="_RLD_LIST"
+ RTLD_PRELOAD_DEFAULT="DEFAULT"
: ${mansectsu='8'}
: ${mansectform='4'}
;;
*-*-irix*)
OSDEFS="${OSDEFS} -D_BSD_TYPES"
if test -z "$NROFFPROG"; then
- MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
if test -d /usr/share/catman/local; then
mandir="/usr/share/catman/local"
mandir="/usr/catman/local"
fi
fi
+ # Compress cat pages with pack
+ MANCOMPRESS='pack'
+ MANCOMPRESSEXT='.z'
else
if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
if test -d "/usr/share/man/local"; then
if test "$OSMAJOR" -le 4; then
AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"])
fi
+ # ":DEFAULT" must be appended to _RLD_LIST
+ RTLD_PRELOAD_VAR="_RLD_LIST"
+ RTLD_PRELOAD_DEFAULT="DEFAULT"
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
;;
*-*-bsdi*)
SKIP_SETREUID=yes
- # Use shlicc for BSD/OS [23].x unless asked to do otherwise
- if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then
- case "$OSMAJOR" in
- 2|3) AC_MSG_NOTICE([using shlicc as CC])
- ac_cv_prog_CC=shlicc
- CC="$ac_cv_prog_CC"
- ;;
- esac
- fi
- # Check for newer BSD auth API (just check for >= 3.0?)
+ # Check for newer BSD auth API
if test -z "$with_bsdauth"; then
AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
fi
SKIP_SETREUID=yes
;;
esac
+ OSDEFS="${OSDEFS} -D_BSD_SOURCE"
if test "${with_skey-'no'}" = "yes"; then
SUDOERS_LIBS="${SUDOERS_LIBS} -lmd"
fi
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='maybe'}
+ # PIE is broken on FreeBSD/ia64
+ case "$host_cpu" in
+ ia64*)
+ enable_pie=no;;
+ esac
;;
*-*-*openbsd*)
# OpenBSD has a real setreuid(2) starting with 3.3 but
- # we will use setreuid(2) instead.
+ # we will use setresuid(2) instead.
SKIP_SETREUID=yes
+ OSDEFS="${OSDEFS} -D_BSD_SOURCE"
CHECKSHADOW="false"
# OpenBSD >= 3.0 supports BSD auth
if test -z "$with_bsdauth"; then
- case "$OSREV" in
- [0-2].*)
- ;;
- *)
+ if test "$OSMAJOR" -ge 3; then
AUTH_EXCL_DEF="BSD_AUTH"
- ;;
- esac
+ fi
fi
: ${with_logincap='maybe'}
;;
*-*-*netbsd*)
# NetBSD has a real setreuid(2) starting with 1.3.2
case "$OSREV" in
- 0.9*|1.[012]*|1.3|1.3.1)
+ 0.9*|1.[[012]]*|1.3|1.3.1)
SKIP_SETREUID=yes
;;
esac
: ${with_logincap='maybe'}
;;
*-*-dragonfly*)
+ OSDEFS="${OSDEFS} -D_BSD_SOURCE"
if test "${with_skey-'no'}" = "yes"; then
SUDOERS_LIBS="${SUDOERS_LIBS} -lmd"
fi
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='yes'}
+ RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES"
+ RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE"
;;
*-*-nextstep*)
# lockf() on is broken on the NeXT -- use flock instead
ac_cv_func_lockf=no
ac_cv_func_flock=yes
+ RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES"
+ RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE"
;;
*-*-*sysv4*)
: ${mansectsu='1m'}
;;
esac
+dnl
+dnl Library preloading to support NOEXEC
+dnl
+if test -n "$with_noexec"; then
+ SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_VAR, "$RTLD_PRELOAD_VAR")
+ SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DELIM, "$RTLD_PRELOAD_DELIM")
+ if test -n "$RTLD_PRELOAD_DEFAULT"; then
+ SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DEFAULT, "$RTLD_PRELOAD_DEFAULT")
+ fi
+ if test -n "$RTLD_PRELOAD_ENABLE_VAR"; then
+ SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_ENABLE_VAR, "$RTLD_PRELOAD_ENABLE_VAR")
+ fi
+fi
+
dnl
dnl Check for mixing mutually exclusive and regular auth methods
dnl
AC_PROG_GCC_TRADITIONAL
AC_C_CONST
AC_C_VOLATILE
-if test X"$with_gnu_ld" != "yes" -a -n "$GCC"; then
- LTLDFLAGS="$LTLDFLAGS -Wc,-static-libgcc"
-fi
+# Check for variadic macro support in cpp
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
+AC_INCLUDES_DEFAULT
+#if defined(__GNUC__) && __GNUC__ == 2
+# define sudo_fprintf(fp, fmt...) fprintf((fp), (fmt))
+#else
+# define sudo_fprintf(fp, ...) fprintf((fp), __VA_ARGS__)
+#endif
+], [sudo_fprintf(stderr, "a %s", "test");])], [], [AC_MSG_ERROR([Your C compiler doesn't support variadic macros, try building with gcc instead])])
+
dnl
dnl Program checks
dnl
AC_HEADER_STDC
AC_HEADER_DIRENT
AC_HEADER_TIME
-AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h utmpx.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h)
+AC_HEADER_STDBOOL
+AC_HEADER_MAJOR
+AC_CHECK_HEADERS(malloc.h netgroup.h paths.h spawn.h utime.h utmpx.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h)
+AC_CHECK_HEADERS([procfs.h] [sys/procfs.h], [AC_CHECK_MEMBERS(struct psinfo.pr_ttydev, [AC_CHECK_FUNCS(_ttyname_dev)], [], [AC_INCLUDES_DEFAULT
+#ifdef HAVE_PROCFS_H
+#include <procfs.h>
+#endif
+#ifdef HAVE_SYS_PROCFS_H
+#include <sys/procfs.h>
+#endif
+])]
+break)
dnl
dnl Check for large file support. HP-UX 11.23 has a broken sys/type.h
dnl when large files support is enabled so work around it.
])
fi
if test ${with_project-'no'} != "no"; then
- AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H)
- [SUDO_LIBS="${SUDO_LIBS} -lproject"], -)
+ AC_CHECK_HEADER(project.h, [
+ AC_CHECK_LIB(project, setproject, [
+ AC_DEFINE(HAVE_PROJECT_H)
+ SUDO_LIBS="${SUDO_LIBS} -lproject"
+ ])
+ ], [])
fi
dnl
dnl typedef checks
AC_CHECK_TYPE([__signed char], [], [AC_CHECK_TYPE([signed char], [AC_DEFINE(__signed, signed)], [AC_DEFINE(__signed, [])])])
AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
#include <signal.h>])
-AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include <sys/types.h>
+AC_CHECK_TYPES([sigaction_t], [], [], [#include <sys/types.h>
#include <signal.h>])
-AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include <sys/types.h>
+AC_CHECK_TYPES([struct timespec], [], [], [#include <sys/types.h>
#if TIME_WITH_SYS_TIME
# include <sys/time.h>
#endif
#include <time.h>])
-AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include <sys/types.h>
+AC_CHECK_TYPES([struct in6_addr], [], [], [#include <sys/types.h>
#include <netinet/in.h>])
AC_TYPE_LONG_LONG_INT
AC_CHECK_SIZEOF([long int])
-SUDO_TYPE_SIZE_T
-SUDO_TYPE_SSIZE_T
-SUDO_TYPE_DEV_T
-SUDO_TYPE_INO_T
+AC_CHECK_TYPE(size_t, unsigned int)
+AC_CHECK_TYPE(ssize_t, int)
+AC_CHECK_TYPE(dev_t, int)
+AC_CHECK_TYPE(ino_t, unsigned int)
+AC_CHECK_TYPE(socklen_t, [], [AC_DEFINE(socklen_t, unsigned int)], [
+AC_INCLUDES_DEFAULT
+#include <sys/socket.h>])
SUDO_UID_T_LEN
SUDO_SOCK_SA_LEN
dnl
dnl Function checks
dnl
AC_FUNC_GETGROUPS
-AC_CHECK_FUNCS(strrchr sysconf tzset strftime initgroups getgroups fstat \
- regcomp setlocale nl_langinfo getaddrinfo mbr_check_membership \
- setrlimit64 sysctl)
+AC_CHECK_FUNCS(glob strrchr sysconf tzset strftime setenv \
+ regcomp setlocale nl_langinfo mbr_check_membership \
+ setrlimit64)
+AC_REPLACE_FUNCS(getgrouplist)
AC_CHECK_FUNCS(getline, [], [
AC_LIBOBJ(getline)
AC_CHECK_FUNCS(fgetln)
])
+dnl
+dnl If libc supports _FORTIFY_SOURCE check functions, use it.
+dnl
+if test "$enable_hardening" != "no"; then
+ O_CPPFLAGS="$CPPFLAGS"
+ CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"
+ AC_CHECK_FUNC(__sprintf_chk, [
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]])], [OSDEFS="${OSDEFS} -D_FORTIFY_SOURCE=2"], [])
+ ], [])
+ CPPFLAGS="$O_CPPFLAGS"
+fi
+
utmp_style=LEGACY
AC_CHECK_FUNCS(getutxid getutid, [utmp_style=POSIX; break])
if test "$utmp_style" = "LEGACY"; then
AC_CHECK_FUNCS(getttyent ttyslot, [break])
+ AC_CHECK_FUNCS(fseeko)
fi
-AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(util.h pty.h, [break])], [
+AC_CHECK_FUNCS(sysctl, [AC_CHECK_MEMBERS([struct kinfo_proc.ki_tdev], [],
+ [
+ AC_CHECK_MEMBERS([struct kinfo_proc2.p_tdev], [], [
+ AC_CHECK_MEMBERS([struct kinfo_proc.p_tdev], [], [
+ AC_CHECK_MEMBERS([struct kinfo_proc.kp_eproc.e_tdev], [], [], [
+ #include <sys/param.h>
+ #include <sys/sysctl.h>
+ ])
+ ], [
+ #include <sys/param.h>
+ #include <sys/sysctl.h>
+ ])
+ ],
+ [
+ #include <sys/param.h>
+ #include <sys/sysctl.h>
+ ])
+ ],
+ [
+ #include <sys/param.h>
+ #include <sys/sysctl.h>
+ #include <sys/user.h>
+ ])
+])
+
+AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(libutil.h util.h pty.h, [break])], [
AC_CHECK_LIB(util, openpty, [
- AC_CHECK_HEADERS(util.h pty.h, [break])
+ AC_CHECK_HEADERS(libutil.h util.h pty.h, [break])
case "$SUDO_LIBS" in
*-lutil*) ;;
*) SUDO_LIBS="${SUDO_LIBS} -lutil";;
])
])
])
-AC_CHECK_FUNCS(unsetenv, [SUDO_FUNC_UNSETENV_VOID], [AC_LIBOBJ(unsetenv)])
+AC_CHECK_FUNCS(unsetenv, [SUDO_FUNC_UNSETENV_VOID], [])
+SUDO_FUNC_PUTENV_CONST
if test -z "$SKIP_SETRESUID"; then
AC_CHECK_FUNCS(setresuid, [
SKIP_SETREUID=yes
if test -z "$BROKEN_GETCWD"; then
AC_REPLACE_FUNCS(getcwd)
fi
-AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h)
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <glob.h>]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB)
- AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob)
- AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)])
AC_CHECK_FUNCS(lockf flock, [break])
AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
AC_CHECK_FUNCS(killpg, [], [AC_LIBOBJ(killpg)])
-SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)])
+SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)
+ COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }fnm_test"
+])
SUDO_FUNC_ISBLANK
-AC_REPLACE_FUNCS(memrchr strlcpy strlcat setenv)
+AC_REPLACE_FUNCS(memrchr pw_dup strlcpy strlcat)
AC_CHECK_FUNCS(nanosleep, [], [
# On Solaris, nanosleep is in librt
AC_CHECK_LIB(rt, nanosleep, [REPLAY_LIBS="${REPLAY_LIBS} -lrt"], [AC_LIBOBJ(nanosleep)])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
#include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
#include <$ac_header_dirent>]], [[DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);]])], [AC_DEFINE(HAVE_DD_FD)], [])])
+AC_CHECK_MEMBERS([struct dirent.d_type], [], [], [
+AC_INCLUDES_DEFAULT
+#include <$ac_header_dirent>
+])
dnl
dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
dnl
dnl If socket(2) not in libc, check -lsocket and -linet
dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
-dnl In this case we look for main(), not socket() to avoid using a cached value
dnl
-AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl)
-AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))])
+AC_CHECK_FUNC(socket, [], [
+ for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
+ _libs=
+ for lib in $libs; do
+ case "$NET_LIBS" in
+ *"$lib"*) ;;
+ *) _libs="$_libs $lib";;
+ esac
+ done
+ libs="${_libs# }"
+ test -z "$libs" && continue
+ lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
+ extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
+ SUDO_CHECK_LIB($lib, socket, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs])
+ done
+])
dnl
dnl If inet_addr(3) not in libc, check -lnsl and -linet
dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols
dnl
-AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl)
-AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))])
+AC_CHECK_FUNC(inet_addr, [], [
+ AC_CHECK_FUNC(__inet_addr, [], [
+ for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
+ _libs=
+ for lib in $libs; do
+ case "$NET_LIBS" in
+ *"$lib"*) ;;
+ *) _libs="$_libs $lib";;
+ esac
+ done
+ libs="${_libs# }"
+ test -z "$libs" && continue
+ lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
+ extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
+ SUDO_CHECK_LIB($lib, inet_addr, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs])
+ done
+ ])
+])
dnl
dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet
dnl
-AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))])
+AC_CHECK_FUNC(syslog, [], [
+ for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
+ _libs=
+ for lib in $libs; do
+ case "$NET_LIBS" in
+ *"$lib"*) ;;
+ *) _libs="$_libs $lib";;
+ esac
+ done
+ libs="${_libs# }"
+ test -z "$libs" && continue
+ lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
+ extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
+ SUDO_CHECK_LIB($lib, syslog, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs])
+ done
+])
+dnl
+dnl If getaddrinfo(3) not in libc, check -lsocket and -linet
+dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols.
+dnl
+AC_CHECK_FUNCS(getaddrinfo, [], [
+ found=no
+ for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do
+ _libs=
+ for lib in $libs; do
+ case "$NET_LIBS" in
+ *"$lib"*) ;;
+ *) _libs="$_libs $lib";;
+ esac
+ done
+ libs="${_libs# }"
+ test -z "$libs" && continue
+ lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`"
+ extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`"
+ SUDO_CHECK_LIB($lib, getaddrinfo, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; found=yes; break], [], [$extralibs])
+ done
+ if test X"$found" != X"no"; then
+ AC_DEFINE(HAVE_GETADDRINFO)
+ fi
+])
dnl
dnl Check for getprogname() or __progname
dnl
fi
AC_MSG_RESULT($sudo_cv___progname)
])
+dnl
+dnl Check for __func__ or __FUNCTION__
+dnl
+AC_MSG_CHECKING([for __func__])
+AC_CACHE_VAL(sudo_cv___func__, [
+AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[(void)puts(__func__);]])], [sudo_cv___func__=yes], [sudo_cv___func__=no])])
+AC_MSG_RESULT($sudo_cv___func__)
+if test "$sudo_cv___func__" = "yes"; then
+ AC_DEFINE(HAVE___FUNC__)
+elif test -n "$GCC"; then
+ AC_MSG_CHECKING([for __FUNCTION__])
+ AC_CACHE_VAL(sudo_cv___FUNCTION__, [
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[(void)puts(__FUNCTION__);]])], [sudo_cv___FUNCTION__=yes], [sudo_cv___FUNCTION__=no])])
+ AC_MSG_RESULT($sudo_cv___FUNCTION__)
+ if test "$sudo_cv___FUNCTION__" = "yes"; then
+ AC_DEFINE(HAVE___FUNC__)
+ AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler support __FUNCTION__ but not __func__])
+ fi
+fi
+
+# gettext() and friends may be located in libc (Linux and Solaris)
+# or in libintl. However, it is possible to have libintl installed
+# even when gettext() is present in libc. In the case of GNU libintl,
+# gettext() will be defined to gettext_libintl in libintl.h.
+# Since gcc prefers /usr/local/include to /usr/include, we need to
+# make sure we use the gettext() that matches the include file.
+if test "$enable_nls" != "no"; then
+ if test "$enable_nls" != "yes"; then
+ CPPFLAGS="${CPPFLAGS} -I${enable_nls}/include"
+ SUDO_APPEND_LIBPATH(LDFLAGS, [$enable_nls/lib])
+ fi
+ OLIBS="$LIBS"
+ for l in "libc" "-lintl" "-lintl -liconv"; do
+ if test "$l" = "libc"; then
+ # If user specified a dir for libintl ignore libc
+ if test "$enable_nls" != "yes"; then
+ continue
+ fi
+ gettext_name=sudo_cv_gettext
+ AC_MSG_CHECKING([for gettext])
+ else
+ LIBS="$OLIBS $l"
+ gettext_name=sudo_cv_gettext"`echo $l|sed -e 's/ //g' -e 's/-/_/g'`"
+ AC_MSG_CHECKING([for gettext in $l])
+ fi
+ AC_CACHE_VAL($gettext_name, [
+ AC_LINK_IFELSE(
+ [
+ AC_LANG_PROGRAM([[#include <libintl.h>]], [(void)gettext((char *)0);])
+ ], [eval $gettext_name=yes], [eval $gettext_name=no]
+ )
+ ])
+ eval gettext_result="\$$gettext_name"
+ AC_MSG_RESULT($gettext_result)
+ if test "$gettext_result" = "yes"; then
+ AC_CHECK_FUNCS(ngettext)
+ break
+ fi
+ done
+ LIBS="$OLIBS"
+
+ if test "$sudo_cv_gettext" = "yes"; then
+ AC_DEFINE(HAVE_LIBINTL_H)
+ SUDO_NLS=enabled
+ elif test "$sudo_cv_gettext_lintl" = "yes"; then
+ AC_DEFINE(HAVE_LIBINTL_H)
+ SUDO_NLS=enabled
+ LIBINTL="-lintl"
+ elif test "$sudo_cv_gettext_lintl_liconv" = "yes"; then
+ AC_DEFINE(HAVE_LIBINTL_H)
+ SUDO_NLS=enabled
+ LIBINTL="-lintl -liconv"
+ fi
+fi
dnl
dnl Deferred zlib option processing.
dnl By default we use the system zlib if it is present.
+dnl If a directory was specified for zlib (or we are use sudo's version),
+dnl prepend the include dir to make sure we get the right zlib header.
dnl
-case ${enable_zlib-"yes"} in
+case "$enable_zlib" in
yes)
AC_CHECK_LIB(z, gzdopen, [
AC_CHECK_HEADERS(zlib.h, [ZLIB="-lz"], [enable_zlib=builtin])
;;
*)
AC_DEFINE(HAVE_ZLIB_H)
- CPPFLAGS="${CPPFLAGS} -I${enable_zlib}/include"
+ CPPFLAGS="-I${enable_zlib}/include ${CPPFLAGS}"
SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib])
ZLIB="${ZLIB} -lz"
;;
esac
if test X"$enable_zlib" = X"builtin"; then
AC_DEFINE(HAVE_ZLIB_H)
- CPPFLAGS="${CPPFLAGS}"' -I$(top_srcdir)/zlib'
+ CPPFLAGS='-I$(top_builddir)/zlib -I$(top_srcdir)/zlib '"${CPPFLAGS}"
ZLIB="${ZLIB}"' $(top_builddir)/zlib/libz.la'
ZLIB_SRC=zlib
AC_CONFIG_HEADER([zlib/zconf.h])
AC_CONFIG_FILES([zlib/Makefile])
fi
+dnl
+dnl Check for errno declaration in errno.h
+dnl
+AC_CHECK_DECLS([errno], [], [], [
+AC_INCLUDES_DEFAULT
+#include <errno.h>
+])
+
+dnl
+dnl Check for h_errno declaration in netdb.h
+dnl
+AC_CHECK_DECLS([h_errno], [], [], [
+AC_INCLUDES_DEFAULT
+#include <netdb.h>
+])
+
dnl
dnl Check for strsignal() or sys_siglist
dnl
fi
])
+dnl
+dnl Check for sig2str(), sys_signame or sys_sigabbrev
+dnl
+AC_CHECK_FUNCS(sig2str, [], [
+ AC_LIBOBJ(sig2str)
+ HAVE_SIGNAME="false"
+ AC_CHECK_DECLS([sys_signame, _sys_signame, __sys_signame, sys_sigabbrev], [
+ HAVE_SIGNAME="true"
+ break
+ ], [ ], [
+AC_INCLUDES_DEFAULT
+#include <signal.h>
+ ])
+ if test "$HAVE_SIGNAME" != "true"; then
+ AC_CACHE_CHECK([for undeclared sys_sigabbrev],
+ [sudo_cv_var_sys_sigabbrev],
+ [AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[extern char **sys_sigabbrev;]], [[return sys_sigabbrev[1];]])],
+ [sudo_cv_var_sys_sigabbrev=yes],
+ [sudo_cv_var_sys_sigabbrev=no]
+ )
+ ]
+ )
+ if test "$sudo_cv_var_sys_sigabbrev" = yes; then
+ AC_DEFINE(HAVE_SYS_SIGABBREV)
+ else
+ AC_LIBOBJ(signame)
+ fi
+ fi
+])
+
dnl
dnl nsswitch.conf and its equivalents
dnl
dnl and we do the actual tests here.
dnl
if test ${with_pam-"no"} != "no"; then
- # Note: we already link the main sudo program with -ldl as needed
- SUDOERS_LIBS="${SUDOERS_LIBS} -lpam"
+ #
+ # Check for pam_start() in libpam first, then for pam_appl.h.
+ #
+ found_pam_lib=no
+ AC_CHECK_LIB(pam, pam_start, [found_pam_lib=yes], [], [$lt_cv_dlopen_libs])
+ #
+ # Some PAM implementations (MacOS X for example) put the PAM headers
+ # in /usr/include/pam instead of /usr/include/security...
+ #
+ found_pam_hdrs=no
+ AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [found_pam_hdrs=yes; break])
+ if test "$found_pam_lib" = "yes" -a "$found_pam_hdrs" = "yes"; then
+ # Found both PAM libs and headers
+ with_pam=yes
+ elif test "$with_pam" = "yes"; then
+ if test "$found_pam_lib" = "no"; then
+ AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development library."])
+ fi
+ if test "$found_pam_hdrs" = "no"; then
+ AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development headers."])
+ fi
+ elif test "$found_pam_lib" != "$found_pam_hdrs"; then
+ if test "$found_pam_lib" = "no"; then
+ AC_MSG_ERROR(["found PAM headers but no PAM development library; specify --without-pam to build without PAM"])
+ fi
+ if test "$found_pam_hdrs" = "no"; then
+ AC_MSG_ERROR(["found PAM library but no PAM development headers; specify --without-pam to build without PAM"])
+ fi
+ fi
- dnl
- dnl Some PAM implementations (MacOS X for example) put the PAM headers
- dnl in /usr/include/pam instead of /usr/include/security...
- dnl
- AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break])
if test "$with_pam" = "yes"; then
+ # Older PAM implementations lack pam_getenvlist
+ OLIBS="$LIBS"
+ LIBS="$LIBS -lpam $lt_cv_dlopen_libs"
+ AC_CHECK_FUNCS(pam_getenvlist)
+ LIBS="$OLIBS"
+
+ # We already link with -ldl if needed (see LIBDL below)
+ SUDOERS_LIBS="${SUDOERS_LIBS} -lpam"
AC_DEFINE(HAVE_PAM)
AUTH_OBJS="$AUTH_OBJS pam.lo";
AUTH_EXCL=PAM
AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
;;
esac], AC_MSG_RESULT(yes))
-
- case $host in
- *-*-linux*|*-*-solaris*)
- # dgettext() may be defined to dgettext_libintl in the
- # header file, so first check that it links w/ additional
- # libs, then try with -lintl
- AC_LINK_IFELSE([AC_LANG_PROGRAM(
- [[#include <libintl.h>]], [(void)dgettext((char *)0, (char *)0);])],
- [AC_DEFINE(HAVE_DGETTEXT)],
- [AC_CHECK_LIB(intl, dgettext, [LIBS="${LIBS} -lintl"]
- [AC_DEFINE(HAVE_DGETTEXT)])])
- ;;
- esac
fi
fi
with_SecurID=/usr/ace
fi
CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
- _LDFLAGS="${LDFLAGS}"
SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
- #
- # Determine whether to use the new or old SecurID API
- #
- AC_CHECK_LIB(aceclnt, SD_Init,
- [
- AUTH_OBJS="$AUTH_OBJS securid5.lo";
- SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread"
- ]
- [
- SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_SecurID}])
- ], [
- AUTH_OBJS="$AUTH_OBJS securid.lo";
- SUDOERS_LIBS="${SUDOERS_LIBS} ${with_SecurID}/sdiclient.a"
- ],
- [
- -lpthread
- ]
- )
- LDFLAGS="${_LDFLAGS}"
+ SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread"
+ AUTH_OBJS="$AUTH_OBJS securid5.lo";
fi
dnl
done
fi
-dnl
-dnl Kerberos IV
-dnl
-if test ${with_kerb4-'no'} != "no"; then
- AC_DEFINE(HAVE_KERB4)
- dnl
- dnl Use the specified directory, if any, else search for correct inc dir
- dnl
- O_LDFLAGS="$LDFLAGS"
- if test "$with_kerb4" = "yes"; then
- found=no
- O_CPPFLAGS="$CPPFLAGS"
- for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
- CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
- AC_PREPROC_IFELSE([#include <krb.h>], [found=yes; break])
- done
- test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
- else
- SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib])
- SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb4}/lib])
- CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
- AC_CHECK_HEADER([krb.h], [found=yes], [found=no])
- fi
- if test X"$found" = X"no"; then
- AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
- fi
-
- dnl
- dnl Check for -ldes vs. -ldes425
- dnl
- AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [
- AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""])
- ])
- dnl
- dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV
- dnl
- AC_MSG_CHECKING(whether we are using KTH Kerberos IV)
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]], [[const char *tmp = krb4_version;]])], [
- AC_MSG_RESULT(yes)
- K4LIBS="${K4LIBS} -lcom_err"
- AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"])
- ], [
- AC_MSG_RESULT(no)
- ]
- )
- dnl
- dnl The actual Kerberos IV lib might be -lkrb or -lkrb4
- dnl
- AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [
- AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"],
- [K4LIBS="-lkrb $K4LIBS"]
- [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDOERS_LDFLAGS and possibly add Kerberos libs to SUDOERS_LIBS])]
- , [$K4LIBS])
- ], [$K4LIBS])
- LDFLAGS="$O_LDFLAGS"
- SUDOERS_LIBS="${SUDOERS_LIBS} $K4LIBS"
- AUTH_OBJS="$AUTH_OBJS kerb4.lo"
-fi
-
dnl
dnl Kerberos V
dnl There is an easy way and a hard way...
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
- AC_PREPROC_IFELSE([#include <krb5.h>], [found=yes; break])
+ AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]])], [found=yes; break])
done
if test X"$found" = X"no"; then
CPPFLAGS="$O_CPPFLAGS"
AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS)
fi
LIBS="$_LIBS"
+ AC_MSG_CHECKING(whether to use an instance name for Kerberos V)
+ AC_ARG_ENABLE(kerb5-instance,
+ [AS_HELP_STRING([--enable-kerb5-instance], [instance string to append to the username (separated by a slash)])],
+ [ case "$enableval" in
+ yes) AC_MSG_ERROR(["must give --enable-kerb5-instance an argument."])
+ ;;
+ no) AC_MSG_RESULT(no)
+ ;;
+ *) SUDO_DEFINE_UNQUOTED(SUDO_KRB5_INSTANCE, "$enableval")
+ AC_MSG_RESULT([$enableval])
+ ;;
+ esac], AC_MSG_RESULT(no))
fi
dnl
for dir in "" "/usr/local" "/usr/contrib"; do
test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
AC_CHECK_HEADER([skey.h], [found=yes; break], [],
- [#include <stdio.h>])
+ [#include <stdio.h>])
done
if test "$found" = "no" -o -z "$dir"; then
CPPFLAGS="$O_CPPFLAGS"
CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_opie}/lib])
- AC_PREPROC_IFELSE([#include <opie.h>], [found=yes], [found=no])
+ AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes], [found=no])
else
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "/usr/local" "/usr/contrib"; do
test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
- AC_PREPROC_IFELSE([#include <opie.h>], [found=yes; break])
+ AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes; break])
done
if test "$found" = "no" -o -z "$dir"; then
CPPFLAGS="$O_CPPFLAGS"
#include <lber.h>
#include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
done
+ if test "$found" = "no"; then
+ LDAP_LIBS=""
+ LIBS="$_LIBS"
+ for l in -libmldap -lidsldif; do
+ LIBS="${LIBS} $l"
+ LDAP_LIBS="${LDAP_LIBS} $l"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+ #include <lber.h>
+ #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
+ done
+ fi
dnl if nothing linked just try with -lldap
if test "$found" = "no"; then
LIBS="${_LIBS} -lldap"
AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)], [break])
AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
- AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_client_init ldap_start_tls_s_np)
+ AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_init ldap_ssl_client_init ldap_start_tls_s_np)
AC_CHECK_FUNCS(ldap_search_ext_s ldap_search_st, [break])
if test X"$check_gss_krb5_ccache_name" = X"yes"; then
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do
test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
- AC_PREPROC_IFELSE([#include <gssapi/gssapi.h>], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([#include <gssapi.h>], [found="gssapi.h"; break])])
+ AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <gssapi/gssapi.h>]])], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <gssapi.h>]])], [found="gssapi.h"; break])])
done
if test X"$found" != X"no"; then
AC_CHECK_HEADERS([$found])
AC_LIBOBJ(dlopen)
;;
*)
+ if test X"${ac_cv_func_dlopen}" = X"yes"; then
+ AC_MSG_ERROR(["dlopen present but libtool doesn't appear to support your platform."])
+ fi
# Preload sudoers module symbols
SUDO_OBJS="${SUDO_OBJS} preload.o"
SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la"
SUDOERS_LIBS="${SUDOERS_LIBS} $LIBDL"
fi
-# On HP-UX, you cannot dlopen() a shared object that uses pthreads
-# unless the main program is linked against -lpthread. Since we
-# have no knowledge what libraries a plugin may depend on, we always
-# link against -lpthread on HP-UX if it is available.
+# On HP-UX, you cannot dlopen() a shared object that uses pthreads unless
+# the main program is linked against -lpthread. We have no knowledge of
+# what libraries a plugin may depend on (e.g. HP-UX LDAP which uses pthreads)
+# so always link against -lpthread on HP-UX if it is available.
# This check should go after all other libraries tests.
case "$host" in
*-*-hpux*)
SUDO_TIMEDIR
SUDO_IO_LOGDIR
+dnl
+dnl Turn warnings into errors.
+dnl All compiler/loader tests after this point will fail if
+dnl a warning is displayed (nornally, warnings are not fata).
+dnl
+AC_LANG_WERROR
+
+dnl
+dnl If compiler supports the -static-libgcc flag use it unless we have
+dnl GNU ld (which can avoid linking in libgcc when it is not needed).
+dnl This test relies on AC_LANG_WERROR
+dnl
+if test -n "$GCC" -a "$lt_cv_prog_gnu_ld" != "yes" -a -n "$GCC"; then
+ AX_CHECK_COMPILE_FLAG([-static-libgcc], [LT_LDFLAGS="$LT_LDFLAGS -Wc,-static-libgcc"])
+fi
+
+dnl
+dnl Check for symbol visibility support.
+dnl This test relies on AC_LANG_WERROR
+dnl
+if test -n "$GCC"; then
+ AX_CHECK_COMPILE_FLAG([-fvisibility=hidden], [
+ AC_DEFINE(HAVE_DSO_VISIBILITY)
+ CFLAGS="${CFLAGS} -fvisibility=hidden"
+ LT_LDEXPORTS=
+ LT_LDDEP=
+ NO_VIZ=
+ ])
+else
+ case "$host" in
+ *-*-hpux*)
+ AX_CHECK_COMPILE_FLAG([-Bhidden_def], [
+ AC_DEFINE(HAVE_DSO_VISIBILITY)
+ CFLAGS="${CFLAGS} -Bhidden_def"
+ LT_LDEXPORTS=
+ LT_LDDEP=
+ ])
+ ;;
+ *-*-solaris2*)
+ AX_CHECK_COMPILE_FLAG([-xldscope=hidden], [
+ AC_DEFINE(HAVE_DSO_VISIBILITY)
+ CFLAGS="${CFLAGS} -xldscope=hidden"
+ LT_LDEXPORTS=
+ LT_LDDEP=
+ ])
+ ;;
+ esac
+fi
+
+dnl
+dnl If the compiler doesn't have symbol visibility support, it may
+dnl support version scripts (only GNU and Solaris ld).
+dnl This test relies on AC_LANG_WERROR
+dnl
+if test -n "$LT_LDEXPORTS"; then
+ if test "$lt_cv_prog_gnu_ld" = "yes"; then
+ AC_CACHE_CHECK([whether ld supports anonymous map files],
+ [sudo_cv_var_gnu_ld_anon_map],
+ [
+ cat > conftest.map <<-EOF
+ {
+ global: foo;
+ local: *;
+ };
+EOF
+ _CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS $lt_prog_compiler_pic"
+ _LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS -fpic -shared -Wl,--version-script,./conftest.map"
+ AC_TRY_LINK([int foo;], [], [
+ sudo_cv_var_gnu_ld_anon_map=yes
+ ])
+ CFLAGS="$_CFLAGS"
+ LDFLAGS="$_LDFLAGS"
+ ]
+ )
+ if test "$sudo_cv_var_gnu_ld_anon_map" = "yes"; then
+ LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,--version-script,\$(shlib_map)"
+ fi
+ else
+ case "$host" in
+ *-*-solaris2*)
+ AC_CACHE_CHECK([whether ld supports anonymous map files],
+ [sudo_cv_var_solaris_ld_anon_map],
+ [
+ cat > conftest.map <<-EOF
+ {
+ global: foo;
+ local: *;
+ };
+EOF
+ _CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS $lt_prog_compiler_pic"
+ _LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS -shared -Wl,-M,./conftest.map"
+ AC_TRY_LINK([int foo;], [], [
+ sudo_cv_var_solaris_ld_anon_map=yes
+ ])
+ CFLAGS="$_CFLAGS"
+ LDFLAGS="$_LDFLAGS"
+ ]
+ )
+ if test "$sudo_cv_var_solaris_ld_anon_map" = "yes"; then
+ LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,-M,\$(shlib_map)"
+ fi
+ ;;
+ *-*-hpux*)
+ AC_CACHE_CHECK([whether ld supports controlling exported symbols],
+ [sudo_cv_var_hpux_ld_symbol_export],
+ [
+ echo "+e foo" > conftest.opt
+ _CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS $lt_prog_compiler_pic"
+ _LDFLAGS="$LDFLAGS"
+ if test -n "$GCC"; then
+ LDFLAGS="$LDFLAGS -shared -Wl,-c,./conftest.opt"
+ else
+ LDFLAGS="$LDFLAGS -Wl,-b -Wl,-c,./conftest.opt"
+ fi
+ AC_TRY_LINK([int foo;], [], [
+ sudo_cv_var_hpux_ld_symbol_export=yes
+ ])
+ CFLAGS="$_CFLAGS"
+ LDFLAGS="$_LDFLAGS"
+ ]
+ )
+ if test "$sudo_cv_var_hpux_ld_symbol_export" = "yes"; then
+ LT_LDEXPORTS=; LT_LDDEP="\$(shlib_opt)"; LT_LDOPT="-Wl,-c,\$(shlib_opt)"
+ fi
+ ;;
+ esac
+ fi
+fi
+
+dnl
+dnl Check for PIE executable support if using gcc.
+dnl This test relies on AC_LANG_WERROR
+dnl
+if test "$enable_pie" != "no" -a -n "$GCC"; then
+ AX_CHECK_COMPILE_FLAG([-fPIE], [
+ _CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fPIE"
+ AX_CHECK_LINK_FLAG([-pie], [
+ PIE_CFLAGS="-fPIE"
+ PIE_LDFLAGS="-pie"
+ ])
+ CFLAGS="$_CFLAGS"
+ ])
+fi
+
+dnl
+dnl Check for -fstack-protector and -z relro support
+dnl This test relies on AC_LANG_WERROR
+dnl
+if test "$enable_hardening" != "no"; then
+ if test -n "$GCC"; then
+ AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [
+ AX_CHECK_LINK_FLAG([-fstack-protector-all], [
+ SSP_CFLAGS="-fstack-protector-all"
+ SSP_LDFLAGS="-Wc,-fstack-protector-all"
+ ])
+ ])
+ if test -z "$SSP_CFLAGS"; then
+ AX_CHECK_COMPILE_FLAG([-fstack-protector], [
+ AX_CHECK_LINK_FLAG([-fstack-protector], [
+ SSP_CFLAGS="-fstack-protector"
+ SSP_LDFLAGS="-Wc,-fstack-protector"
+ ])
+ ])
+ fi
+ fi
+ AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="${LDFLAGS} -Wl,-z,relro"])
+fi
+
dnl
dnl Use passwd auth module?
dnl
done
fi
+dnl
+dnl We add -Wall and -Werror after all tests so they don't cause failures
+dnl
+if test -n "$GCC"; then
+ if test X"$enable_warnings" = X"yes" -o X"$with_devel" = X"yes"; then
+ CFLAGS="${CFLAGS} -Wall"
+ fi
+ if test X"$enable_werror" = X"yes"; then
+ CFLAGS="${CFLAGS} -Werror"
+ fi
+fi
+
+dnl
+dnl Skip regress tests and sudoers sanity check if cross compiling.
+dnl
+CROSS_COMPILING="$cross_compiling"
+
dnl
dnl Set exec_prefix
dnl
PROGS="${PROGS} libsudo_noexec.la"
INSTALL_NOEXEC="install-noexec"
- eval noexec_file="$with_noexec"
+ noexec_file="$with_noexec"
+ _noexec_file=
+ while test X"$noexec_file" != X"$_noexec_file"; do
+ _noexec_file="$noexec_file"
+ eval noexec_file="$_noexec_file"
+ done
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
fi
if test X"$with_selinux" != X"no"; then
- eval sesh_file="$libexecdir/sesh"
+ sesh_file="$libexecdir/sesh"
+ _sesh_file=
+ while test X"$sesh_file" != X"$_sesh_file"; do
+ _sesh_file="$sesh_file"
+ eval sesh_file="$_sesh_file"
+ done
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
fi
- eval PLUGINDIR="$with_plugindir"
+ PLUGINDIR="$with_plugindir"
+ _PLUGINDIR=
+ while test X"$PLUGINDIR" != X"$_PLUGINDIR"; do
+ _PLUGINDIR="$PLUGINDIR"
+ eval PLUGINDIR="$_PLUGINDIR"
+ done
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/")
SUDO_DEFINE_UNQUOTED(SUDOERS_PLUGIN, "sudoers${SOEXT}")
exec_prefix="$oexec_prefix"
test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include'
test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share'
test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
+test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
+test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
dnl
dnl Substitute into the Makefile and man pages
dnl
-dnl AC_CONFIG_FILES([doc/sudo.man doc/visudo.man doc/sudoers.man doc/sudoers.ldap.man doc/sudoreplay.man src/Makefile src/sudo_usage.h])
-AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/sample_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers])
+AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/sample_group/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers])
AC_OUTPUT
dnl
dnl
if test "$with_pam" = "yes"; then
case $host in
+ *-*-hpux*)
+ if test -f /usr/lib/security/libpam_hpsec.so.1; then
+ AC_MSG_NOTICE([You may wish to add the following line to /etc/pam.conf])
+ AC_MSG_NOTICE([sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login])
+ fi
+ ;;
*-*-linux*)
AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
;;
AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
-AH_TEMPLATE(HAVE_DGETTEXT, [Define to 1 if you have the `dgettext' function.])
AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
AH_TEMPLATE(HAVE_DLOPEN, [Define to 1 if you have the `dlopen' function.])
-AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.])
AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.])
AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
-AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if <netinet/in.h> contains struct in6_addr.])
AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
-AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.])
AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.])
AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.])
AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.])
AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
+AH_TEMPLATE(HAVE_LIBINTL_H, [Define to 1 if you have the <libintl.h> header file.])
AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.])
+AH_TEMPLATE(HAVE_SSSD, [Define to 1 to enable SSSD support.])
AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.])
AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.])
AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.])
AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.])
-AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments])
AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union])
AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
-AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h])
AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.])
+AH_TEMPLATE(socklen_t, [Define to `unsigned int' if <sys/socket.h> doesn't define.])
AH_TEMPLATE(HAVE_STRUCT_UTMP_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmp'.])
AH_TEMPLATE(HAVE_STRUCT_UTMPX_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmpx'.])
+AH_TEMPLATE(HAVE___FUNC__, [Define to 1 if the compiler supports the C99 __func__ variable.])
+AH_TEMPLATE(SUDO_KRB5_INSTANCE, [An instance string to append to the username (separated by a slash) for Kerberos V authentication])
+AH_TEMPLATE(RTLD_PRELOAD_VAR, [The environment variable that controls preloading of dynamic objects.])
+AH_TEMPLATE(RTLD_PRELOAD_ENABLE_VAR, [An extra environment variable that is required to enable preloading (if any).])
+AH_TEMPLATE(RTLD_PRELOAD_DELIM, [The delimiter to use when defining multiple preloaded objects.])
+AH_TEMPLATE(RTLD_PRELOAD_DEFAULT, [The default value of preloaded objects (if any).])
+AH_TEMPLATE(HAVE_DSO_VISIBILITY, [Define to 1 if the compiler supports the __visibility__ attribute.])
+AH_TEMPLATE(HAVE_SYS_SIGABBREV, [Define to 1 if your libc has the `sys_sigabbrev' symbol.])
dnl
dnl Bits to copy verbatim into config.h.in
# endif /* HAVE_ST_MTIMESPEC */
#endif /* HAVE_ST_MTIM */
-/* GNU stow needs /etc/sudoers to be a symlink. */
-#ifdef USE_STOW
-# define stat_sudoers stat
+#ifdef __GNUC__
+# define ignore_result(x) do { \
+ __typeof__(x) y = (x); \
+ (void)y; \
+} while(0)
#else
-# define stat_sudoers lstat
+# define ignore_result(x) (void)(x)
#endif
/* Macros to set/clear/test flags. */
#undef ISSET
#define ISSET(t, f) ((t) & (f))
-/* New ANSI-style OS defs for HP-UX and ConvexOS. */
+/* ANSI-style OS defs for HP-UX and ConvexOS. */
#if defined(hpux) && !defined(__hpux)
# define __hpux 1
#endif /* hpux */
projects / debian / sudo / blobdiff