dnl
dnl Process this file with GNU autoconf to produce a configure script.
-dnl $Sudo: configure.in,v 1.413.2.24 2007/10/09 00:06:05 millert Exp $
+dnl $Sudo: configure.in,v 1.538 2008/12/09 21:13:01 millert Exp $
dnl
-dnl Copyright (c) 1994-1996,1998-2007 Todd C. Miller <Todd.Miller@courtesan.com>
+dnl Copyright (c) 1994-1996,1998-2008 Todd C. Miller <Todd.Miller@courtesan.com>
dnl
-AC_INIT([sudo], [1.6.9])
+AC_INIT([sudo], [1.7])
AC_CONFIG_HEADER(config.h pathnames.h)
dnl
dnl This won't work before AC_INIT
dnl
-AC_MSG_NOTICE([Configuring Sudo version 1.6.9])
+AC_MSG_NOTICE([Configuring Sudo version 1.7])
dnl
dnl Variables that get substituted in the Makefile and man pages
dnl
AC_SUBST(SUDO_LIBS)
AC_SUBST(NET_LIBS)
AC_SUBST(AFS_LIBS)
+AC_SUBST(GETGROUPS_LIB)
AC_SUBST(OSDEFS)
AC_SUBST(AUTH_OBJS)
AC_SUBST(MANTYPE)
AC_SUBST(SUDOERS_UID)
AC_SUBST(SUDOERS_GID)
AC_SUBST(DEV)
+AC_SUBST(SELINUX)
+AC_SUBST(BAMAN)
+AC_SUBST(LCMAN)
+AC_SUBST(SEMAN)
+AC_SUBST(devdir)
AC_SUBST(mansectsu)
AC_SUBST(mansectform)
AC_SUBST(mansrcdir)
+AC_SUBST(NOEXECFILE)
AC_SUBST(NOEXECDIR)
AC_SUBST(noexec_file)
AC_SUBST(INSTALL_NOEXEC)
AC_SUBST(DONT_LEAK_PATH_INFO)
+AC_SUBST(BSDAUTH_USAGE)
+AC_SUBST(SELINUX_USAGE)
+AC_SUBST(LDAP)
+AC_SUBST(LOGINCAP_USAGE)
dnl
dnl Variables that get substituted in docs (not overridden by environment)
dnl
AC_SUBST(insults)
AC_SUBST(root_sudo)
AC_SUBST(path_info)
+AC_SUBST(ldap_conf)
+AC_SUBST(ldap_secret)
+AC_SUBST(nsswitch_conf)
dnl
dnl Initial values for above
dnl
root_sudo=on
path_info=on
INSTALL_NOEXEC=
+devdir='$(srcdir)'
dnl
dnl Initial values for Makefile variables listed above
dnl May be overridden by environment variables..
: ${SUDOERS_UID='0'}
: ${SUDOERS_GID='0'}
DEV="#"
+LDAP="#"
+SELINUX="#"
+BAMAN='.\" '
+LCMAN='.\" '
+SEMAN='.\" '
AUTH_OBJS=
AUTH_REG=
AUTH_EXCL=
dnl
dnl Override default configure dirs...
dnl
-test "$mandir" = '${prefix}/man' && mandir='$(prefix)/man'
+if test X"$prefix" = X"NONE"; then
+ test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
+else
+ test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man'
+fi
test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
PROGS="${PROGS} testsudoers"
OSDEFS="${OSDEFS} -DSUDO_DEVEL"
DEV=""
+ devdir=.
;;
no) ;;
*) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
;;
esac])
+AC_ARG_WITH(nsswitch, [ --with-nsswitch[[=PATH]] path to nsswitch.conf],
+[case $with_nsswitch in
+ no) ;;
+ yes) with_nsswitch="/etc/nsswitch.conf"
+ ;;
+ *) ;;
+esac])
+if test ${with_nsswitch-"yes"} != "no"; then
+ SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}")
+ nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf}
+else
+ nsswitch_conf='/etc/nsswitch.conf'
+fi
+
AC_ARG_WITH(ldap, [ --with-ldap[[=DIR]] enable LDAP support],
[case $with_ldap in
no) with_ldap="";;
AC_MSG_RESULT(yes)
;;
esac])
-AC_ARG_WITH(ldap-conf-file, [ --with-ldap-conf-file path to LDAP configuration file],
-[AC_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$with_ldap_conf_file", [Path to the ldap.conf file])])
-AC_ARG_WITH(ldap-secret-file, [ --with-ldap-secret-file path to LDAP secret pasdword file],
-[AC_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$with_ldap_secret_file", [Path to the ldap.secret file])])
+
+AC_ARG_WITH(ldap-conf-file, [ --with-ldap-conf-file path to LDAP configuration file])
+SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "${with_ldap_conf_file-/etc/ldap.conf}", [Path to the ldap.conf file])
+ldap_conf=${with_ldap_conf_file-'/etc/ldap.conf'}
+
+AC_ARG_WITH(ldap-secret-file, [ --with-ldap-secret-file path to LDAP secret password file])
+SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "${with_ldap_secret_file-/etc/ldap.secret}", [Path to the ldap.secret file])
+ldap_secret=${with_ldap_secret_file-'/etc/ldap.secret'}
AC_ARG_WITH(pc-insults, [ --with-pc-insults replace politically incorrect insults with less offensive ones],
[case $with_pc_insults in
;;
esac], AC_MSG_RESULT(no))
+AC_MSG_CHECKING(whether to use an askpass helper)
+AC_ARG_WITH(askpass, [ --with-askpass=PATH Fully qualified pathname of askpass helper],
+[case $with_askpass in
+ yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."])
+ ;;
+ no) ;;
+ *) AC_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass])
+ ;;
+esac], AC_MSG_RESULT(no))
+
dnl
dnl Options for --enable
dnl
AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
AC_ARG_ENABLE(shell-sets-home,
[ --enable-shell-sets-home
- set $HOME to target user in shell mode],
+ Set $HOME to target user in shell mode],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
AC_DEFINE(SHELL_SETS_HOME)
esac
], AC_MSG_RESULT(no))
+AC_ARG_WITH(selinux, [ --with-selinux enable SELinux support],
+[case $with_selinux in
+ yes) SELINUX_USAGE="[[-r role]] [[-t type]] "
+ AC_DEFINE(HAVE_SELINUX)
+ SUDO_LIBS="${SUDO_LIBS} -lselinux"
+ SUDO_OBJS="${SUDO_OBJS} selinux.o"
+ PROGS="${PROGS} sesh"
+ SELINUX=""
+ SEMAN=""
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-selinux does not take an argument."])
+ ;;
+esac])
+
+dnl
+dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default
+dnl
+AC_ARG_ENABLE(gss_krb5_ccache_name, [ --enable-gss-krb5-ccache-name
+ Use GSS-API to set the Kerberos V cred cache name], [check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no])
+
dnl
dnl If we don't have egrep we can't do anything...
dnl
*) ;;
esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
AC_MSG_RESULT($with_noexec)
+NOEXECFILE="sudo_noexec$_shrext"
NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
dnl
if test X"$with_aixauth" = X""; then
AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
fi
+
+ # AIX-specific functions
+ AC_CHECK_FUNCS(getuserattr)
+ SUDO_OBJS="$SUDO_OBJS aix.o"
;;
*-*-hiuxmpp*)
: ${mansectsu='1m'}
: ${mansectsu='1m'}
: ${mansectform='4'}
+ # HP-UX bundled compiler can't generate shared objects
+ if test "x$ac_cv_prog_cc_c89" = "xno"; then
+ with_noexec=no
+ fi
case "$host" in
*-*-hpux[1-8].*)
AC_DEFINE(BROKEN_SYSLOG)
: ${mansectsu='1m'}
: ${mansectform='4'}
;;
- *-*-linux*)
+ *-*-linux*|*-*-k*bsd*-gnu)
OSDEFS="${OSDEFS} -D_GNU_SOURCE"
# Some Linux versions need to link with -lshadow
shadow_funcs="getspnam"
AC_HEADER_DIRENT
AC_HEADER_TIME
AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h)
-AC_CHECK_HEADERS([err.h], [], [AC_LIBOBJ(err)])
dnl ultrix termio/termios are broken
if test "$OS" != "ultrix"; then
AC_SYS_POSIX_TERMIOS
fi
fi
if test ${with_logincap-'no'} != "no"; then
- AC_CHECK_HEADERS(login_cap.h)
+ AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=""
+ case "$OS" in
+ freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
+ ;;
+ esac
+ ])
fi
if test ${with_project-'no'} != "no"; then
AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H)
dnl
AC_TYPE_MODE_T
AC_TYPE_UID_T
-AC_CHECK_TYPES([sig_atomic_t], , [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
+AC_CHECK_TYPE([__signed char], [], [AC_CHECK_TYPE([signed char], [AC_DEFINE(__signed, signed)], [AC_DEFINE(__signed, [])])])
+AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
#include <signal.h>])
AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include <sys/types.h>
#include <signal.h>])
AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include <sys/types.h>
#if TIME_WITH_SYS_TIME
# include <sys/time.h>
-# include <time.h>
-#else
-# include <sys/time.h>
-#endif])
+#endif
+#include <time.h>])
+AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include <sys/types.h>
+#include <netinet/in.h>])
SUDO_TYPE_SIZE_T
SUDO_TYPE_SSIZE_T
SUDO_TYPE_DEV_T
SUDO_TYPE_INO_T
-SUDO_FULL_VOID
SUDO_UID_T_LEN
SUDO_TYPE_LONG_LONG
SUDO_SOCK_SA_LEN
dnl
dnl Function checks
dnl
+AC_FUNC_GETGROUPS
AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
strftime setrlimit initgroups getgroups fstat gettimeofday \
- setlocale getaddrinfo)
+ setlocale getaddrinfo setsid)
if test -z "$SKIP_SETRESUID"; then
AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
fi
AC_CHECK_FUNCS(lockf flock, [break])
AC_CHECK_FUNCS(waitpid wait3, [break])
AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
-AC_CHECK_FUNCS(lsearch, [], [AC_CHECK_LIB([compat], [lsearch], [AC_CHECK_HEADER([search.h], [AC_DEFINE(HAVE_LSEARCH)] [LIBS="${LIBS} -lcompat"], [AC_LIBOBJ(lsearch)], -)], [AC_LIBOBJ(lsearch)])])
AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)])
SUDO_FUNC_ISBLANK
])
AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
if test X"$ac_cv_type_struct_timespec" != X"no"; then
- AC_CHECK_MEMBER([struct stat.st_mtim], AC_DEFINE(HAVE_ST_MTIM), [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
+ AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)]
+ [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))],
+ [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
AC_MSG_CHECKING([for two-parameter timespecsub])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
#include <sys/time.h>]], [[struct timespec ts1, ts2;
dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
dnl
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
-#include <$ac_header_dirent>]], [[DIR d; (void)dirfd(&d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_TRY_LINK([#include <sys/types.h>
+#include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_TRY_LINK([#include <sys/types.h>
#include <$ac_header_dirent>], [DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);], [AC_DEFINE(HAVE_DD_FD)])])
dnl
dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
dnl
AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))])
dnl
-dnl Bison and DCE use alloca(3), if not in libc, use the sudo one (from gcc)
-dnl (gcc includes its own alloca(3) but other compilers may not)
-dnl
-if test "$with_DCE" = "yes" -o "$ac_cv_prog_YACC" = "bison -y"; then
- AC_FUNC_ALLOCA
-fi
-dnl
dnl Check for getprogname() or __progname
dnl
AC_CHECK_FUNCS(getprogname, , [
yes) AC_MSG_RESULT(yes)
;;
no) AC_MSG_RESULT(no)
- AC_DEFINE(NO_PAM_SESSION)
+ AC_DEFINE([NO_PAM_SESSION], [], [PAM session support disabled])
;;
*) AC_MSG_RESULT(no)
AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
;;
esac], AC_MSG_RESULT(yes))
+ case $host in
+ *-*-linux*|*-*-solaris*)
+ # dgettext() may be defined to dgettext_libintl in the
+ # header file, so first check that it links w/ additional
+ # libs, then try with -lintl
+ AC_LINK_IFELSE([AC_LANG_PROGRAM(
+ [[#include <libintl.h>]], [(void)dgettext((char *)0, (char *)0);])],
+ [AC_DEFINE(HAVE_DGETTEXT)],
+ [AC_CHECK_LIB(intl, dgettext, [LIBS="${LIBS} -lintl"]
+ [AC_DEFINE(HAVE_DGETTEXT)])])
+ ;;
+ esac
fi
fi
AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
[AUTH_OBJS="$AUTH_OBJS bsdauth.o"]
[BSDAUTH_USAGE='[[-a auth_type]] ']
- [AUTH_EXCL=BSD_AUTH],
+ [AUTH_EXCL=BSD_AUTH; BAMAN=""],
[AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
fi
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_HEIMDAL)
+ # XXX - need to check whether -lcrypo is needed!
SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"])
], [
AC_MSG_RESULT(no)
SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
-
+ AC_CHECK_LIB(krb5support, main, [SUDO_LIBS="${SUDO_LIBS} -lkrb5support,"])
])
AUTH_OBJS="$AUTH_OBJS kerb5.o"
_LIBS="$LIBS"
LIBS="${LIBS} ${SUDO_LIBS}"
- AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
+ AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context krb5_get_init_creds_opt_alloc)
+ AC_CACHE_CHECK(whether krb5_get_init_creds_opt_free takes a two argument2,
+ sudo_cv_krb5_get_init_creds_opt_free_two_args, [
+ AC_TRY_COMPILE([#include <krb5.h>],
+ [
+ krb5_context context = NULL;
+ krb5_get_init_creds_opt *opts = NULL;
+ krb5_get_init_creds_opt_free(context, opts);
+ ],
+ [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes],
+ [sudo_cv_krb5_get_init_creds_opt_free_two_args=no]
+ )
+ ]
+ )
+ if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then
+ AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS)
+ fi
LIBS="$_LIBS"
fi
-dnl
-dnl Some systems put login_cap(3) in libutil
-dnl
-if test ${with_logincap-'no'} = "yes"; then
- case "$OS" in
- freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
- ;;
- esac
-fi
-
dnl
dnl extra AFS libs and includes
dnl
SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
with_ldap=yes
+ LDAP=""
fi
SUDO_OBJS="${SUDO_OBJS} ldap.o"
done
dnl if nothing linked just try with -lldap
if test "$found" = "no"; then
- LDAP_LIBS=" -lldap"
+ LIBS="${_LIBS} -lldap"
+ LDAP_LIBS="-lldap"
AC_MSG_RESULT([not found, using -lldap])
else
AC_MSG_RESULT([$LDAP_LIBS])
fi
- dnl try again w/o explicitly including lber.h
+ dnl check if we need to link with -llber for ber_set_option
+ OLIBS="$LIBS"
+ AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
+ if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then
+ LDAP_LIBS="$LDAP_LIBS -llber"
+ fi
+ dnl check if ldap.h includes lber.h for us
AC_MSG_CHECKING([whether lber.h is needed])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
#include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [
AC_MSG_RESULT([yes])
AC_DEFINE(HAVE_LBER_H)])
- AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s)
+ AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldap_sasl_interactive_bind_s ldapssl_init ldapssl_set_strength ldap_search_ext_s ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s)
+ AC_CHECK_HEADERS([sasl/sasl.h])
+ AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
+
+ if test X"$check_gss_krb5_ccache_name" = X"yes"; then
+ AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,
+ AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
+ [LDAP_LIBS="${LDAP_LIBS} -lgssapi"],
+ AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,
+ AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
+ [LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"])
+ )
- SUDO_LIBS="${SUDO_LIBS}${LDAP_LIBS}"
+ # gssapi headers may be separate or part of Kerberos V
+ found=no
+ O_CPPFLAGS="$CPPFLAGS"
+ for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do
+ test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
+ AC_PREPROC_IFELSE([#include <gssapi/gssapi.h>], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([#include <gssapi.h>], [found="gssapi.h"; break])])
+ done
+ if test X"$found" != X"no"; then
+ AC_CHECK_HEADERS([$found])
+ if test X"$found" = X"gssapi/gssapi.h"; then
+ AC_CHECK_HEADERS([gssapi/gssapi_krb5.h])
+ fi
+ else
+ CPPFLAGS="$O_CPPFLAGS"
+ AC_MSG_WARN([Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS])
+ fi
+ fi
+
+ SUDO_LIBS="${SUDO_LIBS} ${LDAP_LIBS}"
LIBS="$_LIBS"
LDFLAGS="$_LDFLAGS"
- # XXX - OpenLDAP has deprecated ldap_get_values()
- CPPFLAGS="${CPPFLAGS} -DLDAP_DEPRECATED"
fi
dnl
dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
dnl XXX - this is gross!
dnl
-if test "$with_noexec" != "no"; then
- PROGS="${PROGS} sudo_noexec.la"
- INSTALL_NOEXEC="install-noexec"
-
+if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
oexec_prefix="$exec_prefix"
if test "$exec_prefix" = '$(prefix)'; then
if test "$prefix" = "NONE"; then
exec_prefix="$prefix"
fi
fi
- eval noexec_file="$with_noexec"
- AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
+ if test X"$with_noexec" != X"no"; then
+ PROGS="${PROGS} sudo_noexec.la"
+ INSTALL_NOEXEC="install-noexec"
+
+ eval noexec_file="$with_noexec"
+ AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
+ fi
+ if test X"$with_selinux" != X"no"; then
+ eval sesh_file="$libexecdir/sesh"
+ AC_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
+ fi
exec_prefix="$oexec_prefix"
fi
dnl
dnl Substitute into the Makefile and man pages
dnl
-AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man])
+AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudo_usage.h])
AC_OUTPUT
dnl
AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
+AH_TEMPLATE(HAVE_DGETTEXT, [Define to 1 if you have the `dgettext' function.])
AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.])
AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
+AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.])
AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
+AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if <netinet/in.h> contains struct in6_addr.])
AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.])
AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
+AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.])
+AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_alloc' function takes two arguments.])
+AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.])
+AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.])
AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
-AH_TEMPLATE(HAVE_SIA, [Define to 1 if you use SIA authentication.])
+AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.])
AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
+AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union])
AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.])
AH_TEMPLATE(USE_TTY_TICKETS, [Define to 1 if you want a different ticket file for each tty.])
AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
+AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.])
dnl
dnl Bits to copy verbatim into config.h.in
* so the last 3 digits of tv_nsec are not significant.
*/
#ifdef HAVE_ST_MTIM
-# define mtim_getsec(_x) ((_x).st_mtim.tv_sec)
-# define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000)
+# ifdef HAVE_ST__TIM
+# define mtim_getsec(_x) ((_x).st_mtim.st__tim.tv_sec)
+# define mtim_getnsec(_x) (((_x).st_mtim.st__tim.tv_nsec / 1000) * 1000)
+# else
+# define mtim_getsec(_x) ((_x).st_mtim.tv_sec)
+# define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000)
+# endif
#else
# ifdef HAVE_ST_MTIMESPEC
# define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec)