dnl
dnl Process this file with GNU autoconf to produce a configure script.
dnl
-dnl Copyright (c) 1994-1996,1998-2012 Todd C. Miller <Todd.Miller@courtesan.com>
+dnl Copyright (c) 1994-1996,1998-2013 Todd C. Miller <Todd.Miller@courtesan.com>
dnl
-AC_INIT([sudo], [1.8.5p2], [http://www.sudo.ws/bugs/], [sudo])
+AC_INIT([sudo], [1.8.7], [http://www.sudo.ws/bugs/], [sudo])
AC_CONFIG_HEADER([config.h pathnames.h])
dnl
dnl Note: this must come after AC_INIT
AC_SUBST([CPPFLAGS])
AC_SUBST([LDFLAGS])
AC_SUBST([SUDOERS_LDFLAGS])
-AC_SUBST([LTLDFLAGS])
+AC_SUBST([LT_LDFLAGS])
+AC_SUBST([LT_LDMAP])
+AC_SUBST([LT_LDOPT])
+AC_SUBST([LT_LDDEP])
+AC_SUBST([LT_LDEXPORTS])
AC_SUBST([COMMON_OBJS])
AC_SUBST([SUDOERS_OBJS])
AC_SUBST([SUDO_OBJS])
AC_SUBST([OSDEFS])
AC_SUBST([AUTH_OBJS])
AC_SUBST([MANTYPE])
-AC_SUBST([MAN_POSTINSTALL])
+AC_SUBST([MANDIRTYPE])
+AC_SUBST([MANCOMPRESS])
+AC_SUBST([MANCOMPRESSEXT])
+AC_SUBST([SHLIB_MODE])
AC_SUBST([SUDOERS_MODE])
AC_SUBST([SUDOERS_UID])
AC_SUBST([SUDOERS_GID])
AC_SUBST([DEVEL])
AC_SUBST([BAMAN])
AC_SUBST([LCMAN])
+AC_SUBST([PSMAN])
AC_SUBST([SEMAN])
AC_SUBST([devdir])
AC_SUBST([mansectsu])
AC_SUBST([mansrcdir])
AC_SUBST([NOEXECFILE])
AC_SUBST([NOEXECDIR])
-AC_SUBST([PLUGINDIR])
AC_SUBST([SOEXT])
AC_SUBST([noexec_file])
+AC_SUBST([sesh_file])
AC_SUBST([INSTALL_NOEXEC])
AC_SUBST([DONT_LEAK_PATH_INFO])
AC_SUBST([BSDAUTH_USAGE])
AC_SUBST([LT_STATIC])
AC_SUBST([LIBINTL])
AC_SUBST([SUDO_NLS])
+AC_SUBST([LOCALEDIR_SUFFIX])
AC_SUBST([COMPAT_TEST_PROGS])
+AC_SUBST([CROSS_COMPILING])
+AC_SUBST([PIE_LDFLAGS])
+AC_SUBST([PIE_CFLAGS])
+AC_SUBST([SSP_LDFLAGS])
+AC_SUBST([SSP_CFLAGS])
+AC_SUBST([NO_VIZ])
dnl
dnl Variables that get substituted in docs (not overridden by environment)
dnl
AC_SUBST([path_info])
AC_SUBST([ldap_conf])
AC_SUBST([ldap_secret])
+AC_SUBST([sssd_lib])
AC_SUBST([nsswitch_conf])
AC_SUBST([netsvc_conf])
AC_SUBST([secure_path])
AC_SUBST([editor])
+AC_SUBST([pam_session])
+AC_SUBST([PLUGINDIR])
#
# Begin initial values for man page substitution
#
ldap_conf=/etc/ldap.conf
ldap_secret=/etc/ldap.secret
netsvc_conf=/etc/netsvc.conf
-noexec_file=/usr/local/libexec/sudo_noexec.so
+noexec_file=/usr/local/libexec/sudo/sudo_noexec.so
+sesh_file=/usr/local/libexec/sudo/sesh
nsswitch_conf=/etc/nsswitch.conf
secure_path="not set"
+pam_session=on
+PLUGINDIR=/usr/local/libexec/sudo
#
# End initial values for man page substitution
#
INSTALL_NOEXEC=
devdir='$(srcdir)'
PROGS="sudo"
-: ${MANTYPE='man'}
+: ${MANDIRTYPE='man'}
: ${mansrcdir='.'}
+: ${SHLIB_MODE='0644'}
: ${SUDOERS_MODE='0440'}
: ${SUDOERS_UID='0'}
: ${SUDOERS_GID='0'}
LDAP="#"
BAMAN=0
LCMAN=0
+PSMAN=0
SEMAN=0
LIBINTL=
ZLIB=
AUTH_EXCL_DEF=
AUTH_DEF=passwd
SUDO_NLS=disabled
+LOCALEDIR_SUFFIX=
+LT_LDEXPORTS="-export-symbols \$(shlib_exp)"
+LT_LDDEP="\$(shlib_exp)"
+NO_VIZ="-DNO_VIZ"
+OS_INIT=os_init_common
dnl
dnl Other vaiables
dnl
AC_CONFIG_LIBOBJ_DIR(compat)
+#
+# Prior to sudo 1.8.7, sudo stored libexec files in $libexecdir.
+# Starting with sudo 1.8.7, $libexecdir/sudo is used so strip
+# off an extraneous "/sudo" from libexecdir.
+#
+case "$libexecdir" in
+ */sudo)
+ AC_MSG_WARN([libexecdir should not include the "sudo" subdirectory])
+ libexecdir=`expr "$libexecdir" : '\\(.*\\)/sudo$'`
+ ;;
+esac
+
dnl
dnl Deprecated --with options (these all warn or generate an error)
dnl
;;
esac])
-AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [pass -R flag in addition to -L for lib paths])],
-[case $with_rpath in
- yes|no) ;;
- *) AC_MSG_ERROR(["--with-rpath does not take an argument."])
- ;;
-esac])
+AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [deprecated, use --disable-rpath])],
+[AC_MSG_WARN([--with-rpath deprecated, rpath is now the default])])
-AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [pass -blibpath flag to ld for additional lib paths])],
-[case $with_blibpath in
- yes|no) ;;
- *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
- ;;
-esac])
+AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [deprecated])],
+[AC_MSG_WARN([--with-blibpath deprecated, use --with-libpath])])
dnl
dnl Handle BSM auditing support.
;;
esac])
+dnl
+dnl Handle SSSD support.
+dnl
+AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])],
+[case $with_sssd in
+ yes) SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo"
+ AC_DEFINE(HAVE_SSSD)
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-sssd does not take an argument."])
+ ;;
+esac])
+
+AC_ARG_WITH(sssd-lib, [AS_HELP_STRING([--with-sssd-lib], [path to the SSSD library])])
+sssd_lib="\"LIBDIR\""
+test -n "$with_sssd_lib" && sssd_lib="$with_sssd_lib"
+SUDO_DEFINE_UNQUOTED(_PATH_SSSD_LIB, "$sssd_lib", [Path to the SSSD library])
+
AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])],
[case $with_incpath in
yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
;;
*) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS])
for i in ${with_incpath}; do
- CPPFLAGS="${CPPFLAGS} -I${i}"
+ SUDO_APPEND_CPPFLAGS(-I${i})
done
;;
esac])
;;
esac], AC_MSG_RESULT(yes))
-AC_MSG_CHECKING(whether stow should be used)
-AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [properly handle GNU stow packaging])],
+AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [deprecated])],
[case $with_stow in
- yes) AC_MSG_RESULT(yes)
- AC_DEFINE(USE_STOW)
+ *) AC_MSG_NOTICE([--with-stow option deprecated, now is defalt behavior])
;;
- no) AC_MSG_RESULT(no)
- ;;
- *) AC_MSG_ERROR(["--with-stow does not take an argument."])
- ;;
-esac], AC_MSG_RESULT(no))
+esac])
AC_MSG_CHECKING(whether to use an askpass helper)
AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])],
yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."])
;;
no) ;;
- *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass])
- ;;
-esac], AC_MSG_RESULT(no))
+ *) ;;
+esac], [
+ with_askpass=no
+ AC_MSG_RESULT(no)
+])
+if test X"$with_askpass" != X"no"; then
+ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass")
+else
+ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, NULL)
+fi
AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir], [set directory to load plugins from])],
[case $with_plugindir in
no) AC_MSG_ERROR(["illegal argument: --without-plugindir."])
;;
*) ;;
-esac], [with_plugindir="$libexecdir"])
+esac], [with_plugindir="$libexecdir/sudo"])
+
+AC_ARG_WITH(man, [AS_HELP_STRING([--with-man], [manual pages use man macros])],
+[case $with_man in
+ yes) MANTYPE=man
+ ;;
+ no) AC_MSG_ERROR(["--without-man not supported."])
+ ;;
+ *) AC_MSG_ERROR(["ignoring unknown argument to --with-man: $with_man."])
+ ;;
+esac])
+
+AC_ARG_WITH(mdoc, [AS_HELP_STRING([--with-mdoc], [manual pages use mdoc macros])],
+[case $with_mdoc in
+ yes) MANTYPE=mdoc
+ ;;
+ no) AC_MSG_ERROR(["--without-mdoc not supported."])
+ ;;
+ *) AC_MSG_ERROR(["ignoring unknown argument to --with-mdoc: $with_mdoc."])
+ ;;
+esac])
dnl
dnl Options for --enable
esac
])
+AC_ARG_ENABLE(hardening,
+[AS_HELP_STRING([--disable-hardening], [Do not use compiler/linker exploit mitigation options])],
+[], [enable_hardening=yes])
+
+AC_ARG_ENABLE(pie,
+[AS_HELP_STRING([--enable-pie], [Build sudo as a position independent executable.])])
+
AC_ARG_ENABLE(admin-flag,
[AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])],
[ case "$enableval" in
[AS_HELP_STRING([--disable-nls], [Disable natural language support using gettext])],
[], [enable_nls=yes])
+AC_ARG_ENABLE(rpath,
+[AS_HELP_STRING([--disable-rpath], [Disable passing of -Rpath to the linker])],
+[], [enable_rpath=yes])
+
AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])],
[case $with_selinux in
yes) SELINUX_USAGE="[[-r role]] [[-t type]] "
no) ;;
*) AC_MSG_ERROR(["--with-selinux does not take an argument."])
;;
-esac])
+esac], [with_selinux=no])
dnl
dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default
LT_PREREQ([2.2.6b])
LT_INIT([dlopen])
+dnl
+dnl Allow the user to specify an alternate libtool.
+dnl XXX - should be able to skip LT_INIT if we are using a different libtool
+dnl
+AC_ARG_WITH(libtool, [AS_HELP_STRING([--with-libtool=PATH], [specify path to libtool])],
+[case $with_libtool in
+ yes|builtin) ;;
+ no) AC_MSG_ERROR(["--without-libtool not supported."])
+ ;;
+ system) LIBTOOL=libtool
+ ;;
+ *) LIBTOOL="$with_libtool"
+ ;;
+esac])
+
dnl
dnl Defer with_noexec until after libtool magic runs
dnl
lt_cv_dlopen=none
lt_cv_dlopen_libs=
ac_cv_func_dlopen=no
+ LT_LDFLAGS=-static
else
eval _shrext="$shrext_cmds"
# Darwin uses .dylib for libraries but .so for modules
AC_MSG_CHECKING(path to sudo_noexec.so)
AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])],
[case $with_noexec in
- yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
+ yes) with_noexec="$libexecdir/sudo/sudo_noexec.so"
;;
no) ;;
*) ;;
-esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"])
+esac], [with_noexec="$libexecdir/sudo/sudo_noexec.so"])
AC_MSG_RESULT($with_noexec)
-NOEXECFILE="sudo_noexec$_shrext"
-NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
+NOEXECFILE="sudo_noexec.so"
+NOEXECDIR="`echo $with_noexec|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`"
dnl
dnl Find programs we use
dnl
-AC_CHECK_PROG(UNAMEPROG, [uname], [uname])
-AC_CHECK_PROG(TRPROG, [tr], [tr])
-AC_CHECK_PROGS(NROFFPROG, [nroff mandoc])
-if test -n "$NROFFPROG"; then
- AC_CACHE_CHECK([whether $NROFFPROG supports the -c option],
- [sudo_cv_var_nroff_opt_c],
- [if $NROFFPROG -c </dev/null >/dev/null 2>&1; then
- sudo_cv_var_nroff_opt_c=yes
- else
- sudo_cv_var_nroff_opt_c=no
- fi]
- )
- if test "$sudo_cv_var_nroff_opt_c" = "yes"; then
- NROFFPROG="$NROFFPROG -c"
- fi
- AC_CACHE_CHECK([whether $NROFFPROG supports the -Tascii option],
- [sudo_cv_var_nroff_opt_Tascii],
- [if $NROFFPROG -Tascii </dev/null >/dev/null 2>&1; then
- sudo_cv_var_nroff_opt_Tascii=yes
- else
- sudo_cv_var_nroff_opt_Tascii=no
- fi]
- if test "$sudo_cv_var_nroff_opt_Tascii" = "yes"; then
- NROFFPROG="$NROFFPROG -Tascii"
- fi
- )
+AC_PATH_PROG(UNAMEPROG, [uname], [uname])
+AC_PATH_PROG(TRPROG, [tr], [tr])
+AC_PATH_PROG(MANDOCPROG, [mandoc], [mandoc])
+if test "$MANDOCPROG" != "mandoc"; then
+ : ${MANTYPE='mdoc'}
else
- MANTYPE="cat"
- mansrcdir='$(srcdir)'
+ AC_PATH_PROG(NROFFPROG, [nroff])
+ if test -n "$NROFFPROG"; then
+ test -n "$MANTYPE" && sudo_cv_var_mantype="$MANTYPE"
+ AC_CACHE_CHECK([which macro set to use for manual pages],
+ [sudo_cv_var_mantype],
+ [
+ sudo_cv_var_mantype="man"
+ echo ".Sh NAME" > conftest
+ echo ".Nm sudo" >> conftest
+ echo ".Nd sudo" >> conftest
+ echo ".Sh DESCRIPTION" >> conftest
+ echo "sudo" >> conftest
+ if $NROFFPROG -mdoc conftest >/dev/null 2>&1; then
+ sudo_cv_var_mantype="mdoc"
+ fi
+ rm -f conftest
+ ]
+ )
+ MANTYPE="$sudo_cv_var_mantype"
+ else
+ MANTYPE=cat
+ MANDIRTYPE=cat
+ mansrcdir='$(srcdir)'
+ fi
fi
dnl
# LD_PRELOAD is space-delimited
RTLD_PRELOAD_DELIM=" "
+ # Solaris-specific initialization
+ OS_INIT=os_init_solaris
+ SUDO_OBJS="${SUDO_OBJS} solaris.o"
+
# To get the crypt(3) prototype (so we pass -Wall)
OSDEFS="${OSDEFS} -D__EXTENSIONS__"
# AFS support needs -lucb
fi
: ${mansectsu='1m'}
: ${mansectform='4'}
- : ${with_rpath='yes'}
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
- AC_CHECK_FUNCS(priv_set)
+ AC_CHECK_FUNCS(priv_set, [PSMAN=1])
;;
*-*-aix*)
# To get all prototypes (so we pass -Wall)
OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT"
SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
- if test X"$with_blibpath" != X"no"; then
- AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
- O_LDFLAGS="$LDFLAGS"
- LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [
- if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
- blibpath="$with_blibpath"
- elif test -n "$GCC"; then
- blibpath="/usr/lib:/lib:/usr/local/lib"
- else
- blibpath="/usr/lib:/lib"
- fi
- AC_MSG_RESULT(yes)
- ], [AC_MSG_RESULT(no)])
- fi
- LDFLAGS="$O_LDFLAGS"
# On AIX 6 and higher default to PAM, else default to LAM
if test $OSMAJOR -ge 6; then
with_netsvc="/etc/netsvc.conf"
fi
- # For implementing getgrouplist()
- AC_CHECK_FUNCS(getgrset)
-
# LDR_PRELOAD is only supported in AIX 5.3 and later
if test $OSMAJOR -lt 5; then
with_noexec=no
fi
# AIX-specific functions
- AC_CHECK_FUNCS(getuserattr setauthdb)
+ AC_CHECK_FUNCS(getuserattr setauthdb setrlimit64)
COMMON_OBJS="$COMMON_OBJS aix.lo"
;;
*-*-hiuxmpp*)
: ${mansectsu='1m'}
: ${mansectform='4'}
+
+ # HP-UX shared libs must be executable
+ SHLIB_MODE=0755
;;
*-*-hpux*)
# AFS support needs -lBSD
: ${mansectsu='1m'}
: ${mansectform='4'}
+ # HP-UX shared libs must be executable
+ SHLIB_MODE=0755
+
# The HP bundled compiler cannot generate shared libs
if test -z "$GCC"; then
AC_CACHE_CHECK([for HP bundled C compiler],
;;
esac
- case "$host" in
- *-*-hpux[[1-8]].*)
+ case "$host_os" in
+ hpux[[1-8]].*)
AC_DEFINE(BROKEN_SYSLOG)
;;
- *-*-hpux9.*)
+ hpux9.*)
AC_DEFINE(BROKEN_SYSLOG)
shadow_funcs="getspwuid"
# order of libs in 9.X is important. -lc_r must be last
SUDOERS_LIBS="${SUDOERS_LIBS} -ldce -lM -lc_r"
LIBS="${LIBS} -ldce -lM -lc_r"
- CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
+ SUDO_APPEND_CPPFLAGS(-D_REENTRANT)
+ SUDO_APPEND_CPPFLAGS(-I/usr/include/reentrant)
fi
;;
- *-*-hpux10.*)
+ hpux10.*)
shadow_funcs="getprpwnam iscomsec"
shadow_libs="-lsec"
# HP-UX 10.20 libc has an incompatible getline
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
;;
esac
+ AC_CHECK_FUNCS(pstat_getproc)
;;
*-dec-osf*)
# ignore envariables wrt dynamic lib path
+ # XXX - sudo LDFLAGS instead?
SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-no_library_replacement"
: ${CHECKSIA='true'}
*-*-irix*)
OSDEFS="${OSDEFS} -D_BSD_TYPES"
if test -z "$NROFFPROG"; then
- MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
if test -d /usr/share/catman/local; then
mandir="/usr/share/catman/local"
mandir="/usr/catman/local"
fi
fi
+ # Compress cat pages with pack
+ MANCOMPRESS='pack'
+ MANCOMPRESSEXT='.z'
else
if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
if test -d "/usr/share/man/local"; then
;;
*-*-riscos*)
LIBS="${LIBS} -lsun -lbsd"
- CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd"
+ SUDO_APPEND_CPPFLAGS(-I/usr/include)
+ SUDO_APPEND_CPPFLAGS(-I/usr/include/bsd)
OSDEFS="${OSDEFS} -D_MIPS"
: ${mansectsu='1m'}
: ${mansectform='4'}
shadow_libs="-lsec"
: ${mansectsu='1m'}
: ${mansectform='4'}
- : ${with_rpath='yes'}
;;
*-ncr-sysv4*|*-ncr-sysvr4*)
AC_CHECK_LIB(c89, strcasecmp, [LIBS="${LIBS} -lc89"])
: ${mansectsu='1m'}
: ${mansectform='4'}
- : ${with_rpath='yes'}
;;
*-ccur-sysv4*|*-ccur-sysvr4*)
LIBS="${LIBS} -lgen"
: ${mansectsu='1m'}
: ${mansectform='4'}
- : ${with_rpath='yes'}
;;
*-*-bsdi*)
SKIP_SETREUID=yes
: ${with_logincap='maybe'}
;;
*-*-*openbsd*)
+ # OpenBSD-specific initialization
+ OS_INIT=os_init_openbsd
+ SUDO_OBJS="${SUDO_OBJS} openbsd.o"
+
# OpenBSD has a real setreuid(2) starting with 3.3 but
# we will use setresuid(2) instead.
SKIP_SETREUID=yes
*-*-*sysv4*)
: ${mansectsu='1m'}
: ${mansectform='4'}
- : ${with_rpath='yes'}
;;
*-*-sysv*)
: ${mansectsu='1m'}
# define sudo_fprintf(fp, ...) fprintf((fp), __VA_ARGS__)
#endif
], [sudo_fprintf(stderr, "a %s", "test");])], [], [AC_MSG_ERROR([Your C compiler doesn't support variadic macros, try building with gcc instead])])
-if test X"$with_gnu_ld" != "yes" -a -n "$GCC"; then
- _CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS -static-libgcc"
- AC_CACHE_CHECK([whether $CC understands -static-libgcc],
- [sudo_cv_var_gcc_static_libgcc],
- [AC_LINK_IFELSE(
- [AC_LANG_PROGRAM([[]], [[]])],
- [sudo_cv_var_gcc_static_libgcc=yes],
- [sudo_cv_var_gcc_static_libgcc=no]
- )
- ]
- )
- CFLAGS="$_CFLAGS"
- if test "$sudo_cv_var_gcc_static_libgcc" = "yes"; then
- LTLDFLAGS="$LTLDFLAGS -Wc,-static-libgcc"
- fi
-fi
+
dnl
dnl Program checks
dnl
AC_HEADER_STDBOOL
AC_HEADER_MAJOR
AC_CHECK_HEADERS(malloc.h netgroup.h paths.h spawn.h utime.h utmpx.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h)
+AC_CHECK_HEADERS([endian.h] [sys/endian.h] [machine/endian.h], [break])
AC_CHECK_HEADERS([procfs.h] [sys/procfs.h], [AC_CHECK_MEMBERS(struct psinfo.pr_ttydev, [AC_CHECK_FUNCS(_ttyname_dev)], [], [AC_INCLUDES_DEFAULT
#ifdef HAVE_PROCFS_H
#include <procfs.h>
dnl when large files support is enabled so work around it.
dnl
AC_SYS_LARGEFILE
-case "$host" in
- *-*-hpux11.*)
+case "$host_os" in
+ hpux11.*)
AC_CACHE_CHECK([whether sys/types.h needs _XOPEN_SOURCE_EXTENDED], [sudo_cv_xopen_source_extended],
[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT
#include <sys/socket.h>], [])], [sudo_cv_xopen_source_extended=no], [
AC_CHECK_TYPES([struct in6_addr], [], [], [#include <sys/types.h>
#include <netinet/in.h>])
AC_TYPE_LONG_LONG_INT
+if test X"$ac_cv_type_long_long_int" != X"yes"; then
+ AC_MSG_ERROR(["C compiler does not appear have required long long support"])
+fi
AC_CHECK_SIZEOF([long int])
AC_CHECK_TYPE(size_t, unsigned int)
AC_CHECK_TYPE(ssize_t, int)
AC_CHECK_TYPE(dev_t, int)
AC_CHECK_TYPE(ino_t, unsigned int)
+AC_CHECK_TYPE(uint8_t, unsigned char)
+AC_CHECK_TYPE(uint32_t, unsigned int)
+AC_CHECK_TYPE(uint64_t, unsigned long long)
AC_CHECK_TYPE(socklen_t, [], [AC_DEFINE(socklen_t, unsigned int)], [
AC_INCLUDES_DEFAULT
#include <sys/socket.h>])
dnl Function checks
dnl
AC_FUNC_GETGROUPS
-AC_CHECK_FUNCS(glob strrchr sysconf tzset strftime setenv \
- regcomp setlocale nl_langinfo mbr_check_membership \
- setrlimit64)
-AC_REPLACE_FUNCS(getgrouplist)
+AC_CHECK_FUNCS(glob nl_langinfo regcomp setenv strftime strrchr strtoll \
+ sysconf tzset)
+AC_CHECK_FUNCS(getgrouplist, [], [
+ case "$host_os" in
+ aix*)
+ AC_CHECK_FUNCS(getgrset)
+ ;;
+ *)
+ AC_CHECK_FUNC(nss_search, [
+ AC_CHECK_FUNC(_nss_XbyY_buf_alloc, [
+ # Solaris
+ AC_CHECK_FUNC(_nss_initf_group, [
+ AC_CHECK_HEADERS(nss_dbdefs.h)
+ AC_DEFINE([HAVE_NSS_SEARCH])
+ AC_DEFINE([HAVE__NSS_XBYY_BUF_ALLOC])
+ AC_DEFINE([HAVE__NSS_INITF_GROUP])
+ ])
+ ], [
+ # HP-UX
+ AC_CHECK_FUNC(__nss_XbyY_buf_alloc, [
+ AC_CHECK_FUNC(__nss_initf_group, [
+ AC_CHECK_HEADERS(nss_dbdefs.h)
+ AC_DEFINE([HAVE_NSS_SEARCH])
+ AC_DEFINE([HAVE___NSS_XBYY_BUF_ALLOC])
+ AC_DEFINE([HAVE___NSS_INITF_GROUP])
+ ])
+ ])
+ ])
+ ])
+ ;;
+ esac
+ AC_LIBOBJ(getgrouplist)
+])
AC_CHECK_FUNCS(getline, [], [
AC_LIBOBJ(getline)
AC_CHECK_FUNCS(fgetln)
dnl
dnl If libc supports _FORTIFY_SOURCE check functions, use it.
dnl
-O_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"
-AC_CHECK_FUNC(__sprintf_chk, [
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]])], [OSDEFS="${OSDEFS} -D_FORTIFY_SOURCE=2"], [])
-], [])
-CPPFLAGS="$O_CPPFLAGS"
+if test "$enable_hardening" != "no"; then
+ O_CPPFLAGS="$CPPFLAGS"
+ CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"
+ AC_CHECK_FUNC(__sprintf_chk, [
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]])], [OSDEFS="${OSDEFS} -D_FORTIFY_SOURCE=2"], [])
+ ], [])
+ CPPFLAGS="$O_CPPFLAGS"
+fi
utmp_style=LEGACY
AC_CHECK_FUNCS(getutxid getutid, [utmp_style=POSIX; break])
if test "$utmp_style" = "LEGACY"; then
AC_CHECK_FUNCS(getttyent ttyslot, [break])
+ AC_CHECK_FUNCS(fseeko)
fi
AC_CHECK_FUNCS(sysctl, [AC_CHECK_MEMBERS([struct kinfo_proc.ki_tdev], [],
])
fi
if test -z "$SKIP_SETREUID"; then
- AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
-fi
-if test -z "$SKIP_SETEUID"; then
- AC_CHECK_FUNCS(seteuid)
+ AC_CHECK_FUNCS(setreuid)
fi
+AC_CHECK_FUNCS(seteuid)
if test X"$with_interfaces" != X"no"; then
AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
fi
AC_MSG_RESULT($sudo_cv___FUNCTION__)
if test "$sudo_cv___FUNCTION__" = "yes"; then
AC_DEFINE(HAVE___FUNC__)
- AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler support __FUNCTION__ but not __func__])
+ AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler supports __FUNCTION__ but not __func__])
fi
fi
# make sure we use the gettext() that matches the include file.
if test "$enable_nls" != "no"; then
if test "$enable_nls" != "yes"; then
- CPPFLAGS="${CPPFLAGS} -I${enable_nls}/include"
+ SUDO_APPEND_CPPFLAGS(-I${enable_nls}/include)
SUDO_APPEND_LIBPATH(LDFLAGS, [$enable_nls/lib])
fi
OLIBS="$LIBS"
])
eval gettext_result="\$$gettext_name"
AC_MSG_RESULT($gettext_result)
- test "$gettext_result" = "yes" && break
+ if test "$gettext_result" = "yes"; then
+ AC_CHECK_FUNCS(ngettext)
+ break
+ fi
done
LIBS="$OLIBS"
if test "$sudo_cv_gettext" = "yes"; then
AC_DEFINE(HAVE_LIBINTL_H)
SUDO_NLS=enabled
+ # For Solaris we need links from lang to lang.UTF-8 in localedir
+ case "$host_os" in
+ solaris2*) LOCALEDIR_SUFFIX=".UTF-8";;
+ esac
elif test "$sudo_cv_gettext_lintl" = "yes"; then
AC_DEFINE(HAVE_LIBINTL_H)
SUDO_NLS=enabled
;;
*)
AC_DEFINE(HAVE_ZLIB_H)
- CPPFLAGS="-I${enable_zlib}/include ${CPPFLAGS}"
+ SUDO_APPEND_CPPFLAGS(-I${enable_zlib}/include)
SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib])
ZLIB="${ZLIB} -lz"
;;
fi
])
+dnl
+dnl Check for sig2str(), sys_signame or sys_sigabbrev
+dnl
+AC_CHECK_FUNCS(sig2str, [], [
+ AC_LIBOBJ(sig2str)
+ HAVE_SIGNAME="false"
+ AC_CHECK_DECLS([sys_signame, _sys_signame, __sys_signame, sys_sigabbrev], [
+ HAVE_SIGNAME="true"
+ break
+ ], [ ], [
+AC_INCLUDES_DEFAULT
+#include <signal.h>
+ ])
+ if test "$HAVE_SIGNAME" != "true"; then
+ AC_CACHE_CHECK([for undeclared sys_sigabbrev],
+ [sudo_cv_var_sys_sigabbrev],
+ [AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[extern char **sys_sigabbrev;]], [[return sys_sigabbrev[1];]])],
+ [sudo_cv_var_sys_sigabbrev=yes],
+ [sudo_cv_var_sys_sigabbrev=no]
+ )
+ ]
+ )
+ if test "$sudo_cv_var_sys_sigabbrev" = yes; then
+ AC_DEFINE(HAVE_SYS_SIGABBREV)
+ else
+ AC_LIBOBJ(signame)
+ fi
+ fi
+])
+
dnl
dnl nsswitch.conf and its equivalents
dnl
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
;;
- no) AC_MSG_RESULT(no)
- AC_DEFINE(NO_PAM_SESSION)
- ;;
- *) AC_MSG_RESULT(no)
- AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
- ;;
+ no) AC_MSG_RESULT(no)
+ AC_DEFINE(NO_PAM_SESSION)
+ pam_session=off
+ ;;
+ *) AC_MSG_RESULT(no)
+ AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
+ ;;
esac], AC_MSG_RESULT(yes))
fi
fi
if test ${with_fwtk-'no'} != "no"; then
if test "$with_fwtk" != "yes"; then
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_fwtk}])
- CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
+ SUDO_APPEND_CPPFLAGS(-I${with_fwtk})
with_fwtk=yes
fi
SUDOERS_LIBS="${SUDOERS_LIBS} -lauth -lfwall"
else
with_SecurID=/usr/ace
fi
- CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
- SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
+ SUDO_APPEND_CPPFLAGS(-I${with_SecurID})
+ SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_SecurID}])
SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread"
AUTH_OBJS="$AUTH_OBJS securid5.lo";
fi
else
dnl XXX - try to include krb5.h here too
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb5}/lib])
- CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
+ SUDO_APPEND_CPPFLAGS(-I${with_kerb5}/include)
fi
dnl
# AFS includes may live in /usr/include on some machines...
for i in /usr/afsws/include; do
if test -d ${i}; then
- CPPFLAGS="${CPPFLAGS} -I${i}"
+ SUDO_APPEND_CPPFLAGS(-I${i})
FOUND_AFSINCDIR=true
fi
done
if test "${with_skey-'no'}" = "yes"; then
O_LDFLAGS="$LDFLAGS"
if test "$with_skey" != "yes"; then
- CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
- SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
+ SUDO_APPEND_CPPFLAGS(-I${with_skey}/include)
+ LDFLAGS="$LDFLAGS -L${with_skey}/lib"
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_skey}/lib])
AC_CHECK_HEADER([skey.h], [found=yes], [found=no], [#include <stdio.h>])
else
for dir in "" "/usr/local" "/usr/contrib"; do
test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
AC_CHECK_HEADER([skey.h], [found=yes; break], [],
- [#include <stdio.h>])
+ [#include <stdio.h>])
done
if test "$found" = "no" -o -z "$dir"; then
CPPFLAGS="$O_CPPFLAGS"
else
- SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
+ LDFLAGS="$LDFLAGS -L${dir}/lib"
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib])
fi
if test "$found" = "no"; then
if test "${with_opie-'no'}" = "yes"; then
O_LDFLAGS="$LDFLAGS"
if test "$with_opie" != "yes"; then
- CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
- SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
+ SUDO_APPEND_CPPFLAGS(-I${with_opie}/include)
+ LDFLAGS="$LDFLAGS -L${with_opie}/lib"
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_opie}/lib])
AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes], [found=no])
else
if test "$found" = "no" -o -z "$dir"; then
CPPFLAGS="$O_CPPFLAGS"
else
- SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
+ LDFLAGS="$LDFLAGS -L${dir}/lib"
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib])
fi
if test "$found" = "no"; then
dnl extra lib and .o file for LDAP support
dnl
if test ${with_ldap-'no'} != "no"; then
- _LDFLAGS="$LDFLAGS"
+ O_LDFLAGS="$LDFLAGS"
if test "$with_ldap" != "yes"; then
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_ldap}/lib])
- SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
- CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
+ LDFLAGS="$LDFLAGS -L${with_ldap}/lib"
+ SUDO_APPEND_CPPFLAGS(-I${with_ldap}/include)
with_ldap=yes
fi
SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo"
LDAP=""
- AC_MSG_CHECKING([for LDAP libraries])
- LDAP_LIBS=""
_LIBS="$LIBS"
+ LDAP_LIBS=""
+ IBMLDAP_EXTRA=""
found=no
- for l in -lldap -llber '-lssl -lcrypto'; do
- LIBS="${LIBS} $l"
- LDAP_LIBS="${LDAP_LIBS} $l"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
- #include <lber.h>
- #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
- done
- if test "$found" = "no"; then
- LDAP_LIBS=""
- LIBS="$_LIBS"
- for l in -libmldap -lidsldif; do
- LIBS="${LIBS} $l"
- LDAP_LIBS="${LDAP_LIBS} $l"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
- #include <lber.h>
- #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
- done
- fi
- dnl if nothing linked just try with -lldap
+ # On HP-UX, libibmldap has a hidden dependency on libCsup
+ case "$host_os" in
+ hpux*) AC_CHECK_LIB(Csup, main, [IBMLDAP_EXTRA=" -lCsup"]);;
+ esac
+ AC_SEARCH_LIBS(ldap_init, "ldap" "ldap -llber" "ldap -llber -lssl -lcrypto" "ibmldap${IBMLDAP_EXTRA}" "ibmldap -lidsldif${IBMLDAP_EXTRA}", [
+ test "$ac_res" != "none required" && LDAP_LIBS="$ac_res"
+ found=yes
+ ])
+ # If nothing linked, try -lldap and hope for the best
if test "$found" = "no"; then
- LIBS="${_LIBS} -lldap"
LDAP_LIBS="-lldap"
- AC_MSG_RESULT([not found, using -lldap])
- else
- AC_MSG_RESULT([$LDAP_LIBS])
fi
+ LIBS="${_LIBS} ${LDAP_LIBS}"
dnl check if we need to link with -llber for ber_set_option
OLIBS="$LIBS"
AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no])
AC_MSG_RESULT([yes])
AC_DEFINE(HAVE_LBER_H)])
- AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)], [break])
+ AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [
+ AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)
+ break
+ ])
AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
- AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_client_init ldap_start_tls_s_np)
+ AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_init ldap_ssl_client_init ldap_start_tls_s_np)
AC_CHECK_FUNCS(ldap_search_ext_s ldap_search_st, [break])
if test X"$check_gss_krb5_ccache_name" = X"yes"; then
SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}"
LIBS="$_LIBS"
- LDFLAGS="$_LDFLAGS"
+ LDFLAGS="$O_LDFLAGS"
fi
#
case "$lt_cv_dlopen" in
dlopen)
AC_DEFINE(HAVE_DLOPEN)
- SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo"
+ SUDO_OBJS="$SUDO_OBJS locale_stub.o"
LT_STATIC="--tag=disable-static"
;;
shl_load)
AC_DEFINE(HAVE_SHL_LOAD)
- SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo"
+ SUDO_OBJS="$SUDO_OBJS locale_stub.o"
LT_STATIC="--tag=disable-static"
AC_LIBOBJ(dlopen)
;;
SUDOERS_LIBS="${SUDOERS_LIBS} $LIBDL"
fi
-# On HP-UX, you cannot dlopen() a shared object that uses pthreads
-# unless the main program is linked against -lpthread. Since we
-# have no knowledge what libraries a plugin may depend on, we always
-# link against -lpthread on HP-UX if it is available.
+# On HP-UX, you cannot dlopen() a shared object that uses pthreads unless
+# the main program is linked against -lpthread. We have no knowledge of
+# what libraries a plugin may depend on (e.g. HP-UX LDAP which uses pthreads)
+# so always link against -lpthread on HP-UX if it is available.
# This check should go after all other libraries tests.
-case "$host" in
- *-*-hpux*)
+case "$host_os" in
+ hpux*)
AC_CHECK_LIB(pthread, main, [SUDO_LIBS="${SUDO_LIBS} -lpthread"])
+ OSDEFS="${OSDEFS} -D_REENTRANT"
;;
esac
-dnl
-dnl Add $blibpath to SUDOERS_LDFLAGS if specified by the user or if we
-dnl added -L dirpaths to SUDOERS_LDFLAGS.
-dnl
-if test -n "$blibpath"; then
- if test -n "$blibpath_add"; then
- SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
- elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
- SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}"
- fi
-fi
-
dnl
dnl Check for log file, timestamp and iolog locations
dnl
SUDO_TIMEDIR
SUDO_IO_LOGDIR
+dnl
+dnl Turn warnings into errors.
+dnl All compiler/loader tests after this point will fail if
+dnl a warning is displayed (nornally, warnings are not fata).
+dnl
+AC_LANG_WERROR
+
+dnl
+dnl If compiler supports the -static-libgcc flag use it unless we have
+dnl GNU ld (which can avoid linking in libgcc when it is not needed).
+dnl This test relies on AC_LANG_WERROR
+dnl
+if test -n "$GCC" -a "$lt_cv_prog_gnu_ld" != "yes" -a -n "$GCC"; then
+ AX_CHECK_COMPILE_FLAG([-static-libgcc], [LT_LDFLAGS="$LT_LDFLAGS -Wc,-static-libgcc"])
+fi
+
+dnl
+dnl Check for symbol visibility support.
+dnl This test relies on AC_LANG_WERROR
+dnl
+if test -n "$GCC"; then
+ AX_CHECK_COMPILE_FLAG([-fvisibility=hidden], [
+ AC_DEFINE(HAVE_DSO_VISIBILITY)
+ CFLAGS="${CFLAGS} -fvisibility=hidden"
+ LT_LDEXPORTS=
+ LT_LDDEP=
+ NO_VIZ=
+ ])
+else
+ case "$host_os" in
+ hpux*)
+ AX_CHECK_COMPILE_FLAG([-Bhidden_def], [
+ AC_DEFINE(HAVE_DSO_VISIBILITY)
+ CFLAGS="${CFLAGS} -Bhidden_def"
+ LT_LDEXPORTS=
+ LT_LDDEP=
+ ])
+ ;;
+ solaris2*)
+ AX_CHECK_COMPILE_FLAG([-xldscope=hidden], [
+ AC_DEFINE(HAVE_DSO_VISIBILITY)
+ CFLAGS="${CFLAGS} -xldscope=hidden"
+ LT_LDEXPORTS=
+ LT_LDDEP=
+ ])
+ ;;
+ esac
+fi
+
+dnl
+dnl If the compiler doesn't have symbol visibility support, it may
+dnl support version scripts (only GNU and Solaris ld).
+dnl This test relies on AC_LANG_WERROR
+dnl
+if test -n "$LT_LDEXPORTS"; then
+ if test "$lt_cv_prog_gnu_ld" = "yes"; then
+ AC_CACHE_CHECK([whether ld supports anonymous map files],
+ [sudo_cv_var_gnu_ld_anon_map],
+ [
+ sudo_cv_var_gnu_ld_anon_map=no
+ cat > conftest.map <<-EOF
+ {
+ global: foo;
+ local: *;
+ };
+EOF
+ _CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS $lt_prog_compiler_pic"
+ _LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS -fpic -shared -Wl,--version-script,./conftest.map"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])],
+ [sudo_cv_var_gnu_ld_anon_map=yes])
+ CFLAGS="$_CFLAGS"
+ LDFLAGS="$_LDFLAGS"
+ ]
+ )
+ if test "$sudo_cv_var_gnu_ld_anon_map" = "yes"; then
+ LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,--version-script,\$(shlib_map)"
+ fi
+ else
+ case "$host_os" in
+ solaris2*)
+ AC_CACHE_CHECK([whether ld supports anonymous map files],
+ [sudo_cv_var_solaris_ld_anon_map],
+ [
+ sudo_cv_var_solaris_ld_anon_map=no
+ cat > conftest.map <<-EOF
+ {
+ global: foo;
+ local: *;
+ };
+EOF
+ _CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS $lt_prog_compiler_pic"
+ _LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS -shared -Wl,-M,./conftest.map"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])],
+ [sudo_cv_var_solaris_ld_anon_map=yes])
+ CFLAGS="$_CFLAGS"
+ LDFLAGS="$_LDFLAGS"
+ ]
+ )
+ if test "$sudo_cv_var_solaris_ld_anon_map" = "yes"; then
+ LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,-M,\$(shlib_map)"
+ fi
+ ;;
+ hpux*)
+ AC_CACHE_CHECK([whether ld supports controlling exported symbols],
+ [sudo_cv_var_hpux_ld_symbol_export],
+ [
+ sudo_cv_var_hpux_ld_symbol_export=no
+ echo "+e foo" > conftest.opt
+ _CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS $lt_prog_compiler_pic"
+ _LDFLAGS="$LDFLAGS"
+ if test -n "$GCC"; then
+ LDFLAGS="$LDFLAGS -shared -Wl,-c,./conftest.opt"
+ else
+ LDFLAGS="$LDFLAGS -Wl,-b -Wl,-c,./conftest.opt"
+ fi
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])],
+ [sudo_cv_var_hpux_ld_symbol_export=yes])
+ CFLAGS="$_CFLAGS"
+ LDFLAGS="$_LDFLAGS"
+ rm -f conftest.opt
+ ]
+ )
+ if test "$sudo_cv_var_hpux_ld_symbol_export" = "yes"; then
+ LT_LDEXPORTS=; LT_LDDEP="\$(shlib_opt)"; LT_LDOPT="-Wl,-c,\$(shlib_opt)"
+ fi
+ ;;
+ esac
+ fi
+fi
+
+dnl
+dnl Check for PIE executable support if using gcc.
+dnl This test relies on AC_LANG_WERROR
+dnl
+if test -n "$GCC"; then
+ if test -z "$enable_pie"; then
+ case "$host_os" in
+ linux*)
+ # Attempt to build with PIE support
+ enable_pie="maybe"
+ ;;
+ esac
+ fi
+ if test -n "$enable_pie"; then
+ if test "$enable_pie" = "no"; then
+ AX_CHECK_COMPILE_FLAG([-fno-pie], [
+ _CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fno-pie"
+ AX_CHECK_LINK_FLAG([-nopie], [
+ PIE_CFLAGS="-fno-pie"
+ PIE_LDFLAGS="-nopie"
+ ])
+ CFLAGS="$_CFLAGS"
+ ])
+ else
+ AX_CHECK_COMPILE_FLAG([-fPIE], [
+ _CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fPIE"
+ AX_CHECK_LINK_FLAG([-pie], [
+ if test "$enable_pie" = "maybe"; then
+ SUDO_WORKING_PIE([enable_pie=yes], [])
+ fi
+ if test "$enable_pie" = "yes"; then
+ PIE_CFLAGS="-fPIE"
+ PIE_LDFLAGS="-Wc,-fPIE -pie"
+ fi
+ ])
+ CFLAGS="$_CFLAGS"
+ ])
+ fi
+ fi
+fi
+if test "$enable_pie" != "yes"; then
+ # Solaris 11.1 and higher supports tagging binaries to use ASLR
+ case "$host_os" in
+ solaris2.1[[1-9]]|solaris2.[[2-9]][[0-9]])
+ AX_CHECK_LINK_FLAG([-Wl,-z,aslr], [PIE_LDFLAGS="${PIE_LDFLAGS}${PIE_LDFLAGS+ }-Wl,-z,aslr"])
+ ;;
+ esac
+fi
+
+dnl
+dnl Check for -fstack-protector and -z relro support
+dnl This test relies on AC_LANG_WERROR
+dnl
+if test "$enable_hardening" != "no"; then
+ if test -n "$GCC"; then
+ AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [
+ AX_CHECK_LINK_FLAG([-fstack-protector-all], [
+ SSP_CFLAGS="-fstack-protector-all"
+ SSP_LDFLAGS="-Wc,-fstack-protector-all"
+ ])
+ ])
+ if test -z "$SSP_CFLAGS"; then
+ AX_CHECK_COMPILE_FLAG([-fstack-protector], [
+ AX_CHECK_LINK_FLAG([-fstack-protector], [
+ SSP_CFLAGS="-fstack-protector"
+ SSP_LDFLAGS="-Wc,-fstack-protector"
+ ])
+ ])
+ fi
+ fi
+ AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="${LDFLAGS} -Wl,-z,relro"])
+fi
+
dnl
dnl Use passwd auth module?
dnl
done
fi
+dnl
+dnl OS-specific initialization
+dnl
+AC_DEFINE_UNQUOTED(os_init, $OS_INIT, [Define to an OS-specific initialization function or `os_init_common'.])
+
dnl
dnl We add -Wall and -Werror after all tests so they don't cause failures
dnl
fi
fi
+dnl
+dnl Skip regress tests and sudoers sanity check if cross compiling.
+dnl
+CROSS_COMPILING="$cross_compiling"
+
dnl
dnl Set exec_prefix
dnl
dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
dnl XXX - this is gross!
dnl
-if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
+if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no" -o "$enabled_shared" != X"no"; then
oexec_prefix="$exec_prefix"
if test "$exec_prefix" = '$(prefix)'; then
if test "$prefix" = "NONE"; then
SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
fi
if test X"$with_selinux" != X"no"; then
- sesh_file="$libexecdir/sesh"
+ sesh_file="$libexecdir/sudo/sesh"
_sesh_file=
while test X"$sesh_file" != X"$_sesh_file"; do
_sesh_file="$sesh_file"
eval sesh_file="$_sesh_file"
done
- SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
+ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file")
+ fi
+ if test X"$enable_shared" != X"no"; then
+ PLUGINDIR="$with_plugindir"
+ _PLUGINDIR=
+ while test X"$PLUGINDIR" != X"$_PLUGINDIR"; do
+ _PLUGINDIR="$PLUGINDIR"
+ eval PLUGINDIR="$_PLUGINDIR"
+ done
+ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/")
+ SUDO_DEFINE_UNQUOTED(SUDOERS_PLUGIN, "sudoers.so")
fi
- PLUGINDIR="$with_plugindir"
- _PLUGINDIR=
- while test X"$PLUGINDIR" != X"$_PLUGINDIR"; do
- _PLUGINDIR="$PLUGINDIR"
- eval PLUGINDIR="$_PLUGINDIR"
- done
- SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/")
- SUDO_DEFINE_UNQUOTED(SUDOERS_PLUGIN, "sudoers${SOEXT}")
exec_prefix="$oexec_prefix"
fi
+if test X"$with_selinux" = X"no"; then
+ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, NULL)
+fi
+
+dnl
+dnl Add -R options to LDFLAGS, etc.
+dnl
+if test X"$LDFLAGS_R" != X""; then
+ LDFLAGS="$LDFLAGS $LDFLAGS_R"
+fi
+if test X"$SUDOERS_LDFLAGS_R" != X""; then
+ SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS $SUDOERS_LDFLAGS_R"
+fi
+if test X"$ZLIB_R" != X""; then
+ ZLIB="$ZLIB_R $ZLIB"
+fi
dnl
dnl Override default configure dirs for the Makefile
test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include'
test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share'
test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
+test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale'
+test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var'
test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
dnl
dnl Substitute into the Makefile and man pages
dnl
-dnl AC_CONFIG_FILES([doc/sudo.man doc/visudo.man doc/sudoers.man doc/sudoers.ldap.man doc/sudoreplay.man src/Makefile src/sudo_usage.h])
-AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/sample_group/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers])
+AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers])
AC_OUTPUT
dnl
dnl Spew any text the user needs to know about
dnl
if test "$with_pam" = "yes"; then
- case $host in
- *-*-hpux*)
+ case $host_os in
+ hpux*)
if test -f /usr/lib/security/libpam_hpsec.so.1; then
AC_MSG_NOTICE([You may wish to add the following line to /etc/pam.conf])
AC_MSG_NOTICE([sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login])
fi
;;
- *-*-linux*)
+ linux*)
AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
;;
esac
AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.])
-AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)])
-AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)])
-AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
-AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
-AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
+AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords).])
+AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords).])
+AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords).])
+AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords).])
+AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords).])
AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.])
AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
-AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
-AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
+AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled).])
+AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled).])
AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.])
AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.])
AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.])
AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.])
-AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
+AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not).])
AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
AH_TEMPLATE(HAVE_LIBINTL_H, [Define to 1 if you have the <libintl.h> header file.])
AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.])
+AH_TEMPLATE(HAVE_SSSD, [Define to 1 to enable SSSD support.])
AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.])
AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.])
AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
-AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments])
-AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union])
-AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
-AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
+AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments.])
+AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union.])
+AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member.])
+AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member.])
AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
-AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
+AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements.])
AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.])
AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
-AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support])
+AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support.])
AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.])
AH_TEMPLATE(HAVE_STRUCT_UTMP_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmp'.])
AH_TEMPLATE(HAVE_STRUCT_UTMPX_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmpx'.])
AH_TEMPLATE(HAVE___FUNC__, [Define to 1 if the compiler supports the C99 __func__ variable.])
-AH_TEMPLATE(SUDO_KRB5_INSTANCE, [An instance string to append to the username (separated by a slash) for Kerberos V authentication])
+AH_TEMPLATE(SUDO_KRB5_INSTANCE, [An instance string to append to the username (separated by a slash) for Kerberos V authentication.])
AH_TEMPLATE(RTLD_PRELOAD_VAR, [The environment variable that controls preloading of dynamic objects.])
AH_TEMPLATE(RTLD_PRELOAD_ENABLE_VAR, [An extra environment variable that is required to enable preloading (if any).])
AH_TEMPLATE(RTLD_PRELOAD_DELIM, [The delimiter to use when defining multiple preloaded objects.])
AH_TEMPLATE(RTLD_PRELOAD_DEFAULT, [The default value of preloaded objects (if any).])
+AH_TEMPLATE(HAVE_DSO_VISIBILITY, [Define to 1 if the compiler supports the __visibility__ attribute.])
+AH_TEMPLATE(HAVE_SYS_SIGABBREV, [Define to 1 if your libc has the `sys_sigabbrev' symbol.])
+AH_TEMPLATE(HAVE_NSS_SEARCH, [Define to 1 if you have the `nss_search' function.])
+AH_TEMPLATE(HAVE__NSS_INITF_GROUP, [Define to 1 if you have the `_nss_initf_group' function.])
+AH_TEMPLATE(HAVE___NSS_INITF_GROUP, [Define to 1 if you have the `__nss_initf_group' function.])
+AH_TEMPLATE(HAVE__NSS_XBYY_BUF_ALLOC, [Define to 1 if you have the `_nss_XbyY_buf_alloc' function.])
+AH_TEMPLATE(HAVE___NSS_XBYY_BUF_ALLOC, [Define to 1 if you have the `__nss_XbyY_buf_alloc' function.])
dnl
dnl Bits to copy verbatim into config.h.in
# define ignore_result(x) (void)(x)
#endif
-/* GNU stow needs /etc/sudoers to be a symlink. */
-#ifdef USE_STOW
-# define stat_sudoers stat
-#else
-# define stat_sudoers lstat
-#endif
-
-/* Macros to set/clear/test flags. */
-#undef SET
-#define SET(t, f) ((t) |= (f))
-#undef CLR
-#define CLR(t, f) ((t) &= ~(f))
-#undef ISSET
-#define ISSET(t, f) ((t) & (f))
-
-/* ANSI-style OS defs for HP-UX and ConvexOS. */
-#if defined(hpux) && !defined(__hpux)
-# define __hpux 1
-#endif /* hpux */
-
-#if defined(convex) && !defined(__convex__)
-# define __convex__ 1
-#endif /* convex */
-
/* BSD compatibility on some SVR4 systems. */
#ifdef __svr4__
# define BSD_COMP
projects / debian / sudo / blobdiff