dnl
dnl Process this file with GNU autoconf to produce a configure script.
-dnl $Sudo: configure.in,v 1.413.2.49 2008/03/23 14:22:33 millert Exp $
dnl
-dnl Copyright (c) 1994-1996,1998-2007 Todd C. Miller <Todd.Miller@courtesan.com>
+dnl Copyright (c) 1994-1996,1998-2011 Todd C. Miller <Todd.Miller@courtesan.com>
dnl
-AC_INIT([sudo], [1.6.9])
-AC_CONFIG_HEADER(config.h pathnames.h)
+AC_INIT([sudo], [1.8.3p1], [http://www.sudo.ws/bugs/], [sudo])
+AC_CONFIG_HEADER([config.h pathnames.h])
dnl
-dnl This won't work before AC_INIT
+dnl Note: this must come after AC_INIT
dnl
-AC_MSG_NOTICE([Configuring Sudo version 1.6.9])
+AC_MSG_NOTICE([Configuring Sudo version $PACKAGE_VERSION])
dnl
dnl Variables that get substituted in the Makefile and man pages
dnl
-AC_SUBST(LIBTOOL)
-AC_SUBST(CFLAGS)
-AC_SUBST(PROGS)
-AC_SUBST(CPPFLAGS)
-AC_SUBST(LDFLAGS)
-AC_SUBST(SUDO_LDFLAGS)
-AC_SUBST(SUDO_OBJS)
-AC_SUBST(LIBS)
-AC_SUBST(SUDO_LIBS)
-AC_SUBST(NET_LIBS)
-AC_SUBST(AFS_LIBS)
-AC_SUBST(GETGROUPS_LIB)
-AC_SUBST(OSDEFS)
-AC_SUBST(AUTH_OBJS)
-AC_SUBST(MANTYPE)
-AC_SUBST(MAN_POSTINSTALL)
-AC_SUBST(SUDOERS_MODE)
-AC_SUBST(SUDOERS_UID)
-AC_SUBST(SUDOERS_GID)
-AC_SUBST(DEV)
-AC_SUBST(SELINUX)
-AC_SUBST(BAMAN)
-AC_SUBST(LCMAN)
-AC_SUBST(SEMAN)
-AC_SUBST(mansectsu)
-AC_SUBST(mansectform)
-AC_SUBST(mansrcdir)
-AC_SUBST(NOEXECFILE)
-AC_SUBST(NOEXECDIR)
-AC_SUBST(noexec_file)
-AC_SUBST(INSTALL_NOEXEC)
-AC_SUBST(DONT_LEAK_PATH_INFO)
+AC_SUBST([HAVE_BSM_AUDIT])
+AC_SUBST([SHELL])
+AC_SUBST([LIBTOOL])
+AC_SUBST([CFLAGS])
+AC_SUBST([PROGS])
+AC_SUBST([CPPFLAGS])
+AC_SUBST([LDFLAGS])
+AC_SUBST([SUDOERS_LDFLAGS])
+AC_SUBST([LTLDFLAGS])
+AC_SUBST([COMMON_OBJS])
+AC_SUBST([SUDOERS_OBJS])
+AC_SUBST([SUDO_OBJS])
+AC_SUBST([LIBS])
+AC_SUBST([SUDO_LIBS])
+AC_SUBST([SUDOERS_LIBS])
+AC_SUBST([NET_LIBS])
+AC_SUBST([AFS_LIBS])
+AC_SUBST([REPLAY_LIBS])
+AC_SUBST([GETGROUPS_LIB])
+AC_SUBST([OSDEFS])
+AC_SUBST([AUTH_OBJS])
+AC_SUBST([MANTYPE])
+AC_SUBST([MAN_POSTINSTALL])
+AC_SUBST([SUDOERS_MODE])
+AC_SUBST([SUDOERS_UID])
+AC_SUBST([SUDOERS_GID])
+AC_SUBST([DEV])
+AC_SUBST([BAMAN])
+AC_SUBST([LCMAN])
+AC_SUBST([SEMAN])
+AC_SUBST([devdir])
+AC_SUBST([mansectsu])
+AC_SUBST([mansectform])
+AC_SUBST([mansrcdir])
+AC_SUBST([NOEXECFILE])
+AC_SUBST([NOEXECDIR])
+AC_SUBST([PLUGINDIR])
+AC_SUBST([SOEXT])
+AC_SUBST([noexec_file])
+AC_SUBST([INSTALL_NOEXEC])
+AC_SUBST([DONT_LEAK_PATH_INFO])
+AC_SUBST([BSDAUTH_USAGE])
+AC_SUBST([SELINUX_USAGE])
+AC_SUBST([LDAP])
+AC_SUBST([LOGINCAP_USAGE])
+AC_SUBST([ZLIB])
+AC_SUBST([ZLIB_SRC])
+AC_SUBST([LIBTOOL_DEPS])
+AC_SUBST([ac_config_libobj_dir])
+AC_SUBST([CONFIGURE_ARGS])
+AC_SUBST([LIBDL])
+AC_SUBST([LT_STATIC])
+AC_SUBST([LIBINTL])
+AC_SUBST([SUDO_NLS])
dnl
dnl Variables that get substituted in docs (not overridden by environment)
dnl
-AC_SUBST(timedir)dnl initial value from SUDO_TIMEDIR
-AC_SUBST(timeout)
-AC_SUBST(password_timeout)
-AC_SUBST(sudo_umask)
-AC_SUBST(passprompt)
-AC_SUBST(long_otp_prompt)
-AC_SUBST(lecture)
-AC_SUBST(logfac)
-AC_SUBST(goodpri)
-AC_SUBST(badpri)
-AC_SUBST(loglen)
-AC_SUBST(ignore_dot)
-AC_SUBST(mail_no_user)
-AC_SUBST(mail_no_host)
-AC_SUBST(mail_no_perms)
-AC_SUBST(mailto)
-AC_SUBST(mailsub)
-AC_SUBST(badpass_message)
-AC_SUBST(fqdn)
-AC_SUBST(runas_default)
-AC_SUBST(env_editor)
-AC_SUBST(passwd_tries)
-AC_SUBST(tty_tickets)
-AC_SUBST(insults)
-AC_SUBST(root_sudo)
-AC_SUBST(path_info)
-dnl
-dnl Initial values for above
-dnl
+AC_SUBST([iolog_dir])dnl real initial value from SUDO_IO_LOGDIR
+AC_SUBST([timedir])dnl real initial value from SUDO_TIMEDIR
+AC_SUBST([timeout])
+AC_SUBST([password_timeout])
+AC_SUBST([sudo_umask])
+AC_SUBST([umask_override])
+AC_SUBST([passprompt])
+AC_SUBST([long_otp_prompt])
+AC_SUBST([lecture])
+AC_SUBST([logfac])
+AC_SUBST([goodpri])
+AC_SUBST([badpri])
+AC_SUBST([loglen])
+AC_SUBST([ignore_dot])
+AC_SUBST([mail_no_user])
+AC_SUBST([mail_no_host])
+AC_SUBST([mail_no_perms])
+AC_SUBST([mailto])
+AC_SUBST([mailsub])
+AC_SUBST([badpass_message])
+AC_SUBST([fqdn])
+AC_SUBST([runas_default])
+AC_SUBST([env_editor])
+AC_SUBST([env_reset])
+AC_SUBST([passwd_tries])
+AC_SUBST([tty_tickets])
+AC_SUBST([insults])
+AC_SUBST([root_sudo])
+AC_SUBST([path_info])
+AC_SUBST([ldap_conf])
+AC_SUBST([ldap_secret])
+AC_SUBST([nsswitch_conf])
+AC_SUBST([netsvc_conf])
+AC_SUBST([secure_path])
+AC_SUBST([editor])
+#
+# Begin initial values for man page substitution
+#
+iolog_dir=/var/log/sudo-io
+timedir=/var/adm/sudo
timeout=5
password_timeout=5
sudo_umask=0022
+umask_override=off
passprompt="Password:"
long_otp_prompt=off
lecture=once
-logfac=local2
+logfac=auth
goodpri=notice
badpri=alert
loglen=80
mail_no_host=off
mail_no_perms=off
mailto=root
-mailsub='*** SECURITY information for %h ***'
-badpass_message='Sorry, try again.'
+mailsub="*** SECURITY information for %h ***"
+badpass_message="Sorry, try again."
fqdn=off
runas_default=root
env_editor=off
+env_reset=on
+editor=vi
passwd_tries=3
-tty_tickets=off
+tty_tickets=on
insults=off
root_sudo=on
path_info=on
-INSTALL_NOEXEC=
+ldap_conf=/etc/ldap.conf
+ldap_secret=/etc/ldap.secret
+netsvc_conf=/etc/netsvc.conf
+noexec_file=/usr/local/libexec/sudo_noexec.so
+nsswitch_conf=/etc/nsswitch.conf
+secure_path="not set"
+#
+# End initial values for man page substitution
+#
dnl
dnl Initial values for Makefile variables listed above
dnl May be overridden by environment variables..
dnl
-PROGS="sudo visudo"
+INSTALL_NOEXEC=
+devdir='$(srcdir)'
+PROGS="sudo"
: ${MANTYPE='man'}
: ${mansrcdir='.'}
: ${SUDOERS_MODE='0440'}
: ${SUDOERS_UID='0'}
: ${SUDOERS_GID='0'}
DEV="#"
-SELINUX="#"
-BAMAN='.\" '
-LCMAN='.\" '
-SEMAN='.\" '
+LDAP="#"
+BAMAN=0
+LCMAN=0
+SEMAN=0
+LIBINTL=
+ZLIB=
+ZLIB_SRC=
AUTH_OBJS=
AUTH_REG=
AUTH_EXCL=
AUTH_EXCL_DEF=
AUTH_DEF=passwd
+SUDO_NLS=disabled
dnl
dnl Other vaiables
shadow_funcs=
shadow_libs=
shadow_libs_optional=
+CONFIGURE_ARGS="$@"
dnl
-dnl Override default configure dirs...
+dnl libc replacement functions live in compat
dnl
-if test X"$prefix" = X"NONE"; then
- test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
-else
- test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man'
-fi
-test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
-test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
-test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
+AC_CONFIG_LIBOBJ_DIR(compat)
dnl
dnl Deprecated --with options (these all warn or generate an error)
dnl
-AC_ARG_WITH(otp-only, [ --with-otp-only deprecated],
+AC_ARG_WITH(otp-only, [AS_HELP_STRING([--with-otp-only], [deprecated])],
[case $with_otp_only in
yes) with_passwd="no"
AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd])
;;
esac])
-AC_ARG_WITH(alertmail, [ --with-alertmail deprecated],
+AC_ARG_WITH(alertmail, [AS_HELP_STRING([--with-alertmail], [deprecated])],
[case $with_alertmail in
*) with_mailto="$with_alertmail"
AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto])
dnl Options for --with
dnl
-AC_ARG_WITH(CC, [ --with-CC C compiler to use],
-[case $with_CC in
- yes) AC_MSG_ERROR(["must give --with-CC an argument."])
+AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])],
+[case $with_devel in
+ yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
+ OSDEFS="${OSDEFS} -DSUDO_DEVEL"
+ DEV=""
+ devdir=.
;;
- no) AC_MSG_ERROR(["illegal argument: --without-CC."])
+ no) ;;
+ *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
;;
- *) CC=$with_CC
+esac])
+
+AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])],
+[case $with_CC in
+ *) AC_MSG_ERROR([the --with-CC option is no longer supported, please set the CC environment variable instead.])
;;
esac])
-AC_ARG_WITH(rpath, [ --with-rpath pass -R flag in addition to -L for lib paths],
+AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [pass -R flag in addition to -L for lib paths])],
[case $with_rpath in
yes|no) ;;
*) AC_MSG_ERROR(["--with-rpath does not take an argument."])
;;
esac])
-AC_ARG_WITH(blibpath, [ --with-blibpath[=PATH] pass -blibpath flag to ld for additional lib paths],
+AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [pass -blibpath flag to ld for additional lib paths])],
[case $with_blibpath in
yes|no) ;;
*) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.])
;;
esac])
-AC_ARG_WITH(incpath, [ --with-incpath additional places to look for include files],
+dnl
+dnl Handle BSM auditing support.
+dnl
+AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit support])],
+[case $with_bsm_audit in
+ yes) AC_DEFINE(HAVE_BSM_AUDIT)
+ SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm"
+ SUDOERS_OBJS="${SUDOERS_OBJS} bsm_audit.lo"
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-bsm-audit does not take an argument."])
+ ;;
+esac])
+
+dnl
+dnl Handle Linux auditing support.
+dnl
+AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux-audit], [enable Linux audit support])],
+[case $with_linux_audit in
+ yes) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <libaudit.h>]], [[int i = AUDIT_USER_CMD; (void)i;]])], [
+ AC_DEFINE(HAVE_LINUX_AUDIT)
+ SUDO_LIBS="${SUDO_LIBS} -laudit"
+ SUDOERS_LIBS="${SUDO_LIBS} -laudit"
+ SUDOERS_OBJS="${SUDOERS_OBJS} linux_audit.lo"
+ ], [
+ AC_MSG_ERROR([unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit])
+ ])
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-linux-audit does not take an argument."])
+ ;;
+esac])
+
+AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])],
[case $with_incpath in
yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
;;
;;
esac])
-AC_ARG_WITH(libpath, [ --with-libpath additional places to look for libraries],
+AC_ARG_WITH(libpath, [AS_HELP_STRING([--with-libpath], [additional places to look for libraries])],
[case $with_libpath in
yes) AC_MSG_ERROR(["must give --with-libpath an argument."])
;;
;;
esac])
-AC_ARG_WITH(libraries, [ --with-libraries additional libraries to link with],
+AC_ARG_WITH(libraries, [AS_HELP_STRING([--with-libraries], [additional libraries to link with])],
[case $with_libraries in
yes) AC_MSG_ERROR(["must give --with-libraries an argument."])
;;
;;
esac])
-AC_ARG_WITH(devel, [ --with-devel add development options],
-[case $with_devel in
- yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc])
- PROGS="${PROGS} testsudoers"
- OSDEFS="${OSDEFS} -DSUDO_DEVEL"
- DEV=""
- ;;
- no) ;;
- *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel])
- ;;
-esac])
-
-AC_ARG_WITH(efence, [ --with-efence link with -lefence for malloc() debugging],
+AC_ARG_WITH(efence, [AS_HELP_STRING([--with-efence], [link with -lefence for malloc() debugging])],
[case $with_efence in
yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)])
LIBS="${LIBS} -lefence"
;;
esac])
-AC_ARG_WITH(csops, [ --with-csops add CSOps standard options],
+AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])],
[case $with_csops in
yes) AC_MSG_NOTICE([Adding CSOps standard options])
CHECKSIA=false
;;
esac])
-AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for authentication],
+AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])],
[case $with_passwd in
yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication)
AC_MSG_RESULT($with_passwd)
;;
esac])
-AC_ARG_WITH(skey, [ --with-skey[=DIR] enable S/Key support ],
+AC_ARG_WITH(skey, [AS_HELP_STRING([--with-skey[=DIR]], [enable S/Key support ])],
[case $with_skey in
- no) with_skey=""
- ;;
+ no) ;;
*) AC_DEFINE(HAVE_SKEY)
AC_MSG_CHECKING(whether to try S/Key authentication)
AC_MSG_RESULT(yes)
;;
esac])
-AC_ARG_WITH(opie, [ --with-opie[=DIR] enable OPIE support ],
+AC_ARG_WITH(opie, [AS_HELP_STRING([--with-opie[=DIR]], [enable OPIE support ])],
[case $with_opie in
- no) with_opie=""
- ;;
+ no) ;;
*) AC_DEFINE(HAVE_OPIE)
AC_MSG_CHECKING(whether to try NRL OPIE authentication)
AC_MSG_RESULT(yes)
;;
esac])
-AC_ARG_WITH(long-otp-prompt, [ --with-long-otp-prompt use a two line OTP (skey/opie) prompt],
+AC_ARG_WITH(long-otp-prompt, [AS_HELP_STRING([--with-long-otp-prompt], [use a two line OTP (skey/opie) prompt])],
[case $with_long_otp_prompt in
yes) AC_DEFINE(LONG_OTP_PROMPT)
AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication)
;;
esac])
-AC_ARG_WITH(SecurID, [ --with-SecurID[[=DIR]] enable SecurID support],
+AC_ARG_WITH(SecurID, [AS_HELP_STRING([--with-SecurID[[=DIR]]], [enable SecurID support])],
[case $with_SecurID in
- no) with_SecurID="";;
+ no) ;;
*) AC_DEFINE(HAVE_SECURID)
AC_MSG_CHECKING(whether to use SecurID for authentication)
AC_MSG_RESULT(yes)
;;
esac])
-AC_ARG_WITH(fwtk, [ --with-fwtk[[=DIR]] enable FWTK AuthSRV support],
+AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]]], [enable FWTK AuthSRV support])],
[case $with_fwtk in
- no) with_fwtk="";;
+ no) ;;
*) AC_DEFINE(HAVE_FWTK)
AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication)
AC_MSG_RESULT(yes)
;;
esac])
-AC_ARG_WITH(kerb4, [ --with-kerb4[[=DIR]] enable Kerberos IV support],
+AC_ARG_WITH(kerb4, [AS_HELP_STRING([--with-kerb4[[=DIR]]], [enable Kerberos IV support])],
[case $with_kerb4 in
- no) with_kerb4="";;
+ no) ;;
*) AC_MSG_CHECKING(whether to try kerberos IV authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG kerb4"
;;
esac])
-AC_ARG_WITH(kerb5, [ --with-kerb5[[=DIR]] enable Kerberos V support],
+AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])],
[case $with_kerb5 in
- no) with_kerb5="";;
+ no) ;;
*) AC_MSG_CHECKING(whether to try Kerberos V authentication)
AC_MSG_RESULT(yes)
AUTH_REG="$AUTH_REG kerb5"
;;
esac])
-AC_ARG_WITH(aixauth, [ --with-aixauth enable AIX general authentication support],
+AC_ARG_WITH(aixauth, [AS_HELP_STRING([--with-aixauth], [enable AIX general authentication support])],
[case $with_aixauth in
yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";;
no) ;;
;;
esac])
-AC_ARG_WITH(pam, [ --with-pam enable PAM support],
+AC_ARG_WITH(pam, [AS_HELP_STRING([--with-pam], [enable PAM support])],
[case $with_pam in
yes) AUTH_EXCL="$AUTH_EXCL PAM";;
no) ;;
;;
esac])
-AC_ARG_WITH(AFS, [ --with-AFS enable AFS support],
+AC_ARG_WITH(AFS, [AS_HELP_STRING([--with-AFS], [enable AFS support])],
[case $with_AFS in
yes) AC_DEFINE(HAVE_AFS)
AC_MSG_CHECKING(whether to try AFS (kerberos) authentication)
;;
esac])
-AC_ARG_WITH(DCE, [ --with-DCE enable DCE support],
+AC_ARG_WITH(DCE, [AS_HELP_STRING([--with-DCE], [enable DCE support])],
[case $with_DCE in
yes) AC_DEFINE(HAVE_DCE)
AC_MSG_CHECKING(whether to try DCE (kerberos) authentication)
;;
esac])
-AC_ARG_WITH(logincap, [ --with-logincap enable BSD login class support],
+AC_ARG_WITH(logincap, [AS_HELP_STRING([--with-logincap], [enable BSD login class support])],
[case $with_logincap in
yes|no) ;;
*) AC_MSG_ERROR(["--with-logincap does not take an argument."])
;;
esac])
-AC_ARG_WITH(bsdauth, [ --with-bsdauth enable BSD authentication support],
+AC_ARG_WITH(bsdauth, [AS_HELP_STRING([--with-bsdauth], [enable BSD authentication support])],
[case $with_bsdauth in
yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";;
no) ;;
;;
esac])
-AC_ARG_WITH(project, [ --with-project enable Solaris project support],
+AC_ARG_WITH(project, [AS_HELP_STRING([--with-project], [enable Solaris project support])],
[case $with_project in
yes|no) ;;
no) ;;
esac])
AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
-AC_ARG_WITH(lecture, [ --without-lecture don't print lecture for first-time sudoer],
+AC_ARG_WITH(lecture, [AS_HELP_STRING([--without-lecture], [don't print lecture for first-time sudoer])],
[case $with_lecture in
yes|short|always) lecture=once
;;
fi
AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default)
-AC_ARG_WITH(logging, [ --with-logging log via syslog, file, or both],
+AC_ARG_WITH(logging, [AS_HELP_STRING([--with-logging], [log via syslog, file, or both])],
[case $with_logging in
yes) AC_MSG_ERROR(["must give --with-logging an argument."])
;;
;;
esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)])
-AC_MSG_CHECKING(which syslog facility sudo should log with)
-AC_ARG_WITH(logfac, [ --with-logfac syslog facility to log with (default is "local2")],
+AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "auth")])],
[case $with_logfac in
yes) AC_MSG_ERROR(["must give --with-logfac an argument."])
;;
*) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."])
;;
esac])
-AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
-AC_MSG_RESULT($logfac)
AC_MSG_CHECKING(at which syslog priority to log commands)
-AC_ARG_WITH(goodpri, [ --with-goodpri syslog priority for commands (def is "notice")],
+AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])],
[case $with_goodpri in
yes) AC_MSG_ERROR(["must give --with-goodpri an argument."])
;;
AC_MSG_RESULT($goodpri)
AC_MSG_CHECKING(at which syslog priority to log failures)
-AC_ARG_WITH(badpri, [ --with-badpri syslog priority for failures (def is "alert")],
+AC_ARG_WITH(badpri, [AS_HELP_STRING([--with-badpri], [syslog priority for failures (def is "alert")])],
[case $with_badpri in
yes) AC_MSG_ERROR(["must give --with-badpri an argument."])
;;
AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.])
AC_MSG_RESULT($badpri)
-AC_ARG_WITH(logpath, [ --with-logpath path to the sudo log file],
+AC_ARG_WITH(logpath, [AS_HELP_STRING([--with-logpath], [path to the sudo log file])],
[case $with_logpath in
yes) AC_MSG_ERROR(["must give --with-logpath an argument."])
;;
esac])
AC_MSG_CHECKING(how long a line in the log file should be)
-AC_ARG_WITH(loglen, [ --with-loglen maximum length of a log file line (default is 80)],
+AC_ARG_WITH(loglen, [AS_HELP_STRING([--with-loglen], [maximum length of a log file line (default is 80)])],
[case $with_loglen in
yes) AC_MSG_ERROR(["must give --with-loglen an argument."])
;;
AC_MSG_RESULT($loglen)
AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH)
-AC_ARG_WITH(ignore-dot, [ --with-ignore-dot ignore '.' in the PATH],
+AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [ignore '.' in the PATH])],
[case $with_ignore_dot in
yes) ignore_dot=on
;;
fi
AC_MSG_CHECKING(whether to send mail when a user is not in sudoers)
-AC_ARG_WITH(mail-if-no-user, [ --without-mail-if-no-user do not send mail if user not in sudoers],
+AC_ARG_WITH(mail-if-no-user, [AS_HELP_STRING([--without-mail-if-no-user], [do not send mail if user not in sudoers])],
[case $with_mail_if_no_user in
yes) mail_no_user=on
;;
fi
AC_MSG_CHECKING(whether to send mail when user listed but not for this host)
-AC_ARG_WITH(mail-if-no-host, [ --with-mail-if-no-host send mail if user in sudoers but not for this host],
+AC_ARG_WITH(mail-if-no-host, [AS_HELP_STRING([--with-mail-if-no-host], [send mail if user in sudoers but not for this host])],
[case $with_mail_if_no_host in
yes) mail_no_host=on
;;
fi
AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command)
-AC_ARG_WITH(mail-if-noperms, [ --with-mail-if-noperms send mail if user not allowed to run command],
+AC_ARG_WITH(mail-if-noperms, [AS_HELP_STRING([--with-mail-if-noperms], [send mail if user not allowed to run command])],
[case $with_mail_if_noperms in
yes) mail_noperms=on
;;
fi
AC_MSG_CHECKING(who should get the mail that sudo sends)
-AC_ARG_WITH(mailto, [ --with-mailto who should get sudo mail (default is "root")],
+AC_ARG_WITH(mailto, [AS_HELP_STRING([--with-mailto], [who should get sudo mail (default is "root")])],
[case $with_mailto in
yes) AC_MSG_ERROR(["must give --with-mailto an argument."])
;;
AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.])
AC_MSG_RESULT([$mailto])
-AC_ARG_WITH(mailsubject, [ --with-mailsubject subject of sudo mail],
+AC_ARG_WITH(mailsubject, [AS_HELP_STRING([--with-mailsubject], [subject of sudo mail])],
[case $with_mailsubject in
yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."])
;;
AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.])
AC_MSG_CHECKING(for bad password prompt)
-AC_ARG_WITH(passprompt, [ --with-passprompt default password prompt],
+AC_ARG_WITH(passprompt, [AS_HELP_STRING([--with-passprompt], [default password prompt])],
[case $with_passprompt in
yes) AC_MSG_ERROR(["must give --with-passprompt an argument."])
;;
AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.])
AC_MSG_CHECKING(for bad password message)
-AC_ARG_WITH(badpass-message, [ --with-badpass-message message the user sees when the password is wrong],
+AC_ARG_WITH(badpass-message, [AS_HELP_STRING([--with-badpass-message], [message the user sees when the password is wrong])],
[case $with_badpass_message in
yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."])
;;
AC_MSG_RESULT([$badpass_message])
AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers)
-AC_ARG_WITH(fqdn, [ --with-fqdn expect fully qualified hosts in sudoers],
+AC_ARG_WITH(fqdn, [AS_HELP_STRING([--with-fqdn], [expect fully qualified hosts in sudoers])],
[case $with_fqdn in
yes) fqdn=on
;;
AC_MSG_RESULT(no)
fi
-AC_ARG_WITH(timedir, [ --with-timedir path to the sudo timestamp dir],
+AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir], [path to the sudo timestamp dir])],
[case $with_timedir in
yes) AC_MSG_ERROR(["must give --with-timedir an argument."])
;;
;;
esac])
-AC_ARG_WITH(sendmail, [ --with-sendmail=path set path to sendmail
- --without-sendmail do not send mail at all],
+AC_ARG_WITH(iologdir, [AS_HELP_STRING([--with-iologdir=DIR], [directory to store sudo I/O log files in])],
+[case $with_iologdir in
+ yes) ;;
+ no) AC_MSG_ERROR(["--without-iologdir not supported."])
+ ;;
+esac])
+
+AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail])
+AS_HELP_STRING([--without-sendmail], [do not send mail at all])],
[case $with_sendmail in
yes) with_sendmail=""
;;
;;
esac])
-AC_ARG_WITH(sudoers-mode, [ --with-sudoers-mode mode of sudoers file (defaults to 0440)],
+AC_ARG_WITH(sudoers-mode, [AS_HELP_STRING([--with-sudoers-mode], [mode of sudoers file (defaults to 0440)])],
[case $with_sudoers_mode in
yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."])
;;
;;
esac])
-AC_ARG_WITH(sudoers-uid, [ --with-sudoers-uid uid that owns sudoers file (defaults to 0)],
+AC_ARG_WITH(sudoers-uid, [AS_HELP_STRING([--with-sudoers-uid], [uid that owns sudoers file (defaults to 0)])],
[case $with_sudoers_uid in
yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."])
;;
;;
esac])
-AC_ARG_WITH(sudoers-gid, [ --with-sudoers-gid gid that owns sudoers file (defaults to 0)],
+AC_ARG_WITH(sudoers-gid, [AS_HELP_STRING([--with-sudoers-gid], [gid that owns sudoers file (defaults to 0)])],
[case $with_sudoers_gid in
yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."])
;;
esac])
AC_MSG_CHECKING(for umask programs should be run with)
-AC_ARG_WITH(umask, [ --with-umask umask with which the prog should run (default is 022)
- --without-umask Preserves the umask of the user invoking sudo.],
+AC_ARG_WITH(umask, [AS_HELP_STRING([--with-umask], [umask with which the prog should run (default is 022)])
+AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo.])],
[case $with_umask in
yes) AC_MSG_ERROR(["must give --with-umask an argument."])
;;
*) AC_MSG_ERROR(["you must enter a numeric mask."])
;;
esac])
-AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.])
+AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the sudo-run prog should use.])
if test "$sudo_umask" = "0777"; then
AC_MSG_RESULT(user)
else
AC_MSG_RESULT($sudo_umask)
fi
+AC_ARG_WITH(umask-override, [AS_HELP_STRING([--with-umask-override], [Use the umask specified in sudoers even if it is less restrictive than the user's.])],
+[case $with_umask_override in
+ yes) AC_DEFINE(UMASK_OVERRIDE)
+ umask_override=on
+ ;;
+ no) umask_override=off
+ ;;
+ *) AC_MSG_ERROR(["--with-umask-override does not take an argument."])
+ ;;
+esac])
+
AC_MSG_CHECKING(for default user to run commands as)
-AC_ARG_WITH(runas-default, [ --with-runas-default User to run commands as (default is "root")],
+AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])],
[case $with_runas_default in
yes) AC_MSG_ERROR(["must give --with-runas-default an argument."])
;;
AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.])
AC_MSG_RESULT([$runas_default])
-AC_ARG_WITH(exempt, [ --with-exempt=group no passwd needed for users in this group],
+AC_ARG_WITH(exempt, [AS_HELP_STRING([--with-exempt=group], [no passwd needed for users in this group])],
[case $with_exempt in
yes) AC_MSG_ERROR(["must give --with-exempt an argument."])
;;
esac])
AC_MSG_CHECKING(for editor that visudo should use)
-AC_ARG_WITH(editor, [ --with-editor=path Default editor for visudo (defaults to vi)],
+AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for visudo (defaults to vi)])],
[case $with_editor in
yes) AC_MSG_ERROR(["must give --with-editor an argument."])
;;
;;
*) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
AC_MSG_RESULT([$with_editor])
+ editor="$with_editor"
;;
esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables)
-AC_ARG_WITH(env-editor, [ --with-env-editor Use the environment variable EDITOR for visudo],
+AC_ARG_WITH(env-editor, [AS_HELP_STRING([--with-env-editor], [Use the environment variable EDITOR for visudo])],
[case $with_env_editor in
yes) env_editor=on
;;
fi
AC_MSG_CHECKING(number of tries a user gets to enter their password)
-AC_ARG_WITH(passwd-tries, [ --with-passwd-tries number of tries to enter password (default is 3)],
+AC_ARG_WITH(passwd-tries, [AS_HELP_STRING([--with-passwd-tries], [number of tries to enter password (default is 3)])],
[case $with_passwd_tries in
yes) ;;
no) AC_MSG_ERROR(["--without-editor not supported."])
AC_MSG_RESULT($passwd_tries)
AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again)
-AC_ARG_WITH(timeout, [ --with-timeout minutes before sudo asks for passwd again (def is 5 minutes)],
+AC_ARG_WITH(timeout, [AS_HELP_STRING([--with-timeout], [minutes before sudo asks for passwd again (def is 5 minutes)])],
[case $with_timeout in
yes) ;;
no) timeout=0
AC_MSG_RESULT($timeout)
AC_MSG_CHECKING(time in minutes after the password prompt will time out)
-AC_ARG_WITH(password-timeout, [ --with-password-timeout passwd prompt timeout in minutes (default is 5 minutes)],
+AC_ARG_WITH(password-timeout, [AS_HELP_STRING([--with-password-timeout], [passwd prompt timeout in minutes (default is 5 minutes)])],
[case $with_password_timeout in
yes) ;;
no) password_timeout=0
AC_MSG_RESULT($password_timeout)
AC_MSG_CHECKING(whether to use per-tty ticket files)
-AC_ARG_WITH(tty-tickets, [ --with-tty-tickets use a different ticket file for each tty],
+AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different ticket file for each tty])],
[case $with_tty_tickets in
yes) tty_tickets=on
;;
*) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."])
;;
esac])
-if test "$tty_tickets" = "on"; then
- AC_DEFINE(USE_TTY_TICKETS)
- AC_MSG_RESULT(yes)
-else
+if test "$tty_tickets" = "off"; then
+ AC_DEFINE(NO_TTY_TICKETS)
AC_MSG_RESULT(no)
+else
+ AC_MSG_RESULT(yes)
fi
AC_MSG_CHECKING(whether to include insults)
-AC_ARG_WITH(insults, [ --with-insults insult the user for entering an incorrect password],
+AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for entering an incorrect password])],
[case $with_insults in
yes) insults=on
with_classic_insults=yes
with_csops_insults=yes
;;
+ disabled) insults=off
+ with_classic_insults=yes
+ with_csops_insults=yes
+ ;;
no) insults=off
;;
*) AC_MSG_ERROR(["--with-insults does not take an argument."])
AC_MSG_RESULT(no)
fi
-AC_ARG_WITH(all-insults, [ --with-all-insults include all the sudo insult sets],
+AC_ARG_WITH(all-insults, [AS_HELP_STRING([--with-all-insults], [include all the sudo insult sets])],
[case $with_all_insults in
yes) with_classic_insults=yes
with_csops_insults=yes
;;
esac])
-AC_ARG_WITH(classic-insults, [ --with-classic-insults include the insults from the "classic" sudo],
+AC_ARG_WITH(classic-insults, [AS_HELP_STRING([--with-classic-insults], [include the insults from the "classic" sudo])],
[case $with_classic_insults in
yes) AC_DEFINE(CLASSIC_INSULTS)
;;
;;
esac])
-AC_ARG_WITH(csops-insults, [ --with-csops-insults include CSOps insults],
+AC_ARG_WITH(csops-insults, [AS_HELP_STRING([--with-csops-insults], [include CSOps insults])],
[case $with_csops_insults in
yes) AC_DEFINE(CSOPS_INSULTS)
;;
;;
esac])
-AC_ARG_WITH(hal-insults, [ --with-hal-insults include 2001-like insults],
+AC_ARG_WITH(hal-insults, [AS_HELP_STRING([--with-hal-insults], [include 2001-like insults])],
[case $with_hal_insults in
yes) AC_DEFINE(HAL_INSULTS)
;;
;;
esac])
-AC_ARG_WITH(goons-insults, [ --with-goons-insults include the insults from the "Goon Show"],
+AC_ARG_WITH(goons-insults, [AS_HELP_STRING([--with-goons-insults], [include the insults from the "Goon Show"])],
[case $with_goons_insults in
yes) AC_DEFINE(GOONS_INSULTS)
;;
;;
esac])
-AC_ARG_WITH(ldap, [ --with-ldap[[=DIR]] enable LDAP support],
+AC_ARG_WITH(nsswitch, [AS_HELP_STRING([--with-nsswitch[[=PATH]]], [path to nsswitch.conf])],
+[case $with_nsswitch in
+ no) ;;
+ yes) with_nsswitch="/etc/nsswitch.conf"
+ ;;
+ *) ;;
+esac])
+
+AC_ARG_WITH(ldap, [AS_HELP_STRING([--with-ldap[[=DIR]]], [enable LDAP support])],
[case $with_ldap in
- no) with_ldap="";;
+ no) ;;
*) AC_DEFINE(HAVE_LDAP)
AC_MSG_CHECKING(whether to use sudoers from LDAP)
AC_MSG_RESULT(yes)
;;
esac])
-AC_ARG_WITH(ldap-conf-file, [ --with-ldap-conf-file path to LDAP configuration file],
-[AC_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$with_ldap_conf_file", [Path to the ldap.conf file])])
-AC_ARG_WITH(ldap-secret-file, [ --with-ldap-secret-file path to LDAP secret password file],
-[AC_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$with_ldap_secret_file", [Path to the ldap.secret file])])
-AC_ARG_WITH(pc-insults, [ --with-pc-insults replace politically incorrect insults with less offensive ones],
+AC_ARG_WITH(ldap-conf-file, [AS_HELP_STRING([--with-ldap-conf-file], [path to LDAP configuration file])])
+test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file"
+SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$ldap_conf", [Path to the ldap.conf file])
+
+AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path to LDAP secret password file])])
+test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file"
+SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file])
+
+AC_ARG_WITH(pc-insults, [AS_HELP_STRING([--with-pc-insults], [replace politically incorrect insults with less offensive ones])],
[case $with_pc_insults in
yes) AC_DEFINE(PC_INSULTS)
;;
fi
AC_MSG_CHECKING(whether to override the user's path)
-AC_ARG_WITH(secure-path, [ --with-secure-path override the user's path with a built-in one],
+AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])],
[case $with_secure_path in
- yes) AC_DEFINE_UNQUOTED(SECURE_PATH, "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc")
- AC_MSG_RESULT([:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc])
+ yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc"
+ AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
+ AC_MSG_RESULT([$with_secure_path])
+ secure_path="set to $with_secure_path"
;;
no) AC_MSG_RESULT(no)
;;
*) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
AC_MSG_RESULT([$with_secure_path])
+ secure_path="set to F<$with_secure_path>"
;;
esac], AC_MSG_RESULT(no))
AC_MSG_CHECKING(whether to get ip addresses from the network interfaces)
-AC_ARG_WITH(interfaces, [ --without-interfaces don't try to read the ip addr of ether interfaces],
+AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-interfaces], [don't try to read the ip addr of ether interfaces])],
[case $with_interfaces in
yes) AC_MSG_RESULT(yes)
;;
esac], AC_MSG_RESULT(yes))
AC_MSG_CHECKING(whether stow should be used)
-AC_ARG_WITH(stow, [ --with-stow properly handle GNU stow packaging],
+AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [properly handle GNU stow packaging])],
[case $with_stow in
yes) AC_MSG_RESULT(yes)
AC_DEFINE(USE_STOW)
;;
esac], AC_MSG_RESULT(no))
+AC_MSG_CHECKING(whether to use an askpass helper)
+AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])],
+[case $with_askpass in
+ yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."])
+ ;;
+ no) ;;
+ *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass])
+ ;;
+esac], AC_MSG_RESULT(no))
+
+AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir], [set directory to load plugins from])],
+[case $with_plugindir in
+ no) AC_MSG_ERROR(["illegal argument: --without-plugindir."])
+ ;;
+ *) ;;
+esac], [with_plugindir="$libexecdir"])
+
dnl
dnl Options for --enable
dnl
AC_MSG_CHECKING(whether to do user authentication by default)
AC_ARG_ENABLE(authentication,
-[ --disable-authentication
- Do not require authentication by default],
+[AS_HELP_STRING([--disable-authentication], [Do not require authentication by default])],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
;;
AC_MSG_CHECKING(whether to disable running the mailer as root)
AC_ARG_ENABLE(root-mailer,
-[ --disable-root-mailer Don't run the mailer as root, run as the user],
+[AS_HELP_STRING([--disable-root-mailer], [Don't run the mailer as root, run as the user])],
[ case "$enableval" in
yes) AC_MSG_RESULT(no)
;;
], AC_MSG_RESULT(no))
AC_ARG_ENABLE(setreuid,
-[ --disable-setreuid Don't try to use the setreuid() function],
+[AS_HELP_STRING([--disable-setreuid], [Don't try to use the setreuid() function])],
[ case "$enableval" in
no) SKIP_SETREUID=yes
;;
])
AC_ARG_ENABLE(setresuid,
-[ --disable-setresuid Don't try to use the setresuid() function],
+[AS_HELP_STRING([--disable-setresuid], [Don't try to use the setresuid() function])],
[ case "$enableval" in
no) SKIP_SETRESUID=yes
;;
AC_MSG_CHECKING(whether to disable shadow password support)
AC_ARG_ENABLE(shadow,
-[ --disable-shadow Never use shadow passwords],
+[AS_HELP_STRING([--disable-shadow], [Never use shadow passwords])],
[ case "$enableval" in
yes) AC_MSG_RESULT(no)
;;
AC_MSG_CHECKING(whether root should be allowed to use sudo)
AC_ARG_ENABLE(root-sudo,
-[ --disable-root-sudo Don't allow root to run sudo],
+[AS_HELP_STRING([--disable-root-sudo], [Don't allow root to run sudo])],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
;;
AC_MSG_CHECKING(whether to log the hostname in the log file)
AC_ARG_ENABLE(log-host,
-[ --enable-log-host Log the hostname in the log file],
+[AS_HELP_STRING([--enable-log-host], [Log the hostname in the log file])],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
AC_DEFINE(HOST_IN_LOG)
AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments)
AC_ARG_ENABLE(noargs-shell,
-[ --enable-noargs-shell If sudo is given no arguments run a shell],
+[AS_HELP_STRING([--enable-noargs-shell], [If sudo is given no arguments run a shell])],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
AC_DEFINE(SHELL_IF_NO_ARGS)
AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode)
AC_ARG_ENABLE(shell-sets-home,
-[ --enable-shell-sets-home
- set $HOME to target user in shell mode],
+[AS_HELP_STRING([--enable-shell-sets-home], [Set $HOME to target user in shell mode])],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
AC_DEFINE(SHELL_SETS_HOME)
AC_MSG_CHECKING(whether to disable 'command not found' messages)
AC_ARG_ENABLE(path_info,
-[ --disable-path-info Print 'command not allowed' not 'command not found'],
+[AS_HELP_STRING([--disable-path-info], [Print 'command not allowed' not 'command not found'])],
[ case "$enableval" in
yes) AC_MSG_RESULT(no)
;;
esac
], AC_MSG_RESULT(no))
-AC_ARG_WITH(selinux, [ --with-selinux enable SELinux support],
+AC_MSG_CHECKING(whether to enable environment debugging)
+AC_ARG_ENABLE(env_debug,
+[AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])],
+[ case "$enableval" in
+ yes) AC_MSG_RESULT(yes)
+ AC_DEFINE(ENV_DEBUG)
+ ;;
+ no) AC_MSG_RESULT(no)
+ ;;
+ *) AC_MSG_RESULT(no)
+ AC_MSG_WARN([Ignoring unknown argument to --enable-env-debug: $enableval])
+ ;;
+ esac
+], AC_MSG_RESULT(no))
+
+AC_ARG_ENABLE(zlib,
+[AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])],
+[], [enable_zlib=yes])
+
+AC_MSG_CHECKING(whether to enable environment resetting by default)
+AC_ARG_ENABLE(env_reset,
+[AS_HELP_STRING([--enable-env-reset], [Whether to enable environment resetting by default.])],
+[ case "$enableval" in
+ yes) env_reset=on
+ ;;
+ no) env_reset=off
+ ;;
+ *) env_reset=on
+ AC_MSG_WARN([Ignoring unknown argument to --enable-env-reset: $enableval])
+ ;;
+ esac
+])
+if test "$env_reset" = "on"; then
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(ENV_RESET, TRUE)
+else
+ AC_MSG_RESULT(no)
+ AC_DEFINE(ENV_RESET, FALSE)
+fi
+
+AC_ARG_ENABLE(warnings,
+[AS_HELP_STRING([--enable-warnings], [Whether to enable compiler warnings])],
+[ case "$enableval" in
+ yes) ;;
+ no) ;;
+ *) AC_MSG_WARN([Ignoring unknown argument to --enable-warnings: $enableval])
+ ;;
+ esac
+])
+
+AC_ARG_ENABLE(werror,
+[AS_HELP_STRING([--enable-werror], [Whether to enable the -Werror compiler option])],
+[ case "$enableval" in
+ yes) ;;
+ no) ;;
+ *) AC_MSG_WARN([Ignoring unknown argument to --enable-werror: $enableval])
+ ;;
+ esac
+])
+
+AC_ARG_ENABLE(admin-flag,
+[AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])],
+[ case "$enableval" in
+ yes) AC_DEFINE(USE_ADMIN_FLAG)
+ ;;
+ no) ;;
+ *) AC_MSG_WARN([Ignoring unknown argument to --enable-admin-flag: $enableval])
+ ;;
+ esac
+])
+
+AC_ARG_ENABLE(nls,
+[AS_HELP_STRING([--disable-nls], [Disable natural language support using gettext])],
+[], [enable_nls=yes])
+
+AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])],
[case $with_selinux in
- yes) AC_DEFINE(HAVE_SELINUX)
+ yes) SELINUX_USAGE="[[-r role]] [[-t type]] "
+ AC_DEFINE(HAVE_SELINUX)
SUDO_LIBS="${SUDO_LIBS} -lselinux"
SUDO_OBJS="${SUDO_OBJS} selinux.o"
PROGS="${PROGS} sesh"
- SELINUX=""
- SEMAN=""
+ SEMAN=1
+ AC_CHECK_LIB([selinux], [setkeycreatecon],
+ [AC_DEFINE(HAVE_SETKEYCREATECON)])
;;
no) ;;
*) AC_MSG_ERROR(["--with-selinux does not take an argument."])
esac])
dnl
-dnl If we don't have egrep we can't do anything...
+dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default
dnl
-AC_CHECK_PROG(EGREPPROG, egrep, egrep)
-if test -z "$EGREPPROG"; then
- AC_MSG_ERROR([Sorry, configure requires egrep to run.])
-fi
+AC_ARG_ENABLE(gss_krb5_ccache_name,
+[AS_HELP_STRING([--enable-gss-krb5-ccache-name], [Use GSS-API to set the Kerberos V cred cache name])],
+[check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no])
dnl
-dnl Prevent configure from adding the -g flag unless in devel mode
+dnl C compiler checks
dnl
-if test "$with_devel" != "yes"; then
- ac_cv_prog_cc_g=no
+AC_SEARCH_LIBS([strerror], [cposix])
+AC_PROG_CPP
+AC_CHECK_TOOL(AR, ar, false)
+AC_CHECK_TOOL(RANLIB, ranlib, :)
+if test X"$AR" = X"false"; then
+ AC_MSG_ERROR([the "ar" utility is required to build sudo])
+fi
+
+if test "x$ac_cv_prog_cc_c89" = "xno"; then
+ AC_MSG_ERROR([Sudo version $PACKAGE_VERSION requires an ANSI C compiler to build.])
fi
dnl
-dnl C compiler checks
+dnl If the user specified --disable-static, override them or we'll
+dnl be unable to build the executables in the sudoers plugin dir.
dnl
-AC_ISC_POSIX
-AC_PROG_CPP
+if test "$enable_static" = "no"; then
+ AC_MSG_WARN([Ignoring --disable-static, sudo does not install static libs])
+ enable_static=yes
+fi
dnl
-dnl Libtool magic; enable shared libs and disable static libs
+dnl Libtool setup, we require libtool 2.2.6b or higher
dnl
AC_CANONICAL_HOST
-AC_CANONICAL_TARGET([])
-AC_DISABLE_STATIC
-AC_PROG_LIBTOOL
+AC_CONFIG_MACRO_DIR([m4])
+LT_PREREQ([2.2.6b])
+LT_INIT([dlopen])
dnl
dnl Defer with_noexec until after libtool magic runs
dnl
if test "$enable_shared" = "no"; then
with_noexec=no
+ enable_dlopen=no
+ lt_cv_dlopen=none
+ lt_cv_dlopen_libs=
else
eval _shrext="$shrext_cmds"
+ # Darwin uses .dylib for libraries but .so for modules
+ if test X"$_shrext" = X".dylib"; then
+ SOEXT=".so"
+ else
+ SOEXT="$_shrext"
+ fi
fi
AC_MSG_CHECKING(path to sudo_noexec.so)
-AC_ARG_WITH(noexec, [ --with-noexec[=PATH] fully qualified pathname of sudo_noexec.so],
+AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])],
[case $with_noexec in
yes) with_noexec="$libexecdir/sudo_noexec$_shrext"
;;
NOEXECFILE="sudo_noexec$_shrext"
NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`"
-dnl
-dnl It is now safe to modify CFLAGS and CPPFLAGS
-dnl
-if test "$with_devel" = "yes" -a -n "$GCC"; then
- CFLAGS="${CFLAGS} -Wall"
-fi
-
dnl
dnl Find programs we use
dnl
-AC_CHECK_PROG(UNAMEPROG, uname, uname)
-AC_CHECK_PROG(TRPROG, tr, tr)
-AC_CHECK_PROG(NROFFPROG, nroff, nroff)
-if test -z "$NROFFPROG"; then
+AC_CHECK_PROG(UNAMEPROG, [uname], [uname])
+AC_CHECK_PROG(TRPROG, [tr], [tr])
+AC_CHECK_PROGS(NROFFPROG, [nroff mandoc])
+if test -n "$NROFFPROG"; then
+ AC_CACHE_CHECK([whether $NROFFPROG supports the -c option],
+ [sudo_cv_var_nroff_opt_c],
+ [if $NROFFPROG -c </dev/null >/dev/null 2>&1; then
+ sudo_cv_var_nroff_opt_c=yes
+ else
+ sudo_cv_var_nroff_opt_c=no
+ fi]
+ )
+ if test "$sudo_cv_var_nroff_opt_c" = "yes"; then
+ NROFFPROG="$NROFFPROG -c"
+ fi
+ AC_CACHE_CHECK([whether $NROFFPROG supports the -Tascii option],
+ [sudo_cv_var_nroff_opt_Tascii],
+ [if $NROFFPROG -Tascii </dev/null >/dev/null 2>&1; then
+ sudo_cv_var_nroff_opt_Tascii=yes
+ else
+ sudo_cv_var_nroff_opt_Tascii=no
+ fi]
+ if test "$sudo_cv_var_nroff_opt_Tascii" = "yes"; then
+ NROFFPROG="$NROFFPROG -Tascii"
+ fi
+ )
+else
MANTYPE="cat"
mansrcdir='$(srcdir)'
fi
: ${mansectform='4'}
: ${with_rpath='yes'}
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
+ AC_CHECK_FUNCS(priv_set)
;;
*-*-aix*)
# To get all prototypes (so we pass -Wall)
- OSDEFS="${OSDEFS} -D_XOPEN_EXTENDED_SOURCE -D_ALL_SOURCE"
- SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
+ OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT"
+ SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp"
if test X"$with_blibpath" != X"no"; then
AC_MSG_CHECKING([if linker accepts -Wl,-blibpath])
O_LDFLAGS="$LDFLAGS"
fi
LDFLAGS="$O_LDFLAGS"
- # Use authenticate(3) as the default authentication method
- if test X"$with_aixauth" = X""; then
- AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
+ # On AIX 6 and higher default to PAM, else default to LAM
+ if test $OSMAJOR -ge 6; then
+ if test X"$with_pam" = X""; then
+ AUTH_EXCL_DEF="PAM"
+ fi
+ else
+ if test X"$with_aixauth" = X""; then
+ AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"])
+ fi
+ fi
+
+ # AIX analog of nsswitch.conf, enabled by default
+ AC_ARG_WITH(netsvc, [AS_HELP_STRING([--with-netsvc[[=PATH]]], [path to netsvc.conf])],
+ [case $with_netsvc in
+ no) ;;
+ yes) with_netsvc="/etc/netsvc.conf"
+ ;;
+ *) ;;
+ esac])
+ if test -z "$with_nsswitch" -a -z "$with_netsvc"; then
+ with_netsvc="/etc/netsvc.conf"
+ fi
+
+ # For implementing getgrouplist()
+ AC_CHECK_FUNCS(getgrset)
+
+ # LDR_PRELOAD is only supported in AIX 5.3 and later
+ if test $OSMAJOR -lt 5; then
+ with_noexec=no
fi
+
+ # AIX-specific functions
+ AC_CHECK_FUNCS(getuserattr setauthdb)
+ COMMON_OBJS="$COMMON_OBJS aix.lo"
;;
*-*-hiuxmpp*)
: ${mansectsu='1m'}
: ${mansectsu='1m'}
: ${mansectform='4'}
+ # The HP bundled compiler cannot generate shared libs
+ if test -z "$GCC"; then
+ AC_CACHE_CHECK([for HP bundled C compiler],
+ [sudo_cv_var_hpccbundled],
+ [if $CC -V 2>&1 | grep '^(Bundled)' >/dev/null 2>&1; then
+ sudo_cv_var_hpccbundled=yes
+ else
+ sudo_cv_var_hpccbundled=no
+ fi]
+ )
+ if test "$sudo_cv_var_hpccbundled" = "yes"; then
+ AC_MSG_ERROR([The HP bundled C compiler is unable to build Sudo, you must use gcc or the HP ANSI C compiler instead.])
+ fi
+ fi
+
+ # Build PA-RISC1.1 objects for better portability
+ case "$host_cpu" in
+ hppa[[2-9]]*)
+ _CFLAGS="$CFLAGS"
+ if test -n "$GCC"; then
+ portable_flag="-march=1.1"
+ else
+ portable_flag="+DAportable"
+ fi
+ CFLAGS="$CFLAGS $portable_flag"
+ AC_CACHE_CHECK([whether $CC understands $portable_flag],
+ [sudo_cv_var_daportable],
+ [AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[]], [[]])],
+ [sudo_cv_var_daportable=yes],
+ [sudo_cv_var_daportable=no]
+ )
+ ]
+ )
+ if test X"$sudo_cv_var_daportable" != X"yes"; then
+ CFLAGS="$_CFLAGS"
+ fi
+ ;;
+ esac
+
case "$host" in
- *-*-hpux[1-8].*)
+ *-*-hpux[[1-8]].*)
AC_DEFINE(BROKEN_SYSLOG)
-
- # Not sure if setuid binaries are safe in < 9.x
- if test -n "$GCC"; then
- SUDO_LDFLAGS="${SUDO_LDFLAGS} -static"
- else
- SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive"
- fi
;;
*-*-hpux9.*)
AC_DEFINE(BROKEN_SYSLOG)
# DCE support (requires ANSI C compiler)
if test "$with_DCE" = "yes"; then
# order of libs in 9.X is important. -lc_r must be last
- SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r"
+ SUDOERS_LIBS="${SUDOERS_LIBS} -ldce -lM -lc_r"
LIBS="${LIBS} -ldce -lM -lc_r"
CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant"
fi
*-*-hpux10.*)
shadow_funcs="getprpwnam iscomsec"
shadow_libs="-lsec"
+ # HP-UX 10.20 libc has an incompatible getline
+ ac_cv_func_getline="no"
;;
*)
shadow_funcs="getspnam iscomsec"
;;
*-dec-osf*)
# ignore envariables wrt dynamic lib path
- SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement"
+ SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-no_library_replacement"
: ${CHECKSIA='true'}
AC_MSG_CHECKING(whether to disable sia support on Digital UNIX)
AC_ARG_ENABLE(sia,
- [ --disable-sia Disable SIA on Digital UNIX],
+ [AS_HELP_STRING([--disable-sia], [Disable SIA on Digital UNIX])],
[ case "$enableval" in
yes) AC_MSG_RESULT(no)
CHECKSIA=true
OSDEFS="${OSDEFS} -D_BSD_TYPES"
if test -z "$NROFFPROG"; then
MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)'
- if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
+ if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
if test -d /usr/share/catman/local; then
mandir="/usr/share/catman/local"
else
fi
fi
else
- if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then
+ if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then
if test -d "/usr/share/man/local"; then
mandir="/usr/share/man/local"
else
*-*-isc*)
OSDEFS="${OSDEFS} -D_ISC"
LIB_CRYPT=1
- SUDO_LIBS="${SUDO_LIBS} -lcrypt"
- LIBS="${LIBS} -lcrypt"
+ SUDOERS_LIBS="${SUDOERS_LIBS} -lcrypt"
shadow_funcs="getspnam"
shadow_libs="-lsec"
: ${with_rpath='yes'}
;;
*-ncr-sysv4*|*-ncr-sysvr4*)
- AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes])
+ AC_CHECK_LIB(c89, strcasecmp, [LIBS="${LIBS} -lc89"])
: ${mansectsu='1m'}
: ${mansectform='4'}
: ${with_rpath='yes'}
;;
*-ccur-sysv4*|*-ccur-sysvr4*)
LIBS="${LIBS} -lgen"
- SUDO_LIBS="${SUDO_LIBS} -lgen"
: ${mansectsu='1m'}
: ${mansectform='4'}
: ${with_rpath='yes'}
;;
*-*-bsdi*)
SKIP_SETREUID=yes
- # Use shlicc for BSD/OS [23].x unless asked to do otherwise
- if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then
- case "$OSMAJOR" in
- 2|3) AC_MSG_NOTICE([using shlicc as CC])
- ac_cv_prog_CC=shlicc
- CC="$ac_cv_prog_CC"
- ;;
- esac
- fi
- # Check for newer BSD auth API (just check for >= 3.0?)
+ # Check for newer BSD auth API
if test -z "$with_bsdauth"; then
AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"])
fi
SKIP_SETREUID=yes
;;
esac
- if test "$with_skey" = "yes"; then
- SUDO_LIBS="${SUDO_LIBS} -lmd"
+ OSDEFS="${OSDEFS} -D_BSD_SOURCE"
+ if test "${with_skey-'no'}" = "yes"; then
+ SUDOERS_LIBS="${SUDOERS_LIBS} -lmd"
fi
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
;;
*-*-*openbsd*)
# OpenBSD has a real setreuid(2) starting with 3.3 but
- # we will use setreuid(2) instead.
+ # we will use setresuid(2) instead.
SKIP_SETREUID=yes
+ OSDEFS="${OSDEFS} -D_BSD_SOURCE"
CHECKSHADOW="false"
# OpenBSD >= 3.0 supports BSD auth
if test -z "$with_bsdauth"; then
- case "$OSREV" in
- [0-2].*)
- ;;
- *)
+ if test "$OSMAJOR" -ge 3; then
AUTH_EXCL_DEF="BSD_AUTH"
- ;;
- esac
+ fi
fi
: ${with_logincap='maybe'}
;;
*-*-*netbsd*)
# NetBSD has a real setreuid(2) starting with 1.3.2
case "$OSREV" in
- 0.9*|1.[012]*|1.3|1.3.1)
+ 0.9*|1.[[012]]*|1.3|1.3.1)
SKIP_SETREUID=yes
;;
esac
: ${with_logincap='maybe'}
;;
*-*-dragonfly*)
- if test "$with_skey" = "yes"; then
- SUDO_LIBS="${SUDO_LIBS} -lmd"
+ OSDEFS="${OSDEFS} -D_BSD_SOURCE"
+ if test "${with_skey-'no'}" = "yes"; then
+ SUDOERS_LIBS="${SUDOERS_LIBS} -lmd"
fi
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
CHECKSHADOW="false"
;;
*-*-darwin*)
- SKIP_SETREUID=yes
+ # Darwin has a real setreuid(2) starting with 9.0
+ if test $OSMAJOR -lt 9; then
+ SKIP_SETREUID=yes
+ fi
CHECKSHADOW="false"
test -z "$with_pam" && AUTH_EXCL_DEF="PAM"
: ${with_logincap='yes'}
AC_PROG_GCC_TRADITIONAL
AC_C_CONST
AC_C_VOLATILE
+if test X"$with_gnu_ld" != "yes" -a -n "$GCC"; then
+ _CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -static-libgcc"
+ AC_CACHE_CHECK([whether $CC understands -static-libgcc],
+ [sudo_cv_var_gcc_static_libgcc],
+ [AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[]], [[]])],
+ [sudo_cv_var_gcc_static_libgcc=yes],
+ [sudo_cv_var_gcc_static_libgcc=no]
+ )
+ ]
+ )
+ CFLAGS="$_CFLAGS"
+ if test "$sudo_cv_var_gcc_static_libgcc" = "yes"; then
+ LTLDFLAGS="$LTLDFLAGS -Wc,-static-libgcc"
+ fi
+fi
dnl
dnl Program checks
dnl
AC_PROG_YACC
+AC_PATH_PROG([FLEX], [flex], [flex])
SUDO_PROG_MV
SUDO_PROG_BSHELL
if test -z "$with_sendmail"; then
SUDO_PROG_SENDMAIL
fi
-if test -z "$with_editor"; then
- SUDO_PROG_VI
+SUDO_PROG_VI
+dnl
+dnl Check for authpriv support in syslog
+dnl
+AC_MSG_CHECKING(which syslog facility sudo should log with)
+if test X"$with_logfac" = X""; then
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <syslog.h>]], [[int i = LOG_AUTHPRIV; (void)i;]])], [logfac=authpriv])
fi
+AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.])
+AC_MSG_RESULT($logfac)
dnl
dnl Header file checks
dnl
AC_HEADER_STDC
AC_HEADER_DIRENT
AC_HEADER_TIME
-AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h)
-AC_CHECK_HEADERS([err.h], [], [AC_LIBOBJ(err)])
-dnl ultrix termio/termios are broken
-if test "$OS" != "ultrix"; then
- AC_SYS_POSIX_TERMIOS
- if test "$ac_cv_sys_posix_termios" = "yes"; then
- AC_DEFINE(HAVE_TERMIOS_H)
- else
- AC_CHECK_HEADERS(termio.h)
- fi
+AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h utmpx.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h)
+dnl
+dnl Check for large file support. HP-UX 11.23 has a broken sys/type.h
+dnl when large files support is enabled so work around it.
+dnl
+AC_SYS_LARGEFILE
+case "$host" in
+ *-*-hpux11.*)
+ AC_CACHE_CHECK([whether sys/types.h needs _XOPEN_SOURCE_EXTENDED], [sudo_cv_xopen_source_extended],
+ [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT
+ #include <sys/socket.h>], [])], [sudo_cv_xopen_source_extended=no], [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#define _XOPEN_SOURCE_EXTENDED
+ AC_INCLUDES_DEFAULT
+ #include <sys/socket.h>], [])], [sudo_cv_xopen_source_extended=yes],
+ [sudo_cv_xopen_source_extended=error])
+ ])])
+ if test "$sudo_cv_xopen_source_extended" = "yes"; then
+ OSDEFS="${OSDEFS} -D_XOPEN_SOURCE_EXTENDED"
+ SUDO_DEFINE(_XOPEN_SOURCE_EXTENDED)
+ fi
+ ;;
+esac
+AC_SYS_POSIX_TERMIOS
+if test "$ac_cv_sys_posix_termios" != "yes"; then
+ AC_MSG_ERROR([Must have POSIX termios to build sudo])
fi
+SUDO_MAILDIR
if test ${with_logincap-'no'} != "no"; then
- AC_CHECK_HEADERS(login_cap.h, [LCMAN=""
+ AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1
case "$OS" in
- freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil"
- ;;
+ freebsd|netbsd)
+ SUDO_LIBS="${SUDO_LIBS} -lutil"
+ SUDOERS_LIBS="${SUDOERS_LIBS} -lutil"
+ ;;
esac
])
fi
if test ${with_project-'no'} != "no"; then
- AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H)
- [SUDO_LIBS="${SUDO_LIBS} -lproject"], -)
+ AC_CHECK_HEADER(project.h, [
+ AC_CHECK_LIB(project, setproject, [
+ AC_DEFINE(HAVE_PROJECT_H)
+ SUDO_LIBS="${SUDO_LIBS} -lproject"
+ ])
+ ], [])
fi
dnl
dnl typedef checks
dnl
AC_TYPE_MODE_T
AC_TYPE_UID_T
-AC_CHECK_TYPES([sig_atomic_t], , [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
+AC_CHECK_TYPE([__signed char], [], [AC_CHECK_TYPE([signed char], [AC_DEFINE(__signed, signed)], [AC_DEFINE(__signed, [])])])
+AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include <sys/types.h>
#include <signal.h>])
AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include <sys/types.h>
#include <signal.h>])
#include <time.h>])
AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include <sys/types.h>
#include <netinet/in.h>])
+AC_TYPE_LONG_LONG_INT
+AC_CHECK_SIZEOF([long int])
SUDO_TYPE_SIZE_T
SUDO_TYPE_SSIZE_T
SUDO_TYPE_DEV_T
SUDO_TYPE_INO_T
-SUDO_FULL_VOID
SUDO_UID_T_LEN
-SUDO_TYPE_LONG_LONG
SUDO_SOCK_SA_LEN
dnl
-dnl only set RETSIGTYPE if it is not set already
+dnl Check for utmp/utmpx struct members.
+dnl We need to include OSDEFS for glibc which only has __e_termination
+dnl visible when _GNU_SOURCE is *not* defined.
dnl
-case "$DEFS" in
- *"RETSIGTYPE"*) ;;
- *) AC_TYPE_SIGNAL;;
-esac
+_CFLAGS="$CFLAGS"
+CFLAGS="$CFLAGS $OSDEFS"
+if test $ac_cv_header_utmpx_h = "yes"; then
+ AC_CHECK_MEMBERS([struct utmpx.ut_id, struct utmpx.ut_pid, struct utmpx.ut_tv, struct utmpx.ut_type], [], [], [
+ #include <sys/types.h>
+ #include <utmpx.h>
+ ])
+ dnl
+ dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination
+ dnl
+ AC_CHECK_MEMBERS([struct utmpx.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [
+ AC_CHECK_MEMBERS([struct utmpx.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [], [
+ #include <sys/types.h>
+ #include <utmpx.h>
+ ])
+ ], [
+ #include <sys/types.h>
+ #include <utmpx.h>
+ ])
+else
+ AC_CHECK_MEMBERS([struct utmp.ut_id, struct utmp.ut_pid, struct utmp.ut_tv, struct utmp.ut_type, struct utmp.ut_user], [], [], [
+ #include <sys/types.h>
+ #include <utmp.h>
+ ])
+ dnl
+ dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination
+ dnl
+ AC_CHECK_MEMBERS([struct utmp.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [
+ AC_CHECK_MEMBERS([struct utmp.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [], [
+ #include <sys/types.h>
+ #include <utmp.h>
+ ])
+ ], [
+ #include <sys/types.h>
+ #include <utmp.h>
+ ])
+fi
+CFLAGS="$_CFLAGS"
+
dnl
dnl Function checks
dnl
AC_FUNC_GETGROUPS
-AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
- strftime setrlimit initgroups getgroups fstat gettimeofday \
- setlocale getaddrinfo)
+AC_CHECK_FUNCS(strrchr sysconf tzset strftime \
+ regcomp setlocale nl_langinfo getaddrinfo mbr_check_membership \
+ setrlimit64 sysctl)
+AC_REPLACE_FUNCS(getgrouplist)
+AC_CHECK_FUNCS(getline, [], [
+ AC_LIBOBJ(getline)
+ AC_CHECK_FUNCS(fgetln)
+])
+utmp_style=LEGACY
+AC_CHECK_FUNCS(getutxid getutid, [utmp_style=POSIX; break])
+if test "$utmp_style" = "LEGACY"; then
+ AC_CHECK_FUNCS(getttyent ttyslot, [break])
+fi
+
+AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(libutil.h util.h pty.h, [break])], [
+ AC_CHECK_LIB(util, openpty, [
+ AC_CHECK_HEADERS(libutil.h util.h pty.h, [break])
+ case "$SUDO_LIBS" in
+ *-lutil*) ;;
+ *) SUDO_LIBS="${SUDO_LIBS} -lutil";;
+ esac
+ AC_DEFINE(HAVE_OPENPTY)
+ ], [
+ AC_CHECK_FUNCS(_getpty, [], [
+ AC_CHECK_FUNCS(grantpt, [
+ AC_CHECK_FUNCS(posix_openpt)
+ ], [
+ AC_CHECK_FUNCS(revoke)
+ ])
+ ])
+ ])
+])
+AC_CHECK_FUNCS(unsetenv, [SUDO_FUNC_UNSETENV_VOID], [AC_LIBOBJ(unsetenv)])
if test -z "$SKIP_SETRESUID"; then
- AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
+ AC_CHECK_FUNCS(setresuid, [
+ SKIP_SETREUID=yes
+ AC_CHECK_FUNCS(getresuid)
+ ])
fi
if test -z "$SKIP_SETREUID"; then
AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob)
AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)])
AC_CHECK_FUNCS(lockf flock, [break])
-AC_CHECK_FUNCS(waitpid wait3, [break])
AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]])
-AC_CHECK_FUNCS(lsearch, [], [AC_CHECK_LIB([compat], [lsearch], [AC_CHECK_HEADER([search.h], [AC_DEFINE(HAVE_LSEARCH)] [LIBS="${LIBS} -lcompat"], [AC_LIBOBJ(lsearch)], -)], [AC_LIBOBJ(lsearch)])])
AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)])
+AC_CHECK_FUNCS(killpg, [], [AC_LIBOBJ(killpg)])
SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)])
SUDO_FUNC_ISBLANK
-AC_REPLACE_FUNCS(memrchr strerror strcasecmp sigaction strlcpy strlcat)
+AC_REPLACE_FUNCS(memrchr strlcpy strlcat setenv)
+AC_CHECK_FUNCS(nanosleep, [], [
+ # On Solaris, nanosleep is in librt
+ AC_CHECK_LIB(rt, nanosleep, [REPLAY_LIBS="${REPLAY_LIBS} -lrt"], [AC_LIBOBJ(nanosleep)])
+])
AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom)
AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [],
[ #include <limits.h>
#include <fcntl.h> ])
])
-AC_CHECK_FUNCS(mkstemp, [], [SUDO_OBJS="${SUDO_OBJS} mkstemp.o"
+AC_CHECK_FUNCS(mkstemps mkdtemp, [], [
AC_CHECK_FUNCS(random lrand48, [break])
+ AC_LIBOBJ(mktemp)
])
AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1])
if test X"$ac_cv_type_struct_timespec" != X"no"; then
AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)]
[AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))],
[AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))])
- AC_MSG_CHECKING([for two-parameter timespecsub])
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
-#include <sys/time.h>]], [[struct timespec ts1, ts2;
-ts1.tv_sec = 1; ts1.tv_nsec = 0; ts2.tv_sec = 0; ts2.tv_nsec = 0;
-#ifndef timespecsub
-#error missing timespecsub
-#endif
-timespecsub(&ts1, &ts2);]])], [AC_DEFINE(HAVE_TIMESPECSUB2)
- AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)])
fi
dnl
dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR.
dnl
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
-#include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_TRY_LINK([#include <sys/types.h>
-#include <$ac_header_dirent>], [DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);], [AC_DEFINE(HAVE_DD_FD)])])
+#include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+#include <$ac_header_dirent>]], [[DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);]])], [AC_DEFINE(HAVE_DD_FD)], [])])
dnl
dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS
dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf)
dnl
AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))])
dnl
-dnl Bison and DCE use alloca(3), if not in libc, use the sudo one (from gcc)
-dnl (gcc includes its own alloca(3) but other compilers may not)
-dnl
-if test "$with_DCE" = "yes" -o "$ac_cv_prog_YACC" = "bison -y"; then
- AC_FUNC_ALLOCA
-fi
-dnl
dnl Check for getprogname() or __progname
dnl
AC_CHECK_FUNCS(getprogname, , [
AC_MSG_RESULT($sudo_cv___progname)
])
+# gettext() and friends may be located in libc (Linux and Solaris)
+# or in libintl. However, it is possible to have libintl installed
+# even when gettext() is present in libc. In the case of GNU libintl,
+# gettext() will be defined to gettext_libintl in libintl.h.
+# Since gcc prefers /usr/local/include to /usr/include, we need to
+# make sure we use the gettext() that matches the include file.
+if test "$enable_nls" != "no"; then
+ if test "$enable_nls" != "yes"; then
+ CPPFLAGS="${CPPFLAGS} -I${enable_nls}/include"
+ SUDO_APPEND_LIBPATH(LDFLAGS, [$enable_nls/lib])
+ fi
+ OLIBS="$LIBS"
+ for l in "libc" "-lintl" "-lintl -liconv"; do
+ if test "$l" = "libc"; then
+ # If user specified a dir for libintl ignore libc
+ if test "$enable_nls" != "yes"; then
+ continue
+ fi
+ gettext_name=sudo_cv_gettext
+ AC_MSG_CHECKING([for gettext])
+ else
+ LIBS="$OLIBS $l"
+ gettext_name=sudo_cv_gettext"`echo $l|sed -e 's/ //g' -e 's/-/_/g'`"
+ AC_MSG_CHECKING([for gettext in $l])
+ fi
+ AC_CACHE_VAL($gettext_name, [
+ AC_LINK_IFELSE(
+ [
+ AC_LANG_PROGRAM([[#include <libintl.h>]], [(void)gettext((char *)0);])
+ ], [eval $gettext_name=yes], [eval $gettext_name=no]
+ )
+ ])
+ eval gettext_result="\$$gettext_name"
+ AC_MSG_RESULT($gettext_result)
+ test "$gettext_result" = "yes" && break
+ done
+ LIBS="$OLIBS"
+
+ if test "$sudo_cv_gettext" = "yes"; then
+ AC_DEFINE(HAVE_LIBINTL_H)
+ SUDO_NLS=enabled
+ elif test "$sudo_cv_gettext_lintl" = "yes"; then
+ AC_DEFINE(HAVE_LIBINTL_H)
+ SUDO_NLS=enabled
+ LIBINTL="-lintl"
+ elif test "$sudo_cv_gettext_lintl_liconv" = "yes"; then
+ AC_DEFINE(HAVE_LIBINTL_H)
+ SUDO_NLS=enabled
+ LIBINTL="-lintl -liconv"
+ fi
+fi
+
+dnl
+dnl Deferred zlib option processing.
+dnl By default we use the system zlib if it is present.
+dnl
+case "$enable_zlib" in
+ yes)
+ AC_CHECK_LIB(z, gzdopen, [
+ AC_CHECK_HEADERS(zlib.h, [ZLIB="-lz"], [enable_zlib=builtin])
+ ])
+ ;;
+ no)
+ ;;
+ system)
+ AC_DEFINE(HAVE_ZLIB_H)
+ ZLIB="-lz"
+ ;;
+ builtin)
+ # handled below
+ ;;
+ *)
+ AC_DEFINE(HAVE_ZLIB_H)
+ CPPFLAGS="${CPPFLAGS} -I${enable_zlib}/include"
+ SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib])
+ ZLIB="${ZLIB} -lz"
+ ;;
+esac
+if test X"$enable_zlib" = X"builtin"; then
+ AC_DEFINE(HAVE_ZLIB_H)
+ CPPFLAGS="${CPPFLAGS}"' -I$(top_srcdir)/zlib'
+ ZLIB="${ZLIB}"' $(top_builddir)/zlib/libz.la'
+ ZLIB_SRC=zlib
+ AC_CONFIG_HEADER([zlib/zconf.h])
+ AC_CONFIG_FILES([zlib/Makefile])
+fi
+
+dnl
+dnl Check for errno declaration in errno.h
+dnl
+AC_CHECK_DECLS([errno], [], [], [
+AC_INCLUDES_DEFAULT
+#include <errno.h>
+])
+
+dnl
+dnl Check for strsignal() or sys_siglist
+dnl
+AC_CHECK_FUNCS(strsignal, [], [
+ AC_LIBOBJ(strsignal)
+ HAVE_SIGLIST="false"
+ AC_CHECK_DECLS([sys_siglist, _sys_siglist, __sys_siglist], [
+ HAVE_SIGLIST="true"
+ break
+ ], [ ], [
+AC_INCLUDES_DEFAULT
+#include <signal.h>
+ ])
+ if test "$HAVE_SIGLIST" != "true"; then
+ AC_LIBOBJ(siglist)
+ fi
+])
+
+dnl
+dnl nsswitch.conf and its equivalents
+dnl
+if test ${with_netsvc-"no"} != "no"; then
+ SUDO_DEFINE_UNQUOTED(_PATH_NETSVC_CONF, "${with_netsvc-/etc/netsvc.conf}")
+ netsvc_conf=${with_netsvc-/etc/netsvc.conf}
+elif test ${with_nsswitch-"yes"} != "no"; then
+ SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}")
+ nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf}
+fi
+
dnl
dnl Mutually exclusive auth checks come first, followed by
dnl non-exclusive ones. Note: passwd must be last of all!
dnl and we do the actual tests here.
dnl
if test ${with_pam-"no"} != "no"; then
- dnl
- dnl Linux may need this
- dnl
- AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"])
- ac_cv_lib_dl=ac_cv_lib_dl_main
+ # We already link with -ldl (see LIBDL below) so no need for that here.
+ SUDOERS_LIBS="${SUDOERS_LIBS} -lpam"
dnl
dnl Some PAM implementations (MacOS X for example) put the PAM headers
AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break])
if test "$with_pam" = "yes"; then
AC_DEFINE(HAVE_PAM)
- AUTH_OBJS="$AUTH_OBJS pam.o";
+ AUTH_OBJS="$AUTH_OBJS pam.lo";
AUTH_EXCL=PAM
+
+ AC_ARG_WITH(pam-login, [AS_HELP_STRING([--with-pam-login], [enable specific PAM session for sudo -i])],
+ [case $with_pam_login in
+ yes) AC_DEFINE([HAVE_PAM_LOGIN])
+ AC_MSG_CHECKING(whether to use PAM login)
+ AC_MSG_RESULT(yes)
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-pam-login does not take an argument."])
+ ;;
+ esac])
+
AC_MSG_CHECKING(whether to use PAM session support)
AC_ARG_ENABLE(pam_session,
- [ --disable-pam-session Disable PAM session support],
+ [AS_HELP_STRING([--disable-pam-session], [Disable PAM session support])],
[ case "$enableval" in
yes) AC_MSG_RESULT(yes)
;;
AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval])
;;
esac], AC_MSG_RESULT(yes))
- case $host in
- *-*-linux*|*-*-solaris*)
- AC_CHECK_FUNCS(dgettext, [],
- [AC_CHECK_LIB(intl, dgettext, [LIBS="${LIBS} -lintl"]
- [AC_DEFINE(HAVE_DGETTEXT)])])
- ;;
- esac
fi
fi
if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then
AC_MSG_NOTICE([using AIX general authentication])
AC_DEFINE(HAVE_AIXAUTH)
- AUTH_OBJS="$AUTH_OBJS aix_auth.o";
- SUDO_LIBS="${SUDO_LIBS} -ls"
+ AUTH_OBJS="$AUTH_OBJS aix_auth.lo";
+ SUDOERS_LIBS="${SUDOERS_LIBS} -ls"
AUTH_EXCL=AIX_AUTH
fi
fi
dnl
if test ${with_bsdauth-'no'} != "no"; then
AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
- [AUTH_OBJS="$AUTH_OBJS bsdauth.o"]
- [AUTH_EXCL=BSD_AUTH; BAMAN=""],
+ [AUTH_OBJS="$AUTH_OBJS bsdauth.lo"]
+ [BSDAUTH_USAGE='[[-a auth_type]] ']
+ [AUTH_EXCL=BSD_AUTH; BAMAN=1],
[AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])])
fi
AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false])
if test "$found" = "true"; then
AUTH_EXCL=SIA
- AUTH_OBJS="$AUTH_OBJS sia.o"
+ AUTH_OBJS="$AUTH_OBJS sia.lo"
fi
fi
dnl
if test ${with_fwtk-'no'} != "no"; then
if test "$with_fwtk" != "yes"; then
- SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}])
+ SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_fwtk}])
CPPFLAGS="${CPPFLAGS} -I${with_fwtk}"
with_fwtk=yes
fi
- SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall"
- AUTH_OBJS="$AUTH_OBJS fwtk.o"
+ SUDOERS_LIBS="${SUDOERS_LIBS} -lauth -lfwall"
+ AUTH_OBJS="$AUTH_OBJS fwtk.lo"
fi
dnl
#
AC_CHECK_LIB(aceclnt, SD_Init,
[
- AUTH_OBJS="$AUTH_OBJS securid5.o";
- SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread"
+ AUTH_OBJS="$AUTH_OBJS securid5.lo";
+ SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread"
]
[
- SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}])
+ SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_SecurID}])
], [
- AUTH_OBJS="$AUTH_OBJS securid.o";
- SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a"
+ AUTH_OBJS="$AUTH_OBJS securid.lo";
+ SUDOERS_LIBS="${SUDOERS_LIBS} ${with_SecurID}/sdiclient.a"
],
[
-lpthread
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
- AC_PREPROC_IFELSE([#include <krb.h>], [found=yes; break])
+ AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]])], [found=yes; break])
done
test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
else
SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib])
- SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib])
+ SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb4}/lib])
CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
AC_CHECK_HEADER([krb.h], [found=yes], [found=no])
fi
AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [
AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"],
[K4LIBS="-lkrb $K4LIBS"]
- [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])]
+ [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDOERS_LDFLAGS and possibly add Kerberos libs to SUDOERS_LIBS])]
, [$K4LIBS])
], [$K4LIBS])
LDFLAGS="$O_LDFLAGS"
- SUDO_LIBS="${SUDO_LIBS} $K4LIBS"
- AUTH_OBJS="$AUTH_OBJS kerb4.o"
+ SUDOERS_LIBS="${SUDOERS_LIBS} $K4LIBS"
+ AUTH_OBJS="$AUTH_OBJS kerb4.lo"
fi
dnl
AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "")
if test -n "$KRB5CONFIG"; then
AC_DEFINE(HAVE_KERB5)
- AUTH_OBJS="$AUTH_OBJS kerb5.o"
+ AUTH_OBJS="$AUTH_OBJS kerb5.lo"
CPPFLAGS="$CPPFLAGS `krb5-config --cflags`"
- SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`"
+ SUDOERS_LIBS="$SUDOERS_LIBS `krb5-config --libs`"
dnl
dnl Try to determine whether we have Heimdal or MIT Kerberos
dnl
AC_MSG_RESULT(no)
]
)
- fi
-fi
-if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then
- AC_DEFINE(HAVE_KERB5)
- dnl
- dnl Use the specified directory, if any, else search for correct inc dir
- dnl
- if test "$with_kerb5" = "yes"; then
- found=no
- O_CPPFLAGS="$CPPFLAGS"
- for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
- CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
- AC_PREPROC_IFELSE([#include <krb5.h>], [found=yes; break])
- done
- if test X"$found" = X"no"; then
- CPPFLAGS="$O_CPPFLAGS"
- AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
- fi
else
- dnl XXX - try to include krb5.h here too
- SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib])
- CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
- fi
+ AC_DEFINE(HAVE_KERB5)
+ dnl
+ dnl Use the specified directory, if any, else search for correct inc dir
+ dnl
+ if test "$with_kerb5" = "yes"; then
+ found=no
+ O_CPPFLAGS="$CPPFLAGS"
+ for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do
+ CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
+ AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]])], [found=yes; break])
+ done
+ if test X"$found" = X"no"; then
+ CPPFLAGS="$O_CPPFLAGS"
+ AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
+ fi
+ else
+ dnl XXX - try to include krb5.h here too
+ SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb5}/lib])
+ CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include"
+ fi
- dnl
- dnl Try to determine whether we have Heimdal or MIT Kerberos
- dnl
- AC_MSG_CHECKING(whether we are using Heimdal)
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
- AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_HEIMDAL)
- SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
- AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"])
- ], [
- AC_MSG_RESULT(no)
- SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err"
- AC_CHECK_LIB(krb5support, main, [SUDO_LIBS="${SUDO_LIBS} -lkrb5support,"])
- ])
- AUTH_OBJS="$AUTH_OBJS kerb5.o"
+ dnl
+ dnl Try to determine whether we have Heimdal or MIT Kerberos
+ dnl
+ AC_MSG_CHECKING(whether we are using Heimdal)
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb5.h>]], [[const char *tmp = heimdal_version;]])], [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_HEIMDAL)
+ # XXX - need to check whether -lcrypo is needed!
+ SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1"
+ AC_CHECK_LIB(roken, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lroken"])
+ ], [
+ AC_MSG_RESULT(no)
+ SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lk5crypto -lcom_err"
+ AC_CHECK_LIB(krb5support, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5support"])
+ ])
+ AUTH_OBJS="$AUTH_OBJS kerb5.lo"
+ fi
_LIBS="$LIBS"
- LIBS="${LIBS} ${SUDO_LIBS}"
+ LIBS="${LIBS} ${SUDOERS_LIBS}"
AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context)
+ AC_CHECK_FUNCS(krb5_get_init_creds_opt_alloc, [
+ AC_CACHE_CHECK([whether krb5_get_init_creds_opt_free takes a context],
+ sudo_cv_krb5_get_init_creds_opt_free_two_args, [
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <krb5.h>]],
+ [[krb5_get_init_creds_opt_free(NULL, NULL);]]
+ )],
+ [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes],
+ [sudo_cv_krb5_get_init_creds_opt_free_two_args=no]
+ )
+ ]
+ )
+ ])
+ if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then
+ AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS)
+ fi
LIBS="$_LIBS"
fi
AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs"
for i in $AFSLIBDIRS; do
if test -d ${i}; then
- SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i])
+ SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [$i])
FOUND_AFSLIBDIR=true
fi
done
if test -z "$FOUND_AFSLIBDIR"; then
- AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.])
+ AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options.])
fi
# Order is important here. Note that we build AFS_LIBS from right to left
AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.])
fi
- AUTH_OBJS="$AUTH_OBJS afs.o"
+ AUTH_OBJS="$AUTH_OBJS afs.lo"
fi
dnl
dnl
if test ${with_DCE-'no'} = "yes"; then
DCE_OBJS="${DCE_OBJS} dce_pwent.o"
- SUDO_LIBS="${SUDO_LIBS} -ldce"
- AUTH_OBJS="$AUTH_OBJS dce.o"
+ SUDOERS_LIBS="${SUDOERS_LIBS} -ldce"
+ AUTH_OBJS="$AUTH_OBJS dce.lo"
fi
dnl
dnl extra S/Key lib and includes
dnl
-if test ${with_skey-'no'} = "yes"; then
+if test "${with_skey-'no'}" = "yes"; then
O_LDFLAGS="$LDFLAGS"
if test "$with_skey" != "yes"; then
CPPFLAGS="${CPPFLAGS} -I${with_skey}/include"
SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib])
- SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib])
- AC_PREPROC_IFELSE([#include <skey.h>], [found=yes], [found=no])
+ SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_skey}/lib])
+ AC_CHECK_HEADER([skey.h], [found=yes], [found=no], [#include <stdio.h>])
else
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "/usr/local" "/usr/contrib"; do
test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
- AC_PREPROC_IFELSE([#include <skey.h>], [found=yes; break])
+ AC_CHECK_HEADER([skey.h], [found=yes; break], [],
+ [#include <stdio.h>])
done
if test "$found" = "no" -o -z "$dir"; then
CPPFLAGS="$O_CPPFLAGS"
else
SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
- SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
+ SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib])
+ fi
+ if test "$found" = "no"; then
+ AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
fi
fi
- if test "$found" = "no"; then
- AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS])
- fi
- AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])])
+ AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS])])
AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS))
+
+ AC_MSG_CHECKING([for RFC1938-compliant skeychallenge])
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <stdio.h>
+ #include <skey.h>]],
+ [[skeychallenge(NULL, NULL, NULL, 0);]]
+ )], [
+ AC_DEFINE(HAVE_RFC1938_SKEYCHALLENGE)
+ AC_MSG_RESULT([yes])
+ ], [
+ AC_MSG_RESULT([no])
+ ]
+ )
+
LDFLAGS="$O_LDFLAGS"
- SUDO_LIBS="${SUDO_LIBS} -lskey"
- AUTH_OBJS="$AUTH_OBJS rfc1938.o"
+ SUDOERS_LIBS="${SUDOERS_LIBS} -lskey"
+ AUTH_OBJS="$AUTH_OBJS rfc1938.lo"
fi
dnl
dnl extra OPIE lib and includes
dnl
-if test ${with_opie-'no'} = "yes"; then
+if test "${with_opie-'no'}" = "yes"; then
O_LDFLAGS="$LDFLAGS"
if test "$with_opie" != "yes"; then
CPPFLAGS="${CPPFLAGS} -I${with_opie}/include"
SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib])
- SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib])
- AC_PREPROC_IFELSE([#include <opie.h>], [found=yes], [found=no])
+ SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_opie}/lib])
+ AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes], [found=no])
else
found=no
O_CPPFLAGS="$CPPFLAGS"
for dir in "" "/usr/local" "/usr/contrib"; do
test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include"
- AC_PREPROC_IFELSE([#include <opie.h>], [found=yes; break])
+ AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <opie.h>]])], [found=yes; break])
done
if test "$found" = "no" -o -z "$dir"; then
CPPFLAGS="$O_CPPFLAGS"
else
SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib])
- SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib])
+ SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib])
+ fi
+ if test "$found" = "no"; then
+ AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
fi
fi
- if test "$found" = "no"; then
- AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS])
- fi
- AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])])
+ AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS])])
LDFLAGS="$O_LDFLAGS"
- SUDO_LIBS="${SUDO_LIBS} -lopie"
- AUTH_OBJS="$AUTH_OBJS rfc1938.o"
+ SUDOERS_LIBS="${SUDOERS_LIBS} -lopie"
+ AUTH_OBJS="$AUTH_OBJS rfc1938.lo"
fi
dnl
dnl
dnl if crypt(3) not in libc, look elsewhere
dnl
- if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then
- AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
+ if test -z "$LIB_CRYPT"; then
+ _LIBS="$LIBS"
+ AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"])
+ LIBS="$_LIBS"
fi
if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then
found=no
AC_CHECK_FUNCS($shadow_funcs, [found=yes])
if test "$found" = "yes"; then
- SUDO_LIBS="$SUDO_LIBS $shadow_libs"
+ SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs"
elif test -n "$shadow_libs_optional"; then
LIBS="$LIBS $shadow_libs_optional"
AC_CHECK_FUNCS($shadow_funcs, [found=yes])
if test "$found" = "yes"; then
- SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional"
+ SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs $shadow_libs_optional"
fi
fi
if test "$found" = "yes"; then
CHECKSHADOW=false
fi
if test "$CHECKSHADOW" = "true"; then
- AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
+ AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"])
fi
if test "$CHECKSHADOW" = "true"; then
- AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"])
+ AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"])
fi
if test -n "$SECUREWARE"; then
AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs)
- AUTH_OBJS="$AUTH_OBJS secureware.o"
+ AUTH_OBJS="$AUTH_OBJS secureware.lo"
fi
fi
if test ${with_ldap-'no'} != "no"; then
_LDFLAGS="$LDFLAGS"
if test "$with_ldap" != "yes"; then
- SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib])
+ SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_ldap}/lib])
SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib])
CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include"
with_ldap=yes
fi
- SUDO_OBJS="${SUDO_OBJS} ldap.o"
+ SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo"
+ LDAP=""
AC_MSG_CHECKING([for LDAP libraries])
LDAP_LIBS=""
#include <lber.h>
#include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
done
+ if test "$found" = "no"; then
+ LDAP_LIBS=""
+ LIBS="$_LIBS"
+ for l in -libmldap -lidsldif; do
+ LIBS="${LIBS} $l"
+ LDAP_LIBS="${LDAP_LIBS} $l"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <sys/types.h>
+ #include <lber.h>
+ #include <ldap.h>]], [[(void)ldap_init(0, 0)]])], [found=yes; break])
+ done
+ fi
dnl if nothing linked just try with -lldap
if test "$found" = "no"; then
LIBS="${_LIBS} -lldap"
AC_MSG_RESULT([yes])
AC_DEFINE(HAVE_LBER_H)])
- AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength)
+ AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)], [break])
AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include <ldap.h>])
+ AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_client_init ldap_start_tls_s_np)
+ AC_CHECK_FUNCS(ldap_search_ext_s ldap_search_st, [break])
+
+ if test X"$check_gss_krb5_ccache_name" = X"yes"; then
+ AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,
+ AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
+ [LDAP_LIBS="${LDAP_LIBS} -lgssapi"],
+ AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,
+ AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME)
+ [LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"])
+ )
+
+ # gssapi headers may be separate or part of Kerberos V
+ found=no
+ O_CPPFLAGS="$CPPFLAGS"
+ for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do
+ test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
+ AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <gssapi/gssapi.h>]])], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <gssapi.h>]])], [found="gssapi.h"; break])])
+ done
+ if test X"$found" != X"no"; then
+ AC_CHECK_HEADERS([$found])
+ if test X"$found" = X"gssapi/gssapi.h"; then
+ AC_CHECK_HEADERS([gssapi/gssapi_krb5.h])
+ fi
+ else
+ CPPFLAGS="$O_CPPFLAGS"
+ AC_MSG_WARN([Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS])
+ fi
+ fi
- SUDO_LIBS="${SUDO_LIBS}${LDAP_LIBS}"
+ SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}"
LIBS="$_LIBS"
LDFLAGS="$_LDFLAGS"
- # XXX - OpenLDAP has deprecated ldap_get_values()
- CPPFLAGS="${CPPFLAGS} -DLDAP_DEPRECATED"
fi
+#
+# How to do dynamic object loading.
+# We support dlopen() and sh_load(), else fall back to static loading.
+#
+case "$lt_cv_dlopen" in
+ dlopen)
+ AC_DEFINE(HAVE_DLOPEN)
+ SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo"
+ LT_STATIC="--tag=disable-static"
+ ;;
+ shl_load)
+ AC_DEFINE(HAVE_SHL_LOAD)
+ SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo"
+ LT_STATIC="--tag=disable-static"
+ AC_LIBOBJ(dlopen)
+ ;;
+ *)
+ if test X"${ac_cv_func_dlopen}" = X"yes"; then
+ AC_MSG_ERROR(["dlopen present but libtool doesn't appear to support your platform."])
+ fi
+ # Preload sudoers module symbols
+ SUDO_OBJS="${SUDO_OBJS} preload.o"
+ SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la"
+ LT_STATIC=""
+ AC_LIBOBJ(dlopen)
+ ;;
+esac
+
+#
+# Add library needed for dynamic loading, if any.
+#
+LIBDL="$lt_cv_dlopen_libs"
+if test X"$LIBDL" != X""; then
+ SUDO_LIBS="${SUDO_LIBS} $LIBDL"
+ SUDOERS_LIBS="${SUDOERS_LIBS} $LIBDL"
+fi
+
+# On HP-UX, you cannot dlopen() a shared object that uses pthreads
+# unless the main program is linked against -lpthread. Since we
+# have no knowledge what libraries a plugin may depend on, we always
+# link against -lpthread on HP-UX if it is available.
+# This check should go after all other libraries tests.
+case "$host" in
+ *-*-hpux*)
+ AC_CHECK_LIB(pthread, main, [SUDO_LIBS="${SUDO_LIBS} -lpthread"])
+ ;;
+esac
+
dnl
-dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we
-dnl added -L dirpaths to SUDO_LDFLAGS.
+dnl Add $blibpath to SUDOERS_LDFLAGS if specified by the user or if we
+dnl added -L dirpaths to SUDOERS_LDFLAGS.
dnl
if test -n "$blibpath"; then
if test -n "$blibpath_add"; then
- SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
+ SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}"
elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then
- SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}"
+ SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}"
fi
fi
dnl
-dnl Check for log file and timestamp locations
+dnl Check for log file, timestamp and iolog locations
dnl
+if test "$utmp_style" = "LEGACY"; then
+ SUDO_PATH_UTMP
+fi
SUDO_LOGFILE
SUDO_TIMEDIR
+SUDO_IO_LOGDIR
dnl
-dnl Use passwd (and secureware) auth modules?
+dnl Use passwd auth module?
dnl
case "$with_passwd" in
yes|maybe)
- AUTH_OBJS="$AUTH_OBJS passwd.o"
+ AUTH_OBJS="$AUTH_OBJS getspwuid.lo passwd.lo"
;;
*)
AC_DEFINE(WITHOUT_PASSWD)
;;
esac
AUTH_OBJS=${AUTH_OBJS# }
-_AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'`
+_AUTH=`echo "$AUTH_OBJS" | sed -e 's/\.lo//g' -e 's/getspwuid *//'`
AC_MSG_NOTICE([using the following authentication methods: $_AUTH])
dnl
-dnl LIBS may contain duplicates from SUDO_LIBS or NET_LIBS so prune it.
+dnl LIBS may contain duplicates from SUDO_LIBS, SUDOERS_LIBS, or NET_LIBS
dnl
if test -n "$LIBS"; then
L="$LIBS"
LIBS=
for l in ${L}; do
dupe=0
- for sl in ${SUDO_LIBS} ${NET_LIBS}; do
+ for sl in ${SUDO_LIBS} ${SUDOERS_LIBS} ${NET_LIBS}; do
test $l = $sl && dupe=1
done
test $dupe = 0 && LIBS="${LIBS} $l"
done
fi
+dnl
+dnl We add -Wall and -Werror after all tests so they don't cause failures
+dnl
+if test -n "$GCC"; then
+ if test X"$enable_warnings" = X"yes" -o X"$with_devel" = X"yes"; then
+ CFLAGS="${CFLAGS} -Wall"
+ fi
+ if test X"$enable_werror" = X"yes"; then
+ CFLAGS="${CFLAGS} -Werror"
+ fi
+fi
+
dnl
dnl Set exec_prefix
dnl
test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)'
dnl
-dnl Defer setting _PATH_SUDO_NOEXEC and _PATH_SUDO_SESH
-dnl until after exec_prefix is set
+dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set
dnl XXX - this is gross!
dnl
if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then
fi
fi
if test X"$with_noexec" != X"no"; then
- PROGS="${PROGS} sudo_noexec.la"
+ PROGS="${PROGS} libsudo_noexec.la"
INSTALL_NOEXEC="install-noexec"
eval noexec_file="$with_noexec"
- AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
+ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
fi
if test X"$with_selinux" != X"no"; then
eval sesh_file="$libexecdir/sesh"
- AC_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
+ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
fi
+ eval PLUGINDIR="$with_plugindir"
+ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/")
+ SUDO_DEFINE_UNQUOTED(SUDOERS_PLUGIN, "sudoers${SOEXT}")
exec_prefix="$oexec_prefix"
fi
+dnl
+dnl Override default configure dirs for the Makefile
+dnl
+if test X"$prefix" = X"NONE"; then
+ test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man'
+else
+ test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man'
+fi
+test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin'
+test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin'
+test "$libexecdir" = '${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec'
+test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include'
+test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share'
+test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)'
+test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc'
+
dnl
dnl Substitute into the Makefile and man pages
dnl
-AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man])
+dnl AC_CONFIG_FILES([doc/sudo.man doc/visudo.man doc/sudoers.man doc/sudoers.ldap.man doc/sudoreplay.man src/Makefile src/sudo_usage.h])
+AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/sample_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers])
AC_OUTPUT
dnl
AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.])
AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.])
AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.])
+AH_TEMPLATE(SUDOERS_PLUGIN, [The name of the sudoers plugin, including extension.])
AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.])
+AH_TEMPLATE(ENV_DEBUG, [Define to 1 to enable environment function debugging.])
AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.])
AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.])
+AH_TEMPLATE(ENV_RESET, [Define to 1 to enable environment resetting by default.])
AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".])
AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.])
AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
+AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM audit support.])
AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.])
-AH_TEMPLATE(HAVE_DGETTEXT, [Define to 1 if you have the `dgettext' function.])
AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.])
+AH_TEMPLATE(HAVE_DLOPEN, [Define to 1 if you have the `dlopen' function.])
AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.])
AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.])
AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.])
AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)])
AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)])
AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)])
+AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.])
AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.])
AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if <netinet/in.h> contains struct in6_addr.])
AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.])
AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
+AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.])
+AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.])
+AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.])
+AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.])
AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs <lber.h>. (OpenLDAP does not)])
AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.])
+AH_TEMPLATE(HAVE_LIBINTL_H, [Define to 1 if you have the <libintl.h> header file.])
+AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.])
AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.])
AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.])
+AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.])
AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the <project.h> header file.])
AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.])
AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.])
-AH_TEMPLATE(HAVE_SIA, [Define to 1 if you use SIA authentication.])
+AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.])
+AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.])
AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if <signal.h> has the sigaction_t typedef.])
AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
+AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments])
AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union])
AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member])
AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member])
-AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the <termios.h> header file and the `tcgetattr' function.])
AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h])
-AH_TEMPLATE(HAVE_TIMESPECSUB2, [Define to 1 if you have a timespecsub macro or function that takes two arguments (not three)])
AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.])
AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.])
AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements])
AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.])
AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.])
AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.])
+AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support])
AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.])
AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
+AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.])
AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.])
AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.])
AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.])
AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.])
AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.])
+AH_TEMPLATE(UMASK_OVERRIDE, [Define to 1 to use the umask specified in sudoers even when it is less restrictive than the invoking user's.])
+AH_TEMPLATE(USE_ADMIN_FLAG, [Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo.])
AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.])
AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.])
-AH_TEMPLATE(USE_TTY_TICKETS, [Define to 1 if you want a different ticket file for each tty.])
AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.])
AH_TEMPLATE(sig_atomic_t, [Define to `int' if <signal.h> does not define.])
+AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.])
+AH_TEMPLATE(HAVE_STRUCT_UTMP_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmp'.])
+AH_TEMPLATE(HAVE_STRUCT_UTMPX_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmpx'.])
dnl
dnl Bits to copy verbatim into config.h.in
#define _SUDO_CONFIG_H])
AH_BOTTOM([/*
- * Macros to pull sec and nsec parts of mtime from struct stat.
- * We need to be able to convert between timeval and timespec
- * so the last 3 digits of tv_nsec are not significant.
+ * Macros to convert ctime and mtime into timevals.
*/
+#define timespec2timeval(_ts, _tv) do { \
+ (_tv)->tv_sec = (_ts)->tv_sec; \
+ (_tv)->tv_usec = (_ts)->tv_nsec / 1000; \
+} while (0)
+
#ifdef HAVE_ST_MTIM
# ifdef HAVE_ST__TIM
-# define mtim_getsec(_x) ((_x).st_mtim.st__tim.tv_sec)
-# define mtim_getnsec(_x) (((_x).st_mtim.st__tim.tv_nsec / 1000) * 1000)
+# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim.st__tim, (_y))
+# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim.st__tim, (_y))
# else
-# define mtim_getsec(_x) ((_x).st_mtim.tv_sec)
-# define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000)
+# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim, (_y))
+# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim, (_y))
# endif
#else
# ifdef HAVE_ST_MTIMESPEC
-# define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec)
-# define mtim_getnsec(_x) (((_x).st_mtimespec.tv_nsec / 1000) * 1000)
+# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctimespec, (_y))
+# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtimespec, (_y))
# else
-# define mtim_getsec(_x) ((_x).st_mtime)
-# define mtim_getnsec(_x) (0)
+# define ctim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_ctime; (_y)->tv_usec = 0; } while (0)
+# define mtim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_mtime; (_y)->tv_usec = 0; } while (0)
# endif /* HAVE_ST_MTIMESPEC */
#endif /* HAVE_ST_MTIM */
-/*
- * Emulate a subset of waitpid() if we don't have it.
- */
-#ifdef HAVE_WAITPID
-# define sudo_waitpid(p, s, o) waitpid(p, s, o)
-#else
-# ifdef HAVE_WAIT3
-# define sudo_waitpid(p, s, o) wait3(s, o, NULL)
-# endif
-#endif
-
/* GNU stow needs /etc/sudoers to be a symlink. */
#ifdef USE_STOW
# define stat_sudoers stat
#undef ISSET
#define ISSET(t, f) ((t) & (f))
-/* New ANSI-style OS defs for HP-UX and ConvexOS. */
+/* ANSI-style OS defs for HP-UX and ConvexOS. */
#if defined(hpux) && !defined(__hpux)
# define __hpux 1
#endif /* hpux */