X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=configure.in;h=6ec6016e5afb9ffc1556a4c76437fa06a068f407;hb=HEAD;hp=6b09b5f18fd535788bc7c6ed76428e6673ea26ab;hpb=812709a155f4e8ca2a6b6070bad027a372835857;p=debian%2Fsudo diff --git a/configure.in b/configure.in index 6b09b5f..6ec6016 100644 --- a/configure.in +++ b/configure.in @@ -1,97 +1,123 @@ dnl dnl Process this file with GNU autoconf to produce a configure script. -dnl $Sudo: configure.in,v 1.538 2008/12/09 21:13:01 millert Exp $ dnl -dnl Copyright (c) 1994-1996,1998-2008 Todd C. Miller +dnl Copyright (c) 1994-1996,1998-2012 Todd C. Miller dnl -AC_INIT([sudo], [1.7]) -AC_CONFIG_HEADER(config.h pathnames.h) +AC_INIT([sudo], [1.8.5p2], [http://www.sudo.ws/bugs/], [sudo]) +AC_CONFIG_HEADER([config.h pathnames.h]) dnl -dnl This won't work before AC_INIT +dnl Note: this must come after AC_INIT dnl -AC_MSG_NOTICE([Configuring Sudo version 1.7]) +AC_MSG_NOTICE([Configuring Sudo version $PACKAGE_VERSION]) dnl dnl Variables that get substituted in the Makefile and man pages dnl -AC_SUBST(LIBTOOL) -AC_SUBST(CFLAGS) -AC_SUBST(PROGS) -AC_SUBST(CPPFLAGS) -AC_SUBST(LDFLAGS) -AC_SUBST(SUDO_LDFLAGS) -AC_SUBST(SUDO_OBJS) -AC_SUBST(LIBS) -AC_SUBST(SUDO_LIBS) -AC_SUBST(NET_LIBS) -AC_SUBST(AFS_LIBS) -AC_SUBST(GETGROUPS_LIB) -AC_SUBST(OSDEFS) -AC_SUBST(AUTH_OBJS) -AC_SUBST(MANTYPE) -AC_SUBST(MAN_POSTINSTALL) -AC_SUBST(SUDOERS_MODE) -AC_SUBST(SUDOERS_UID) -AC_SUBST(SUDOERS_GID) -AC_SUBST(DEV) -AC_SUBST(SELINUX) -AC_SUBST(BAMAN) -AC_SUBST(LCMAN) -AC_SUBST(SEMAN) -AC_SUBST(devdir) -AC_SUBST(mansectsu) -AC_SUBST(mansectform) -AC_SUBST(mansrcdir) -AC_SUBST(NOEXECFILE) -AC_SUBST(NOEXECDIR) -AC_SUBST(noexec_file) -AC_SUBST(INSTALL_NOEXEC) -AC_SUBST(DONT_LEAK_PATH_INFO) -AC_SUBST(BSDAUTH_USAGE) -AC_SUBST(SELINUX_USAGE) -AC_SUBST(LDAP) -AC_SUBST(LOGINCAP_USAGE) +AC_SUBST([HAVE_BSM_AUDIT]) +AC_SUBST([SHELL]) +AC_SUBST([LIBTOOL]) +AC_SUBST([CFLAGS]) +AC_SUBST([PROGS]) +AC_SUBST([CPPFLAGS]) +AC_SUBST([LDFLAGS]) +AC_SUBST([SUDOERS_LDFLAGS]) +AC_SUBST([LTLDFLAGS]) +AC_SUBST([COMMON_OBJS]) +AC_SUBST([SUDOERS_OBJS]) +AC_SUBST([SUDO_OBJS]) +AC_SUBST([LIBS]) +AC_SUBST([SUDO_LIBS]) +AC_SUBST([SUDOERS_LIBS]) +AC_SUBST([NET_LIBS]) +AC_SUBST([AFS_LIBS]) +AC_SUBST([REPLAY_LIBS]) +AC_SUBST([GETGROUPS_LIB]) +AC_SUBST([OSDEFS]) +AC_SUBST([AUTH_OBJS]) +AC_SUBST([MANTYPE]) +AC_SUBST([MAN_POSTINSTALL]) +AC_SUBST([SUDOERS_MODE]) +AC_SUBST([SUDOERS_UID]) +AC_SUBST([SUDOERS_GID]) +AC_SUBST([DEVEL]) +AC_SUBST([BAMAN]) +AC_SUBST([LCMAN]) +AC_SUBST([SEMAN]) +AC_SUBST([devdir]) +AC_SUBST([mansectsu]) +AC_SUBST([mansectform]) +AC_SUBST([mansrcdir]) +AC_SUBST([NOEXECFILE]) +AC_SUBST([NOEXECDIR]) +AC_SUBST([PLUGINDIR]) +AC_SUBST([SOEXT]) +AC_SUBST([noexec_file]) +AC_SUBST([INSTALL_NOEXEC]) +AC_SUBST([DONT_LEAK_PATH_INFO]) +AC_SUBST([BSDAUTH_USAGE]) +AC_SUBST([SELINUX_USAGE]) +AC_SUBST([LDAP]) +AC_SUBST([LOGINCAP_USAGE]) +AC_SUBST([ZLIB]) +AC_SUBST([ZLIB_SRC]) +AC_SUBST([LIBTOOL_DEPS]) +AC_SUBST([ac_config_libobj_dir]) +AC_SUBST([CONFIGURE_ARGS]) +AC_SUBST([LIBDL]) +AC_SUBST([LT_STATIC]) +AC_SUBST([LIBINTL]) +AC_SUBST([SUDO_NLS]) +AC_SUBST([COMPAT_TEST_PROGS]) dnl dnl Variables that get substituted in docs (not overridden by environment) dnl -AC_SUBST(timedir)dnl initial value from SUDO_TIMEDIR -AC_SUBST(timeout) -AC_SUBST(password_timeout) -AC_SUBST(sudo_umask) -AC_SUBST(passprompt) -AC_SUBST(long_otp_prompt) -AC_SUBST(lecture) -AC_SUBST(logfac) -AC_SUBST(goodpri) -AC_SUBST(badpri) -AC_SUBST(loglen) -AC_SUBST(ignore_dot) -AC_SUBST(mail_no_user) -AC_SUBST(mail_no_host) -AC_SUBST(mail_no_perms) -AC_SUBST(mailto) -AC_SUBST(mailsub) -AC_SUBST(badpass_message) -AC_SUBST(fqdn) -AC_SUBST(runas_default) -AC_SUBST(env_editor) -AC_SUBST(passwd_tries) -AC_SUBST(tty_tickets) -AC_SUBST(insults) -AC_SUBST(root_sudo) -AC_SUBST(path_info) -AC_SUBST(ldap_conf) -AC_SUBST(ldap_secret) -AC_SUBST(nsswitch_conf) -dnl -dnl Initial values for above -dnl +AC_SUBST([iolog_dir])dnl real initial value from SUDO_IO_LOGDIR +AC_SUBST([timedir])dnl real initial value from SUDO_TIMEDIR +AC_SUBST([timeout]) +AC_SUBST([password_timeout]) +AC_SUBST([sudo_umask]) +AC_SUBST([umask_override]) +AC_SUBST([passprompt]) +AC_SUBST([long_otp_prompt]) +AC_SUBST([lecture]) +AC_SUBST([logfac]) +AC_SUBST([goodpri]) +AC_SUBST([badpri]) +AC_SUBST([loglen]) +AC_SUBST([ignore_dot]) +AC_SUBST([mail_no_user]) +AC_SUBST([mail_no_host]) +AC_SUBST([mail_no_perms]) +AC_SUBST([mailto]) +AC_SUBST([mailsub]) +AC_SUBST([badpass_message]) +AC_SUBST([fqdn]) +AC_SUBST([runas_default]) +AC_SUBST([env_editor]) +AC_SUBST([env_reset]) +AC_SUBST([passwd_tries]) +AC_SUBST([tty_tickets]) +AC_SUBST([insults]) +AC_SUBST([root_sudo]) +AC_SUBST([path_info]) +AC_SUBST([ldap_conf]) +AC_SUBST([ldap_secret]) +AC_SUBST([nsswitch_conf]) +AC_SUBST([netsvc_conf]) +AC_SUBST([secure_path]) +AC_SUBST([editor]) +# +# Begin initial values for man page substitution +# +iolog_dir=/var/log/sudo-io +timedir=/var/adm/sudo timeout=5 password_timeout=5 sudo_umask=0022 +umask_override=off passprompt="Password:" long_otp_prompt=off lecture=once -logfac=local2 +logfac=auth goodpri=notice badpri=alert loglen=80 @@ -100,39 +126,53 @@ mail_no_user=on mail_no_host=off mail_no_perms=off mailto=root -mailsub='*** SECURITY information for %h ***' -badpass_message='Sorry, try again.' +mailsub="*** SECURITY information for %h ***" +badpass_message="Sorry, try again." fqdn=off runas_default=root env_editor=off +env_reset=on +editor=vi passwd_tries=3 -tty_tickets=off +tty_tickets=on insults=off root_sudo=on path_info=on -INSTALL_NOEXEC= -devdir='$(srcdir)' +ldap_conf=/etc/ldap.conf +ldap_secret=/etc/ldap.secret +netsvc_conf=/etc/netsvc.conf +noexec_file=/usr/local/libexec/sudo_noexec.so +nsswitch_conf=/etc/nsswitch.conf +secure_path="not set" +# +# End initial values for man page substitution +# dnl dnl Initial values for Makefile variables listed above dnl May be overridden by environment variables.. dnl -PROGS="sudo visudo" +INSTALL_NOEXEC= +devdir='$(srcdir)' +PROGS="sudo" : ${MANTYPE='man'} : ${mansrcdir='.'} : ${SUDOERS_MODE='0440'} : ${SUDOERS_UID='0'} : ${SUDOERS_GID='0'} -DEV="#" +DEVEL= LDAP="#" -SELINUX="#" -BAMAN='.\" ' -LCMAN='.\" ' -SEMAN='.\" ' +BAMAN=0 +LCMAN=0 +SEMAN=0 +LIBINTL= +ZLIB= +ZLIB_SRC= AUTH_OBJS= AUTH_REG= AUTH_EXCL= AUTH_EXCL_DEF= AUTH_DEF=passwd +SUDO_NLS=disabled dnl dnl Other vaiables @@ -142,31 +182,33 @@ shadow_defs= shadow_funcs= shadow_libs= shadow_libs_optional= +CONFIGURE_ARGS="$@" dnl -dnl Override default configure dirs... +dnl LD_PRELOAD equivalents dnl -if test X"$prefix" = X"NONE"; then - test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man' -else - test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man' -fi -test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' -test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' -test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' +RTLD_PRELOAD_VAR="LD_PRELOAD" +RTLD_PRELOAD_ENABLE_VAR= +RTLD_PRELOAD_DELIM=":" +RTLD_PRELOAD_DEFAULT= + +dnl +dnl libc replacement functions live in compat +dnl +AC_CONFIG_LIBOBJ_DIR(compat) dnl dnl Deprecated --with options (these all warn or generate an error) dnl -AC_ARG_WITH(otp-only, [ --with-otp-only deprecated], +AC_ARG_WITH(otp-only, [AS_HELP_STRING([--with-otp-only], [deprecated])], [case $with_otp_only in yes) with_passwd="no" AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd]) ;; esac]) -AC_ARG_WITH(alertmail, [ --with-alertmail deprecated], +AC_ARG_WITH(alertmail, [AS_HELP_STRING([--with-alertmail], [deprecated])], [case $with_alertmail in *) with_mailto="$with_alertmail" AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto]) @@ -177,31 +219,72 @@ dnl dnl Options for --with dnl -AC_ARG_WITH(CC, [ --with-CC C compiler to use], -[case $with_CC in - yes) AC_MSG_ERROR(["must give --with-CC an argument."]) +AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])], +[case $with_devel in + yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc]) + OSDEFS="${OSDEFS} -DSUDO_DEVEL" + DEVEL="true" + devdir=. ;; - no) AC_MSG_ERROR(["illegal argument: --without-CC."]) + no) ;; + *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel]) ;; - *) CC=$with_CC +esac]) + +AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])], +[case $with_CC in + *) AC_MSG_ERROR([the --with-CC option is no longer supported, please set the CC environment variable instead.]) ;; esac]) -AC_ARG_WITH(rpath, [ --with-rpath pass -R flag in addition to -L for lib paths], +AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [pass -R flag in addition to -L for lib paths])], [case $with_rpath in yes|no) ;; *) AC_MSG_ERROR(["--with-rpath does not take an argument."]) ;; esac]) -AC_ARG_WITH(blibpath, [ --with-blibpath[=PATH] pass -blibpath flag to ld for additional lib paths], +AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [pass -blibpath flag to ld for additional lib paths])], [case $with_blibpath in yes|no) ;; *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.]) ;; esac]) -AC_ARG_WITH(incpath, [ --with-incpath additional places to look for include files], +dnl +dnl Handle BSM auditing support. +dnl +AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit support])], +[case $with_bsm_audit in + yes) AC_DEFINE(HAVE_BSM_AUDIT) + SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm" + SUDOERS_OBJS="${SUDOERS_OBJS} bsm_audit.lo" + ;; + no) ;; + *) AC_MSG_ERROR(["--with-bsm-audit does not take an argument."]) + ;; +esac]) + +dnl +dnl Handle Linux auditing support. +dnl +AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux-audit], [enable Linux audit support])], +[case $with_linux_audit in + yes) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[int i = AUDIT_USER_CMD; (void)i;]])], [ + AC_DEFINE(HAVE_LINUX_AUDIT) + SUDO_LIBS="${SUDO_LIBS} -laudit" + SUDOERS_LIBS="${SUDO_LIBS} -laudit" + SUDOERS_OBJS="${SUDOERS_OBJS} linux_audit.lo" + ], [ + AC_MSG_ERROR([unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit]) + ]) + ;; + no) ;; + *) AC_MSG_ERROR(["--with-linux-audit does not take an argument."]) + ;; +esac]) + +AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])], [case $with_incpath in yes) AC_MSG_ERROR(["must give --with-incpath an argument."]) ;; @@ -214,7 +297,7 @@ AC_ARG_WITH(incpath, [ --with-incpath additional places to look for in ;; esac]) -AC_ARG_WITH(libpath, [ --with-libpath additional places to look for libraries], +AC_ARG_WITH(libpath, [AS_HELP_STRING([--with-libpath], [additional places to look for libraries])], [case $with_libpath in yes) AC_MSG_ERROR(["must give --with-libpath an argument."]) ;; @@ -224,7 +307,7 @@ AC_ARG_WITH(libpath, [ --with-libpath additional places to look for li ;; esac]) -AC_ARG_WITH(libraries, [ --with-libraries additional libraries to link with], +AC_ARG_WITH(libraries, [AS_HELP_STRING([--with-libraries], [additional libraries to link with])], [case $with_libraries in yes) AC_MSG_ERROR(["must give --with-libraries an argument."]) ;; @@ -234,20 +317,7 @@ AC_ARG_WITH(libraries, [ --with-libraries additional libraries to link w ;; esac]) -AC_ARG_WITH(devel, [ --with-devel add development options], -[case $with_devel in - yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc]) - PROGS="${PROGS} testsudoers" - OSDEFS="${OSDEFS} -DSUDO_DEVEL" - DEV="" - devdir=. - ;; - no) ;; - *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel]) - ;; -esac]) - -AC_ARG_WITH(efence, [ --with-efence link with -lefence for malloc() debugging], +AC_ARG_WITH(efence, [AS_HELP_STRING([--with-efence], [link with -lefence for malloc() debugging])], [case $with_efence in yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)]) LIBS="${LIBS} -lefence" @@ -260,7 +330,7 @@ AC_ARG_WITH(efence, [ --with-efence link with -lefence for malloc() d ;; esac]) -AC_ARG_WITH(csops, [ --with-csops add CSOps standard options], +AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])], [case $with_csops in yes) AC_MSG_NOTICE([Adding CSOps standard options]) CHECKSIA=false @@ -277,7 +347,7 @@ AC_ARG_WITH(csops, [ --with-csops add CSOps standard options], ;; esac]) -AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for authentication], +AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])], [case $with_passwd in yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication) AC_MSG_RESULT($with_passwd) @@ -288,10 +358,9 @@ AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for ;; esac]) -AC_ARG_WITH(skey, [ --with-skey[=DIR] enable S/Key support ], +AC_ARG_WITH(skey, [AS_HELP_STRING([--with-skey[=DIR]], [enable S/Key support ])], [case $with_skey in - no) with_skey="" - ;; + no) ;; *) AC_DEFINE(HAVE_SKEY) AC_MSG_CHECKING(whether to try S/Key authentication) AC_MSG_RESULT(yes) @@ -299,10 +368,9 @@ AC_ARG_WITH(skey, [ --with-skey[=DIR] enable S/Key support ], ;; esac]) -AC_ARG_WITH(opie, [ --with-opie[=DIR] enable OPIE support ], +AC_ARG_WITH(opie, [AS_HELP_STRING([--with-opie[=DIR]], [enable OPIE support ])], [case $with_opie in - no) with_opie="" - ;; + no) ;; *) AC_DEFINE(HAVE_OPIE) AC_MSG_CHECKING(whether to try NRL OPIE authentication) AC_MSG_RESULT(yes) @@ -310,7 +378,7 @@ AC_ARG_WITH(opie, [ --with-opie[=DIR] enable OPIE support ], ;; esac]) -AC_ARG_WITH(long-otp-prompt, [ --with-long-otp-prompt use a two line OTP (skey/opie) prompt], +AC_ARG_WITH(long-otp-prompt, [AS_HELP_STRING([--with-long-otp-prompt], [use a two line OTP (skey/opie) prompt])], [case $with_long_otp_prompt in yes) AC_DEFINE(LONG_OTP_PROMPT) AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication) @@ -323,9 +391,9 @@ AC_ARG_WITH(long-otp-prompt, [ --with-long-otp-prompt use a two line OTP (skey ;; esac]) -AC_ARG_WITH(SecurID, [ --with-SecurID[[=DIR]] enable SecurID support], +AC_ARG_WITH(SecurID, [AS_HELP_STRING([--with-SecurID[[=DIR]]], [enable SecurID support])], [case $with_SecurID in - no) with_SecurID="";; + no) ;; *) AC_DEFINE(HAVE_SECURID) AC_MSG_CHECKING(whether to use SecurID for authentication) AC_MSG_RESULT(yes) @@ -333,9 +401,9 @@ AC_ARG_WITH(SecurID, [ --with-SecurID[[=DIR]] enable SecurID support], ;; esac]) -AC_ARG_WITH(fwtk, [ --with-fwtk[[=DIR]] enable FWTK AuthSRV support], +AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]]], [enable FWTK AuthSRV support])], [case $with_fwtk in - no) with_fwtk="";; + no) ;; *) AC_DEFINE(HAVE_FWTK) AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication) AC_MSG_RESULT(yes) @@ -343,25 +411,16 @@ AC_ARG_WITH(fwtk, [ --with-fwtk[[=DIR]] enable FWTK AuthSRV support], ;; esac]) -AC_ARG_WITH(kerb4, [ --with-kerb4[[=DIR]] enable Kerberos IV support], -[case $with_kerb4 in - no) with_kerb4="";; - *) AC_MSG_CHECKING(whether to try kerberos IV authentication) - AC_MSG_RESULT(yes) - AUTH_REG="$AUTH_REG kerb4" - ;; -esac]) - -AC_ARG_WITH(kerb5, [ --with-kerb5[[=DIR]] enable Kerberos V support], +AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])], [case $with_kerb5 in - no) with_kerb5="";; + no) ;; *) AC_MSG_CHECKING(whether to try Kerberos V authentication) AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG kerb5" ;; esac]) -AC_ARG_WITH(aixauth, [ --with-aixauth enable AIX general authentication support], +AC_ARG_WITH(aixauth, [AS_HELP_STRING([--with-aixauth], [enable AIX general authentication support])], [case $with_aixauth in yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";; no) ;; @@ -369,7 +428,7 @@ AC_ARG_WITH(aixauth, [ --with-aixauth enable AIX general authenticatio ;; esac]) -AC_ARG_WITH(pam, [ --with-pam enable PAM support], +AC_ARG_WITH(pam, [AS_HELP_STRING([--with-pam], [enable PAM support])], [case $with_pam in yes) AUTH_EXCL="$AUTH_EXCL PAM";; no) ;; @@ -377,7 +436,7 @@ AC_ARG_WITH(pam, [ --with-pam enable PAM support], ;; esac]) -AC_ARG_WITH(AFS, [ --with-AFS enable AFS support], +AC_ARG_WITH(AFS, [AS_HELP_STRING([--with-AFS], [enable AFS support])], [case $with_AFS in yes) AC_DEFINE(HAVE_AFS) AC_MSG_CHECKING(whether to try AFS (kerberos) authentication) @@ -389,7 +448,7 @@ AC_ARG_WITH(AFS, [ --with-AFS enable AFS support], ;; esac]) -AC_ARG_WITH(DCE, [ --with-DCE enable DCE support], +AC_ARG_WITH(DCE, [AS_HELP_STRING([--with-DCE], [enable DCE support])], [case $with_DCE in yes) AC_DEFINE(HAVE_DCE) AC_MSG_CHECKING(whether to try DCE (kerberos) authentication) @@ -401,14 +460,14 @@ AC_ARG_WITH(DCE, [ --with-DCE enable DCE support], ;; esac]) -AC_ARG_WITH(logincap, [ --with-logincap enable BSD login class support], +AC_ARG_WITH(logincap, [AS_HELP_STRING([--with-logincap], [enable BSD login class support])], [case $with_logincap in yes|no) ;; *) AC_MSG_ERROR(["--with-logincap does not take an argument."]) ;; esac]) -AC_ARG_WITH(bsdauth, [ --with-bsdauth enable BSD authentication support], +AC_ARG_WITH(bsdauth, [AS_HELP_STRING([--with-bsdauth], [enable BSD authentication support])], [case $with_bsdauth in yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";; no) ;; @@ -416,7 +475,7 @@ AC_ARG_WITH(bsdauth, [ --with-bsdauth enable BSD authentication suppor ;; esac]) -AC_ARG_WITH(project, [ --with-project enable Solaris project support], +AC_ARG_WITH(project, [AS_HELP_STRING([--with-project], [enable Solaris project support])], [case $with_project in yes|no) ;; no) ;; @@ -425,7 +484,7 @@ AC_ARG_WITH(project, [ --with-project enable Solaris project support], esac]) AC_MSG_CHECKING(whether to lecture users the first time they run sudo) -AC_ARG_WITH(lecture, [ --without-lecture don't print lecture for first-time sudoer], +AC_ARG_WITH(lecture, [AS_HELP_STRING([--without-lecture], [don't print lecture for first-time sudoer])], [case $with_lecture in yes|short|always) lecture=once ;; @@ -442,7 +501,7 @@ else fi AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default) -AC_ARG_WITH(logging, [ --with-logging log via syslog, file, or both], +AC_ARG_WITH(logging, [AS_HELP_STRING([--with-logging], [log via syslog, file, or both])], [case $with_logging in yes) AC_MSG_ERROR(["must give --with-logging an argument."]) ;; @@ -461,8 +520,7 @@ AC_ARG_WITH(logging, [ --with-logging log via syslog, file, or both], ;; esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)]) -AC_MSG_CHECKING(which syslog facility sudo should log with) -AC_ARG_WITH(logfac, [ --with-logfac syslog facility to log with (default is "local2")], +AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "auth")])], [case $with_logfac in yes) AC_MSG_ERROR(["must give --with-logfac an argument."]) ;; @@ -473,11 +531,9 @@ AC_ARG_WITH(logfac, [ --with-logfac syslog facility to log with (defa *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."]) ;; esac]) -AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.]) -AC_MSG_RESULT($logfac) AC_MSG_CHECKING(at which syslog priority to log commands) -AC_ARG_WITH(goodpri, [ --with-goodpri syslog priority for commands (def is "notice")], +AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])], [case $with_goodpri in yes) AC_MSG_ERROR(["must give --with-goodpri an argument."]) ;; @@ -493,7 +549,7 @@ AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use f AC_MSG_RESULT($goodpri) AC_MSG_CHECKING(at which syslog priority to log failures) -AC_ARG_WITH(badpri, [ --with-badpri syslog priority for failures (def is "alert")], +AC_ARG_WITH(badpri, [AS_HELP_STRING([--with-badpri], [syslog priority for failures (def is "alert")])], [case $with_badpri in yes) AC_MSG_ERROR(["must give --with-badpri an argument."]) ;; @@ -508,7 +564,7 @@ esac]) AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.]) AC_MSG_RESULT($badpri) -AC_ARG_WITH(logpath, [ --with-logpath path to the sudo log file], +AC_ARG_WITH(logpath, [AS_HELP_STRING([--with-logpath], [path to the sudo log file])], [case $with_logpath in yes) AC_MSG_ERROR(["must give --with-logpath an argument."]) ;; @@ -517,7 +573,7 @@ AC_ARG_WITH(logpath, [ --with-logpath path to the sudo log file], esac]) AC_MSG_CHECKING(how long a line in the log file should be) -AC_ARG_WITH(loglen, [ --with-loglen maximum length of a log file line (default is 80)], +AC_ARG_WITH(loglen, [AS_HELP_STRING([--with-loglen], [maximum length of a log file line (default is 80)])], [case $with_loglen in yes) AC_MSG_ERROR(["must give --with-loglen an argument."]) ;; @@ -532,7 +588,7 @@ AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file AC_MSG_RESULT($loglen) AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH) -AC_ARG_WITH(ignore-dot, [ --with-ignore-dot ignore '.' in the PATH], +AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [ignore '.' in the PATH])], [case $with_ignore_dot in yes) ignore_dot=on ;; @@ -549,7 +605,7 @@ else fi AC_MSG_CHECKING(whether to send mail when a user is not in sudoers) -AC_ARG_WITH(mail-if-no-user, [ --without-mail-if-no-user do not send mail if user not in sudoers], +AC_ARG_WITH(mail-if-no-user, [AS_HELP_STRING([--without-mail-if-no-user], [do not send mail if user not in sudoers])], [case $with_mail_if_no_user in yes) mail_no_user=on ;; @@ -566,7 +622,7 @@ else fi AC_MSG_CHECKING(whether to send mail when user listed but not for this host) -AC_ARG_WITH(mail-if-no-host, [ --with-mail-if-no-host send mail if user in sudoers but not for this host], +AC_ARG_WITH(mail-if-no-host, [AS_HELP_STRING([--with-mail-if-no-host], [send mail if user in sudoers but not for this host])], [case $with_mail_if_no_host in yes) mail_no_host=on ;; @@ -583,7 +639,7 @@ else fi AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command) -AC_ARG_WITH(mail-if-noperms, [ --with-mail-if-noperms send mail if user not allowed to run command], +AC_ARG_WITH(mail-if-noperms, [AS_HELP_STRING([--with-mail-if-noperms], [send mail if user not allowed to run command])], [case $with_mail_if_noperms in yes) mail_noperms=on ;; @@ -600,7 +656,7 @@ else fi AC_MSG_CHECKING(who should get the mail that sudo sends) -AC_ARG_WITH(mailto, [ --with-mailto who should get sudo mail (default is "root")], +AC_ARG_WITH(mailto, [AS_HELP_STRING([--with-mailto], [who should get sudo mail (default is "root")])], [case $with_mailto in yes) AC_MSG_ERROR(["must give --with-mailto an argument."]) ;; @@ -612,7 +668,7 @@ esac]) AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.]) AC_MSG_RESULT([$mailto]) -AC_ARG_WITH(mailsubject, [ --with-mailsubject subject of sudo mail], +AC_ARG_WITH(mailsubject, [AS_HELP_STRING([--with-mailsubject], [subject of sudo mail])], [case $with_mailsubject in yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."]) ;; @@ -626,7 +682,7 @@ esac]) AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.]) AC_MSG_CHECKING(for bad password prompt) -AC_ARG_WITH(passprompt, [ --with-passprompt default password prompt], +AC_ARG_WITH(passprompt, [AS_HELP_STRING([--with-passprompt], [default password prompt])], [case $with_passprompt in yes) AC_MSG_ERROR(["must give --with-passprompt an argument."]) ;; @@ -638,7 +694,7 @@ AC_MSG_RESULT($passprompt) AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.]) AC_MSG_CHECKING(for bad password message) -AC_ARG_WITH(badpass-message, [ --with-badpass-message message the user sees when the password is wrong], +AC_ARG_WITH(badpass-message, [AS_HELP_STRING([--with-badpass-message], [message the user sees when the password is wrong])], [case $with_badpass_message in yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."]) ;; @@ -651,7 +707,7 @@ AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given wh AC_MSG_RESULT([$badpass_message]) AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers) -AC_ARG_WITH(fqdn, [ --with-fqdn expect fully qualified hosts in sudoers], +AC_ARG_WITH(fqdn, [AS_HELP_STRING([--with-fqdn], [expect fully qualified hosts in sudoers])], [case $with_fqdn in yes) fqdn=on ;; @@ -667,7 +723,7 @@ else AC_MSG_RESULT(no) fi -AC_ARG_WITH(timedir, [ --with-timedir path to the sudo timestamp dir], +AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir], [path to the sudo timestamp dir])], [case $with_timedir in yes) AC_MSG_ERROR(["must give --with-timedir an argument."]) ;; @@ -675,8 +731,15 @@ AC_ARG_WITH(timedir, [ --with-timedir path to the sudo timestamp dir], ;; esac]) -AC_ARG_WITH(sendmail, [ --with-sendmail=path set path to sendmail - --without-sendmail do not send mail at all], +AC_ARG_WITH(iologdir, [AS_HELP_STRING([--with-iologdir=DIR], [directory to store sudo I/O log files in])], +[case $with_iologdir in + yes) ;; + no) AC_MSG_ERROR(["--without-iologdir not supported."]) + ;; +esac]) + +AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail]) +AS_HELP_STRING([--without-sendmail], [do not send mail at all])], [case $with_sendmail in yes) with_sendmail="" ;; @@ -685,7 +748,7 @@ AC_ARG_WITH(sendmail, [ --with-sendmail=path set path to sendmail ;; esac]) -AC_ARG_WITH(sudoers-mode, [ --with-sudoers-mode mode of sudoers file (defaults to 0440)], +AC_ARG_WITH(sudoers-mode, [AS_HELP_STRING([--with-sudoers-mode], [mode of sudoers file (defaults to 0440)])], [case $with_sudoers_mode in yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."]) ;; @@ -699,7 +762,7 @@ AC_ARG_WITH(sudoers-mode, [ --with-sudoers-mode mode of sudoers file (defau ;; esac]) -AC_ARG_WITH(sudoers-uid, [ --with-sudoers-uid uid that owns sudoers file (defaults to 0)], +AC_ARG_WITH(sudoers-uid, [AS_HELP_STRING([--with-sudoers-uid], [uid that owns sudoers file (defaults to 0)])], [case $with_sudoers_uid in yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."]) ;; @@ -711,7 +774,7 @@ AC_ARG_WITH(sudoers-uid, [ --with-sudoers-uid uid that owns sudoers file ( ;; esac]) -AC_ARG_WITH(sudoers-gid, [ --with-sudoers-gid gid that owns sudoers file (defaults to 0)], +AC_ARG_WITH(sudoers-gid, [AS_HELP_STRING([--with-sudoers-gid], [gid that owns sudoers file (defaults to 0)])], [case $with_sudoers_gid in yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."]) ;; @@ -724,8 +787,8 @@ AC_ARG_WITH(sudoers-gid, [ --with-sudoers-gid gid that owns sudoers file ( esac]) AC_MSG_CHECKING(for umask programs should be run with) -AC_ARG_WITH(umask, [ --with-umask umask with which the prog should run (default is 022) - --without-umask Preserves the umask of the user invoking sudo.], +AC_ARG_WITH(umask, [AS_HELP_STRING([--with-umask], [umask with which the prog should run (default is 022)]) +AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo.])], [case $with_umask in yes) AC_MSG_ERROR(["must give --with-umask an argument."]) ;; @@ -736,15 +799,26 @@ AC_ARG_WITH(umask, [ --with-umask umask with which the prog should r *) AC_MSG_ERROR(["you must enter a numeric mask."]) ;; esac]) -AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.]) +AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the sudo-run prog should use.]) if test "$sudo_umask" = "0777"; then AC_MSG_RESULT(user) else AC_MSG_RESULT($sudo_umask) fi +AC_ARG_WITH(umask-override, [AS_HELP_STRING([--with-umask-override], [Use the umask specified in sudoers even if it is less restrictive than the user's.])], +[case $with_umask_override in + yes) AC_DEFINE(UMASK_OVERRIDE) + umask_override=on + ;; + no) umask_override=off + ;; + *) AC_MSG_ERROR(["--with-umask-override does not take an argument."]) + ;; +esac]) + AC_MSG_CHECKING(for default user to run commands as) -AC_ARG_WITH(runas-default, [ --with-runas-default User to run commands as (default is "root")], +AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])], [case $with_runas_default in yes) AC_MSG_ERROR(["must give --with-runas-default an argument."]) ;; @@ -756,7 +830,7 @@ esac]) AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.]) AC_MSG_RESULT([$runas_default]) -AC_ARG_WITH(exempt, [ --with-exempt=group no passwd needed for users in this group], +AC_ARG_WITH(exempt, [AS_HELP_STRING([--with-exempt=group], [no passwd needed for users in this group])], [case $with_exempt in yes) AC_MSG_ERROR(["must give --with-exempt an argument."]) ;; @@ -769,7 +843,7 @@ AC_ARG_WITH(exempt, [ --with-exempt=group no passwd needed for users in thi esac]) AC_MSG_CHECKING(for editor that visudo should use) -AC_ARG_WITH(editor, [ --with-editor=path Default editor for visudo (defaults to vi)], +AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for visudo (defaults to vi)])], [case $with_editor in yes) AC_MSG_ERROR(["must give --with-editor an argument."]) ;; @@ -777,11 +851,12 @@ AC_ARG_WITH(editor, [ --with-editor=path Default editor for visudo (defaul ;; *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.]) AC_MSG_RESULT([$with_editor]) + editor="$with_editor" ;; esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)]) AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables) -AC_ARG_WITH(env-editor, [ --with-env-editor Use the environment variable EDITOR for visudo], +AC_ARG_WITH(env-editor, [AS_HELP_STRING([--with-env-editor], [Use the environment variable EDITOR for visudo])], [case $with_env_editor in yes) env_editor=on ;; @@ -798,7 +873,7 @@ else fi AC_MSG_CHECKING(number of tries a user gets to enter their password) -AC_ARG_WITH(passwd-tries, [ --with-passwd-tries number of tries to enter password (default is 3)], +AC_ARG_WITH(passwd-tries, [AS_HELP_STRING([--with-passwd-tries], [number of tries to enter password (default is 3)])], [case $with_passwd_tries in yes) ;; no) AC_MSG_ERROR(["--without-editor not supported."]) @@ -812,7 +887,7 @@ AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a use AC_MSG_RESULT($passwd_tries) AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again) -AC_ARG_WITH(timeout, [ --with-timeout minutes before sudo asks for passwd again (def is 5 minutes)], +AC_ARG_WITH(timeout, [AS_HELP_STRING([--with-timeout], [minutes before sudo asks for passwd again (def is 5 minutes)])], [case $with_timeout in yes) ;; no) timeout=0 @@ -826,7 +901,7 @@ AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks fo AC_MSG_RESULT($timeout) AC_MSG_CHECKING(time in minutes after the password prompt will time out) -AC_ARG_WITH(password-timeout, [ --with-password-timeout passwd prompt timeout in minutes (default is 5 minutes)], +AC_ARG_WITH(password-timeout, [AS_HELP_STRING([--with-password-timeout], [passwd prompt timeout in minutes (default is 5 minutes)])], [case $with_password_timeout in yes) ;; no) password_timeout=0 @@ -840,7 +915,7 @@ AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeo AC_MSG_RESULT($password_timeout) AC_MSG_CHECKING(whether to use per-tty ticket files) -AC_ARG_WITH(tty-tickets, [ --with-tty-tickets use a different ticket file for each tty], +AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different ticket file for each tty])], [case $with_tty_tickets in yes) tty_tickets=on ;; @@ -849,20 +924,24 @@ AC_ARG_WITH(tty-tickets, [ --with-tty-tickets use a different ticket file *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."]) ;; esac]) -if test "$tty_tickets" = "on"; then - AC_DEFINE(USE_TTY_TICKETS) - AC_MSG_RESULT(yes) -else +if test "$tty_tickets" = "off"; then + AC_DEFINE(NO_TTY_TICKETS) AC_MSG_RESULT(no) +else + AC_MSG_RESULT(yes) fi AC_MSG_CHECKING(whether to include insults) -AC_ARG_WITH(insults, [ --with-insults insult the user for entering an incorrect password], +AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for entering an incorrect password])], [case $with_insults in yes) insults=on with_classic_insults=yes with_csops_insults=yes ;; + disabled) insults=off + with_classic_insults=yes + with_csops_insults=yes + ;; no) insults=off ;; *) AC_MSG_ERROR(["--with-insults does not take an argument."]) @@ -875,7 +954,7 @@ else AC_MSG_RESULT(no) fi -AC_ARG_WITH(all-insults, [ --with-all-insults include all the sudo insult sets], +AC_ARG_WITH(all-insults, [AS_HELP_STRING([--with-all-insults], [include all the sudo insult sets])], [case $with_all_insults in yes) with_classic_insults=yes with_csops_insults=yes @@ -887,7 +966,7 @@ AC_ARG_WITH(all-insults, [ --with-all-insults include all the sudo insult ;; esac]) -AC_ARG_WITH(classic-insults, [ --with-classic-insults include the insults from the "classic" sudo], +AC_ARG_WITH(classic-insults, [AS_HELP_STRING([--with-classic-insults], [include the insults from the "classic" sudo])], [case $with_classic_insults in yes) AC_DEFINE(CLASSIC_INSULTS) ;; @@ -896,7 +975,7 @@ AC_ARG_WITH(classic-insults, [ --with-classic-insults include the insults from ;; esac]) -AC_ARG_WITH(csops-insults, [ --with-csops-insults include CSOps insults], +AC_ARG_WITH(csops-insults, [AS_HELP_STRING([--with-csops-insults], [include CSOps insults])], [case $with_csops_insults in yes) AC_DEFINE(CSOPS_INSULTS) ;; @@ -905,7 +984,7 @@ AC_ARG_WITH(csops-insults, [ --with-csops-insults include CSOps insults], ;; esac]) -AC_ARG_WITH(hal-insults, [ --with-hal-insults include 2001-like insults], +AC_ARG_WITH(hal-insults, [AS_HELP_STRING([--with-hal-insults], [include 2001-like insults])], [case $with_hal_insults in yes) AC_DEFINE(HAL_INSULTS) ;; @@ -914,7 +993,7 @@ AC_ARG_WITH(hal-insults, [ --with-hal-insults include 2001-like insults], ;; esac]) -AC_ARG_WITH(goons-insults, [ --with-goons-insults include the insults from the "Goon Show"], +AC_ARG_WITH(goons-insults, [AS_HELP_STRING([--with-goons-insults], [include the insults from the "Goon Show"])], [case $with_goons_insults in yes) AC_DEFINE(GOONS_INSULTS) ;; @@ -923,38 +1002,32 @@ AC_ARG_WITH(goons-insults, [ --with-goons-insults include the insults from t ;; esac]) -AC_ARG_WITH(nsswitch, [ --with-nsswitch[[=PATH]] path to nsswitch.conf], +AC_ARG_WITH(nsswitch, [AS_HELP_STRING([--with-nsswitch[[=PATH]]], [path to nsswitch.conf])], [case $with_nsswitch in no) ;; yes) with_nsswitch="/etc/nsswitch.conf" ;; *) ;; esac]) -if test ${with_nsswitch-"yes"} != "no"; then - SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}") - nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf} -else - nsswitch_conf='/etc/nsswitch.conf' -fi -AC_ARG_WITH(ldap, [ --with-ldap[[=DIR]] enable LDAP support], +AC_ARG_WITH(ldap, [AS_HELP_STRING([--with-ldap[[=DIR]]], [enable LDAP support])], [case $with_ldap in - no) with_ldap="";; + no) ;; *) AC_DEFINE(HAVE_LDAP) AC_MSG_CHECKING(whether to use sudoers from LDAP) AC_MSG_RESULT(yes) ;; esac]) -AC_ARG_WITH(ldap-conf-file, [ --with-ldap-conf-file path to LDAP configuration file]) -SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "${with_ldap_conf_file-/etc/ldap.conf}", [Path to the ldap.conf file]) -ldap_conf=${with_ldap_conf_file-'/etc/ldap.conf'} +AC_ARG_WITH(ldap-conf-file, [AS_HELP_STRING([--with-ldap-conf-file], [path to LDAP configuration file])]) +test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file" +SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$ldap_conf", [Path to the ldap.conf file]) -AC_ARG_WITH(ldap-secret-file, [ --with-ldap-secret-file path to LDAP secret password file]) -SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "${with_ldap_secret_file-/etc/ldap.secret}", [Path to the ldap.secret file]) -ldap_secret=${with_ldap_secret_file-'/etc/ldap.secret'} +AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path to LDAP secret password file])]) +test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file" +SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file]) -AC_ARG_WITH(pc-insults, [ --with-pc-insults replace politically incorrect insults with less offensive ones], +AC_ARG_WITH(pc-insults, [AS_HELP_STRING([--with-pc-insults], [replace politically incorrect insults with less offensive ones])], [case $with_pc_insults in yes) AC_DEFINE(PC_INSULTS) ;; @@ -975,20 +1048,23 @@ if test "$insults" = "on"; then fi AC_MSG_CHECKING(whether to override the user's path) -AC_ARG_WITH(secure-path, [ --with-secure-path override the user's path with a built-in one], +AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])], [case $with_secure_path in - yes) AC_DEFINE_UNQUOTED(SECURE_PATH, "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc") - AC_MSG_RESULT([:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc]) + yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" + AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path") + AC_MSG_RESULT([$with_secure_path]) + secure_path="set to $with_secure_path" ;; no) AC_MSG_RESULT(no) ;; *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path") AC_MSG_RESULT([$with_secure_path]) + secure_path="set to F<$with_secure_path>" ;; esac], AC_MSG_RESULT(no)) AC_MSG_CHECKING(whether to get ip addresses from the network interfaces) -AC_ARG_WITH(interfaces, [ --without-interfaces don't try to read the ip addr of ether interfaces], +AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-interfaces], [don't try to read the ip addr of ether interfaces])], [case $with_interfaces in yes) AC_MSG_RESULT(yes) ;; @@ -1000,7 +1076,7 @@ AC_ARG_WITH(interfaces, [ --without-interfaces don't try to read the ip addr esac], AC_MSG_RESULT(yes)) AC_MSG_CHECKING(whether stow should be used) -AC_ARG_WITH(stow, [ --with-stow properly handle GNU stow packaging], +AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [properly handle GNU stow packaging])], [case $with_stow in yes) AC_MSG_RESULT(yes) AC_DEFINE(USE_STOW) @@ -1012,23 +1088,29 @@ AC_ARG_WITH(stow, [ --with-stow properly handle GNU stow packaging] esac], AC_MSG_RESULT(no)) AC_MSG_CHECKING(whether to use an askpass helper) -AC_ARG_WITH(askpass, [ --with-askpass=PATH Fully qualified pathname of askpass helper], +AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])], [case $with_askpass in yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."]) ;; no) ;; - *) AC_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass]) + *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass]) ;; esac], AC_MSG_RESULT(no)) +AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir], [set directory to load plugins from])], +[case $with_plugindir in + no) AC_MSG_ERROR(["illegal argument: --without-plugindir."]) + ;; + *) ;; +esac], [with_plugindir="$libexecdir"]) + dnl dnl Options for --enable dnl AC_MSG_CHECKING(whether to do user authentication by default) AC_ARG_ENABLE(authentication, -[ --disable-authentication - Do not require authentication by default], +[AS_HELP_STRING([--disable-authentication], [Do not require authentication by default])], [ case "$enableval" in yes) AC_MSG_RESULT(yes) ;; @@ -1043,7 +1125,7 @@ AC_ARG_ENABLE(authentication, AC_MSG_CHECKING(whether to disable running the mailer as root) AC_ARG_ENABLE(root-mailer, -[ --disable-root-mailer Don't run the mailer as root, run as the user], +[AS_HELP_STRING([--disable-root-mailer], [Don't run the mailer as root, run as the user])], [ case "$enableval" in yes) AC_MSG_RESULT(no) ;; @@ -1057,7 +1139,7 @@ AC_ARG_ENABLE(root-mailer, ], AC_MSG_RESULT(no)) AC_ARG_ENABLE(setreuid, -[ --disable-setreuid Don't try to use the setreuid() function], +[AS_HELP_STRING([--disable-setreuid], [Don't try to use the setreuid() function])], [ case "$enableval" in no) SKIP_SETREUID=yes ;; @@ -1066,7 +1148,7 @@ AC_ARG_ENABLE(setreuid, ]) AC_ARG_ENABLE(setresuid, -[ --disable-setresuid Don't try to use the setresuid() function], +[AS_HELP_STRING([--disable-setresuid], [Don't try to use the setresuid() function])], [ case "$enableval" in no) SKIP_SETRESUID=yes ;; @@ -1076,7 +1158,7 @@ AC_ARG_ENABLE(setresuid, AC_MSG_CHECKING(whether to disable shadow password support) AC_ARG_ENABLE(shadow, -[ --disable-shadow Never use shadow passwords], +[AS_HELP_STRING([--disable-shadow], [Never use shadow passwords])], [ case "$enableval" in yes) AC_MSG_RESULT(no) ;; @@ -1091,7 +1173,7 @@ AC_ARG_ENABLE(shadow, AC_MSG_CHECKING(whether root should be allowed to use sudo) AC_ARG_ENABLE(root-sudo, -[ --disable-root-sudo Don't allow root to run sudo], +[AS_HELP_STRING([--disable-root-sudo], [Don't allow root to run sudo])], [ case "$enableval" in yes) AC_MSG_RESULT(yes) ;; @@ -1106,7 +1188,7 @@ AC_ARG_ENABLE(root-sudo, AC_MSG_CHECKING(whether to log the hostname in the log file) AC_ARG_ENABLE(log-host, -[ --enable-log-host Log the hostname in the log file], +[AS_HELP_STRING([--enable-log-host], [Log the hostname in the log file])], [ case "$enableval" in yes) AC_MSG_RESULT(yes) AC_DEFINE(HOST_IN_LOG) @@ -1121,7 +1203,7 @@ AC_ARG_ENABLE(log-host, AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments) AC_ARG_ENABLE(noargs-shell, -[ --enable-noargs-shell If sudo is given no arguments run a shell], +[AS_HELP_STRING([--enable-noargs-shell], [If sudo is given no arguments run a shell])], [ case "$enableval" in yes) AC_MSG_RESULT(yes) AC_DEFINE(SHELL_IF_NO_ARGS) @@ -1136,8 +1218,7 @@ AC_ARG_ENABLE(noargs-shell, AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode) AC_ARG_ENABLE(shell-sets-home, -[ --enable-shell-sets-home - Set $HOME to target user in shell mode], +[AS_HELP_STRING([--enable-shell-sets-home], [Set $HOME to target user in shell mode])], [ case "$enableval" in yes) AC_MSG_RESULT(yes) AC_DEFINE(SHELL_SETS_HOME) @@ -1152,7 +1233,7 @@ AC_ARG_ENABLE(shell-sets-home, AC_MSG_CHECKING(whether to disable 'command not found' messages) AC_ARG_ENABLE(path_info, -[ --disable-path-info Print 'command not allowed' not 'command not found'], +[AS_HELP_STRING([--disable-path-info], [Print 'command not allowed' not 'command not found'])], [ case "$enableval" in yes) AC_MSG_RESULT(no) ;; @@ -1166,15 +1247,91 @@ AC_ARG_ENABLE(path_info, esac ], AC_MSG_RESULT(no)) -AC_ARG_WITH(selinux, [ --with-selinux enable SELinux support], +AC_MSG_CHECKING(whether to enable environment debugging) +AC_ARG_ENABLE(env_debug, +[AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])], +[ case "$enableval" in + yes) AC_MSG_RESULT(yes) + AC_DEFINE(ENV_DEBUG) + ;; + no) AC_MSG_RESULT(no) + ;; + *) AC_MSG_RESULT(no) + AC_MSG_WARN([Ignoring unknown argument to --enable-env-debug: $enableval]) + ;; + esac +], AC_MSG_RESULT(no)) + +AC_ARG_ENABLE(zlib, +[AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])], +[], [enable_zlib=yes]) + +AC_MSG_CHECKING(whether to enable environment resetting by default) +AC_ARG_ENABLE(env_reset, +[AS_HELP_STRING([--enable-env-reset], [Whether to enable environment resetting by default.])], +[ case "$enableval" in + yes) env_reset=on + ;; + no) env_reset=off + ;; + *) env_reset=on + AC_MSG_WARN([Ignoring unknown argument to --enable-env-reset: $enableval]) + ;; + esac +]) +if test "$env_reset" = "on"; then + AC_MSG_RESULT(yes) + AC_DEFINE(ENV_RESET, 1) +else + AC_MSG_RESULT(no) + AC_DEFINE(ENV_RESET, 0) +fi + +AC_ARG_ENABLE(warnings, +[AS_HELP_STRING([--enable-warnings], [Whether to enable compiler warnings])], +[ case "$enableval" in + yes) ;; + no) ;; + *) AC_MSG_WARN([Ignoring unknown argument to --enable-warnings: $enableval]) + ;; + esac +]) + +AC_ARG_ENABLE(werror, +[AS_HELP_STRING([--enable-werror], [Whether to enable the -Werror compiler option])], +[ case "$enableval" in + yes) ;; + no) ;; + *) AC_MSG_WARN([Ignoring unknown argument to --enable-werror: $enableval]) + ;; + esac +]) + +AC_ARG_ENABLE(admin-flag, +[AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])], +[ case "$enableval" in + yes) AC_DEFINE(USE_ADMIN_FLAG) + ;; + no) ;; + *) AC_MSG_WARN([Ignoring unknown argument to --enable-admin-flag: $enableval]) + ;; + esac +]) + +AC_ARG_ENABLE(nls, +[AS_HELP_STRING([--disable-nls], [Disable natural language support using gettext])], +[], [enable_nls=yes]) + +AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])], [case $with_selinux in yes) SELINUX_USAGE="[[-r role]] [[-t type]] " AC_DEFINE(HAVE_SELINUX) SUDO_LIBS="${SUDO_LIBS} -lselinux" SUDO_OBJS="${SUDO_OBJS} selinux.o" PROGS="${PROGS} sesh" - SELINUX="" - SEMAN="" + SEMAN=1 + AC_CHECK_LIB([selinux], [setkeycreatecon], + [AC_DEFINE(HAVE_SETKEYCREATECON)]) ;; no) ;; *) AC_MSG_ERROR(["--with-selinux does not take an argument."]) @@ -1184,48 +1341,62 @@ esac]) dnl dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default dnl -AC_ARG_ENABLE(gss_krb5_ccache_name, [ --enable-gss-krb5-ccache-name - Use GSS-API to set the Kerberos V cred cache name], [check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no]) +AC_ARG_ENABLE(gss_krb5_ccache_name, +[AS_HELP_STRING([--enable-gss-krb5-ccache-name], [Use GSS-API to set the Kerberos V cred cache name])], +[check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no]) dnl -dnl If we don't have egrep we can't do anything... +dnl C compiler checks dnl -AC_CHECK_PROG(EGREPPROG, egrep, egrep) -if test -z "$EGREPPROG"; then - AC_MSG_ERROR([Sorry, configure requires egrep to run.]) +AC_SEARCH_LIBS([strerror], [cposix]) +AC_PROG_CPP +AC_CHECK_TOOL(AR, ar, false) +AC_CHECK_TOOL(RANLIB, ranlib, :) +if test X"$AR" = X"false"; then + AC_MSG_ERROR([the "ar" utility is required to build sudo]) fi -dnl -dnl Prevent configure from adding the -g flag unless in devel mode -dnl -if test "$with_devel" != "yes"; then - ac_cv_prog_cc_g=no +if test "x$ac_cv_prog_cc_c89" = "xno"; then + AC_MSG_ERROR([Sudo version $PACKAGE_VERSION requires an ANSI C compiler to build.]) fi dnl -dnl C compiler checks +dnl If the user specified --disable-static, override them or we'll +dnl be unable to build the executables in the sudoers plugin dir. dnl -AC_ISC_POSIX -AC_PROG_CPP +if test "$enable_static" = "no"; then + AC_MSG_WARN([Ignoring --disable-static, sudo does not install static libs]) + enable_static=yes +fi dnl -dnl Libtool magic; enable shared libs and disable static libs +dnl Libtool setup, we require libtool 2.2.6b or higher dnl AC_CANONICAL_HOST -AC_CANONICAL_TARGET([]) -AC_DISABLE_STATIC -AC_PROG_LIBTOOL +AC_CONFIG_MACRO_DIR([m4]) +LT_PREREQ([2.2.6b]) +LT_INIT([dlopen]) dnl dnl Defer with_noexec until after libtool magic runs dnl if test "$enable_shared" = "no"; then with_noexec=no + enable_dlopen=no + lt_cv_dlopen=none + lt_cv_dlopen_libs= + ac_cv_func_dlopen=no else eval _shrext="$shrext_cmds" + # Darwin uses .dylib for libraries but .so for modules + if test X"$_shrext" = X".dylib"; then + SOEXT=".so" + else + SOEXT="$_shrext" + fi fi AC_MSG_CHECKING(path to sudo_noexec.so) -AC_ARG_WITH(noexec, [ --with-noexec[=PATH] fully qualified pathname of sudo_noexec.so], +AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])], [case $with_noexec in yes) with_noexec="$libexecdir/sudo_noexec$_shrext" ;; @@ -1236,20 +1407,36 @@ AC_MSG_RESULT($with_noexec) NOEXECFILE="sudo_noexec$_shrext" NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`" -dnl -dnl It is now safe to modify CFLAGS and CPPFLAGS -dnl -if test "$with_devel" = "yes" -a -n "$GCC"; then - CFLAGS="${CFLAGS} -Wall" -fi - dnl dnl Find programs we use dnl -AC_CHECK_PROG(UNAMEPROG, uname, uname) -AC_CHECK_PROG(TRPROG, tr, tr) -AC_CHECK_PROG(NROFFPROG, nroff, nroff) -if test -z "$NROFFPROG"; then +AC_CHECK_PROG(UNAMEPROG, [uname], [uname]) +AC_CHECK_PROG(TRPROG, [tr], [tr]) +AC_CHECK_PROGS(NROFFPROG, [nroff mandoc]) +if test -n "$NROFFPROG"; then + AC_CACHE_CHECK([whether $NROFFPROG supports the -c option], + [sudo_cv_var_nroff_opt_c], + [if $NROFFPROG -c /dev/null 2>&1; then + sudo_cv_var_nroff_opt_c=yes + else + sudo_cv_var_nroff_opt_c=no + fi] + ) + if test "$sudo_cv_var_nroff_opt_c" = "yes"; then + NROFFPROG="$NROFFPROG -c" + fi + AC_CACHE_CHECK([whether $NROFFPROG supports the -Tascii option], + [sudo_cv_var_nroff_opt_Tascii], + [if $NROFFPROG -Tascii /dev/null 2>&1; then + sudo_cv_var_nroff_opt_Tascii=yes + else + sudo_cv_var_nroff_opt_Tascii=no + fi] + if test "$sudo_cv_var_nroff_opt_Tascii" = "yes"; then + NROFFPROG="$NROFFPROG -Tascii" + fi + ) +else MANTYPE="cat" mansrcdir='$(srcdir)' fi @@ -1286,6 +1473,9 @@ fi case "$host" in *-*-sunos4*) + # LD_PRELOAD is space-delimited + RTLD_PRELOAD_DELIM=" " + # getcwd(3) opens a pipe to getpwd(1)!?! BROKEN_GETCWD=1 @@ -1297,6 +1487,9 @@ case "$host" in shadow_funcs="getpwanam issecure" ;; *-*-solaris2*) + # LD_PRELOAD is space-delimited + RTLD_PRELOAD_DELIM=" " + # To get the crypt(3) prototype (so we pass -Wall) OSDEFS="${OSDEFS} -D__EXTENSIONS__" # AFS support needs -lucb @@ -1307,11 +1500,12 @@ case "$host" in : ${mansectform='4'} : ${with_rpath='yes'} test -z "$with_pam" && AUTH_EXCL_DEF="PAM" + AC_CHECK_FUNCS(priv_set) ;; *-*-aix*) # To get all prototypes (so we pass -Wall) - OSDEFS="${OSDEFS} -D_XOPEN_EXTENDED_SOURCE -D_ALL_SOURCE" - SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp" + OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT" + SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp" if test X"$with_blibpath" != X"no"; then AC_MSG_CHECKING([if linker accepts -Wl,-blibpath]) O_LDFLAGS="$LDFLAGS" @@ -1329,14 +1523,42 @@ case "$host" in fi LDFLAGS="$O_LDFLAGS" - # Use authenticate(3) as the default authentication method - if test X"$with_aixauth" = X""; then - AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"]) + # On AIX 6 and higher default to PAM, else default to LAM + if test $OSMAJOR -ge 6; then + if test X"$with_pam" = X""; then + AUTH_EXCL_DEF="PAM" + fi + else + if test X"$with_aixauth" = X""; then + AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"]) + fi + fi + + # AIX analog of nsswitch.conf, enabled by default + AC_ARG_WITH(netsvc, [AS_HELP_STRING([--with-netsvc[[=PATH]]], [path to netsvc.conf])], + [case $with_netsvc in + no) ;; + yes) with_netsvc="/etc/netsvc.conf" + ;; + *) ;; + esac]) + if test -z "$with_nsswitch" -a -z "$with_netsvc"; then + with_netsvc="/etc/netsvc.conf" + fi + + # For implementing getgrouplist() + AC_CHECK_FUNCS(getgrset) + + # LDR_PRELOAD is only supported in AIX 5.3 and later + if test $OSMAJOR -lt 5; then + with_noexec=no + else + RTLD_PRELOAD_VAR="LDR_PRELOAD" fi # AIX-specific functions - AC_CHECK_FUNCS(getuserattr) - SUDO_OBJS="$SUDO_OBJS aix.o" + AC_CHECK_FUNCS(getuserattr setauthdb) + COMMON_OBJS="$COMMON_OBJS aix.lo" ;; *-*-hiuxmpp*) : ${mansectsu='1m'} @@ -1350,20 +1572,49 @@ case "$host" in : ${mansectsu='1m'} : ${mansectform='4'} - # HP-UX bundled compiler can't generate shared objects - if test "x$ac_cv_prog_cc_c89" = "xno"; then - with_noexec=no + # The HP bundled compiler cannot generate shared libs + if test -z "$GCC"; then + AC_CACHE_CHECK([for HP bundled C compiler], + [sudo_cv_var_hpccbundled], + [if $CC -V 2>&1 | grep '^(Bundled)' >/dev/null 2>&1; then + sudo_cv_var_hpccbundled=yes + else + sudo_cv_var_hpccbundled=no + fi] + ) + if test "$sudo_cv_var_hpccbundled" = "yes"; then + AC_MSG_ERROR([The HP bundled C compiler is unable to build Sudo, you must use gcc or the HP ANSI C compiler instead.]) + fi fi + + # Build PA-RISC1.1 objects for better portability + case "$host_cpu" in + hppa[[2-9]]*) + _CFLAGS="$CFLAGS" + if test -n "$GCC"; then + portable_flag="-march=1.1" + else + portable_flag="+DAportable" + fi + CFLAGS="$CFLAGS $portable_flag" + AC_CACHE_CHECK([whether $CC understands $portable_flag], + [sudo_cv_var_daportable], + [AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[]], [[]])], + [sudo_cv_var_daportable=yes], + [sudo_cv_var_daportable=no] + ) + ] + ) + if test X"$sudo_cv_var_daportable" != X"yes"; then + CFLAGS="$_CFLAGS" + fi + ;; + esac + case "$host" in - *-*-hpux[1-8].*) + *-*-hpux[[1-8]].*) AC_DEFINE(BROKEN_SYSLOG) - - # Not sure if setuid binaries are safe in < 9.x - if test -n "$GCC"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -static" - else - SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive" - fi ;; *-*-hpux9.*) AC_DEFINE(BROKEN_SYSLOG) @@ -1373,7 +1624,7 @@ case "$host" in # DCE support (requires ANSI C compiler) if test "$with_DCE" = "yes"; then # order of libs in 9.X is important. -lc_r must be last - SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r" + SUDOERS_LIBS="${SUDOERS_LIBS} -ldce -lM -lc_r" LIBS="${LIBS} -ldce -lM -lc_r" CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant" fi @@ -1381,6 +1632,8 @@ case "$host" in *-*-hpux10.*) shadow_funcs="getprpwnam iscomsec" shadow_libs="-lsec" + # HP-UX 10.20 libc has an incompatible getline + ac_cv_func_getline="no" ;; *) shadow_funcs="getspnam iscomsec" @@ -1391,12 +1644,12 @@ case "$host" in ;; *-dec-osf*) # ignore envariables wrt dynamic lib path - SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement" + SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-no_library_replacement" : ${CHECKSIA='true'} AC_MSG_CHECKING(whether to disable sia support on Digital UNIX) AC_ARG_ENABLE(sia, - [ --disable-sia Disable SIA on Digital UNIX], + [AS_HELP_STRING([--disable-sia], [Disable SIA on Digital UNIX])], [ case "$enableval" in yes) AC_MSG_RESULT(no) CHECKSIA=true @@ -1434,6 +1687,9 @@ case "$host" in ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally]) sed 's:::g' < /usr/include/prot.h > prot.h ]) + # ":DEFAULT" must be appended to _RLD_LIST + RTLD_PRELOAD_VAR="_RLD_LIST" + RTLD_PRELOAD_DEFAULT="DEFAULT" : ${mansectsu='8'} : ${mansectform='4'} ;; @@ -1441,7 +1697,7 @@ case "$host" in OSDEFS="${OSDEFS} -D_BSD_TYPES" if test -z "$NROFFPROG"; then MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)' - if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then + if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then if test -d /usr/share/catman/local; then mandir="/usr/share/catman/local" else @@ -1449,7 +1705,7 @@ case "$host" in fi fi else - if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then + if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then if test -d "/usr/share/man/local"; then mandir="/usr/share/man/local" else @@ -1461,6 +1717,9 @@ case "$host" in if test "$OSMAJOR" -le 4; then AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"]) fi + # ":DEFAULT" must be appended to _RLD_LIST + RTLD_PRELOAD_VAR="_RLD_LIST" + RTLD_PRELOAD_DEFAULT="DEFAULT" : ${mansectsu='1m'} : ${mansectform='4'} ;; @@ -1496,8 +1755,7 @@ case "$host" in *-*-isc*) OSDEFS="${OSDEFS} -D_ISC" LIB_CRYPT=1 - SUDO_LIBS="${SUDO_LIBS} -lcrypt" - LIBS="${LIBS} -lcrypt" + SUDOERS_LIBS="${SUDOERS_LIBS} -lcrypt" shadow_funcs="getspnam" shadow_libs="-lsec" @@ -1525,30 +1783,20 @@ case "$host" in : ${with_rpath='yes'} ;; *-ncr-sysv4*|*-ncr-sysvr4*) - AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes]) + AC_CHECK_LIB(c89, strcasecmp, [LIBS="${LIBS} -lc89"]) : ${mansectsu='1m'} : ${mansectform='4'} : ${with_rpath='yes'} ;; *-ccur-sysv4*|*-ccur-sysvr4*) LIBS="${LIBS} -lgen" - SUDO_LIBS="${SUDO_LIBS} -lgen" : ${mansectsu='1m'} : ${mansectform='4'} : ${with_rpath='yes'} ;; *-*-bsdi*) SKIP_SETREUID=yes - # Use shlicc for BSD/OS [23].x unless asked to do otherwise - if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then - case "$OSMAJOR" in - 2|3) AC_MSG_NOTICE([using shlicc as CC]) - ac_cv_prog_CC=shlicc - CC="$ac_cv_prog_CC" - ;; - esac - fi - # Check for newer BSD auth API (just check for >= 3.0?) + # Check for newer BSD auth API if test -z "$with_bsdauth"; then AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"]) fi @@ -1561,8 +1809,9 @@ case "$host" in SKIP_SETREUID=yes ;; esac - if test "$with_skey" = "yes"; then - SUDO_LIBS="${SUDO_LIBS} -lmd" + OSDEFS="${OSDEFS} -D_BSD_SOURCE" + if test "${with_skey-'no'}" = "yes"; then + SUDOERS_LIBS="${SUDOERS_LIBS} -lmd" fi CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" @@ -1570,25 +1819,22 @@ case "$host" in ;; *-*-*openbsd*) # OpenBSD has a real setreuid(2) starting with 3.3 but - # we will use setreuid(2) instead. + # we will use setresuid(2) instead. SKIP_SETREUID=yes + OSDEFS="${OSDEFS} -D_BSD_SOURCE" CHECKSHADOW="false" # OpenBSD >= 3.0 supports BSD auth if test -z "$with_bsdauth"; then - case "$OSREV" in - [0-2].*) - ;; - *) + if test "$OSMAJOR" -ge 3; then AUTH_EXCL_DEF="BSD_AUTH" - ;; - esac + fi fi : ${with_logincap='maybe'} ;; *-*-*netbsd*) # NetBSD has a real setreuid(2) starting with 1.3.2 case "$OSREV" in - 0.9*|1.[012]*|1.3|1.3.1) + 0.9*|1.[[012]]*|1.3|1.3.1) SKIP_SETREUID=yes ;; esac @@ -1597,8 +1843,9 @@ case "$host" in : ${with_logincap='maybe'} ;; *-*-dragonfly*) - if test "$with_skey" = "yes"; then - SUDO_LIBS="${SUDO_LIBS} -lmd" + OSDEFS="${OSDEFS} -D_BSD_SOURCE" + if test "${with_skey-'no'}" = "yes"; then + SUDOERS_LIBS="${SUDOERS_LIBS} -lmd" fi CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" @@ -1608,15 +1855,22 @@ case "$host" in CHECKSHADOW="false" ;; *-*-darwin*) - SKIP_SETREUID=yes + # Darwin has a real setreuid(2) starting with 9.0 + if test $OSMAJOR -lt 9; then + SKIP_SETREUID=yes + fi CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='yes'} + RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" + RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE" ;; *-*-nextstep*) # lockf() on is broken on the NeXT -- use flock instead ac_cv_func_lockf=no ac_cv_func_flock=yes + RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" + RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE" ;; *-*-*sysv4*) : ${mansectsu='1m'} @@ -1632,6 +1886,20 @@ case "$host" in ;; esac +dnl +dnl Library preloading to support NOEXEC +dnl +if test -n "$with_noexec"; then + SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_VAR, "$RTLD_PRELOAD_VAR") + SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DELIM, "$RTLD_PRELOAD_DELIM") + if test -n "$RTLD_PRELOAD_DEFAULT"; then + SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DEFAULT, "$RTLD_PRELOAD_DEFAULT") + fi + if test -n "$RTLD_PRELOAD_ENABLE_VAR"; then + SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_ENABLE_VAR, "$RTLD_PRELOAD_ENABLE_VAR") + fi +fi + dnl dnl Check for mixing mutually exclusive and regular auth methods dnl @@ -1685,45 +1953,113 @@ dnl AC_PROG_GCC_TRADITIONAL AC_C_CONST AC_C_VOLATILE +# Check for variadic macro support in cpp +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ +AC_INCLUDES_DEFAULT +#if defined(__GNUC__) && __GNUC__ == 2 +# define sudo_fprintf(fp, fmt...) fprintf((fp), (fmt)) +#else +# define sudo_fprintf(fp, ...) fprintf((fp), __VA_ARGS__) +#endif +], [sudo_fprintf(stderr, "a %s", "test");])], [], [AC_MSG_ERROR([Your C compiler doesn't support variadic macros, try building with gcc instead])]) +if test X"$with_gnu_ld" != "yes" -a -n "$GCC"; then + _CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -static-libgcc" + AC_CACHE_CHECK([whether $CC understands -static-libgcc], + [sudo_cv_var_gcc_static_libgcc], + [AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[]], [[]])], + [sudo_cv_var_gcc_static_libgcc=yes], + [sudo_cv_var_gcc_static_libgcc=no] + ) + ] + ) + CFLAGS="$_CFLAGS" + if test "$sudo_cv_var_gcc_static_libgcc" = "yes"; then + LTLDFLAGS="$LTLDFLAGS -Wc,-static-libgcc" + fi +fi dnl dnl Program checks dnl AC_PROG_YACC +AC_PATH_PROG([FLEX], [flex], [flex]) SUDO_PROG_MV SUDO_PROG_BSHELL if test -z "$with_sendmail"; then SUDO_PROG_SENDMAIL fi -if test -z "$with_editor"; then - SUDO_PROG_VI +SUDO_PROG_VI +dnl +dnl Check for authpriv support in syslog +dnl +AC_MSG_CHECKING(which syslog facility sudo should log with) +if test X"$with_logfac" = X""; then + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[int i = LOG_AUTHPRIV; (void)i;]])], [logfac=authpriv]) fi +AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.]) +AC_MSG_RESULT($logfac) dnl dnl Header file checks dnl AC_HEADER_STDC AC_HEADER_DIRENT AC_HEADER_TIME -AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h) -dnl ultrix termio/termios are broken -if test "$OS" != "ultrix"; then - AC_SYS_POSIX_TERMIOS - if test "$ac_cv_sys_posix_termios" = "yes"; then - AC_DEFINE(HAVE_TERMIOS_H) - else - AC_CHECK_HEADERS(termio.h) - fi +AC_HEADER_STDBOOL +AC_HEADER_MAJOR +AC_CHECK_HEADERS(malloc.h netgroup.h paths.h spawn.h utime.h utmpx.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h) +AC_CHECK_HEADERS([procfs.h] [sys/procfs.h], [AC_CHECK_MEMBERS(struct psinfo.pr_ttydev, [AC_CHECK_FUNCS(_ttyname_dev)], [], [AC_INCLUDES_DEFAULT +#ifdef HAVE_PROCFS_H +#include +#endif +#ifdef HAVE_SYS_PROCFS_H +#include +#endif +])] +break) +dnl +dnl Check for large file support. HP-UX 11.23 has a broken sys/type.h +dnl when large files support is enabled so work around it. +dnl +AC_SYS_LARGEFILE +case "$host" in + *-*-hpux11.*) + AC_CACHE_CHECK([whether sys/types.h needs _XOPEN_SOURCE_EXTENDED], [sudo_cv_xopen_source_extended], + [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT + #include ], [])], [sudo_cv_xopen_source_extended=no], [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#define _XOPEN_SOURCE_EXTENDED + AC_INCLUDES_DEFAULT + #include ], [])], [sudo_cv_xopen_source_extended=yes], + [sudo_cv_xopen_source_extended=error]) + ])]) + if test "$sudo_cv_xopen_source_extended" = "yes"; then + OSDEFS="${OSDEFS} -D_XOPEN_SOURCE_EXTENDED" + SUDO_DEFINE(_XOPEN_SOURCE_EXTENDED) + fi + ;; +esac +AC_SYS_POSIX_TERMIOS +if test "$ac_cv_sys_posix_termios" != "yes"; then + AC_MSG_ERROR([Must have POSIX termios to build sudo]) fi +SUDO_MAILDIR if test ${with_logincap-'no'} != "no"; then - AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN="" + AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1 case "$OS" in - freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" - ;; + freebsd|netbsd) + SUDO_LIBS="${SUDO_LIBS} -lutil" + SUDOERS_LIBS="${SUDOERS_LIBS} -lutil" + ;; esac ]) fi if test ${with_project-'no'} != "no"; then - AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H) - [SUDO_LIBS="${SUDO_LIBS} -lproject"], -) + AC_CHECK_HEADER(project.h, [ + AC_CHECK_LIB(project, setproject, [ + AC_DEFINE(HAVE_PROJECT_H) + SUDO_LIBS="${SUDO_LIBS} -lproject" + ]) + ], []) fi dnl dnl typedef checks @@ -1733,38 +2069,148 @@ AC_TYPE_UID_T AC_CHECK_TYPE([__signed char], [], [AC_CHECK_TYPE([signed char], [AC_DEFINE(__signed, signed)], [AC_DEFINE(__signed, [])])]) AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include #include ]) -AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include +AC_CHECK_TYPES([sigaction_t], [], [], [#include #include ]) -AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include +AC_CHECK_TYPES([struct timespec], [], [], [#include #if TIME_WITH_SYS_TIME # include #endif #include ]) -AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include +AC_CHECK_TYPES([struct in6_addr], [], [], [#include #include ]) -SUDO_TYPE_SIZE_T -SUDO_TYPE_SSIZE_T -SUDO_TYPE_DEV_T -SUDO_TYPE_INO_T +AC_TYPE_LONG_LONG_INT +AC_CHECK_SIZEOF([long int]) +AC_CHECK_TYPE(size_t, unsigned int) +AC_CHECK_TYPE(ssize_t, int) +AC_CHECK_TYPE(dev_t, int) +AC_CHECK_TYPE(ino_t, unsigned int) +AC_CHECK_TYPE(socklen_t, [], [AC_DEFINE(socklen_t, unsigned int)], [ +AC_INCLUDES_DEFAULT +#include ]) SUDO_UID_T_LEN -SUDO_TYPE_LONG_LONG SUDO_SOCK_SA_LEN dnl -dnl only set RETSIGTYPE if it is not set already +dnl Check for utmp/utmpx struct members. +dnl We need to include OSDEFS for glibc which only has __e_termination +dnl visible when _GNU_SOURCE is *not* defined. dnl -case "$DEFS" in - *"RETSIGTYPE"*) ;; - *) AC_TYPE_SIGNAL;; -esac +_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS $OSDEFS" +if test $ac_cv_header_utmpx_h = "yes"; then + AC_CHECK_MEMBERS([struct utmpx.ut_id, struct utmpx.ut_pid, struct utmpx.ut_tv, struct utmpx.ut_type], [], [], [ + #include + #include + ]) + dnl + dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination + dnl + AC_CHECK_MEMBERS([struct utmpx.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [ + AC_CHECK_MEMBERS([struct utmpx.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [], [ + #include + #include + ]) + ], [ + #include + #include + ]) +else + AC_CHECK_MEMBERS([struct utmp.ut_id, struct utmp.ut_pid, struct utmp.ut_tv, struct utmp.ut_type, struct utmp.ut_user], [], [], [ + #include + #include + ]) + dnl + dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination + dnl + AC_CHECK_MEMBERS([struct utmp.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [ + AC_CHECK_MEMBERS([struct utmp.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [], [ + #include + #include + ]) + ], [ + #include + #include + ]) +fi +CFLAGS="$_CFLAGS" + dnl dnl Function checks dnl AC_FUNC_GETGROUPS -AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \ - strftime setrlimit initgroups getgroups fstat gettimeofday \ - setlocale getaddrinfo setsid) +AC_CHECK_FUNCS(glob strrchr sysconf tzset strftime setenv \ + regcomp setlocale nl_langinfo mbr_check_membership \ + setrlimit64) +AC_REPLACE_FUNCS(getgrouplist) +AC_CHECK_FUNCS(getline, [], [ + AC_LIBOBJ(getline) + AC_CHECK_FUNCS(fgetln) +]) +dnl +dnl If libc supports _FORTIFY_SOURCE check functions, use it. +dnl +O_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2" +AC_CHECK_FUNC(__sprintf_chk, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]])], [OSDEFS="${OSDEFS} -D_FORTIFY_SOURCE=2"], []) +], []) +CPPFLAGS="$O_CPPFLAGS" + +utmp_style=LEGACY +AC_CHECK_FUNCS(getutxid getutid, [utmp_style=POSIX; break]) +if test "$utmp_style" = "LEGACY"; then + AC_CHECK_FUNCS(getttyent ttyslot, [break]) +fi + +AC_CHECK_FUNCS(sysctl, [AC_CHECK_MEMBERS([struct kinfo_proc.ki_tdev], [], + [ + AC_CHECK_MEMBERS([struct kinfo_proc2.p_tdev], [], [ + AC_CHECK_MEMBERS([struct kinfo_proc.p_tdev], [], [ + AC_CHECK_MEMBERS([struct kinfo_proc.kp_eproc.e_tdev], [], [], [ + #include + #include + ]) + ], [ + #include + #include + ]) + ], + [ + #include + #include + ]) + ], + [ + #include + #include + #include + ]) +]) + +AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(libutil.h util.h pty.h, [break])], [ + AC_CHECK_LIB(util, openpty, [ + AC_CHECK_HEADERS(libutil.h util.h pty.h, [break]) + case "$SUDO_LIBS" in + *-lutil*) ;; + *) SUDO_LIBS="${SUDO_LIBS} -lutil";; + esac + AC_DEFINE(HAVE_OPENPTY) + ], [ + AC_CHECK_FUNCS(_getpty, [], [ + AC_CHECK_FUNCS(grantpt, [ + AC_CHECK_FUNCS(posix_openpt) + ], [ + AC_CHECK_FUNCS(revoke) + ]) + ]) + ]) +]) +AC_CHECK_FUNCS(unsetenv, [SUDO_FUNC_UNSETENV_VOID], []) +SUDO_FUNC_PUTENV_CONST if test -z "$SKIP_SETRESUID"; then - AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes]) + AC_CHECK_FUNCS(setresuid, [ + SKIP_SETREUID=yes + AC_CHECK_FUNCS(getresuid) + ]) fi if test -z "$SKIP_SETREUID"; then AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes]) @@ -1778,46 +2224,44 @@ fi if test -z "$BROKEN_GETCWD"; then AC_REPLACE_FUNCS(getcwd) fi -AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h) -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB) - AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob) - AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)]) AC_CHECK_FUNCS(lockf flock, [break]) -AC_CHECK_FUNCS(waitpid wait3, [break]) AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]]) AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)]) -SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)]) +AC_CHECK_FUNCS(killpg, [], [AC_LIBOBJ(killpg)]) +SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch) + COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }fnm_test" +]) SUDO_FUNC_ISBLANK -AC_REPLACE_FUNCS(memrchr strerror strcasecmp sigaction strlcpy strlcat) +AC_REPLACE_FUNCS(memrchr pw_dup strlcpy strlcat) +AC_CHECK_FUNCS(nanosleep, [], [ + # On Solaris, nanosleep is in librt + AC_CHECK_LIB(rt, nanosleep, [REPLAY_LIBS="${REPLAY_LIBS} -lrt"], [AC_LIBOBJ(nanosleep)]) +]) AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom) AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [], [ #include #include ]) ]) -AC_CHECK_FUNCS(mkstemp, [], [SUDO_OBJS="${SUDO_OBJS} mkstemp.o" +AC_CHECK_FUNCS(mkstemps mkdtemp, [], [ AC_CHECK_FUNCS(random lrand48, [break]) + AC_LIBOBJ(mktemp) ]) AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1]) if test X"$ac_cv_type_struct_timespec" != X"no"; then AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)] [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))], [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))]) - AC_MSG_CHECKING([for two-parameter timespecsub]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include -#include ]], [[struct timespec ts1, ts2; -ts1.tv_sec = 1; ts1.tv_nsec = 0; ts2.tv_sec = 0; ts2.tv_nsec = 0; -#ifndef timespecsub -#error missing timespecsub -#endif -timespecsub(&ts1, &ts2);]])], [AC_DEFINE(HAVE_TIMESPECSUB2) - AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)]) fi dnl dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR. dnl AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include -#include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_TRY_LINK([#include -#include <$ac_header_dirent>], [DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);], [AC_DEFINE(HAVE_DD_FD)])]) +#include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include +#include <$ac_header_dirent>]], [[DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);]])], [AC_DEFINE(HAVE_DD_FD)], [])]) +AC_CHECK_MEMBERS([struct dirent.d_type], [], [], [ +AC_INCLUDES_DEFAULT +#include <$ac_header_dirent> +]) dnl dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf) @@ -1828,20 +2272,88 @@ fi dnl dnl If socket(2) not in libc, check -lsocket and -linet dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols -dnl In this case we look for main(), not socket() to avoid using a cached value dnl -AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl) -AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))]) +AC_CHECK_FUNC(socket, [], [ + for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do + _libs= + for lib in $libs; do + case "$NET_LIBS" in + *"$lib"*) ;; + *) _libs="$_libs $lib";; + esac + done + libs="${_libs# }" + test -z "$libs" && continue + lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" + extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" + SUDO_CHECK_LIB($lib, socket, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs]) + done +]) dnl dnl If inet_addr(3) not in libc, check -lnsl and -linet dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols dnl -AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl) -AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))]) +AC_CHECK_FUNC(inet_addr, [], [ + AC_CHECK_FUNC(__inet_addr, [], [ + for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do + _libs= + for lib in $libs; do + case "$NET_LIBS" in + *"$lib"*) ;; + *) _libs="$_libs $lib";; + esac + done + libs="${_libs# }" + test -z "$libs" && continue + lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" + extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" + SUDO_CHECK_LIB($lib, inet_addr, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs]) + done + ]) +]) dnl dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet dnl -AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))]) +AC_CHECK_FUNC(syslog, [], [ + for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do + _libs= + for lib in $libs; do + case "$NET_LIBS" in + *"$lib"*) ;; + *) _libs="$_libs $lib";; + esac + done + libs="${_libs# }" + test -z "$libs" && continue + lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" + extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" + SUDO_CHECK_LIB($lib, syslog, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs]) + done +]) +dnl +dnl If getaddrinfo(3) not in libc, check -lsocket and -linet +dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols. +dnl +AC_CHECK_FUNCS(getaddrinfo, [], [ + found=no + for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do + _libs= + for lib in $libs; do + case "$NET_LIBS" in + *"$lib"*) ;; + *) _libs="$_libs $lib";; + esac + done + libs="${_libs# }" + test -z "$libs" && continue + lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" + extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" + SUDO_CHECK_LIB($lib, getaddrinfo, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; found=yes; break], [], [$extralibs]) + done + if test X"$found" != X"no"; then + AC_DEFINE(HAVE_GETADDRINFO) + fi +]) dnl dnl Check for getprogname() or __progname dnl @@ -1856,6 +2368,159 @@ AC_CHECK_FUNCS(getprogname, , [ fi AC_MSG_RESULT($sudo_cv___progname) ]) +dnl +dnl Check for __func__ or __FUNCTION__ +dnl +AC_MSG_CHECKING([for __func__]) +AC_CACHE_VAL(sudo_cv___func__, [ +AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[(void)puts(__func__);]])], [sudo_cv___func__=yes], [sudo_cv___func__=no])]) +AC_MSG_RESULT($sudo_cv___func__) +if test "$sudo_cv___func__" = "yes"; then + AC_DEFINE(HAVE___FUNC__) +elif test -n "$GCC"; then + AC_MSG_CHECKING([for __FUNCTION__]) + AC_CACHE_VAL(sudo_cv___FUNCTION__, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[(void)puts(__FUNCTION__);]])], [sudo_cv___FUNCTION__=yes], [sudo_cv___FUNCTION__=no])]) + AC_MSG_RESULT($sudo_cv___FUNCTION__) + if test "$sudo_cv___FUNCTION__" = "yes"; then + AC_DEFINE(HAVE___FUNC__) + AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler support __FUNCTION__ but not __func__]) + fi +fi + +# gettext() and friends may be located in libc (Linux and Solaris) +# or in libintl. However, it is possible to have libintl installed +# even when gettext() is present in libc. In the case of GNU libintl, +# gettext() will be defined to gettext_libintl in libintl.h. +# Since gcc prefers /usr/local/include to /usr/include, we need to +# make sure we use the gettext() that matches the include file. +if test "$enable_nls" != "no"; then + if test "$enable_nls" != "yes"; then + CPPFLAGS="${CPPFLAGS} -I${enable_nls}/include" + SUDO_APPEND_LIBPATH(LDFLAGS, [$enable_nls/lib]) + fi + OLIBS="$LIBS" + for l in "libc" "-lintl" "-lintl -liconv"; do + if test "$l" = "libc"; then + # If user specified a dir for libintl ignore libc + if test "$enable_nls" != "yes"; then + continue + fi + gettext_name=sudo_cv_gettext + AC_MSG_CHECKING([for gettext]) + else + LIBS="$OLIBS $l" + gettext_name=sudo_cv_gettext"`echo $l|sed -e 's/ //g' -e 's/-/_/g'`" + AC_MSG_CHECKING([for gettext in $l]) + fi + AC_CACHE_VAL($gettext_name, [ + AC_LINK_IFELSE( + [ + AC_LANG_PROGRAM([[#include ]], [(void)gettext((char *)0);]) + ], [eval $gettext_name=yes], [eval $gettext_name=no] + ) + ]) + eval gettext_result="\$$gettext_name" + AC_MSG_RESULT($gettext_result) + test "$gettext_result" = "yes" && break + done + LIBS="$OLIBS" + + if test "$sudo_cv_gettext" = "yes"; then + AC_DEFINE(HAVE_LIBINTL_H) + SUDO_NLS=enabled + elif test "$sudo_cv_gettext_lintl" = "yes"; then + AC_DEFINE(HAVE_LIBINTL_H) + SUDO_NLS=enabled + LIBINTL="-lintl" + elif test "$sudo_cv_gettext_lintl_liconv" = "yes"; then + AC_DEFINE(HAVE_LIBINTL_H) + SUDO_NLS=enabled + LIBINTL="-lintl -liconv" + fi +fi + +dnl +dnl Deferred zlib option processing. +dnl By default we use the system zlib if it is present. +dnl If a directory was specified for zlib (or we are use sudo's version), +dnl prepend the include dir to make sure we get the right zlib header. +dnl +case "$enable_zlib" in + yes) + AC_CHECK_LIB(z, gzdopen, [ + AC_CHECK_HEADERS(zlib.h, [ZLIB="-lz"], [enable_zlib=builtin]) + ]) + ;; + no) + ;; + system) + AC_DEFINE(HAVE_ZLIB_H) + ZLIB="-lz" + ;; + builtin) + # handled below + ;; + *) + AC_DEFINE(HAVE_ZLIB_H) + CPPFLAGS="-I${enable_zlib}/include ${CPPFLAGS}" + SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib]) + ZLIB="${ZLIB} -lz" + ;; +esac +if test X"$enable_zlib" = X"builtin"; then + AC_DEFINE(HAVE_ZLIB_H) + CPPFLAGS='-I$(top_builddir)/zlib -I$(top_srcdir)/zlib '"${CPPFLAGS}" + ZLIB="${ZLIB}"' $(top_builddir)/zlib/libz.la' + ZLIB_SRC=zlib + AC_CONFIG_HEADER([zlib/zconf.h]) + AC_CONFIG_FILES([zlib/Makefile]) +fi + +dnl +dnl Check for errno declaration in errno.h +dnl +AC_CHECK_DECLS([errno], [], [], [ +AC_INCLUDES_DEFAULT +#include +]) + +dnl +dnl Check for h_errno declaration in netdb.h +dnl +AC_CHECK_DECLS([h_errno], [], [], [ +AC_INCLUDES_DEFAULT +#include +]) + +dnl +dnl Check for strsignal() or sys_siglist +dnl +AC_CHECK_FUNCS(strsignal, [], [ + AC_LIBOBJ(strsignal) + HAVE_SIGLIST="false" + AC_CHECK_DECLS([sys_siglist, _sys_siglist, __sys_siglist], [ + HAVE_SIGLIST="true" + break + ], [ ], [ +AC_INCLUDES_DEFAULT +#include + ]) + if test "$HAVE_SIGLIST" != "true"; then + AC_LIBOBJ(siglist) + fi +]) + +dnl +dnl nsswitch.conf and its equivalents +dnl +if test ${with_netsvc-"no"} != "no"; then + SUDO_DEFINE_UNQUOTED(_PATH_NETSVC_CONF, "${with_netsvc-/etc/netsvc.conf}") + netsvc_conf=${with_netsvc-/etc/netsvc.conf} +elif test ${with_nsswitch-"yes"} != "no"; then + SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}") + nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf} +fi dnl dnl Mutually exclusive auth checks come first, followed by @@ -1882,46 +2547,73 @@ dnl PAM support. Systems that use PAM by default set with_pam=default dnl and we do the actual tests here. dnl if test ${with_pam-"no"} != "no"; then - dnl - dnl Linux may need this - dnl - AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"]) - ac_cv_lib_dl=ac_cv_lib_dl_main + # + # Check for pam_start() in libpam first, then for pam_appl.h. + # + found_pam_lib=no + AC_CHECK_LIB(pam, pam_start, [found_pam_lib=yes], [], [$lt_cv_dlopen_libs]) + # + # Some PAM implementations (MacOS X for example) put the PAM headers + # in /usr/include/pam instead of /usr/include/security... + # + found_pam_hdrs=no + AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [found_pam_hdrs=yes; break]) + if test "$found_pam_lib" = "yes" -a "$found_pam_hdrs" = "yes"; then + # Found both PAM libs and headers + with_pam=yes + elif test "$with_pam" = "yes"; then + if test "$found_pam_lib" = "no"; then + AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development library."]) + fi + if test "$found_pam_hdrs" = "no"; then + AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development headers."]) + fi + elif test "$found_pam_lib" != "$found_pam_hdrs"; then + if test "$found_pam_lib" = "no"; then + AC_MSG_ERROR(["found PAM headers but no PAM development library; specify --without-pam to build without PAM"]) + fi + if test "$found_pam_hdrs" = "no"; then + AC_MSG_ERROR(["found PAM library but no PAM development headers; specify --without-pam to build without PAM"]) + fi + fi - dnl - dnl Some PAM implementations (MacOS X for example) put the PAM headers - dnl in /usr/include/pam instead of /usr/include/security... - dnl - AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break]) if test "$with_pam" = "yes"; then + # Older PAM implementations lack pam_getenvlist + OLIBS="$LIBS" + LIBS="$LIBS -lpam $lt_cv_dlopen_libs" + AC_CHECK_FUNCS(pam_getenvlist) + LIBS="$OLIBS" + + # We already link with -ldl if needed (see LIBDL below) + SUDOERS_LIBS="${SUDOERS_LIBS} -lpam" AC_DEFINE(HAVE_PAM) - AUTH_OBJS="$AUTH_OBJS pam.o"; + AUTH_OBJS="$AUTH_OBJS pam.lo"; AUTH_EXCL=PAM + + AC_ARG_WITH(pam-login, [AS_HELP_STRING([--with-pam-login], [enable specific PAM session for sudo -i])], + [case $with_pam_login in + yes) AC_DEFINE([HAVE_PAM_LOGIN]) + AC_MSG_CHECKING(whether to use PAM login) + AC_MSG_RESULT(yes) + ;; + no) ;; + *) AC_MSG_ERROR(["--with-pam-login does not take an argument."]) + ;; + esac]) + AC_MSG_CHECKING(whether to use PAM session support) AC_ARG_ENABLE(pam_session, - [ --disable-pam-session Disable PAM session support], + [AS_HELP_STRING([--disable-pam-session], [Disable PAM session support])], [ case "$enableval" in yes) AC_MSG_RESULT(yes) ;; no) AC_MSG_RESULT(no) - AC_DEFINE([NO_PAM_SESSION], [], [PAM session support disabled]) + AC_DEFINE(NO_PAM_SESSION) ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval]) ;; esac], AC_MSG_RESULT(yes)) - case $host in - *-*-linux*|*-*-solaris*) - # dgettext() may be defined to dgettext_libintl in the - # header file, so first check that it links w/ additional - # libs, then try with -lintl - AC_LINK_IFELSE([AC_LANG_PROGRAM( - [[#include ]], [(void)dgettext((char *)0, (char *)0);])], - [AC_DEFINE(HAVE_DGETTEXT)], - [AC_CHECK_LIB(intl, dgettext, [LIBS="${LIBS} -lintl"] - [AC_DEFINE(HAVE_DGETTEXT)])]) - ;; - esac fi fi @@ -1933,8 +2625,8 @@ if test ${with_aixauth-'no'} != "no"; then if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then AC_MSG_NOTICE([using AIX general authentication]) AC_DEFINE(HAVE_AIXAUTH) - AUTH_OBJS="$AUTH_OBJS aix_auth.o"; - SUDO_LIBS="${SUDO_LIBS} -ls" + AUTH_OBJS="$AUTH_OBJS aix_auth.lo"; + SUDOERS_LIBS="${SUDOERS_LIBS} -ls" AUTH_EXCL=AIX_AUTH fi fi @@ -1945,9 +2637,9 @@ dnl If set to "maybe" only enable if no other exclusive method in use. dnl if test ${with_bsdauth-'no'} != "no"; then AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H) - [AUTH_OBJS="$AUTH_OBJS bsdauth.o"] + [AUTH_OBJS="$AUTH_OBJS bsdauth.lo"] [BSDAUTH_USAGE='[[-a auth_type]] '] - [AUTH_EXCL=BSD_AUTH; BAMAN=""], + [AUTH_EXCL=BSD_AUTH; BAMAN=1], [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])]) fi @@ -1958,7 +2650,7 @@ if test ${CHECKSIA-'false'} = "true"; then AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false]) if test "$found" = "true"; then AUTH_EXCL=SIA - AUTH_OBJS="$AUTH_OBJS sia.o" + AUTH_OBJS="$AUTH_OBJS sia.lo" fi fi @@ -1967,12 +2659,12 @@ dnl extra FWTK libs + includes dnl if test ${with_fwtk-'no'} != "no"; then if test "$with_fwtk" != "yes"; then - SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}]) + SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_fwtk}]) CPPFLAGS="${CPPFLAGS} -I${with_fwtk}" with_fwtk=yes fi - SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall" - AUTH_OBJS="$AUTH_OBJS fwtk.o" + SUDOERS_LIBS="${SUDOERS_LIBS} -lauth -lfwall" + AUTH_OBJS="$AUTH_OBJS fwtk.lo" fi dnl @@ -1987,27 +2679,9 @@ if test ${with_SecurID-'no'} != "no"; then with_SecurID=/usr/ace fi CPPFLAGS="${CPPFLAGS} -I${with_SecurID}" - _LDFLAGS="${LDFLAGS}" SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}]) - # - # Determine whether to use the new or old SecurID API - # - AC_CHECK_LIB(aceclnt, SD_Init, - [ - AUTH_OBJS="$AUTH_OBJS securid5.o"; - SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread" - ] - [ - SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}]) - ], [ - AUTH_OBJS="$AUTH_OBJS securid.o"; - SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a" - ], - [ - -lpthread - ] - ) - LDFLAGS="${_LDFLAGS}" + SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread" + AUTH_OBJS="$AUTH_OBJS securid5.lo"; fi dnl @@ -2027,65 +2701,6 @@ if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then done fi -dnl -dnl Kerberos IV -dnl -if test ${with_kerb4-'no'} != "no"; then - AC_DEFINE(HAVE_KERB4) - dnl - dnl Use the specified directory, if any, else search for correct inc dir - dnl - O_LDFLAGS="$LDFLAGS" - if test "$with_kerb4" = "yes"; then - found=no - O_CPPFLAGS="$CPPFLAGS" - for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do - CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" - AC_PREPROC_IFELSE([#include ], [found=yes; break]) - done - test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS" - else - SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib]) - SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib]) - CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include" - AC_CHECK_HEADER([krb.h], [found=yes], [found=no]) - fi - if test X"$found" = X"no"; then - AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS]) - fi - - dnl - dnl Check for -ldes vs. -ldes425 - dnl - AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [ - AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""]) - ]) - dnl - dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV - dnl - AC_MSG_CHECKING(whether we are using KTH Kerberos IV) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[const char *tmp = krb4_version;]])], [ - AC_MSG_RESULT(yes) - K4LIBS="${K4LIBS} -lcom_err" - AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"]) - ], [ - AC_MSG_RESULT(no) - ] - ) - dnl - dnl The actual Kerberos IV lib might be -lkrb or -lkrb4 - dnl - AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [ - AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"], - [K4LIBS="-lkrb $K4LIBS"] - [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])] - , [$K4LIBS]) - ], [$K4LIBS]) - LDFLAGS="$O_LDFLAGS" - SUDO_LIBS="${SUDO_LIBS} $K4LIBS" - AUTH_OBJS="$AUTH_OBJS kerb4.o" -fi - dnl dnl Kerberos V dnl There is an easy way and a hard way... @@ -2094,9 +2709,9 @@ if test ${with_kerb5-'no'} != "no"; then AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "") if test -n "$KRB5CONFIG"; then AC_DEFINE(HAVE_KERB5) - AUTH_OBJS="$AUTH_OBJS kerb5.o" + AUTH_OBJS="$AUTH_OBJS kerb5.lo" CPPFLAGS="$CPPFLAGS `krb5-config --cflags`" - SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`" + SUDOERS_LIBS="$SUDOERS_LIBS `krb5-config --libs`" dnl dnl Try to determine whether we have Heimdal or MIT Kerberos dnl @@ -2108,66 +2723,78 @@ if test ${with_kerb5-'no'} != "no"; then AC_MSG_RESULT(no) ] ) - fi -fi -if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then - AC_DEFINE(HAVE_KERB5) - dnl - dnl Use the specified directory, if any, else search for correct inc dir - dnl - if test "$with_kerb5" = "yes"; then - found=no - O_CPPFLAGS="$CPPFLAGS" - for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do - CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" - AC_PREPROC_IFELSE([#include ], [found=yes; break]) - done - if test X"$found" = X"no"; then - CPPFLAGS="$O_CPPFLAGS" - AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS]) - fi else - dnl XXX - try to include krb5.h here too - SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib]) - CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include" - fi + AC_DEFINE(HAVE_KERB5) + dnl + dnl Use the specified directory, if any, else search for correct inc dir + dnl + if test "$with_kerb5" = "yes"; then + found=no + O_CPPFLAGS="$CPPFLAGS" + for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do + CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" + AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found=yes; break]) + done + if test X"$found" = X"no"; then + CPPFLAGS="$O_CPPFLAGS" + AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS]) + fi + else + dnl XXX - try to include krb5.h here too + SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb5}/lib]) + CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include" + fi - dnl - dnl Try to determine whether we have Heimdal or MIT Kerberos - dnl - AC_MSG_CHECKING(whether we are using Heimdal) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[const char *tmp = heimdal_version;]])], [ - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_HEIMDAL) - # XXX - need to check whether -lcrypo is needed! - SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1" - AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"]) - ], [ - AC_MSG_RESULT(no) - SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err" - AC_CHECK_LIB(krb5support, main, [SUDO_LIBS="${SUDO_LIBS} -lkrb5support,"]) - ]) - AUTH_OBJS="$AUTH_OBJS kerb5.o" + dnl + dnl Try to determine whether we have Heimdal or MIT Kerberos + dnl + AC_MSG_CHECKING(whether we are using Heimdal) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[const char *tmp = heimdal_version;]])], [ + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_HEIMDAL) + # XXX - need to check whether -lcrypo is needed! + SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1" + AC_CHECK_LIB(roken, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lroken"]) + ], [ + AC_MSG_RESULT(no) + SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lk5crypto -lcom_err" + AC_CHECK_LIB(krb5support, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5support"]) + ]) + AUTH_OBJS="$AUTH_OBJS kerb5.lo" + fi _LIBS="$LIBS" - LIBS="${LIBS} ${SUDO_LIBS}" - AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context krb5_get_init_creds_opt_alloc) - AC_CACHE_CHECK(whether krb5_get_init_creds_opt_free takes a two argument2, - sudo_cv_krb5_get_init_creds_opt_free_two_args, [ - AC_TRY_COMPILE([#include ], - [ - krb5_context context = NULL; - krb5_get_init_creds_opt *opts = NULL; - krb5_get_init_creds_opt_free(context, opts); - ], - [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes], - [sudo_cv_krb5_get_init_creds_opt_free_two_args=no] - ) - ] - ) + LIBS="${LIBS} ${SUDOERS_LIBS}" + AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context) + AC_CHECK_FUNCS(krb5_get_init_creds_opt_alloc, [ + AC_CACHE_CHECK([whether krb5_get_init_creds_opt_free takes a context], + sudo_cv_krb5_get_init_creds_opt_free_two_args, [ + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[#include ]], + [[krb5_get_init_creds_opt_free(NULL, NULL);]] + )], + [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes], + [sudo_cv_krb5_get_init_creds_opt_free_two_args=no] + ) + ] + ) + ]) if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS) fi LIBS="$_LIBS" + AC_MSG_CHECKING(whether to use an instance name for Kerberos V) + AC_ARG_ENABLE(kerb5-instance, + [AS_HELP_STRING([--enable-kerb5-instance], [instance string to append to the username (separated by a slash)])], + [ case "$enableval" in + yes) AC_MSG_ERROR(["must give --enable-kerb5-instance an argument."]) + ;; + no) AC_MSG_RESULT(no) + ;; + *) SUDO_DEFINE_UNQUOTED(SUDO_KRB5_INSTANCE, "$enableval") + AC_MSG_RESULT([$enableval]) + ;; + esac], AC_MSG_RESULT(no)) fi dnl @@ -2179,12 +2806,12 @@ if test ${with_AFS-'no'} = "yes"; then AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs" for i in $AFSLIBDIRS; do if test -d ${i}; then - SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i]) + SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [$i]) FOUND_AFSLIBDIR=true fi done if test -z "$FOUND_AFSLIBDIR"; then - AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.]) + AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options.]) fi # Order is important here. Note that we build AFS_LIBS from right to left @@ -2214,7 +2841,7 @@ if test ${with_AFS-'no'} = "yes"; then AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.]) fi - AUTH_OBJS="$AUTH_OBJS afs.o" + AUTH_OBJS="$AUTH_OBJS afs.lo" fi dnl @@ -2223,75 +2850,91 @@ dnl Order of libs in HP-UX 10.x is important, -ldce must be last. dnl if test ${with_DCE-'no'} = "yes"; then DCE_OBJS="${DCE_OBJS} dce_pwent.o" - SUDO_LIBS="${SUDO_LIBS} -ldce" - AUTH_OBJS="$AUTH_OBJS dce.o" + SUDOERS_LIBS="${SUDOERS_LIBS} -ldce" + AUTH_OBJS="$AUTH_OBJS dce.lo" fi dnl dnl extra S/Key lib and includes dnl -if test ${with_skey-'no'} = "yes"; then +if test "${with_skey-'no'}" = "yes"; then O_LDFLAGS="$LDFLAGS" if test "$with_skey" != "yes"; then CPPFLAGS="${CPPFLAGS} -I${with_skey}/include" SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib]) - SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib]) - AC_PREPROC_IFELSE([#include ], [found=yes], [found=no]) + SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_skey}/lib]) + AC_CHECK_HEADER([skey.h], [found=yes], [found=no], [#include ]) else found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "/usr/local" "/usr/contrib"; do test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" - AC_PREPROC_IFELSE([#include ], [found=yes; break]) + AC_CHECK_HEADER([skey.h], [found=yes; break], [], + [#include ]) done if test "$found" = "no" -o -z "$dir"; then CPPFLAGS="$O_CPPFLAGS" else SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib]) - SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib]) + SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib]) + fi + if test "$found" = "no"; then + AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS]) fi fi - if test "$found" = "no"; then - AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS]) - fi - AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])]) + AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS])]) AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS)) + + AC_MSG_CHECKING([for RFC1938-compliant skeychallenge]) + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[#include + #include ]], + [[skeychallenge(NULL, NULL, NULL, 0);]] + )], [ + AC_DEFINE(HAVE_RFC1938_SKEYCHALLENGE) + AC_MSG_RESULT([yes]) + ], [ + AC_MSG_RESULT([no]) + ] + ) + LDFLAGS="$O_LDFLAGS" - SUDO_LIBS="${SUDO_LIBS} -lskey" - AUTH_OBJS="$AUTH_OBJS rfc1938.o" + SUDOERS_LIBS="${SUDOERS_LIBS} -lskey" + AUTH_OBJS="$AUTH_OBJS rfc1938.lo" fi dnl dnl extra OPIE lib and includes dnl -if test ${with_opie-'no'} = "yes"; then +if test "${with_opie-'no'}" = "yes"; then O_LDFLAGS="$LDFLAGS" if test "$with_opie" != "yes"; then CPPFLAGS="${CPPFLAGS} -I${with_opie}/include" SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib]) - SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib]) - AC_PREPROC_IFELSE([#include ], [found=yes], [found=no]) + SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_opie}/lib]) + AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found=yes], [found=no]) else found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "/usr/local" "/usr/contrib"; do test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" - AC_PREPROC_IFELSE([#include ], [found=yes; break]) + AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found=yes; break]) done if test "$found" = "no" -o -z "$dir"; then CPPFLAGS="$O_CPPFLAGS" else SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib]) - SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib]) + SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib]) + fi + if test "$found" = "no"; then + AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS]) fi fi - if test "$found" = "no"; then - AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS]) - fi - AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])]) + AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS])]) LDFLAGS="$O_LDFLAGS" - SUDO_LIBS="${SUDO_LIBS} -lopie" - AUTH_OBJS="$AUTH_OBJS rfc1938.o" + SUDOERS_LIBS="${SUDOERS_LIBS} -lopie" + AUTH_OBJS="$AUTH_OBJS rfc1938.lo" fi dnl @@ -2303,8 +2946,10 @@ if test ${with_passwd-'no'} != "no"; then dnl dnl if crypt(3) not in libc, look elsewhere dnl - if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then - AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"]) + if test -z "$LIB_CRYPT"; then + _LIBS="$LIBS" + AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"]) + LIBS="$_LIBS" fi if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then @@ -2313,12 +2958,12 @@ if test ${with_passwd-'no'} != "no"; then found=no AC_CHECK_FUNCS($shadow_funcs, [found=yes]) if test "$found" = "yes"; then - SUDO_LIBS="$SUDO_LIBS $shadow_libs" + SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs" elif test -n "$shadow_libs_optional"; then LIBS="$LIBS $shadow_libs_optional" AC_CHECK_FUNCS($shadow_funcs, [found=yes]) if test "$found" = "yes"; then - SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional" + SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs $shadow_libs_optional" fi fi if test "$found" = "yes"; then @@ -2332,14 +2977,14 @@ if test ${with_passwd-'no'} != "no"; then CHECKSHADOW=false fi if test "$CHECKSHADOW" = "true"; then - AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"]) + AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"]) fi if test "$CHECKSHADOW" = "true"; then - AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"]) + AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"]) fi if test -n "$SECUREWARE"; then AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs) - AUTH_OBJS="$AUTH_OBJS secureware.o" + AUTH_OBJS="$AUTH_OBJS secureware.lo" fi fi @@ -2349,13 +2994,13 @@ dnl if test ${with_ldap-'no'} != "no"; then _LDFLAGS="$LDFLAGS" if test "$with_ldap" != "yes"; then - SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib]) + SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_ldap}/lib]) SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib]) CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include" with_ldap=yes - LDAP="" fi - SUDO_OBJS="${SUDO_OBJS} ldap.o" + SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo" + LDAP="" AC_MSG_CHECKING([for LDAP libraries]) LDAP_LIBS="" @@ -2368,6 +3013,17 @@ if test ${with_ldap-'no'} != "no"; then #include #include ]], [[(void)ldap_init(0, 0)]])], [found=yes; break]) done + if test "$found" = "no"; then + LDAP_LIBS="" + LIBS="$_LIBS" + for l in -libmldap -lidsldif; do + LIBS="${LIBS} $l" + LDAP_LIBS="${LDAP_LIBS} $l" + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include + #include + #include ]], [[(void)ldap_init(0, 0)]])], [found=yes; break]) + done + fi dnl if nothing linked just try with -lldap if test "$found" = "no"; then LIBS="${_LIBS} -lldap" @@ -2389,9 +3045,10 @@ if test ${with_ldap-'no'} != "no"; then AC_MSG_RESULT([yes]) AC_DEFINE(HAVE_LBER_H)]) - AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldap_sasl_interactive_bind_s ldapssl_init ldapssl_set_strength ldap_search_ext_s ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s) - AC_CHECK_HEADERS([sasl/sasl.h]) + AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)], [break]) AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include ]) + AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_client_init ldap_start_tls_s_np) + AC_CHECK_FUNCS(ldap_search_ext_s ldap_search_st, [break]) if test X"$check_gss_krb5_ccache_name" = X"yes"; then AC_CHECK_LIB(gssapi, gss_krb5_ccache_name, @@ -2407,7 +3064,7 @@ if test ${with_ldap-'no'} != "no"; then O_CPPFLAGS="$CPPFLAGS" for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" - AC_PREPROC_IFELSE([#include ], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([#include ], [found="gssapi.h"; break])]) + AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found="gssapi.h"; break])]) done if test X"$found" != X"no"; then AC_CHECK_HEADERS([$found]) @@ -2420,35 +3077,87 @@ if test ${with_ldap-'no'} != "no"; then fi fi - SUDO_LIBS="${SUDO_LIBS} ${LDAP_LIBS}" + SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}" LIBS="$_LIBS" LDFLAGS="$_LDFLAGS" fi +# +# How to do dynamic object loading. +# We support dlopen() and sh_load(), else fall back to static loading. +# +case "$lt_cv_dlopen" in + dlopen) + AC_DEFINE(HAVE_DLOPEN) + SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo" + LT_STATIC="--tag=disable-static" + ;; + shl_load) + AC_DEFINE(HAVE_SHL_LOAD) + SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo" + LT_STATIC="--tag=disable-static" + AC_LIBOBJ(dlopen) + ;; + *) + if test X"${ac_cv_func_dlopen}" = X"yes"; then + AC_MSG_ERROR(["dlopen present but libtool doesn't appear to support your platform."]) + fi + # Preload sudoers module symbols + SUDO_OBJS="${SUDO_OBJS} preload.o" + SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la" + LT_STATIC="" + AC_LIBOBJ(dlopen) + ;; +esac + +# +# Add library needed for dynamic loading, if any. +# +LIBDL="$lt_cv_dlopen_libs" +if test X"$LIBDL" != X""; then + SUDO_LIBS="${SUDO_LIBS} $LIBDL" + SUDOERS_LIBS="${SUDOERS_LIBS} $LIBDL" +fi + +# On HP-UX, you cannot dlopen() a shared object that uses pthreads +# unless the main program is linked against -lpthread. Since we +# have no knowledge what libraries a plugin may depend on, we always +# link against -lpthread on HP-UX if it is available. +# This check should go after all other libraries tests. +case "$host" in + *-*-hpux*) + AC_CHECK_LIB(pthread, main, [SUDO_LIBS="${SUDO_LIBS} -lpthread"]) + ;; +esac + dnl -dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we -dnl added -L dirpaths to SUDO_LDFLAGS. +dnl Add $blibpath to SUDOERS_LDFLAGS if specified by the user or if we +dnl added -L dirpaths to SUDOERS_LDFLAGS. dnl if test -n "$blibpath"; then if test -n "$blibpath_add"; then - SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}" + SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}" elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then - SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}" + SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}" fi fi dnl -dnl Check for log file and timestamp locations +dnl Check for log file, timestamp and iolog locations dnl +if test "$utmp_style" = "LEGACY"; then + SUDO_PATH_UTMP +fi SUDO_LOGFILE SUDO_TIMEDIR +SUDO_IO_LOGDIR dnl -dnl Use passwd (and secureware) auth modules? +dnl Use passwd auth module? dnl case "$with_passwd" in yes|maybe) - AUTH_OBJS="$AUTH_OBJS passwd.o" + AUTH_OBJS="$AUTH_OBJS getspwuid.lo passwd.lo" ;; *) AC_DEFINE(WITHOUT_PASSWD) @@ -2458,24 +3167,36 @@ yes|maybe) ;; esac AUTH_OBJS=${AUTH_OBJS# } -_AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` +_AUTH=`echo "$AUTH_OBJS" | sed -e 's/\.lo//g' -e 's/getspwuid *//'` AC_MSG_NOTICE([using the following authentication methods: $_AUTH]) dnl -dnl LIBS may contain duplicates from SUDO_LIBS or NET_LIBS so prune it. +dnl LIBS may contain duplicates from SUDO_LIBS, SUDOERS_LIBS, or NET_LIBS dnl if test -n "$LIBS"; then L="$LIBS" LIBS= for l in ${L}; do dupe=0 - for sl in ${SUDO_LIBS} ${NET_LIBS}; do + for sl in ${SUDO_LIBS} ${SUDOERS_LIBS} ${NET_LIBS}; do test $l = $sl && dupe=1 done test $dupe = 0 && LIBS="${LIBS} $l" done fi +dnl +dnl We add -Wall and -Werror after all tests so they don't cause failures +dnl +if test -n "$GCC"; then + if test X"$enable_warnings" = X"yes" -o X"$with_devel" = X"yes"; then + CFLAGS="${CFLAGS} -Wall" + fi + if test X"$enable_werror" = X"yes"; then + CFLAGS="${CFLAGS} -Werror" + fi +fi + dnl dnl Set exec_prefix dnl @@ -2495,23 +3216,58 @@ if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then fi fi if test X"$with_noexec" != X"no"; then - PROGS="${PROGS} sudo_noexec.la" + PROGS="${PROGS} libsudo_noexec.la" INSTALL_NOEXEC="install-noexec" - eval noexec_file="$with_noexec" - AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so]) + noexec_file="$with_noexec" + _noexec_file= + while test X"$noexec_file" != X"$_noexec_file"; do + _noexec_file="$noexec_file" + eval noexec_file="$_noexec_file" + done + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so]) fi if test X"$with_selinux" != X"no"; then - eval sesh_file="$libexecdir/sesh" - AC_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh]) + sesh_file="$libexecdir/sesh" + _sesh_file= + while test X"$sesh_file" != X"$_sesh_file"; do + _sesh_file="$sesh_file" + eval sesh_file="$_sesh_file" + done + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh]) fi + PLUGINDIR="$with_plugindir" + _PLUGINDIR= + while test X"$PLUGINDIR" != X"$_PLUGINDIR"; do + _PLUGINDIR="$PLUGINDIR" + eval PLUGINDIR="$_PLUGINDIR" + done + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/") + SUDO_DEFINE_UNQUOTED(SUDOERS_PLUGIN, "sudoers${SOEXT}") exec_prefix="$oexec_prefix" fi +dnl +dnl Override default configure dirs for the Makefile +dnl +if test X"$prefix" = X"NONE"; then + test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man' +else + test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man' +fi +test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' +test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' +test "$libexecdir" = '${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec' +test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include' +test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share' +test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' +test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' + dnl dnl Substitute into the Makefile and man pages dnl -AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudo_usage.h]) +dnl AC_CONFIG_FILES([doc/sudo.man doc/visudo.man doc/sudoers.man doc/sudoers.ldap.man doc/sudoreplay.man src/Makefile src/sudo_usage.h]) +AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/sample_group/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers]) AC_OUTPUT dnl @@ -2519,6 +3275,12 @@ dnl Spew any text the user needs to know about dnl if test "$with_pam" = "yes"; then case $host in + *-*-hpux*) + if test -f /usr/lib/security/libpam_hpsec.so.1; then + AC_MSG_NOTICE([You may wish to add the following line to /etc/pam.conf]) + AC_MSG_NOTICE([sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login]) + fi + ;; *-*-linux*) AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo]) ;; @@ -2531,20 +3293,23 @@ dnl AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.]) AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.]) AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.]) +AH_TEMPLATE(SUDOERS_PLUGIN, [The name of the sudoers plugin, including extension.]) AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.]) +AH_TEMPLATE(ENV_DEBUG, [Define to 1 to enable environment function debugging.]) AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.]) AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.]) +AH_TEMPLATE(ENV_RESET, [Define to 1 to enable environment resetting by default.]) AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".]) AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.]) AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.]) AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.]) AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.]) +AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM audit support.]) AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.]) AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.]) AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.]) -AH_TEMPLATE(HAVE_DGETTEXT, [Define to 1 if you have the `dgettext' function.]) AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.]) -AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.]) +AH_TEMPLATE(HAVE_DLOPEN, [Define to 1 if you have the `dlopen' function.]) AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.]) AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.]) AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.]) @@ -2555,31 +3320,31 @@ AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)]) AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.]) AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.]) -AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if contains struct in6_addr.]) AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)]) AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)]) -AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.]) AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.]) AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.]) -AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_alloc' function takes two arguments.]) +AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.]) AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.]) AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.]) AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs . (OpenLDAP does not)]) AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.]) +AH_TEMPLATE(HAVE_LIBINTL_H, [Define to 1 if you have the header file.]) +AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.]) AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.]) AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.]) +AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.]) AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the header file.]) AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.]) AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.]) -AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if has the sigaction_t typedef.]) +AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.]) +AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.]) AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.]) AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().]) +AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments]) AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union]) AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member]) AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member]) -AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the header file and the `tcgetattr' function.]) -AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h]) -AH_TEMPLATE(HAVE_TIMESPECSUB2, [Define to 1 if you have a timespecsub macro or function that takes two arguments (not three)]) AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.]) AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.]) AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements]) @@ -2587,8 +3352,10 @@ AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.]) AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.]) AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.]) AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.]) +AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support]) AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.]) AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.]) +AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.]) AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.]) AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.]) AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.]) @@ -2597,12 +3364,22 @@ AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is n AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.]) AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.]) AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.]) +AH_TEMPLATE(UMASK_OVERRIDE, [Define to 1 to use the umask specified in sudoers even when it is less restrictive than the invoking user's.]) +AH_TEMPLATE(USE_ADMIN_FLAG, [Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo.]) AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.]) AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.]) -AH_TEMPLATE(USE_TTY_TICKETS, [Define to 1 if you want a different ticket file for each tty.]) AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.]) AH_TEMPLATE(sig_atomic_t, [Define to `int' if does not define.]) AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.]) +AH_TEMPLATE(socklen_t, [Define to `unsigned int' if doesn't define.]) +AH_TEMPLATE(HAVE_STRUCT_UTMP_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmp'.]) +AH_TEMPLATE(HAVE_STRUCT_UTMPX_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmpx'.]) +AH_TEMPLATE(HAVE___FUNC__, [Define to 1 if the compiler supports the C99 __func__ variable.]) +AH_TEMPLATE(SUDO_KRB5_INSTANCE, [An instance string to append to the username (separated by a slash) for Kerberos V authentication]) +AH_TEMPLATE(RTLD_PRELOAD_VAR, [The environment variable that controls preloading of dynamic objects.]) +AH_TEMPLATE(RTLD_PRELOAD_ENABLE_VAR, [An extra environment variable that is required to enable preloading (if any).]) +AH_TEMPLATE(RTLD_PRELOAD_DELIM, [The delimiter to use when defining multiple preloaded objects.]) +AH_TEMPLATE(RTLD_PRELOAD_DEFAULT, [The default value of preloaded objects (if any).]) dnl dnl Bits to copy verbatim into config.h.in @@ -2611,37 +3388,38 @@ AH_TOP([#ifndef _SUDO_CONFIG_H #define _SUDO_CONFIG_H]) AH_BOTTOM([/* - * Macros to pull sec and nsec parts of mtime from struct stat. - * We need to be able to convert between timeval and timespec - * so the last 3 digits of tv_nsec are not significant. + * Macros to convert ctime and mtime into timevals. */ +#define timespec2timeval(_ts, _tv) do { \ + (_tv)->tv_sec = (_ts)->tv_sec; \ + (_tv)->tv_usec = (_ts)->tv_nsec / 1000; \ +} while (0) + #ifdef HAVE_ST_MTIM # ifdef HAVE_ST__TIM -# define mtim_getsec(_x) ((_x).st_mtim.st__tim.tv_sec) -# define mtim_getnsec(_x) (((_x).st_mtim.st__tim.tv_nsec / 1000) * 1000) +# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim.st__tim, (_y)) +# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim.st__tim, (_y)) # else -# define mtim_getsec(_x) ((_x).st_mtim.tv_sec) -# define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000) +# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim, (_y)) +# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim, (_y)) # endif #else # ifdef HAVE_ST_MTIMESPEC -# define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec) -# define mtim_getnsec(_x) (((_x).st_mtimespec.tv_nsec / 1000) * 1000) +# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctimespec, (_y)) +# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtimespec, (_y)) # else -# define mtim_getsec(_x) ((_x).st_mtime) -# define mtim_getnsec(_x) (0) +# define ctim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_ctime; (_y)->tv_usec = 0; } while (0) +# define mtim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_mtime; (_y)->tv_usec = 0; } while (0) # endif /* HAVE_ST_MTIMESPEC */ #endif /* HAVE_ST_MTIM */ -/* - * Emulate a subset of waitpid() if we don't have it. - */ -#ifdef HAVE_WAITPID -# define sudo_waitpid(p, s, o) waitpid(p, s, o) +#ifdef __GNUC__ +# define ignore_result(x) do { \ + __typeof__(x) y = (x); \ + (void)y; \ +} while(0) #else -# ifdef HAVE_WAIT3 -# define sudo_waitpid(p, s, o) wait3(s, o, NULL) -# endif +# define ignore_result(x) (void)(x) #endif /* GNU stow needs /etc/sudoers to be a symlink. */ @@ -2659,7 +3437,7 @@ AH_BOTTOM([/* #undef ISSET #define ISSET(t, f) ((t) & (f)) -/* New ANSI-style OS defs for HP-UX and ConvexOS. */ +/* ANSI-style OS defs for HP-UX and ConvexOS. */ #if defined(hpux) && !defined(__hpux) # define __hpux 1 #endif /* hpux */