X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=configure.in;h=aed2ff0bbdf1ce98031d95ce5940600b4cf8cde7;hb=e52e358fe62bf35950dc2bee3c9d45f159fb4420;hp=f9a7d31a17f067a3f3abf5c70d515904cfb882bb;hpb=f1001ea55f51d8362d6f1227830c17e22a9a96f9;p=debian%2Fsudo diff --git a/configure.in b/configure.in index f9a7d31..aed2ff0 100644 --- a/configure.in +++ b/configure.in @@ -1,10 +1,9 @@ dnl dnl Process this file with GNU autoconf to produce a configure script. -dnl $Sudo: configure.in,v 1.549 2009/06/13 20:52:50 millert Exp $ dnl -dnl Copyright (c) 1994-1996,1998-2009 Todd C. Miller +dnl Copyright (c) 1994-1996,1998-2010 Todd C. Miller dnl -AC_INIT([sudo], [1.7.2p2], [http://www.sudo.ws/bugs/], [sudo]) +AC_INIT([sudo], [1.7.4p5], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER(config.h pathnames.h) dnl dnl This won't work before AC_INIT @@ -13,89 +12,94 @@ AC_MSG_NOTICE([Configuring Sudo version $PACKAGE_VERSION]) dnl dnl Variables that get substituted in the Makefile and man pages dnl -AC_SUBST(HAVE_BSM_AUDIT) -AC_SUBST(LIBTOOL) -AC_SUBST(CFLAGS) -AC_SUBST(PROGS) -AC_SUBST(CPPFLAGS) -AC_SUBST(LDFLAGS) -AC_SUBST(SUDO_LDFLAGS) -AC_SUBST(SUDO_OBJS) -AC_SUBST(LIBS) -AC_SUBST(SUDO_LIBS) -AC_SUBST(NET_LIBS) -AC_SUBST(AFS_LIBS) -AC_SUBST(GETGROUPS_LIB) -AC_SUBST(OSDEFS) -AC_SUBST(AUTH_OBJS) -AC_SUBST(MANTYPE) -AC_SUBST(MAN_POSTINSTALL) -AC_SUBST(SUDOERS_MODE) -AC_SUBST(SUDOERS_UID) -AC_SUBST(SUDOERS_GID) -AC_SUBST(DEV) -AC_SUBST(SELINUX) -AC_SUBST(BAMAN) -AC_SUBST(LCMAN) -AC_SUBST(SEMAN) -AC_SUBST(devdir) -AC_SUBST(mansectsu) -AC_SUBST(mansectform) -AC_SUBST(mansrcdir) -AC_SUBST(NOEXECFILE) -AC_SUBST(NOEXECDIR) -AC_SUBST(noexec_file) -AC_SUBST(INSTALL_NOEXEC) -AC_SUBST(DONT_LEAK_PATH_INFO) -AC_SUBST(BSDAUTH_USAGE) -AC_SUBST(SELINUX_USAGE) -AC_SUBST(LDAP) -AC_SUBST(LOGINCAP_USAGE) -AC_SUBST(NONUNIX_GROUPS_IMPL) +AC_SUBST([HAVE_BSM_AUDIT]) +AC_SUBST([SHELL]) +AC_SUBST([LIBTOOL]) +AC_SUBST([CFLAGS]) +AC_SUBST([PROGS]) +AC_SUBST([CPPFLAGS]) +AC_SUBST([LDFLAGS]) +AC_SUBST([COMMON_OBJS]) +AC_SUBST([SUDO_LDFLAGS]) +AC_SUBST([SUDO_OBJS]) +AC_SUBST([LIBS]) +AC_SUBST([SUDO_LIBS]) +AC_SUBST([NET_LIBS]) +AC_SUBST([AFS_LIBS]) +AC_SUBST([GETGROUPS_LIB]) +AC_SUBST([OSDEFS]) +AC_SUBST([AUTH_OBJS]) +AC_SUBST([MANTYPE]) +AC_SUBST([MAN_POSTINSTALL]) +AC_SUBST([SUDOERS_MODE]) +AC_SUBST([SUDOERS_UID]) +AC_SUBST([SUDOERS_GID]) +AC_SUBST([DEV]) +AC_SUBST([BAMAN]) +AC_SUBST([LCMAN]) +AC_SUBST([SEMAN]) +AC_SUBST([devdir]) +AC_SUBST([mansectsu]) +AC_SUBST([mansectform]) +AC_SUBST([mansrcdir]) +AC_SUBST([NOEXECFILE]) +AC_SUBST([NOEXECDIR]) +AC_SUBST([noexec_file]) +AC_SUBST([INSTALL_NOEXEC]) +AC_SUBST([DONT_LEAK_PATH_INFO]) +AC_SUBST([BSDAUTH_USAGE]) +AC_SUBST([SELINUX_USAGE]) +AC_SUBST([LDAP]) +AC_SUBST([REPLAY]) +AC_SUBST([LOGINCAP_USAGE]) +AC_SUBST([ZLIB]) +AC_SUBST([CONFIGURE_ARGS]) dnl dnl Variables that get substituted in docs (not overridden by environment) dnl -AC_SUBST(timedir)dnl initial value from SUDO_TIMEDIR -AC_SUBST(timeout) -AC_SUBST(password_timeout) -AC_SUBST(sudo_umask) -AC_SUBST(passprompt) -AC_SUBST(long_otp_prompt) -AC_SUBST(lecture) -AC_SUBST(logfac) -AC_SUBST(goodpri) -AC_SUBST(badpri) -AC_SUBST(loglen) -AC_SUBST(ignore_dot) -AC_SUBST(mail_no_user) -AC_SUBST(mail_no_host) -AC_SUBST(mail_no_perms) -AC_SUBST(mailto) -AC_SUBST(mailsub) -AC_SUBST(badpass_message) -AC_SUBST(fqdn) -AC_SUBST(runas_default) -AC_SUBST(env_editor) -AC_SUBST(passwd_tries) -AC_SUBST(tty_tickets) -AC_SUBST(insults) -AC_SUBST(root_sudo) -AC_SUBST(path_info) -AC_SUBST(ldap_conf) -AC_SUBST(ldap_secret) -AC_SUBST(nsswitch_conf) -AC_SUBST(netsvc_conf) -AC_SUBST(secure_path) -dnl -dnl Initial values for above -dnl +AC_SUBST([timedir])dnl real initial value from SUDO_TIMEDIR +AC_SUBST([timeout]) +AC_SUBST([password_timeout]) +AC_SUBST([sudo_umask]) +AC_SUBST([passprompt]) +AC_SUBST([long_otp_prompt]) +AC_SUBST([lecture]) +AC_SUBST([logfac]) +AC_SUBST([goodpri]) +AC_SUBST([badpri]) +AC_SUBST([loglen]) +AC_SUBST([ignore_dot]) +AC_SUBST([mail_no_user]) +AC_SUBST([mail_no_host]) +AC_SUBST([mail_no_perms]) +AC_SUBST([mailto]) +AC_SUBST([mailsub]) +AC_SUBST([badpass_message]) +AC_SUBST([fqdn]) +AC_SUBST([runas_default]) +AC_SUBST([env_editor]) +AC_SUBST([passwd_tries]) +AC_SUBST([tty_tickets]) +AC_SUBST([insults]) +AC_SUBST([root_sudo]) +AC_SUBST([path_info]) +AC_SUBST([ldap_conf]) +AC_SUBST([ldap_secret]) +AC_SUBST([nsswitch_conf]) +AC_SUBST([netsvc_conf]) +AC_SUBST([secure_path]) +AC_SUBST([editor]) +# +# Begin initial values for man page substitution +# +timedir=/var/adm/sudo timeout=5 password_timeout=5 sudo_umask=0022 passprompt="Password:" long_otp_prompt=off lecture=once -logfac=local2 +logfac=auth goodpri=notice badpri=alert loglen=80 @@ -104,23 +108,32 @@ mail_no_user=on mail_no_host=off mail_no_perms=off mailto=root -mailsub='*** SECURITY information for %h ***' -badpass_message='Sorry, try again.' +mailsub="*** SECURITY information for %h ***" +badpass_message="Sorry, try again." fqdn=off runas_default=root env_editor=off +editor=vi passwd_tries=3 -tty_tickets=off +tty_tickets=on insults=off root_sudo=on path_info=on +ldap_conf=/etc/ldap.conf +ldap_secret=/etc/ldap.secret +netsvc_conf=/etc/netsvc.conf +noexec_file=/usr/local/libexec/sudo_noexec.so +nsswitch_conf=/etc/nsswitch.conf secure_path="not set" -INSTALL_NOEXEC= -devdir='$(srcdir)' +# +# End initial values for man page substitution +# dnl dnl Initial values for Makefile variables listed above dnl May be overridden by environment variables.. dnl +INSTALL_NOEXEC= +devdir='$(srcdir)' PROGS="sudo visudo" : ${MANTYPE='man'} : ${mansrcdir='.'} @@ -129,10 +142,11 @@ PROGS="sudo visudo" : ${SUDOERS_GID='0'} DEV="#" LDAP="#" -SELINUX="#" -BAMAN='.\" ' -LCMAN='.\" ' -SEMAN='.\" ' +REPLAY="#" +BAMAN=0 +LCMAN=0 +SEMAN=0 +ZLIB= AUTH_OBJS= AUTH_REG= AUTH_EXCL= @@ -148,17 +162,7 @@ shadow_funcs= shadow_libs= shadow_libs_optional= -dnl -dnl Override default configure dirs... -dnl -if test X"$prefix" = X"NONE"; then - test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man' -else - test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man' -fi -test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' -test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' -test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' +CONFIGURE_ARGS="$@" dnl dnl Deprecated --with options (these all warn or generate an error) @@ -182,6 +186,22 @@ dnl dnl Options for --with dnl +AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])], +[case $with_devel in + yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc]) + PROGS="${PROGS} testsudoers" + OSDEFS="${OSDEFS} -DSUDO_DEVEL" + DEV="" + devdir=. + ;; + no) ;; + *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel]) + ;; +esac]) +if test X"$with_devel" != X"yes"; then + ac_cv_prog_cc_g=no +fi + AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])], [case $with_CC in yes) AC_MSG_ERROR(["must give --with-CC an argument."]) @@ -220,6 +240,25 @@ AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit sup ;; esac]) +dnl +dnl Handle Linux auditing support. +dnl +AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux-audit], [enable Linux audit support])], +[case $with_linux_audit in + yes) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[int i = AUDIT_USER_CMD; (void)i;]])], [ + AC_DEFINE(HAVE_LINUX_AUDIT) + SUDO_LIBS="${SUDO_LIBS} -laudit" + SUDO_OBJS="${SUDO_OBJS} linux_audit.o" + ], [ + AC_MSG_ERROR([unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit]) + ]) + ;; + no) ;; + *) AC_MSG_ERROR(["--with-linux-audit does not take an argument."]) + ;; +esac]) + AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])], [case $with_incpath in yes) AC_MSG_ERROR(["must give --with-incpath an argument."]) @@ -253,19 +292,6 @@ AC_ARG_WITH(libraries, [AS_HELP_STRING([--with-libraries], [additional libraries ;; esac]) -AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])], -[case $with_devel in - yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc]) - PROGS="${PROGS} testsudoers" - OSDEFS="${OSDEFS} -DSUDO_DEVEL" - DEV="" - devdir=. - ;; - no) ;; - *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel]) - ;; -esac]) - AC_ARG_WITH(efence, [AS_HELP_STRING([--with-efence], [link with -lefence for malloc() debugging])], [case $with_efence in yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)]) @@ -480,8 +506,7 @@ AC_ARG_WITH(logging, [AS_HELP_STRING([--with-logging], [log via syslog, file, or ;; esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)]) -AC_MSG_CHECKING(which syslog facility sudo should log with) -AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "local2")])], +AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "auth")])], [case $with_logfac in yes) AC_MSG_ERROR(["must give --with-logfac an argument."]) ;; @@ -492,8 +517,6 @@ AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log wit *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."]) ;; esac]) -AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.]) -AC_MSG_RESULT($logfac) AC_MSG_CHECKING(at which syslog priority to log commands) AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])], @@ -694,6 +717,12 @@ AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir], [path to the sudo timesta ;; esac]) +AC_ARG_WITH(iologdir, [AS_HELP_STRING([--with-iologdir=DIR], [directory to store sudo I/O log files in])], +[case $with_iologdir in + yes) ;; + no) ;; +esac]) + AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail]) AS_HELP_STRING([--without-sendmail], [do not send mail at all])], [case $with_sendmail in @@ -796,6 +825,7 @@ AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for vi ;; *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.]) AC_MSG_RESULT([$with_editor]) + editor="$with_editor" ;; esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)]) @@ -868,11 +898,11 @@ AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."]) ;; esac]) -if test "$tty_tickets" = "on"; then - AC_DEFINE(USE_TTY_TICKETS) - AC_MSG_RESULT(yes) -else +if test "$tty_tickets" = "off"; then + AC_DEFINE(NO_TTY_TICKETS) AC_MSG_RESULT(no) +else + AC_MSG_RESULT(yes) fi AC_MSG_CHECKING(whether to include insults) @@ -882,6 +912,10 @@ AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for ente with_classic_insults=yes with_csops_insults=yes ;; + disabled) insults=off + with_classic_insults=yes + with_csops_insults=yes + ;; no) insults=off ;; *) AC_MSG_ERROR(["--with-insults does not take an argument."]) @@ -960,12 +994,12 @@ AC_ARG_WITH(ldap, [AS_HELP_STRING([--with-ldap[[=DIR]]], [enable LDAP support])] esac]) AC_ARG_WITH(ldap-conf-file, [AS_HELP_STRING([--with-ldap-conf-file], [path to LDAP configuration file])]) -SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "${with_ldap_conf_file-/etc/ldap.conf}", [Path to the ldap.conf file]) -ldap_conf=${with_ldap_conf_file-'/etc/ldap.conf'} +test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file" +SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$ldap_conf", [Path to the ldap.conf file]) AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path to LDAP secret password file])]) -SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "${with_ldap_secret_file-/etc/ldap.secret}", [Path to the ldap.secret file]) -ldap_secret=${with_ldap_secret_file-'/etc/ldap.secret'} +test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file" +SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file]) AC_ARG_WITH(pc-insults, [AS_HELP_STRING([--with-pc-insults], [replace politically incorrect insults with less offensive ones])], [case $with_pc_insults in @@ -1033,7 +1067,7 @@ AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pat yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."]) ;; no) ;; - *) AC_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass]) + *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass]) ;; esac], AC_MSG_RESULT(no)) @@ -1045,18 +1079,22 @@ AC_ARG_WITH(libvas, [AS_HELP_STRING([--with-libvas=NAME], [Name of the libvas sh yes) with_libvas=libvas.so ;; no) ;; - *) AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_with_libvas"], [The name of libvas.so]) + *) AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_libvas"], [The name of libvas.so]) ;; esac if test X"$with_libvas" != X"no"; then AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_libvas"], [The name of libvas.so]) AC_DEFINE(USING_NONUNIX_GROUPS) - NONUNIX_GROUPS_IMPL="vasgroups.o" + COMMON_OBJS="$COMMON_OBJS vasgroups.o" AC_ARG_WITH([libvas-rpath], [AS_HELP_STRING([--with-libvas-rpath=PATH], [Path to look for libvas in [default=/opt/quest/lib]])], [LIBVAS_RPATH=$withval], [LIBVAS_RPATH=/opt/quest/lib]) + dnl + dnl Some platforms require libdl for dlopen() + dnl + AC_CHECK_LIB([dl], [main]) fi ]) @@ -1218,6 +1256,30 @@ AC_ARG_ENABLE(env_debug, esac ], AC_MSG_RESULT(no)) +AC_ARG_ENABLE(warnings, +[AS_HELP_STRING([--enable-warnings], [Whether to enable compiler warnings])], +[ case "$enableval" in + yes) if test X"$with_devel" != X"yes" -a -n "$GCC"; then + CFLAGS="${CFLAGS} -Wall" + fi + ;; + no) ;; + *) AC_MSG_WARN([Ignoring unknown argument to --enable-warnings: $enableval]) + ;; + esac +]) + +AC_ARG_ENABLE(admin-flag, +[AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])], +[ case "$enableval" in + yes) AC_DEFINE(USE_ADMIN_FLAG) + ;; + no) ;; + *) AC_MSG_WARN([Ignoring unknown argument to --enable-admin-flag: $enableval]) + ;; + esac +]) + AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])], [case $with_selinux in yes) SELINUX_USAGE="[[-r role]] [[-t type]] " @@ -1225,8 +1287,9 @@ AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support]) SUDO_LIBS="${SUDO_LIBS} -lselinux" SUDO_OBJS="${SUDO_OBJS} selinux.o" PROGS="${PROGS} sesh" - SELINUX="" - SEMAN="" + SEMAN=1 + AC_CHECK_LIB([selinux], [setkeycreatecon], + [AC_DEFINE(HAVE_SETKEYCREATECON)]) ;; no) ;; *) AC_MSG_ERROR(["--with-selinux does not take an argument."]) @@ -1240,34 +1303,21 @@ AC_ARG_ENABLE(gss_krb5_ccache_name, [AS_HELP_STRING([--enable-gss-krb5-ccache-name], [Use GSS-API to set the Kerberos V cred cache name])], [check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no]) -dnl -dnl If we don't have egrep we can't do anything... -dnl -AC_CHECK_PROG(EGREPPROG, egrep, egrep) -if test -z "$EGREPPROG"; then - AC_MSG_ERROR([Sorry, configure requires egrep to run.]) -fi - -dnl -dnl Prevent configure from adding the -g flag unless in devel mode -dnl -if test "$with_devel" != "yes"; then - ac_cv_prog_cc_g=no -fi - dnl dnl C compiler checks dnl -AC_ISC_POSIX +AC_SEARCH_LIBS([strerror], [cposix]) AC_PROG_CPP +AC_CHECK_TOOL(AR, ar, false) +AC_CHECK_TOOL(RANLIB, ranlib, :) dnl -dnl Libtool magic; enable shared libs and disable static libs +dnl Libtool setup, we require libtool 2.2.6b or higher dnl AC_CANONICAL_HOST -AC_DISABLE_STATIC -AC_LIBTOOL_DLOPEN -AC_PROG_LIBTOOL +AC_CONFIG_MACRO_DIR([m4]) +LT_PREREQ([2.2.6b]) +LT_INIT dnl dnl Defer with_noexec until after libtool magic runs @@ -1292,16 +1342,16 @@ NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`" dnl dnl It is now safe to modify CFLAGS and CPPFLAGS dnl -if test "$with_devel" = "yes" -a -n "$GCC"; then +if test X"$with_devel" = X"yes" -a -n "$GCC"; then CFLAGS="${CFLAGS} -Wall" fi dnl dnl Find programs we use dnl -AC_CHECK_PROG(UNAMEPROG, uname, uname) -AC_CHECK_PROG(TRPROG, tr, tr) -AC_CHECK_PROG(NROFFPROG, nroff, nroff) +AC_CHECK_PROG(UNAMEPROG, [uname], [uname]) +AC_CHECK_PROG(TRPROG, [tr], [tr]) +AC_CHECK_PROGS(NROFFPROG, [nroff mandoc]) if test -z "$NROFFPROG"; then MANTYPE="cat" mansrcdir='$(srcdir)' @@ -1363,7 +1413,7 @@ case "$host" in ;; *-*-aix*) # To get all prototypes (so we pass -Wall) - OSDEFS="${OSDEFS} -D_XOPEN_EXTENDED_SOURCE -D_ALL_SOURCE" + OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT" SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp" if test X"$with_blibpath" != X"no"; then AC_MSG_CHECKING([if linker accepts -Wl,-blibpath]) @@ -1400,8 +1450,8 @@ case "$host" in fi # AIX-specific functions - AC_CHECK_FUNCS(getuserattr) - SUDO_OBJS="$SUDO_OBJS aix.o" + AC_CHECK_FUNCS(getuserattr setauthdb) + COMMON_OBJS="$COMMON_OBJS aix.o" ;; *-*-hiuxmpp*) : ${mansectsu='1m'} @@ -1415,21 +1465,31 @@ case "$host" in : ${mansectsu='1m'} : ${mansectform='4'} - # HP-UX bundled compiler can't generate shared objects - if test "x$ac_cv_prog_cc_c89" = "xno"; then - with_noexec=no - fi + if test -z "$GCC"; then + # HP-UX bundled compiler can't generate shared objects + if -z "$pic_flag"; then + with_noexec=no + fi - # Use the +DAportable flag if it is supported - _CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS +DAportable" - AC_CACHE_CHECK([whether $CC understands +DAportable], - [sudo_cv_var_daportable], - [AC_TRY_LINK([], [], [sudo_cv_var_daportable=yes], - [sudo_cv_var_daportable=no])] - ) - if test X"$sudo_cv_var_daportable" != X"yes"; then - CFLAGS="$_CFLAGS" + # Use the +DAportable flag on hppa if it is supported + case "$host_cpu" in + hppa*) + _CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS +DAportable" + AC_CACHE_CHECK([whether $CC understands +DAportable], + [sudo_cv_var_daportable], + [AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[]], [[]])], + [sudo_cv_var_daportable=yes], + [sudo_cv_var_daportable=no] + ) + ] + ) + if test X"$sudo_cv_var_daportable" != X"yes"; then + CFLAGS="$_CFLAGS" + fi + ;; + esac fi case "$host" in @@ -1519,7 +1579,7 @@ case "$host" in OSDEFS="${OSDEFS} -D_BSD_TYPES" if test -z "$NROFFPROG"; then MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)' - if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then + if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then if test -d /usr/share/catman/local; then mandir="/usr/share/catman/local" else @@ -1527,7 +1587,7 @@ case "$host" in fi fi else - if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then + if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then if test -d "/usr/share/man/local"; then mandir="/usr/share/man/local" else @@ -1686,7 +1746,10 @@ case "$host" in CHECKSHADOW="false" ;; *-*-darwin*) - SKIP_SETREUID=yes + # Darwin has a real setreuid(2) starting with 9.0 + if test $OSMAJOR -lt 9; then + SKIP_SETREUID=yes + fi CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='yes'} @@ -1777,23 +1840,30 @@ if test -z "$with_editor"; then SUDO_PROG_VI fi dnl +dnl Check for authpriv support in syslog +dnl +AC_MSG_CHECKING(which syslog facility sudo should log with) +if test X"$with_logfac" = X""; then + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[int i = LOG_AUTHPRIV; (void)i;]])], [logfac=authpriv]) +fi +AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.]) +AC_MSG_RESULT($logfac) +dnl dnl Header file checks dnl AC_HEADER_STDC AC_HEADER_DIRENT AC_HEADER_TIME -AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h) -dnl ultrix termio/termios are broken -if test "$OS" != "ultrix"; then - AC_SYS_POSIX_TERMIOS - if test "$ac_cv_sys_posix_termios" = "yes"; then - AC_DEFINE(HAVE_TERMIOS_H) - else - AC_CHECK_HEADERS(termio.h) - fi +AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h) +AC_SYS_POSIX_TERMIOS +if test "$ac_cv_sys_posix_termios" = "yes"; then + AC_DEFINE(HAVE_TERMIOS_H) +else + AC_CHECK_HEADERS(termio.h) fi +SUDO_MAILDIR if test ${with_logincap-'no'} != "no"; then - AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN="" + AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1 case "$OS" in freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" ;; @@ -1821,12 +1891,13 @@ AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include ]) AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include #include ]) +AC_TYPE_LONG_LONG_INT +AC_CHECK_SIZEOF([long int]) SUDO_TYPE_SIZE_T SUDO_TYPE_SSIZE_T SUDO_TYPE_DEV_T SUDO_TYPE_INO_T SUDO_UID_T_LEN -SUDO_TYPE_LONG_LONG SUDO_SOCK_SA_LEN dnl dnl only set RETSIGTYPE if it is not set already @@ -1841,7 +1912,34 @@ dnl AC_FUNC_GETGROUPS AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \ strftime setrlimit initgroups getgroups fstat gettimeofday \ - setlocale getaddrinfo setsid setenv) + regcomp setlocale getaddrinfo setenv vhangup \ + mbr_check_membership setrlimit64) +AC_CHECK_FUNCS(getline, [], [ + AC_LIBOBJ(getline) + AC_CHECK_FUNCS(fgetln) +]) +AC_CHECK_FUNCS(setsid, [], [ + AC_LIBOBJ(setsid) + AC_FUNC_SETPGRP +]) + +AC_CHECK_FUNCS(sysctl getutid getutxid, [break]) + +AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(util.h pty.h, [break])], [ + AC_CHECK_LIB(util, openpty, [ + AC_CHECK_HEADERS(util.h pty.h, [break]) + SUDO_LIBS="${SUDO_LIBS} -lutil" + AC_DEFINE(HAVE_OPENPTY) + ], [ + AC_CHECK_FUNCS(_getpty, [], [ + AC_CHECK_FUNCS(grantpt, [ + AC_CHECK_FUNCS(posix_openpt) + ], [ + AC_CHECK_FUNCS(revoke) + ]) + ]) + ]) +]) AC_CHECK_FUNCS(unsetenv, SUDO_FUNC_UNSETENV_VOID) SUDO_FUNC_PUTENV_CONST if test -z "$SKIP_SETRESUID"; then @@ -1867,15 +1965,20 @@ AC_CHECK_FUNCS(lockf flock, [break]) AC_CHECK_FUNCS(waitpid wait3, [break]) AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]]) AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)]) +AC_CHECK_FUNCS(killpg, [], [AC_LIBOBJ(killpg)]) SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)]) SUDO_FUNC_ISBLANK AC_REPLACE_FUNCS(memrchr strerror strcasecmp sigaction strlcpy strlcat) +AC_CHECK_FUNCS(nanosleep, [], [ + # On Solaris, nanosleep is in librt + AC_CHECK_LIB(rt, nanosleep, [LIBS="${LIBS} -lrt"], [AC_LIBOBJ(nanosleep)]) +]) AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom) AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [], [ #include #include ]) ]) -AC_CHECK_FUNCS(mkstemp, [], [SUDO_OBJS="${SUDO_OBJS} mkstemp.o" +AC_CHECK_FUNCS(mkstemps, [], [SUDO_OBJS="${SUDO_OBJS} mkstemps.o" AC_CHECK_FUNCS(random lrand48, [break]) ]) AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1]) @@ -1883,22 +1986,13 @@ if test X"$ac_cv_type_struct_timespec" != X"no"; then AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)] [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))], [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))]) - AC_MSG_CHECKING([for two-parameter timespecsub]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include -#include ]], [[struct timespec ts1, ts2; -ts1.tv_sec = 1; ts1.tv_nsec = 0; ts2.tv_sec = 0; ts2.tv_nsec = 0; -#ifndef timespecsub -#error missing timespecsub -#endif -timespecsub(&ts1, &ts2);]])], [AC_DEFINE(HAVE_TIMESPECSUB2) - AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)]) fi dnl dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR. dnl AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include -#include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_TRY_LINK([#include -#include <$ac_header_dirent>], [DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);], [AC_DEFINE(HAVE_DD_FD)])]) +#include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include +#include <$ac_header_dirent>]], [[DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);]])], [AC_DEFINE(HAVE_DD_FD)], [])]) dnl dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf) @@ -1938,11 +2032,27 @@ AC_CHECK_FUNCS(getprogname, , [ AC_MSG_RESULT($sudo_cv___progname) ]) +dnl +dnl Check for strsignal() or sys_siglist +dnl +AC_CHECK_FUNCS(strsignal, [], [ + AC_LIBOBJ(strsignal) + HAVE_SIGLIST="false" + AC_CHECK_DECLS([sys_siglist, _sys_siglist, __sys_siglist], [ + HAVE_SIGLIST="true" + break + ], [ ], [ +AC_INCLUDES_DEFAULT +#include + ]) + if test "$HAVE_SIGLIST" != "true"; then + AC_LIBOBJ(siglist) + fi +]) + dnl dnl nsswitch.conf and its equivalents dnl -netsvc_conf='/etc/netsvc.conf' -nsswitch_conf='/etc/nsswitch.conf' if test ${with_netsvc-"no"} != "no"; then SUDO_DEFINE_UNQUOTED(_PATH_NETSVC_CONF, "${with_netsvc-/etc/netsvc.conf}") netsvc_conf=${with_netsvc-/etc/netsvc.conf} @@ -1977,10 +2087,15 @@ dnl and we do the actual tests here. dnl if test ${with_pam-"no"} != "no"; then dnl - dnl Linux may need this + dnl Some platforms need libdl for dlopen dnl - AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"]) - ac_cv_lib_dl=ac_cv_lib_dl_main + case "$LIBS" in + *-ldl*) SUDO_LIBS="${SUDO_LIBS} -lpam" + ;; + *) AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"]) + ac_cv_lib_dl=ac_cv_lib_dl_main + ;; + esac dnl dnl Some PAM implementations (MacOS X for example) put the PAM headers @@ -1991,6 +2106,18 @@ if test ${with_pam-"no"} != "no"; then AC_DEFINE(HAVE_PAM) AUTH_OBJS="$AUTH_OBJS pam.o"; AUTH_EXCL=PAM + + AC_ARG_WITH(pam-login, [AS_HELP_STRING([--with-pam-login], [enable specific PAM session for sudo -i])], + [case $with_pam_login in + yes) AC_DEFINE([HAVE_PAM_LOGIN]) + AC_MSG_CHECKING(whether to use PAM login) + AC_MSG_RESULT(yes) + ;; + no) ;; + *) AC_MSG_ERROR(["--with-pam-login does not take an argument."]) + ;; + esac]) + AC_MSG_CHECKING(whether to use PAM session support) AC_ARG_ENABLE(pam_session, [AS_HELP_STRING([--disable-pam-session], [Disable PAM session support])], @@ -2004,6 +2131,7 @@ if test ${with_pam-"no"} != "no"; then AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval]) ;; esac], AC_MSG_RESULT(yes)) + case $host in *-*-linux*|*-*-solaris*) # dgettext() may be defined to dgettext_libintl in the @@ -2041,7 +2169,7 @@ if test ${with_bsdauth-'no'} != "no"; then AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H) [AUTH_OBJS="$AUTH_OBJS bsdauth.o"] [BSDAUTH_USAGE='[[-a auth_type]] '] - [AUTH_EXCL=BSD_AUTH; BAMAN=""], + [AUTH_EXCL=BSD_AUTH; BAMAN=1], [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])]) fi @@ -2248,8 +2376,11 @@ if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then AC_CHECK_FUNCS(krb5_get_init_creds_opt_alloc, [ AC_CACHE_CHECK([whether krb5_get_init_creds_opt_free takes a context], sudo_cv_krb5_get_init_creds_opt_free_two_args, [ - AC_TRY_COMPILE([#include ], - [krb5_get_init_creds_opt_free(NULL, NULL);], + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[#include ]], + [[krb5_get_init_creds_opt_free(NULL, NULL);]] + )], [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes], [sudo_cv_krb5_get_init_creds_opt_free_two_args=no] ) @@ -2445,9 +2576,9 @@ if test ${with_ldap-'no'} != "no"; then SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib]) CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include" with_ldap=yes - LDAP="" fi SUDO_OBJS="${SUDO_OBJS} ldap.o" + LDAP="" AC_MSG_CHECKING([for LDAP libraries]) LDAP_LIBS="" @@ -2525,7 +2656,12 @@ if test X"$LIBVAS_RPATH" != X""; then if test -n "$blibpath"; then blibpath_add="${blibpath_add}:$LIBVAS_RPATH" else - LDFLAGS="$LDFLAGS -R$LIBVAS_RPATH" + case "$host" in + *-*-hpux*) LDFLAGS="$LDFLAGS -Wl,+b,$LIBVAS_RPATH" + ;; + *) LDFLAGS="$LDFLAGS -Wl,-R$LIBVAS_RPATH" + ;; + esac fi fi @@ -2542,10 +2678,46 @@ if test -n "$blibpath"; then fi dnl -dnl Check for log file and timestamp locations +dnl Check for log file, timestamp and iolog locations dnl SUDO_LOGFILE SUDO_TIMEDIR +SUDO_IO_LOGDIR + +dnl +dnl If I/O logging is enabled, build sudoreplay and exec_pty get_pty.o iolog.o +dnl +if test "${with_iologdir-yes}" != "no"; then + # Require POSIX job control for I/O log support + AC_CHECK_FUNCS(tcsetpgrp, [ + SUDO_OBJS="${SUDO_OBJS} exec_pty.o get_pty.o iolog.o" + PROGS="$PROGS sudoreplay" + REPLAY="" + + AC_ARG_ENABLE(zlib, + [AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])], + [ case "$enable_zlib" in + yes) AC_DEFINE(HAVE_ZLIB_H) + ZLIB="-lz" + ;; + no) ;; + *) AC_DEFINE(HAVE_ZLIB_H) + CPPFLAGS="${CPPFLAGS} -I${enable_zlib}/include" + SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib]) + ZLIB="${ZLIB} -lz" + ;; + esac + ]) + if test X"$enable_zlib" = X""; then + AC_CHECK_LIB(z, gzdopen, [ + AC_CHECK_HEADERS(zlib.h, [ZLIB="-lz"]) + ]) + fi + ], [ + AC_MSG_WARN([Disabling I/O log support due to lack of tcsetpgrp function]) + with_iologdir=no + ]) +fi dnl dnl Use passwd (and secureware) auth modules? @@ -2599,23 +2771,39 @@ if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then fi fi if test X"$with_noexec" != X"no"; then - PROGS="${PROGS} sudo_noexec.la" + PROGS="${PROGS} libsudo_noexec.la" INSTALL_NOEXEC="install-noexec" eval noexec_file="$with_noexec" - AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so]) + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so]) fi if test X"$with_selinux" != X"no"; then eval sesh_file="$libexecdir/sesh" - AC_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh]) + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh]) fi exec_prefix="$oexec_prefix" fi +dnl +dnl Override default configure dirs for the Makefile +dnl +if test X"$prefix" = X"NONE"; then + test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man' +else + test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man' +fi +test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' +test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' +test "$libexecdir" = '${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec' +test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include' +test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share' +test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' +test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' + dnl dnl Substitute into the Makefile and man pages dnl -AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudo_usage.h]) +AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudoreplay.man sudo_usage.h sudoers]) AC_OUTPUT dnl @@ -2637,13 +2825,14 @@ AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "clas AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.]) AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.]) AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.]) +AH_TEMPLATE(ENV_DEBUG, [Define to 1 to enable environment function debugging.]) AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.]) AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".]) AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.]) AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.]) AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.]) AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.]) -AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM auditing.]) +AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM audit support.]) AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.]) AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.]) AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.]) @@ -2671,11 +2860,14 @@ AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_in AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.]) AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs . (OpenLDAP does not)]) AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.]) +AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.]) AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.]) AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.]) +AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.]) AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the header file.]) AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.]) AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.]) +AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.]) AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if has the sigaction_t typedef.]) AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.]) AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().]) @@ -2684,7 +2876,6 @@ AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member]) AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the header file and the `tcgetattr' function.]) AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h]) -AH_TEMPLATE(HAVE_TIMESPECSUB2, [Define to 1 if you have a timespecsub macro or function that takes two arguments (not three)]) AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.]) AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.]) AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements]) @@ -2692,8 +2883,10 @@ AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.]) AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.]) AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.]) AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.]) +AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support]) AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.]) AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.]) +AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.]) AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.]) AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.]) AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.]) @@ -2702,9 +2895,9 @@ AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is n AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.]) AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.]) AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.]) +AH_TEMPLATE(USE_ADMIN_FLAG, [Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo.]) AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.]) AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.]) -AH_TEMPLATE(USE_TTY_TICKETS, [Define to 1 if you want a different ticket file for each tty.]) AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.]) AH_TEMPLATE(sig_atomic_t, [Define to `int' if does not define.]) AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.]) @@ -2717,25 +2910,28 @@ AH_TOP([#ifndef _SUDO_CONFIG_H #define _SUDO_CONFIG_H]) AH_BOTTOM([/* - * Macros to pull sec and nsec parts of mtime from struct stat. - * We need to be able to convert between timeval and timespec - * so the last 3 digits of tv_nsec are not significant. + * Macros to convert ctime and mtime into timevals. */ +#define timespec2timeval(_ts, _tv) do { \ + (_tv)->tv_sec = (_ts)->tv_sec; \ + (_tv)->tv_usec = (_ts)->tv_nsec / 1000; \ +} while (0) + #ifdef HAVE_ST_MTIM # ifdef HAVE_ST__TIM -# define mtim_getsec(_x) ((_x).st_mtim.st__tim.tv_sec) -# define mtim_getnsec(_x) (((_x).st_mtim.st__tim.tv_nsec / 1000) * 1000) +# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim.st__tim, (_y)) +# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim.st__tim, (_y)) # else -# define mtim_getsec(_x) ((_x).st_mtim.tv_sec) -# define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000) +# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim, (_y)) +# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim, (_y)) # endif #else # ifdef HAVE_ST_MTIMESPEC -# define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec) -# define mtim_getnsec(_x) (((_x).st_mtimespec.tv_nsec / 1000) * 1000) +# define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctimespec, (_y)) +# define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtimespec, (_y)) # else -# define mtim_getsec(_x) ((_x).st_mtime) -# define mtim_getnsec(_x) (0) +# define ctim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_ctime; (_y)->tv_usec = 0; } while (0) +# define mtim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_mtime; (_y)->tv_usec = 0; } while (0) # endif /* HAVE_ST_MTIMESPEC */ #endif /* HAVE_ST_MTIM */