X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=configure.in;h=bca3bf4a7808cc47d6122eb20c59d4258e312a7a;hb=136984d9de9590f104988ad24fb5ec6618680f04;hp=aed2ff0bbdf1ce98031d95ce5940600b4cf8cde7;hpb=99808054395c87b548bdb6b7cb1879bc23c535ad;p=debian%2Fsudo diff --git a/configure.in b/configure.in index aed2ff0..bca3bf4 100644 --- a/configure.in +++ b/configure.in @@ -1,12 +1,12 @@ dnl dnl Process this file with GNU autoconf to produce a configure script. dnl -dnl Copyright (c) 1994-1996,1998-2010 Todd C. Miller +dnl Copyright (c) 1994-1996,1998-2011 Todd C. Miller dnl -AC_INIT([sudo], [1.7.4p5], [http://www.sudo.ws/bugs/], [sudo]) -AC_CONFIG_HEADER(config.h pathnames.h) +AC_INIT([sudo], [1.8.3p1], [http://www.sudo.ws/bugs/], [sudo]) +AC_CONFIG_HEADER([config.h pathnames.h]) dnl -dnl This won't work before AC_INIT +dnl Note: this must come after AC_INIT dnl AC_MSG_NOTICE([Configuring Sudo version $PACKAGE_VERSION]) dnl @@ -19,13 +19,17 @@ AC_SUBST([CFLAGS]) AC_SUBST([PROGS]) AC_SUBST([CPPFLAGS]) AC_SUBST([LDFLAGS]) +AC_SUBST([SUDOERS_LDFLAGS]) +AC_SUBST([LTLDFLAGS]) AC_SUBST([COMMON_OBJS]) -AC_SUBST([SUDO_LDFLAGS]) +AC_SUBST([SUDOERS_OBJS]) AC_SUBST([SUDO_OBJS]) AC_SUBST([LIBS]) AC_SUBST([SUDO_LIBS]) +AC_SUBST([SUDOERS_LIBS]) AC_SUBST([NET_LIBS]) AC_SUBST([AFS_LIBS]) +AC_SUBST([REPLAY_LIBS]) AC_SUBST([GETGROUPS_LIB]) AC_SUBST([OSDEFS]) AC_SUBST([AUTH_OBJS]) @@ -44,23 +48,33 @@ AC_SUBST([mansectform]) AC_SUBST([mansrcdir]) AC_SUBST([NOEXECFILE]) AC_SUBST([NOEXECDIR]) +AC_SUBST([PLUGINDIR]) +AC_SUBST([SOEXT]) AC_SUBST([noexec_file]) AC_SUBST([INSTALL_NOEXEC]) AC_SUBST([DONT_LEAK_PATH_INFO]) AC_SUBST([BSDAUTH_USAGE]) AC_SUBST([SELINUX_USAGE]) AC_SUBST([LDAP]) -AC_SUBST([REPLAY]) AC_SUBST([LOGINCAP_USAGE]) AC_SUBST([ZLIB]) +AC_SUBST([ZLIB_SRC]) +AC_SUBST([LIBTOOL_DEPS]) +AC_SUBST([ac_config_libobj_dir]) AC_SUBST([CONFIGURE_ARGS]) +AC_SUBST([LIBDL]) +AC_SUBST([LT_STATIC]) +AC_SUBST([LIBINTL]) +AC_SUBST([SUDO_NLS]) dnl dnl Variables that get substituted in docs (not overridden by environment) dnl +AC_SUBST([iolog_dir])dnl real initial value from SUDO_IO_LOGDIR AC_SUBST([timedir])dnl real initial value from SUDO_TIMEDIR AC_SUBST([timeout]) AC_SUBST([password_timeout]) AC_SUBST([sudo_umask]) +AC_SUBST([umask_override]) AC_SUBST([passprompt]) AC_SUBST([long_otp_prompt]) AC_SUBST([lecture]) @@ -78,6 +92,7 @@ AC_SUBST([badpass_message]) AC_SUBST([fqdn]) AC_SUBST([runas_default]) AC_SUBST([env_editor]) +AC_SUBST([env_reset]) AC_SUBST([passwd_tries]) AC_SUBST([tty_tickets]) AC_SUBST([insults]) @@ -92,10 +107,12 @@ AC_SUBST([editor]) # # Begin initial values for man page substitution # +iolog_dir=/var/log/sudo-io timedir=/var/adm/sudo timeout=5 password_timeout=5 sudo_umask=0022 +umask_override=off passprompt="Password:" long_otp_prompt=off lecture=once @@ -113,6 +130,7 @@ badpass_message="Sorry, try again." fqdn=off runas_default=root env_editor=off +env_reset=on editor=vi passwd_tries=3 tty_tickets=on @@ -134,7 +152,7 @@ dnl May be overridden by environment variables.. dnl INSTALL_NOEXEC= devdir='$(srcdir)' -PROGS="sudo visudo" +PROGS="sudo" : ${MANTYPE='man'} : ${mansrcdir='.'} : ${SUDOERS_MODE='0440'} @@ -142,16 +160,18 @@ PROGS="sudo visudo" : ${SUDOERS_GID='0'} DEV="#" LDAP="#" -REPLAY="#" BAMAN=0 LCMAN=0 SEMAN=0 +LIBINTL= ZLIB= +ZLIB_SRC= AUTH_OBJS= AUTH_REG= AUTH_EXCL= AUTH_EXCL_DEF= AUTH_DEF=passwd +SUDO_NLS=disabled dnl dnl Other vaiables @@ -161,9 +181,13 @@ shadow_defs= shadow_funcs= shadow_libs= shadow_libs_optional= - CONFIGURE_ARGS="$@" +dnl +dnl libc replacement functions live in compat +dnl +AC_CONFIG_LIBOBJ_DIR(compat) + dnl dnl Deprecated --with options (these all warn or generate an error) dnl @@ -189,7 +213,6 @@ dnl AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])], [case $with_devel in yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc]) - PROGS="${PROGS} testsudoers" OSDEFS="${OSDEFS} -DSUDO_DEVEL" DEV="" devdir=. @@ -198,17 +221,10 @@ AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])], *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel]) ;; esac]) -if test X"$with_devel" != X"yes"; then - ac_cv_prog_cc_g=no -fi AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])], [case $with_CC in - yes) AC_MSG_ERROR(["must give --with-CC an argument."]) - ;; - no) AC_MSG_ERROR(["illegal argument: --without-CC."]) - ;; - *) CC=$with_CC + *) AC_MSG_ERROR([the --with-CC option is no longer supported, please set the CC environment variable instead.]) ;; esac]) @@ -232,8 +248,8 @@ dnl AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit support])], [case $with_bsm_audit in yes) AC_DEFINE(HAVE_BSM_AUDIT) - SUDO_LIBS="${SUDO_LIBS} -lbsm" - SUDO_OBJS="${SUDO_OBJS} bsm_audit.o" + SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm" + SUDOERS_OBJS="${SUDOERS_OBJS} bsm_audit.lo" ;; no) ;; *) AC_MSG_ERROR(["--with-bsm-audit does not take an argument."]) @@ -245,11 +261,11 @@ dnl Handle Linux auditing support. dnl AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux-audit], [enable Linux audit support])], [case $with_linux_audit in - yes) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[int i = AUDIT_USER_CMD; (void)i;]])], [ + yes) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[int i = AUDIT_USER_CMD; (void)i;]])], [ AC_DEFINE(HAVE_LINUX_AUDIT) SUDO_LIBS="${SUDO_LIBS} -laudit" - SUDO_OBJS="${SUDO_OBJS} linux_audit.o" + SUDOERS_LIBS="${SUDO_LIBS} -laudit" + SUDOERS_OBJS="${SUDOERS_OBJS} linux_audit.lo" ], [ AC_MSG_ERROR([unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit]) ]) @@ -335,8 +351,7 @@ esac]) AC_ARG_WITH(skey, [AS_HELP_STRING([--with-skey[=DIR]], [enable S/Key support ])], [case $with_skey in - no) with_skey="" - ;; + no) ;; *) AC_DEFINE(HAVE_SKEY) AC_MSG_CHECKING(whether to try S/Key authentication) AC_MSG_RESULT(yes) @@ -346,8 +361,7 @@ esac]) AC_ARG_WITH(opie, [AS_HELP_STRING([--with-opie[=DIR]], [enable OPIE support ])], [case $with_opie in - no) with_opie="" - ;; + no) ;; *) AC_DEFINE(HAVE_OPIE) AC_MSG_CHECKING(whether to try NRL OPIE authentication) AC_MSG_RESULT(yes) @@ -370,7 +384,7 @@ esac]) AC_ARG_WITH(SecurID, [AS_HELP_STRING([--with-SecurID[[=DIR]]], [enable SecurID support])], [case $with_SecurID in - no) with_SecurID="";; + no) ;; *) AC_DEFINE(HAVE_SECURID) AC_MSG_CHECKING(whether to use SecurID for authentication) AC_MSG_RESULT(yes) @@ -380,7 +394,7 @@ esac]) AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]]], [enable FWTK AuthSRV support])], [case $with_fwtk in - no) with_fwtk="";; + no) ;; *) AC_DEFINE(HAVE_FWTK) AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication) AC_MSG_RESULT(yes) @@ -390,7 +404,7 @@ esac]) AC_ARG_WITH(kerb4, [AS_HELP_STRING([--with-kerb4[[=DIR]]], [enable Kerberos IV support])], [case $with_kerb4 in - no) with_kerb4="";; + no) ;; *) AC_MSG_CHECKING(whether to try kerberos IV authentication) AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG kerb4" @@ -399,7 +413,7 @@ esac]) AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])], [case $with_kerb5 in - no) with_kerb5="";; + no) ;; *) AC_MSG_CHECKING(whether to try Kerberos V authentication) AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG kerb5" @@ -719,8 +733,9 @@ esac]) AC_ARG_WITH(iologdir, [AS_HELP_STRING([--with-iologdir=DIR], [directory to store sudo I/O log files in])], [case $with_iologdir in - yes) ;; - no) ;; + yes) ;; + no) AC_MSG_ERROR(["--without-iologdir not supported."]) + ;; esac]) AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail]) @@ -784,13 +799,24 @@ AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo *) AC_MSG_ERROR(["you must enter a numeric mask."]) ;; esac]) -AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.]) +AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the sudo-run prog should use.]) if test "$sudo_umask" = "0777"; then AC_MSG_RESULT(user) else AC_MSG_RESULT($sudo_umask) fi +AC_ARG_WITH(umask-override, [AS_HELP_STRING([--with-umask-override], [Use the umask specified in sudoers even if it is less restrictive than the user's.])], +[case $with_umask_override in + yes) AC_DEFINE(UMASK_OVERRIDE) + umask_override=on + ;; + no) umask_override=off + ;; + *) AC_MSG_ERROR(["--with-umask-override does not take an argument."]) + ;; +esac]) + AC_MSG_CHECKING(for default user to run commands as) AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])], [case $with_runas_default in @@ -1071,32 +1097,12 @@ AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pat ;; esac], AC_MSG_RESULT(no)) -dnl -dnl If enabled, set LIBVAS_SO, LIBVAS_RPATH and USING_NONUNIX_GROUPS -dnl -AC_ARG_WITH(libvas, [AS_HELP_STRING([--with-libvas=NAME], [Name of the libvas shared library (default=libvas.so)])], -[case $with_libvas in - yes) with_libvas=libvas.so - ;; - no) ;; - *) AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_libvas"], [The name of libvas.so]) +AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir], [set directory to load plugins from])], +[case $with_plugindir in + no) AC_MSG_ERROR(["illegal argument: --without-plugindir."]) ;; -esac -if test X"$with_libvas" != X"no"; then - AC_DEFINE_UNQUOTED([LIBVAS_SO], ["$with_libvas"], [The name of libvas.so]) - AC_DEFINE(USING_NONUNIX_GROUPS) - COMMON_OBJS="$COMMON_OBJS vasgroups.o" - AC_ARG_WITH([libvas-rpath], - [AS_HELP_STRING([--with-libvas-rpath=PATH], - [Path to look for libvas in [default=/opt/quest/lib]])], - [LIBVAS_RPATH=$withval], - [LIBVAS_RPATH=/opt/quest/lib]) - dnl - dnl Some platforms require libdl for dlopen() - dnl - AC_CHECK_LIB([dl], [main]) -fi -]) + *) ;; +esac], [with_plugindir="$libexecdir"]) dnl dnl Options for --enable @@ -1256,19 +1262,51 @@ AC_ARG_ENABLE(env_debug, esac ], AC_MSG_RESULT(no)) +AC_ARG_ENABLE(zlib, +[AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])], +[], [enable_zlib=yes]) + +AC_MSG_CHECKING(whether to enable environment resetting by default) +AC_ARG_ENABLE(env_reset, +[AS_HELP_STRING([--enable-env-reset], [Whether to enable environment resetting by default.])], +[ case "$enableval" in + yes) env_reset=on + ;; + no) env_reset=off + ;; + *) env_reset=on + AC_MSG_WARN([Ignoring unknown argument to --enable-env-reset: $enableval]) + ;; + esac +]) +if test "$env_reset" = "on"; then + AC_MSG_RESULT(yes) + AC_DEFINE(ENV_RESET, TRUE) +else + AC_MSG_RESULT(no) + AC_DEFINE(ENV_RESET, FALSE) +fi + AC_ARG_ENABLE(warnings, [AS_HELP_STRING([--enable-warnings], [Whether to enable compiler warnings])], [ case "$enableval" in - yes) if test X"$with_devel" != X"yes" -a -n "$GCC"; then - CFLAGS="${CFLAGS} -Wall" - fi - ;; + yes) ;; no) ;; *) AC_MSG_WARN([Ignoring unknown argument to --enable-warnings: $enableval]) ;; esac ]) +AC_ARG_ENABLE(werror, +[AS_HELP_STRING([--enable-werror], [Whether to enable the -Werror compiler option])], +[ case "$enableval" in + yes) ;; + no) ;; + *) AC_MSG_WARN([Ignoring unknown argument to --enable-werror: $enableval]) + ;; + esac +]) + AC_ARG_ENABLE(admin-flag, [AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])], [ case "$enableval" in @@ -1280,6 +1318,10 @@ AC_ARG_ENABLE(admin-flag, esac ]) +AC_ARG_ENABLE(nls, +[AS_HELP_STRING([--disable-nls], [Disable natural language support using gettext])], +[], [enable_nls=yes]) + AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])], [case $with_selinux in yes) SELINUX_USAGE="[[-r role]] [[-t type]] " @@ -1310,6 +1352,22 @@ AC_SEARCH_LIBS([strerror], [cposix]) AC_PROG_CPP AC_CHECK_TOOL(AR, ar, false) AC_CHECK_TOOL(RANLIB, ranlib, :) +if test X"$AR" = X"false"; then + AC_MSG_ERROR([the "ar" utility is required to build sudo]) +fi + +if test "x$ac_cv_prog_cc_c89" = "xno"; then + AC_MSG_ERROR([Sudo version $PACKAGE_VERSION requires an ANSI C compiler to build.]) +fi + +dnl +dnl If the user specified --disable-static, override them or we'll +dnl be unable to build the executables in the sudoers plugin dir. +dnl +if test "$enable_static" = "no"; then + AC_MSG_WARN([Ignoring --disable-static, sudo does not install static libs]) + enable_static=yes +fi dnl dnl Libtool setup, we require libtool 2.2.6b or higher @@ -1317,15 +1375,24 @@ dnl AC_CANONICAL_HOST AC_CONFIG_MACRO_DIR([m4]) LT_PREREQ([2.2.6b]) -LT_INIT +LT_INIT([dlopen]) dnl dnl Defer with_noexec until after libtool magic runs dnl if test "$enable_shared" = "no"; then with_noexec=no + enable_dlopen=no + lt_cv_dlopen=none + lt_cv_dlopen_libs= else eval _shrext="$shrext_cmds" + # Darwin uses .dylib for libraries but .so for modules + if test X"$_shrext" = X".dylib"; then + SOEXT=".so" + else + SOEXT="$_shrext" + fi fi AC_MSG_CHECKING(path to sudo_noexec.so) AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])], @@ -1339,20 +1406,36 @@ AC_MSG_RESULT($with_noexec) NOEXECFILE="sudo_noexec$_shrext" NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`" -dnl -dnl It is now safe to modify CFLAGS and CPPFLAGS -dnl -if test X"$with_devel" = X"yes" -a -n "$GCC"; then - CFLAGS="${CFLAGS} -Wall" -fi - dnl dnl Find programs we use dnl AC_CHECK_PROG(UNAMEPROG, [uname], [uname]) AC_CHECK_PROG(TRPROG, [tr], [tr]) AC_CHECK_PROGS(NROFFPROG, [nroff mandoc]) -if test -z "$NROFFPROG"; then +if test -n "$NROFFPROG"; then + AC_CACHE_CHECK([whether $NROFFPROG supports the -c option], + [sudo_cv_var_nroff_opt_c], + [if $NROFFPROG -c /dev/null 2>&1; then + sudo_cv_var_nroff_opt_c=yes + else + sudo_cv_var_nroff_opt_c=no + fi] + ) + if test "$sudo_cv_var_nroff_opt_c" = "yes"; then + NROFFPROG="$NROFFPROG -c" + fi + AC_CACHE_CHECK([whether $NROFFPROG supports the -Tascii option], + [sudo_cv_var_nroff_opt_Tascii], + [if $NROFFPROG -Tascii /dev/null 2>&1; then + sudo_cv_var_nroff_opt_Tascii=yes + else + sudo_cv_var_nroff_opt_Tascii=no + fi] + if test "$sudo_cv_var_nroff_opt_Tascii" = "yes"; then + NROFFPROG="$NROFFPROG -Tascii" + fi + ) +else MANTYPE="cat" mansrcdir='$(srcdir)' fi @@ -1410,11 +1493,12 @@ case "$host" in : ${mansectform='4'} : ${with_rpath='yes'} test -z "$with_pam" && AUTH_EXCL_DEF="PAM" + AC_CHECK_FUNCS(priv_set) ;; *-*-aix*) # To get all prototypes (so we pass -Wall) OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT" - SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp" + SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp" if test X"$with_blibpath" != X"no"; then AC_MSG_CHECKING([if linker accepts -Wl,-blibpath]) O_LDFLAGS="$LDFLAGS" @@ -1432,9 +1516,15 @@ case "$host" in fi LDFLAGS="$O_LDFLAGS" - # Use authenticate(3) as the default authentication method - if test X"$with_aixauth" = X""; then - AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"]) + # On AIX 6 and higher default to PAM, else default to LAM + if test $OSMAJOR -ge 6; then + if test X"$with_pam" = X""; then + AUTH_EXCL_DEF="PAM" + fi + else + if test X"$with_aixauth" = X""; then + AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"]) + fi fi # AIX analog of nsswitch.conf, enabled by default @@ -1449,9 +1539,17 @@ case "$host" in with_netsvc="/etc/netsvc.conf" fi + # For implementing getgrouplist() + AC_CHECK_FUNCS(getgrset) + + # LDR_PRELOAD is only supported in AIX 5.3 and later + if test $OSMAJOR -lt 5; then + with_noexec=no + fi + # AIX-specific functions AC_CHECK_FUNCS(getuserattr setauthdb) - COMMON_OBJS="$COMMON_OBJS aix.o" + COMMON_OBJS="$COMMON_OBJS aix.lo" ;; *-*-hiuxmpp*) : ${mansectsu='1m'} @@ -1465,18 +1563,32 @@ case "$host" in : ${mansectsu='1m'} : ${mansectform='4'} + # The HP bundled compiler cannot generate shared libs if test -z "$GCC"; then - # HP-UX bundled compiler can't generate shared objects - if -z "$pic_flag"; then - with_noexec=no + AC_CACHE_CHECK([for HP bundled C compiler], + [sudo_cv_var_hpccbundled], + [if $CC -V 2>&1 | grep '^(Bundled)' >/dev/null 2>&1; then + sudo_cv_var_hpccbundled=yes + else + sudo_cv_var_hpccbundled=no + fi] + ) + if test "$sudo_cv_var_hpccbundled" = "yes"; then + AC_MSG_ERROR([The HP bundled C compiler is unable to build Sudo, you must use gcc or the HP ANSI C compiler instead.]) fi + fi - # Use the +DAportable flag on hppa if it is supported - case "$host_cpu" in - hppa*) + # Build PA-RISC1.1 objects for better portability + case "$host_cpu" in + hppa[[2-9]]*) _CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS +DAportable" - AC_CACHE_CHECK([whether $CC understands +DAportable], + if test -n "$GCC"; then + portable_flag="-march=1.1" + else + portable_flag="+DAportable" + fi + CFLAGS="$CFLAGS $portable_flag" + AC_CACHE_CHECK([whether $CC understands $portable_flag], [sudo_cv_var_daportable], [AC_LINK_IFELSE( [AC_LANG_PROGRAM([[]], [[]])], @@ -1489,19 +1601,11 @@ case "$host" in CFLAGS="$_CFLAGS" fi ;; - esac - fi + esac case "$host" in - *-*-hpux[1-8].*) + *-*-hpux[[1-8]].*) AC_DEFINE(BROKEN_SYSLOG) - - # Not sure if setuid binaries are safe in < 9.x - if test -n "$GCC"; then - SUDO_LDFLAGS="${SUDO_LDFLAGS} -static" - else - SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive" - fi ;; *-*-hpux9.*) AC_DEFINE(BROKEN_SYSLOG) @@ -1511,7 +1615,7 @@ case "$host" in # DCE support (requires ANSI C compiler) if test "$with_DCE" = "yes"; then # order of libs in 9.X is important. -lc_r must be last - SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r" + SUDOERS_LIBS="${SUDOERS_LIBS} -ldce -lM -lc_r" LIBS="${LIBS} -ldce -lM -lc_r" CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant" fi @@ -1519,6 +1623,8 @@ case "$host" in *-*-hpux10.*) shadow_funcs="getprpwnam iscomsec" shadow_libs="-lsec" + # HP-UX 10.20 libc has an incompatible getline + ac_cv_func_getline="no" ;; *) shadow_funcs="getspnam iscomsec" @@ -1529,7 +1635,7 @@ case "$host" in ;; *-dec-osf*) # ignore envariables wrt dynamic lib path - SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement" + SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-no_library_replacement" : ${CHECKSIA='true'} AC_MSG_CHECKING(whether to disable sia support on Digital UNIX) @@ -1634,8 +1740,7 @@ case "$host" in *-*-isc*) OSDEFS="${OSDEFS} -D_ISC" LIB_CRYPT=1 - SUDO_LIBS="${SUDO_LIBS} -lcrypt" - LIBS="${LIBS} -lcrypt" + SUDOERS_LIBS="${SUDOERS_LIBS} -lcrypt" shadow_funcs="getspnam" shadow_libs="-lsec" @@ -1663,30 +1768,20 @@ case "$host" in : ${with_rpath='yes'} ;; *-ncr-sysv4*|*-ncr-sysvr4*) - AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes]) + AC_CHECK_LIB(c89, strcasecmp, [LIBS="${LIBS} -lc89"]) : ${mansectsu='1m'} : ${mansectform='4'} : ${with_rpath='yes'} ;; *-ccur-sysv4*|*-ccur-sysvr4*) LIBS="${LIBS} -lgen" - SUDO_LIBS="${SUDO_LIBS} -lgen" : ${mansectsu='1m'} : ${mansectform='4'} : ${with_rpath='yes'} ;; *-*-bsdi*) SKIP_SETREUID=yes - # Use shlicc for BSD/OS [23].x unless asked to do otherwise - if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then - case "$OSMAJOR" in - 2|3) AC_MSG_NOTICE([using shlicc as CC]) - ac_cv_prog_CC=shlicc - CC="$ac_cv_prog_CC" - ;; - esac - fi - # Check for newer BSD auth API (just check for >= 3.0?) + # Check for newer BSD auth API if test -z "$with_bsdauth"; then AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"]) fi @@ -1699,8 +1794,9 @@ case "$host" in SKIP_SETREUID=yes ;; esac - if test "$with_skey" = "yes"; then - SUDO_LIBS="${SUDO_LIBS} -lmd" + OSDEFS="${OSDEFS} -D_BSD_SOURCE" + if test "${with_skey-'no'}" = "yes"; then + SUDOERS_LIBS="${SUDOERS_LIBS} -lmd" fi CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" @@ -1708,25 +1804,22 @@ case "$host" in ;; *-*-*openbsd*) # OpenBSD has a real setreuid(2) starting with 3.3 but - # we will use setreuid(2) instead. + # we will use setresuid(2) instead. SKIP_SETREUID=yes + OSDEFS="${OSDEFS} -D_BSD_SOURCE" CHECKSHADOW="false" # OpenBSD >= 3.0 supports BSD auth if test -z "$with_bsdauth"; then - case "$OSREV" in - [0-2].*) - ;; - *) + if test "$OSMAJOR" -ge 3; then AUTH_EXCL_DEF="BSD_AUTH" - ;; - esac + fi fi : ${with_logincap='maybe'} ;; *-*-*netbsd*) # NetBSD has a real setreuid(2) starting with 1.3.2 case "$OSREV" in - 0.9*|1.[012]*|1.3|1.3.1) + 0.9*|1.[[012]]*|1.3|1.3.1) SKIP_SETREUID=yes ;; esac @@ -1735,8 +1828,9 @@ case "$host" in : ${with_logincap='maybe'} ;; *-*-dragonfly*) - if test "$with_skey" = "yes"; then - SUDO_LIBS="${SUDO_LIBS} -lmd" + OSDEFS="${OSDEFS} -D_BSD_SOURCE" + if test "${with_skey-'no'}" = "yes"; then + SUDOERS_LIBS="${SUDOERS_LIBS} -lmd" fi CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" @@ -1826,6 +1920,23 @@ dnl AC_PROG_GCC_TRADITIONAL AC_C_CONST AC_C_VOLATILE +if test X"$with_gnu_ld" != "yes" -a -n "$GCC"; then + _CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -static-libgcc" + AC_CACHE_CHECK([whether $CC understands -static-libgcc], + [sudo_cv_var_gcc_static_libgcc], + [AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[]], [[]])], + [sudo_cv_var_gcc_static_libgcc=yes], + [sudo_cv_var_gcc_static_libgcc=no] + ) + ] + ) + CFLAGS="$_CFLAGS" + if test "$sudo_cv_var_gcc_static_libgcc" = "yes"; then + LTLDFLAGS="$LTLDFLAGS -Wc,-static-libgcc" + fi +fi dnl dnl Program checks dnl @@ -1836,9 +1947,7 @@ SUDO_PROG_BSHELL if test -z "$with_sendmail"; then SUDO_PROG_SENDMAIL fi -if test -z "$with_editor"; then - SUDO_PROG_VI -fi +SUDO_PROG_VI dnl dnl Check for authpriv support in syslog dnl @@ -1854,25 +1963,50 @@ dnl AC_HEADER_STDC AC_HEADER_DIRENT AC_HEADER_TIME -AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h) +AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h utmpx.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h) +dnl +dnl Check for large file support. HP-UX 11.23 has a broken sys/type.h +dnl when large files support is enabled so work around it. +dnl +AC_SYS_LARGEFILE +case "$host" in + *-*-hpux11.*) + AC_CACHE_CHECK([whether sys/types.h needs _XOPEN_SOURCE_EXTENDED], [sudo_cv_xopen_source_extended], + [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT + #include ], [])], [sudo_cv_xopen_source_extended=no], [ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#define _XOPEN_SOURCE_EXTENDED + AC_INCLUDES_DEFAULT + #include ], [])], [sudo_cv_xopen_source_extended=yes], + [sudo_cv_xopen_source_extended=error]) + ])]) + if test "$sudo_cv_xopen_source_extended" = "yes"; then + OSDEFS="${OSDEFS} -D_XOPEN_SOURCE_EXTENDED" + SUDO_DEFINE(_XOPEN_SOURCE_EXTENDED) + fi + ;; +esac AC_SYS_POSIX_TERMIOS -if test "$ac_cv_sys_posix_termios" = "yes"; then - AC_DEFINE(HAVE_TERMIOS_H) -else - AC_CHECK_HEADERS(termio.h) +if test "$ac_cv_sys_posix_termios" != "yes"; then + AC_MSG_ERROR([Must have POSIX termios to build sudo]) fi SUDO_MAILDIR if test ${with_logincap-'no'} != "no"; then AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class|-]] '; LCMAN=1 case "$OS" in - freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" - ;; + freebsd|netbsd) + SUDO_LIBS="${SUDO_LIBS} -lutil" + SUDOERS_LIBS="${SUDOERS_LIBS} -lutil" + ;; esac ]) fi if test ${with_project-'no'} != "no"; then - AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H) - [SUDO_LIBS="${SUDO_LIBS} -lproject"], -) + AC_CHECK_HEADER(project.h, [ + AC_CHECK_LIB(project, setproject, [ + AC_DEFINE(HAVE_PROJECT_H) + SUDO_LIBS="${SUDO_LIBS} -lproject" + ]) + ], []) fi dnl dnl typedef checks @@ -1900,35 +2034,74 @@ SUDO_TYPE_INO_T SUDO_UID_T_LEN SUDO_SOCK_SA_LEN dnl -dnl only set RETSIGTYPE if it is not set already +dnl Check for utmp/utmpx struct members. +dnl We need to include OSDEFS for glibc which only has __e_termination +dnl visible when _GNU_SOURCE is *not* defined. dnl -case "$DEFS" in - *"RETSIGTYPE"*) ;; - *) AC_TYPE_SIGNAL;; -esac +_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS $OSDEFS" +if test $ac_cv_header_utmpx_h = "yes"; then + AC_CHECK_MEMBERS([struct utmpx.ut_id, struct utmpx.ut_pid, struct utmpx.ut_tv, struct utmpx.ut_type], [], [], [ + #include + #include + ]) + dnl + dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination + dnl + AC_CHECK_MEMBERS([struct utmpx.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [ + AC_CHECK_MEMBERS([struct utmpx.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [], [ + #include + #include + ]) + ], [ + #include + #include + ]) +else + AC_CHECK_MEMBERS([struct utmp.ut_id, struct utmp.ut_pid, struct utmp.ut_tv, struct utmp.ut_type, struct utmp.ut_user], [], [], [ + #include + #include + ]) + dnl + dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination + dnl + AC_CHECK_MEMBERS([struct utmp.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [ + AC_CHECK_MEMBERS([struct utmp.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [], [ + #include + #include + ]) + ], [ + #include + #include + ]) +fi +CFLAGS="$_CFLAGS" + dnl dnl Function checks dnl AC_FUNC_GETGROUPS -AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \ - strftime setrlimit initgroups getgroups fstat gettimeofday \ - regcomp setlocale getaddrinfo setenv vhangup \ - mbr_check_membership setrlimit64) +AC_CHECK_FUNCS(strrchr sysconf tzset strftime \ + regcomp setlocale nl_langinfo getaddrinfo mbr_check_membership \ + setrlimit64 sysctl) +AC_REPLACE_FUNCS(getgrouplist) AC_CHECK_FUNCS(getline, [], [ AC_LIBOBJ(getline) AC_CHECK_FUNCS(fgetln) ]) -AC_CHECK_FUNCS(setsid, [], [ - AC_LIBOBJ(setsid) - AC_FUNC_SETPGRP -]) - -AC_CHECK_FUNCS(sysctl getutid getutxid, [break]) +utmp_style=LEGACY +AC_CHECK_FUNCS(getutxid getutid, [utmp_style=POSIX; break]) +if test "$utmp_style" = "LEGACY"; then + AC_CHECK_FUNCS(getttyent ttyslot, [break]) +fi -AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(util.h pty.h, [break])], [ +AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(libutil.h util.h pty.h, [break])], [ AC_CHECK_LIB(util, openpty, [ - AC_CHECK_HEADERS(util.h pty.h, [break]) - SUDO_LIBS="${SUDO_LIBS} -lutil" + AC_CHECK_HEADERS(libutil.h util.h pty.h, [break]) + case "$SUDO_LIBS" in + *-lutil*) ;; + *) SUDO_LIBS="${SUDO_LIBS} -lutil";; + esac AC_DEFINE(HAVE_OPENPTY) ], [ AC_CHECK_FUNCS(_getpty, [], [ @@ -1940,10 +2113,12 @@ AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(util.h pty.h, [break])], [ ]) ]) ]) -AC_CHECK_FUNCS(unsetenv, SUDO_FUNC_UNSETENV_VOID) -SUDO_FUNC_PUTENV_CONST +AC_CHECK_FUNCS(unsetenv, [SUDO_FUNC_UNSETENV_VOID], [AC_LIBOBJ(unsetenv)]) if test -z "$SKIP_SETRESUID"; then - AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes]) + AC_CHECK_FUNCS(setresuid, [ + SKIP_SETREUID=yes + AC_CHECK_FUNCS(getresuid) + ]) fi if test -z "$SKIP_SETREUID"; then AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes]) @@ -1962,24 +2137,24 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[int i = GLOB_BRACE | AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob) AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)]) AC_CHECK_FUNCS(lockf flock, [break]) -AC_CHECK_FUNCS(waitpid wait3, [break]) AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]]) AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)]) AC_CHECK_FUNCS(killpg, [], [AC_LIBOBJ(killpg)]) SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)]) SUDO_FUNC_ISBLANK -AC_REPLACE_FUNCS(memrchr strerror strcasecmp sigaction strlcpy strlcat) +AC_REPLACE_FUNCS(memrchr strlcpy strlcat setenv) AC_CHECK_FUNCS(nanosleep, [], [ # On Solaris, nanosleep is in librt - AC_CHECK_LIB(rt, nanosleep, [LIBS="${LIBS} -lrt"], [AC_LIBOBJ(nanosleep)]) + AC_CHECK_LIB(rt, nanosleep, [REPLAY_LIBS="${REPLAY_LIBS} -lrt"], [AC_LIBOBJ(nanosleep)]) ]) AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom) AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [], [ #include #include ]) ]) -AC_CHECK_FUNCS(mkstemps, [], [SUDO_OBJS="${SUDO_OBJS} mkstemps.o" +AC_CHECK_FUNCS(mkstemps mkdtemp, [], [ AC_CHECK_FUNCS(random lrand48, [break]) + AC_LIBOBJ(mktemp) ]) AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1]) if test X"$ac_cv_type_struct_timespec" != X"no"; then @@ -2032,6 +2207,101 @@ AC_CHECK_FUNCS(getprogname, , [ AC_MSG_RESULT($sudo_cv___progname) ]) +# gettext() and friends may be located in libc (Linux and Solaris) +# or in libintl. However, it is possible to have libintl installed +# even when gettext() is present in libc. In the case of GNU libintl, +# gettext() will be defined to gettext_libintl in libintl.h. +# Since gcc prefers /usr/local/include to /usr/include, we need to +# make sure we use the gettext() that matches the include file. +if test "$enable_nls" != "no"; then + if test "$enable_nls" != "yes"; then + CPPFLAGS="${CPPFLAGS} -I${enable_nls}/include" + SUDO_APPEND_LIBPATH(LDFLAGS, [$enable_nls/lib]) + fi + OLIBS="$LIBS" + for l in "libc" "-lintl" "-lintl -liconv"; do + if test "$l" = "libc"; then + # If user specified a dir for libintl ignore libc + if test "$enable_nls" != "yes"; then + continue + fi + gettext_name=sudo_cv_gettext + AC_MSG_CHECKING([for gettext]) + else + LIBS="$OLIBS $l" + gettext_name=sudo_cv_gettext"`echo $l|sed -e 's/ //g' -e 's/-/_/g'`" + AC_MSG_CHECKING([for gettext in $l]) + fi + AC_CACHE_VAL($gettext_name, [ + AC_LINK_IFELSE( + [ + AC_LANG_PROGRAM([[#include ]], [(void)gettext((char *)0);]) + ], [eval $gettext_name=yes], [eval $gettext_name=no] + ) + ]) + eval gettext_result="\$$gettext_name" + AC_MSG_RESULT($gettext_result) + test "$gettext_result" = "yes" && break + done + LIBS="$OLIBS" + + if test "$sudo_cv_gettext" = "yes"; then + AC_DEFINE(HAVE_LIBINTL_H) + SUDO_NLS=enabled + elif test "$sudo_cv_gettext_lintl" = "yes"; then + AC_DEFINE(HAVE_LIBINTL_H) + SUDO_NLS=enabled + LIBINTL="-lintl" + elif test "$sudo_cv_gettext_lintl_liconv" = "yes"; then + AC_DEFINE(HAVE_LIBINTL_H) + SUDO_NLS=enabled + LIBINTL="-lintl -liconv" + fi +fi + +dnl +dnl Deferred zlib option processing. +dnl By default we use the system zlib if it is present. +dnl +case "$enable_zlib" in + yes) + AC_CHECK_LIB(z, gzdopen, [ + AC_CHECK_HEADERS(zlib.h, [ZLIB="-lz"], [enable_zlib=builtin]) + ]) + ;; + no) + ;; + system) + AC_DEFINE(HAVE_ZLIB_H) + ZLIB="-lz" + ;; + builtin) + # handled below + ;; + *) + AC_DEFINE(HAVE_ZLIB_H) + CPPFLAGS="${CPPFLAGS} -I${enable_zlib}/include" + SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib]) + ZLIB="${ZLIB} -lz" + ;; +esac +if test X"$enable_zlib" = X"builtin"; then + AC_DEFINE(HAVE_ZLIB_H) + CPPFLAGS="${CPPFLAGS}"' -I$(top_srcdir)/zlib' + ZLIB="${ZLIB}"' $(top_builddir)/zlib/libz.la' + ZLIB_SRC=zlib + AC_CONFIG_HEADER([zlib/zconf.h]) + AC_CONFIG_FILES([zlib/Makefile]) +fi + +dnl +dnl Check for errno declaration in errno.h +dnl +AC_CHECK_DECLS([errno], [], [], [ +AC_INCLUDES_DEFAULT +#include +]) + dnl dnl Check for strsignal() or sys_siglist dnl @@ -2086,16 +2356,8 @@ dnl PAM support. Systems that use PAM by default set with_pam=default dnl and we do the actual tests here. dnl if test ${with_pam-"no"} != "no"; then - dnl - dnl Some platforms need libdl for dlopen - dnl - case "$LIBS" in - *-ldl*) SUDO_LIBS="${SUDO_LIBS} -lpam" - ;; - *) AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"]) - ac_cv_lib_dl=ac_cv_lib_dl_main - ;; - esac + # We already link with -ldl (see LIBDL below) so no need for that here. + SUDOERS_LIBS="${SUDOERS_LIBS} -lpam" dnl dnl Some PAM implementations (MacOS X for example) put the PAM headers @@ -2104,7 +2366,7 @@ if test ${with_pam-"no"} != "no"; then AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break]) if test "$with_pam" = "yes"; then AC_DEFINE(HAVE_PAM) - AUTH_OBJS="$AUTH_OBJS pam.o"; + AUTH_OBJS="$AUTH_OBJS pam.lo"; AUTH_EXCL=PAM AC_ARG_WITH(pam-login, [AS_HELP_STRING([--with-pam-login], [enable specific PAM session for sudo -i])], @@ -2125,25 +2387,12 @@ if test ${with_pam-"no"} != "no"; then yes) AC_MSG_RESULT(yes) ;; no) AC_MSG_RESULT(no) - AC_DEFINE([NO_PAM_SESSION], [], [PAM session support disabled]) + AC_DEFINE(NO_PAM_SESSION) ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval]) ;; esac], AC_MSG_RESULT(yes)) - - case $host in - *-*-linux*|*-*-solaris*) - # dgettext() may be defined to dgettext_libintl in the - # header file, so first check that it links w/ additional - # libs, then try with -lintl - AC_LINK_IFELSE([AC_LANG_PROGRAM( - [[#include ]], [(void)dgettext((char *)0, (char *)0);])], - [AC_DEFINE(HAVE_DGETTEXT)], - [AC_CHECK_LIB(intl, dgettext, [LIBS="${LIBS} -lintl"] - [AC_DEFINE(HAVE_DGETTEXT)])]) - ;; - esac fi fi @@ -2155,8 +2404,8 @@ if test ${with_aixauth-'no'} != "no"; then if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then AC_MSG_NOTICE([using AIX general authentication]) AC_DEFINE(HAVE_AIXAUTH) - AUTH_OBJS="$AUTH_OBJS aix_auth.o"; - SUDO_LIBS="${SUDO_LIBS} -ls" + AUTH_OBJS="$AUTH_OBJS aix_auth.lo"; + SUDOERS_LIBS="${SUDOERS_LIBS} -ls" AUTH_EXCL=AIX_AUTH fi fi @@ -2167,7 +2416,7 @@ dnl If set to "maybe" only enable if no other exclusive method in use. dnl if test ${with_bsdauth-'no'} != "no"; then AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H) - [AUTH_OBJS="$AUTH_OBJS bsdauth.o"] + [AUTH_OBJS="$AUTH_OBJS bsdauth.lo"] [BSDAUTH_USAGE='[[-a auth_type]] '] [AUTH_EXCL=BSD_AUTH; BAMAN=1], [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])]) @@ -2180,7 +2429,7 @@ if test ${CHECKSIA-'false'} = "true"; then AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false]) if test "$found" = "true"; then AUTH_EXCL=SIA - AUTH_OBJS="$AUTH_OBJS sia.o" + AUTH_OBJS="$AUTH_OBJS sia.lo" fi fi @@ -2189,12 +2438,12 @@ dnl extra FWTK libs + includes dnl if test ${with_fwtk-'no'} != "no"; then if test "$with_fwtk" != "yes"; then - SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}]) + SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_fwtk}]) CPPFLAGS="${CPPFLAGS} -I${with_fwtk}" with_fwtk=yes fi - SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall" - AUTH_OBJS="$AUTH_OBJS fwtk.o" + SUDOERS_LIBS="${SUDOERS_LIBS} -lauth -lfwall" + AUTH_OBJS="$AUTH_OBJS fwtk.lo" fi dnl @@ -2216,14 +2465,14 @@ if test ${with_SecurID-'no'} != "no"; then # AC_CHECK_LIB(aceclnt, SD_Init, [ - AUTH_OBJS="$AUTH_OBJS securid5.o"; - SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread" + AUTH_OBJS="$AUTH_OBJS securid5.lo"; + SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread" ] [ - SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}]) + SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_SecurID}]) ], [ - AUTH_OBJS="$AUTH_OBJS securid.o"; - SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a" + AUTH_OBJS="$AUTH_OBJS securid.lo"; + SUDOERS_LIBS="${SUDOERS_LIBS} ${with_SecurID}/sdiclient.a" ], [ -lpthread @@ -2263,12 +2512,12 @@ if test ${with_kerb4-'no'} != "no"; then O_CPPFLAGS="$CPPFLAGS" for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" - AC_PREPROC_IFELSE([#include ], [found=yes; break]) + AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found=yes; break]) done test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS" else SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib]) - SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib]) + SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb4}/lib]) CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include" AC_CHECK_HEADER([krb.h], [found=yes], [found=no]) fi @@ -2300,12 +2549,12 @@ if test ${with_kerb4-'no'} != "no"; then AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [ AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"], [K4LIBS="-lkrb $K4LIBS"] - [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])] + [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDOERS_LDFLAGS and possibly add Kerberos libs to SUDOERS_LIBS])] , [$K4LIBS]) ], [$K4LIBS]) LDFLAGS="$O_LDFLAGS" - SUDO_LIBS="${SUDO_LIBS} $K4LIBS" - AUTH_OBJS="$AUTH_OBJS kerb4.o" + SUDOERS_LIBS="${SUDOERS_LIBS} $K4LIBS" + AUTH_OBJS="$AUTH_OBJS kerb4.lo" fi dnl @@ -2316,9 +2565,9 @@ if test ${with_kerb5-'no'} != "no"; then AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "") if test -n "$KRB5CONFIG"; then AC_DEFINE(HAVE_KERB5) - AUTH_OBJS="$AUTH_OBJS kerb5.o" + AUTH_OBJS="$AUTH_OBJS kerb5.lo" CPPFLAGS="$CPPFLAGS `krb5-config --cflags`" - SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`" + SUDOERS_LIBS="$SUDOERS_LIBS `krb5-config --libs`" dnl dnl Try to determine whether we have Heimdal or MIT Kerberos dnl @@ -2330,57 +2579,56 @@ if test ${with_kerb5-'no'} != "no"; then AC_MSG_RESULT(no) ] ) - fi -fi -if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then - AC_DEFINE(HAVE_KERB5) - dnl - dnl Use the specified directory, if any, else search for correct inc dir - dnl - if test "$with_kerb5" = "yes"; then - found=no - O_CPPFLAGS="$CPPFLAGS" - for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do - CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" - AC_PREPROC_IFELSE([#include ], [found=yes; break]) - done - if test X"$found" = X"no"; then - CPPFLAGS="$O_CPPFLAGS" - AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS]) - fi else - dnl XXX - try to include krb5.h here too - SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib]) - CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include" - fi + AC_DEFINE(HAVE_KERB5) + dnl + dnl Use the specified directory, if any, else search for correct inc dir + dnl + if test "$with_kerb5" = "yes"; then + found=no + O_CPPFLAGS="$CPPFLAGS" + for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do + CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" + AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found=yes; break]) + done + if test X"$found" = X"no"; then + CPPFLAGS="$O_CPPFLAGS" + AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS]) + fi + else + dnl XXX - try to include krb5.h here too + SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb5}/lib]) + CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include" + fi - dnl - dnl Try to determine whether we have Heimdal or MIT Kerberos - dnl - AC_MSG_CHECKING(whether we are using Heimdal) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[const char *tmp = heimdal_version;]])], [ - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_HEIMDAL) - # XXX - need to check whether -lcrypo is needed! - SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1" - AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"]) - ], [ - AC_MSG_RESULT(no) - SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err" - AC_CHECK_LIB(krb5support, main, [SUDO_LIBS="${SUDO_LIBS} -lkrb5support"]) - ]) - AUTH_OBJS="$AUTH_OBJS kerb5.o" + dnl + dnl Try to determine whether we have Heimdal or MIT Kerberos + dnl + AC_MSG_CHECKING(whether we are using Heimdal) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[const char *tmp = heimdal_version;]])], [ + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_HEIMDAL) + # XXX - need to check whether -lcrypo is needed! + SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1" + AC_CHECK_LIB(roken, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lroken"]) + ], [ + AC_MSG_RESULT(no) + SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lk5crypto -lcom_err" + AC_CHECK_LIB(krb5support, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5support"]) + ]) + AUTH_OBJS="$AUTH_OBJS kerb5.lo" + fi _LIBS="$LIBS" - LIBS="${LIBS} ${SUDO_LIBS}" + LIBS="${LIBS} ${SUDOERS_LIBS}" AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context) AC_CHECK_FUNCS(krb5_get_init_creds_opt_alloc, [ AC_CACHE_CHECK([whether krb5_get_init_creds_opt_free takes a context], sudo_cv_krb5_get_init_creds_opt_free_two_args, [ - AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM( - [[#include ]], - [[krb5_get_init_creds_opt_free(NULL, NULL);]] - )], + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[#include ]], + [[krb5_get_init_creds_opt_free(NULL, NULL);]] + )], [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes], [sudo_cv_krb5_get_init_creds_opt_free_two_args=no] ) @@ -2402,12 +2650,12 @@ if test ${with_AFS-'no'} = "yes"; then AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs" for i in $AFSLIBDIRS; do if test -d ${i}; then - SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i]) + SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [$i]) FOUND_AFSLIBDIR=true fi done if test -z "$FOUND_AFSLIBDIR"; then - AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.]) + AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options.]) fi # Order is important here. Note that we build AFS_LIBS from right to left @@ -2437,7 +2685,7 @@ if test ${with_AFS-'no'} = "yes"; then AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.]) fi - AUTH_OBJS="$AUTH_OBJS afs.o" + AUTH_OBJS="$AUTH_OBJS afs.lo" fi dnl @@ -2446,75 +2694,91 @@ dnl Order of libs in HP-UX 10.x is important, -ldce must be last. dnl if test ${with_DCE-'no'} = "yes"; then DCE_OBJS="${DCE_OBJS} dce_pwent.o" - SUDO_LIBS="${SUDO_LIBS} -ldce" - AUTH_OBJS="$AUTH_OBJS dce.o" + SUDOERS_LIBS="${SUDOERS_LIBS} -ldce" + AUTH_OBJS="$AUTH_OBJS dce.lo" fi dnl dnl extra S/Key lib and includes dnl -if test ${with_skey-'no'} = "yes"; then +if test "${with_skey-'no'}" = "yes"; then O_LDFLAGS="$LDFLAGS" if test "$with_skey" != "yes"; then CPPFLAGS="${CPPFLAGS} -I${with_skey}/include" SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib]) - SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib]) - AC_PREPROC_IFELSE([#include ], [found=yes], [found=no]) + SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_skey}/lib]) + AC_CHECK_HEADER([skey.h], [found=yes], [found=no], [#include ]) else found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "/usr/local" "/usr/contrib"; do test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" - AC_PREPROC_IFELSE([#include ], [found=yes; break]) + AC_CHECK_HEADER([skey.h], [found=yes; break], [], + [#include ]) done if test "$found" = "no" -o -z "$dir"; then CPPFLAGS="$O_CPPFLAGS" else SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib]) - SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib]) + SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib]) + fi + if test "$found" = "no"; then + AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS]) fi fi - if test "$found" = "no"; then - AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS]) - fi - AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])]) + AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS])]) AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS)) + + AC_MSG_CHECKING([for RFC1938-compliant skeychallenge]) + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[#include + #include ]], + [[skeychallenge(NULL, NULL, NULL, 0);]] + )], [ + AC_DEFINE(HAVE_RFC1938_SKEYCHALLENGE) + AC_MSG_RESULT([yes]) + ], [ + AC_MSG_RESULT([no]) + ] + ) + LDFLAGS="$O_LDFLAGS" - SUDO_LIBS="${SUDO_LIBS} -lskey" - AUTH_OBJS="$AUTH_OBJS rfc1938.o" + SUDOERS_LIBS="${SUDOERS_LIBS} -lskey" + AUTH_OBJS="$AUTH_OBJS rfc1938.lo" fi dnl dnl extra OPIE lib and includes dnl -if test ${with_opie-'no'} = "yes"; then +if test "${with_opie-'no'}" = "yes"; then O_LDFLAGS="$LDFLAGS" if test "$with_opie" != "yes"; then CPPFLAGS="${CPPFLAGS} -I${with_opie}/include" SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib]) - SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib]) - AC_PREPROC_IFELSE([#include ], [found=yes], [found=no]) + SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_opie}/lib]) + AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found=yes], [found=no]) else found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "/usr/local" "/usr/contrib"; do test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" - AC_PREPROC_IFELSE([#include ], [found=yes; break]) + AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found=yes; break]) done if test "$found" = "no" -o -z "$dir"; then CPPFLAGS="$O_CPPFLAGS" else SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib]) - SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib]) + SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib]) + fi + if test "$found" = "no"; then + AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS]) fi fi - if test "$found" = "no"; then - AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS]) - fi - AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])]) + AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS])]) LDFLAGS="$O_LDFLAGS" - SUDO_LIBS="${SUDO_LIBS} -lopie" - AUTH_OBJS="$AUTH_OBJS rfc1938.o" + SUDOERS_LIBS="${SUDOERS_LIBS} -lopie" + AUTH_OBJS="$AUTH_OBJS rfc1938.lo" fi dnl @@ -2526,8 +2790,10 @@ if test ${with_passwd-'no'} != "no"; then dnl dnl if crypt(3) not in libc, look elsewhere dnl - if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then - AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"]) + if test -z "$LIB_CRYPT"; then + _LIBS="$LIBS" + AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"]) + LIBS="$_LIBS" fi if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then @@ -2536,12 +2802,12 @@ if test ${with_passwd-'no'} != "no"; then found=no AC_CHECK_FUNCS($shadow_funcs, [found=yes]) if test "$found" = "yes"; then - SUDO_LIBS="$SUDO_LIBS $shadow_libs" + SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs" elif test -n "$shadow_libs_optional"; then LIBS="$LIBS $shadow_libs_optional" AC_CHECK_FUNCS($shadow_funcs, [found=yes]) if test "$found" = "yes"; then - SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional" + SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs $shadow_libs_optional" fi fi if test "$found" = "yes"; then @@ -2555,14 +2821,14 @@ if test ${with_passwd-'no'} != "no"; then CHECKSHADOW=false fi if test "$CHECKSHADOW" = "true"; then - AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"]) + AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"]) fi if test "$CHECKSHADOW" = "true"; then - AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"]) + AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"]) fi if test -n "$SECUREWARE"; then AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs) - AUTH_OBJS="$AUTH_OBJS secureware.o" + AUTH_OBJS="$AUTH_OBJS secureware.lo" fi fi @@ -2572,12 +2838,12 @@ dnl if test ${with_ldap-'no'} != "no"; then _LDFLAGS="$LDFLAGS" if test "$with_ldap" != "yes"; then - SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib]) + SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_ldap}/lib]) SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib]) CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include" with_ldap=yes fi - SUDO_OBJS="${SUDO_OBJS} ldap.o" + SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo" LDAP="" AC_MSG_CHECKING([for LDAP libraries]) @@ -2591,6 +2857,17 @@ if test ${with_ldap-'no'} != "no"; then #include #include ]], [[(void)ldap_init(0, 0)]])], [found=yes; break]) done + if test "$found" = "no"; then + LDAP_LIBS="" + LIBS="$_LIBS" + for l in -libmldap -lidsldif; do + LIBS="${LIBS} $l" + LDAP_LIBS="${LDAP_LIBS} $l" + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include + #include + #include ]], [[(void)ldap_init(0, 0)]])], [found=yes; break]) + done + fi dnl if nothing linked just try with -lldap if test "$found" = "no"; then LIBS="${_LIBS} -lldap" @@ -2614,7 +2891,8 @@ if test ${with_ldap-'no'} != "no"; then AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s)], [break]) AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include ]) - AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_search_ext_s ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_client_init ldap_start_tls_s_np) + AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_client_init ldap_start_tls_s_np) + AC_CHECK_FUNCS(ldap_search_ext_s ldap_search_st, [break]) if test X"$check_gss_krb5_ccache_name" = X"yes"; then AC_CHECK_LIB(gssapi, gss_krb5_ccache_name, @@ -2630,7 +2908,7 @@ if test ${with_ldap-'no'} != "no"; then O_CPPFLAGS="$CPPFLAGS" for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" - AC_PREPROC_IFELSE([#include ], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([#include ], [found="gssapi.h"; break])]) + AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found="gssapi.h"; break])]) done if test X"$found" != X"no"; then AC_CHECK_HEADERS([$found]) @@ -2643,88 +2921,87 @@ if test ${with_ldap-'no'} != "no"; then fi fi - SUDO_LIBS="${SUDO_LIBS} ${LDAP_LIBS}" + SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}" LIBS="$_LIBS" LDFLAGS="$_LDFLAGS" fi -dnl -dnl Add LIBVAS_RPATH to LDFLAGS -dnl GNU ld accepts -R/path/ as an alias for -rpath /path/ -dnl -if test X"$LIBVAS_RPATH" != X""; then - if test -n "$blibpath"; then - blibpath_add="${blibpath_add}:$LIBVAS_RPATH" - else - case "$host" in - *-*-hpux*) LDFLAGS="$LDFLAGS -Wl,+b,$LIBVAS_RPATH" - ;; - *) LDFLAGS="$LDFLAGS -Wl,-R$LIBVAS_RPATH" - ;; - esac - fi +# +# How to do dynamic object loading. +# We support dlopen() and sh_load(), else fall back to static loading. +# +case "$lt_cv_dlopen" in + dlopen) + AC_DEFINE(HAVE_DLOPEN) + SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo" + LT_STATIC="--tag=disable-static" + ;; + shl_load) + AC_DEFINE(HAVE_SHL_LOAD) + SUDOERS_OBJS="$SUDOERS_OBJS plugin_error.lo" + LT_STATIC="--tag=disable-static" + AC_LIBOBJ(dlopen) + ;; + *) + if test X"${ac_cv_func_dlopen}" = X"yes"; then + AC_MSG_ERROR(["dlopen present but libtool doesn't appear to support your platform."]) + fi + # Preload sudoers module symbols + SUDO_OBJS="${SUDO_OBJS} preload.o" + SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la" + LT_STATIC="" + AC_LIBOBJ(dlopen) + ;; +esac + +# +# Add library needed for dynamic loading, if any. +# +LIBDL="$lt_cv_dlopen_libs" +if test X"$LIBDL" != X""; then + SUDO_LIBS="${SUDO_LIBS} $LIBDL" + SUDOERS_LIBS="${SUDOERS_LIBS} $LIBDL" fi +# On HP-UX, you cannot dlopen() a shared object that uses pthreads +# unless the main program is linked against -lpthread. Since we +# have no knowledge what libraries a plugin may depend on, we always +# link against -lpthread on HP-UX if it is available. +# This check should go after all other libraries tests. +case "$host" in + *-*-hpux*) + AC_CHECK_LIB(pthread, main, [SUDO_LIBS="${SUDO_LIBS} -lpthread"]) + ;; +esac + dnl -dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we -dnl added -L dirpaths to SUDO_LDFLAGS. +dnl Add $blibpath to SUDOERS_LDFLAGS if specified by the user or if we +dnl added -L dirpaths to SUDOERS_LDFLAGS. dnl if test -n "$blibpath"; then if test -n "$blibpath_add"; then - SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}" + SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}" elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then - SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}" + SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS -Wl,-blibpath:${blibpath}" fi fi dnl dnl Check for log file, timestamp and iolog locations dnl +if test "$utmp_style" = "LEGACY"; then + SUDO_PATH_UTMP +fi SUDO_LOGFILE SUDO_TIMEDIR SUDO_IO_LOGDIR dnl -dnl If I/O logging is enabled, build sudoreplay and exec_pty get_pty.o iolog.o -dnl -if test "${with_iologdir-yes}" != "no"; then - # Require POSIX job control for I/O log support - AC_CHECK_FUNCS(tcsetpgrp, [ - SUDO_OBJS="${SUDO_OBJS} exec_pty.o get_pty.o iolog.o" - PROGS="$PROGS sudoreplay" - REPLAY="" - - AC_ARG_ENABLE(zlib, - [AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])], - [ case "$enable_zlib" in - yes) AC_DEFINE(HAVE_ZLIB_H) - ZLIB="-lz" - ;; - no) ;; - *) AC_DEFINE(HAVE_ZLIB_H) - CPPFLAGS="${CPPFLAGS} -I${enable_zlib}/include" - SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib]) - ZLIB="${ZLIB} -lz" - ;; - esac - ]) - if test X"$enable_zlib" = X""; then - AC_CHECK_LIB(z, gzdopen, [ - AC_CHECK_HEADERS(zlib.h, [ZLIB="-lz"]) - ]) - fi - ], [ - AC_MSG_WARN([Disabling I/O log support due to lack of tcsetpgrp function]) - with_iologdir=no - ]) -fi - -dnl -dnl Use passwd (and secureware) auth modules? +dnl Use passwd auth module? dnl case "$with_passwd" in yes|maybe) - AUTH_OBJS="$AUTH_OBJS passwd.o" + AUTH_OBJS="$AUTH_OBJS getspwuid.lo passwd.lo" ;; *) AC_DEFINE(WITHOUT_PASSWD) @@ -2734,24 +3011,36 @@ yes|maybe) ;; esac AUTH_OBJS=${AUTH_OBJS# } -_AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` +_AUTH=`echo "$AUTH_OBJS" | sed -e 's/\.lo//g' -e 's/getspwuid *//'` AC_MSG_NOTICE([using the following authentication methods: $_AUTH]) dnl -dnl LIBS may contain duplicates from SUDO_LIBS or NET_LIBS so prune it. +dnl LIBS may contain duplicates from SUDO_LIBS, SUDOERS_LIBS, or NET_LIBS dnl if test -n "$LIBS"; then L="$LIBS" LIBS= for l in ${L}; do dupe=0 - for sl in ${SUDO_LIBS} ${NET_LIBS}; do + for sl in ${SUDO_LIBS} ${SUDOERS_LIBS} ${NET_LIBS}; do test $l = $sl && dupe=1 done test $dupe = 0 && LIBS="${LIBS} $l" done fi +dnl +dnl We add -Wall and -Werror after all tests so they don't cause failures +dnl +if test -n "$GCC"; then + if test X"$enable_warnings" = X"yes" -o X"$with_devel" = X"yes"; then + CFLAGS="${CFLAGS} -Wall" + fi + if test X"$enable_werror" = X"yes"; then + CFLAGS="${CFLAGS} -Werror" + fi +fi + dnl dnl Set exec_prefix dnl @@ -2781,6 +3070,9 @@ if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then eval sesh_file="$libexecdir/sesh" SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh]) fi + eval PLUGINDIR="$with_plugindir" + SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/") + SUDO_DEFINE_UNQUOTED(SUDOERS_PLUGIN, "sudoers${SOEXT}") exec_prefix="$oexec_prefix" fi @@ -2803,7 +3095,8 @@ test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/ dnl dnl Substitute into the Makefile and man pages dnl -AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man sudoers.ldap.man sudoreplay.man sudo_usage.h sudoers]) +dnl AC_CONFIG_FILES([doc/sudo.man doc/visudo.man doc/sudoers.man doc/sudoers.ldap.man doc/sudoreplay.man src/Makefile src/sudo_usage.h]) +AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/sample_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers]) AC_OUTPUT dnl @@ -2823,10 +3116,12 @@ dnl AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.]) AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.]) AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.]) +AH_TEMPLATE(SUDOERS_PLUGIN, [The name of the sudoers plugin, including extension.]) AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.]) -AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.]) AH_TEMPLATE(ENV_DEBUG, [Define to 1 to enable environment function debugging.]) +AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.]) AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.]) +AH_TEMPLATE(ENV_RESET, [Define to 1 to enable environment resetting by default.]) AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".]) AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.]) AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.]) @@ -2836,8 +3131,8 @@ AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM audit support.]) AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.]) AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.]) AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.]) -AH_TEMPLATE(HAVE_DGETTEXT, [Define to 1 if you have the `dgettext' function.]) AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.]) +AH_TEMPLATE(HAVE_DLOPEN, [Define to 1 if you have the `dlopen' function.]) AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.]) AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.]) AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.]) @@ -2860,6 +3155,7 @@ AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_in AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.]) AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs . (OpenLDAP does not)]) AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.]) +AH_TEMPLATE(HAVE_LIBINTL_H, [Define to 1 if you have the header file.]) AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.]) AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.]) AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.]) @@ -2868,13 +3164,14 @@ AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the header file AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.]) AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.]) AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.]) +AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.]) AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if has the sigaction_t typedef.]) AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.]) AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().]) +AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments]) AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union]) AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member]) AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member]) -AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the header file and the `tcgetattr' function.]) AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h]) AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.]) AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.]) @@ -2895,13 +3192,15 @@ AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is n AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.]) AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.]) AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.]) +AH_TEMPLATE(UMASK_OVERRIDE, [Define to 1 to use the umask specified in sudoers even when it is less restrictive than the invoking user's.]) AH_TEMPLATE(USE_ADMIN_FLAG, [Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo.]) AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.]) AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.]) AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.]) AH_TEMPLATE(sig_atomic_t, [Define to `int' if does not define.]) AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.]) -AH_TEMPLATE(USING_NONUNIX_GROUPS, [Define to 1 if using a non-Unix group lookup implementation.]) +AH_TEMPLATE(HAVE_STRUCT_UTMP_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmp'.]) +AH_TEMPLATE(HAVE_STRUCT_UTMPX_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmpx'.]) dnl dnl Bits to copy verbatim into config.h.in @@ -2935,17 +3234,6 @@ AH_BOTTOM([/* # endif /* HAVE_ST_MTIMESPEC */ #endif /* HAVE_ST_MTIM */ -/* - * Emulate a subset of waitpid() if we don't have it. - */ -#ifdef HAVE_WAITPID -# define sudo_waitpid(p, s, o) waitpid(p, s, o) -#else -# ifdef HAVE_WAIT3 -# define sudo_waitpid(p, s, o) wait3(s, o, NULL) -# endif -#endif - /* GNU stow needs /etc/sudoers to be a symlink. */ #ifdef USE_STOW # define stat_sudoers stat @@ -2961,7 +3249,7 @@ AH_BOTTOM([/* #undef ISSET #define ISSET(t, f) ((t) & (f)) -/* New ANSI-style OS defs for HP-UX and ConvexOS. */ +/* ANSI-style OS defs for HP-UX and ConvexOS. */ #if defined(hpux) && !defined(__hpux) # define __hpux 1 #endif /* hpux */