X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=configure.in;h=bdbc123245c2e7d1f4bb1dd13c837f6943e9b58c;hb=ca5f7615983706c51b50ac5a8bfc4e123263df0e;hp=bca3bf4a7808cc47d6122eb20c59d4258e312a7a;hpb=3a9f5f17329715f3bc44f8680c997f0f551ff59f;p=debian%2Fsudo diff --git a/configure.in b/configure.in index bca3bf4..bdbc123 100644 --- a/configure.in +++ b/configure.in @@ -1,9 +1,9 @@ dnl dnl Process this file with GNU autoconf to produce a configure script. dnl -dnl Copyright (c) 1994-1996,1998-2011 Todd C. Miller +dnl Copyright (c) 1994-1996,1998-2012 Todd C. Miller dnl -AC_INIT([sudo], [1.8.3p1], [http://www.sudo.ws/bugs/], [sudo]) +AC_INIT([sudo], [1.8.4p4], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER([config.h pathnames.h]) dnl dnl Note: this must come after AC_INIT @@ -38,7 +38,7 @@ AC_SUBST([MAN_POSTINSTALL]) AC_SUBST([SUDOERS_MODE]) AC_SUBST([SUDOERS_UID]) AC_SUBST([SUDOERS_GID]) -AC_SUBST([DEV]) +AC_SUBST([DEVEL]) AC_SUBST([BAMAN]) AC_SUBST([LCMAN]) AC_SUBST([SEMAN]) @@ -66,6 +66,7 @@ AC_SUBST([LIBDL]) AC_SUBST([LT_STATIC]) AC_SUBST([LIBINTL]) AC_SUBST([SUDO_NLS]) +AC_SUBST([COMPAT_TEST_PROGS]) dnl dnl Variables that get substituted in docs (not overridden by environment) dnl @@ -158,7 +159,7 @@ PROGS="sudo" : ${SUDOERS_MODE='0440'} : ${SUDOERS_UID='0'} : ${SUDOERS_GID='0'} -DEV="#" +DEVEL= LDAP="#" BAMAN=0 LCMAN=0 @@ -214,7 +215,7 @@ AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])], [case $with_devel in yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc]) OSDEFS="${OSDEFS} -DSUDO_DEVEL" - DEV="" + DEVEL="true" devdir=. ;; no) ;; @@ -402,15 +403,6 @@ AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]]], [enable FWTK AuthSRV su ;; esac]) -AC_ARG_WITH(kerb4, [AS_HELP_STRING([--with-kerb4[[=DIR]]], [enable Kerberos IV support])], -[case $with_kerb4 in - no) ;; - *) AC_MSG_CHECKING(whether to try kerberos IV authentication) - AC_MSG_RESULT(yes) - AUTH_REG="$AUTH_REG kerb4" - ;; -esac]) - AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])], [case $with_kerb5 in no) ;; @@ -1281,10 +1273,10 @@ AC_ARG_ENABLE(env_reset, ]) if test "$env_reset" = "on"; then AC_MSG_RESULT(yes) - AC_DEFINE(ENV_RESET, TRUE) + AC_DEFINE(ENV_RESET, 1) else AC_MSG_RESULT(no) - AC_DEFINE(ENV_RESET, FALSE) + AC_DEFINE(ENV_RESET, 0) fi AC_ARG_ENABLE(warnings, @@ -1385,6 +1377,7 @@ if test "$enable_shared" = "no"; then enable_dlopen=no lt_cv_dlopen=none lt_cv_dlopen_libs= + ac_cv_func_dlopen=no else eval _shrext="$shrext_cmds" # Darwin uses .dylib for libraries but .so for modules @@ -1920,6 +1913,15 @@ dnl AC_PROG_GCC_TRADITIONAL AC_C_CONST AC_C_VOLATILE +# Check for variadic macro support in cpp +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ +AC_INCLUDES_DEFAULT +#if defined(__GNUC__) && __GNUC__ == 2 +# define sudo_fprintf(fp, fmt...) fprintf((fp), (fmt)) +#else +# define sudo_fprintf(fp, ...) fprintf((fp), __VA_ARGS__) +#endif +], [sudo_fprintf(stderr, "a %s", "test");])], [], [AC_MSG_ERROR([Your C compiler doesn't support variadic macros, try building with gcc instead])]) if test X"$with_gnu_ld" != "yes" -a -n "$GCC"; then _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -static-libgcc" @@ -1963,6 +1965,7 @@ dnl AC_HEADER_STDC AC_HEADER_DIRENT AC_HEADER_TIME +AC_HEADER_STDBOOL AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h utmpx.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h) dnl dnl Check for large file support. HP-UX 11.23 has a broken sys/type.h @@ -2016,21 +2019,24 @@ AC_TYPE_UID_T AC_CHECK_TYPE([__signed char], [], [AC_CHECK_TYPE([signed char], [AC_DEFINE(__signed, signed)], [AC_DEFINE(__signed, [])])]) AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include #include ]) -AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include +AC_CHECK_TYPES([sigaction_t], [], [], [#include #include ]) -AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include +AC_CHECK_TYPES([struct timespec], [], [], [#include #if TIME_WITH_SYS_TIME # include #endif #include ]) -AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include +AC_CHECK_TYPES([struct in6_addr], [], [], [#include #include ]) AC_TYPE_LONG_LONG_INT AC_CHECK_SIZEOF([long int]) -SUDO_TYPE_SIZE_T -SUDO_TYPE_SSIZE_T -SUDO_TYPE_DEV_T -SUDO_TYPE_INO_T +AC_CHECK_TYPE(size_t, unsigned int) +AC_CHECK_TYPE(ssize_t, int) +AC_CHECK_TYPE(dev_t, int) +AC_CHECK_TYPE(ino_t, unsigned int) +AC_CHECK_TYPE(socklen_t, [], [AC_DEFINE(socklen_t, unsigned int)], [ +AC_INCLUDES_DEFAULT +#include ]) SUDO_UID_T_LEN SUDO_SOCK_SA_LEN dnl @@ -2082,19 +2088,54 @@ dnl Function checks dnl AC_FUNC_GETGROUPS AC_CHECK_FUNCS(strrchr sysconf tzset strftime \ - regcomp setlocale nl_langinfo getaddrinfo mbr_check_membership \ - setrlimit64 sysctl) + regcomp setlocale nl_langinfo mbr_check_membership \ + setrlimit64) AC_REPLACE_FUNCS(getgrouplist) AC_CHECK_FUNCS(getline, [], [ AC_LIBOBJ(getline) AC_CHECK_FUNCS(fgetln) ]) +dnl +dnl If libc supports _FORTIFY_SOURCE check functions, use it. +dnl +O_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2" +AC_CHECK_FUNC(__sprintf_chk, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]])], [OSDEFS="${OSDEFS} -D_FORTIFY_SOURCE=2"], []) +], []) +CPPFLAGS="$O_CPPFLAGS" + utmp_style=LEGACY AC_CHECK_FUNCS(getutxid getutid, [utmp_style=POSIX; break]) if test "$utmp_style" = "LEGACY"; then AC_CHECK_FUNCS(getttyent ttyslot, [break]) fi +AC_CHECK_FUNCS(sysctl, [AC_CHECK_MEMBERS([struct kinfo_proc.ki_tdev], [], + [ + AC_CHECK_MEMBERS([struct kinfo_proc2.p_tdev], [], [ + AC_CHECK_MEMBERS([struct kinfo_proc.p_tdev], [], [ + AC_CHECK_MEMBERS([struct kinfo_proc.kp_eproc.e_tdev], [], [], [ + #include + #include + ]) + ], [ + #include + #include + ]) + ], + [ + #include + #include + ]) + ], + [ + #include + #include + #include + ]) +]) + AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(libutil.h util.h pty.h, [break])], [ AC_CHECK_LIB(util, openpty, [ AC_CHECK_HEADERS(libutil.h util.h pty.h, [break]) @@ -2135,14 +2176,19 @@ fi AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB) AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob) - AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)]) + COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }globtest" + AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)] + COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }globtest" + ) AC_CHECK_FUNCS(lockf flock, [break]) AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]]) AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)]) AC_CHECK_FUNCS(killpg, [], [AC_LIBOBJ(killpg)]) -SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)]) +SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch) + COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }fnm_test" +]) SUDO_FUNC_ISBLANK -AC_REPLACE_FUNCS(memrchr strlcpy strlcat setenv) +AC_REPLACE_FUNCS(memrchr pw_dup strlcpy strlcat setenv) AC_CHECK_FUNCS(nanosleep, [], [ # On Solaris, nanosleep is in librt AC_CHECK_LIB(rt, nanosleep, [REPLAY_LIBS="${REPLAY_LIBS} -lrt"], [AC_LIBOBJ(nanosleep)]) @@ -2178,20 +2224,88 @@ fi dnl dnl If socket(2) not in libc, check -lsocket and -linet dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols -dnl In this case we look for main(), not socket() to avoid using a cached value dnl -AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl) -AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))]) +AC_CHECK_FUNC(socket, [], [ + for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do + _libs= + for lib in $libs; do + case "$NET_LIBS" in + *"$lib"*) ;; + *) _libs="$_libs $lib";; + esac + done + libs="${_libs# }" + test -z "$libs" && continue + lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" + extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" + SUDO_CHECK_LIB($lib, socket, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs]) + done +]) dnl dnl If inet_addr(3) not in libc, check -lnsl and -linet dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols dnl -AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl) -AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))]) +AC_CHECK_FUNC(inet_addr, [], [ + AC_CHECK_FUNC(__inet_addr, [], [ + for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do + _libs= + for lib in $libs; do + case "$NET_LIBS" in + *"$lib"*) ;; + *) _libs="$_libs $lib";; + esac + done + libs="${_libs# }" + test -z "$libs" && continue + lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" + extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" + SUDO_CHECK_LIB($lib, inet_addr, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs]) + done + ]) +]) dnl dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet dnl -AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))]) +AC_CHECK_FUNC(syslog, [], [ + for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do + _libs= + for lib in $libs; do + case "$NET_LIBS" in + *"$lib"*) ;; + *) _libs="$_libs $lib";; + esac + done + libs="${_libs# }" + test -z "$libs" && continue + lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" + extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" + SUDO_CHECK_LIB($lib, syslog, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs]) + done +]) +dnl +dnl If getaddrinfo(3) not in libc, check -lsocket and -linet +dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols. +dnl +AC_CHECK_FUNCS(getaddrinfo, [], [ + found=no + for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do + _libs= + for lib in $libs; do + case "$NET_LIBS" in + *"$lib"*) ;; + *) _libs="$_libs $lib";; + esac + done + libs="${_libs# }" + test -z "$libs" && continue + lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" + extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" + SUDO_CHECK_LIB($lib, getaddrinfo, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; found=yes; break], [], [$extralibs]) + done + if test X"$found" != X"no"; then + AC_DEFINE(HAVE_GETADDRINFO) + fi +]) dnl dnl Check for getprogname() or __progname dnl @@ -2206,6 +2320,25 @@ AC_CHECK_FUNCS(getprogname, , [ fi AC_MSG_RESULT($sudo_cv___progname) ]) +dnl +dnl Check for __func__ or __FUNCTION__ +dnl +AC_MSG_CHECKING([for __func__]) +AC_CACHE_VAL(sudo_cv___func__, [ +AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[(void)puts(__func__);]])], [sudo_cv___func__=yes], [sudo_cv___func__=no])]) +AC_MSG_RESULT($sudo_cv___func__) +if test "$sudo_cv___func__" = "yes"; then + AC_DEFINE(HAVE___FUNC__) +elif test -n "$GCC"; then + AC_MSG_CHECKING([for __FUNCTION__]) + AC_CACHE_VAL(sudo_cv___FUNCTION__, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[(void)puts(__FUNCTION__);]])], [sudo_cv___FUNCTION__=yes], [sudo_cv___FUNCTION__=no])]) + AC_MSG_RESULT($sudo_cv___FUNCTION__) + if test "$sudo_cv___FUNCTION__" = "yes"; then + AC_DEFINE(HAVE___FUNC__) + AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler support __FUNCTION__ but not __func__]) + fi +fi # gettext() and friends may be located in libc (Linux and Solaris) # or in libintl. However, it is possible to have libintl installed @@ -2302,6 +2435,14 @@ AC_INCLUDES_DEFAULT #include ]) +dnl +dnl Check for h_errno declaration in netdb.h +dnl +AC_CHECK_DECLS([h_errno], [], [], [ +AC_INCLUDES_DEFAULT +#include +]) + dnl dnl Check for strsignal() or sys_siglist dnl @@ -2356,15 +2497,39 @@ dnl PAM support. Systems that use PAM by default set with_pam=default dnl and we do the actual tests here. dnl if test ${with_pam-"no"} != "no"; then - # We already link with -ldl (see LIBDL below) so no need for that here. - SUDOERS_LIBS="${SUDOERS_LIBS} -lpam" + # + # Check for pam_start() in libpam first, then for pam_appl.h. + # + found_pam_lib=no + AC_CHECK_LIB(pam, pam_start, [found_pam_lib=yes], [], [$lt_cv_dlopen_libs]) + # + # Some PAM implementations (MacOS X for example) put the PAM headers + # in /usr/include/pam instead of /usr/include/security... + # + found_pam_hdrs=no + AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [found_pam_hdrs=yes; break]) + if test "$found_pam_lib" = "yes" -a "$found_pam_hdrs" = "yes"; then + # Found both PAM libs and headers + with_pam=yes + elif test "$with_pam" = "yes"; then + if test "$found_pam_lib" = "no"; then + AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development library."]) + fi + if test "$found_pam_hdrs" = "no"; then + AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development headers."]) + fi + elif test "$found_pam_lib" != "$found_pam_hdrs"; then + if test "$found_pam_lib" = "no"; then + AC_MSG_ERROR(["found PAM headers but no PAM development library; specify --without-pam to build without PAM"]) + fi + if test "$found_pam_hdrs" = "no"; then + AC_MSG_ERROR(["found PAM library but no PAM development headers; specify --without-pam to build without PAM"]) + fi + fi - dnl - dnl Some PAM implementations (MacOS X for example) put the PAM headers - dnl in /usr/include/pam instead of /usr/include/security... - dnl - AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break]) if test "$with_pam" = "yes"; then + # We already link with -ldl if needed (see LIBDL below) + SUDOERS_LIBS="${SUDOERS_LIBS} -lpam" AC_DEFINE(HAVE_PAM) AUTH_OBJS="$AUTH_OBJS pam.lo"; AUTH_EXCL=PAM @@ -2458,27 +2623,9 @@ if test ${with_SecurID-'no'} != "no"; then with_SecurID=/usr/ace fi CPPFLAGS="${CPPFLAGS} -I${with_SecurID}" - _LDFLAGS="${LDFLAGS}" SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}]) - # - # Determine whether to use the new or old SecurID API - # - AC_CHECK_LIB(aceclnt, SD_Init, - [ - AUTH_OBJS="$AUTH_OBJS securid5.lo"; - SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread" - ] - [ - SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_SecurID}]) - ], [ - AUTH_OBJS="$AUTH_OBJS securid.lo"; - SUDOERS_LIBS="${SUDOERS_LIBS} ${with_SecurID}/sdiclient.a" - ], - [ - -lpthread - ] - ) - LDFLAGS="${_LDFLAGS}" + SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread" + AUTH_OBJS="$AUTH_OBJS securid5.lo"; fi dnl @@ -2498,65 +2645,6 @@ if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then done fi -dnl -dnl Kerberos IV -dnl -if test ${with_kerb4-'no'} != "no"; then - AC_DEFINE(HAVE_KERB4) - dnl - dnl Use the specified directory, if any, else search for correct inc dir - dnl - O_LDFLAGS="$LDFLAGS" - if test "$with_kerb4" = "yes"; then - found=no - O_CPPFLAGS="$CPPFLAGS" - for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do - CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" - AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found=yes; break]) - done - test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS" - else - SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib]) - SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb4}/lib]) - CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include" - AC_CHECK_HEADER([krb.h], [found=yes], [found=no]) - fi - if test X"$found" = X"no"; then - AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS]) - fi - - dnl - dnl Check for -ldes vs. -ldes425 - dnl - AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [ - AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""]) - ]) - dnl - dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV - dnl - AC_MSG_CHECKING(whether we are using KTH Kerberos IV) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[const char *tmp = krb4_version;]])], [ - AC_MSG_RESULT(yes) - K4LIBS="${K4LIBS} -lcom_err" - AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"]) - ], [ - AC_MSG_RESULT(no) - ] - ) - dnl - dnl The actual Kerberos IV lib might be -lkrb or -lkrb4 - dnl - AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [ - AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"], - [K4LIBS="-lkrb $K4LIBS"] - [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDOERS_LDFLAGS and possibly add Kerberos libs to SUDOERS_LIBS])] - , [$K4LIBS]) - ], [$K4LIBS]) - LDFLAGS="$O_LDFLAGS" - SUDOERS_LIBS="${SUDOERS_LIBS} $K4LIBS" - AUTH_OBJS="$AUTH_OBJS kerb4.lo" -fi - dnl dnl Kerberos V dnl There is an easy way and a hard way... @@ -2639,6 +2727,18 @@ if test ${with_kerb5-'no'} != "no"; then AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS) fi LIBS="$_LIBS" + AC_MSG_CHECKING(whether to use an instance name for Kerberos V) + AC_ARG_ENABLE(kerb5-instance, + [AS_HELP_STRING([--enable-kerb5-instance], [instance string to append to the username (separated by a slash)])], + [ case "$enableval" in + yes) AC_MSG_ERROR(["must give --enable-kerb5-instance an argument."]) + ;; + no) AC_MSG_RESULT(no) + ;; + *) SUDO_DEFINE_UNQUOTED(SUDO_KRB5_INSTANCE, "$enableval") + AC_MSG_RESULT([$enableval]) + ;; + esac], AC_MSG_RESULT(no)) fi dnl @@ -3063,14 +3163,29 @@ if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then PROGS="${PROGS} libsudo_noexec.la" INSTALL_NOEXEC="install-noexec" - eval noexec_file="$with_noexec" + noexec_file="$with_noexec" + _noexec_file= + while test X"$noexec_file" != X"$_noexec_file"; do + _noexec_file="$noexec_file" + eval noexec_file="$_noexec_file" + done SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so]) fi if test X"$with_selinux" != X"no"; then - eval sesh_file="$libexecdir/sesh" + sesh_file="$libexecdir/sesh" + _sesh_file= + while test X"$sesh_file" != X"$_sesh_file"; do + _sesh_file="$sesh_file" + eval sesh_file="$_sesh_file" + done SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh]) fi - eval PLUGINDIR="$with_plugindir" + PLUGINDIR="$with_plugindir" + _PLUGINDIR= + while test X"$PLUGINDIR" != X"$_PLUGINDIR"; do + _PLUGINDIR="$PLUGINDIR" + eval PLUGINDIR="$_PLUGINDIR" + done SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/") SUDO_DEFINE_UNQUOTED(SUDOERS_PLUGIN, "sudoers${SOEXT}") exec_prefix="$oexec_prefix" @@ -3104,6 +3219,12 @@ dnl Spew any text the user needs to know about dnl if test "$with_pam" = "yes"; then case $host in + *-*-hpux*) + if test -f /usr/lib/security/libpam_hpsec.so.1; then + AC_MSG_NOTICE([You may wish to add the following line to /etc/pam.conf]) + AC_MSG_NOTICE([sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login]) + fi + ;; *-*-linux*) AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo]) ;; @@ -3144,10 +3265,8 @@ AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)]) AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.]) AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.]) -AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if contains struct in6_addr.]) AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)]) AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)]) -AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.]) AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.]) AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.]) AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.]) @@ -3165,14 +3284,12 @@ AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.]) AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.]) AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.]) AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.]) -AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if has the sigaction_t typedef.]) AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.]) AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().]) AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments]) AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union]) AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member]) AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member]) -AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h]) AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.]) AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.]) AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements]) @@ -3199,8 +3316,11 @@ AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.]) AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.]) AH_TEMPLATE(sig_atomic_t, [Define to `int' if does not define.]) AH_TEMPLATE(__signed, [Define to `signed' or nothing if compiler does not support a signed type qualifier.]) +AH_TEMPLATE(socklen_t, [Define to `unsigned int' if doesn't define.]) AH_TEMPLATE(HAVE_STRUCT_UTMP_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmp'.]) AH_TEMPLATE(HAVE_STRUCT_UTMPX_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmpx'.]) +AH_TEMPLATE(HAVE___FUNC__, [Define to 1 if the compiler supports the C99 __func__ variable.]) +AH_TEMPLATE(SUDO_KRB5_INSTANCE, [An instance string to append to the username (separated by a slash) for Kerberos V authentication]) dnl dnl Bits to copy verbatim into config.h.in