dnl dnl Use the top-level autogen.sh script to generate configure and config.h.in dnl dnl SPDX-License-Identifier: ISC dnl dnl Copyright (c) 1994-1996, 1998-2023 Todd C. Miller dnl dnl Permission to use, copy, modify, and distribute this software for any dnl purpose with or without fee is hereby granted, provided that the above dnl copyright notice and this permission notice appear in all copies. dnl dnl THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES dnl WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF dnl MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR dnl ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES dnl WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. dnl AC_PREREQ([2.69]) AC_INIT([sudo], [1.9.13p3], [https://bugzilla.sudo.ws/], [sudo]) AC_CONFIG_HEADERS([config.h pathnames.h]) AC_CONFIG_SRCDIR([src/sudo.c]) AC_CONFIG_AUX_DIR([scripts]) dnl dnl Variables that get substituted in the Makefile and man pages dnl AC_SUBST([PROGS], [sudo])dnl AC_SUBST([SUDO_LDFLAGS])dnl AC_SUBST([SUDOERS_LDFLAGS])dnl AC_SUBST([LIBUTIL_LDFLAGS])dnl AC_SUBST([ZLIB_LDFLAGS])dnl AC_SUBST([LT_LDFLAGS])dnl AC_SUBST([LT_LDDEP], ["\$(shlib_exp)"])dnl AC_SUBST([LT_LDEXPORTS], ["-export-symbols \$(shlib_exp)"])dnl AC_SUBST([LT_STATIC])dnl AC_SUBST([LT_DEP_LIBS])dnl AC_SUBST([COMMON_OBJS])dnl AC_SUBST([SUDOERS_LT_STATIC])dnl AC_SUBST([SUDOERS_OBJS])dnl AC_SUBST([SUDO_OBJS])dnl AC_SUBST([SUDO_LIBS])dnl AC_SUBST([SUDOERS_LIBS])dnl AC_SUBST([STATIC_SUDOERS])dnl AC_SUBST([NET_LIBS])dnl AC_SUBST([AFS_LIBS])dnl AC_SUBST([REPLAY_LIBS])dnl AC_SUBST([GETGROUPS_LIB])dnl AC_SUBST([AUTH_OBJS])dnl AC_SUBST([MANTYPE])dnl AC_SUBST([MANDIRTYPE])dnl AC_SUBST([MANCOMPRESS])dnl AC_SUBST([MANCOMPRESSEXT])dnl AC_SUBST([SHLIB_ENABLE])dnl AC_SUBST([SHLIB_MODE])dnl AC_SUBST([SUDOERS_MODE])dnl AC_SUBST([SUDOERS_UID])dnl AC_SUBST([SUDOERS_GID])dnl AC_SUBST([DEVEL])dnl AC_SUBST([EXAMPLES])dnl AC_SUBST([BAMAN], [0])dnl AC_SUBST([LCMAN], [0])dnl AC_SUBST([PSMAN], [0])dnl AC_SUBST([SEMAN], [0])dnl AC_SUBST([AAMAN], [0])dnl AC_SUBST([devdir], ['$(srcdir)'])dnl AC_SUBST([mansectsu])dnl AC_SUBST([mansectform])dnl AC_SUBST([mansectmisc])dnl AC_SUBST([INTERCEPTFILE])dnl AC_SUBST([INTERCEPTDIR])dnl AC_SUBST([intercept_file])dnl AC_SUBST([NOEXECFILE])dnl AC_SUBST([NOEXECDIR])dnl AC_SUBST([noexec_file])dnl AC_SUBST([sesh_file])dnl AC_SUBST([INSTALL_BACKUP])dnl AC_SUBST([INSTALL_INTERCEPT])dnl AC_SUBST([INSTALL_NOEXEC])dnl AC_SUBST([PRELOAD_MODULE], ['-module'])dnl AC_SUBST([DONT_LEAK_PATH_INFO])dnl AC_SUBST([BSDAUTH_USAGE])dnl AC_SUBST([SELINUX_USAGE])dnl AC_SUBST([LDAP], ['#'])dnl AC_SUBST([LOGINCAP_USAGE])dnl AC_SUBST([ZLIB])dnl AC_SUBST([ZLIB_SRC])dnl AC_SUBST([LIBTOOL_DEPS])dnl AC_SUBST([LIBDL])dnl AC_SUBST([LIBRT])dnl AC_SUBST([LIBINTL])dnl AC_SUBST([LIBCRYPTO])dnl AC_SUBST([LIBTLS])dnl AC_SUBST([LIBPTHREAD])dnl AC_SUBST([SUDO_NLS], [disabled])dnl AC_SUBST([LOCALEDIR_SUFFIX])dnl AC_SUBST([COMPAT_TEST_PROGS])dnl AC_SUBST([SUDOERS_TEST_PROGS])dnl AC_SUBST([CROSS_COMPILING])dnl AC_SUBST([ASAN_LDFLAGS])dnl AC_SUBST([ASAN_CFLAGS])dnl AC_SUBST([PIE_LDFLAGS])dnl AC_SUBST([PIE_CFLAGS])dnl AC_SUBST([HARDENING_LDFLAGS])dnl AC_SUBST([HARDENING_CFLAGS])dnl AC_SUBST([INIT_SCRIPT])dnl AC_SUBST([INIT_DIR])dnl AC_SUBST([RC_LINK])dnl AC_SUBST([COMPAT_EXP])dnl AC_SUBST([TMPFILES_D])dnl AC_SUBST([exampledir], ['$(docdir)/examples'])dnl AC_SUBST([adminconfdir], ['$(prefix)/etc'])dnl AC_SUBST([DIGEST])dnl AC_SUBST([devsearch])dnl AC_SUBST([SIGNAME])dnl AC_SUBST([PYTHON_PLUGIN], ['#'])dnl AC_SUBST([PYTHON_PLUGIN_SRC])dnl AC_SUBST([LOGSRV])dnl AC_SUBST([LOGSRV_SRC], ['lib/logsrv'])dnl AC_SUBST([LOGSRVD_SRC], ['logsrvd'])dnl AC_SUBST([LOGSRVD_CONF], ['sudo_logsrvd.conf'])dnl AC_SUBST([LIBLOGSRV], ['$(top_builddir)/lib/logsrv/liblogsrv.la $(top_builddir)/lib/protobuf-c/libprotobuf-c.la'])dnl AC_SUBST([PPFILES], ['$(srcdir)/etc/sudo.pp'])dnl AC_SUBST([FUZZ_ENGINE])dnl AC_SUBST([FUZZ_LD], ['$(CC)'])dnl AC_SUBST([INTERCEPT_EXP])dnl dnl dnl Config file paths dnl Either a single file or a colon-separated list of paths. dnl AC_SUBST([cvtsudoers_conf], ['$(sysconfdir)/cvtsudoers.conf'])dnl AC_SUBST([sudo_conf], ['$(sysconfdir)/sudo.conf'])dnl AC_SUBST([sudo_logsrvd_conf], ['$(sysconfdir)/sudo_logsrvd.conf'])dnl AC_SUBST([sudoers_path], ['$(sysconfdir)/sudoers'])dnl dnl dnl Variables that get substituted in docs (not overridden by environment) dnl AC_SUBST([iolog_dir])dnl real initial value from SUDO_IO_LOGDIR AC_SUBST([log_dir])dnl real initial value from SUDO_LOGDIR AC_SUBST([logpath])dnl real initial value from SUDO_LOGFILE AC_SUBST([relay_dir])dnl real initial value from SUDO_RELAY_DIR AC_SUBST([rundir])dnl real initial value from SUDO_RUNDIR AC_SUBST([vardir])dnl real initial value from SUDO_VARDIR AC_SUBST([timeout]) AC_SUBST([password_timeout]) AC_SUBST([sudo_umask]) AC_SUBST([umask_override]) AC_SUBST([passprompt]) AC_SUBST([long_otp_prompt]) AC_SUBST([lecture]) AC_SUBST([logfac]) AC_SUBST([goodpri]) AC_SUBST([badpri]) AC_SUBST([loglen]) AC_SUBST([ignore_dot]) AC_SUBST([mail_no_user]) AC_SUBST([mail_no_host]) AC_SUBST([mail_no_perms]) AC_SUBST([mailto]) AC_SUBST([mailsub]) AC_SUBST([badpass_message]) AC_SUBST([fqdn]) AC_SUBST([runas_default]) AC_SUBST([env_editor]) AC_SUBST([env_reset]) AC_SUBST([passwd_tries]) AC_SUBST([timestamp_type]) AC_SUBST([insults]) AC_SUBST([root_sudo]) AC_SUBST([path_info]) AC_SUBST([ldap_conf]) AC_SUBST([ldap_secret]) AC_SUBST([sssd_lib]) AC_SUBST([nsswitch_conf]) AC_SUBST([netsvc_conf]) AC_SUBST([secure_path]) AC_SUBST([editor]) AC_SUBST([pam_session]) AC_SUBST([pam_login_service]) AC_SUBST([plugindir]) AC_SUBST([sudoers_plugin]) AC_SUBST([python_plugin]) # # Begin initial values for man page substitution # iolog_dir=/var/log/sudo-io log_dir=/var/log logpath=/var/log/sudo.log relay_dir=/var/log/sudo_logsrvd rundir=/var/run/sudo vardir=/var/adm/sudo timeout=5 password_timeout=5 sudo_umask=0022 umask_override=off passprompt="Password: " long_otp_prompt=off lecture=once logfac=auth goodpri=notice badpri=alert loglen=80 ignore_dot=off mail_no_user=on mail_no_host=off mail_no_perms=off mailto=root mailsub="*** SECURITY information for %h ***" badpass_message="Sorry, try again." fqdn=off runas_default=root env_editor=on env_reset=on editor=vi passwd_tries=3 timestamp_type=tty insults=off root_sudo=on path_info=on ldap_conf=/etc/ldap.conf ldap_secret=/etc/ldap.secret netsvc_conf=/etc/netsvc.conf intercept_file="$libexecdir/sudo/sudo_intercept.so" noexec_file="$libexecdir/sudo/sudo_noexec.so" sesh_file="$libexecdir/sudo/sesh" nsswitch_conf=/etc/nsswitch.conf secure_path="not set" pam_session=on pam_login_service=sudo plugindir="$libexecdir/sudo" sudoers_plugin="sudoers.so" python_plugin="python_plugin.so" DIGEST=digest.lo devsearch="/dev/pts:/dev/vt:/dev/term:/dev/zcons:/dev/pty:/dev" # # End initial values for man page substitution # dnl dnl Initial values for Makefile variables listed above dnl May be overridden by environment variables.. dnl : ${MANDIRTYPE='man'} : ${SHLIB_MODE='0644'} : ${SUDOERS_MODE='0440'} : ${SUDOERS_UID='0'} : ${SUDOERS_GID='0'} dnl dnl Other variables dnl CONFIGURE_ARGS="$@" AUTH_REG= AUTH_EXCL= AUTH_EXCL_DEF= AUTH_DEF=passwd CHECKSHADOW=true shadow_funcs= shadow_libs= OS_INIT=os_init_common dnl dnl LD_PRELOAD equivalents dnl RTLD_PRELOAD_VAR="LD_PRELOAD" RTLD_PRELOAD_ENABLE_VAR= RTLD_PRELOAD_DELIM=":" RTLD_PRELOAD_DEFAULT= dnl dnl libc replacement functions live in libsudo_util.a dnl AC_CONFIG_LIBOBJ_DIR(lib/util) dnl dnl We must call AC_USE_SYSTEM_EXTENSIONS before the compiler is run. dnl AC_USE_SYSTEM_EXTENSIONS # # Prior to sudo 1.8.7, sudo stored libexec files in $libexecdir. # Starting with sudo 1.8.7, $libexecdir/sudo is used so strip # off an extraneous "/sudo" from libexecdir. # case "$libexecdir" in */sudo) AC_MSG_WARN([libexecdir should not include the "sudo" subdirectory]) libexecdir=`expr "$libexecdir" : '\\(.*\\)/sudo$'` ;; esac dnl dnl Deprecated --with options (these all warn or generate an error) dnl AC_ARG_WITH(otp-only, [AS_HELP_STRING([--with-otp-only], [deprecated])], [case $with_otp_only in yes) with_passwd="no" AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd]) ;; esac]) AC_ARG_WITH(alertmail, [AS_HELP_STRING([--with-alertmail], [deprecated])], [case $with_alertmail in *) with_mailto="$with_alertmail" AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto]) ;; esac]) AC_ARG_WITH(pc-insults, [AS_HELP_STRING([--with-pc-insults], [deprecated])], [case $with_pc_insults in yes) enable_offensive_insults=no AC_MSG_NOTICE([--with-pc-insults option deprecated, it is now the default]) ;; no) enable_offensive_insults=yes AC_MSG_NOTICE([--without-pc-insults option deprecated, use --enable-offensive-insults]) ;; esac]) dnl dnl Options for --with dnl AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])], [case $with_devel in yes) AC_MSG_NOTICE([setting up for development: -Wall, flex, yacc]) AX_APPEND_FLAG([-DSUDO_DEVEL], [CPPFLAGS]) DEVEL="true" devdir=. ;; no) ;; *) AC_MSG_WARN([ignoring unknown argument to --with-devel: $with_devel]) ;; esac]) AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])], [case $with_CC in *) AC_MSG_ERROR([the --with-CC option is no longer supported, please pass CC=$with_CC to configure instead.]) ;; esac]) AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [deprecated, use --disable-rpath])], [AC_MSG_WARN([--with-rpath deprecated, rpath is now the default])]) AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[[=PATH]]], [deprecated])], [AC_MSG_WARN([--with-blibpath deprecated, use --with-libpath])]) dnl dnl Handle BSM auditing support. dnl AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit support])], [case $with_bsm_audit in yes) AC_DEFINE(HAVE_BSM_AUDIT) SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm" SUDOERS_OBJS="${SUDOERS_OBJS} bsm_audit.lo" ;; no) ;; *) AC_MSG_ERROR([--with-bsm-audit does not take an argument.]) ;; esac]) dnl dnl Handle Linux auditing support. dnl AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux-audit], [enable Linux audit support])], [case $with_linux_audit in yes) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[int i = AUDIT_USER_CMD; (void)i;]])], [ AC_DEFINE(HAVE_LINUX_AUDIT) SUDO_LIBS="${SUDO_LIBS} -laudit" SUDOERS_LIBS="${SUDO_LIBS} -laudit" SUDOERS_OBJS="${SUDOERS_OBJS} linux_audit.lo" ], [ AC_MSG_ERROR([unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit]) ]) ;; no) ;; *) AC_MSG_ERROR([--with-linux-audit does not take an argument.]) ;; esac]) dnl dnl Handle Solaris auditing support. dnl AC_ARG_WITH(solaris-audit, [AS_HELP_STRING([--with-solaris-audit], [enable Solaris audit support])], [case $with_solaris_audit in yes) AC_DEFINE(HAVE_SOLARIS_AUDIT) SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm" SUDOERS_OBJS="${SUDOERS_OBJS} solaris_audit.lo" ;; no) ;; *) AC_MSG_ERROR([--with-solaris-audit does not take an argument.]) ;; esac]) dnl dnl Handle SSSD support. dnl AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])], [case $with_sssd in yes) SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo" case "$SUDOERS_OBJS" in *ldap_util.lo*) ;; *) SUDOERS_OBJS="${SUDOERS_OBJS} ldap_util.lo";; esac AC_DEFINE(HAVE_SSSD) ;; no) ;; *) AC_MSG_ERROR([--with-sssd does not take an argument.]) ;; esac]) AC_ARG_WITH(sssd-conf, [AS_HELP_STRING([--with-sssd-conf], [path to the SSSD config file])]) sssd_conf="/etc/sssd/sssd.conf" test -n "$with_sssd_conf" && sssd_conf="$with_sssd_conf" SUDO_DEFINE_UNQUOTED(_PATH_SSSD_CONF, "$sssd_conf", [Path to the SSSD config file]) AC_ARG_WITH(sssd-lib, [AS_HELP_STRING([--with-sssd-lib], [path to the SSSD library])]) sssd_lib="\"LIBDIR\"" test -n "$with_sssd_lib" && sssd_lib="$with_sssd_lib" SUDO_DEFINE_UNQUOTED(_PATH_SSSD_LIB, "$sssd_lib", [Path to the SSSD library]) AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])], [case $with_incpath in yes) AC_MSG_ERROR([must give --with-incpath an argument.]) ;; no) AC_MSG_ERROR([--without-incpath not supported.]) ;; *) AC_MSG_NOTICE([adding ${with_incpath} to CPPFLAGS]) for i in ${with_incpath}; do AX_APPEND_FLAG([-I${i}], [CPPFLAGS]) done ;; esac]) AC_ARG_WITH(libpath, [AS_HELP_STRING([--with-libpath], [additional places to look for libraries])], [case $with_libpath in yes) AC_MSG_ERROR([must give --with-libpath an argument.]) ;; no) AC_MSG_ERROR([--without-libpath not supported.]) ;; *) AC_MSG_NOTICE([adding ${with_libpath} to LDFLAGS]) ;; esac]) AC_ARG_WITH(libraries, [AS_HELP_STRING([--with-libraries], [additional libraries to link with])], [case $with_libraries in yes) AC_MSG_ERROR([must give --with-libraries an argument.]) ;; no) AC_MSG_ERROR([--without-libraries not supported.]) ;; *) AC_MSG_NOTICE([adding ${with_libraries} to LIBS]) ;; esac]) AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])], [case $with_csops in yes) AC_MSG_NOTICE([adding CSOps standard options]) CHECKSIA=false with_ignore_dot=yes insults=on with_classic_insults=yes with_csops_insults=yes with_env_editor=yes : ${mansectsu='8'} : ${mansectform='5'} : ${mansectmisc='7'} ;; no) ;; *) AC_MSG_WARN([ignoring unknown argument to --with-csops: $with_csops]) ;; esac]) AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])], [case $with_passwd in yes|no) AUTH_DEF="" test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd" ;; *) AC_MSG_ERROR([sorry, --with-passwd does not take an argument.]) ;; esac]) AC_ARG_WITH(skey, [AS_HELP_STRING([--with-skey[[=DIR]]], [enable S/Key support ])], [case $with_skey in no) ;; *) AC_DEFINE(HAVE_SKEY) AUTH_REG="$AUTH_REG S/Key" ;; esac]) AC_ARG_WITH(opie, [AS_HELP_STRING([--with-opie[[=DIR]]], [enable OPIE support ])], [case $with_opie in no) ;; *) AC_DEFINE(HAVE_OPIE) AUTH_REG="$AUTH_REG NRL_OPIE" ;; esac]) AC_ARG_WITH(long-otp-prompt, [AS_HELP_STRING([--with-long-otp-prompt], [use a two line OTP (skey/opie) prompt])], [case $with_long_otp_prompt in yes) AC_DEFINE(LONG_OTP_PROMPT) long_otp_prompt=on ;; no) long_otp_prompt=off ;; *) AC_MSG_ERROR([--with-long-otp-prompt does not take an argument.]) ;; esac]) AC_ARG_WITH(SecurID, [AS_HELP_STRING([--with-SecurID[[=DIR]]], [enable SecurID support])], [case $with_SecurID in no) ;; *) AC_DEFINE(HAVE_SECURID) AUTH_EXCL="$AUTH_EXCL SecurID" ;; esac]) AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]]], [enable FWTK AuthSRV support])], [case $with_fwtk in no) ;; *) AC_DEFINE(HAVE_FWTK) AUTH_EXCL="$AUTH_EXCL FWTK" ;; esac]) AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])], [case $with_kerb5 in no) ;; *) AUTH_REG="$AUTH_REG kerb5" ;; esac]) AC_ARG_WITH(aixauth, [AS_HELP_STRING([--with-aixauth], [enable AIX general authentication support])], [case $with_aixauth in yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";; no) ;; *) AC_MSG_ERROR([--with-aixauth does not take an argument.]) ;; esac]) AC_ARG_WITH(pam, [AS_HELP_STRING([--with-pam], [enable PAM support])], [case $with_pam in yes) AUTH_EXCL="$AUTH_EXCL PAM";; no) ;; *) AC_MSG_ERROR([--with-pam does not take an argument.]) ;; esac]) AC_ARG_WITH(AFS, [AS_HELP_STRING([--with-AFS], [enable AFS support])], [case $with_AFS in yes) AC_DEFINE(HAVE_AFS) AUTH_REG="$AUTH_REG AFS" ;; no) ;; *) AC_MSG_ERROR([--with-AFS does not take an argument.]) ;; esac]) AC_ARG_WITH(DCE, [AS_HELP_STRING([--with-DCE], [enable DCE support])], [case $with_DCE in yes) AC_DEFINE(HAVE_DCE) AUTH_REG="$AUTH_REG DCE" ;; no) ;; *) AC_MSG_ERROR([--with-DCE does not take an argument.]) ;; esac]) AC_ARG_WITH(logincap, [AS_HELP_STRING([--with-logincap], [enable BSD login class support])], [case $with_logincap in yes|no) ;; *) AC_MSG_ERROR([--with-logincap does not take an argument.]) ;; esac]) AC_ARG_WITH(bsdauth, [AS_HELP_STRING([--with-bsdauth], [enable BSD authentication support])], [case $with_bsdauth in yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";; no) ;; *) AC_MSG_ERROR([--with-bsdauth does not take an argument.]) ;; esac]) AC_ARG_WITH(project, [AS_HELP_STRING([--with-project], [enable Solaris project support])], [case $with_project in yes|no) ;; no) ;; *) AC_MSG_ERROR([--with-project does not take an argument.]) ;; esac]) AC_ARG_WITH(lecture, [AS_HELP_STRING([--without-lecture], [don't print lecture for first-time sudoer])], [case $with_lecture in yes|short|always) lecture=once ;; no|none|never) lecture=never AC_DEFINE(NO_LECTURE) ;; *) AC_MSG_ERROR([unknown argument to --with-lecture: $with_lecture]) ;; esac]) AC_ARG_WITH(logging, [AS_HELP_STRING([--with-logging], [log via syslog, file, or both])], [case $with_logging in yes) AC_MSG_ERROR([must give --with-logging an argument.]) ;; no) AC_MSG_ERROR([--without-logging not supported.]) ;; syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG) ;; file) AC_DEFINE(LOGGING, SLOG_FILE) ;; both) AC_DEFINE(LOGGING, SLOG_BOTH) ;; *) AC_MSG_ERROR([unknown argument to --with-logging: $with_logging]) ;; esac], [ with_logging=syslog AC_DEFINE(LOGGING, SLOG_SYSLOG) ]) AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "auth")])], [case $with_logfac in yes) AC_MSG_ERROR([must give --with-logfac an argument.]) ;; no) AC_MSG_ERROR([--without-logfac not supported.]) ;; authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac ;; *) AC_MSG_ERROR([$with_logfac is not a supported syslog facility.]) ;; esac]) AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])], [case $with_goodpri in yes) AC_MSG_ERROR([must give --with-goodpri an argument.]) ;; no) AC_MSG_ERROR([--without-goodpri not supported.]) ;; alert|crit|debug|emerg|err|info|notice|warning) goodpri=$with_goodpri ;; *) AC_MSG_ERROR([$with_goodpri is not a supported syslog priority.]) ;; esac]) AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.]) AC_ARG_WITH(badpri, [AS_HELP_STRING([--with-badpri], [syslog priority for failures (def is "alert")])], [case $with_badpri in yes) AC_MSG_ERROR([must give --with-badpri an argument.]) ;; no) AC_MSG_ERROR([--without-badpri not supported.]) ;; alert|crit|debug|emerg|err|info|notice|warning) badpri=$with_badpri ;; *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.]) ;; esac]) AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.]) AC_ARG_WITH(logpath, [AS_HELP_STRING([--with-logpath], [path to the sudo log file])], [case $with_logpath in yes) AC_MSG_ERROR([must give --with-logpath an argument.]) ;; no) AC_MSG_ERROR([--without-logpath not supported.]) ;; esac]) AC_ARG_WITH(loglen, [AS_HELP_STRING([--with-loglen], [maximum length of a log file line (default is 80)])], [case $with_loglen in yes) AC_MSG_ERROR([must give --with-loglen an argument.]) ;; no) AC_MSG_ERROR([--without-loglen not supported.]) ;; [[0-9]]*) loglen=$with_loglen ;; *) AC_MSG_ERROR([you must enter a number, not $with_loglen]) ;; esac]) AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).]) AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [ignore '.' in the PATH])], [case $with_ignore_dot in yes) ignore_dot=on AC_DEFINE(IGNORE_DOT_PATH) ;; no) ignore_dot=off ;; *) AC_MSG_ERROR([--with-ignore-dot does not take an argument.]) ;; esac]) AC_ARG_WITH(mail-if-no-user, [AS_HELP_STRING([--without-mail-if-no-user], [do not send mail if user not in sudoers])], [case $with_mail_if_no_user in yes) mail_no_user=on ;; no) mail_no_user=off ;; *) AC_MSG_ERROR([--with-mail-if-no-user does not take an argument.]) ;; esac]) AS_IF([test "$mail_no_user" = "on"], [AC_DEFINE(SEND_MAIL_WHEN_NO_USER)]) AC_ARG_WITH(mail-if-no-host, [AS_HELP_STRING([--with-mail-if-no-host], [send mail if user in sudoers but not for this host])], [case $with_mail_if_no_host in yes) mail_no_host=on AC_DEFINE(SEND_MAIL_WHEN_NO_HOST) ;; no) mail_no_host=off ;; *) AC_MSG_ERROR([--with-mail-if-no-host does not take an argument.]) ;; esac]) AC_ARG_WITH(mail-if-noperms, [AS_HELP_STRING([--with-mail-if-noperms], [send mail if user not allowed to run command])], [case $with_mail_if_noperms in yes) mail_noperms=on AC_DEFINE(SEND_MAIL_WHEN_NOT_OK) ;; no) mail_noperms=off ;; *) AC_MSG_ERROR([--with-mail-if-noperms does not take an argument.]) ;; esac]) AC_ARG_WITH(mailto, [AS_HELP_STRING([--with-mailto], [who should get sudo mail (default is "root")])], [case $with_mailto in yes) AC_MSG_ERROR([must give --with-mailto an argument.]) ;; no) AC_MSG_ERROR([--without-mailto not supported.]) ;; *) mailto=$with_mailto ;; esac]) AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.]) AC_ARG_WITH(mailsubject, [AS_HELP_STRING([--with-mailsubject], [subject of sudo mail])], [case $with_mailsubject in yes) AC_MSG_ERROR([must give --with-mailsubject an argument.]) ;; no) AC_MSG_WARN([sorry, --without-mailsubject not supported.]) ;; *) mailsub="$with_mailsubject" ;; esac]) AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.]) AC_ARG_WITH(passprompt, [AS_HELP_STRING([--with-passprompt], [default password prompt])], [case $with_passprompt in yes) AC_MSG_ERROR([must give --with-passprompt an argument.]) ;; no) AC_MSG_WARN([sorry, --without-passprompt not supported.]) ;; *) passprompt="$with_passprompt" esac]) AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.]) AC_ARG_WITH(badpass-message, [AS_HELP_STRING([--with-badpass-message], [message the user sees when the password is wrong])], [case $with_badpass_message in yes) AC_MSG_ERROR([must give --with-badpass-message an argument.]) ;; no) AC_MSG_WARN([sorry, --without-badpass-message not supported.]) ;; *) badpass_message="$with_badpass_message" ;; esac]) AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.]) AC_ARG_WITH(fqdn, [AS_HELP_STRING([--with-fqdn], [expect fully qualified hosts in sudoers])], [case $with_fqdn in yes) fqdn=on AC_DEFINE(FQDN) ;; no) fqdn=off ;; *) AC_MSG_ERROR([--with-fqdn does not take an argument.]) ;; esac]) AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir=DIR], [deprecated])], [case $with_timedir in *) AC_MSG_ERROR([--without-timedir no longer supported, see --with-rundir.]) ;; esac]) AC_ARG_WITH(rundir, [AS_HELP_STRING([--with-rundir=DIR], [directory for sudo-specific files that do not survive a system reboot, e.g. '/var/run/sudo'])], [case $with_rundir in yes) AC_MSG_ERROR([must give --with-rundir an argument.]) ;; no) AC_MSG_ERROR([--without-rundir not supported.]) ;; esac]) AC_ARG_WITH(vardir, [AS_HELP_STRING([--with-vardir=DIR], [directory for sudo-specific files that survive a system reboot, e.g. '/var/db/sudo' or '/var/lib/sudo'])], [case $with_vardir in yes) AC_MSG_ERROR([must give --with-vardir an argument.]) ;; no) AC_MSG_ERROR([--without-vardir not supported.]) ;; esac]) AC_ARG_WITH(iologdir, [AS_HELP_STRING([--with-iologdir=DIR], [directory to store sudo I/O log files in])], [case $with_iologdir in yes) ;; no) AC_MSG_ERROR([--without-iologdir not supported.]) ;; esac]) AC_ARG_WITH(relaydir, [AS_HELP_STRING([--with-relaydir=DIR], [directory to store sudo_logsrvd relay temporary files in])], [case $with_relaydir in yes) ;; no) AC_MSG_ERROR([--without-relaydir not supported.]) ;; esac]) AC_ARG_WITH(tzdir, [AS_HELP_STRING([--with-tzdir=DIR], [path to the time zone data directory])], [case $with_tzdir in yes) AC_MSG_ERROR([must give --with-tzdir an argument.]) ;; esac]) AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail]) AS_HELP_STRING([--without-sendmail], [do not send mail at all])], [case $with_sendmail in yes) with_sendmail="" ;; no) ;; *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail") ;; esac]) AC_ARG_WITH(sudoers-mode, [AS_HELP_STRING([--with-sudoers-mode], [mode of sudoers file (defaults to 0440)])], [case $with_sudoers_mode in yes) AC_MSG_ERROR([must give --with-sudoers-mode an argument.]) ;; no) AC_MSG_ERROR([--without-sudoers-mode not supported.]) ;; [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode} ;; 0*) SUDOERS_MODE=$with_sudoers_mode ;; *) AC_MSG_ERROR([you must use an octal mode, not a name.]) ;; esac]) AC_ARG_WITH(sudoers-uid, [AS_HELP_STRING([--with-sudoers-uid], [uid that owns sudoers file (defaults to 0)])], [case $with_sudoers_uid in yes) AC_MSG_ERROR([must give --with-sudoers-uid an argument.]) ;; no) AC_MSG_ERROR([--without-sudoers-uid not supported.]) ;; [[0-9]]*) SUDOERS_UID=$with_sudoers_uid ;; *) AC_MSG_ERROR([you must use an unsigned numeric uid, not a name.]) ;; esac]) AC_ARG_WITH(sudoers-gid, [AS_HELP_STRING([--with-sudoers-gid], [gid that owns sudoers file (defaults to 0)])], [case $with_sudoers_gid in yes) AC_MSG_ERROR([must give --with-sudoers-gid an argument.]) ;; no) AC_MSG_ERROR([--without-sudoers-gid not supported.]) ;; [[0-9]]*) SUDOERS_GID=$with_sudoers_gid ;; *) AC_MSG_ERROR([you must use an unsigned numeric gid, not a name.]) ;; esac]) AC_ARG_WITH(umask, [AS_HELP_STRING([--with-umask], [umask with which the prog should run (default is 022)]) AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo.])], [case $with_umask in yes) AC_MSG_ERROR([must give --with-umask an argument.]) ;; no) sudo_umask=0777 ;; [[0-9]]*) sudo_umask=$with_umask ;; *) AC_MSG_ERROR([you must enter a numeric mask.]) ;; esac]) AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the sudo-run prog should use.]) AC_ARG_WITH(umask-override, [AS_HELP_STRING([--with-umask-override], [Use the umask specified in sudoers even if it is less restrictive than the user's.])], [case $with_umask_override in yes) AC_DEFINE(UMASK_OVERRIDE) umask_override=on ;; no) umask_override=off ;; *) AC_MSG_ERROR([--with-umask-override does not take an argument.]) ;; esac]) AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])], [case $with_runas_default in yes) AC_MSG_ERROR([must give --with-runas-default an argument.]) ;; no) AC_MSG_ERROR([--without-runas-default not supported.]) ;; *) runas_default="$with_runas_default" ;; esac]) AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.]) AC_ARG_WITH(exempt, [AS_HELP_STRING([--with-exempt=group], [no passwd needed for users in this group])], [case $with_exempt in yes) AC_MSG_ERROR([must give --with-exempt an argument.]) ;; no) AC_MSG_ERROR([--without-exempt not supported.]) ;; *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").]) ;; esac]) AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for visudo (defaults to vi)])], [case $with_editor in yes) AC_MSG_ERROR([must give --with-editor an argument.]) ;; no) AC_MSG_ERROR([--without-editor not supported.]) ;; *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.]) editor="$with_editor" ;; esac], [AC_DEFINE(EDITOR, _PATH_VI)]) AC_ARG_WITH(env-editor, [AS_HELP_STRING([--with-env-editor], [Use the environment variable EDITOR for visudo])], [case $with_env_editor in yes) env_editor=on ;; no) env_editor=off ;; *) AC_MSG_ERROR([--with-env-editor does not take an argument.]) ;; esac]) AS_IF([test "$env_editor" = "on"], [AC_DEFINE(ENV_EDITOR)]) AC_ARG_WITH(passwd-tries, [AS_HELP_STRING([--with-passwd-tries], [number of tries to enter password (default is 3)])], [case $with_passwd_tries in yes) ;; no) AC_MSG_ERROR([--without-editor not supported.]) ;; [[1-9]]*) passwd_tries=$with_passwd_tries ;; *) AC_MSG_ERROR([you must enter the number of tries, > 0]) ;; esac]) AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.]) AC_ARG_WITH(timeout, [AS_HELP_STRING([--with-timeout], [minutes before sudo asks for passwd again (def is 5 minutes)])], [case $with_timeout in yes) ;; no) timeout=0 ;; [[0-9]]*) timeout=$with_timeout ;; *) AC_MSG_ERROR([you must enter the number of minutes.]) ;; esac]) AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.]) AC_ARG_WITH(password-timeout, [AS_HELP_STRING([--with-password-timeout], [passwd prompt timeout in minutes (default is 5 minutes)])], [case $with_password_timeout in yes) ;; no) password_timeout=0 ;; [[0-9]]*) password_timeout=$with_password_timeout ;; *) AC_MSG_ERROR([you must enter the number of minutes.]) ;; esac]) AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).]) AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different ticket file for each tty])], [case $with_tty_tickets in yes) timestamp_type=tty ;; no) timestamp_type=global ;; *) AC_MSG_ERROR([--with-tty-tickets does not take an argument.]) ;; esac]) AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for entering an incorrect password])], [case $with_insults in yes) insults=on AC_DEFINE(USE_INSULTS) with_classic_insults=yes with_csops_insults=yes ;; disabled) insults=off with_classic_insults=yes with_csops_insults=yes ;; no) insults=off ;; *) AC_MSG_ERROR([--with-insults does not take an argument.]) ;; esac]) AC_ARG_WITH(all-insults, [AS_HELP_STRING([--with-all-insults], [include all the sudo insult sets])], [case $with_all_insults in yes) with_classic_insults=yes with_csops_insults=yes with_hal_insults=yes with_goons_insults=yes with_python_insults=yes ;; no) ;; *) AC_MSG_ERROR([--with-all-insults does not take an argument.]) ;; esac]) AC_ARG_WITH(classic-insults, [AS_HELP_STRING([--with-classic-insults], [include the insults from the "classic" sudo])], [case $with_classic_insults in yes) AC_DEFINE(CLASSIC_INSULTS) ;; no) ;; *) AC_MSG_ERROR([--with-classic-insults does not take an argument.]) ;; esac]) AC_ARG_WITH(csops-insults, [AS_HELP_STRING([--with-csops-insults], [include CSOps insults])], [case $with_csops_insults in yes) AC_DEFINE(CSOPS_INSULTS) ;; no) ;; *) AC_MSG_ERROR([--with-csops-insults does not take an argument.]) ;; esac]) AC_ARG_WITH(hal-insults, [AS_HELP_STRING([--with-hal-insults], [include 2001-like insults])], [case $with_hal_insults in yes) AC_DEFINE(HAL_INSULTS) ;; no) ;; *) AC_MSG_ERROR([--with-hal-insults does not take an argument.]) ;; esac]) AC_ARG_WITH(goons-insults, [AS_HELP_STRING([--with-goons-insults], [include the insults from the "Goon Show"])], [case $with_goons_insults in yes) AC_DEFINE(GOONS_INSULTS) ;; no) ;; *) AC_MSG_ERROR([--with-goons-insults does not take an argument.]) ;; esac]) AC_ARG_WITH(python-insults, [AS_HELP_STRING([--with-python-insults], [include the insults from "Monty Python's Flying Circus"])], [case $with_python_insults in yes) AC_DEFINE(PYTHON_INSULTS) ;; no) ;; *) AC_MSG_ERROR([--with-python-insults does not take an argument.]) ;; esac]) AC_ARG_WITH(nsswitch, [AS_HELP_STRING([--with-nsswitch[[=PATH]]], [path to nsswitch.conf])], [case $with_nsswitch in no) ;; yes) with_nsswitch="/etc/nsswitch.conf" ;; *) ;; esac]) AC_ARG_WITH(ldap, [AS_HELP_STRING([--with-ldap[[=DIR]]], [enable LDAP support])], [case $with_ldap in no) ;; *) AC_DEFINE(HAVE_LDAP) ;; esac]) AC_ARG_WITH(ldap-conf-file, [AS_HELP_STRING([--with-ldap-conf-file], [path to LDAP configuration file])]) test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file" SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$ldap_conf", [Path to the ldap.conf file]) AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path to LDAP secret password file])]) test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file" SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file]) AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])], [case $with_secure_path in yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path") secure_path="set to $with_secure_path" ;; no) ;; *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path") secure_path="set to $with_secure_path" ;; esac]) AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-interfaces], [don't try to read the ip addr of network interfaces])], [case $with_interfaces in yes) ;; no) AC_DEFINE(STUB_LOAD_INTERFACES) ;; *) AC_MSG_ERROR([--with-interfaces does not take an argument.]) ;; esac]) AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])], [case $with_askpass in yes) AC_MSG_ERROR([--with-askpass takes a path as an argument.]) ;; no) ;; *) ;; esac], [ with_askpass=no ]) AS_IF([test X"$with_askpass" != X"no"], [ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass") ], [ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, NULL) ]) AC_ARG_WITH(exampledir, [AS_HELP_STRING([--with-exampledir=DIR], [path to install sudo examples in])], [case $with_exampledir in yes) AC_MSG_ERROR([must give --with-exampledir an argument.]) ;; no) AC_MSG_ERROR([--without-exampledir not supported.]) ;; *) exampledir="$with_exampledir" esac]) AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir=DIR], [set directory to load plugins from])], [case $with_plugindir in yes) AC_MSG_ERROR([must give --with-plugindir an argument.]) ;; no) AC_MSG_ERROR([--without-plugindir not supported.]) ;; *) plugindir="$with_plugindir" ;; esac]) AC_ARG_WITH(man, [AS_HELP_STRING([--with-man], [manual pages use man macros])], [case $with_man in yes) MANTYPE=man ;; no) AC_MSG_ERROR([--without-man not supported.]) ;; *) AC_MSG_WARN([ignoring unknown argument to --with-man: $with_man.]) ;; esac]) AC_ARG_WITH(mdoc, [AS_HELP_STRING([--with-mdoc], [manual pages use mdoc macros])], [case $with_mdoc in yes) MANTYPE=mdoc ;; no) AC_MSG_ERROR([--without-mdoc not supported.]) ;; *) AC_MSG_WARN([ignoring unknown argument to --with-mdoc: $with_mdoc.]) ;; esac]) dnl dnl Options for --enable dnl AC_ARG_ENABLE(authentication, [AS_HELP_STRING([--disable-authentication], [Do not require authentication by default])], [ case "$enableval" in yes) ;; no) AC_DEFINE(NO_AUTHENTICATION) ;; *) AC_MSG_WARN([ignoring unknown argument to --enable-authentication: $enableval]) ;; esac ]) AC_ARG_ENABLE(root-mailer, [AS_HELP_STRING([--disable-root-mailer], [Don't run the mailer as root, run as the user])], [ case "$enableval" in yes) ;; no) AC_DEFINE(NO_ROOT_MAILER) ;; *) AC_MSG_WARN([ignoring unknown argument to --enable-root-mailer: $enableval]) ;; esac ]) AC_ARG_ENABLE(setreuid, [AS_HELP_STRING([--disable-setreuid], [Don't try to use the setreuid() function])], [ case "$enableval" in no) SKIP_SETREUID=yes ;; *) ;; esac ]) AC_ARG_ENABLE(setresuid, [AS_HELP_STRING([--disable-setresuid], [Don't try to use the setresuid() function])], [ case "$enableval" in no) SKIP_SETRESUID=yes ;; *) ;; esac ]) AC_ARG_ENABLE(shadow, [AS_HELP_STRING([--disable-shadow], [Never use shadow passwords])], [ case "$enableval" in yes) ;; no) CHECKSHADOW="false" ;; *) AC_MSG_WARN([ignoring unknown argument to --enable-shadow: $enableval]) ;; esac ]) AC_ARG_ENABLE(root-sudo, [AS_HELP_STRING([--disable-root-sudo], [Don't allow root to run sudo])], [ case "$enableval" in yes) ;; no) AC_DEFINE(NO_ROOT_SUDO) root_sudo=off ;; *) AC_MSG_ERROR([--enable-root-sudo does not take an argument.]) ;; esac ]) AC_ARG_ENABLE(log-host, [AS_HELP_STRING([--enable-log-host], [Log the hostname in the log file])], [ case "$enableval" in yes) AC_DEFINE(HOST_IN_LOG) ;; no) ;; *) AC_MSG_WARN([ignoring unknown argument to --enable-log-host: $enableval]) ;; esac ]) AC_ARG_ENABLE(noargs-shell, [AS_HELP_STRING([--enable-noargs-shell], [If sudo is given no arguments run a shell])], [ case "$enableval" in yes) AC_DEFINE(SHELL_IF_NO_ARGS) ;; no) ;; *) AC_MSG_WARN([ignoring unknown argument to --enable-noargs-shell: $enableval]) ;; esac ]) AC_ARG_ENABLE(shell-sets-home, [AS_HELP_STRING([--enable-shell-sets-home], [Set $HOME to target user in shell mode])], [ case "$enableval" in yes) AC_DEFINE(SHELL_SETS_HOME) ;; no) ;; *) AC_MSG_WARN([ignoring unknown argument to --enable-shell-sets-home: $enableval]) ;; esac ]) AC_ARG_ENABLE(path_info, [AS_HELP_STRING([--disable-path-info], [Print 'command not allowed' not 'command not found'])], [ case "$enableval" in yes) ;; no) AC_DEFINE(DONT_LEAK_PATH_INFO) path_info=off ;; *) AC_MSG_WARN([ignoring unknown argument to --enable-path-info: $enableval]) ;; esac ]) AC_ARG_ENABLE(env_debug, [AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])], [ case "$enableval" in yes) AC_DEFINE(ENV_DEBUG) ;; no) ;; *) AC_MSG_WARN([ignoring unknown argument to --enable-env-debug: $enableval]) ;; esac ]) AC_ARG_ENABLE(zlib, [AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])], [], [enable_zlib=yes]) AX_APPEND_FLAG([-DZLIB_CONST], [CPPFLAGS]) AC_ARG_ENABLE(env_reset, [AS_HELP_STRING([--enable-env-reset], [Whether to enable environment resetting by default.])], [ case "$enableval" in yes) env_reset=on ;; no) env_reset=off ;; *) env_reset=on AC_MSG_WARN([ignoring unknown argument to --enable-env-reset: $enableval]) ;; esac ]) AS_IF([test "$env_reset" = "on"], [ AC_DEFINE(ENV_RESET, 1) ], [ AC_DEFINE(ENV_RESET, 0) ]) AC_ARG_ENABLE(warnings, [AS_HELP_STRING([--enable-warnings], [Whether to enable compiler warnings])], [ case "$enableval" in yes) ;; no) ;; *) AC_MSG_WARN([ignoring unknown argument to --enable-warnings: $enableval]) ;; esac ]) AC_ARG_ENABLE(werror, [AS_HELP_STRING([--enable-werror], [Whether to enable the -Werror compiler option])], [ case "$enableval" in yes) ;; no) ;; *) AC_MSG_WARN([ignoring unknown argument to --enable-werror: $enableval]) ;; esac ]) AC_ARG_ENABLE(ssp, [AS_HELP_STRING([--disable-ssp], [Do not compile using the -fstack-protector option.])], [], [enable_ssp=yes]) AC_ARG_ENABLE(hardening, [AS_HELP_STRING([--disable-hardening], [Do not use compiler/linker exploit mitigation options])], [], [enable_hardening=yes]) AC_ARG_ENABLE(pie, [AS_HELP_STRING([--enable-pie], [Build sudo as a position independent executable.])]) AC_ARG_ENABLE(sanitizer, [AS_HELP_STRING([--enable-sanitizer], [Build sudo with sanitizer support.])], [ AS_IF([test X"$enable_sanitizer" = X"yes"], [ enable_sanitizer="-fsanitize=address,undefined" ]) ], [enable_sanitizer=no]) AC_ARG_ENABLE(fuzzer, [AS_HELP_STRING([--enable-fuzzer], [Build sudo with LLVM libFuzzer support.])], [], [enable_fuzzer=no]) AC_ARG_ENABLE(fuzzer-engine, [AS_HELP_STRING([--enable-fuzzer-engine], [Link fuzz targets with the specified fuzzer engine instead of the default.])], [ case "$enableval" in yes) AC_MSG_ERROR([must give --enable-fuzzer-engine an argument.]) ;; no) ;; *) FUZZ_ENGINE="$enableval" ;; esac ]) AC_ARG_ENABLE(fuzzer-linker, [AS_HELP_STRING([--enable-fuzzer-linker], [Use the specified linker when building fuzz targets instead of the default C compiler.])], [ case "$enableval" in yes) AC_MSG_ERROR([must give --enable-fuzzer-linker an argument.]) ;; no) ;; *) FUZZ_LD="$enableval" ;; esac ]) AC_ARG_ENABLE(leaks, [AS_HELP_STRING([--disable-leaks], [Prevent some harmless memory leaks.])], [ case "$enableval" in yes) ;; no) AC_DEFINE(NO_LEAKS) ;; *) AC_MSG_WARN([ignoring unknown argument to --disable-leaks: $enableval]) ;; esac ]) AC_ARG_ENABLE(poll, [AS_HELP_STRING([--disable-poll], [Use select() instead of poll().])]) AC_ARG_ENABLE(admin-flag, [AS_HELP_STRING([--enable-admin-flag[[=PATH]]], [Whether to create a Ubuntu-style admin flag file])], [ case "$enableval" in yes) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ADMIN_FLAG, "~/.sudo_as_admin_successful") ;; no) ;; *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ADMIN_FLAG, "$enableval") ;; esac ]) AC_ARG_ENABLE(nls, [AS_HELP_STRING([--disable-nls], [Disable natural language support using gettext])], [], [enable_nls=yes]) AC_ARG_ENABLE(rpath, [AS_HELP_STRING([--disable-rpath], [Disable passing of -Rpath to the linker])], [], [enable_rpath=yes]) AC_ARG_ENABLE(static-sudoers, [AS_HELP_STRING([--enable-static-sudoers], [Build the sudoers policy module as part of the sudo binary instead as a plugin])], [], [enable_static_sudoers=no]) AC_ARG_ENABLE(shared_libutil, [AS_HELP_STRING([--disable-shared-libutil], [Disable use of the libsudo_util shared library.])], [], [enable_shared_libutil=yes]) AC_ARG_ENABLE(tmpfiles.d, [AS_HELP_STRING([--enable-tmpfiles.d=DIR], [Set the path to the systemd tmpfiles.d directory.])], [case $enableval in yes) TMPFILES_D=/usr/lib/tmpfiles.d ;; no) TMPFILES_D= ;; *) TMPFILES_D="$enableval" esac], [ test -f /usr/lib/tmpfiles.d/systemd.conf && TMPFILES_D=/usr/lib/tmpfiles.d ]) AC_ARG_ENABLE(devsearch, [AS_HELP_STRING([--enable-devsearch=PATH], [The colon-delimited path to search for device nodes when determining the tty name.])], [case $enableval in yes) # use default value ;; no) AC_MSG_WARN([ignoring attempt to disable the device search path]) ;; *) devsearch="$enableval" ;; esac]) ds="`echo \"$devsearch\"|sed 's@/dev/*\([[^:]]*:*\)@_PATH_DEV \"\1\" @g'`" SUDO_DEFINE_UNQUOTED(_PATH_SUDO_DEVSEARCH, $ds) AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])], [case $with_selinux in yes) SELINUX_USAGE="[[-r role]] [[-t type]] " AC_DEFINE(HAVE_SELINUX) SUDO_LIBS="${SUDO_LIBS} -lselinux" SUDO_OBJS="${SUDO_OBJS} selinux.o" PROGS="${PROGS} sesh" SEMAN=1 AC_CHECK_LIB([selinux], [setkeycreatecon], [AC_DEFINE(HAVE_SETKEYCREATECON)]) ;; no) ;; *) AC_MSG_ERROR([--with-selinux does not take an argument.]) ;; esac], [with_selinux=no]) AC_ARG_WITH(apparmor, [AS_HELP_STRING([--with-apparmor], [enable AppArmor support])], [case $with_apparmor in yes) AC_DEFINE(HAVE_APPARMOR) AAMAN=1 SUDO_LIBS="${SUDO_LIBS} -lapparmor" SUDO_OBJS="${SUDO_OBJS} apparmor.o" ;; no) ;; *) AC_MSG_ERROR([--with-apparmor does not take an argument.]) esac], [with_apparmor=no]) AC_ARG_ENABLE(sasl, [AS_HELP_STRING([--enable-sasl], [Enable/disable LDAP SASL support])], [ case "$enableval" in yes|no) ;; *) AC_MSG_WARN([ignoring unknown argument to --enable-sasl: $enableval]) ;; esac ]) AC_ARG_ENABLE(timestamp-type, [AS_HELP_STRING([--timestamp-type=TYPE], [Set the default time stamp record type to global, ppid or tty.])], [ case "$enableval" in global|ppid|tty) timestamp_type=$enableval ;; *) AC_MSG_WARN([ignoring unknown argument to --enable-timestamp-type: $enableval]) ;; esac ]) AC_DEFINE_UNQUOTED(TIMESTAMP_TYPE, $timestamp_type) AC_ARG_ENABLE(offensive_insults, [AS_HELP_STRING([--enable-offensive-insults], [Enable potentially offensive sudo insults.])], [], [enable_offensive_insults=no]) AS_IF([test "$enable_offensive_insults" = "yes"], [AC_DEFINE(OFFENSIVE_INSULTS)]) AC_ARG_ENABLE(package_build, [AS_HELP_STRING([--enable-package-build], [Enable options for package building.])], [], [enable_package_build=no]) dnl dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default dnl AC_ARG_ENABLE(gss_krb5_ccache_name, [AS_HELP_STRING([--enable-gss-krb5-ccache-name], [Use GSS-API to set the Kerberos V cred cache name])], [check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no]) AC_ARG_ENABLE(pvs-studio, [AS_HELP_STRING([--enable-pvs-studio], [Create a PVS-Studio.cfg file.])]) AC_ARG_ENABLE(log-server, [AS_HELP_STRING([--disable-log-server], [Disable building the sudo_logsrvd log server.])], [ case "$enableval" in yes) ;; no) LOGSRV=# LOGSRVD_SRC= LOGSRVD_CONF= ;; *) AC_MSG_WARN([ignoring unknown argument to --enable-log-server: $enableval]) ;; esac ]) AC_ARG_ENABLE(log-client, [AS_HELP_STRING([--disable-log-client], [Disable sudoers support for using the sudo_logsrvd log server.])], [ case "$enableval" in yes) AC_DEFINE([SUDOERS_LOG_CLIENT]) ;; no) ;; *) AC_MSG_WARN([ignoring unknown argument to --enable-log-client: $enableval]) ;; esac ], [AC_DEFINE([SUDOERS_LOG_CLIENT])]) AS_IF([test X"${enable_log_client}${enable_log_server}" = X"nono"], [ # No need for liblogsrv.la LOGSRV_SRC= LIBLOGSRV= ]) AS_IF([test X"$LOGSRVD_SRC" != X""], [ PPFILES="$PPFILES "'$(srcdir)/etc/sudo-logsrvd.pp' ]) dnl dnl Do OpenSSL / wolfSSL / gcrypt after logsrv options dnl AC_ARG_ENABLE(openssl, [AS_HELP_STRING([--enable-openssl], [Use OpenSSL's TLS and sha2 functions])], [], [ # Enable OpenSSL by default unless logsrvd and client are disabled AS_IF([test X"${enable_log_client}${enable_log_server}" != X"nono"], [ enable_openssl=maybe ]) ]) AC_ARG_ENABLE(openssl-pkgconfig-template, [AS_HELP_STRING([--enable-openssl-pkgconfig-template], [A printf format string used to construct the OpenSSL pkg-config name])], [], [enable_openssl_pkgconfig_template="%s"]) AC_ARG_ENABLE(wolfssl, [AS_HELP_STRING([--enable-wolfssl], [Use wolfSSL's TLS and sha2 functions])], [ enable_openssl=no ]) AC_ARG_ENABLE(gcrypt, [AS_HELP_STRING([--enable-gcrypt], [Use GNU crypt's sha2 functions])], [ AS_IF([test "${enable_openssl-no}${enable_wolfssl-no}" != "nono"], [ AC_MSG_WARN([ignoring --enable-gcrypt when OpenSSL or wolfSSL is enabled.]) enable_gcrypt=no ]) ]) AC_ARG_ENABLE(python, [AS_HELP_STRING([--enable-python], [Compile python plugin support])], [ case "$enableval" in yes|no) ;; *) AC_MSG_WARN([ignoring unknown argument to --enable-python: $enableval]) ;; esac ]) AC_ARG_ENABLE(adminconf, [AS_HELP_STRING([--enable-adminconf[[=DIR]]], [Use configuration files from adminconfdir in preference to sysconfdir])], [ case "$enableval" in yes|no) ;; *) adminconfdir="$enableval" enable_adminconf=yes ;; esac ], [enable_adminconf=no]) dnl dnl C compiler checks dnl AC_PROG_CPP AC_CHECK_TOOL(AR, ar, false) AC_CHECK_TOOL(RANLIB, ranlib, :) AS_IF([test X"$AR" = X"false"], [ AC_MSG_ERROR([the "ar" utility is required to build sudo]) ]) AX_PROG_CC_FOR_BUILD AS_IF([test "x$ac_cv_prog_cc_c89" = "xno"], [ AC_MSG_ERROR([Sudo version $PACKAGE_VERSION requires an ANSI C compiler to build.]) ]) dnl dnl If the user specified --disable-static, override them or we'll dnl be unable to build the executables in the sudoers plugin dir. dnl AS_IF([test "$enable_static" = "no"], [ AC_MSG_WARN([ignoring --disable-static, sudo does not install static libs]) enable_static=yes ]) dnl dnl Set host variables and m4 macro dir dnl AC_CANONICAL_HOST AC_CONFIG_MACRO_DIR([m4]) dnl dnl Relies on CC host being set dnl SUDO_PVS_STUDIO_CFG dnl dnl On HP-UX 11.11 and higher we prefer dlopen() over shl_load(). dnl Libtool defaults to shl_load() so we need to prime the cache dnl to override that default. dnl case "$host_os" in hpux11.1[[1-9]]|hpux11.[[2-9]][[0-9]]|hpux1[[2-9]].*) # Prefer dlopen() over shl_load() : ${ac_cv_func_shl_load='no'} : ${ac_cv_lib_dld_shl_load='no'} ;; esac dnl dnl Libtool init, we require libtool 2.2.6b or higher dnl LT_PREREQ([2.2.6b]) LT_INIT([dlopen]) dnl dnl AIX supports two distinct flavors of shared libraries. dnl Traditional AIX shared libs are .a files with a .so inside. dnl AIX SVR4-style shared libs are plain .so files. The --with-aix-soname dnl option can be used to select the type. We need to set the default dnl values to match. This must come after the LT_INIT() call. dnl case "$host_os" in aix*) AS_IF([test X"$aix_use_runtimelinking" != X"yes"], [ # Using traditional AIX dynamic shared objects in an archive file. noexec_file="$libexecdir/sudo/sudo_noexec.a(sudo_noexec.so)" intercept_file="$libexecdir/sudo/sudo_intercept.a(sudo_intercept.so)" sudoers_plugin="sudoers.a(sudoers.so)" python_plugin="python_plugin.a(python_plugin.so)" ]) ;; esac SUDO_DEFINE_UNQUOTED([_PATH_SUDOERS_PLUGIN], ["$sudoers_plugin"]) dnl dnl Allow the user to specify an alternate libtool. dnl XXX - should be able to skip LT_INIT if we are using a different libtool dnl AC_ARG_WITH(libtool, [AS_HELP_STRING([--with-libtool=PATH], [specify path to libtool])], [case $with_libtool in yes|builtin) ;; no) AC_MSG_ERROR([--without-libtool not supported.]) ;; system) LIBTOOL=libtool ;; *) LIBTOOL="$with_libtool" ;; esac]) dnl dnl Defer enable_intercept and with_noexec until after libtool magic runs dnl AS_IF([test "$enable_shared" = "no"], [ enable_intercept=no with_noexec=no enable_dlopen=no lt_cv_dlopen=none lt_cv_dlopen_libs= ac_cv_func_dlopen=no LT_LDFLAGS=-static ]) LIBDL="$lt_cv_dlopen_libs" SHLIB_ENABLE="$enable_dlopen" AC_ARG_ENABLE(intercept, [AS_HELP_STRING([--enable-intercept], [fully qualified pathname of sudo_intercept.so])], [ case "$enableval" in yes) ;; no) ;; *) intercept_file="$enableval" ;; esac ], [enable_intercept="$intercept_file"]) INTERCEPTFILE="sudo_intercept.so" INTERCEPTDIR="`echo $intercept_file|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`" AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[[=PATH]]], [fully qualified pathname of sudo_noexec.so])], [case $with_noexec in yes) ;; no) ;; *) noexec_file="$with_noexec" ;; esac], [with_noexec="$noexec_file"]) NOEXECFILE="sudo_noexec.so" NOEXECDIR="`echo $noexec_file|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`" dnl dnl Find programs we use dnl AC_PATH_PROG(SHA1SUM, [sha1sum], [openssl dgst -sha1]) AC_PATH_PROG(UNAMEPROG, [uname], [uname]) AC_PATH_PROG(TRPROG, [tr], [tr]) AC_CACHE_CHECK([for mandoc or nroff], [ac_cv_path_NROFF], [ AC_PATH_PROGS_FEATURE_CHECK([NROFF], [mandoc nroff], [ac_cv_path_NROFF="$ac_path_NROFF"], [ac_cv_path_NROFF=no]) ]) case "$ac_cv_path_NROFF" in *mandoc|no) # Prefer mdoc format for mandoc (or when no formatter is present). : ${MANTYPE='mdoc'} ;; *) # Check whether nroff supports -mdoc, this may produce incorrect # results when cross-compiling. test -n "$MANTYPE" && sudo_cv_var_mantype="$MANTYPE" AC_CACHE_CHECK([which macro set to use for manual pages], [sudo_cv_var_mantype], [ sudo_cv_var_mantype="man" echo ".Sh NAME" > conftest echo ".Nm sudo" >> conftest echo ".Nd sudo" >> conftest echo ".Sh DESCRIPTION" >> conftest echo "sudo" >> conftest if $ac_cv_path_NROFF -mdoc conftest >/dev/null 2>&1; then sudo_cv_var_mantype="mdoc" fi rm -f conftest ] ) MANTYPE="$sudo_cv_var_mantype" ;; esac dnl dnl If a config.cache exists make sure it matches the current host. dnl AS_IF([test -n "$sudo_cv_prev_host"], [ AS_IF([test "$sudo_cv_prev_host" != "$host"], [ AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.]) ]) ]) sudo_cv_prev_host="$host" dnl dnl Store configure arguments for "sudo -V" dnl SUDO_DEFINE_UNQUOTED([CONFIGURE_ARGS], "$CONFIGURE_ARGS") dnl dnl We want to be able to differentiate between different rev's dnl AS_IF([test -n "$host_os"], [ OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'` OSMAJOR=`echo $OSREV | sed 's/\..*$//'` ], [ OSREV=0 OSMAJOR=0 ]) case "$host" in *-*-solaris2*) AC_DEFINE([PAM_SUN_CODEBASE]) # LD_PRELOAD is space-delimited RTLD_PRELOAD_DELIM=" " # illumos has a broken fmemopen(3) if test X"`uname -o 2>/dev/null`" = X"illumos"; then : ${ac_cv_func_fmemopen='no'} fi # Solaris-specific initialization OS_INIT=os_init_solaris SUDO_OBJS="${SUDO_OBJS} solaris.o" # AFS support needs -lucb AS_IF([test "$with_AFS" = "yes"], [ AFS_LIBS="-lc -lucb" ]) : ${mansectsu='1m'} : ${mansectform='4'} : ${mansectmisc='5'} test -z "$with_pam" && AUTH_EXCL_DEF="PAM" AC_CHECK_FUNCS([priv_set], [PSMAN=1]) ;; *-*-aix*) AC_DEFINE([PAM_SUN_CODEBASE]) # To get all prototypes (so we pass -Wall) AC_DEFINE([_LINUX_SOURCE_COMPAT]) # For AIX we build in support for both LAM and PAM # and choose which to use based on auth_type in # /etc/security/login.cfg AS_IF([test X"${with_pam}${with_aixauth}" = X""], [ AUTH_EXCL_DEF="AIX_AUTH PAM" ]) # AIX analog of nsswitch.conf, enabled by default AC_ARG_WITH(netsvc, [AS_HELP_STRING([--with-netsvc[[=PATH]]], [path to netsvc.conf])], [case $with_netsvc in no) ;; yes) with_netsvc="/etc/netsvc.conf" ;; *) ;; esac]) AS_IF([test -z "$with_nsswitch" -a -z "$with_netsvc"], [ with_netsvc="/etc/netsvc.conf" ]) # LDR_PRELOAD is only supported in AIX 5.3 and later case "$OSREV" in [[1-4]].*) with_noexec=no;; 5.[[1-2]]*) with_noexec=no;; *) RTLD_PRELOAD_VAR="LDR_PRELOAD";; esac # cfmakeraw is broken on AIX (and is not documented) : ${ac_cv_func_cfmakeraw='no'} # strnlen/strndup may be broken on AIX < 6 depending # on the libc version, use our own. AS_IF([test $OSMAJOR -lt 6], [ : ${ac_cv_func_strnlen='no'} ]) # fmemopen(3) has a bug wrt feof() on some AIX versions. # https://www.ibm.com/support/pages/apar/IJ11845 : ${ac_cv_func_fmemopen='no'} # getdelim() may or may not be present on AIX <= 6.1. # bos610 is missing getdelim but bos61J has it. AS_IF([test "$enable_package_build" = "yes"], [ AS_IF([test $OSMAJOR -le 6], [ : ${ac_cv_func_getdelim='no'} ]) ]) # memset_s() may or may ont be present on AIX <= 7.1. # bos710 is missing memset_s but bos71L has it. AS_IF([test "$enable_package_build" = "yes"], [ AS_IF([test $OSMAJOR -le 7], [ : ${ac_cv_func_memset_s='no'} ]) ]) # Remove timedir on boot, AIX does not have /var/run INIT_SCRIPT=aix.sh INIT_DIR=/etc/rc.d/init.d RC_LINK=/etc/rc.d/rc2.d/S90sudo # AIX-specific functions AC_CHECK_FUNCS([getuserattr setrlimit64]) AC_CHECK_FUNCS([setauthdb], [AC_CHECK_TYPES([authdb_t], [], [], [#include ])]) COMMON_OBJS="${COMMON_OBJS} aix.lo" SUDO_APPEND_COMPAT_EXP(aix_prep_user_v1 aix_restoreauthdb_v1 aix_setauthdb_v1 aix_setauthdb_v2 aix_getauthregistry_v1) # These prototypes may be missing AC_CHECK_DECLS([usrinfo], [], [], [ #include #include ]) AC_CHECK_DECLS([setauthdb], [], [], [ #include #include ]) ;; *-*-hiuxmpp*) # HI-UX/MPP is based on OSF/1 # ignore envariables wrt dynamic lib path AX_APPEND_FLAG([-Wl,-no_library_replacement], [SUDO_LDFLAGS]) shadow_funcs="getprpwnam dispcrypt" shadow_libs="-lsecurity" # ":DEFAULT" must be appended to _RLD_LIST RTLD_PRELOAD_VAR="_RLD_LIST" RTLD_PRELOAD_DEFAULT="DEFAULT" : ${mansectsu='8'} : ${mansectform='4'} : ${mansectmisc='5'} ;; *-*-hpux*) AC_DEFINE([PAM_SUN_CODEBASE]) # AFS support needs -lBSD AS_IF([test "$with_AFS" = "yes"], AFS_LIBS="-lc -lBSD" ]) : ${mansectsu='1m'} : ${mansectform='4'} : ${mansectmisc='5'} # HP-UX does not clear /var/run so we need to do it INIT_SCRIPT=hpux.sh INIT_DIR=/sbin/init.d RC_LINK=/sbin/rc2.d/S900sudo # HP-UX shared libs must be executable. # Load time is much greater if writable so use 0555. SHLIB_MODE=0555 # HP-UX won't unlink a shared lib that is open INSTALL_BACKUP='~' # The HP bundled compiler cannot generate shared libs AS_IF([test -z "$GCC"], [ AC_CACHE_CHECK([for HP bundled C compiler], [sudo_cv_var_hpccbundled], [if $CC -V 2>&1 | grep '^(Bundled)' >/dev/null 2>&1; then sudo_cv_var_hpccbundled=yes else sudo_cv_var_hpccbundled=no fi] ) AS_IF([test "$sudo_cv_var_hpccbundled" = "yes"], [ AC_MSG_ERROR([The HP bundled C compiler is unable to build Sudo, you must use gcc or the HP ANSI C compiler instead.]) ]) ]) # Build PA-RISC1.1 objects for better portability case "$host_cpu" in hppa[[2-9]]*) _CFLAGS="$CFLAGS" AS_IF([test -n "$GCC"], [ portable_flag="-march=1.1" ], [ portable_flag="+DAportable" ]) CFLAGS="$CFLAGS $portable_flag" AC_CACHE_CHECK([whether $CC understands $portable_flag], [sudo_cv_var_daportable], [AC_LINK_IFELSE( [AC_LANG_PROGRAM([[]], [[]])], [sudo_cv_var_daportable=yes], [sudo_cv_var_daportable=no] ) ] ) AS_IF([test X"$sudo_cv_var_daportable" != X"yes"], [ CFLAGS="$_CFLAGS" ]) ;; esac case "$host_os" in hpux10.*) shadow_funcs="getprpwnam iscomsec" shadow_libs="-lsec" # HP-UX 10.x doesn't support LD_PRELOAD with_noexec=no ;; *) shadow_funcs="getspnam iscomsec" shadow_libs="-lsec" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" ;; esac AC_CHECK_HEADERS([utmps.h]) AC_CHECK_FUNCS([pstat_getproc gethrtime]) ;; *-dec-osf*) # ignore envariables wrt dynamic lib path AX_APPEND_FLAG([-Wl,-no_library_replacement], [SUDO_LDFLAGS]) : ${CHECKSIA='true'} AC_ARG_ENABLE(sia, [AS_HELP_STRING([--disable-sia], [Disable SIA on Digital UNIX])], [ case "$enableval" in yes) CHECKSIA=true ;; no) CHECKSIA=false ;; *) AC_MSG_WARN([ignoring unknown argument to --enable-sia: $enableval]) ;; esac ]) shadow_funcs="getprpwnam dispcrypt" # OSF/1 4.x and higher need -ldb too AS_IF([test $OSMAJOR -lt 4], [ shadow_libs="-lsecurity -laud -lm" ], [ shadow_libs="-lsecurity -ldb -laud -lm" ]) # use SIA by default, if we have it test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA" # # Some versions of Digital Unix ship with a broken # copy of prot.h, which we need for shadow passwords. # XXX - make should remove this as part of distclean # AC_MSG_CHECKING([for broken prot.h]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include #include #include ]], [[return(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally]) sed 's:::g' < /usr/include/prot.h > prot.h ]) # ":DEFAULT" must be appended to _RLD_LIST RTLD_PRELOAD_VAR="_RLD_LIST" RTLD_PRELOAD_DEFAULT="DEFAULT" : ${mansectsu='8'} : ${mansectform='4'} : ${mansectmisc='5'} ;; *-*-irix*) AC_DEFINE([_BSD_TYPES]) AS_IF([test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'], [ AS_IF([test -d "/usr/share/man/local"], [ mandir="/usr/share/man/local" ], [ mandir="/usr/man/local" ]) ]) # IRIX <= 4 needs -lsun AS_IF([test "$OSMAJOR" -le 4], [ AC_CHECK_LIB([sun], [getpwnam], [LIBS="${LIBS} -lsun"]) ]) # ":DEFAULT" must be appended to _RLD_LIST RTLD_PRELOAD_VAR="_RLD_LIST" RTLD_PRELOAD_DEFAULT="DEFAULT" : ${mansectsu='1m'} : ${mansectform='4'} : ${mansectmisc='5'} ;; *-*-linux*|*-*-k*bsd*-gnu) shadow_funcs="getspnam" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" # Check for SECCOMP_MODE_FILTER in linux/seccomp.h AC_CHECK_DECLS([SECCOMP_MODE_FILTER], [], [], [ #include #include #include #include #include ]) # We call getrandom via syscall(3) in case it is not in libc AC_CHECK_HEADERS([linux/random.h sys/syscall.h]) # Only use our replacement functions when not fuzzing, # they may skew the coverage reports. AS_IF([test X"$enable_fuzzer" = X"no"], [ # glibc's getentropy() emulation may fail on older kernels. # We use our own getentropy() by default on Linux. : ${ac_cv_func_getentropy='no'} # glibc's arc4random() may fail in chroot on older kernels. # We use our own arc4random() by default on Linux. : ${ac_cv_func_arc4random='no'} # glibc's closefrom() emulation may fail in chroot. # We use our own closefrom() by default on Linux. : ${ac_cv_func_closefrom='no'} ]) # Linux 3.2 supports reading/writing a another process # without using ptrace(2). AC_CHECK_FUNCS([process_vm_readv]) ;; *-*-gnu*) # lockf() is broken on the Hurd ac_cv_func_lockf=no ;; *-*-sco*|*-sco-*) shadow_funcs="getprpwnam" shadow_libs="-lprot -lx" : ${mansectsu='1m'} : ${mansectform='4'} : ${mansectmisc='5'} ;; m88k-motorola-sysv*) # motorolla's cc (a variant of gcc) does -O but not -O2 CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'` : ${mansectsu='1m'} : ${mansectform='4'} : ${mansectmisc='5'} ;; *-sequent-sysv*) shadow_funcs="getspnam" shadow_libs="-lsec" : ${mansectsu='1m'} : ${mansectform='4'} : ${mansectmisc='5'} ;; *-ncr-sysv4*|*-ncr-sysvr4*) AC_CHECK_LIB([c89], [strcasecmp], [LIBS="${LIBS} -lc89"]) : ${mansectsu='1m'} : ${mansectform='4'} : ${mansectmisc='5'} ;; *-ccur-sysv4*|*-ccur-sysvr4*) LIBS="${LIBS} -lgen" : ${mansectsu='1m'} : ${mansectform='4'} : ${mansectmisc='5'} ;; *-*-bsdi*) SKIP_SETREUID=yes # Check for newer BSD auth API AS_IF([test -z "$with_bsdauth"], [ AC_CHECK_FUNCS([auth_challenge], [AUTH_EXCL_DEF="BSD_AUTH"]) ]) ;; *-*-freebsd*) AC_DEFINE([_BSD_SOURCE]) # FreeBSD has a real setreuid(2) starting with 2.1 and # backported to 2.0.5. We just take 2.1 and above... case "$OSREV" in 0.*|1.*|2.0*) SKIP_SETREUID=yes ;; esac AS_IF([test "${with_skey-'no'}" = "yes"], [ SUDOERS_LIBS="${SUDOERS_LIBS} -lmd" ]) CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='maybe'} # Examples go in share/examples/sudo AS_IF([test X"$with_exampledir" = X""], [ exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)' ]) ;; *-*-*openbsd*) AC_DEFINE([_BSD_SOURCE]) # OpenBSD-specific initialization OS_INIT=os_init_openbsd SUDO_OBJS="${SUDO_OBJS} openbsd.o" # OpenBSD has a real setreuid(2) starting with 3.3 but # we will use setresuid(2) instead. SKIP_SETREUID=yes # OpenBSD >= 3.0 supports BSD auth AS_IF([test -z "$with_bsdauth"], [ AS_IF([test "$OSMAJOR" -ge 3], [ AUTH_EXCL_DEF="BSD_AUTH" ]) ]) : ${with_logincap='maybe'} # Newer OpenBSD only fills in pw_password for getpwnam_shadow() shadow_funcs="getpwnam_shadow" # Examples go in share/examples/sudo AS_IF([test X"$with_exampledir" = X""], [ exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)' ]) ;; *-*-*netbsd*) # NetBSD has a real setreuid(2) starting with 1.3.2 case "$OSREV" in 0.9*|1.[[012]]*|1.3|1.3.1) SKIP_SETREUID=yes ;; esac CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='maybe'} # For reallocarray() AC_DEFINE([_OPENBSD_SOURCE]) # Examples go in share/examples/sudo AS_IF([test X"$with_exampledir" = X""], [ exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)' ]) ;; *-*-dragonfly*) AC_DEFINE([_BSD_SOURCE]) AS_IF([test "${with_skey-'no'}" = "yes"], [ SUDOERS_LIBS="${SUDOERS_LIBS} -lmd" ]) CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='yes'} # Examples go in share/examples/sudo AS_IF([test X"$with_exampledir" = X""], [ exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)' ]) ;; *-*-*bsd*) CHECKSHADOW="false" # Examples go in share/examples/sudo AS_IF([test X"$with_exampledir" = X""], [ exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)' ]) ;; *-*-darwin*) # Darwin has a real setreuid(2) starting with 9.0 AS_IF([test $OSMAJOR -lt 9], [ SKIP_SETREUID=yes ]) CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='yes'} # Darwin has a broken poll(), Apple radar 3710161 : ${enable_poll='no'} # Darwin 8 and above can interpose library symbols cleanly AS_IF([test $OSMAJOR -ge 8], [ AC_DEFINE(HAVE___INTERPOSE) dlyld_interpose=yes ], [ RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE" ]) RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" # Build sudo_noexec.so as a shared library, not a module. # On Darwin, modules and shared libraries are incompatible. PRELOAD_MODULE= # Mach monotonic timer that runs while sleeping AC_CHECK_FUNCS([mach_continuous_time]) # Undocumented API that dynamically allocates the groups. AC_CHECK_FUNCS([getgrouplist_2], [AC_CHECK_DECLS([getgrouplist_2])]) # We use proc_pidinfo() to emulate closefrom() on macOS. AC_CHECK_HEADERS([libproc.h], [AC_CHECK_FUNCS([proc_pidinfo])]) # We need to force a flat namespace to make libc # symbol hooking work like it does on ELF. AX_CHECK_LINK_FLAG([-Wl,-force_flat_namespace], [AX_APPEND_FLAG([-Wl,-force_flat_namespace], [SUDO_LDFLAGS])]) # Examples go in share/examples/sudo AS_IF([test X"$with_exampledir" = X""], [ exampledir='$(datarootdir)/examples/$(PACKAGE_TARNAME)' ]) ;; *-*-nextstep*) # lockf() is broken on the NeXT ac_cv_func_lockf=no RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE" ;; *-*-*sysv4*) : ${mansectsu='1m'} : ${mansectform='4'} : ${mansectmisc='5'} ;; *-*-*sco3.2*) # SCO OpenServer 5 : ${mansectsu='1'} : ${mansectform='4'} : ${mansectmisc='5'} shadow_funcs="getprpwnam" shadow_libs="-lprot" ;; # UnixWare 7.x, OpenUNIX 8 *-*-*sysv5*) : ${mansectsu='1'} : ${mansectform='4'} : ${mansectmisc='5'} case "$host" in *-*-sysv5SCO_SV*) # SCO OpenServer 6.x shadow_funcs="getprpwnam" shadow_libs="-lprot" ;; *) shadow_funcs="getspnam" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" ;; esac ;; *-*-sysv*) : ${mansectsu='1m'} : ${mansectform='4'} : ${mansectmisc='5'} ;; esac dnl dnl Library preloading to support NOEXEC dnl AS_IF([test X"$enable_intercept" = X"no"], [ intercept_file=disabled ]) AS_IF([test X"$with_noexec" = X"no"], [ noexec_file=disabled ]) AS_IF([test X"${intercept_file} ${noexec_file}" != X"disabled disabled"], [ SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_VAR, "$RTLD_PRELOAD_VAR") SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DELIM, '$RTLD_PRELOAD_DELIM') AS_IF([test -n "$RTLD_PRELOAD_DEFAULT"], [ SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DEFAULT, "$RTLD_PRELOAD_DEFAULT") ]) AS_IF([test -n "$RTLD_PRELOAD_ENABLE_VAR"], [ SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_ENABLE_VAR, "$RTLD_PRELOAD_ENABLE_VAR") ]) ]) dnl dnl Check for mixing mutually exclusive and regular auth methods dnl AUTH_REG=${AUTH_REG# } AUTH_EXCL=${AUTH_EXCL# } AS_IF([test -n "$AUTH_EXCL" -a -n "$AUTH_REG"], [ AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods]) ]) dnl dnl Only one of S/Key and OPIE may be specified dnl AS_IF([test X"${with_skey}${with_opie}" = X"yesyes"], [ AC_MSG_ERROR([cannot use both S/Key and OPIE]) ]) dnl dnl Use BSD-style man sections by default dnl : ${mansectsu='8'} : ${mansectform='5'} : ${mansectmisc='7'} dnl dnl Add in any libpaths or libraries specified via configure dnl AS_IF([test -n "$with_libpath"], [ for i in ${with_libpath}; do SUDO_APPEND_LIBPATH(LDFLAGS, [$i]) done ]) AS_IF([test -n "$with_libraries"], [ for i in ${with_libraries}; do case $i in -l*) ;; *.a) ;; *.o) ;; *) i="-l${i}";; esac LIBS="${LIBS} ${i}" done ]) dnl dnl C compiler checks (to be done after os checks) dnl AC_PROG_CC_STDC is deprecated in autoconf 2.70 and above. dnl m4_bmatch(m4_defn([AC_AUTOCONF_VERSION]), [^2\.69], [AC_PROG_CC_STDC]) AC_C_CONST AC_C_INLINE AC_C_VOLATILE SUDO_CPP_VARIADIC_MACROS dnl dnl Program checks dnl AC_PROG_AWK AC_PROG_YACC AC_PATH_PROG([FLEX], [flex], [flex]) SUDO_PROG_MV SUDO_PROG_BSHELL AS_IF([test -z "$with_sendmail"], [ SUDO_PROG_SENDMAIL with_sendmail="$ac_cv_path_SENDMAILPROG" ]) SUDO_PROG_VI dnl dnl Use fully-qualified path to vi in the manual dnl AS_IF([test -z "$with_editor"], [ editor="$ac_cv_path_VIPROG" ]) dnl dnl Check for authpriv support in syslog dnl AS_IF([test X"$with_logfac" = X""], [ AC_CHECK_DECL([LOG_AUTHPRIV], [logfac=authpriv], [], [#include ]) ]) AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.]) dnl dnl Header file checks dnl AC_HEADER_DIRENT AC_HEADER_STDBOOL AC_HEADER_MAJOR AC_CHECK_HEADERS_ONCE([netgroup.h paths.h spawn.h wordexp.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h sys/statvfs.h]) AS_IF([test X"$ac_cv_header_utmps_h" != X"yes"], [ AC_CHECK_HEADERS([utmpx.h]) ]) AC_CHECK_HEADERS([endian.h] [sys/endian.h] [machine/endian.h], [break]) AC_CHECK_HEADERS([procfs.h] [sys/procfs.h], [AC_CHECK_MEMBERS(struct psinfo.pr_ttydev, [AC_CHECK_FUNCS([_ttyname_dev])], [], [AC_INCLUDES_DEFAULT #ifdef HAVE_PROCFS_H #include #endif #ifdef HAVE_SYS_PROCFS_H #include #endif ])] break) # # Check for large file and 64-bit time support. # AC_SYS_LARGEFILE m4_ifdef([AC_SYS_YEAR2038], [AC_SYS_YEAR2038], [ # GNU libc only allows setting _TIME_BITS when FILE_OFFSET_BITS is also set. # GNU libc defines __TIMESIZE on systems where _TIME_BITS can be set. AS_IF([test X"$ac_cv_sys_file_offset_bits" = X"yes"], [ AC_CHECK_DECL(__TIMESIZE, [ AC_DEFINE([_TIME_BITS], [64], [Number of bits in a timestamp, on hosts where this is settable.]) ], [], [ AC_INCLUDES_DEFAULT #include ]) ]) ]) # # Don't allow undefined symbols, even in shared libraries, if possible. # This will detect missing symbols at build-time instead of run-time # but is incompatible with the sanitizers/fuzzers. # We must set this *before* the library tests. # AS_IF([test -n "$GCC" -a X"${enable_sanitizer}${enable_fuzzer}" = X"nono"], [ AS_CASE([$host_os], [darwin*], [ # On macOS 13, using "-undefined dynamic_lookup" produces a # warning. Use the -no-undefined libtool option to avoid this. AX_APPEND_FLAG([-no-undefined], [LT_LDFLAGS]) ], [ # On FreeBSD and Dragonfly, environ is filled in by the dynamic loader # so -Wl,--no-undefined causes a link error when environ is used. # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263265 # We use errno because OpenBSD shared libraries don't explicitly # link with libc, which can result in undefined reference errors. AC_CACHE_CHECK([the linker accepts -Wl,--no-undefined], [sudo_cv_var_ld___no_undefined], [ sudo_cv_var_ld___no_undefined=no _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $lt_prog_compiler_pic" _LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS $lt_prog_compiler_pic -shared -Wl,--no-undefined" AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include extern char **environ;]], [[int ret = ((long)environ & 0xff) + errno; return ret;]])], [sudo_cv_var_ld___no_undefined=yes]) CFLAGS="$_CFLAGS" LDFLAGS="$_LDFLAGS" ] ) AS_IF([test "$sudo_cv_var_ld___no_undefined" = "yes"], [ AX_APPEND_FLAG([-Wl,--no-undefined], [LDFLAGS]) ]) ]) ]) # # HP-UX may need to define _XOPEN_SOURCE_EXTENDED to expose MSG_WAITALL. # Also, HP-UX 11.23 has a broken sys/types.h when large files support # is enabled and _XOPEN_SOURCE_EXTENDED is not also defined. # The following test will define _XOPEN_SOURCE_EXTENDED in either case. # case "$host_os" in hpux*) AC_CACHE_CHECK([whether sys/socket.h needs _XOPEN_SOURCE_EXTENDED for MSG_WAITALL], [sudo_cv_xopen_source_extended], [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT [# include ]], [[int a = MSG_WAITALL; return a;]])], [sudo_cv_xopen_source_extended=no], [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#define _XOPEN_SOURCE_EXTENDED AC_INCLUDES_DEFAULT [# include # include ]], [[int a = MSG_WAITALL; return a;]])], [sudo_cv_xopen_source_extended=yes], [sudo_cv_xopen_source_extended=error]) ])]) AS_IF([test "$sudo_cv_xopen_source_extended" = "yes"], [ AC_DEFINE([_XOPEN_SOURCE_EXTENDED]) ]) ;; esac SUDO_MAILDIR AS_IF([test ${with_logincap-'no'} != "no"], [ AC_CHECK_HEADERS([login_cap.h], [ LOGINCAP_USAGE='[[-c class]] ' LCMAN=1 with_logincap=yes ]) AS_IF([test "${with_logincap}" = "yes"], [ # setusercontext() is in libutil on NetBSD, FreeBSD, Dragonfly BSD. _LIBS="$LIBS" AC_SEARCH_LIBS([setusercontext], [util]) LIBS="$_LIBS" AS_IF([test "${ac_cv_search_setusercontext}" != "none required"], [ SUDO_LIBS="${SUDO_LIBS} -lutil" SUDOERS_LIBS="${SUDOERS_LIBS} -lutil" ]) ]) ]) AS_IF([test ${with_project-'no'} != "no"], [ AC_CHECK_HEADER(project.h, [ AC_CHECK_LIB([project], [setproject], [ AC_DEFINE(HAVE_PROJECT_H) SUDO_LIBS="${SUDO_LIBS} -lproject" ]) ], [with_project=no]) ]) dnl dnl typedef checks dnl AS_IF([test X"${ac_cv_header_stdint_h}${ac_cv_header_inttypes_h}" = X"nono"], [ AC_TYPE_INT8_T AC_TYPE_UINT8_T AC_TYPE_INT16_T AC_TYPE_UINT16_T AC_TYPE_INT32_T AC_TYPE_UINT32_T AC_TYPE_INT64_T AC_TYPE_UINT64_T AC_TYPE_INTMAX_T AC_TYPE_UINTMAX_T ]) AC_CHECK_TYPES([sig_atomic_t], [], [], [ AC_INCLUDES_DEFAULT #include ]) AC_CHECK_TYPES([struct in6_addr], [], [], [#include #include ]) AC_CHECK_TYPES(socklen_t, [], [], [ AC_INCLUDES_DEFAULT #include ]) SUDO_UID_T_LEN SUDO_SOCK_SA_LEN SUDO_SOCK_SIN_LEN AC_CHECK_SIZEOF([id_t]) AC_CHECK_SIZEOF([long long]) AC_CHECK_SIZEOF([time_t]) AS_IF([test X"$ac_cv_header_utmps_h" = X"yes"], [ SUDO_CHECK_UTMP_MEMBERS([utmps]) ], [test X"$ac_cv_header_utmpx_h" = X"yes"], [ SUDO_CHECK_UTMP_MEMBERS([utmpx]) ], [ SUDO_CHECK_UTMP_MEMBERS([utmp]) ]) dnl dnl Python plugin support dnl AS_IF([test ${enable_python-'no'} = "yes"], [ AM_PATH_PYTHON([3]) AC_ARG_VAR([PYTHON_INCLUDE], [Include flags for python, bypassing python-config]) AC_ARG_VAR([PYTHON_LIBS], [Linker flags for python, bypassing python-config]) AC_ARG_VAR([PYTHON_CONFIG], [Path to python-config]) AS_IF([test -z "$PYTHON_INCLUDE" || test -z "$PYTHON_LIBS"], [ AS_IF([test -z "$PYTHON_CONFIG"], [ AC_PATH_PROGS([PYTHON_CONFIG], [python$PYTHON_VERSION-config python-config], [no], [`dirname $PYTHON`]) AS_IF([test "$PYTHON_CONFIG" = no], [AC_MSG_ERROR([cannot find python-config for $PYTHON.])]) ]) ]) AS_IF([test -z "$PYTHON_INCLUDE"], [ # Pull out python include path, ignore other flags PYTHON_INCLUDE=`$PYTHON_CONFIG --cflags | tr " " "\n" | grep "^-I" | sort -u | tr "\n" " "` ]) AS_IF([test -z "$PYTHON_LIBS"], [ # Newer versions of python3-config need --embed to include libpython if $PYTHON_CONFIG 2>&1 | grep embed >/dev/null; then PY_EMBED=--embed else PY_EMBED= fi PYTHON_LIBS=`$PYTHON_CONFIG --ldflags $PY_EMBED` PYTHON_LIBS=`$PYTHON_CONFIG --ldflags $PY_EMBED | tr " " "\n" | grep "^-[[lL]]" | tr "\n" " "` ]) PPFILES="$PPFILES "'$(srcdir)/etc/sudo-python.pp' PYTHON_PLUGIN_SRC=plugins/python PYTHON_PLUGIN= AC_CONFIG_FILES([$PYTHON_PLUGIN_SRC/Makefile]) ]) dnl dnl Function checks dnl AC_FUNC_GETGROUPS AC_FUNC_FSEEKO AC_CHECK_FUNCS_ONCE([fexecve fmemopen killpg nl_langinfo faccessat wordexp strtoull]) AC_CHECK_FUNCS([execvpe], [SUDO_APPEND_INTERCEPT_EXP(execvpe)]) AC_CHECK_FUNCS([pread], [ # pread/pwrite on 32-bit HP-UX 11.x may not support large files case "$host_os" in hpux*) AC_CHECK_FUNCS([pread64 pwrite64], [ AC_CHECK_DECLS([pread64, pwrite64]) ]) ;; esac ], [ AC_LIBOBJ(pread) SUDO_APPEND_COMPAT_EXP(sudo_pread) ]) AC_CHECK_FUNCS([pwrite], [], [ AC_LIBOBJ(pwrite) SUDO_APPEND_COMPAT_EXP(sudo_pwrite) ]) AC_CHECK_FUNCS([cfmakeraw], [], [ AC_LIBOBJ(cfmakeraw) SUDO_APPEND_COMPAT_EXP(sudo_cfmakeraw) ]) AC_CHECK_FUNCS([localtime_r], [], [ AC_LIBOBJ(localtime_r) SUDO_APPEND_COMPAT_EXP(sudo_localtime_r) ]) AC_CHECK_FUNCS([gmtime_r], [], [ AC_LIBOBJ(gmtime_r) SUDO_APPEND_COMPAT_EXP(sudo_gmtime_r) ]) AC_CHECK_FUNCS([timegm], [], [ AC_LIBOBJ(timegm) SUDO_APPEND_COMPAT_EXP(sudo_timegm) ]) AC_CHECK_FUNCS([getgrouplist], [], [ case "$host_os" in aix*) AC_CHECK_FUNCS([getgrset]) ;; *) AC_CHECK_FUNC([nss_search], [ AC_CHECK_FUNC([_nss_XbyY_buf_alloc], [ # Solaris AC_CHECK_FUNC([_nss_initf_group], [ AC_CHECK_HEADERS([nss_dbdefs.h]) AC_DEFINE([HAVE_NSS_SEARCH]) AC_DEFINE([HAVE__NSS_XBYY_BUF_ALLOC]) AC_DEFINE([HAVE__NSS_INITF_GROUP]) ], [ AC_CHECK_HEADERS([nss_dbdefs.h], [ # Older Solaris does not export _nss_initf_group # but we can use our own. AC_DEFINE([HAVE_NSS_SEARCH]) AC_DEFINE([HAVE__NSS_XBYY_BUF_ALLOC]) ]) ]) ], [ dnl HP-UX support disabled until "group: compat" fixed dnl # HP-UX dnl AC_CHECK_FUNC([__nss_XbyY_buf_alloc], [ dnl AC_CHECK_FUNC([__nss_initf_group], [ dnl AC_CHECK_HEADERS([nss_dbdefs.h]) dnl AC_DEFINE([HAVE_NSS_SEARCH]) dnl AC_DEFINE([HAVE___NSS_XBYY_BUF_ALLOC]) dnl AC_DEFINE([HAVE___NSS_INITF_GROUP]) dnl ]) dnl]) : ]) ]) ;; esac SUDO_APPEND_COMPAT_EXP(sudo_getgrouplist) ]) AC_CHECK_FUNCS([getdelim], [ # Out of date gcc fixed includes may result in missing getdelim() prototype AC_CHECK_DECLS([getdelim]) ], [ AC_LIBOBJ(getdelim) SUDO_APPEND_COMPAT_EXP(sudo_getdelim) COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }getdelim_test" ]) AC_CHECK_FUNCS([getusershell], [ # Older Solaris has getusershell() et al but does not declare it. AC_CHECK_DECLS([getusershell]) ], [ AC_LIBOBJ(getusershell) SUDO_APPEND_COMPAT_EXP(sudo_getusershell) ]) AC_CHECK_FUNCS([reallocarray], [], [ AC_LIBOBJ(reallocarray) SUDO_APPEND_COMPAT_EXP(sudo_reallocarray) ]) AC_CHECK_FUNCS([arc4random], [ AC_CHECK_FUNCS([arc4random_uniform], [], [ AC_LIBOBJ(arc4random_uniform) SUDO_APPEND_COMPAT_EXP(sudo_arc4random_uniform) ]) AC_CHECK_FUNCS([arc4random_buf], [], [ AC_LIBOBJ(arc4random_buf) SUDO_APPEND_COMPAT_EXP(sudo_arc4random_buf) ]) ], [ AC_LIBOBJ(arc4random) SUDO_APPEND_COMPAT_EXP(sudo_arc4random) SUDO_APPEND_COMPAT_EXP(sudo_arc4random_buf) AC_LIBOBJ(arc4random_uniform) SUDO_APPEND_COMPAT_EXP(sudo_arc4random_uniform) # arc4random.c needs getentropy() AC_CHECK_FUNCS([getentropy], [ AC_CHECK_HEADERS([sys/random.h]) ], [ AC_LIBOBJ(getentropy) SUDO_APPEND_COMPAT_EXP(sudo_getentropy) AC_CHECK_FUNCS([getauxval]) ]) # arc4random.c wants pthread_atfork AC_CHECK_HEADERS([pthread.h], [ AC_CHECK_LIB([pthread], [main], [LIBPTHREAD="-lpthread"]) AC_CHECK_FUNCS([pthread_atfork]) ]) ]) utmp_style=LEGACY AC_CHECK_FUNCS([getutsid getutxid getutid], [utmp_style=POSIX; break]) AS_IF([test "$utmp_style" = "LEGACY"], [ AC_CHECK_FUNCS([getttyent ttyslot], [break]) ]) AC_CHECK_FUNCS([sysctl], [ AC_CHECK_FUNCS([devname]) # Check for the various flavors of kinfo_proc found=false AC_CHECK_MEMBER([struct kinfo_proc.ki_structsize], [ AC_DEFINE(HAVE_KINFO_PROC_FREEBSD) found=true ], [], [ #include #include #include ]) AS_IF([test "$found" = "false"], [ AC_CHECK_MEMBER([struct kinfo_proc.kp_paddr], [ AC_DEFINE(HAVE_KINFO_PROC_DFLY) found=true ], [], [ #include #include #include ]) ]) AS_IF([test "$found" = "false"], [ AC_CHECK_MEMBER([struct kinfo_proc2.p_paddr], [ AC_DEFINE(HAVE_KINFO_PROC2_NETBSD) found=true ], [], [ #include #include ]) ]) AS_IF([test "$found" = "false"], [ AC_CHECK_MEMBER([struct kinfo_proc.p_paddr], [ AC_DEFINE(HAVE_KINFO_PROC_OPENBSD) found=true ], [], [ #include #include ]) ]) AS_IF([test "$found" = "false"], [ AC_CHECK_MEMBER([struct kinfo_proc.kp_proc], [ AC_DEFINE(HAVE_KINFO_PROC_44BSD) found=true ], [], [ #include #include ]) ]) ]) AC_CHECK_FUNCS([openpty], [AC_CHECK_HEADERS([libutil.h util.h pty.h], [break])], [ AC_CHECK_LIB([util], [openpty], [ AC_CHECK_HEADERS([libutil.h util.h pty.h], [break]) case "$SUDO_LIBS" in *-lutil*) ;; *) SUDO_LIBS="${SUDO_LIBS} -lutil";; esac AC_DEFINE(HAVE_OPENPTY) ], [ AC_CHECK_FUNCS([_getpty], [], [ AC_CHECK_FUNCS([grantpt], [ AC_CHECK_FUNCS([posix_openpt]) ], [ AC_CHECK_FUNCS([revoke]) ]) ]) ]) ]) AC_CHECK_FUNCS([unsetenv], [SUDO_FUNC_UNSETENV_VOID], []) SUDO_FUNC_PUTENV_CONST AS_IF([test -z "$SKIP_SETRESUID"], [ AC_CHECK_FUNCS([setresuid], [ SKIP_SETREUID=yes AC_CHECK_DECLS([setresuid]) AC_CHECK_FUNCS([getresuid], [AC_CHECK_DECLS([getresuid])]) ]) ]) AS_IF([test -z "$SKIP_SETRESUID"], [ AC_CHECK_FUNCS([setreuid]) ]) AC_CHECK_FUNCS_ONCE([seteuid]) AS_IF([test X"$with_interfaces" != X"no"], [ AC_CHECK_FUNCS([getifaddrs], [AC_CHECK_FUNCS([freeifaddrs])]) ]) AC_CHECK_FUNCS([lockf], [break]) AC_CHECK_FUNCS([innetgr], [ AC_CHECK_DECLS([innetgr], [], [], [ AC_INCLUDES_DEFAULT #ifdef HAVE_NETGROUP_H # include #else # include #endif /* HAVE_NETGROUP_H */ ])], [ AC_CHECK_FUNCS([_innetgr], [ AC_CHECK_DECLS([_innetgr], [], [], [ AC_INCLUDES_DEFAULT #ifdef HAVE_NETGROUP_H # include #else # include #endif /* HAVE_NETGROUP_H */ ]) ]) ]) AC_CHECK_FUNCS([getdomainname], [ AC_CHECK_DECLS([getdomainname], [], [], [ AC_INCLUDES_DEFAULT #include ]) ], [ AC_CHECK_FUNCS([sysinfo], [AC_CHECK_HEADERS([sys/systeminfo.h])]) ]) AC_CHECK_FUNCS([utimensat], [], [ AC_LIBOBJ(utimens) SUDO_APPEND_COMPAT_EXP(sudo_utimensat) AC_CHECK_FUNCS([utimes]) ]) AC_CHECK_FUNCS([futimens], [], [ AC_LIBOBJ(utimens) SUDO_APPEND_COMPAT_EXP(sudo_futimens) AC_CHECK_FUNCS([futimes futimesat futime], [break]) ]) AC_CHECK_FUNCS([explicit_bzero], [], [ AC_LIBOBJ(explicit_bzero) SUDO_APPEND_COMPAT_EXP(sudo_explicit_bzero) AC_CHECK_FUNCS([explicit_memset memset_explicit memset_s bzero], [break]) ]) SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [ AC_LIBOBJ(fnmatch) SUDO_APPEND_COMPAT_EXP(sudo_fnmatch) COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }fnm_test" ]) SUDO_FUNC_ISBLANK AC_CHECK_FUNCS([glob], [], [ AC_LIBOBJ(glob) SUDO_APPEND_COMPAT_EXP(sudo_glob sudo_globfree) ]) AC_CHECK_FUNCS([memrchr], [], [ AC_LIBOBJ(memrchr) SUDO_APPEND_COMPAT_EXP(sudo_memrchr) ]) AC_CHECK_FUNCS([freezero], [], [ AC_LIBOBJ(freezero) SUDO_APPEND_COMPAT_EXP(sudo_freezero) ]) AC_CHECK_FUNCS(nanosleep, [], [ # On Solaris, nanosleep is in librt AC_CHECK_LIB([rt], [nanosleep], [ AC_DEFINE(HAVE_NANOSLEEP) LIBRT="-lrt" ], [ AC_LIBOBJ(nanosleep) SUDO_APPEND_COMPAT_EXP(sudo_nanosleep) ]) ]) AC_CHECK_FUNCS([fchownat], [], [ AC_LIBOBJ(fchownat) SUDO_APPEND_COMPAT_EXP(sudo_fchownat) ]) AC_CHECK_FUNCS([mkdirat], [], [ AC_LIBOBJ(mkdirat) SUDO_APPEND_COMPAT_EXP(sudo_mkdirat) ]) AC_CHECK_FUNCS([openat], [], [ AC_LIBOBJ(openat) SUDO_APPEND_COMPAT_EXP(sudo_openat) ]) AC_CHECK_FUNCS([unlinkat], [], [ AC_LIBOBJ(unlinkat) SUDO_APPEND_COMPAT_EXP(sudo_unlinkat) ]) AC_CHECK_FUNCS([fchmodat], [], [ AC_LIBOBJ(fchmodat) SUDO_APPEND_COMPAT_EXP(sudo_fchmodat) ]) AC_CHECK_FUNCS([fstatat], [], [ AC_LIBOBJ(fstatat) SUDO_APPEND_COMPAT_EXP(sudo_fstatat) ]) AC_CHECK_FUNCS([dup3], [], [ AC_LIBOBJ(dup3) SUDO_APPEND_COMPAT_EXP(sudo_dup3) ]) AC_CHECK_FUNCS([pipe2], [], [ AC_LIBOBJ(pipe2) SUDO_APPEND_COMPAT_EXP(sudo_pipe2) ]) AC_CHECK_FUNCS([pw_dup], [], [ AC_LIBOBJ(pw_dup) SUDO_APPEND_COMPAT_EXP(sudo_pw_dup) ]) AC_CHECK_FUNCS([realpath], [], [ AC_LIBOBJ(realpath) SUDO_APPEND_COMPAT_EXP(sudo_realpath) ]) AC_CHECK_FUNCS([strlcpy], [], [ AC_LIBOBJ(strlcpy) SUDO_APPEND_COMPAT_EXP(sudo_strlcpy) ]) AC_CHECK_FUNCS([strlcat], [], [ AC_LIBOBJ(strlcat) SUDO_APPEND_COMPAT_EXP(sudo_strlcat) ]) AC_CHECK_FUNC([strnlen], [AC_FUNC_STRNLEN], [AC_LIBOBJ(strnlen)]) AS_IF([test X"$ac_cv_func_strnlen_working" = X"yes"], [ AC_DEFINE(HAVE_STRNLEN) AC_CHECK_FUNCS([strndup], [], [ AC_LIBOBJ(strndup) SUDO_APPEND_COMPAT_EXP(sudo_strndup) ]) ], [ # Broken or missing strnlen, use our own. SUDO_APPEND_COMPAT_EXP(sudo_strnlen) # Avoid libc strndup() since it is usually implemented using strnlen() AC_LIBOBJ(strndup) SUDO_APPEND_COMPAT_EXP(sudo_strndup) ]) AC_CHECK_FUNCS([clock_gettime], [], [ # On Solaris, clock_gettime is in librt AC_CHECK_LIB([rt], [clock_gettime], [ AC_DEFINE(HAVE_CLOCK_GETTIME) LIBRT="-lrt" ]) ]) AC_CHECK_FUNCS([getopt_long], [], [ AC_LIBOBJ(getopt_long) SUDO_APPEND_COMPAT_EXP(sudo_getopt_long sudo_getopt_long_only) AC_CACHE_CHECK([for optreset], sudo_cv_optreset, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern int optreset; optreset = 1; return optreset;]])], [sudo_cv_optreset=yes], [sudo_cv_optreset=no])]) AS_IF([test "$sudo_cv_optreset" = "yes"], [ AC_DEFINE(HAVE_OPTRESET) ]) ]) AC_CHECK_FUNCS([closefrom], [], [AC_LIBOBJ(closefrom) SUDO_APPEND_COMPAT_EXP(sudo_closefrom) AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [ # Linux has a special header for close_range(2). AC_CHECK_FUNCS([close_range], [ case "$host_os" in linux*) AC_CHECK_HEADERS([linux/close_range.h]);; esac ]) ], [ # include # include ]) COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }closefrom_test" ]) sudo_mktemp=no case "$host_os" in darwin*) # macOS has these but uses a _np (non-portable) suffix AC_CHECK_FUNCS([mkdtempat_np mkostempsat_np], [], [sudo_mktemp=yes; break]) ;; *) AC_CHECK_FUNCS([mkdtempat mkostempsat], [], [sudo_mktemp=yes; break]) ;; esac # If any of the mktemp family are missing we use our own. AS_IF([test X"$sudo_mktemp" = X"yes"], [ AC_LIBOBJ(mktemp) SUDO_APPEND_COMPAT_EXP(sudo_mkdtemp sudo_mkdtempat sudo_mkostempsat sudo_mkstemp sudo_mkstemps) COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }mktemp_test" ]) AX_FUNC_SNPRINTF AS_IF([test X"$ac_cv_have_working_snprintf$ac_cv_have_working_vsnprintf" = X"yesyes"], [ # System has a C99-compliant v?snprintf(), check for v?asprintf() AC_CHECK_FUNCS([asprintf], [], [ AC_LIBOBJ(snprintf) SUDO_APPEND_COMPAT_EXP(sudo_asprintf) ]) AC_CHECK_FUNCS([vasprintf], [], [ AC_LIBOBJ(snprintf) SUDO_APPEND_COMPAT_EXP(sudo_vasprintf) ]) ], [ # Missing or non-compliant v?snprintf(), assume missing/bad v?asprintf() SUDO_APPEND_COMPAT_EXP(sudo_snprintf sudo_vsnprintf sudo_asprintf sudo_vasprintf) ]) AC_CHECK_MEMBERS([struct tm.tm_gmtoff], [], [], [ AC_INCLUDES_DEFAULT #include ]) AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)] [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))], [AC_CHECK_MEMBER([struct stat.st_mtimespec], [AC_DEFINE([HAVE_ST_MTIMESPEC])], [AC_CHECK_MEMBER([struct stat.st_nmtime], AC_DEFINE(HAVE_ST_NMTIME))]) ] ) dnl dnl 4.4BSD-based systems can force the password or group file to be held open dnl AC_CHECK_FUNCS([setpassent setgroupent]) dnl dnl Function checks for sudo_noexec dnl AS_IF([test X"$with_noexec" != X"no"], [ # Check for non-standard exec functions AC_CHECK_FUNCS([exect execvP execvpe]) # Check for posix_spawn, and posix_spawnp AS_IF([test X"$ac_cv_header_spawn_h" = X"yes"], [ AC_CHECK_FUNCS([posix_spawn posix_spawnp]) ]) ]) dnl dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR. dnl AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include #include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include #include <$ac_header_dirent>]], [[DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);]])], [AC_DEFINE(HAVE_DD_FD)], [])]) AC_CHECK_MEMBERS([struct dirent.d_type, struct dirent.d_namlen], [], [], [ AC_INCLUDES_DEFAULT #include <$ac_header_dirent> ]) dnl dnl Check for OpenSSL or wolfSSL dnl SUDO_CHECK_OPENSSL dnl dnl Check for sha2 functions if not using openssl or wolfssl dnl AS_IF([test "$DIGEST" = "digest.lo"], [ AS_IF([test "${enable_gcrypt-no}" != no], [ # Use gcrypt's sha2 functions AC_DEFINE(HAVE_GCRYPT) DIGEST=digest_gcrypt.lo LIBCRYPTO="-lgcrypt" AS_IF([test "$enable_gcrypt" != "yes"], [ AX_APPEND_FLAG([-I${enable_gcrypt}/include], [CPPFLAGS]) SUDO_APPEND_LIBPATH(LDFLAGS, [${enable_gcrypt}/lib]) ]) ], [ # Use sudo's sha2 functions if not in libmd or libc. FOUND_SHA2=no AC_CHECK_HEADER([sha2.h], [ FOUND_SHA2=yes AC_CHECK_FUNCS([SHA224Update], [SUDO_FUNC_SHA2_VOID_PTR], [ # On some systems, SHA224Update is in libmd AC_CHECK_LIB([md], [SHA224Update], [ AC_DEFINE(HAVE_SHA224UPDATE) SUDO_FUNC_SHA2_VOID_PTR LIBCRYPTO="-lmd" ], [ # Does not have SHA224Update FOUND_SHA2=no ]) ]) ]) AS_IF([test X"$FOUND_SHA2" = X"no"], [ AC_LIBOBJ(sha2) SUDO_APPEND_COMPAT_EXP(sudo_SHA224Final sudo_SHA224Init sudo_SHA224Pad sudo_SHA224Transform sudo_SHA224Update sudo_SHA256Final sudo_SHA256Init sudo_SHA256Pad sudo_SHA256Transform sudo_SHA256Update sudo_SHA384Final sudo_SHA384Init sudo_SHA384Pad sudo_SHA384Transform sudo_SHA384Update sudo_SHA512Final sudo_SHA512Init sudo_SHA512Pad sudo_SHA512Transform sudo_SHA512Update) ]) ]) ]) dnl dnl Network functions may live in libsocket, libinet, libnsl, or libresolv. dnl Order is important here. dnl SUDO_CHECK_NET_FUNC([socket]) dnl dnl We need to keep track of inet_pton()'s dependent libraries for dnl our getaddrinfo() replacement. dnl ONET_LIBS="$NET_LIBS" SUDO_CHECK_NET_FUNC([inet_pton], [ AC_DEFINE(HAVE_INET_PTON) INET_PTON_LIBS= for lib in $NET_LIBS; do case "$ONET_LIBS" in *"$lib"*) ;; *) INET_PTON_LIBS="${INET_PTON_LIBS}${INET_PTON_LIBS+ }$lib";; esac done ], [ AC_LIBOBJ(inet_pton) SUDO_APPEND_COMPAT_EXP(sudo_inet_pton) ]) dnl dnl The check for inet_ntop() must follow inet_pton() for INET_PTON_LIBS. dnl SUDO_CHECK_NET_FUNC([inet_ntop], [ AC_DEFINE(HAVE_INET_NTOP) ], [ AC_LIBOBJ(inet_ntop) SUDO_APPEND_COMPAT_EXP(sudo_inet_ntop) ]) dnl dnl The check for syslog() must be last so we can detect INET_PTON_LIBS. dnl SUDO_CHECK_NET_FUNC([syslog]) dnl dnl Check for getaddrinfo and add any required libs to NET_LIBS. dnl If it was added to LIBOBJS we need to export the symbols. dnl OLIBS="$LIBS" GETADDRINFO_LIBS= AX_FUNC_GETADDRINFO case " $LIBOBJS " in *" getaddrinfo.$ac_objext "* ) SUDO_APPEND_COMPAT_EXP(sudo_getaddrinfo sudo_freeaddrinfo sudo_gai_strerror) # We need libsudo_util to pull in dependent libraries for # inet_pton(), gethostbyname(), and getservbyname() AS_IF([test -n "${INET_PTON_LIBS}"], [ LT_DEP_LIBS="${LT_DEP_LIBS}${LT_DEP_LIBS+ }${INET_PTON_LIBS}" LIBS="${LIBS}${LIBS+ }${INET_PTON_LIBS}" ]) SUDO_CHECK_NET_FUNC([gethostbyname]) ;; *) for lib in $LIBS; do case "$OLIBS" in *"$lib"*) ;; *) GETADDRINFO_LIBS="${GETADDRINFO_LIBS}${GETADDRINFO_LIBS+ }$lib";; esac done AS_IF([test -n "${GETADDRINFO_LIBS}"], [ # We need libsudo_util to pull in dependent libraries for # gai_strerror() LT_DEP_LIBS="${LT_DEP_LIBS}${LT_DEP_LIBS+ }${GETADDRINFO_LIBS}" LIBS="${LIBS}${LIBS+ }${GETADDRINFO_LIBS}" # Add to NET_LIBS if necessary for lib in $GETADDRINFO_LIBS; do case "$NET_LIBS" in *"$lib"*) ;; *) NET_LIBS="${NET_LIBS}${NET_LIBS+ }$lib";; esac done ]) ;; esac LIBS="$OLIBS" dnl dnl Check for va_copy or __va_copy in stdarg.h dnl AC_CACHE_CHECK([for va_copy], sudo_cv_func_va_copy, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include va_list ap1, ap2;]], [[va_copy(ap1, ap2);]])], [sudo_cv_func_va_copy=yes], [sudo_cv_func_va_copy=no]) ]) AS_IF([test "$sudo_cv_func_va_copy" = "yes"], [ AC_DEFINE(HAVE_VA_COPY) ], [ AC_CACHE_CHECK([for __va_copy], sudo_cv_func___va_copy, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include va_list ap1, ap2;]], [[__va_copy(ap1, ap2);]])], [sudo_cv_func___va_copy=yes], [sudo_cv_func___va_copy=no]) ]) AS_IF([test "$sudo_cv_func___va_copy" = "yes"], [ AC_DEFINE(HAVE___VA_COPY) ]) ]) dnl dnl Check for getprogname()/setprogname() or __progname dnl AC_CHECK_FUNCS([getprogname], [ AC_CHECK_FUNCS([setprogname], [], [SUDO_APPEND_COMPAT_EXP(sudo_setprogname)]) ], [ AC_CACHE_CHECK([for __progname], sudo_cv___progname, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; if (__progname[0] == '\0') return 1;]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])]) AS_IF([test "$sudo_cv___progname" = "yes"], [ AC_DEFINE(HAVE___PROGNAME) ]) SUDO_APPEND_COMPAT_EXP(sudo_getprogname) SUDO_APPEND_COMPAT_EXP(sudo_setprogname) ]) dnl dnl Check for __func__ or __FUNCTION__ dnl AC_CACHE_CHECK([for __func__], sudo_cv___func__, [ AS_IF([test X"$ac_cv_prog_cc_c99" = X"no"], [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[if (__func__[0] == '\0') return 1;]])], [sudo_cv___func__=yes], [sudo_cv___func__=no]) ], [ # C99 and higher support __func__ sudo_cv___func__=yes ]) ]) AS_IF([test "$sudo_cv___func__" = "yes"], [ AC_DEFINE(HAVE___FUNC__) ], [test -n "$GCC"], [ AC_CACHE_CHECK([for __FUNCTION__], sudo_cv___FUNCTION__, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[if(__FUNCTION__[0] == '\0') return 1;]])], [sudo_cv___FUNCTION__=yes], [sudo_cv___FUNCTION__=no])]) AS_IF([test "$sudo_cv___FUNCTION__" = "yes"], [ AC_DEFINE(HAVE___FUNC__) AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler supports __FUNCTION__ but not __func__]) ]) ]) SUDO_CHECK_GETTEXT dnl dnl Deferred zlib option processing. dnl By default we use the system zlib if it is present. dnl If a directory was specified for zlib (or we are use sudo's version), dnl prepend the include dir to make sure we get the right zlib header. dnl case "$enable_zlib" in yes) AC_CHECK_LIB([z], [gzclearerr], [ AC_CHECK_HEADERS([zlib.h], [ZLIB="-lz"], [enable_zlib=builtin]) ]) ;; no) ;; system) AC_DEFINE(HAVE_ZLIB_H) ZLIB="-lz" ;; static|shared|builtin) # handled below ;; *) AC_DEFINE(HAVE_ZLIB_H) AX_APPEND_FLAG([-I${enable_zlib}/include], [CPPFLAGS]) SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib]) ZLIB="${ZLIB} -lz" ;; esac case "$enable_zlib" in builtin|static|dynamic) AC_DEFINE(HAVE_ZLIB_H) # XXX - can't use AX_APPEND_FLAG due to use of $(top_foo) and quoting CPPFLAGS='-I$(top_builddir)/lib/zlib -I$(top_srcdir)/lib/zlib '"${CPPFLAGS}" ZLIB="${ZLIB}"' $(top_builddir)/lib/zlib/libsudo_z.la' ZLIB_SRC=lib/zlib AC_CONFIG_HEADERS([lib/zlib/zconf.h]) AC_CONFIG_FILES([lib/zlib/Makefile]) AS_IF([test X"$enable_shared" = X"no" -o "$enable_zlib" = "static"], [ AS_IF([test "$enable_zlib" = "shared"], [ AC_MSG_ERROR([unable to build shared libraries on this system]) ]) # Build as convenience library ZLIB_LDFLAGS=-no-install ]) ;; esac dnl dnl Check for NSIG, _NSIG or __NSIG declarations in signal.h dnl AC_CHECK_DECLS([NSIG], [], [ AC_CHECK_DECLS([_NSIG], [], [ AC_CHECK_DECLS([__NSIG], [], [], [ AC_INCLUDES_DEFAULT #include ]) ], [ AC_INCLUDES_DEFAULT #include ]) ], [ AC_INCLUDES_DEFAULT #include ]) dnl dnl Check for errno declaration in errno.h dnl AC_CHECK_DECLS([errno], [], [], [ AC_INCLUDES_DEFAULT #include ]) dnl dnl Check for h_errno declaration in netdb.h dnl AC_CHECK_DECLS([h_errno], [], [], [ AC_INCLUDES_DEFAULT #include ]) dnl dnl Check for incomplete limits.h and missing SIZE_MAX. dnl AC_CHECK_DECLS([LLONG_MAX, LLONG_MIN, ULLONG_MAX, PATH_MAX, SSIZE_MAX, SYMLOOP_MAX], [], [], [ #include #include ]) AC_CHECK_DECLS([SIZE_MAX], [], [], [ #include #include #if defined(HAVE_STDINT_H) # include #elif defined(HAVE_INTTYPES_H) # include #endif ]) dnl dnl Try to find equivalents for missing types dnl AS_IF([test "$ac_cv_have_decl_LLONG_MAX" != "yes"], [ AC_CHECK_DECLS([QUAD_MAX], [], [], [[ #include #include ]]) ]) AS_IF([test "$ac_cv_have_decl_LLONG_MIN" != "yes"], [ AC_CHECK_DECLS([QUAD_MIN], [], [], [[ #include #include ]]) ]) AS_IF([test "$ac_cv_have_decl_ULLONG_MAX" != "yes"], [ AC_CHECK_DECLS([UQUAD_MAX], [], [], [[ #include #include ]]) ]) AS_IF([test "$ac_cv_have_decl_SIZE_MAX" != "yes"], [ AC_CHECK_DECLS([SIZE_T_MAX], [], [], [[ #include #include ]]) ]) AS_IF([test "$ac_cv_have_decl_PATH_MAX" != "yes"], [ AC_CHECK_DECLS([_POSIX_PATH_MAX], [], [], [[ #include #include ]]) ]) AS_IF([test "$ac_cv_have_decl_SYMLOOP_MAX" != "yes"], [ AC_CHECK_DECLS([_POSIX_SYMLOOP_MAX], [], [], [[ #include #include ]]) ]) dnl dnl Check for strsignal() or sys_siglist dnl AC_CHECK_FUNCS([strsignal], [], [ AC_LIBOBJ(strsignal) SUDO_APPEND_COMPAT_EXP(sudo_strsignal) HAVE_SIGLIST="false" AC_CHECK_DECLS([sys_siglist], [HAVE_SIGLIST="true"], [ AC_CHECK_DECLS([_sys_siglist], [HAVE_SIGLIST="true"], [], [ AC_INCLUDES_DEFAULT #include ]) ], [ AC_INCLUDES_DEFAULT #include ]) AS_IF([test "$HAVE_SIGLIST" != "true"], [ AC_LIBOBJ(siglist) ]) ]) dnl dnl Check for sig2str() and str2sig(), sys_signame or sys_sigabbrev dnl AC_CHECK_FUNCS([sig2str], [ AC_CHECK_DECLS(SIG2STR_MAX, [], [], [ # include ])], [ AC_LIBOBJ(sig2str) SUDO_APPEND_COMPAT_EXP(sudo_sig2str) ]) AC_CHECK_FUNCS([str2sig], [], [ AC_LIBOBJ(str2sig) SUDO_APPEND_COMPAT_EXP(sudo_str2sig) ]) dnl dnl Check for sys_signame or sys_sigabbrev if missing sig2str() or str2sig(). dnl Also enable unit tests for sig2str() and str2sig(). dnl AS_IF([test x"${ac_cv_func_sig2str}${ac_cv_func_str2sig}" != x"yesyes"], [ AC_CHECK_FUNCS([sigabbrev_np]) AS_IF([test x"${ac_cv_func_sigabbrev_np}" != x"yes"], [ COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }strsig_test" HAVE_SIGNAME="false" AC_CHECK_DECLS([sys_signame], [HAVE_SIGNAME="true"], [ AC_CHECK_DECLS([_sys_signame], [HAVE_SIGNAME="true"], [ AC_CHECK_DECLS([sys_sigabbrev], [HAVE_SIGNAME="true"], [], [ AC_INCLUDES_DEFAULT #include ]) ], [ AC_INCLUDES_DEFAULT #include ]) ], [ AC_INCLUDES_DEFAULT #include ]) AS_IF([test "$HAVE_SIGNAME" != "true"], [ AC_CACHE_CHECK([for undeclared sys_sigabbrev], [sudo_cv_var_sys_sigabbrev], [AC_LINK_IFELSE( [AC_LANG_PROGRAM([[extern char **sys_sigabbrev;]], [[return sys_sigabbrev[1];]])], [sudo_cv_var_sys_sigabbrev=yes], [sudo_cv_var_sys_sigabbrev=no] ) ] ) AS_IF([test "$sudo_cv_var_sys_sigabbrev" = yes], [ AC_DEFINE(HAVE_SYS_SIGABBREV) ], [ AC_LIBOBJ(signame) SIGNAME=signame.lo ]) ]) ]) ]) dnl dnl Check for dl_iterate_phdr, may require -ldl dnl OLIBS="$LIBS" LIBS="$LIBS $lt_cv_dlopen_libs" AC_CHECK_FUNCS([dl_iterate_phdr]) LIBS="$OLIBS" dnl dnl nsswitch.conf and its equivalents dnl AS_IF([test ${with_netsvc-"no"} != "no"], [ SUDO_DEFINE_UNQUOTED(_PATH_NETSVC_CONF, "${with_netsvc-/etc/netsvc.conf}") netsvc_conf=${with_netsvc-/etc/netsvc.conf} ], [test ${with_nsswitch-"yes"} != "no"], [ SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}") nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf} ]) dnl dnl Mutually exclusive auth checks come first, followed by dnl non-exclusive ones. Note: passwd must be last of all! dnl dnl dnl Convert default authentication methods to with_* if dnl no explicit authentication scheme was specified. dnl AS_IF([test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"], [ for auth in $AUTH_EXCL_DEF; do case $auth in AIX_AUTH) with_aixauth=maybe;; BSD_AUTH) with_bsdauth=maybe;; PAM) with_pam=maybe;; SIA) CHECKSIA=true;; esac done ]) dnl dnl PAM support. Systems that use PAM by default set with_pam=default dnl and we do the actual tests here. dnl AS_IF([test ${with_pam-"no"} != "no"], [ # # Check for pam_start() in libpam first, then for pam_appl.h. # found_pam_lib=no AC_CHECK_LIB([pam], [pam_start], [found_pam_lib=yes], [], [$lt_cv_dlopen_libs]) # # Some PAM implementations (macOS for example) put the PAM headers # in /usr/include/pam instead of /usr/include/security... # found_pam_hdrs=no AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [found_pam_hdrs=yes; break]) AS_IF([test "$found_pam_lib" = "yes" -a "$found_pam_hdrs" = "yes"], [ # Found both PAM libs and headers with_pam=yes ], [test "$with_pam" = "yes"], [ AS_IF([test "$found_pam_lib" = "no"], [ AC_MSG_ERROR([--with-pam specified but unable to locate PAM development library.]) ]) AS_IF([test "$found_pam_hdrs" = "no"], [ AC_MSG_ERROR([--with-pam specified but unable to locate PAM development headers.]) ]) ], [test "$found_pam_lib" != "$found_pam_hdrs"], [ AS_IF([test "$found_pam_lib" = "no"], [ AC_MSG_ERROR([found PAM headers but no PAM development library; specify --without-pam to build without PAM]) ]) AS_IF([test "$found_pam_hdrs" = "no"], [ AC_MSG_ERROR([found PAM library but no PAM development headers; specify --without-pam to build without PAM]) ]) ]) AS_IF([test "$with_pam" = "yes"], [ # Older PAM implementations lack pam_getenvlist OLIBS="$LIBS" LIBS="$LIBS -lpam $lt_cv_dlopen_libs" AC_CHECK_FUNCS([pam_getenvlist]) LIBS="$OLIBS" # We already link with -ldl if needed (see LIBDL below) SUDOERS_LIBS="${SUDOERS_LIBS} -lpam" AC_DEFINE(HAVE_PAM) AUTH_OBJS="$AUTH_OBJS pam.lo"; AUTH_EXCL=PAM AC_ARG_WITH(pam-login, [AS_HELP_STRING([--with-pam-login], [enable specific PAM session for sudo -i])], [case $with_pam_login in yes) AC_DEFINE([HAVE_PAM_LOGIN]) pam_login_service="sudo-i" ;; no) ;; *) AC_MSG_ERROR([--with-pam-login does not take an argument.]) ;; esac]) AC_ARG_ENABLE(pam_session, [AS_HELP_STRING([--disable-pam-session], [Disable PAM session support])], [ case "$enableval" in yes) ;; no) AC_DEFINE(NO_PAM_SESSION) pam_session=off ;; *) AC_MSG_WARN([ignoring unknown argument to --enable-pam-session: $enableval]) ;; esac]) ]) ]) dnl dnl AIX general authentication dnl We may build in support for both AIX LAM and PAM and select dnl which one to use at run-time. dnl AS_IF([test ${with_aixauth-'no'} != "no"], [ AC_CHECK_FUNCS([authenticate], [with_aixauth=yes]) AS_IF([test "${with_aixauth}" = "yes"], [ AC_MSG_NOTICE([using AIX general authentication]) AC_DEFINE(HAVE_AIXAUTH) AUTH_OBJS="$AUTH_OBJS aix_auth.lo"; SUDOERS_LIBS="${SUDOERS_LIBS} -ls" AUTH_EXCL=AIX_AUTH ]) ]) dnl dnl BSD authentication dnl If set to "maybe" only enable if no other exclusive method in use. dnl AS_IF([test ${with_bsdauth-'no'} != "no"], [ AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H) [AUTH_OBJS="$AUTH_OBJS bsdauth.lo"] [BSDAUTH_USAGE='[[-a type]] '] [AUTH_EXCL=BSD_AUTH; BAMAN=1], [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])]) ]) dnl dnl SIA authentication for Tru64 Unix dnl AS_IF([test ${CHECKSIA-'false'} = "true"], [ AC_CHECK_FUNCS([sia_ses_init], [found=true], [found=false]) AS_IF([test "$found" = "true"], [ AUTH_EXCL=SIA AUTH_OBJS="$AUTH_OBJS sia.lo" ]) ]) dnl dnl extra FWTK libs + includes dnl AS_IF([test ${with_fwtk-'no'} != "no"], [ AS_IF([test "$with_fwtk" != "yes"], [ SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_fwtk}]) AX_APPEND_FLAG([-I${with_fwtk}], [CPPFLAGS]) with_fwtk=yes ]) SUDOERS_LIBS="${SUDOERS_LIBS} -lauth -lfwall" AUTH_OBJS="$AUTH_OBJS fwtk.lo" ]) dnl dnl extra SecurID lib + includes dnl AS_IF([test ${with_SecurID-'no'} != "no"], [ AS_IF([test "$with_SecurID" != "yes"], [], [test -d /usr/ace/examples], [ with_SecurID=/usr/ace/examples ], [ with_SecurID=/usr/ace ]) AX_APPEND_FLAG([-I${with_SecurID}], [CPPFLAGS]) SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_SecurID}]) SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread" AUTH_OBJS="$AUTH_OBJS securid5.lo"; ]) dnl dnl Non-mutually exclusive auth checks come next. dnl Note: passwd must be last of all! dnl dnl dnl Convert default authentication methods to with_* if dnl no explicit authentication scheme was specified. dnl AS_IF([test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"], [ for auth in $AUTH_DEF; do case $auth in passwd) : ${with_passwd='maybe'};; esac done ]) dnl dnl Kerberos V dnl There is an easy way and a hard way... dnl AS_IF([test ${with_kerb5-'no'} != "no"], [ AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "") AS_IF([test -n "$KRB5CONFIG"], [ AC_DEFINE(HAVE_KERB5) AUTH_OBJS="$AUTH_OBJS kerb5.lo" for f in `krb5-config --cflags`; do AX_APPEND_FLAG([$f], [CPPFLAGS]) done SUDOERS_LIBS="$SUDOERS_LIBS `krb5-config --libs`" dnl dnl Try to determine whether we have Heimdal or MIT Kerberos dnl AC_MSG_CHECKING(whether we are using Heimdal) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[const char *tmp = heimdal_version;]])], [ AC_MSG_RESULT(yes) AC_DEFINE(HAVE_HEIMDAL) ], [ AC_MSG_RESULT(no) ] ) ], [ AC_DEFINE(HAVE_KERB5) dnl dnl Use the specified directory, if any, else search for correct inc dir dnl AS_IF([test "$with_kerb5" = "yes"], [ found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found=yes; break]) done AS_IF([test X"$found" = X"no"], [ CPPFLAGS="$O_CPPFLAGS" AC_MSG_WARN([unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS]) ]) ], [ dnl XXX - try to include krb5.h here too SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb5}/lib]) AX_APPEND_FLAG([-I${with_kerb5}/include], [CPPFLAGS]) ]) dnl dnl Try to determine whether we have Heimdal or MIT Kerberos dnl AC_MSG_CHECKING(whether we are using Heimdal) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[const char *tmp = heimdal_version;]])], [ AC_MSG_RESULT(yes) AC_DEFINE(HAVE_HEIMDAL) # XXX - need to check whether -lcrypo is needed! SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1" AC_CHECK_LIB([roken], [main], [SUDOERS_LIBS="${SUDOERS_LIBS} -lroken"]) ], [ AC_MSG_RESULT(no) SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lk5crypto -lcom_err" AC_CHECK_LIB([krb5support], [main], [SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5support"]) ]) AUTH_OBJS="$AUTH_OBJS kerb5.lo" ]) _LIBS="$LIBS" LIBS="${LIBS} ${SUDOERS_LIBS}" AC_CHECK_FUNCS([krb5_verify_user krb5_init_secure_context]) AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc], [ AC_CACHE_CHECK([whether krb5_get_init_creds_opt_free takes a context], sudo_cv_krb5_get_init_creds_opt_free_two_args, [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[krb5_get_init_creds_opt_free(NULL, NULL);]] )], [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes], [sudo_cv_krb5_get_init_creds_opt_free_two_args=no] ) ] ) ]) AS_IF([test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"], [ AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS) ]) LIBS="$_LIBS" AC_ARG_ENABLE(kerb5-instance, [AS_HELP_STRING([--enable-kerb5-instance], [instance string to append to the username (separated by a slash)])], [ case "$enableval" in yes) AC_MSG_ERROR([must give --enable-kerb5-instance an argument.]) ;; no) ;; *) SUDO_DEFINE_UNQUOTED(SUDO_KRB5_INSTANCE, "$enableval") ;; esac]) ]) dnl dnl extra AFS libs and includes dnl AS_IF([test ${with_AFS-'no'} = "yes"], [ # looks like the "standard" place for AFS libs is /usr/afsws/lib AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs" for i in $AFSLIBDIRS; do AS_IF([test -d ${i}], [ SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [$i]) FOUND_AFSLIBDIR=true ]) done AS_IF([test -z "$FOUND_AFSLIBDIR"], [ AC_MSG_WARN([unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options.]) ]) # Order is important here. Note that we build AFS_LIBS from right to left # since AFS_LIBS may be initialized with BSD compat libs that must go last AFS_LIBS="-laudit ${AFS_LIBS}" for i in $AFSLIBDIRS; do AS_IF([test -f ${i}/util.a], [ AFS_LIBS="${i}/util.a ${AFS_LIBS}" FOUND_UTIL_A=true break; ]) done AS_IF([test -z "$FOUND_UTIL_A"], [ AFS_LIBS="-lutil ${AFS_LIBS}" ]) AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}" # AFS includes may live in /usr/include on some machines... for i in /usr/afsws/include; do AS_IF([test -d ${i}], [ AX_APPEND_FLAG([-I${i}], [CPPFLAGS]) FOUND_AFSINCDIR=true ]) done AS_IF([test -z "$FOUND_AFSLIBDIR"], [ AC_MSG_WARN([unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.]) ]) AUTH_OBJS="$AUTH_OBJS afs.lo" ]) dnl dnl extra DCE obj + lib dnl Order of libs in HP-UX 10.x is important, -ldce must be last. dnl AS_IF([test ${with_DCE-'no'} = "yes"], [ DCE_OBJS="${DCE_OBJS} dce_pwent.o" SUDOERS_LIBS="${SUDOERS_LIBS} -ldce" AUTH_OBJS="$AUTH_OBJS dce.lo" ]) dnl dnl extra S/Key lib and includes dnl AS_IF([test "${with_skey-'no'}" = "yes"], [ O_LDFLAGS="$LDFLAGS" AS_IF([test "$with_skey" != "yes"], [ AX_APPEND_FLAG([-I${with_skey}/include], [CPPFLAGS]) LDFLAGS="$LDFLAGS -L${with_skey}/lib" SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_skey}/lib]) AC_CHECK_HEADER([skey.h], [found=yes], [found=no], [#include ]) ], [ found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "/usr/local" "/usr/contrib"; do test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" AC_CHECK_HEADER([skey.h], [found=yes; break], [], [#include ]) done AS_IF([test "$found" = "no" -o -z "$dir"], [ CPPFLAGS="$O_CPPFLAGS" ], [ LDFLAGS="$LDFLAGS -L${dir}/lib" SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib]) ]) AS_IF([test "$found" = "no"], [ AC_MSG_WARN([unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS]) ]) ]) AC_CHECK_LIB([skey], [main], [found=yes], [AC_MSG_WARN([unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS])]) AC_CHECK_LIB([skey], [skeyaccess], [AC_DEFINE(HAVE_SKEYACCESS)]) AC_MSG_CHECKING([for RFC1938-compliant skeychallenge]) AC_COMPILE_IFELSE( [AC_LANG_PROGRAM([[ # include # include ]], [[skeychallenge(NULL, NULL, NULL, 0);]] )], [ AC_DEFINE(HAVE_RFC1938_SKEYCHALLENGE) AC_MSG_RESULT([yes]) ], [ AC_MSG_RESULT([no]) ] ) LDFLAGS="$O_LDFLAGS" SUDOERS_LIBS="${SUDOERS_LIBS} -lskey" AUTH_OBJS="$AUTH_OBJS rfc1938.lo" ]) dnl dnl extra OPIE lib and includes dnl AS_IF([test "${with_opie-'no'}" = "yes"], [ O_LDFLAGS="$LDFLAGS" AS_IF([test "$with_opie" != "yes"], [ AX_APPEND_FLAG([-I${with_opie}/include], [CPPFLAGS]) LDFLAGS="$LDFLAGS -L${with_opie}/lib" SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_opie}/lib]) AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found=yes], [found=no]) ], [ found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "/usr/local" "/usr/contrib"; do test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found=yes; break]) done AS_IF([test "$found" = "no" -o -z "$dir"], [ CPPFLAGS="$O_CPPFLAGS" ], [ LDFLAGS="$LDFLAGS -L${dir}/lib" SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib]) ]) AS_IF([test "$found" = "no"], [ AC_MSG_WARN([unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS]) ]) ]) AC_CHECK_LIB([opie], [main], [found=yes], [AC_MSG_WARN([unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS])]) LDFLAGS="$O_LDFLAGS" SUDOERS_LIBS="${SUDOERS_LIBS} -lopie" AUTH_OBJS="$AUTH_OBJS rfc1938.lo" ]) dnl dnl Check for shadow password routines if we have not already done so. dnl If there is a specific list of functions to check we do that first. dnl Otherwise, we check for SVR4-style and then SecureWare-style. dnl AS_IF([test ${with_passwd-'no'} != "no"], [ dnl dnl if crypt(3) not in libc, look elsewhere dnl _LIBS="$LIBS" AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [ test "${ac_cv_search_crypt}" != "none required" && shadow_libs="${shadow_libs} ${ac_cv_search_crypt}" ]) AS_IF([test "${ac_cv_search_crypt}" != "no"], [ AC_DEFINE(HAVE_CRYPT) ]) LIBS="$_LIBS" AS_IF([test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"], [ _LIBS="$LIBS" LIBS="$LIBS $shadow_libs" found=no for func in $shadow_funcs; do AC_CHECK_FUNC([$func], [ dnl Enumerate shadow functions instead of using: dnl AC_DEFINE_UNQUOTED(AS_TR_CPP([HAVE_$func])) dnl for autoheader's sake and to catch template omissions. case "$func" in dispcrypt) AC_DEFINE(HAVE_DISPCRYPT) ;; getprpwnam) AC_DEFINE(HAVE_GETPRPWNAM) SECUREWARE=1 ;; getpwnam_shadow) AC_DEFINE(HAVE_GETPWNAM_SHADOW) ;; getspnam) AC_DEFINE(HAVE_GETSPNAM) ;; iscomsec) AC_DEFINE(HAVE_ISCOMSEC) ;; *) AC_MSG_ERROR([unhandled shadow password function $func]) ;; esac found=yes ]) done AS_IF([test "$found" = "no"], [ shadow_libs= ]) CHECKSHADOW=false LIBS="$_LIBS" ]) AS_IF([test "$CHECKSHADOW" = "true"], [ AC_SEARCH_LIBS([getspnam], [gen shadow], [ AC_DEFINE(HAVE_GETSPNAM) test "${ac_cv_search_getspnam}" != "none required" && shadow_libs="${shadow_libs} ${ac_cv_search_getspnam}" CHECKSHADOW=false ]) ]) AS_IF([test "$CHECKSHADOW" = "true"], [ AC_SEARCH_LIBS([getprpwnam], [sec security prot], [ AC_DEFINE(HAVE_GETPRPWNAM) test "${ac_cv_search_getprpwnam}" != "none required" && shadow_libs="${shadow_libs} ${ac_cv_search_getprpwnam}" SECUREWARE=1 CHECKSHADOW=false ]) ]) AS_IF([test -n "$shadow_libs"], [ # sudoers needs to link with shadow libs for password auth SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs" ]) AS_IF([test -n "$SECUREWARE"], [ _LIBS="$LIBS" LIBS="$LIBS $shadow_libs" AC_CHECK_FUNCS([bigcrypt]) AUTH_OBJS="$AUTH_OBJS secureware.lo" # set_auth_parameters() and initprivs() are called from sudo.c AC_CHECK_FUNCS([set_auth_parameters initprivs], [test -n "$shadow_libs" && SUDO_LIBS="$SUDO_LIBS $shadow_libs"]) LIBS="$_LIBS" ]) ]) dnl dnl Solaris 11 added a 4th argument to the au_close() function dnl AS_IF([test X"$with_bsm_audit" = X"yes"], [ SUDO_FUNC_AU_CLOSE_SOLARIS11 ]) dnl dnl Choose event subsystem backend: poll or select dnl AS_IF([test X"$enable_poll" = X""], [ AC_CHECK_FUNCS([ppoll poll], [enable_poll=yes; break], [enable_poll=no]) ], [test X"$enable_poll" = X"yes"], [ AC_CHECK_FUNCS([ppoll], [], AC_DEFINE(HAVE_POLL)) ]) AS_IF([test "$enable_poll" = "yes"], [ COMMON_OBJS="${COMMON_OBJS} event_poll.lo" ], [ AC_CHECK_FUNCS([pselect]) COMMON_OBJS="${COMMON_OBJS} event_select.lo" ]) dnl dnl If LDAP support is enabled, add sudo ldap objects to SUDOERS_OBJS dnl and add LDAP libraries to SUDOERS_LDFLAGS SUDOERS_LIBS. dnl SUDO_CHECK_LDAP # # How to do dynamic object loading. # We support dlopen() and sh_load(), else fall back to static loading. # case "$lt_cv_dlopen" in dlopen) AC_DEFINE(HAVE_DLOPEN) AS_IF([test "$enable_static_sudoers" = "yes"], [ AC_DEFINE(STATIC_SUDOERS_PLUGIN) SUDO_OBJS="${SUDO_OBJS} preload.o" STATIC_SUDOERS="\$(top_builddir)/plugins/sudoers/sudoers.la" AX_APPEND_FLAG([-no-install], [SUDOERS_LDFLAGS]) SUDOERS_LT_STATIC="--tag=disable-shared" LT_STATIC="" ], [ SUDOERS_LT_STATIC="--tag=disable-static" LT_STATIC="--tag=disable-static" ]) ;; shl_load) AC_DEFINE(HAVE_SHL_LOAD) AS_IF([test "$enable_static_sudoers" = "yes"], [ AC_DEFINE(STATIC_SUDOERS_PLUGIN) SUDO_OBJS="${SUDO_OBJS} preload.o" STATIC_SUDOERS="\$(top_builddir)/plugins/sudoers/sudoers.la" AX_APPEND_FLAG([-no-install], [SUDOERS_LDFLAGS]) SUDOERS_LT_STATIC="--tag=disable-shared" LT_STATIC="" ], [ SUDOERS_LT_STATIC="--tag=disable-static" LT_STATIC="--tag=disable-static" ]) ;; *) AS_IF([test X"${ac_cv_func_dlopen}" = X"yes"], [ AC_MSG_ERROR([dlopen present but libtool doesn't appear to support your platform.]) ]) # Preload sudoers module symbols AC_DEFINE(STATIC_SUDOERS_PLUGIN) SUDO_OBJS="${SUDO_OBJS} preload.o" STATIC_SUDOERS="\$(top_builddir)/plugins/sudoers/sudoers.la" LT_STATIC="" ;; esac # # The check_symbols test can only succeed with a dynamic sudoers plugin. # if test X"$STATIC_SUDOERS" = X""; then SUDOERS_TEST_PROGS="${SUDOERS_TEST_PROGS}${SUDOERS_TEST_PROGS+ }check_symbols" fi # # We can only disable linking with the shared libsudo_util if # sudoers is linked statically too. # AS_IF([test "$enable_shared_libutil" = "no"], [ AS_IF([test X"$STATIC_SUDOERS" = X""], [ AC_MSG_ERROR([--disable-shared-libutil may only be specified with --enable-static-sudoers or when dynamic linking is disabled.]) ], [ # Do not install libsudo_util. AX_APPEND_FLAG([-no-install], [LIBUTIL_LDFLAGS]) ]) ]) # On HP-UX, you cannot dlopen() a shared object that uses pthreads unless # the main program is linked against -lpthread. We have no knowledge of # what libraries a plugin may depend on (e.g. HP-UX LDAP which uses pthreads) # so always link against -lpthread on HP-UX if it is available. # This check should go after all other libraries tests. case "$host_os" in hpux*) AC_CHECK_LIB([pthread], [main], [SUDO_LIBS="${SUDO_LIBS} -lpthread"]) AC_DEFINE(_REENTRANT) ;; esac dnl dnl Check for log file, timestamp and iolog locations dnl AS_IF([test "$utmp_style" = "LEGACY"], [SUDO_PATH_UTMP]) SUDO_LOGDIR SUDO_LOGFILE SUDO_RELAY_DIR SUDO_RUNDIR SUDO_VARDIR SUDO_IO_LOGDIR SUDO_TZDIR dnl dnl Turn warnings into errors. dnl All compiler/loader tests after this point will fail if dnl a warning is displayed (normally, warnings are not fatal). dnl AC_LANG_WERROR dnl dnl Don't use sys/sysctl.h if it is marked deprecated (Linux). dnl This test relies on AC_LANG_WERROR dnl AC_CHECK_HEADERS([sys/sysctl.h]) dnl dnl If compiler supports the -static-libgcc flag use it unless we have dnl GNU ld (which can avoid linking in libgcc when it is not needed). dnl This test relies on AC_LANG_WERROR dnl AS_IF([test -n "$GCC" -a "$lt_cv_prog_gnu_ld" != "yes"], [ AX_CHECK_COMPILE_FLAG([-static-libgcc], [AX_APPEND_FLAG([-Wc,-static-libgcc], [LT_LDFLAGS])]) ]) dnl dnl We want to use DT_RUNPATH in preference to DT_RPATH in ELF binaries. dnl Otherwise, LD_LIBRARY_PATH does not work when running the tests. dnl We don't do this on NetBSD where RPATH already supports LD_LIBRARY_PATH. dnl case "$host_os" in netbsd*) ;; *) AX_CHECK_LINK_FLAG([-Wl,--enable-new-dtags], [AX_APPEND_FLAG([-Wl,--enable-new-dtags], [LDFLAGS])]) ;; esac SUDO_CHECK_PIE_SUPPORT SUDO_SYMBOL_VISIBILITY SUDO_CHECK_SANITIZER SUDO_CHECK_HARDENING dnl dnl Use passwd auth module? dnl case "$with_passwd" in yes|maybe) AUTH_OBJS="$AUTH_OBJS getspwuid.lo passwd.lo" AS_IF([test "${ac_cv_search_crypt}" = "no"], [ AC_MSG_WARN([no crypt function found, assuming plaintext passwords]) ]) ;; *) AC_DEFINE(WITHOUT_PASSWD) AS_IF([test -z "$AUTH_OBJS"], [ AC_MSG_ERROR([no authentication methods defined.]) ]) ;; esac AUTH_OBJS=${AUTH_OBJS# } dnl dnl LIBS may contain duplicates from SUDO_LIBS, SUDOERS_LIBS, or NET_LIBS dnl AS_IF([test -n "$LIBS"], [ L="$LIBS" LIBS= for l in ${L}; do dupe=0 for sl in ${SUDO_LIBS} ${SUDOERS_LIBS} ${NET_LIBS}; do test $l = $sl && dupe=1 done test $dupe = 0 && LIBS="${LIBS} $l" done ]) dnl dnl OS-specific initialization dnl AC_DEFINE_UNQUOTED(os_init, $OS_INIT, [Define to an OS-specific initialization function or 'os_init_common'.]) dnl dnl We add -Wall and -Werror after all tests so they don't cause failures dnl AS_IF([test -n "$GCC"], [ # # The fallthrough attribute is supported by gcc 7.0 and clang 10. # This test relies on AC_LANG_WERROR. # AC_CACHE_CHECK([whether $CC supports the fallthrough attribute], [sudo_cv_var_fallthrough_attribute], [AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ int main(int argc, char *argv[]) { int num = argc + 1; switch (num) { case 1: num = 0; __attribute__((__fallthrough__)); case 0: num++; } return num; } ]])], [ sudo_cv_var_fallthrough_attribute=yes ], [ sudo_cv_var_fallthrough_attribute=no] )] ) AS_IF([test X"$sudo_cv_var_fallthrough_attribute" = X"yes"], [ AC_DEFINE(HAVE_FALLTHROUGH_ATTRIBUTE) ]) AS_IF([test X"$enable_warnings" = X"yes" -o X"$with_devel" = X"yes"], [ dnl dnl Default warnings for development use. dnl AX_APPEND_FLAG([-Wall], [CFLAGS]) AX_APPEND_FLAG([-Wmissing-prototypes], [CFLAGS]) AX_APPEND_FLAG([-Wno-unknown-pragmas], [CFLAGS]) AX_APPEND_FLAG([-Wpointer-arith], [CFLAGS]) AX_APPEND_FLAG([-Wshadow], [CFLAGS]) AX_APPEND_FLAG([-Wsign-compare], [CFLAGS]) AX_APPEND_FLAG([-Wwrite-strings], [CFLAGS]) AX_CHECK_COMPILE_FLAG([-Wvla], [AX_APPEND_FLAG([-Wvla], [CFLAGS])]) AX_CHECK_COMPILE_FLAG([-Walloca], [AX_APPEND_FLAG([-Walloca], [CFLAGS])]) AX_CHECK_COMPILE_FLAG([-Wtrampolines], [AX_APPEND_FLAG([-Wtrampolines], [CFLAGS])]) AS_IF([test X"$sudo_cv_var_fallthrough_attribute" = X"yes"], [ AX_APPEND_FLAG([-Wimplicit-fallthrough], [CFLAGS]) ]) ]) AS_IF([test X"$enable_werror" = X"yes"], [ AX_APPEND_FLAG([-Werror], [CFLAGS]) ]) case "$host_os" in # Avoid unwanted warnings on macOS darwin*) AX_APPEND_FLAG([-Wno-deprecated-declarations], [CFLAGS]);; esac ]) dnl dnl Skip regress tests and sudoers validation checks if cross compiling. dnl CROSS_COMPILING="$cross_compiling" dnl dnl Set exec_prefix dnl test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)' dnl dnl Expand exec_prefix in variables used by the manual pages dnl oexec_prefix="$exec_prefix" if test "$exec_prefix" = '$(prefix)'; then if test "$prefix" = "NONE"; then exec_prefix="$ac_default_prefix" else exec_prefix="$prefix" fi fi # Update exec_prefix in intercept_file _intercept_file= while test X"$intercept_file" != X"$_intercept_file"; do _intercept_file="$intercept_file" eval "intercept_file=\"$_intercept_file\"" done # Update exec_prefix in noexec_file _noexec_file= while test X"$noexec_file" != X"$_noexec_file"; do _noexec_file="$noexec_file" eval "noexec_file=\"$_noexec_file\"" done # Update exec_prefix in sesh_file _sesh_file= while test X"$sesh_file" != X"$_sesh_file"; do _sesh_file="$sesh_file" eval "sesh_file=\"$_sesh_file\"" done # Update exec_prefix in plugindir _plugindir= while test X"$plugindir" != X"$_plugindir"; do _plugindir="$plugindir" eval "plugindir=\"$_plugindir\"" done exec_prefix="$oexec_prefix" dnl dnl Defer setting _PATH_SUDO_NOEXEC, etc until after exec_prefix is set dnl AS_IF([test X"$enable_intercept" != X"no"], [ SUDO_OBJS="${SUDO_OBJS} intercept.pb-c.o" PROGS="${PROGS} sudo_intercept.la" INSTALL_INTERCEPT="install-intercept" SUDO_DEFINE_UNQUOTED(_PATH_SUDO_INTERCEPT, "$intercept_file", [The fully qualified pathname of sudo_intercept.so]) ]) AS_IF([test X"$with_noexec" != X"no"], [ PROGS="${PROGS} sudo_noexec.la" INSTALL_NOEXEC="install-noexec" SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so]) ]) AS_IF([test X"$with_selinux" != X"no"], [ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file") ], [ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, NULL) ]) AS_IF([test X"$enable_shared" != X"no"], [ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$plugindir/") AC_DEFINE(ENABLE_SUDO_PLUGIN_API, 1, [Define to 1 to enable sudo's plugin interface.]) ], [ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, NULL) ]) dnl dnl Add -R options to LDFLAGS, etc. dnl if test X"$LDFLAGS_R" != X""; then LDFLAGS="$LDFLAGS $LDFLAGS_R" fi if test X"$SUDOERS_LDFLAGS_R" != X""; then SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS $SUDOERS_LDFLAGS_R" fi if test X"$ZLIB_R" != X""; then ZLIB="$ZLIB_R $ZLIB" fi if test X"$LIBCRYPTO_R" != X""; then LIBCRYPTO="$LIBCRYPTO_R $LIBCRYPTO" fi if test X"$LIBTLS_R" != X""; then LIBTLS="$LIBTLS_R $LIBTLS" fi dnl dnl Trim leading spaces dnl CFLAGS=${CFLAGS# } CPPFLAGS=${CPPFLAGS# } LDFLAGS=${LDFLAGS# } SUDO_LDFLAGS=${SUDO_LDFLAGS# } SUDOERS_LDFLAGS=${SUDOERS_LDFLAGS# } LIBS=${LIBS# } SUDO_LIBS=${SUDO_LIBS# } SUDOERS_LIBS=${SUDOERS_LIBS# } dnl dnl Override default configure dirs for the Makefile dnl if test X"$prefix" = X"NONE"; then test X"$mandir" = X'${datarootdir}/man' && mandir='$(prefix)/man' else test X"$mandir" = X'${datarootdir}/man' && mandir='$(datarootdir)/man' fi test X"$bindir" = X'${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' test X"$sbindir" = X'${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' test X"$libexecdir" = X'${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec' test X"$includedir" = X'${prefix}/include' && includedir='$(prefix)/include' test X"$datarootdir" = X'${prefix}/share' && datarootdir='$(prefix)/share' test X"$docdir" = X'${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' test X"$localedir" = X'${datarootdir}/locale' && localedir='$(datarootdir)/locale' test X"$localstatedir" = X'${prefix}/var' && localstatedir='$(prefix)/var' test X"$runstatedir" = X'${localstatedir}/run' && runstatedir='$(localstatedir)/run' test X"$adminconfdir" = X'${prefix}/etc' && adminconfdir='$(prefix)/etc' test X"$sysconfdir" = X'${prefix}/etc' && sysconfdir='/etc' # The configuration file search path is to check adminconfdir first and # fall back to sysconfdir. This can support systems with read-only # sysconfdir (/etc) that contains a set of default configuration files. SUDO_EXPAND_PATH([$sysconfdir], [_sysconfdir]) SUDO_EXPAND_PATH([$adminconfdir], [_adminconfdir]) AS_IF([test $enable_adminconf = yes], [ # Only use adminconfdir if different from sysconfdir AS_IF([test X"$_sysconfdir" != X"$_adminconfdir"], [ cvtsudoers_conf='$(adminconfdir)/cvtsudoers.conf:'$cvtsudoers_conf sudo_conf='$(adminconfdir)/sudo.conf:'$sudo_conf sudo_logsrvd_conf='$(adminconfdir)/sudo_logsrvd.conf:'$sudo_logsrvd_conf sudoers_path='$(adminconfdir)/sudoers:'$sudoers_path ]) ]) # Expand config file paths for use in pathnames.h (after config dir override) SUDO_DEFINE_PATH([$cvtsudoers_conf], [_PATH_CVTSUDOERS_CONF]) SUDO_DEFINE_PATH([$sudo_conf], [_PATH_SUDO_CONF]) SUDO_DEFINE_PATH([$sudo_logsrvd_conf], [_PATH_SUDO_LOGSRVD_CONF]) SUDO_DEFINE_PATH([$sudoers_path], [_PATH_SUDOERS]) # Convert exampledir to something that can be used in the man pages SUDO_EXPAND_PATH([$exampledir], [EXAMPLES]) dnl dnl Substitute into the Makefile and man pages dnl AS_IF([test X"$INIT_SCRIPT" != X""], [ AC_CONFIG_FILES([etc/init.d/$INIT_SCRIPT]) ], [test X"$TMPFILES_D" != X""], [ AC_CONFIG_FILES([etc/init.d/sudo.conf]) ]) AC_CONFIG_FILES([Makefile docs/Makefile examples/Makefile examples/sudoers examples/sudo.conf examples/sudo_logsrvd.conf examples/syslog.conf include/Makefile lib/eventlog/Makefile lib/fuzzstub/Makefile lib/iolog/Makefile lib/logsrv/Makefile lib/protobuf-c/Makefile lib/util/Makefile lib/util/regress/harness lib/util/util.exp logsrvd/Makefile src/intercept.exp src/sudo_usage.h src/Makefile plugins/audit_json/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/sample_approval/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/regress/harness plugins/sudoers/sudoers]) AC_CONFIG_COMMANDS([harness], [chmod +x lib/util/regress/harness plugins/sudoers/regress/harness]) AC_OUTPUT dnl dnl Summarize configuration dnl if test ${LIBTLS+y}; then have_tls=yes fi echo "" >&AS_MESSAGE_FD echo "Configured Sudo version $PACKAGE_VERSION" >&AS_MESSAGE_FD echo " Compiler settings:" >&AS_MESSAGE_FD echo " compiler : $CC" >&AS_MESSAGE_FD echo " compiler options : $CFLAGS" >&AS_MESSAGE_FD echo " preprocessor options : $CPPFLAGS" >&AS_MESSAGE_FD echo " front-end libraries : $SUDO_LIBS" >&AS_MESSAGE_FD echo " front-end linker options : $SUDO_LDFLAGS" >&AS_MESSAGE_FD echo " network libraries : $NET_LIBS" >&AS_MESSAGE_FD echo " Crypto library : $LIBCRYPTO" >&AS_MESSAGE_FD echo " TLS libraries : $LIBTLS" >&AS_MESSAGE_FD echo " extra libraries : $LIBS" >&AS_MESSAGE_FD echo " extra linker options : $LDFLAGS" >&AS_MESSAGE_FD echo " sudoers libraries : $SUDOERS_LIBS" >&AS_MESSAGE_FD echo " sudoers linker options : $SUDOERS_LDFLAGS" >&AS_MESSAGE_FD if test "${enable_sanitizer-no}" != "no"; then echo " sanitizer options : ${enable_sanitizer}" >&AS_MESSAGE_FD fi if test X"$FUZZ_LD" != X"\$(CC)"; then echo " fuzzing linker : ${FUZZ_LD}" >&AS_MESSAGE_FD fi if test X"$FUZZ_ENGINE" != X"\$(top_builddir)/lib/fuzzstub/libsudo_fuzzstub.la"; then echo " fuzzing engine : ${FUZZ_ENGINE}" >&AS_MESSAGE_FD fi echo " Plugin options:" >&AS_MESSAGE_FD echo " plugin support : ${SHLIB_ENABLE}" >&AS_MESSAGE_FD echo " Sudoers plugin static : ${enable_static_sudoers-no}" >&AS_MESSAGE_FD echo " Python plugin : ${enable_python-no}" >&AS_MESSAGE_FD if test "${enable_python-no}" != "no"; then echo " Python CFLAGS : ${PYTHON_INCLUDE}" >&AS_MESSAGE_FD echo " Python LDFLAGS : ${PYTHON_LIBS}" >&AS_MESSAGE_FD fi echo " Optional features:" >&AS_MESSAGE_FD echo " log client : ${enable_log_client-yes}" >&AS_MESSAGE_FD echo " log server : ${enable_log_server-yes}" >&AS_MESSAGE_FD echo " log client/server TLS : ${have_tls-no}" >&AS_MESSAGE_FD case "$host_os" in linux*) echo " SELinux RBAC : ${with_selinux-yes}" >&AS_MESSAGE_FD;; esac echo " Optional sudoers back-ends:" >&AS_MESSAGE_FD echo " LDAP : ${with_ldap-no}" >&AS_MESSAGE_FD if test "${with_ldap-no}" != "no"; then echo " ldap configuration : ${ldap_conf}" >&AS_MESSAGE_FD echo " ldap secret : ${ldap_secret}" >&AS_MESSAGE_FD echo " SASL authentication : ${enable_sasl-no}" >&AS_MESSAGE_FD fi echo " SSSD : ${with_sssd-no}" >&AS_MESSAGE_FD if test "${with_sssd-no}" != "no"; then echo " SSSD config path : ${sssd_conf}" >&AS_MESSAGE_FD if test "${sssd_lib}" = \""LIBDIR\""; then echo " SSSD lib dir : ${libdir}" >&AS_MESSAGE_FD else echo " SSSD lib dir : ${sssd_lib}" >&AS_MESSAGE_FD fi fi echo " Authentication options:" >&AS_MESSAGE_FD echo " require authentication : ${enable_authentication-yes}" >&AS_MESSAGE_FD auth_methods=`echo "$AUTH_OBJS" | sed -e 's/\.lo//g' -e 's/getspwuid *//'` echo " authentication methods : ${auth_methods}" >&AS_MESSAGE_FD if test "${with_pam-no}" = "yes"; then echo " pam session support : ${pam_session}" >&AS_MESSAGE_FD echo " pam login service : ${pam_login_service}" >&AS_MESSAGE_FD fi if test "${with_kerb5-no}" != "no"; then echo " kerb5 instance string : ${with_kerb5-none}" >&AS_MESSAGE_FD fi if test "${with_opie-no}-${with_skey-no}" != "no-no"; then echo " long OTP prompt : ${long_otp_prompt-no}" >&AS_MESSAGE_FD fi echo " group exempt from passwords : ${with_exempt-none}" >&AS_MESSAGE_FD echo " password prompt : ${passprompt}" >&AS_MESSAGE_FD echo " password prompt timeout : ${password_timeout} minutes" >&AS_MESSAGE_FD echo " password tries : ${passwd_tries}" >&AS_MESSAGE_FD echo " bad password message : ${badpass_message}" >&AS_MESSAGE_FD if test "$insults" = "on"; then i="" test "$enable_offensive_insults" = "yes" && i="offensive ${i}" test "$with_python_insults" = "yes" && i="python ${i}" test "$with_goons_insults" = "yes" && i="goons ${i}" test "$with_hal_insults" = "yes" && i="hal ${i}" test "$with_csops_insults" = "yes" && i="csops ${i}" test "$with_classic_insults" = "yes" && i="classic ${i}" else i=no fi echo " insults : $i" >&AS_MESSAGE_FD echo " display lecture : ${lecture}" >&AS_MESSAGE_FD echo " timestamp (credential) type : ${timestamp_type}" >&AS_MESSAGE_FD echo " timestamp (credential) timeout: ${timeout} minutes" >&AS_MESSAGE_FD echo " Logging options:" >&AS_MESSAGE_FD echo " logging default : ${with_logging}" >&AS_MESSAGE_FD echo " syslog facility : ${logfac}" >&AS_MESSAGE_FD echo " syslog priority allowed : ${goodpri}" >&AS_MESSAGE_FD echo " syslog priority denied : ${badpri}" >&AS_MESSAGE_FD echo " log file path : ${logpath}" >&AS_MESSAGE_FD echo " log file includes hostname : ${enable_log_host-no}" >&AS_MESSAGE_FD echo " log file line length : ${loglen}" >&AS_MESSAGE_FD echo " compress I/O logs : ${enable_zlib}" >&AS_MESSAGE_FD case "$host_os" in linux*) echo " Linux audit : ${with_linux_audit-no}" >&AS_MESSAGE_FD;; solaris2.11*) echo " Solaris audit : ${with_solaris_audit-no}" >&AS_MESSAGE_FD;; *) echo " BSM audit : ${with_bsm_audit-no}" >&AS_MESSAGE_FD;; esac echo " run mailer as root : ${enable_root_mailer-yes}" >&AS_MESSAGE_FD echo " warning/error mail recipient : ${mailto}" >&AS_MESSAGE_FD echo " warning/error mail subject : ${mailsub}" >&AS_MESSAGE_FD echo " mail if user not in sudoers : ${mail_no_user}" >&AS_MESSAGE_FD echo " mail if user not on host : ${mail_no_host}" >&AS_MESSAGE_FD echo " mail if command not allowed : ${mail_no_perms}" >&AS_MESSAGE_FD echo " Pathnames:" >&AS_MESSAGE_FD echo " prefix : $prefix" >&AS_MESSAGE_FD echo " sysconfdir : $_sysconfdir" >&AS_MESSAGE_FD if test "${enable_adminconf-no}" != "no"; then echo " adminconfdir : $_adminconfdir" >&AS_MESSAGE_FD fi echo " log directory : ${log_dir}" >&AS_MESSAGE_FD echo " run directory : ${rundir}" >&AS_MESSAGE_FD echo " var directory : ${vardir}" >&AS_MESSAGE_FD echo " I/O log directory : ${iolog_dir}" >&AS_MESSAGE_FD echo " sudo_logsrvd relay directory : ${relay_dir}" >&AS_MESSAGE_FD if test X"$with_exampledir" != X""; then echo " exampledir : $exampledir" >&AS_MESSAGE_FD fi echo " plugin directory : ${plugindir}" >&AS_MESSAGE_FD echo " sudoers plugin : ${sudoers_plugin}" >&AS_MESSAGE_FD if test "${enable_python-no}" != "no"; then echo " python plugin : ${python_plugin}" >&AS_MESSAGE_FD fi echo " sudoers file : ${sudoers_path}" >&AS_MESSAGE_FD echo " cvtsudoers.conf file : ${cvtsudoers_conf}" >&AS_MESSAGE_FD echo " sudo.conf file : ${sudo_conf}" >&AS_MESSAGE_FD echo " sudo_logsrvd.conf file : ${sudo_logsrvd_conf}" >&AS_MESSAGE_FD echo " path to sendmail : ${with_sendmail}" >&AS_MESSAGE_FD echo " time zone directory : ${tzdir}" >&AS_MESSAGE_FD if test -n "$TMPFILES_D"; then echo " systemd tempfiles dir : ${TMPFILES_D}" >&AS_MESSAGE_FD fi if test ${with_netsvc-"no"} != "no"; then echo " netsvc file : ${netsvc_conf}" >&AS_MESSAGE_FD elif test ${with_nsswitch-"yes"} != "no"; then echo " nsswitch file : ${nsswitch_conf}" >&AS_MESSAGE_FD fi echo " intercept file : ${intercept_file}" >&AS_MESSAGE_FD echo " noexec file : ${noexec_file}" >&AS_MESSAGE_FD echo " secure path : ${with_secure_path-no}" >&AS_MESSAGE_FD echo " askpass helper file : ${with_askpass-no}" >&AS_MESSAGE_FD echo " device search path : ${devsearch}" >&AS_MESSAGE_FD echo " Other options:" >&AS_MESSAGE_FD if test "${with_devel-no}" != "no"; then echo " development build : ${with_devel}" >&AS_MESSAGE_FD fi case "$host_os" in solaris2*) echo " Solaris project support : ${with_project-no}" >&AS_MESSAGE_FD;; esac if test "${with_logincap+set}" = "set"; then echo " /etc/login.conf support : ${with_logincap}" >&AS_MESSAGE_FD fi echo " fully-qualified domain names : ${fqdn}" >&AS_MESSAGE_FD echo " default umask : ${sudo_umask}" >&AS_MESSAGE_FD echo " umask override : ${umask_override}" >&AS_MESSAGE_FD echo " default runas user : ${runas_default}" >&AS_MESSAGE_FD echo " probe network interfaces : ${with_interfaces-yes}" >&AS_MESSAGE_FD echo " allow root to run sudo : ${root_sudo}" >&AS_MESSAGE_FD echo " reset environment for commands: ${env_reset}" >&AS_MESSAGE_FD echo " run shell if no args : ${enable_noargs_shell-no}" >&AS_MESSAGE_FD echo " ignore '.' or '' in \$PATH : ${ignore_dot}" >&AS_MESSAGE_FD echo " disable path info : ${enable_path_info-no}" >&AS_MESSAGE_FD echo " sudoers file mode : ${SUDOERS_MODE}" >&AS_MESSAGE_FD echo " sudoers file owner : ${SUDOERS_UID}:${SUDOERS_GID}" >&AS_MESSAGE_FD echo " default visudo editor : ${editor}" >&AS_MESSAGE_FD echo " visudo supports \$EDITOR : ${env_editor}" >&AS_MESSAGE_FD if test "${enable_env_debug+set}" = "set"; then echo " environment debugging : ${enable_env_debug-no}" >&AS_MESSAGE_FD fi echo "" >&AS_MESSAGE_FD dnl dnl Display any warnings/info the user needs to know about at the end. dnl AS_IF([test "$openssl_missing" = "yes"], [ AC_MSG_WARN([OpenSSL dev libraries not found, Sudo logsrv connections will not be encrypted.]) ]) AS_IF([test "$with_pam" = "yes"], [ case $host_os in hpux*) AS_IF([test -f /usr/lib/security/libpam_hpsec.so.1], [ AC_MSG_NOTICE([you may wish to add the following line to /etc/pam.conf]) AC_MSG_NOTICE([sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login]) ]) ;; linux*) AC_MSG_NOTICE([you will need to customize examples/pam.conf and install it as /etc/pam.d/sudo]) ;; esac ]) dnl dnl Warn user if they may need to clear rundir manually. dnl case "$rundir" in /run/*|/var/run/*) clear_rundir=0 ;; *) clear_rundir=1 ;; esac AS_IF([test $clear_rundir -eq 1], [ AC_MSG_NOTICE([warning: the $rundir/ts directory must be cleared at boot time.]) AC_MSG_NOTICE([ You may need to create a startup item to do this.]) ]) dnl dnl Autoheader templates dnl AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.]) AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.]) AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.]) AH_TEMPLATE(ENV_DEBUG, [Define to 1 to enable environment function debugging.]) AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.]) AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.]) AH_TEMPLATE(ENV_RESET, [Define to 1 to enable environment resetting by default.]) AH_TEMPLATE(PYTHON_INSULTS, [Define to 1 if you want insults from "Monty Python's Flying Circus".]) AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".]) AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.]) AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.]) AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.]) AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.]) AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM audit support.]) AH_TEMPLATE(HAVE_CRYPT, [Define to 1 if you have the 'crypt' function.]) AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.]) AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your 'DIR' contains dd_fd.]) AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the 'dirfd' function or macro.]) AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the 'dispcrypt' function.]) AH_TEMPLATE(HAVE_DLOPEN, [Define to 1 if you have the 'dlopen' function.]) AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.]) AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the 'fnmatch' function.]) AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.]) AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the 'getprpwnam' function. (SecureWare-style shadow passwords).]) AH_TEMPLATE(HAVE_GETPWNAM_SHADOW, [Define to 1 if you have the 'getpwnam_shadow' function.]) AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the 'getspnam' function (SVR4-style shadow passwords).]) AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the 'gss_krb5_ccache_name' function.]) AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.]) AH_TEMPLATE(HAVE_INET_NTOP, [Define to 1 if you have the 'inet_ntop' function.]) AH_TEMPLATE(HAVE_INET_PTON, [Define to 1 if you have the 'inet_pton' function.]) AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the 'iscomsec' function. (HP-UX >= 10.x check for shadow enabled).]) AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.]) AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the 'krb5_get_init_creds_opt_alloc' function.]) AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your 'krb5_get_init_creds_opt_free' function takes two arguments.]) AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the 'krb5_init_secure_context' function.]) AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the 'krb5_verify_user' function.]) AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs . (OpenLDAP does not).]) AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.]) AH_TEMPLATE(HAVE_LIBINTL_H, [Define to 1 if you have the header file.]) AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.]) AH_TEMPLATE(HAVE_SSSD, [Define to 1 to enable SSSD support.]) AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.]) AH_TEMPLATE(HAVE_OPTRESET, [Define to 1 if you have the 'optreset' symbol.]) AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.]) AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.]) AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the header file.]) AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.]) AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.]) AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the 'setkeycreatecon' function.]) AH_TEMPLATE(HAVE_APPARMOR, [Define to 1 to enable AppArmor support.]) AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the 'shl_load' function.]) AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.]) AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().]) AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments.]) AH_TEMPLATE(HAVE_SOLARIS_AUDIT, [Define to 1 to enable Solaris audit support.]) AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union.]) AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member.]) AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member.]) AH_TEMPLATE(HAVE_ST_NMTIME, [Define to 1 if your struct stat has an st_nmtime member.]) AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.]) AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.]) AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements.]) AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.]) AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.]) AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.]) AH_TEMPLATE(NO_LEAKS, [Define to 1 if you want sudo to free up memory before exiting.]) AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first time they use sudo.]) AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support.]) AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid running the mailer as root.]) AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.]) AH_TEMPLATE(TIMESTAMP_TYPE, [Define to global, ppid or tty to set the default timestamp record type.]) AH_TEMPLATE(OFFENSIVE_INSULTS, [Define to 1 to include offensive insults from the classic version of sudo.]) AH_TEMPLATE(SECURE_PATH, [A colon-separated list of directories to override the user's PATH with.]) AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.]) AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.]) AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.]) AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.]) AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.]) AH_TEMPLATE(STATIC_SUDOERS_PLUGIN, [Define to 1 to compile the sudoers plugin statically into the sudo binary.]) AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.]) AH_TEMPLATE(UMASK_OVERRIDE, [Define to 1 to use the umask specified in sudoers even when it is less restrictive than the invoking user's.]) AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.]) AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.]) AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.]) AH_TEMPLATE(HAVE___FUNC__, [Define to 1 if the compiler supports the C99 __func__ variable.]) AH_TEMPLATE(HAVE___INTERPOSE, [Define to 1 if you have dyld with __interpose attribute support.]) AH_TEMPLATE(SUDO_KRB5_INSTANCE, [An instance string to append to the username (separated by a slash) for Kerberos V authentication.]) AH_TEMPLATE(RTLD_PRELOAD_VAR, [The environment variable that controls preloading of dynamic objects.]) AH_TEMPLATE(RTLD_PRELOAD_ENABLE_VAR, [An extra environment variable that is required to enable preloading (if any).]) AH_TEMPLATE(RTLD_PRELOAD_DELIM, [The delimiter to use when defining multiple preloaded objects.]) AH_TEMPLATE(RTLD_PRELOAD_DEFAULT, [The default value of preloaded objects (if any).]) AH_TEMPLATE(HAVE_DSO_VISIBILITY, [Define to 1 if the compiler supports the __visibility__ attribute.]) AH_TEMPLATE(HAVE_SYS_SIGABBREV, [Define to 1 if your libc has the 'sys_sigabbrev' symbol.]) AH_TEMPLATE(HAVE_NSS_SEARCH, [Define to 1 if you have the 'nss_search' function.]) AH_TEMPLATE(HAVE__NSS_INITF_GROUP, [Define to 1 if you have the '_nss_initf_group' function.]) AH_TEMPLATE(HAVE___NSS_INITF_GROUP, [Define to 1 if you have the '__nss_initf_group' function.]) AH_TEMPLATE(HAVE__NSS_XBYY_BUF_ALLOC, [Define to 1 if you have the '_nss_XbyY_buf_alloc' function.]) AH_TEMPLATE(HAVE___NSS_XBYY_BUF_ALLOC, [Define to 1 if you have the '__nss_XbyY_buf_alloc' function.]) AH_TEMPLATE(NEED_RESOLV_H, [Define to 1 if resolv.h must be included to get the 'inet_ntop' or 'inet_pton' function prototypes.]) AH_TEMPLATE(HAVE_STRNLEN, [Define to 1 if you have the 'strnlen' function.]) AH_TEMPLATE(PAM_SUN_CODEBASE, [Define to 1 if your system uses a Solaris-derived PAM and not Linux-PAM or OpenPAM.]) AH_TEMPLATE(HAVE_KINFO_PROC_44BSD, [Define to 1 if your system has a 4.4BSD-style kinfo_proc struct.]) AH_TEMPLATE(HAVE_KINFO_PROC_FREEBSD, [Define to 1 if your system has a FreeBSD-style kinfo_proc struct.]) AH_TEMPLATE(HAVE_KINFO_PROC_DFLY, [Define to 1 if your system has a Dragonfly-style kinfo_proc struct.]) AH_TEMPLATE(HAVE_KINFO_PROC2_NETBSD, [Define to 1 if your system has a NetBSD-style kinfo_proc2 struct.]) AH_TEMPLATE(HAVE_KINFO_PROC_OPENBSD, [Define to 1 if your system has an OpenBSD-style kinfo_proc struct.]) AH_TEMPLATE(HAVE_OPENSSL, [Define to 1 if you are using OpenSSL's TLS and sha2 functions.]) AH_TEMPLATE(HAVE_WOLFSSL, [Define to 1 if you are using wolfSSL's TLS and sha2 functions.]) AH_TEMPLATE(HAVE_GCRYPT, [Define to 1 if you are using gcrypt's sha2 functions.]) AH_TEMPLATE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION, [Define to 1 if you have the 'SSL_CTX_set_min_proto_version' function or macro.]) AH_TEMPLATE(HAVE_SSL_CTX_SET_CIPHERSUITES, [Define to 1 if you have the 'SSL_CTX_set_ciphersuites' function or macro.]) AH_TEMPLATE(SUDOERS_LOG_CLIENT, [Define to 1 to compile support for sudo_logsrvd in the sudoers plugin.]) AH_TEMPLATE(HAVE_FALLTHROUGH_ATTRIBUTE, [Define to 1 if the compiler supports the fallthrough attribute.]) AH_TEMPLATE(HAVE_VA_COPY, [Define to 1 if you have the 'va_copy' function.]) AH_TEMPLATE(HAVE___VA_COPY, [Define to 1 if you have the '__va_copy' function.]) dnl dnl Bits to copy verbatim into config.h.in dnl AH_TOP([#ifndef SUDO_CONFIG_H #define SUDO_CONFIG_H /* Configure script arguments used to build sudo. */ #undef CONFIGURE_ARGS]) AH_BOTTOM([#ifndef HAVE_SIG_ATOMIC_T typedef int sig_atomic_t; #endif #ifndef HAVE_SOCKLEN_T typedef unsigned int socklen_t; #endif #ifndef __GNUC_PREREQ__ # ifdef __GNUC__ # define __GNUC_PREREQ__(ma, mi) \ ((__GNUC__ > (ma)) || (__GNUC__ == (ma) && __GNUC_MINOR__ >= (mi))) # else # define __GNUC_PREREQ__(ma, mi) 0 # endif #endif /* Define away __attribute__ for non-gcc or old gcc. */ #if !defined(__attribute__) && !__GNUC_PREREQ__(2, 5) # define __attribute__(x) #endif /* For functions that call exit() directly. */ #ifdef __has_c_attribute # if __has_c_attribute(__noreturn__) # define sudo_noreturn [[__noreturn__]] # endif #endif #ifndef sudo_noreturn # if __GNUC_PREREQ__(2, 5) # define sudo_noreturn __attribute__((__noreturn__)) # else # define sudo_noreturn # endif #endif /* For malloc-like functions that return uninitialized or zeroed memory. */ #if __GNUC_PREREQ__(2, 96) # define sudo_malloclike __attribute__((__malloc__)) #else # define sudo_malloclike #endif /* Compile-time checking for function arguments that must not be NULL. */ #if __GNUC_PREREQ__(3, 3) # define sudo_attr_nonnull(_a) __attribute__((__nonnull__ (_a))) #else # define sudo_attr_nonnull(_a) #endif /* For catching format string mismatches. */ #if __GNUC_PREREQ__(2, 7) # define sudo_printflike(_f, _v) __attribute__((__format__ (__printf__, _f, _v))) sudo_attr_nonnull(_f) # define sudo_printf0like(_f, _v) __attribute__((__format__ (__printf__, _f, _v))) # define sudo_attr_fmt_arg(_f) __attribute__((__format_arg__ (_f))) #else # define sudo_printflike(_f, _v) # define sudo_printf0like(_f, _v) # define sudo_attr_fmt_arg(_f) #endif /* C23 defines a fallthrough attribute, gcc 7.0 and clang 10 have their own. */ #ifdef __has_c_attribute # if __has_c_attribute(__fallthrough__) # define FALLTHROUGH [[__fallthrough__]] # endif #endif #ifndef FALLTHROUGH # if defined(HAVE_FALLTHROUGH_ATTRIBUTE) # define FALLTHROUGH __attribute__((__fallthrough__)) # else # define FALLTHROUGH do { } while (0) # endif #endif /* Symbol visibility controls. */ #ifdef HAVE_DSO_VISIBILITY # if defined(__GNUC__) # define sudo_dso_public __attribute__((__visibility__("default"))) # elif defined(__SUNPRO_C) # define sudo_dso_public __global # else # define sudo_dso_public __declspec(dllexport) # endif #else # define sudo_dso_public #endif /* BSD compatibility on some SVR4 systems. */ #ifdef __svr4__ # define BSD_COMP #endif /* Enable BSD extensions on systems that have them. */ #ifndef _BSD_SOURCE # undef _BSD_SOURCE #endif /* Enable OpenBSD extensions on NetBSD. */ #ifndef _OPENBSD_SOURCE # undef _OPENBSD_SOURCE #endif /* Enable BSD types on IRIX. */ #ifndef _BSD_TYPES # undef _BSD_TYPES #endif /* Enable Linux-compatible extensions on AIX. */ #ifndef _LINUX_SOURCE_COMPAT # undef _LINUX_SOURCE_COMPAT #endif /* Enable unlimited getgroups(2) support on macOS. */ #ifndef _DARWIN_UNLIMITED_GETGROUPS # undef _DARWIN_UNLIMITED_GETGROUPS #endif /* Enable prototypes in GCC fixed includes on older systems. */ #ifndef __USE_FIXED_PROTOTYPES__ # undef __USE_FIXED_PROTOTYPES__ #endif /* Enable XPG4v2 extensions to POSIX, needed for MSG_WAITALL on older HP-UX. */ #ifndef _XOPEN_SOURCE_EXTENDED # undef _XOPEN_SOURCE_EXTENDED #endif /* Enable reentrant versions of the standard C API (obsolete). */ #ifndef _REENTRANT # undef _REENTRANT #endif /* Enable "safer" versions of the standard C API (ISO C11). */ #ifndef __STDC_WANT_LIB_EXT1__ # undef __STDC_WANT_LIB_EXT1__ #endif /* Prevent static analyzers from genering bogus memory leak warnings. */ #if defined(__COVERITY__) && !defined(NO_LEAKS) # define NO_LEAKS #endif #endif /* SUDO_CONFIG_H */])