dnl dnl Use the top-level autogen.sh script to generate configure and config.h.in dnl dnl Copyright (c) 1994-1996,1998-2014 Todd C. Miller dnl AC_PREREQ([2.59]) AC_INIT([sudo], [1.8.9p3], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER([config.h pathnames.h]) AC_CONFIG_SRCDIR([src/sudo.c]) dnl dnl Note: this must come after AC_INIT dnl AC_MSG_NOTICE([Configuring Sudo version $PACKAGE_VERSION]) dnl dnl Variables that get substituted in the Makefile and man pages dnl AC_SUBST([HAVE_BSM_AUDIT]) AC_SUBST([SHELL]) AC_SUBST([LIBTOOL]) AC_SUBST([CFLAGS]) AC_SUBST([PROGS]) AC_SUBST([CPPFLAGS]) AC_SUBST([LDFLAGS]) AC_SUBST([SUDOERS_LDFLAGS]) AC_SUBST([LT_LDFLAGS]) AC_SUBST([LT_LDMAP]) AC_SUBST([LT_LDOPT]) AC_SUBST([LT_LDDEP]) AC_SUBST([LT_LDEXPORTS]) AC_SUBST([COMMON_OBJS]) AC_SUBST([SUDOERS_OBJS]) AC_SUBST([SUDO_OBJS]) AC_SUBST([LIBS]) AC_SUBST([SUDO_LIBS]) AC_SUBST([SUDOERS_LIBS]) AC_SUBST([NET_LIBS]) AC_SUBST([AFS_LIBS]) AC_SUBST([REPLAY_LIBS]) AC_SUBST([GETGROUPS_LIB]) AC_SUBST([OSDEFS]) AC_SUBST([AUTH_OBJS]) AC_SUBST([MANTYPE]) AC_SUBST([MANDIRTYPE]) AC_SUBST([MANCOMPRESS]) AC_SUBST([MANCOMPRESSEXT]) AC_SUBST([SHLIB_MODE]) AC_SUBST([SHLIB_EXT]) AC_SUBST([SUDOERS_MODE]) AC_SUBST([SUDOERS_UID]) AC_SUBST([SUDOERS_GID]) AC_SUBST([DEVEL]) AC_SUBST([BAMAN]) AC_SUBST([LCMAN]) AC_SUBST([PSMAN]) AC_SUBST([SEMAN]) AC_SUBST([devdir]) AC_SUBST([mansectsu]) AC_SUBST([mansectform]) AC_SUBST([mansrcdir]) AC_SUBST([NOEXECFILE]) AC_SUBST([NOEXECDIR]) AC_SUBST([SOEXT]) AC_SUBST([noexec_file]) AC_SUBST([sesh_file]) AC_SUBST([INSTALL_NOEXEC]) AC_SUBST([DONT_LEAK_PATH_INFO]) AC_SUBST([BSDAUTH_USAGE]) AC_SUBST([SELINUX_USAGE]) AC_SUBST([LDAP]) AC_SUBST([LOGINCAP_USAGE]) AC_SUBST([ZLIB]) AC_SUBST([ZLIB_SRC]) AC_SUBST([LIBTOOL_DEPS]) AC_SUBST([ac_config_libobj_dir]) AC_SUBST([CONFIGURE_ARGS]) AC_SUBST([LIBDL]) AC_SUBST([LT_STATIC]) AC_SUBST([LIBINTL]) AC_SUBST([SUDO_NLS]) AC_SUBST([LOCALEDIR_SUFFIX]) AC_SUBST([COMPAT_TEST_PROGS]) AC_SUBST([CROSS_COMPILING]) AC_SUBST([PIE_LDFLAGS]) AC_SUBST([PIE_CFLAGS]) AC_SUBST([SSP_LDFLAGS]) AC_SUBST([SSP_CFLAGS]) AC_SUBST([NO_VIZ]) dnl dnl Variables that get substituted in docs (not overridden by environment) dnl AC_SUBST([iolog_dir])dnl real initial value from SUDO_IO_LOGDIR AC_SUBST([timedir])dnl real initial value from SUDO_TIMEDIR AC_SUBST([timeout]) AC_SUBST([password_timeout]) AC_SUBST([sudo_umask]) AC_SUBST([umask_override]) AC_SUBST([passprompt]) AC_SUBST([long_otp_prompt]) AC_SUBST([lecture]) AC_SUBST([logfac]) AC_SUBST([goodpri]) AC_SUBST([badpri]) AC_SUBST([loglen]) AC_SUBST([ignore_dot]) AC_SUBST([mail_no_user]) AC_SUBST([mail_no_host]) AC_SUBST([mail_no_perms]) AC_SUBST([mailto]) AC_SUBST([mailsub]) AC_SUBST([badpass_message]) AC_SUBST([fqdn]) AC_SUBST([runas_default]) AC_SUBST([env_editor]) AC_SUBST([env_reset]) AC_SUBST([passwd_tries]) AC_SUBST([tty_tickets]) AC_SUBST([insults]) AC_SUBST([root_sudo]) AC_SUBST([path_info]) AC_SUBST([ldap_conf]) AC_SUBST([ldap_secret]) AC_SUBST([sssd_lib]) AC_SUBST([nsswitch_conf]) AC_SUBST([netsvc_conf]) AC_SUBST([secure_path]) AC_SUBST([editor]) AC_SUBST([pam_session]) AC_SUBST([pam_login_service]) AC_SUBST([PLUGINDIR]) # # Begin initial values for man page substitution # iolog_dir=/var/log/sudo-io timedir=/var/adm/sudo timeout=5 password_timeout=5 sudo_umask=0022 umask_override=off passprompt="Password:" long_otp_prompt=off lecture=once logfac=auth goodpri=notice badpri=alert loglen=80 ignore_dot=off mail_no_user=on mail_no_host=off mail_no_perms=off mailto=root mailsub="*** SECURITY information for %h ***" badpass_message="Sorry, try again." fqdn=off runas_default=root env_editor=off env_reset=on editor=vi passwd_tries=3 tty_tickets=on insults=off root_sudo=on path_info=on ldap_conf=/etc/ldap.conf ldap_secret=/etc/ldap.secret netsvc_conf=/etc/netsvc.conf noexec_file=/usr/local/libexec/sudo/sudo_noexec.so sesh_file=/usr/local/libexec/sudo/sesh nsswitch_conf=/etc/nsswitch.conf secure_path="not set" pam_session=on pam_login_service=sudo PLUGINDIR=/usr/local/libexec/sudo # # End initial values for man page substitution # dnl dnl Initial values for Makefile variables listed above dnl May be overridden by environment variables.. dnl INSTALL_NOEXEC= devdir='$(srcdir)' PROGS="sudo" : ${MANDIRTYPE='man'} : ${mansrcdir='.'} : ${SHLIB_MODE='0644'} : ${SUDOERS_MODE='0440'} : ${SUDOERS_UID='0'} : ${SUDOERS_GID='0'} DEVEL= LDAP="#" BAMAN=0 LCMAN=0 PSMAN=0 SEMAN=0 LIBINTL= ZLIB= ZLIB_SRC= AUTH_OBJS= AUTH_REG= AUTH_EXCL= AUTH_EXCL_DEF= AUTH_DEF=passwd SUDO_NLS=disabled LOCALEDIR_SUFFIX= LT_LDEXPORTS="-export-symbols \$(shlib_exp)" LT_LDDEP="\$(shlib_exp)" NO_VIZ="-DNO_VIZ" OS_INIT=os_init_common dnl dnl Other vaiables dnl CHECKSHADOW=true shadow_defs= shadow_funcs= shadow_libs= shadow_libs_optional= CONFIGURE_ARGS="$@" dnl dnl LD_PRELOAD equivalents dnl RTLD_PRELOAD_VAR="LD_PRELOAD" RTLD_PRELOAD_ENABLE_VAR= RTLD_PRELOAD_DELIM=":" RTLD_PRELOAD_DEFAULT= dnl dnl libc replacement functions live in compat dnl AC_CONFIG_LIBOBJ_DIR(compat) # # Prior to sudo 1.8.7, sudo stored libexec files in $libexecdir. # Starting with sudo 1.8.7, $libexecdir/sudo is used so strip # off an extraneous "/sudo" from libexecdir. # case "$libexecdir" in */sudo) AC_MSG_WARN([libexecdir should not include the "sudo" subdirectory]) libexecdir=`expr "$libexecdir" : '\\(.*\\)/sudo$'` ;; esac dnl dnl Deprecated --with options (these all warn or generate an error) dnl AC_ARG_WITH(otp-only, [AS_HELP_STRING([--with-otp-only], [deprecated])], [case $with_otp_only in yes) with_passwd="no" AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd]) ;; esac]) AC_ARG_WITH(alertmail, [AS_HELP_STRING([--with-alertmail], [deprecated])], [case $with_alertmail in *) with_mailto="$with_alertmail" AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto]) ;; esac]) dnl dnl Options for --with dnl AC_ARG_WITH(devel, [AS_HELP_STRING([--with-devel], [add development options])], [case $with_devel in yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc]) OSDEFS="${OSDEFS} -DSUDO_DEVEL" DEVEL="true" devdir=. ;; no) ;; *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel]) ;; esac]) AC_ARG_WITH(CC, [AS_HELP_STRING([--with-CC], [C compiler to use])], [case $with_CC in *) AC_MSG_ERROR([the --with-CC option is no longer supported, please set the CC environment variable instead.]) ;; esac]) AC_ARG_WITH(rpath, [AS_HELP_STRING([--with-rpath], [deprecated, use --disable-rpath])], [AC_MSG_WARN([--with-rpath deprecated, rpath is now the default])]) AC_ARG_WITH(blibpath, [AS_HELP_STRING([--with-blibpath[=PATH]], [deprecated])], [AC_MSG_WARN([--with-blibpath deprecated, use --with-libpath])]) dnl dnl Handle BSM auditing support. dnl AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit support])], [case $with_bsm_audit in yes) AC_DEFINE(HAVE_BSM_AUDIT) SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm" SUDOERS_OBJS="${SUDOERS_OBJS} bsm_audit.lo" ;; no) ;; *) AC_MSG_ERROR(["--with-bsm-audit does not take an argument."]) ;; esac]) dnl dnl Handle Linux auditing support. dnl AC_ARG_WITH(linux-audit, [AS_HELP_STRING([--with-linux-audit], [enable Linux audit support])], [case $with_linux_audit in yes) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[int i = AUDIT_USER_CMD; (void)i;]])], [ AC_DEFINE(HAVE_LINUX_AUDIT) SUDO_LIBS="${SUDO_LIBS} -laudit" SUDOERS_LIBS="${SUDO_LIBS} -laudit" SUDOERS_OBJS="${SUDOERS_OBJS} linux_audit.lo" ], [ AC_MSG_ERROR([unable to find AUDIT_USER_CMD in libaudit.h for --with-linux-audit]) ]) ;; no) ;; *) AC_MSG_ERROR(["--with-linux-audit does not take an argument."]) ;; esac]) dnl dnl Handle SSSD support. dnl AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])], [case $with_sssd in yes) SUDOERS_OBJS="${SUDOERS_OBJS} sssd.lo" AC_DEFINE(HAVE_SSSD) ;; no) ;; *) AC_MSG_ERROR(["--with-sssd does not take an argument."]) ;; esac]) AC_ARG_WITH(sssd-lib, [AS_HELP_STRING([--with-sssd-lib], [path to the SSSD library])]) sssd_lib="\"LIBDIR\"" test -n "$with_sssd_lib" && sssd_lib="$with_sssd_lib" SUDO_DEFINE_UNQUOTED(_PATH_SSSD_LIB, "$sssd_lib", [Path to the SSSD library]) AC_ARG_WITH(incpath, [AS_HELP_STRING([--with-incpath], [additional places to look for include files])], [case $with_incpath in yes) AC_MSG_ERROR(["must give --with-incpath an argument."]) ;; no) AC_MSG_ERROR(["--without-incpath not supported."]) ;; *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS]) for i in ${with_incpath}; do SUDO_APPEND_CPPFLAGS(-I${i}) done ;; esac]) AC_ARG_WITH(libpath, [AS_HELP_STRING([--with-libpath], [additional places to look for libraries])], [case $with_libpath in yes) AC_MSG_ERROR(["must give --with-libpath an argument."]) ;; no) AC_MSG_ERROR(["--without-libpath not supported."]) ;; *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS]) ;; esac]) AC_ARG_WITH(libraries, [AS_HELP_STRING([--with-libraries], [additional libraries to link with])], [case $with_libraries in yes) AC_MSG_ERROR(["must give --with-libraries an argument."]) ;; no) AC_MSG_ERROR(["--without-libraries not supported."]) ;; *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS]) ;; esac]) AC_ARG_WITH(efence, [AS_HELP_STRING([--with-efence], [link with -lefence for malloc() debugging])], [case $with_efence in yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)]) LIBS="${LIBS} -lefence" if test -f /usr/local/lib/libefence.a; then with_libpath="${with_libpath} /usr/local/lib" fi ;; no) ;; *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence]) ;; esac]) AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])], [case $with_csops in yes) AC_MSG_NOTICE([Adding CSOps standard options]) CHECKSIA=false with_ignore_dot=yes insults=on with_classic_insults=yes with_csops_insults=yes with_env_editor=yes : ${mansectsu='8'} : ${mansectform='5'} ;; no) ;; *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops]) ;; esac]) AC_ARG_WITH(passwd, [AS_HELP_STRING([--without-passwd], [don't use passwd/shadow file for authentication])], [case $with_passwd in yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication) AC_MSG_RESULT($with_passwd) AUTH_DEF="" test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd" ;; *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."]) ;; esac]) AC_ARG_WITH(skey, [AS_HELP_STRING([--with-skey[=DIR]], [enable S/Key support ])], [case $with_skey in no) ;; *) AC_DEFINE(HAVE_SKEY) AC_MSG_CHECKING(whether to try S/Key authentication) AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG S/Key" ;; esac]) AC_ARG_WITH(opie, [AS_HELP_STRING([--with-opie[=DIR]], [enable OPIE support ])], [case $with_opie in no) ;; *) AC_DEFINE(HAVE_OPIE) AC_MSG_CHECKING(whether to try NRL OPIE authentication) AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG NRL_OPIE" ;; esac]) AC_ARG_WITH(long-otp-prompt, [AS_HELP_STRING([--with-long-otp-prompt], [use a two line OTP (skey/opie) prompt])], [case $with_long_otp_prompt in yes) AC_DEFINE(LONG_OTP_PROMPT) AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication) AC_MSG_RESULT(yes) long_otp_prompt=on ;; no) long_otp_prompt=off ;; *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."]) ;; esac]) AC_ARG_WITH(SecurID, [AS_HELP_STRING([--with-SecurID[[=DIR]]], [enable SecurID support])], [case $with_SecurID in no) ;; *) AC_DEFINE(HAVE_SECURID) AC_MSG_CHECKING(whether to use SecurID for authentication) AC_MSG_RESULT(yes) AUTH_EXCL="$AUTH_EXCL SecurID" ;; esac]) AC_ARG_WITH(fwtk, [AS_HELP_STRING([--with-fwtk[[=DIR]]], [enable FWTK AuthSRV support])], [case $with_fwtk in no) ;; *) AC_DEFINE(HAVE_FWTK) AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication) AC_MSG_RESULT(yes) AUTH_EXCL="$AUTH_EXCL FWTK" ;; esac]) AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])], [case $with_kerb5 in no) ;; *) AC_MSG_CHECKING(whether to try Kerberos V authentication) AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG kerb5" ;; esac]) AC_ARG_WITH(aixauth, [AS_HELP_STRING([--with-aixauth], [enable AIX general authentication support])], [case $with_aixauth in yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";; no) ;; *) AC_MSG_ERROR(["--with-aixauth does not take an argument."]) ;; esac]) AC_ARG_WITH(pam, [AS_HELP_STRING([--with-pam], [enable PAM support])], [case $with_pam in yes) AUTH_EXCL="$AUTH_EXCL PAM";; no) ;; *) AC_MSG_ERROR(["--with-pam does not take an argument."]) ;; esac]) AC_ARG_WITH(AFS, [AS_HELP_STRING([--with-AFS], [enable AFS support])], [case $with_AFS in yes) AC_DEFINE(HAVE_AFS) AC_MSG_CHECKING(whether to try AFS (kerberos) authentication) AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG AFS" ;; no) ;; *) AC_MSG_ERROR(["--with-AFS does not take an argument."]) ;; esac]) AC_ARG_WITH(DCE, [AS_HELP_STRING([--with-DCE], [enable DCE support])], [case $with_DCE in yes) AC_DEFINE(HAVE_DCE) AC_MSG_CHECKING(whether to try DCE (kerberos) authentication) AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG DCE" ;; no) ;; *) AC_MSG_ERROR(["--with-DCE does not take an argument."]) ;; esac]) AC_ARG_WITH(logincap, [AS_HELP_STRING([--with-logincap], [enable BSD login class support])], [case $with_logincap in yes|no) ;; *) AC_MSG_ERROR(["--with-logincap does not take an argument."]) ;; esac]) AC_ARG_WITH(bsdauth, [AS_HELP_STRING([--with-bsdauth], [enable BSD authentication support])], [case $with_bsdauth in yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";; no) ;; *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."]) ;; esac]) AC_ARG_WITH(project, [AS_HELP_STRING([--with-project], [enable Solaris project support])], [case $with_project in yes|no) ;; no) ;; *) AC_MSG_ERROR(["--with-project does not take an argument."]) ;; esac]) AC_MSG_CHECKING(whether to lecture users the first time they run sudo) AC_ARG_WITH(lecture, [AS_HELP_STRING([--without-lecture], [don't print lecture for first-time sudoer])], [case $with_lecture in yes|short|always) lecture=once ;; no|none|never) lecture=never ;; *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"]) ;; esac]) if test "$lecture" = "once"; then AC_MSG_RESULT(yes) else AC_DEFINE(NO_LECTURE) AC_MSG_RESULT(no) fi AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default) AC_ARG_WITH(logging, [AS_HELP_STRING([--with-logging], [log via syslog, file, or both])], [case $with_logging in yes) AC_MSG_ERROR(["must give --with-logging an argument."]) ;; no) AC_MSG_ERROR(["--without-logging not supported."]) ;; syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog) ;; file) AC_DEFINE(LOGGING, SLOG_FILE) AC_MSG_RESULT(file) ;; both) AC_DEFINE(LOGGING, SLOG_BOTH) AC_MSG_RESULT(both) ;; *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"]) ;; esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)]) AC_ARG_WITH(logfac, [AS_HELP_STRING([--with-logfac], [syslog facility to log with (default is "auth")])], [case $with_logfac in yes) AC_MSG_ERROR(["must give --with-logfac an argument."]) ;; no) AC_MSG_ERROR(["--without-logfac not supported."]) ;; authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac ;; *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."]) ;; esac]) AC_MSG_CHECKING(at which syslog priority to log commands) AC_ARG_WITH(goodpri, [AS_HELP_STRING([--with-goodpri], [syslog priority for commands (def is "notice")])], [case $with_goodpri in yes) AC_MSG_ERROR(["must give --with-goodpri an argument."]) ;; no) AC_MSG_ERROR(["--without-goodpri not supported."]) ;; alert|crit|debug|emerg|err|info|notice|warning) goodpri=$with_goodpri ;; *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."]) ;; esac]) AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.]) AC_MSG_RESULT($goodpri) AC_MSG_CHECKING(at which syslog priority to log failures) AC_ARG_WITH(badpri, [AS_HELP_STRING([--with-badpri], [syslog priority for failures (def is "alert")])], [case $with_badpri in yes) AC_MSG_ERROR(["must give --with-badpri an argument."]) ;; no) AC_MSG_ERROR(["--without-badpri not supported."]) ;; alert|crit|debug|emerg|err|info|notice|warning) badpri=$with_badpri ;; *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.]) ;; esac]) AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.]) AC_MSG_RESULT($badpri) AC_ARG_WITH(logpath, [AS_HELP_STRING([--with-logpath], [path to the sudo log file])], [case $with_logpath in yes) AC_MSG_ERROR(["must give --with-logpath an argument."]) ;; no) AC_MSG_ERROR(["--without-logpath not supported."]) ;; esac]) AC_MSG_CHECKING(how long a line in the log file should be) AC_ARG_WITH(loglen, [AS_HELP_STRING([--with-loglen], [maximum length of a log file line (default is 80)])], [case $with_loglen in yes) AC_MSG_ERROR(["must give --with-loglen an argument."]) ;; no) AC_MSG_ERROR(["--without-loglen not supported."]) ;; [[0-9]]*) loglen=$with_loglen ;; *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"]) ;; esac]) AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).]) AC_MSG_RESULT($loglen) AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH) AC_ARG_WITH(ignore-dot, [AS_HELP_STRING([--with-ignore-dot], [ignore '.' in the PATH])], [case $with_ignore_dot in yes) ignore_dot=on ;; no) ignore_dot=off ;; *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."]) ;; esac]) if test "$ignore_dot" = "on"; then AC_DEFINE(IGNORE_DOT_PATH) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_MSG_CHECKING(whether to send mail when a user is not in sudoers) AC_ARG_WITH(mail-if-no-user, [AS_HELP_STRING([--without-mail-if-no-user], [do not send mail if user not in sudoers])], [case $with_mail_if_no_user in yes) mail_no_user=on ;; no) mail_no_user=off ;; *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."]) ;; esac]) if test "$mail_no_user" = "on"; then AC_DEFINE(SEND_MAIL_WHEN_NO_USER) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_MSG_CHECKING(whether to send mail when user listed but not for this host) AC_ARG_WITH(mail-if-no-host, [AS_HELP_STRING([--with-mail-if-no-host], [send mail if user in sudoers but not for this host])], [case $with_mail_if_no_host in yes) mail_no_host=on ;; no) mail_no_host=off ;; *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."]) ;; esac]) if test "$mail_no_host" = "on"; then AC_DEFINE(SEND_MAIL_WHEN_NO_HOST) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command) AC_ARG_WITH(mail-if-noperms, [AS_HELP_STRING([--with-mail-if-noperms], [send mail if user not allowed to run command])], [case $with_mail_if_noperms in yes) mail_noperms=on ;; no) mail_noperms=off ;; *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."]) ;; esac]) if test "$mail_noperms" = "on"; then AC_DEFINE(SEND_MAIL_WHEN_NOT_OK) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_MSG_CHECKING(who should get the mail that sudo sends) AC_ARG_WITH(mailto, [AS_HELP_STRING([--with-mailto], [who should get sudo mail (default is "root")])], [case $with_mailto in yes) AC_MSG_ERROR(["must give --with-mailto an argument."]) ;; no) AC_MSG_ERROR(["--without-mailto not supported."]) ;; *) mailto=$with_mailto ;; esac]) AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.]) AC_MSG_RESULT([$mailto]) AC_ARG_WITH(mailsubject, [AS_HELP_STRING([--with-mailsubject], [subject of sudo mail])], [case $with_mailsubject in yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."]) ;; no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.]) ;; *) mailsub="$with_mailsubject" AC_MSG_CHECKING(sudo mail subject) AC_MSG_RESULT([Using alert mail subject: $mailsub]) ;; esac]) AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.]) AC_MSG_CHECKING(for bad password prompt) AC_ARG_WITH(passprompt, [AS_HELP_STRING([--with-passprompt], [default password prompt])], [case $with_passprompt in yes) AC_MSG_ERROR(["must give --with-passprompt an argument."]) ;; no) AC_MSG_WARN([Sorry, --without-passprompt not supported.]) ;; *) passprompt="$with_passprompt" esac]) AC_MSG_RESULT($passprompt) AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.]) AC_MSG_CHECKING(for bad password message) AC_ARG_WITH(badpass-message, [AS_HELP_STRING([--with-badpass-message], [message the user sees when the password is wrong])], [case $with_badpass_message in yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."]) ;; no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.]) ;; *) badpass_message="$with_badpass_message" ;; esac]) AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.]) AC_MSG_RESULT([$badpass_message]) AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers) AC_ARG_WITH(fqdn, [AS_HELP_STRING([--with-fqdn], [expect fully qualified hosts in sudoers])], [case $with_fqdn in yes) fqdn=on ;; no) fqdn=off ;; *) AC_MSG_ERROR(["--with-fqdn does not take an argument."]) ;; esac]) if test "$fqdn" = "on"; then AC_DEFINE(FQDN) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_ARG_WITH(timedir, [AS_HELP_STRING([--with-timedir], [path to the sudo timestamp dir])], [case $with_timedir in yes) AC_MSG_ERROR(["must give --with-timedir an argument."]) ;; no) AC_MSG_ERROR(["--without-timedir not supported."]) ;; esac]) AC_ARG_WITH(iologdir, [AS_HELP_STRING([--with-iologdir=DIR], [directory to store sudo I/O log files in])], [case $with_iologdir in yes) ;; no) AC_MSG_ERROR(["--without-iologdir not supported."]) ;; esac]) AC_ARG_WITH(sendmail, [AS_HELP_STRING([--with-sendmail], [set path to sendmail]) AS_HELP_STRING([--without-sendmail], [do not send mail at all])], [case $with_sendmail in yes) with_sendmail="" ;; no) ;; *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail") ;; esac]) AC_ARG_WITH(sudoers-mode, [AS_HELP_STRING([--with-sudoers-mode], [mode of sudoers file (defaults to 0440)])], [case $with_sudoers_mode in yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."]) ;; no) AC_MSG_ERROR(["--without-sudoers-mode not supported."]) ;; [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode} ;; 0*) SUDOERS_MODE=$with_sudoers_mode ;; *) AC_MSG_ERROR(["you must use an octal mode, not a name."]) ;; esac]) AC_ARG_WITH(sudoers-uid, [AS_HELP_STRING([--with-sudoers-uid], [uid that owns sudoers file (defaults to 0)])], [case $with_sudoers_uid in yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."]) ;; no) AC_MSG_ERROR(["--without-sudoers-uid not supported."]) ;; [[0-9]]*) SUDOERS_UID=$with_sudoers_uid ;; *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."]) ;; esac]) AC_ARG_WITH(sudoers-gid, [AS_HELP_STRING([--with-sudoers-gid], [gid that owns sudoers file (defaults to 0)])], [case $with_sudoers_gid in yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."]) ;; no) AC_MSG_ERROR(["--without-sudoers-gid not supported."]) ;; [[0-9]]*) SUDOERS_GID=$with_sudoers_gid ;; *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."]) ;; esac]) AC_MSG_CHECKING(for umask programs should be run with) AC_ARG_WITH(umask, [AS_HELP_STRING([--with-umask], [umask with which the prog should run (default is 022)]) AS_HELP_STRING([--without-umask], [Preserves the umask of the user invoking sudo.])], [case $with_umask in yes) AC_MSG_ERROR(["must give --with-umask an argument."]) ;; no) sudo_umask=0777 ;; [[0-9]]*) sudo_umask=$with_umask ;; *) AC_MSG_ERROR(["you must enter a numeric mask."]) ;; esac]) AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the sudo-run prog should use.]) if test "$sudo_umask" = "0777"; then AC_MSG_RESULT(user) else AC_MSG_RESULT($sudo_umask) fi AC_ARG_WITH(umask-override, [AS_HELP_STRING([--with-umask-override], [Use the umask specified in sudoers even if it is less restrictive than the user's.])], [case $with_umask_override in yes) AC_DEFINE(UMASK_OVERRIDE) umask_override=on ;; no) umask_override=off ;; *) AC_MSG_ERROR(["--with-umask-override does not take an argument."]) ;; esac]) AC_MSG_CHECKING(for default user to run commands as) AC_ARG_WITH(runas-default, [AS_HELP_STRING([--with-runas-default], [User to run commands as (default is "root")])], [case $with_runas_default in yes) AC_MSG_ERROR(["must give --with-runas-default an argument."]) ;; no) AC_MSG_ERROR(["--without-runas-default not supported."]) ;; *) runas_default="$with_runas_default" ;; esac]) AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.]) AC_MSG_RESULT([$runas_default]) AC_ARG_WITH(exempt, [AS_HELP_STRING([--with-exempt=group], [no passwd needed for users in this group])], [case $with_exempt in yes) AC_MSG_ERROR(["must give --with-exempt an argument."]) ;; no) AC_MSG_ERROR(["--without-exempt not supported."]) ;; *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").]) AC_MSG_CHECKING(for group to be exempt from password) AC_MSG_RESULT([$with_exempt]) ;; esac]) AC_MSG_CHECKING(for editor that visudo should use) AC_ARG_WITH(editor, [AS_HELP_STRING([--with-editor=path], [Default editor for visudo (defaults to vi)])], [case $with_editor in yes) AC_MSG_ERROR(["must give --with-editor an argument."]) ;; no) AC_MSG_ERROR(["--without-editor not supported."]) ;; *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.]) AC_MSG_RESULT([$with_editor]) editor="$with_editor" ;; esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)]) AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables) AC_ARG_WITH(env-editor, [AS_HELP_STRING([--with-env-editor], [Use the environment variable EDITOR for visudo])], [case $with_env_editor in yes) env_editor=on ;; no) env_editor=off ;; *) AC_MSG_ERROR(["--with-env-editor does not take an argument."]) ;; esac]) if test "$env_editor" = "on"; then AC_DEFINE(ENV_EDITOR) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_MSG_CHECKING(number of tries a user gets to enter their password) AC_ARG_WITH(passwd-tries, [AS_HELP_STRING([--with-passwd-tries], [number of tries to enter password (default is 3)])], [case $with_passwd_tries in yes) ;; no) AC_MSG_ERROR(["--without-editor not supported."]) ;; [[1-9]]*) passwd_tries=$with_passwd_tries ;; *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"]) ;; esac]) AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.]) AC_MSG_RESULT($passwd_tries) AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again) AC_ARG_WITH(timeout, [AS_HELP_STRING([--with-timeout], [minutes before sudo asks for passwd again (def is 5 minutes)])], [case $with_timeout in yes) ;; no) timeout=0 ;; [[0-9]]*) timeout=$with_timeout ;; *) AC_MSG_ERROR(["you must enter the numer of minutes."]) ;; esac]) AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.]) AC_MSG_RESULT($timeout) AC_MSG_CHECKING(time in minutes after the password prompt will time out) AC_ARG_WITH(password-timeout, [AS_HELP_STRING([--with-password-timeout], [passwd prompt timeout in minutes (default is 5 minutes)])], [case $with_password_timeout in yes) ;; no) password_timeout=0 ;; [[0-9]]*) password_timeout=$with_password_timeout ;; *) AC_MSG_ERROR(["you must enter the numer of minutes."]) ;; esac]) AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).]) AC_MSG_RESULT($password_timeout) AC_MSG_CHECKING(whether to use per-tty ticket files) AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different ticket file for each tty])], [case $with_tty_tickets in yes) tty_tickets=on ;; no) tty_tickets=off ;; *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."]) ;; esac]) if test "$tty_tickets" = "off"; then AC_DEFINE(NO_TTY_TICKETS) AC_MSG_RESULT(no) else AC_MSG_RESULT(yes) fi AC_MSG_CHECKING(whether to include insults) AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for entering an incorrect password])], [case $with_insults in yes) insults=on with_classic_insults=yes with_csops_insults=yes ;; disabled) insults=off with_classic_insults=yes with_csops_insults=yes ;; no) insults=off ;; *) AC_MSG_ERROR(["--with-insults does not take an argument."]) ;; esac]) if test "$insults" = "on"; then AC_DEFINE(USE_INSULTS) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_ARG_WITH(all-insults, [AS_HELP_STRING([--with-all-insults], [include all the sudo insult sets])], [case $with_all_insults in yes) with_classic_insults=yes with_csops_insults=yes with_hal_insults=yes with_goons_insults=yes ;; no) ;; *) AC_MSG_ERROR(["--with-all-insults does not take an argument."]) ;; esac]) AC_ARG_WITH(classic-insults, [AS_HELP_STRING([--with-classic-insults], [include the insults from the "classic" sudo])], [case $with_classic_insults in yes) AC_DEFINE(CLASSIC_INSULTS) ;; no) ;; *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."]) ;; esac]) AC_ARG_WITH(csops-insults, [AS_HELP_STRING([--with-csops-insults], [include CSOps insults])], [case $with_csops_insults in yes) AC_DEFINE(CSOPS_INSULTS) ;; no) ;; *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."]) ;; esac]) AC_ARG_WITH(hal-insults, [AS_HELP_STRING([--with-hal-insults], [include 2001-like insults])], [case $with_hal_insults in yes) AC_DEFINE(HAL_INSULTS) ;; no) ;; *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."]) ;; esac]) AC_ARG_WITH(goons-insults, [AS_HELP_STRING([--with-goons-insults], [include the insults from the "Goon Show"])], [case $with_goons_insults in yes) AC_DEFINE(GOONS_INSULTS) ;; no) ;; *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."]) ;; esac]) AC_ARG_WITH(nsswitch, [AS_HELP_STRING([--with-nsswitch[[=PATH]]], [path to nsswitch.conf])], [case $with_nsswitch in no) ;; yes) with_nsswitch="/etc/nsswitch.conf" ;; *) ;; esac]) AC_ARG_WITH(ldap, [AS_HELP_STRING([--with-ldap[[=DIR]]], [enable LDAP support])], [case $with_ldap in no) ;; *) AC_DEFINE(HAVE_LDAP) AC_MSG_CHECKING(whether to use sudoers from LDAP) AC_MSG_RESULT(yes) ;; esac]) AC_ARG_WITH(ldap-conf-file, [AS_HELP_STRING([--with-ldap-conf-file], [path to LDAP configuration file])]) test -n "$with_ldap_conf_file" && ldap_conf="$with_ldap_conf_file" SUDO_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$ldap_conf", [Path to the ldap.conf file]) AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path to LDAP secret password file])]) test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file" SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file]) AC_ARG_WITH(pc-insults, [AS_HELP_STRING([--with-pc-insults], [replace politically incorrect insults with less offensive ones])], [case $with_pc_insults in yes) AC_DEFINE(PC_INSULTS) ;; no) ;; *) AC_MSG_ERROR(["--with-pc-insults does not take an argument."]) ;; esac]) dnl include all insult sets on one line if test "$insults" = "on"; then AC_MSG_CHECKING(which insult sets to include) i="" test "$with_goons_insults" = "yes" && i="goons ${i}" test "$with_hal_insults" = "yes" && i="hal ${i}" test "$with_csops_insults" = "yes" && i="csops ${i}" test "$with_classic_insults" = "yes" && i="classic ${i}" AC_MSG_RESULT([$i]) fi AC_MSG_CHECKING(whether to override the user's path) AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])], [case $with_secure_path in yes) with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path") AC_MSG_RESULT([$with_secure_path]) secure_path="set to $with_secure_path" ;; no) AC_MSG_RESULT(no) ;; *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path") AC_MSG_RESULT([$with_secure_path]) secure_path="set to F<$with_secure_path>" ;; esac], AC_MSG_RESULT(no)) AC_MSG_CHECKING(whether to get ip addresses from the network interfaces) AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-interfaces], [don't try to read the ip addr of ether interfaces])], [case $with_interfaces in yes) AC_MSG_RESULT(yes) ;; no) AC_DEFINE(STUB_LOAD_INTERFACES) AC_MSG_RESULT(no) ;; *) AC_MSG_ERROR(["--with-interfaces does not take an argument."]) ;; esac], AC_MSG_RESULT(yes)) AC_ARG_WITH(stow, [AS_HELP_STRING([--with-stow], [deprecated])], [case $with_stow in *) AC_MSG_NOTICE([--with-stow option deprecated, now is defalt behavior]) ;; esac]) AC_MSG_CHECKING(whether to use an askpass helper) AC_ARG_WITH(askpass, [AS_HELP_STRING([--with-askpass=PATH], [Fully qualified pathname of askpass helper])], [case $with_askpass in yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."]) ;; no) ;; *) ;; esac], [ with_askpass=no AC_MSG_RESULT(no) ]) if test X"$with_askpass" != X"no"; then SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass") else SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, NULL) fi AC_ARG_WITH(plugindir, [AS_HELP_STRING([--with-plugindir], [set directory to load plugins from])], [case $with_plugindir in no) AC_MSG_ERROR(["illegal argument: --without-plugindir."]) ;; *) ;; esac], [with_plugindir="$libexecdir/sudo"]) AC_ARG_WITH(man, [AS_HELP_STRING([--with-man], [manual pages use man macros])], [case $with_man in yes) MANTYPE=man ;; no) AC_MSG_ERROR(["--without-man not supported."]) ;; *) AC_MSG_ERROR(["ignoring unknown argument to --with-man: $with_man."]) ;; esac]) AC_ARG_WITH(mdoc, [AS_HELP_STRING([--with-mdoc], [manual pages use mdoc macros])], [case $with_mdoc in yes) MANTYPE=mdoc ;; no) AC_MSG_ERROR(["--without-mdoc not supported."]) ;; *) AC_MSG_ERROR(["ignoring unknown argument to --with-mdoc: $with_mdoc."]) ;; esac]) dnl dnl Options for --enable dnl AC_MSG_CHECKING(whether to do user authentication by default) AC_ARG_ENABLE(authentication, [AS_HELP_STRING([--disable-authentication], [Do not require authentication by default])], [ case "$enableval" in yes) AC_MSG_RESULT(yes) ;; no) AC_MSG_RESULT(no) AC_DEFINE(NO_AUTHENTICATION) ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval]) ;; esac ], AC_MSG_RESULT(yes)) AC_MSG_CHECKING(whether to disable running the mailer as root) AC_ARG_ENABLE(root-mailer, [AS_HELP_STRING([--disable-root-mailer], [Don't run the mailer as root, run as the user])], [ case "$enableval" in yes) AC_MSG_RESULT(no) ;; no) AC_MSG_RESULT(yes) AC_DEFINE(NO_ROOT_MAILER) ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval]) ;; esac ], AC_MSG_RESULT(no)) AC_ARG_ENABLE(setreuid, [AS_HELP_STRING([--disable-setreuid], [Don't try to use the setreuid() function])], [ case "$enableval" in no) SKIP_SETREUID=yes ;; *) ;; esac ]) AC_ARG_ENABLE(setresuid, [AS_HELP_STRING([--disable-setresuid], [Don't try to use the setresuid() function])], [ case "$enableval" in no) SKIP_SETRESUID=yes ;; *) ;; esac ]) AC_MSG_CHECKING(whether to disable shadow password support) AC_ARG_ENABLE(shadow, [AS_HELP_STRING([--disable-shadow], [Never use shadow passwords])], [ case "$enableval" in yes) AC_MSG_RESULT(no) ;; no) AC_MSG_RESULT(yes) CHECKSHADOW="false" ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval]) ;; esac ], AC_MSG_RESULT(no)) AC_MSG_CHECKING(whether root should be allowed to use sudo) AC_ARG_ENABLE(root-sudo, [AS_HELP_STRING([--disable-root-sudo], [Don't allow root to run sudo])], [ case "$enableval" in yes) AC_MSG_RESULT(yes) ;; no) AC_DEFINE(NO_ROOT_SUDO) AC_MSG_RESULT(no) root_sudo=off ;; *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."]) ;; esac ], AC_MSG_RESULT(yes)) AC_MSG_CHECKING(whether to log the hostname in the log file) AC_ARG_ENABLE(log-host, [AS_HELP_STRING([--enable-log-host], [Log the hostname in the log file])], [ case "$enableval" in yes) AC_MSG_RESULT(yes) AC_DEFINE(HOST_IN_LOG) ;; no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval]) ;; esac ], AC_MSG_RESULT(no)) AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments) AC_ARG_ENABLE(noargs-shell, [AS_HELP_STRING([--enable-noargs-shell], [If sudo is given no arguments run a shell])], [ case "$enableval" in yes) AC_MSG_RESULT(yes) AC_DEFINE(SHELL_IF_NO_ARGS) ;; no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval]) ;; esac ], AC_MSG_RESULT(no)) AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode) AC_ARG_ENABLE(shell-sets-home, [AS_HELP_STRING([--enable-shell-sets-home], [Set $HOME to target user in shell mode])], [ case "$enableval" in yes) AC_MSG_RESULT(yes) AC_DEFINE(SHELL_SETS_HOME) ;; no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval]) ;; esac ], AC_MSG_RESULT(no)) AC_MSG_CHECKING(whether to disable 'command not found' messages) AC_ARG_ENABLE(path_info, [AS_HELP_STRING([--disable-path-info], [Print 'command not allowed' not 'command not found'])], [ case "$enableval" in yes) AC_MSG_RESULT(no) ;; no) AC_MSG_RESULT(yes) AC_DEFINE(DONT_LEAK_PATH_INFO) path_info=off ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval]) ;; esac ], AC_MSG_RESULT(no)) AC_MSG_CHECKING(whether to enable environment debugging) AC_ARG_ENABLE(env_debug, [AS_HELP_STRING([--enable-env-debug], [Whether to enable environment debugging.])], [ case "$enableval" in yes) AC_MSG_RESULT(yes) AC_DEFINE(ENV_DEBUG) ;; no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-env-debug: $enableval]) ;; esac ], AC_MSG_RESULT(no)) AC_ARG_ENABLE(zlib, [AS_HELP_STRING([--enable-zlib[[=PATH]]], [Whether to enable or disable zlib])], [], [enable_zlib=yes]) AC_MSG_CHECKING(whether to enable environment resetting by default) AC_ARG_ENABLE(env_reset, [AS_HELP_STRING([--enable-env-reset], [Whether to enable environment resetting by default.])], [ case "$enableval" in yes) env_reset=on ;; no) env_reset=off ;; *) env_reset=on AC_MSG_WARN([Ignoring unknown argument to --enable-env-reset: $enableval]) ;; esac ]) if test "$env_reset" = "on"; then AC_MSG_RESULT(yes) AC_DEFINE(ENV_RESET, 1) else AC_MSG_RESULT(no) AC_DEFINE(ENV_RESET, 0) fi AC_ARG_ENABLE(warnings, [AS_HELP_STRING([--enable-warnings], [Whether to enable compiler warnings])], [ case "$enableval" in yes) ;; no) ;; *) AC_MSG_WARN([Ignoring unknown argument to --enable-warnings: $enableval]) ;; esac ]) AC_ARG_ENABLE(werror, [AS_HELP_STRING([--enable-werror], [Whether to enable the -Werror compiler option])], [ case "$enableval" in yes) ;; no) ;; *) AC_MSG_WARN([Ignoring unknown argument to --enable-werror: $enableval]) ;; esac ]) AC_ARG_ENABLE(hardening, [AS_HELP_STRING([--disable-hardening], [Do not use compiler/linker exploit mitigation options])], [], [enable_hardening=yes]) AC_ARG_ENABLE(pie, [AS_HELP_STRING([--enable-pie], [Build sudo as a position independent executable.])]) AC_ARG_ENABLE(poll, [AS_HELP_STRING([--disable-poll], [Use select() instead of poll().])]) AC_ARG_ENABLE(admin-flag, [AS_HELP_STRING([--enable-admin-flag], [Whether to create a Ubuntu-style admin flag file])], [ case "$enableval" in yes) AC_DEFINE(USE_ADMIN_FLAG) ;; no) ;; *) AC_MSG_WARN([Ignoring unknown argument to --enable-admin-flag: $enableval]) ;; esac ]) AC_ARG_ENABLE(nls, [AS_HELP_STRING([--disable-nls], [Disable natural language support using gettext])], [], [enable_nls=yes]) AC_ARG_ENABLE(rpath, [AS_HELP_STRING([--disable-rpath], [Disable passing of -Rpath to the linker])], [], [enable_rpath=yes]) AC_ARG_ENABLE(static-sudoers, [AS_HELP_STRING([--enable-static-sudoers], [Build the sudoers policy module as part of the sudo binary instead as a plugin])], [], [enable_static_sudoers=no]) AC_ARG_WITH(selinux, [AS_HELP_STRING([--with-selinux], [enable SELinux support])], [case $with_selinux in yes) SELINUX_USAGE="[[-r role]] [[-t type]] " AC_DEFINE(HAVE_SELINUX) SUDO_LIBS="${SUDO_LIBS} -lselinux" SUDO_OBJS="${SUDO_OBJS} selinux.o" PROGS="${PROGS} sesh" SEMAN=1 AC_CHECK_LIB([selinux], [setkeycreatecon], [AC_DEFINE(HAVE_SETKEYCREATECON)]) ;; no) ;; *) AC_MSG_ERROR(["--with-selinux does not take an argument."]) ;; esac], [with_selinux=no]) dnl dnl gss_krb5_ccache_name() may not work on Heimdal so we don't use it by default dnl AC_ARG_ENABLE(gss_krb5_ccache_name, [AS_HELP_STRING([--enable-gss-krb5-ccache-name], [Use GSS-API to set the Kerberos V cred cache name])], [check_gss_krb5_ccache_name=$enableval], [check_gss_krb5_ccache_name=no]) dnl dnl C compiler checks dnl AC_SEARCH_LIBS([strerror], [cposix]) AC_PROG_CPP AC_CHECK_TOOL(AR, ar, false) AC_CHECK_TOOL(RANLIB, ranlib, :) if test X"$AR" = X"false"; then AC_MSG_ERROR([the "ar" utility is required to build sudo]) fi if test "x$ac_cv_prog_cc_c89" = "xno"; then AC_MSG_ERROR([Sudo version $PACKAGE_VERSION requires an ANSI C compiler to build.]) fi dnl dnl If the user specified --disable-static, override them or we'll dnl be unable to build the executables in the sudoers plugin dir. dnl if test "$enable_static" = "no"; then AC_MSG_WARN([Ignoring --disable-static, sudo does not install static libs]) enable_static=yes fi dnl dnl Libtool setup, we require libtool 2.2.6b or higher dnl AC_CANONICAL_HOST AC_CONFIG_MACRO_DIR([m4]) LT_PREREQ([2.2.6b]) LT_INIT([dlopen]) dnl dnl Allow the user to specify an alternate libtool. dnl XXX - should be able to skip LT_INIT if we are using a different libtool dnl AC_ARG_WITH(libtool, [AS_HELP_STRING([--with-libtool=PATH], [specify path to libtool])], [case $with_libtool in yes|builtin) ;; no) AC_MSG_ERROR(["--without-libtool not supported."]) ;; system) LIBTOOL=libtool ;; *) LIBTOOL="$with_libtool" ;; esac]) dnl dnl Defer with_noexec until after libtool magic runs dnl if test "$enable_shared" = "no"; then with_noexec=no enable_dlopen=no lt_cv_dlopen=none lt_cv_dlopen_libs= ac_cv_func_dlopen=no LT_LDFLAGS=-static else eval _shrext="$shrext_cmds" # Darwin uses .dylib for libraries but .so for modules if test X"$_shrext" = X".dylib"; then SOEXT=".so" SHLIB_EXT=".dylib" else SOEXT="$_shrext" SHLIB_EXT="$_shrext" fi fi LIBDL="$lt_cv_dlopen_libs" AC_MSG_CHECKING(path to sudo_noexec.so) AC_ARG_WITH(noexec, [AS_HELP_STRING([--with-noexec[=PATH]], [fully qualified pathname of sudo_noexec.so])], [case $with_noexec in yes) with_noexec="$libexecdir/sudo/sudo_noexec.so" ;; no) ;; *) ;; esac], [with_noexec="$libexecdir/sudo/sudo_noexec.so"]) AC_MSG_RESULT($with_noexec) NOEXECFILE="sudo_noexec.so" NOEXECDIR="`echo $with_noexec|sed -e 's:^${\([[^}]]*\)}:$(\1):' -e 's:^\(.*\)/[[^/]]*:\1:'`" dnl dnl Find programs we use dnl AC_PATH_PROG(UNAMEPROG, [uname], [uname]) AC_PATH_PROG(TRPROG, [tr], [tr]) AC_PATH_PROG(MANDOCPROG, [mandoc], [mandoc]) if test "$MANDOCPROG" != "mandoc"; then : ${MANTYPE='mdoc'} else AC_PATH_PROG(NROFFPROG, [nroff]) if test -n "$NROFFPROG"; then test -n "$MANTYPE" && sudo_cv_var_mantype="$MANTYPE" AC_CACHE_CHECK([which macro set to use for manual pages], [sudo_cv_var_mantype], [ sudo_cv_var_mantype="man" echo ".Sh NAME" > conftest echo ".Nm sudo" >> conftest echo ".Nd sudo" >> conftest echo ".Sh DESCRIPTION" >> conftest echo "sudo" >> conftest if $NROFFPROG -mdoc conftest >/dev/null 2>&1; then sudo_cv_var_mantype="mdoc" fi rm -f conftest ] ) MANTYPE="$sudo_cv_var_mantype" else MANTYPE=cat MANDIRTYPE=cat mansrcdir='$(srcdir)' fi fi dnl dnl What kind of beastie are we being run on? dnl Barf if config.cache was generated on another host. dnl if test -n "$sudo_cv_prev_host"; then if test "$sudo_cv_prev_host" != "$host"; then AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.]) else AC_MSG_CHECKING(previous host type) AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host") AC_MSG_RESULT([$sudo_cv_prev_host]) fi else # this will produce no output since there is no cached value AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host") fi dnl dnl We want to be able to differentiate between different rev's dnl if test -n "$host_os"; then OS=`echo $host_os | sed 's/[[0-9]].*//'` OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'` OSMAJOR=`echo $OSREV | sed 's/\..*$//'` else OS="unknown" OSREV=0 OSMAJOR=0 fi case "$host" in *-*-sunos4*) # LD_PRELOAD is space-delimited RTLD_PRELOAD_DELIM=" " # getcwd(3) opens a pipe to getpwd(1)!?! BROKEN_GETCWD=1 # system headers lack prototypes but gcc helps... if test -n "$GCC"; then OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__" fi shadow_funcs="getpwanam issecure" ;; *-*-solaris2*) # LD_PRELOAD is space-delimited RTLD_PRELOAD_DELIM=" " # Solaris-specific initialization OS_INIT=os_init_solaris SUDO_OBJS="${SUDO_OBJS} solaris.o" # To get the crypt(3) prototype (so we pass -Wall) OSDEFS="${OSDEFS} -D__EXTENSIONS__" # AFS support needs -lucb if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lucb" fi : ${mansectsu='1m'} : ${mansectform='4'} test -z "$with_pam" && AUTH_EXCL_DEF="PAM" AC_CHECK_FUNCS(priv_set, [PSMAN=1]) ;; *-*-aix*) # To get all prototypes (so we pass -Wall) OSDEFS="${OSDEFS} -D_ALL_SOURCE -D_LINUX_SOURCE_COMPAT" SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp" # On AIX 6 and higher default to PAM, else default to LAM if test $OSMAJOR -ge 6; then if test X"$with_pam" = X""; then AUTH_EXCL_DEF="PAM" fi else if test X"$with_aixauth" = X""; then AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"]) fi fi # AIX analog of nsswitch.conf, enabled by default AC_ARG_WITH(netsvc, [AS_HELP_STRING([--with-netsvc[[=PATH]]], [path to netsvc.conf])], [case $with_netsvc in no) ;; yes) with_netsvc="/etc/netsvc.conf" ;; *) ;; esac]) if test -z "$with_nsswitch" -a -z "$with_netsvc"; then with_netsvc="/etc/netsvc.conf" fi # LDR_PRELOAD is only supported in AIX 5.3 and later if test $OSMAJOR -lt 5; then with_noexec=no else RTLD_PRELOAD_VAR="LDR_PRELOAD" fi # AIX-specific functions AC_CHECK_FUNCS(getuserattr setauthdb setrlimit64) COMMON_OBJS="${COMMON_OBJS} aix.lo" ;; *-*-hiuxmpp*) : ${mansectsu='1m'} : ${mansectform='4'} # HP-UX shared libs must be executable SHLIB_MODE=0755 ;; *-*-hpux*) # AFS support needs -lBSD if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lBSD" fi : ${mansectsu='1m'} : ${mansectform='4'} # HP-UX shared libs must be executable SHLIB_MODE=0755 # The HP bundled compiler cannot generate shared libs if test -z "$GCC"; then AC_CACHE_CHECK([for HP bundled C compiler], [sudo_cv_var_hpccbundled], [if $CC -V 2>&1 | grep '^(Bundled)' >/dev/null 2>&1; then sudo_cv_var_hpccbundled=yes else sudo_cv_var_hpccbundled=no fi] ) if test "$sudo_cv_var_hpccbundled" = "yes"; then AC_MSG_ERROR([The HP bundled C compiler is unable to build Sudo, you must use gcc or the HP ANSI C compiler instead.]) fi fi # Build PA-RISC1.1 objects for better portability case "$host_cpu" in hppa[[2-9]]*) _CFLAGS="$CFLAGS" if test -n "$GCC"; then portable_flag="-march=1.1" else portable_flag="+DAportable" fi CFLAGS="$CFLAGS $portable_flag" AC_CACHE_CHECK([whether $CC understands $portable_flag], [sudo_cv_var_daportable], [AC_LINK_IFELSE( [AC_LANG_PROGRAM([[]], [[]])], [sudo_cv_var_daportable=yes], [sudo_cv_var_daportable=no] ) ] ) if test X"$sudo_cv_var_daportable" != X"yes"; then CFLAGS="$_CFLAGS" fi ;; esac case "$host_os" in hpux[[1-8]].*) AC_DEFINE(BROKEN_SYSLOG) ;; hpux9.*) AC_DEFINE(BROKEN_SYSLOG) shadow_funcs="getspwuid" # DCE support (requires ANSI C compiler) if test "$with_DCE" = "yes"; then # order of libs in 9.X is important. -lc_r must be last SUDOERS_LIBS="${SUDOERS_LIBS} -ldce -lM -lc_r" LIBS="${LIBS} -ldce -lM -lc_r" SUDO_APPEND_CPPFLAGS(-D_REENTRANT) SUDO_APPEND_CPPFLAGS(-I/usr/include/reentrant) fi ;; hpux10.*) shadow_funcs="getprpwnam iscomsec" shadow_libs="-lsec" # HP-UX 10.20 libc has an incompatible getline ac_cv_func_getline="no" ;; *) shadow_funcs="getspnam iscomsec" shadow_libs="-lsec" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" ;; esac AC_CHECK_FUNCS(pstat_getproc) ;; *-dec-osf*) # ignore envariables wrt dynamic lib path # XXX - sudo LDFLAGS instead? SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -Wl,-no_library_replacement" : ${CHECKSIA='true'} AC_MSG_CHECKING(whether to disable sia support on Digital UNIX) AC_ARG_ENABLE(sia, [AS_HELP_STRING([--disable-sia], [Disable SIA on Digital UNIX])], [ case "$enableval" in yes) AC_MSG_RESULT(no) CHECKSIA=true ;; no) AC_MSG_RESULT(yes) CHECKSIA=false ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval]) ;; esac ], AC_MSG_RESULT(no)) shadow_funcs="getprpwnam dispcrypt" # OSF/1 4.x and higher need -ldb too if test $OSMAJOR -lt 4; then shadow_libs="-lsecurity -laud -lm" else shadow_libs="-lsecurity -ldb -laud -lm" fi # use SIA by default, if we have it test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA" # # Some versions of Digital Unix ship with a broken # copy of prot.h, which we need for shadow passwords. # XXX - make should remove this as part of distclean # AC_MSG_CHECKING([for broken prot.h]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include #include #include ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally]) sed 's:::g' < /usr/include/prot.h > prot.h ]) # ":DEFAULT" must be appended to _RLD_LIST RTLD_PRELOAD_VAR="_RLD_LIST" RTLD_PRELOAD_DEFAULT="DEFAULT" : ${mansectsu='8'} : ${mansectform='4'} ;; *-*-irix*) OSDEFS="${OSDEFS} -D_BSD_TYPES" if test -z "$NROFFPROG"; then if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then if test -d /usr/share/catman/local; then mandir="/usr/share/catman/local" else mandir="/usr/catman/local" fi fi # Compress cat pages with pack MANCOMPRESS='pack' MANCOMPRESSEXT='.z' else if test "$prefix" = "/usr/local" -a "$mandir" = '${datarootdir}/man'; then if test -d "/usr/share/man/local"; then mandir="/usr/share/man/local" else mandir="/usr/man/local" fi fi fi # IRIX <= 4 needs -lsun if test "$OSMAJOR" -le 4; then AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"]) fi # ":DEFAULT" must be appended to _RLD_LIST RTLD_PRELOAD_VAR="_RLD_LIST" RTLD_PRELOAD_DEFAULT="DEFAULT" : ${mansectsu='1m'} : ${mansectform='4'} ;; *-*-linux*|*-*-k*bsd*-gnu) OSDEFS="${OSDEFS} -D_GNU_SOURCE" # Some Linux versions need to link with -lshadow shadow_funcs="getspnam" shadow_libs_optional="-lshadow" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" ;; *-convex-bsd*) OSDEFS="${OSDEFS} -D_CONVEX_SOURCE" if test -z "$GCC"; then CFLAGS="${CFLAGS} -D__STDC__" fi shadow_defs="-D_AUDIT -D_ACL -DSecureWare" shadow_funcs="getprpwnam" shadow_libs="-lprot" ;; *-*-ultrix*) OS="ultrix" shadow_funcs="getauthuid" shadow_libs="-lauth" ;; *-*-riscos*) LIBS="${LIBS} -lsun -lbsd" SUDO_APPEND_CPPFLAGS(-I/usr/include) SUDO_APPEND_CPPFLAGS(-I/usr/include/bsd) OSDEFS="${OSDEFS} -D_MIPS" : ${mansectsu='1m'} : ${mansectform='4'} ;; *-*-isc*) OSDEFS="${OSDEFS} -D_ISC" LIB_CRYPT=1 SUDOERS_LIBS="${SUDOERS_LIBS} -lcrypt" shadow_funcs="getspnam" shadow_libs="-lsec" : ${mansectsu='1m'} : ${mansectform='4'} ;; *-*-sco*|*-sco-*) shadow_funcs="getprpwnam" shadow_libs="-lprot -lx" : ${mansectsu='1m'} : ${mansectform='4'} ;; m88k-motorola-sysv*) # motorolla's cc (a variant of gcc) does -O but not -O2 CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'` : ${mansectsu='1m'} : ${mansectform='4'} ;; *-sequent-sysv*) shadow_funcs="getspnam" shadow_libs="-lsec" : ${mansectsu='1m'} : ${mansectform='4'} ;; *-ncr-sysv4*|*-ncr-sysvr4*) AC_CHECK_LIB(c89, strcasecmp, [LIBS="${LIBS} -lc89"]) : ${mansectsu='1m'} : ${mansectform='4'} ;; *-ccur-sysv4*|*-ccur-sysvr4*) LIBS="${LIBS} -lgen" : ${mansectsu='1m'} : ${mansectform='4'} ;; *-*-bsdi*) SKIP_SETREUID=yes # Check for newer BSD auth API if test -z "$with_bsdauth"; then AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"]) fi ;; *-*-freebsd*) # FreeBSD has a real setreuid(2) starting with 2.1 and # backported to 2.0.5. We just take 2.1 and above... case "$OSREV" in 0.*|1.*|2.0*) SKIP_SETREUID=yes ;; esac OSDEFS="${OSDEFS} -D_BSD_SOURCE" if test "${with_skey-'no'}" = "yes"; then SUDOERS_LIBS="${SUDOERS_LIBS} -lmd" fi CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='maybe'} ;; *-*-*openbsd*) # OpenBSD-specific initialization OS_INIT=os_init_openbsd SUDO_OBJS="${SUDO_OBJS} openbsd.o" # OpenBSD has a real setreuid(2) starting with 3.3 but # we will use setresuid(2) instead. SKIP_SETREUID=yes OSDEFS="${OSDEFS} -D_BSD_SOURCE" CHECKSHADOW="false" # OpenBSD >= 3.0 supports BSD auth if test -z "$with_bsdauth"; then if test "$OSMAJOR" -ge 3; then AUTH_EXCL_DEF="BSD_AUTH" fi fi : ${with_logincap='maybe'} ;; *-*-*netbsd*) # NetBSD has a real setreuid(2) starting with 1.3.2 case "$OSREV" in 0.9*|1.[[012]]*|1.3|1.3.1) SKIP_SETREUID=yes ;; esac CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='maybe'} ;; *-*-dragonfly*) OSDEFS="${OSDEFS} -D_BSD_SOURCE" if test "${with_skey-'no'}" = "yes"; then SUDOERS_LIBS="${SUDOERS_LIBS} -lmd" fi CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='yes'} ;; *-*-*bsd*) CHECKSHADOW="false" ;; *-*-darwin*) # Darwin has a real setreuid(2) starting with 9.0 if test $OSMAJOR -lt 9; then SKIP_SETREUID=yes fi CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='yes'} # Darwin has a broken poll() : ${enable_poll='no'} # Darwin 8 and above can interpose library symbols cleanly if test $OSMAJOR -ge 8; then AC_DEFINE(HAVE___INTERPOSE) dlyld_interpose=yes else RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE" fi RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" ;; *-*-nextstep*) # lockf() on is broken on the NeXT -- use flock instead ac_cv_func_lockf=no ac_cv_func_flock=yes RTLD_PRELOAD_VAR="DYLD_INSERT_LIBRARIES" RTLD_PRELOAD_ENABLE_VAR="DYLD_FORCE_FLAT_NAMESPACE" ;; *-*-*sysv4*) : ${mansectsu='1m'} : ${mansectform='4'} ;; *-*-sysv*) : ${mansectsu='1m'} : ${mansectform='4'} ;; *-gnu*) OSDEFS="${OSDEFS} -D_GNU_SOURCE" ;; esac dnl dnl Library preloading to support NOEXEC dnl if test -n "$with_noexec"; then SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_VAR, "$RTLD_PRELOAD_VAR") SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DELIM, "$RTLD_PRELOAD_DELIM") if test -n "$RTLD_PRELOAD_DEFAULT"; then SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_DEFAULT, "$RTLD_PRELOAD_DEFAULT") fi if test -n "$RTLD_PRELOAD_ENABLE_VAR"; then SUDO_DEFINE_UNQUOTED(RTLD_PRELOAD_ENABLE_VAR, "$RTLD_PRELOAD_ENABLE_VAR") fi fi dnl dnl Check for mixing mutually exclusive and regular auth methods dnl AUTH_REG=${AUTH_REG# } AUTH_EXCL=${AUTH_EXCL# } if test -n "$AUTH_EXCL"; then set -- $AUTH_EXCL if test $# != 1; then AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL]) fi if test -n "$AUTH_REG"; then AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods]) fi fi dnl dnl Only one of S/Key and OPIE may be specified dnl if test X"${with_skey}${with_opie}" = X"yesyes"; then AC_MSG_ERROR(["cannot use both S/Key and OPIE"]) fi dnl dnl Use BSD-style man sections by default dnl : ${mansectsu='8'} : ${mansectform='5'} dnl dnl Add in any libpaths or libraries specified via configure dnl if test -n "$with_libpath"; then for i in ${with_libpath}; do SUDO_APPEND_LIBPATH(LDFLAGS, [$i]) done fi if test -n "$with_libraries"; then for i in ${with_libraries}; do case $i in -l*) ;; *.a) ;; *.o) ;; *) i="-l${i}";; esac LIBS="${LIBS} ${i}" done fi dnl dnl C compiler checks (to be done after os checks) dnl AC_PROG_GCC_TRADITIONAL AC_C_CONST AC_C_VOLATILE AC_MSG_CHECKING([for variadic macro support in cpp]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ AC_INCLUDES_DEFAULT #if defined(__GNUC__) && __GNUC__ == 2 # define sudo_fprintf(fp, fmt...) fprintf((fp), (fmt)) #else # define sudo_fprintf(fp, ...) fprintf((fp), __VA_ARGS__) #endif ], [sudo_fprintf(stderr, "a %s", "test");])], [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]) AC_DEFINE([NO_VARIADIC_MACROS], [1], [Define if your C preprocessor does not support variadic macros.]) AC_MSG_WARN([Your C preprocessor doesn't support variadic macros, debugging support will be limited])]) dnl dnl Program checks dnl AC_PROG_YACC AC_PATH_PROG([FLEX], [flex], [flex]) SUDO_PROG_MV SUDO_PROG_BSHELL if test -z "$with_sendmail"; then SUDO_PROG_SENDMAIL fi SUDO_PROG_VI dnl dnl Check for authpriv support in syslog dnl AC_MSG_CHECKING(which syslog facility sudo should log with) if test X"$with_logfac" = X""; then AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[int i = LOG_AUTHPRIV; (void)i;]])], [logfac=authpriv]) fi AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.]) AC_MSG_RESULT($logfac) dnl dnl Header file checks dnl AC_HEADER_STDC AC_HEADER_DIRENT AC_HEADER_TIME AC_HEADER_STDBOOL AC_HEADER_MAJOR AC_CHECK_HEADERS(malloc.h netgroup.h paths.h spawn.h utime.h utmpx.h sys/sockio.h sys/bsdtypes.h sys/select.h sys/stropts.h sys/sysmacros.h) AC_CHECK_HEADERS([endian.h] [sys/endian.h] [machine/endian.h], [break]) AC_CHECK_HEADERS([procfs.h] [sys/procfs.h], [AC_CHECK_MEMBERS(struct psinfo.pr_ttydev, [AC_CHECK_FUNCS(_ttyname_dev)], [], [AC_INCLUDES_DEFAULT #ifdef HAVE_PROCFS_H #include #endif #ifdef HAVE_SYS_PROCFS_H #include #endif ])] break) # # Check for large file support. # AC_SYS_LARGEFILE # # HP-UX may need to define _XOPEN_SOURCE_EXTENDED to expose MSG_WAITALL. # Also, HP-UX 11.23 has a broken sys/types.h when large files support # is enabled and _XOPEN_SOURCE_EXTENDED is not also defined. # The following test will define _XOPEN_SOURCE_EXTENDED in either case. # case "$host_os" in hpux*) AC_CACHE_CHECK([whether sys/socket.h needs _XOPEN_SOURCE_EXTENDED for MSG_WAITALL], [sudo_cv_xopen_source_extended], [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([AC_INCLUDES_DEFAULT # include ], [int a = MSG_WAITALL; return a;])], [sudo_cv_xopen_source_extended=no], [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#define _XOPEN_SOURCE_EXTENDED AC_INCLUDES_DEFAULT # include ], [int a = MSG_WAITALL; return a;])], [sudo_cv_xopen_source_extended=yes], [sudo_cv_xopen_source_extended=error]) ])]) if test "$sudo_cv_xopen_source_extended" = "yes"; then OSDEFS="${OSDEFS} -D_XOPEN_SOURCE_EXTENDED" SUDO_DEFINE(_XOPEN_SOURCE_EXTENDED) fi ;; esac AC_SYS_POSIX_TERMIOS if test "$ac_cv_sys_posix_termios" != "yes"; then AC_MSG_ERROR([Must have POSIX termios to build sudo]) fi SUDO_MAILDIR if test ${with_logincap-'no'} != "no"; then AC_CHECK_HEADERS(login_cap.h, [LOGINCAP_USAGE='[[-c class]] '; LCMAN=1 case "$OS" in freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" SUDOERS_LIBS="${SUDOERS_LIBS} -lutil" ;; esac ]) fi if test ${with_project-'no'} != "no"; then AC_CHECK_HEADER(project.h, [ AC_CHECK_LIB(project, setproject, [ AC_DEFINE(HAVE_PROJECT_H) SUDO_LIBS="${SUDO_LIBS} -lproject" ]) ], []) fi dnl dnl typedef checks dnl We need to define __STDC_WANT_LIB_EXT1__ for errno_t and rsize_t dnl SUDO_APPEND_CPPFLAGS(-D__STDC_WANT_LIB_EXT1__=1) AC_TYPE_MODE_T AC_TYPE_UID_T AC_CHECK_TYPE([sig_atomic_t], [], [AC_DEFINE(sig_atomic_t, int)], [#include #include ]) AC_CHECK_TYPES([sigaction_t], [], [], [#include #include ]) AC_CHECK_TYPES([struct timespec], [], [], [#include #ifdef TIME_WITH_SYS_TIME # include #endif #include ]) AC_CHECK_TYPES([struct in6_addr], [], [], [#include #include ]) AC_TYPE_LONG_LONG_INT if test X"$ac_cv_type_long_long_int" != X"yes"; then AC_MSG_ERROR(["C compiler does not appear to support the long long int type"]) fi AC_CHECK_SIZEOF([long int]) AC_CHECK_TYPE(id_t, unsigned int) AC_CHECK_TYPE(size_t, unsigned int) AC_CHECK_TYPE(ssize_t, int) AC_CHECK_TYPE(dev_t, int) AC_CHECK_TYPE(ino_t, unsigned int) AC_CHECK_TYPE(uint8_t, unsigned char) AC_CHECK_TYPE(uint32_t, unsigned int) AC_CHECK_TYPE(uint64_t, unsigned long long) AC_CHECK_TYPE(socklen_t, [], [AC_DEFINE(socklen_t, unsigned int)], [ AC_INCLUDES_DEFAULT #include ]) AC_CHECK_TYPE(rsize_t, size_t) AC_CHECK_TYPE(errno_t, int) SUDO_UID_T_LEN SUDO_SOCK_SA_LEN SUDO_SOCK_SIN_LEN dnl dnl Check for utmp/utmpx struct members. dnl We need to include OSDEFS for glibc which only has __e_termination dnl visible when _GNU_SOURCE is *not* defined. dnl _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $OSDEFS" if test $ac_cv_header_utmpx_h = "yes"; then AC_CHECK_MEMBERS([struct utmpx.ut_id, struct utmpx.ut_pid, struct utmpx.ut_tv, struct utmpx.ut_type], [], [], [ # include # include ]) dnl dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination dnl AC_CHECK_MEMBERS([struct utmpx.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [ AC_CHECK_MEMBERS([struct utmpx.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMPX_UT_EXIT)], [], [ # include # include ]) ], [ # include # include ]) else AC_CHECK_MEMBERS([struct utmp.ut_id, struct utmp.ut_pid, struct utmp.ut_tv, struct utmp.ut_type, struct utmp.ut_user], [], [], [ # include # include ]) dnl dnl Check for ut_exit.__e_termination first, then ut_exit.e_termination dnl AC_CHECK_MEMBERS([struct utmp.ut_exit.__e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [ AC_CHECK_MEMBERS([struct utmp.ut_exit.e_termination], [AC_DEFINE(HAVE_STRUCT_UTMP_UT_EXIT)], [], [ # include # include ]) ], [ # include # include ]) fi CFLAGS="$_CFLAGS" dnl dnl Function checks dnl AC_FUNC_GETGROUPS AC_CHECK_FUNCS(glob nl_langinfo regcomp setenv strftime strrchr strtoll \ sysconf tzset) AC_CHECK_FUNCS(getgrouplist, [], [ case "$host_os" in aix*) AC_CHECK_FUNCS(getgrset) ;; *) AC_CHECK_FUNC(nss_search, [ AC_CHECK_FUNC(_nss_XbyY_buf_alloc, [ # Solaris AC_CHECK_FUNC(_nss_initf_group, [ AC_CHECK_HEADERS(nss_dbdefs.h) AC_DEFINE([HAVE_NSS_SEARCH]) AC_DEFINE([HAVE__NSS_XBYY_BUF_ALLOC]) AC_DEFINE([HAVE__NSS_INITF_GROUP]) ]) ], [ # HP-UX AC_CHECK_FUNC(__nss_XbyY_buf_alloc, [ AC_CHECK_FUNC(__nss_initf_group, [ AC_CHECK_HEADERS(nss_dbdefs.h) AC_DEFINE([HAVE_NSS_SEARCH]) AC_DEFINE([HAVE___NSS_XBYY_BUF_ALLOC]) AC_DEFINE([HAVE___NSS_INITF_GROUP]) ]) ]) ]) ]) ;; esac AC_LIBOBJ(getgrouplist) ]) AC_CHECK_FUNCS(getline, [], [ AC_LIBOBJ(getline) AC_CHECK_FUNCS(fgetln) ]) dnl dnl If libc supports _FORTIFY_SOURCE check functions, use it. dnl if test "$enable_hardening" != "no"; then O_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2" AC_CHECK_FUNC(__sprintf_chk, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[char buf[4]; (void)sprintf(buf, "%s", "foo");]])], [OSDEFS="${OSDEFS} -D_FORTIFY_SOURCE=2"], []) ], []) CPPFLAGS="$O_CPPFLAGS" fi utmp_style=LEGACY AC_CHECK_FUNCS(getutxid getutid, [utmp_style=POSIX; break]) if test "$utmp_style" = "LEGACY"; then AC_CHECK_FUNCS(getttyent ttyslot, [break]) AC_CHECK_FUNCS(fseeko) fi AC_CHECK_FUNCS(sysctl, [AC_CHECK_MEMBERS([struct kinfo_proc.ki_tdev], [], [ AC_CHECK_MEMBERS([struct kinfo_proc2.p_tdev], [], [ AC_CHECK_MEMBERS([struct kinfo_proc.p_tdev], [], [ AC_CHECK_MEMBERS([struct kinfo_proc.kp_eproc.e_tdev], [], [], [ # include # include ]) ], [ # include # include ]) ], [ # include # include ]) ], [ # include # include # include ]) ]) AC_CHECK_FUNCS(openpty, [AC_CHECK_HEADERS(libutil.h util.h pty.h, [break])], [ AC_CHECK_LIB(util, openpty, [ AC_CHECK_HEADERS(libutil.h util.h pty.h, [break]) case "$SUDO_LIBS" in *-lutil*) ;; *) SUDO_LIBS="${SUDO_LIBS} -lutil";; esac AC_DEFINE(HAVE_OPENPTY) ], [ AC_CHECK_FUNCS(_getpty, [], [ AC_CHECK_FUNCS(grantpt, [ AC_CHECK_FUNCS(posix_openpt) ], [ AC_CHECK_FUNCS(revoke) ]) ]) ]) ]) AC_CHECK_FUNCS(unsetenv, [SUDO_FUNC_UNSETENV_VOID], []) SUDO_FUNC_PUTENV_CONST if test -z "$SKIP_SETRESUID"; then AC_CHECK_FUNCS(setresuid, [ SKIP_SETREUID=yes AC_CHECK_FUNCS(getresuid) ]) fi if test -z "$SKIP_SETREUID"; then AC_CHECK_FUNCS(setreuid) fi AC_CHECK_FUNCS(seteuid) if test X"$with_interfaces" != X"no"; then AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)]) fi if test -z "$BROKEN_GETCWD"; then AC_REPLACE_FUNCS(getcwd) fi AC_CHECK_FUNCS(lockf flock, [break]) AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]]) AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)]) AC_CHECK_FUNCS(killpg, [], [AC_LIBOBJ(killpg)]) SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch) COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }fnm_test" ]) SUDO_FUNC_ISBLANK AC_REPLACE_FUNCS(memrchr memset_s pw_dup strlcpy strlcat strtonum) AC_CHECK_FUNCS(getopt_long, [], [AC_LIBOBJ(getopt_long) AC_MSG_CHECKING([for optreset]) AC_CACHE_VAL(sudo_cv_optreset, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern int optreset; optreset = 1; return optreset;]])], [sudo_cv_optreset=yes], [sudo_cv_optreset=no])]) if test "$sudo_cv_optreset" = "yes"; then AC_DEFINE(HAVE_OPTRESET) fi AC_MSG_RESULT($sudo_cv_optreset) ]) AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom) AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [], [ # include # include ]) ]) AC_CHECK_FUNCS(mkstemps mkdtemp, [], [ AC_CHECK_FUNCS(random lrand48, [break]) AC_LIBOBJ(mktemp) ]) AX_FUNC_SNPRINTF AC_CHECK_FUNCS(asprintf vasprintf) if test X"$ac_cv_have_working_snprintf$ac_cv_have_working_vsnprintf" = X"yesyes"; then # Don't add snprintf to LIBOBJS if it is already present. if test X"$ac_cv_func_asprintf$ac_cv_func_vasprintf" != X"yesyes"; then AC_LIBOBJ(snprintf) fi fi # We wrap OpenBSD's strtonum() to get translatable error strings. AC_CHECK_FUNCS(strtonum) AC_LIBOBJ(strtonum) if test X"$ac_cv_type_struct_timespec" != X"no"; then AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)] [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))], [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))]) fi dnl dnl Function checks for sudo_noexec dnl if test X"$with_noexec" != X"no"; then # Check for underscore versions of standard exec functions # unless we are using dyld symbole interposition if test X"$dlyld_interpose" != X"yes"; then AC_CHECK_FUNCS(_execl __execl) AC_CHECK_FUNCS(_execle __execle) AC_CHECK_FUNCS(_execlp __execlp) AC_CHECK_FUNCS(_execv __execv) AC_CHECK_FUNCS(_execve __execve) AC_CHECK_FUNCS(_execvp __execvp) fi # Check for non-standard exec functions including underscore versions AC_CHECK_FUNCS(exect, [ if test X"$dlyld_interpose" != X"yes"; then AC_CHECK_FUNCS(_exect __exect) fi ]) AC_CHECK_FUNCS(execvP, [ if test X"$dlyld_interpose" != X"yes"; then AC_CHECK_FUNCS(_execvP __execvP) fi ]) AC_CHECK_FUNCS(execvpe, [ if test X"$dlyld_interpose" != X"yes"; then AC_CHECK_FUNCS(_execvpe __execvpe) fi ]) AC_CHECK_FUNCS(fexecve, [ if test X"$dlyld_interpose" != X"yes"; then AC_CHECK_FUNCS(_fexecve __fexecve) fi ]) # Check for posix_spawn, posix_spawnp and any underscore versions AC_CHECK_FUNCS(posix_spawn, [ if test X"$dlyld_interpose" != X"yes"; then AC_CHECK_FUNCS(_posix_spawn __posix_spawn) fi ]) AC_CHECK_FUNCS(posix_spawnp, [ if test X"$dlyld_interpose" != X"yes"; then AC_CHECK_FUNCS(_posix_spawnp __posix_spawnp) fi ]) fi dnl dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR. dnl AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include #include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include #include <$ac_header_dirent>]], [[DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);]])], [AC_DEFINE(HAVE_DD_FD)], [])]) AC_CHECK_MEMBERS([struct dirent.d_type], [], [], [ AC_INCLUDES_DEFAULT #include <$ac_header_dirent> ]) dnl dnl If socket(2) not in libc, check -lsocket and -linet dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols dnl AC_CHECK_FUNC(socket, [], [ for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do _libs= for lib in $libs; do case "$NET_LIBS" in *"$lib"*) ;; *) _libs="$_libs $lib";; esac done libs="${_libs# }" test -z "$libs" && continue lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" SUDO_CHECK_LIB($lib, socket, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs]) done ]) dnl dnl If inet_addr(3) not in libc, check -lnsl and -linet dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols dnl AC_CHECK_FUNC(inet_addr, [], [ AC_CHECK_FUNC(__inet_addr, [], [ for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do _libs= for lib in $libs; do case "$NET_LIBS" in *"$lib"*) ;; *) _libs="$_libs $lib";; esac done libs="${_libs# }" test -z "$libs" && continue lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" SUDO_CHECK_LIB($lib, inet_addr, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs]) done ]) ]) dnl dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet dnl AC_CHECK_FUNC(syslog, [], [ for libs in "-lsocket" "-linet" "-lsocket -lnsl"; do _libs= for lib in $libs; do case "$NET_LIBS" in *"$lib"*) ;; *) _libs="$_libs $lib";; esac done libs="${_libs# }" test -z "$libs" && continue lib="`echo \"$libs\"|sed -e 's/^-l//' -e 's/ .*$//'`" extralibs="`echo \"$libs\"|sed 's/^-l[[^ ]]*//'`" SUDO_CHECK_LIB($lib, syslog, [NET_LIBS="${NET_LIBS} $libs"; LIBS="${LIBS} $libs"; break], [], [$extralibs]) done ]) # # Check for getaddrinfo and add any required libs to NET_LIBS # OLIBS="$LIBS" AX_FUNC_GETADDRINFO for lib in $LIBS; do case "$OLIBS" in *"$lib"*) ;; *) NET_LIBS="$NET_LIBS $lib";; esac done dnl dnl Check for getprogname() or __progname dnl AC_CHECK_FUNCS(getprogname, , [ AC_MSG_CHECKING([for __progname]) AC_CACHE_VAL(sudo_cv___progname, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])]) if test "$sudo_cv___progname" = "yes"; then AC_DEFINE(HAVE___PROGNAME) fi AC_MSG_RESULT($sudo_cv___progname) ]) dnl dnl Check for __func__ or __FUNCTION__ dnl AC_MSG_CHECKING([for __func__]) AC_CACHE_VAL(sudo_cv___func__, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[(void)puts(__func__);]])], [sudo_cv___func__=yes], [sudo_cv___func__=no])]) AC_MSG_RESULT($sudo_cv___func__) if test "$sudo_cv___func__" = "yes"; then AC_DEFINE(HAVE___FUNC__) elif test -n "$GCC"; then AC_MSG_CHECKING([for __FUNCTION__]) AC_CACHE_VAL(sudo_cv___FUNCTION__, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[(void)puts(__FUNCTION__);]])], [sudo_cv___FUNCTION__=yes], [sudo_cv___FUNCTION__=no])]) AC_MSG_RESULT($sudo_cv___FUNCTION__) if test "$sudo_cv___FUNCTION__" = "yes"; then AC_DEFINE(HAVE___FUNC__) AC_DEFINE(__func__, __FUNCTION__, [Define to __FUNCTION__ if your compiler supports __FUNCTION__ but not __func__]) fi fi # gettext() and friends may be located in libc (Linux and Solaris) # or in libintl. However, it is possible to have libintl installed # even when gettext() is present in libc. In the case of GNU libintl, # gettext() will be defined to gettext_libintl in libintl.h. # Since gcc prefers /usr/local/include to /usr/include, we need to # make sure we use the gettext() that matches the include file. if test "$enable_nls" != "no"; then if test "$enable_nls" != "yes"; then SUDO_APPEND_CPPFLAGS(-I${enable_nls}/include) SUDO_APPEND_LIBPATH(LDFLAGS, [$enable_nls/lib]) fi OLIBS="$LIBS" for l in "libc" "-lintl" "-lintl -liconv"; do if test "$l" = "libc"; then # If user specified a dir for libintl ignore libc if test "$enable_nls" != "yes"; then continue fi gettext_name=sudo_cv_gettext AC_MSG_CHECKING([for gettext]) else LIBS="$OLIBS $l" gettext_name=sudo_cv_gettext"`echo $l|sed -e 's/ //g' -e 's/-/_/g'`" AC_MSG_CHECKING([for gettext in $l]) fi AC_CACHE_VAL($gettext_name, [ AC_LINK_IFELSE( [ AC_LANG_PROGRAM([[#include ]], [(void)gettext((char *)0);]) ], [eval $gettext_name=yes], [eval $gettext_name=no] ) ]) eval gettext_result="\$$gettext_name" AC_MSG_RESULT($gettext_result) if test "$gettext_result" = "yes"; then AC_CHECK_FUNCS(ngettext) break fi done LIBS="$OLIBS" if test "$sudo_cv_gettext" = "yes"; then AC_DEFINE(HAVE_LIBINTL_H) SUDO_NLS=enabled # For Solaris we need links from lang to lang.UTF-8 in localedir case "$host_os" in solaris2*) LOCALEDIR_SUFFIX=".UTF-8";; esac elif test "$sudo_cv_gettext_lintl" = "yes"; then AC_DEFINE(HAVE_LIBINTL_H) SUDO_NLS=enabled LIBINTL="-lintl" elif test "$sudo_cv_gettext_lintl_liconv" = "yes"; then AC_DEFINE(HAVE_LIBINTL_H) SUDO_NLS=enabled LIBINTL="-lintl -liconv" fi fi dnl dnl Deferred zlib option processing. dnl By default we use the system zlib if it is present. dnl If a directory was specified for zlib (or we are use sudo's version), dnl prepend the include dir to make sure we get the right zlib header. dnl case "$enable_zlib" in yes) AC_CHECK_LIB(z, gzdopen, [ AC_CHECK_HEADERS(zlib.h, [ZLIB="-lz"], [enable_zlib=builtin]) ]) ;; no) ;; system) AC_DEFINE(HAVE_ZLIB_H) ZLIB="-lz" ;; builtin) # handled below ;; *) AC_DEFINE(HAVE_ZLIB_H) SUDO_APPEND_CPPFLAGS(-I${enable_zlib}/include) SUDO_APPEND_LIBPATH(ZLIB, [$enable_zlib/lib]) ZLIB="${ZLIB} -lz" ;; esac if test X"$enable_zlib" = X"builtin"; then AC_DEFINE(HAVE_ZLIB_H) CPPFLAGS='-I$(top_builddir)/zlib -I$(top_srcdir)/zlib '"${CPPFLAGS}" ZLIB="${ZLIB}"' $(top_builddir)/zlib/libz.la' ZLIB_SRC=zlib AC_CONFIG_HEADER([zlib/zconf.h]) AC_CONFIG_FILES([zlib/Makefile]) fi dnl dnl Check for errno declaration in errno.h dnl AC_CHECK_DECLS([errno], [], [], [ AC_INCLUDES_DEFAULT #include ]) dnl dnl Check for h_errno declaration in netdb.h dnl AC_CHECK_DECLS([h_errno], [], [], [ AC_INCLUDES_DEFAULT #include ]) dnl dnl Check for strsignal() or sys_siglist dnl AC_CHECK_FUNCS(strsignal, [], [ AC_LIBOBJ(strsignal) HAVE_SIGLIST="false" AC_CHECK_DECLS([sys_siglist, _sys_siglist, __sys_siglist], [ HAVE_SIGLIST="true" break ], [ ], [ AC_INCLUDES_DEFAULT #include ]) if test "$HAVE_SIGLIST" != "true"; then AC_LIBOBJ(siglist) fi ]) dnl dnl Check for sig2str(), sys_signame or sys_sigabbrev dnl AC_CHECK_FUNCS(sig2str, [], [ AC_LIBOBJ(sig2str) HAVE_SIGNAME="false" AC_CHECK_DECLS([sys_signame, _sys_signame, __sys_signame, sys_sigabbrev], [ HAVE_SIGNAME="true" break ], [ ], [ AC_INCLUDES_DEFAULT #include ]) if test "$HAVE_SIGNAME" != "true"; then AC_CACHE_CHECK([for undeclared sys_sigabbrev], [sudo_cv_var_sys_sigabbrev], [AC_LINK_IFELSE( [AC_LANG_PROGRAM([[extern char **sys_sigabbrev;]], [[return sys_sigabbrev[1];]])], [sudo_cv_var_sys_sigabbrev=yes], [sudo_cv_var_sys_sigabbrev=no] ) ] ) if test "$sudo_cv_var_sys_sigabbrev" = yes; then AC_DEFINE(HAVE_SYS_SIGABBREV) else AC_LIBOBJ(signame) fi fi ]) dnl dnl nsswitch.conf and its equivalents dnl if test ${with_netsvc-"no"} != "no"; then SUDO_DEFINE_UNQUOTED(_PATH_NETSVC_CONF, "${with_netsvc-/etc/netsvc.conf}") netsvc_conf=${with_netsvc-/etc/netsvc.conf} elif test ${with_nsswitch-"yes"} != "no"; then SUDO_DEFINE_UNQUOTED(_PATH_NSSWITCH_CONF, "${with_nsswitch-/etc/nsswitch.conf}") nsswitch_conf=${with_nsswitch-/etc/nsswitch.conf} fi dnl dnl Mutually exclusive auth checks come first, followed by dnl non-exclusive ones. Note: passwd must be last of all! dnl dnl dnl Convert default authentication methods to with_* if dnl no explicit authentication scheme was specified. dnl if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then for auth in $AUTH_EXCL_DEF; do case $auth in AIX_AUTH) with_aixauth=maybe;; BSD_AUTH) with_bsdauth=maybe;; PAM) with_pam=maybe;; SIA) CHECKSIA=true;; esac done fi dnl dnl PAM support. Systems that use PAM by default set with_pam=default dnl and we do the actual tests here. dnl if test ${with_pam-"no"} != "no"; then # # Check for pam_start() in libpam first, then for pam_appl.h. # found_pam_lib=no AC_CHECK_LIB(pam, pam_start, [found_pam_lib=yes], [], [$lt_cv_dlopen_libs]) # # Some PAM implementations (MacOS X for example) put the PAM headers # in /usr/include/pam instead of /usr/include/security... # found_pam_hdrs=no AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [found_pam_hdrs=yes; break]) if test "$found_pam_lib" = "yes" -a "$found_pam_hdrs" = "yes"; then # Found both PAM libs and headers with_pam=yes elif test "$with_pam" = "yes"; then if test "$found_pam_lib" = "no"; then AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development library."]) fi if test "$found_pam_hdrs" = "no"; then AC_MSG_ERROR(["--with-pam specified but unable to locate PAM development headers."]) fi elif test "$found_pam_lib" != "$found_pam_hdrs"; then if test "$found_pam_lib" = "no"; then AC_MSG_ERROR(["found PAM headers but no PAM development library; specify --without-pam to build without PAM"]) fi if test "$found_pam_hdrs" = "no"; then AC_MSG_ERROR(["found PAM library but no PAM development headers; specify --without-pam to build without PAM"]) fi fi if test "$with_pam" = "yes"; then # Older PAM implementations lack pam_getenvlist OLIBS="$LIBS" LIBS="$LIBS -lpam $lt_cv_dlopen_libs" AC_CHECK_FUNCS(pam_getenvlist) LIBS="$OLIBS" # We already link with -ldl if needed (see LIBDL below) SUDOERS_LIBS="${SUDOERS_LIBS} -lpam" AC_DEFINE(HAVE_PAM) AUTH_OBJS="$AUTH_OBJS pam.lo"; AUTH_EXCL=PAM AC_ARG_WITH(pam-login, [AS_HELP_STRING([--with-pam-login], [enable specific PAM session for sudo -i])], [case $with_pam_login in yes) AC_DEFINE([HAVE_PAM_LOGIN]) AC_MSG_CHECKING(whether to use PAM login) AC_MSG_RESULT(yes) pam_login_service="sudo-i" ;; no) ;; *) AC_MSG_ERROR(["--with-pam-login does not take an argument."]) ;; esac]) AC_MSG_CHECKING(whether to use PAM session support) AC_ARG_ENABLE(pam_session, [AS_HELP_STRING([--disable-pam-session], [Disable PAM session support])], [ case "$enableval" in yes) AC_MSG_RESULT(yes) ;; no) AC_MSG_RESULT(no) AC_DEFINE(NO_PAM_SESSION) pam_session=off ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval]) ;; esac], AC_MSG_RESULT(yes)) fi fi dnl dnl AIX general authentication dnl If set to "maybe" only enable if no other exclusive method in use. dnl if test ${with_aixauth-'no'} != "no"; then if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then AC_MSG_NOTICE([using AIX general authentication]) AC_DEFINE(HAVE_AIXAUTH) AUTH_OBJS="$AUTH_OBJS aix_auth.lo"; SUDOERS_LIBS="${SUDOERS_LIBS} -ls" AUTH_EXCL=AIX_AUTH fi fi dnl dnl BSD authentication dnl If set to "maybe" only enable if no other exclusive method in use. dnl if test ${with_bsdauth-'no'} != "no"; then AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H) [AUTH_OBJS="$AUTH_OBJS bsdauth.lo"] [BSDAUTH_USAGE='[[-a type]] '] [AUTH_EXCL=BSD_AUTH; BAMAN=1], [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])]) fi dnl dnl SIA authentication for Tru64 Unix dnl if test ${CHECKSIA-'false'} = "true"; then AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false]) if test "$found" = "true"; then AUTH_EXCL=SIA AUTH_OBJS="$AUTH_OBJS sia.lo" fi fi dnl dnl extra FWTK libs + includes dnl if test ${with_fwtk-'no'} != "no"; then if test "$with_fwtk" != "yes"; then SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_fwtk}]) SUDO_APPEND_CPPFLAGS(-I${with_fwtk}) with_fwtk=yes fi SUDOERS_LIBS="${SUDOERS_LIBS} -lauth -lfwall" AUTH_OBJS="$AUTH_OBJS fwtk.lo" fi dnl dnl extra SecurID lib + includes dnl if test ${with_SecurID-'no'} != "no"; then if test "$with_SecurID" != "yes"; then : elif test -d /usr/ace/examples; then with_SecurID=/usr/ace/examples else with_SecurID=/usr/ace fi SUDO_APPEND_CPPFLAGS(-I${with_SecurID}) SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_SecurID}]) SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread" AUTH_OBJS="$AUTH_OBJS securid5.lo"; fi dnl dnl Non-mutually exclusive auth checks come next. dnl Note: passwd must be last of all! dnl dnl dnl Convert default authentication methods to with_* if dnl no explicit authentication scheme was specified. dnl if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then for auth in $AUTH_DEF; do case $auth in passwd) : ${with_passwd='maybe'};; esac done fi dnl dnl Kerberos V dnl There is an easy way and a hard way... dnl if test ${with_kerb5-'no'} != "no"; then AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "") if test -n "$KRB5CONFIG"; then AC_DEFINE(HAVE_KERB5) AUTH_OBJS="$AUTH_OBJS kerb5.lo" CPPFLAGS="$CPPFLAGS `krb5-config --cflags`" SUDOERS_LIBS="$SUDOERS_LIBS `krb5-config --libs`" dnl dnl Try to determine whether we have Heimdal or MIT Kerberos dnl AC_MSG_CHECKING(whether we are using Heimdal) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[const char *tmp = heimdal_version;]])], [ AC_MSG_RESULT(yes) AC_DEFINE(HAVE_HEIMDAL) ], [ AC_MSG_RESULT(no) ] ) else AC_DEFINE(HAVE_KERB5) dnl dnl Use the specified directory, if any, else search for correct inc dir dnl if test "$with_kerb5" = "yes"; then found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found=yes; break]) done if test X"$found" = X"no"; then CPPFLAGS="$O_CPPFLAGS" AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS]) fi else dnl XXX - try to include krb5.h here too SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb5}/lib]) SUDO_APPEND_CPPFLAGS(-I${with_kerb5}/include) fi dnl dnl Try to determine whether we have Heimdal or MIT Kerberos dnl AC_MSG_CHECKING(whether we are using Heimdal) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[const char *tmp = heimdal_version;]])], [ AC_MSG_RESULT(yes) AC_DEFINE(HAVE_HEIMDAL) # XXX - need to check whether -lcrypo is needed! SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1" AC_CHECK_LIB(roken, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lroken"]) ], [ AC_MSG_RESULT(no) SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5 -lk5crypto -lcom_err" AC_CHECK_LIB(krb5support, main, [SUDOERS_LIBS="${SUDOERS_LIBS} -lkrb5support"]) ]) AUTH_OBJS="$AUTH_OBJS kerb5.lo" fi _LIBS="$LIBS" LIBS="${LIBS} ${SUDOERS_LIBS}" AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context) AC_CHECK_FUNCS(krb5_get_init_creds_opt_alloc, [ AC_CACHE_CHECK([whether krb5_get_init_creds_opt_free takes a context], sudo_cv_krb5_get_init_creds_opt_free_two_args, [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[krb5_get_init_creds_opt_free(NULL, NULL);]] )], [sudo_cv_krb5_get_init_creds_opt_free_two_args=yes], [sudo_cv_krb5_get_init_creds_opt_free_two_args=no] ) ] ) ]) if test X"$sudo_cv_krb5_get_init_creds_opt_free_two_args" = X"yes"; then AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS) fi LIBS="$_LIBS" AC_MSG_CHECKING(whether to use an instance name for Kerberos V) AC_ARG_ENABLE(kerb5-instance, [AS_HELP_STRING([--enable-kerb5-instance], [instance string to append to the username (separated by a slash)])], [ case "$enableval" in yes) AC_MSG_ERROR(["must give --enable-kerb5-instance an argument."]) ;; no) AC_MSG_RESULT(no) ;; *) SUDO_DEFINE_UNQUOTED(SUDO_KRB5_INSTANCE, "$enableval") AC_MSG_RESULT([$enableval]) ;; esac], AC_MSG_RESULT(no)) fi dnl dnl extra AFS libs and includes dnl if test ${with_AFS-'no'} = "yes"; then # looks like the "standard" place for AFS libs is /usr/afsws/lib AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs" for i in $AFSLIBDIRS; do if test -d ${i}; then SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [$i]) FOUND_AFSLIBDIR=true fi done if test -z "$FOUND_AFSLIBDIR"; then AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDOERS_LDFLAGS or rerun configure with the --with-libpath options.]) fi # Order is important here. Note that we build AFS_LIBS from right to left # since AFS_LIBS may be initialized with BSD compat libs that must go last AFS_LIBS="-laudit ${AFS_LIBS}" for i in $AFSLIBDIRS; do if test -f ${i}/util.a; then AFS_LIBS="${i}/util.a ${AFS_LIBS}" FOUND_UTIL_A=true break; fi done if test -z "$FOUND_UTIL_A"; then AFS_LIBS="-lutil ${AFS_LIBS}" fi AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}" # AFS includes may live in /usr/include on some machines... for i in /usr/afsws/include; do if test -d ${i}; then SUDO_APPEND_CPPFLAGS(-I${i}) FOUND_AFSINCDIR=true fi done if test -z "$FOUND_AFSLIBDIR"; then AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.]) fi AUTH_OBJS="$AUTH_OBJS afs.lo" fi dnl dnl extra DCE obj + lib dnl Order of libs in HP-UX 10.x is important, -ldce must be last. dnl if test ${with_DCE-'no'} = "yes"; then DCE_OBJS="${DCE_OBJS} dce_pwent.o" SUDOERS_LIBS="${SUDOERS_LIBS} -ldce" AUTH_OBJS="$AUTH_OBJS dce.lo" fi dnl dnl extra S/Key lib and includes dnl if test "${with_skey-'no'}" = "yes"; then O_LDFLAGS="$LDFLAGS" if test "$with_skey" != "yes"; then SUDO_APPEND_CPPFLAGS(-I${with_skey}/include) LDFLAGS="$LDFLAGS -L${with_skey}/lib" SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_skey}/lib]) AC_CHECK_HEADER([skey.h], [found=yes], [found=no], [#include ]) else found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "/usr/local" "/usr/contrib"; do test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" AC_CHECK_HEADER([skey.h], [found=yes; break], [], [#include ]) done if test "$found" = "no" -o -z "$dir"; then CPPFLAGS="$O_CPPFLAGS" else LDFLAGS="$LDFLAGS -L${dir}/lib" SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib]) fi if test "$found" = "no"; then AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS]) fi fi AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDOERS_LDFLAGS])]) AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS)) AC_MSG_CHECKING([for RFC1938-compliant skeychallenge]) AC_COMPILE_IFELSE( [AC_LANG_PROGRAM([[ # include # include ]], [[skeychallenge(NULL, NULL, NULL, 0);]] )], [ AC_DEFINE(HAVE_RFC1938_SKEYCHALLENGE) AC_MSG_RESULT([yes]) ], [ AC_MSG_RESULT([no]) ] ) LDFLAGS="$O_LDFLAGS" SUDOERS_LIBS="${SUDOERS_LIBS} -lskey" AUTH_OBJS="$AUTH_OBJS rfc1938.lo" fi dnl dnl extra OPIE lib and includes dnl if test "${with_opie-'no'}" = "yes"; then O_LDFLAGS="$LDFLAGS" if test "$with_opie" != "yes"; then SUDO_APPEND_CPPFLAGS(-I${with_opie}/include) LDFLAGS="$LDFLAGS -L${with_opie}/lib" SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_opie}/lib]) AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found=yes], [found=no]) else found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "/usr/local" "/usr/contrib"; do test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found=yes; break]) done if test "$found" = "no" -o -z "$dir"; then CPPFLAGS="$O_CPPFLAGS" else LDFLAGS="$LDFLAGS -L${dir}/lib" SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${dir}/lib]) fi if test "$found" = "no"; then AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS]) fi fi AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDOERS_LDFLAGS])]) LDFLAGS="$O_LDFLAGS" SUDOERS_LIBS="${SUDOERS_LIBS} -lopie" AUTH_OBJS="$AUTH_OBJS rfc1938.lo" fi dnl dnl Check for shadow password routines if we have not already done so. dnl If there is a specific list of functions to check we do that first. dnl Otherwise, we check for SVR4-style and then SecureWare-style. dnl if test ${with_passwd-'no'} != "no"; then dnl dnl if crypt(3) not in libc, look elsewhere dnl if test -z "$LIB_CRYPT"; then _LIBS="$LIBS" AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"]) LIBS="$_LIBS" fi if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then _LIBS="$LIBS" LIBS="$LIBS $shadow_libs" found=no AC_CHECK_FUNCS($shadow_funcs, [found=yes]) if test "$found" = "yes"; then SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs" elif test -n "$shadow_libs_optional"; then LIBS="$LIBS $shadow_libs_optional" AC_CHECK_FUNCS($shadow_funcs, [found=yes]) if test "$found" = "yes"; then SUDOERS_LIBS="$SUDOERS_LIBS $shadow_libs $shadow_libs_optional" fi fi if test "$found" = "yes"; then case "$shadow_funcs" in *getprpwnam*) SECUREWARE=1;; esac test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs" else LIBS="$_LIBS" fi CHECKSHADOW=false fi if test "$CHECKSHADOW" = "true"; then AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"]) fi if test "$CHECKSHADOW" = "true"; then AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDOERS_LIBS="${SUDOERS_LIBS} $ac_res"]) fi if test -n "$SECUREWARE"; then AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs) AUTH_OBJS="$AUTH_OBJS secureware.lo" fi fi dnl dnl Choose event subsystem backend: poll or select dnl if test X"$enable_poll" = X""; then AC_CHECK_FUNCS(poll, [enable_poll=yes], [enable_poll=no]) elif test X"$enable_poll" = X"yes"; then AC_DEFINE(HAVE_POLL) fi if test "$enable_poll" = "yes"; then COMMON_OBJS="${COMMON_OBJS} event_poll.lo" else COMMON_OBJS="${COMMON_OBJS} event_select.lo" fi dnl dnl extra lib and .o file for LDAP support dnl if test ${with_ldap-'no'} != "no"; then O_LDFLAGS="$LDFLAGS" if test "$with_ldap" != "yes"; then SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_ldap}/lib]) LDFLAGS="$LDFLAGS -L${with_ldap}/lib" SUDO_APPEND_CPPFLAGS(-I${with_ldap}/include) with_ldap=yes fi SUDOERS_OBJS="${SUDOERS_OBJS} ldap.lo" LDAP="" _LIBS="$LIBS" LDAP_LIBS="" IBMLDAP_EXTRA="" found=no # On HP-UX, libibmldap has a hidden dependency on libCsup case "$host_os" in hpux*) AC_CHECK_LIB(Csup, main, [IBMLDAP_EXTRA=" -lCsup"]);; esac AC_SEARCH_LIBS(ldap_init, "ldap" "ldap -llber" "ldap -llber -lssl -lcrypto" "ibmldap${IBMLDAP_EXTRA}" "ibmldap -lidsldif${IBMLDAP_EXTRA}", [ test "$ac_res" != "none required" && LDAP_LIBS="$ac_res" found=yes ]) # If nothing linked, try -lldap and hope for the best if test "$found" = "no"; then LDAP_LIBS="-lldap" fi LIBS="${_LIBS} ${LDAP_LIBS}" dnl check if we need to link with -llber for ber_set_option OLIBS="$LIBS" AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no]) if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then LDAP_LIBS="$LDAP_LIBS -llber" fi dnl check if ldap.h includes lber.h for us AC_MSG_CHECKING([whether lber.h is needed]) AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include # include ]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [ AC_MSG_RESULT([yes]) AC_DEFINE(HAVE_LBER_H)]) AC_CHECK_HEADERS([sasl/sasl.h] [sasl.h], [ AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s) break ]) AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include ]) AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength ldap_unbind_ext_s ldap_str2dn ldap_create ldap_sasl_bind_s ldap_ssl_init ldap_ssl_client_init ldap_start_tls_s_np) AC_CHECK_FUNCS(ldap_search_ext_s ldap_search_st, [break]) if test X"$check_gss_krb5_ccache_name" = X"yes"; then AC_CHECK_LIB(gssapi, gss_krb5_ccache_name, AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME) [LDAP_LIBS="${LDAP_LIBS} -lgssapi"], AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name, AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME) [LDAP_LIBS="${LDAP_LIBS} -lgssapi_krb5"]) ) # gssapi headers may be separate or part of Kerberos V found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "kerberosV" "krb5" "kerberos5" "kerberosv5"; do test X"$dir" != X"" && CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found="gssapi/gssapi.h"; break], [AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include ]])], [found="gssapi.h"; break])]) done if test X"$found" != X"no"; then AC_CHECK_HEADERS([$found]) if test X"$found" = X"gssapi/gssapi.h"; then AC_CHECK_HEADERS([gssapi/gssapi_krb5.h]) fi else CPPFLAGS="$O_CPPFLAGS" AC_MSG_WARN([Unable to locate gssapi.h, you will have to edit the Makefile and add -I/path/to/gssapi/includes to CPPFLAGS]) fi fi SUDOERS_LIBS="${SUDOERS_LIBS} ${LDAP_LIBS}" LIBS="$_LIBS" LDFLAGS="$O_LDFLAGS" fi # # How to do dynamic object loading. # We support dlopen() and sh_load(), else fall back to static loading. # case "$lt_cv_dlopen" in dlopen) AC_DEFINE(HAVE_DLOPEN) if test "$enable_static_sudoers" = "yes"; then AC_DEFINE(STATIC_SUDOERS_PLUGIN) SUDO_OBJS="${SUDO_OBJS} preload.o" SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la" SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} --tag=disable-shared -static" LT_STATIC="" else SUDO_OBJS="$SUDO_OBJS locale_stub.o" LT_STATIC="--tag=disable-static" fi ;; shl_load) AC_DEFINE(HAVE_SHL_LOAD) if test "$enable_static_sudoers" = "yes"; then AC_DEFINE(STATIC_SUDOERS_PLUGIN) SUDO_OBJS="${SUDO_OBJS} preload.o" SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la" SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} --tag=disable-shared -static" LT_STATIC="" else SUDO_OBJS="$SUDO_OBJS locale_stub.o" LT_STATIC="--tag=disable-static" fi ;; *) if test X"${ac_cv_func_dlopen}" = X"yes"; then AC_MSG_ERROR(["dlopen present but libtool doesn't appear to support your platform."]) fi # Preload sudoers module symbols SUDO_OBJS="${SUDO_OBJS} preload.o" SUDO_LIBS="${SUDO_LIBS} \$(top_builddir)/plugins/sudoers/sudoers.la" LT_STATIC="" ;; esac # On HP-UX, you cannot dlopen() a shared object that uses pthreads unless # the main program is linked against -lpthread. We have no knowledge of # what libraries a plugin may depend on (e.g. HP-UX LDAP which uses pthreads) # so always link against -lpthread on HP-UX if it is available. # This check should go after all other libraries tests. case "$host_os" in hpux*) AC_CHECK_LIB(pthread, main, [SUDO_LIBS="${SUDO_LIBS} -lpthread"]) OSDEFS="${OSDEFS} -D_REENTRANT" ;; esac dnl dnl Check for log file, timestamp and iolog locations dnl if test "$utmp_style" = "LEGACY"; then SUDO_PATH_UTMP fi SUDO_LOGFILE SUDO_TIMEDIR SUDO_IO_LOGDIR dnl dnl Turn warnings into errors. dnl All compiler/loader tests after this point will fail if dnl a warning is displayed (nornally, warnings are not fata). dnl AC_LANG_WERROR dnl dnl If compiler supports the -static-libgcc flag use it unless we have dnl GNU ld (which can avoid linking in libgcc when it is not needed). dnl This test relies on AC_LANG_WERROR dnl if test -n "$GCC" -a "$lt_cv_prog_gnu_ld" != "yes" -a -n "$GCC"; then AX_CHECK_COMPILE_FLAG([-static-libgcc], [LT_LDFLAGS="$LT_LDFLAGS -Wc,-static-libgcc"]) fi dnl dnl Check for symbol visibility support. dnl This test relies on AC_LANG_WERROR dnl if test -n "$GCC"; then AX_CHECK_COMPILE_FLAG([-fvisibility=hidden], [ AC_DEFINE(HAVE_DSO_VISIBILITY) CFLAGS="${CFLAGS} -fvisibility=hidden" LT_LDEXPORTS= LT_LDDEP= NO_VIZ= ]) else case "$host_os" in hpux*) AX_CHECK_COMPILE_FLAG([-Bhidden_def], [ AC_DEFINE(HAVE_DSO_VISIBILITY) CFLAGS="${CFLAGS} -Bhidden_def" LT_LDEXPORTS= LT_LDDEP= ]) ;; solaris2*) AX_CHECK_COMPILE_FLAG([-xldscope=hidden], [ AC_DEFINE(HAVE_DSO_VISIBILITY) CFLAGS="${CFLAGS} -xldscope=hidden" LT_LDEXPORTS= LT_LDDEP= ]) ;; esac fi dnl dnl If the compiler doesn't have symbol visibility support, it may dnl support version scripts (only GNU and Solaris ld). dnl This test relies on AC_LANG_WERROR dnl if test -n "$LT_LDEXPORTS"; then if test "$lt_cv_prog_gnu_ld" = "yes"; then AC_CACHE_CHECK([whether ld supports anonymous map files], [sudo_cv_var_gnu_ld_anon_map], [ sudo_cv_var_gnu_ld_anon_map=no cat > conftest.map <<-EOF { global: foo; local: *; }; EOF _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $lt_prog_compiler_pic" _LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -fpic -shared -Wl,--version-script,./conftest.map" AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])], [sudo_cv_var_gnu_ld_anon_map=yes]) CFLAGS="$_CFLAGS" LDFLAGS="$_LDFLAGS" ] ) if test "$sudo_cv_var_gnu_ld_anon_map" = "yes"; then LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,--version-script,\$(shlib_map)" fi else case "$host_os" in solaris2*) AC_CACHE_CHECK([whether ld supports anonymous map files], [sudo_cv_var_solaris_ld_anon_map], [ sudo_cv_var_solaris_ld_anon_map=no cat > conftest.map <<-EOF { global: foo; local: *; }; EOF _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $lt_prog_compiler_pic" _LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -shared -Wl,-M,./conftest.map" AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])], [sudo_cv_var_solaris_ld_anon_map=yes]) CFLAGS="$_CFLAGS" LDFLAGS="$_LDFLAGS" ] ) if test "$sudo_cv_var_solaris_ld_anon_map" = "yes"; then LT_LDEXPORTS=; LT_LDDEP="\$(shlib_map)"; LT_LDMAP="-Wl,-M,\$(shlib_map)" fi ;; hpux*) AC_CACHE_CHECK([whether ld supports controlling exported symbols], [sudo_cv_var_hpux_ld_symbol_export], [ sudo_cv_var_hpux_ld_symbol_export=no echo "+e foo" > conftest.opt _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $lt_prog_compiler_pic" _LDFLAGS="$LDFLAGS" if test -n "$GCC"; then LDFLAGS="$LDFLAGS -shared -Wl,-c,./conftest.opt" else LDFLAGS="$LDFLAGS -Wl,-b -Wl,-c,./conftest.opt" fi AC_LINK_IFELSE([AC_LANG_PROGRAM([[int foo;]], [[]])], [sudo_cv_var_hpux_ld_symbol_export=yes]) CFLAGS="$_CFLAGS" LDFLAGS="$_LDFLAGS" rm -f conftest.opt ] ) if test "$sudo_cv_var_hpux_ld_symbol_export" = "yes"; then LT_LDEXPORTS=; LT_LDDEP="\$(shlib_opt)"; LT_LDOPT="-Wl,-c,\$(shlib_opt)" fi ;; esac fi fi dnl dnl Check for PIE executable support if using gcc. dnl This test relies on AC_LANG_WERROR dnl if test -n "$GCC"; then if test -z "$enable_pie"; then case "$host_os" in linux*) # Attempt to build with PIE support enable_pie="maybe" ;; esac fi if test -n "$enable_pie"; then if test "$enable_pie" = "no"; then AX_CHECK_COMPILE_FLAG([-fno-pie], [ _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -fno-pie" AX_CHECK_LINK_FLAG([-nopie], [ PIE_CFLAGS="-fno-pie" PIE_LDFLAGS="-nopie" ]) CFLAGS="$_CFLAGS" ]) else AX_CHECK_COMPILE_FLAG([-fPIE], [ _CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -fPIE" AX_CHECK_LINK_FLAG([-pie], [ if test "$enable_pie" = "maybe"; then SUDO_WORKING_PIE([enable_pie=yes], []) fi if test "$enable_pie" = "yes"; then PIE_CFLAGS="-fPIE" PIE_LDFLAGS="-Wc,-fPIE -pie" fi ]) CFLAGS="$_CFLAGS" ]) fi fi fi if test "$enable_pie" != "yes"; then # Solaris 11.1 and higher supports tagging binaries to use ASLR case "$host_os" in solaris2.1[[1-9]]|solaris2.[[2-9]][[0-9]]) AX_CHECK_LINK_FLAG([-Wl,-z,aslr], [PIE_LDFLAGS="${PIE_LDFLAGS}${PIE_LDFLAGS+ }-Wl,-z,aslr"]) ;; esac fi dnl dnl Check for -fstack-protector and -z relro support dnl This test relies on AC_LANG_WERROR dnl if test "$enable_hardening" != "no"; then if test -n "$GCC"; then AX_CHECK_COMPILE_FLAG([-fstack-protector-strong], [ AX_CHECK_LINK_FLAG([-fstack-protector-strong], [ SSP_CFLAGS="-fstack-protector-strong" SSP_LDFLAGS="-Wc,-fstack-protector-strong" ]) ]) if test -z "$SSP_CFLAGS"; then AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [ AX_CHECK_LINK_FLAG([-fstack-protector-all], [ SSP_CFLAGS="-fstack-protector-all" SSP_LDFLAGS="-Wc,-fstack-protector-all" ]) ]) if test -z "$SSP_CFLAGS"; then AX_CHECK_COMPILE_FLAG([-fstack-protector], [ AX_CHECK_LINK_FLAG([-fstack-protector], [ SSP_CFLAGS="-fstack-protector" SSP_LDFLAGS="-Wc,-fstack-protector" ]) ]) fi fi fi AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="${LDFLAGS} -Wl,-z,relro"]) fi dnl dnl Use passwd auth module? dnl case "$with_passwd" in yes|maybe) AUTH_OBJS="$AUTH_OBJS getspwuid.lo passwd.lo" ;; *) AC_DEFINE(WITHOUT_PASSWD) if test -z "$AUTH_OBJS"; then AC_MSG_ERROR([no authentication methods defined.]) fi ;; esac AUTH_OBJS=${AUTH_OBJS# } _AUTH=`echo "$AUTH_OBJS" | sed -e 's/\.lo//g' -e 's/getspwuid *//'` AC_MSG_NOTICE([using the following authentication methods: $_AUTH]) dnl dnl LIBS may contain duplicates from SUDO_LIBS, SUDOERS_LIBS, or NET_LIBS dnl if test -n "$LIBS"; then L="$LIBS" LIBS= for l in ${L}; do dupe=0 for sl in ${SUDO_LIBS} ${SUDOERS_LIBS} ${NET_LIBS}; do test $l = $sl && dupe=1 done test $dupe = 0 && LIBS="${LIBS} $l" done fi dnl dnl OS-specific initialization dnl AC_DEFINE_UNQUOTED(os_init, $OS_INIT, [Define to an OS-specific initialization function or `os_init_common'.]) dnl dnl We add -Wall and -Werror after all tests so they don't cause failures dnl if test -n "$GCC"; then if test X"$enable_warnings" = X"yes" -o X"$with_devel" = X"yes"; then CFLAGS="${CFLAGS} -Wall -Wsign-compare -Wold-style-definition -Wpointer-arith" fi if test X"$enable_werror" = X"yes"; then CFLAGS="${CFLAGS} -Werror" fi fi dnl dnl Skip regress tests and sudoers sanity check if cross compiling. dnl CROSS_COMPILING="$cross_compiling" dnl dnl Set exec_prefix dnl test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)' dnl dnl Defer setting _PATH_SUDO_NOEXEC until after exec_prefix is set dnl XXX - this is gross! dnl if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no" -o "$enabled_shared" != X"no"; then oexec_prefix="$exec_prefix" if test "$exec_prefix" = '$(prefix)'; then if test "$prefix" = "NONE"; then exec_prefix="$ac_default_prefix" else exec_prefix="$prefix" fi fi if test X"$with_noexec" != X"no"; then PROGS="${PROGS} libsudo_noexec.la" INSTALL_NOEXEC="install-noexec" noexec_file="$with_noexec" _noexec_file= while test X"$noexec_file" != X"$_noexec_file"; do _noexec_file="$noexec_file" eval noexec_file="$_noexec_file" done SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so]) fi if test X"$with_selinux" != X"no"; then sesh_file="$libexecdir/sudo/sesh" _sesh_file= while test X"$sesh_file" != X"$_sesh_file"; do _sesh_file="$sesh_file" eval sesh_file="$_sesh_file" done SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file") fi if test X"$enable_shared" != X"no"; then PLUGINDIR="$with_plugindir" _PLUGINDIR= while test X"$PLUGINDIR" != X"$_PLUGINDIR"; do _PLUGINDIR="$PLUGINDIR" eval PLUGINDIR="$_PLUGINDIR" done SUDO_DEFINE_UNQUOTED(_PATH_SUDO_PLUGIN_DIR, "$PLUGINDIR/") fi exec_prefix="$oexec_prefix" fi if test X"$with_selinux" = X"no"; then SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, NULL) fi dnl dnl Add -R options to LDFLAGS, etc. dnl if test X"$LDFLAGS_R" != X""; then LDFLAGS="$LDFLAGS $LDFLAGS_R" fi if test X"$SUDOERS_LDFLAGS_R" != X""; then SUDOERS_LDFLAGS="$SUDOERS_LDFLAGS $SUDOERS_LDFLAGS_R" fi if test X"$ZLIB_R" != X""; then ZLIB="$ZLIB_R $ZLIB" fi dnl dnl Override default configure dirs for the Makefile dnl if test X"$prefix" = X"NONE"; then test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man' else test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man' fi test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' test "$libexecdir" = '${exec_prefix}/libexec' && libexecdir='$(exec_prefix)/libexec' test "$includedir" = '${prefix}/include' && includedir='$(prefix)/include' test "$datarootdir" = '${prefix}/share' && datarootdir='$(prefix)/share' test "$docdir" = '${datarootdir}/doc/${PACKAGE_TARNAME}' && docdir='$(datarootdir)/doc/$(PACKAGE_TARNAME)' test "$localedir" = '${datarootdir}/locale' && localedir='$(datarootdir)/locale' test "$localstatedir" = '${prefix}/var' && localstatedir='$(prefix)/var' test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' dnl dnl Substitute into the Makefile and man pages dnl AC_CONFIG_FILES([Makefile common/Makefile compat/Makefile doc/Makefile include/Makefile src/sudo_usage.h src/Makefile plugins/sample/Makefile plugins/group_file/Makefile plugins/system_group/Makefile plugins/sudoers/Makefile plugins/sudoers/sudoers]) AC_OUTPUT dnl dnl Spew any text the user needs to know about dnl if test "$with_pam" = "yes"; then case $host_os in hpux*) if test -f /usr/lib/security/libpam_hpsec.so.1; then AC_MSG_NOTICE([You may wish to add the following line to /etc/pam.conf]) AC_MSG_NOTICE([sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login]) fi ;; linux*) AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo]) ;; esac fi dnl dnl Autoheader templates dnl AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.]) AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.]) AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.]) AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.]) AH_TEMPLATE(ENV_DEBUG, [Define to 1 to enable environment function debugging.]) AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.]) AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.]) AH_TEMPLATE(ENV_RESET, [Define to 1 to enable environment resetting by default.]) AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".]) AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.]) AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.]) AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.]) AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.]) AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM audit support.]) AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.]) AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.]) AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.]) AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.]) AH_TEMPLATE(HAVE_DLOPEN, [Define to 1 if you have the `dlopen' function.]) AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.]) AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.]) AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.]) AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords).]) AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords).]) AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords).]) AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords).]) AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords).]) AH_TEMPLATE(HAVE_GSS_KRB5_CCACHE_NAME, [Define to 1 if you have the `gss_krb5_ccache_name' function.]) AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.]) AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled).]) AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled).]) AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.]) AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.]) AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.]) AH_TEMPLATE(HAVE_KRB5_INIT_SECURE_CONTEXT, [Define to 1 if you have the `krb5_init_secure_context' function.]) AH_TEMPLATE(HAVE_KRB5_VERIFY_USER, [Define to 1 if you have the `krb5_verify_user' function.]) AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs . (OpenLDAP does not).]) AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.]) AH_TEMPLATE(HAVE_LIBINTL_H, [Define to 1 if you have the header file.]) AH_TEMPLATE(HAVE_LINUX_AUDIT, [Define to 1 to enable Linux audit support.]) AH_TEMPLATE(HAVE_SSSD, [Define to 1 to enable SSSD support.]) AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.]) AH_TEMPLATE(HAVE_OPTRESET, [Define to 1 if you have the `optreset' symbol.]) AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.]) AH_TEMPLATE(HAVE_PAM_LOGIN, [Define to 1 if you use a specific PAM session for sudo -i.]) AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the header file.]) AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.]) AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.]) AH_TEMPLATE(HAVE_SETKEYCREATECON, [Define to 1 if you have the `setkeycreatecon' function.]) AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 if you have the `shl_load' function.]) AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.]) AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().]) AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments.]) AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union.]) AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member.]) AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member.]) AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.]) AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.]) AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements.]) AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.]) AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.]) AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.]) AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.]) AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM session support.]) AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.]) AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.]) AH_TEMPLATE(NO_TTY_TICKETS, [Define to 1 if you want a single ticket file instead of per-tty files.]) AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.]) AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.]) AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.]) AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.]) AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.]) AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.]) AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.]) AH_TEMPLATE(STATIC_SUDOERS_PLUGIN, [Define to 1 to compile the sudoers plugin statically into the sudo binary.]) AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.]) AH_TEMPLATE(UMASK_OVERRIDE, [Define to 1 to use the umask specified in sudoers even when it is less restrictive than the invoking user's.]) AH_TEMPLATE(USE_ADMIN_FLAG, [Define to 1 if you want to create ~/.sudo_as_admin_successful if the user is in the admin group the first time they run sudo.]) AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.]) AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.]) AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.]) AH_TEMPLATE(sig_atomic_t, [Define to `int' if does not define.]) AH_TEMPLATE(socklen_t, [Define to `unsigned int' if doesn't define.]) AH_TEMPLATE(HAVE_STRUCT_UTMP_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmp'.]) AH_TEMPLATE(HAVE_STRUCT_UTMPX_UT_EXIT, [Define to 1 if `ut_exit' is a member of `struct utmpx'.]) AH_TEMPLATE(HAVE___FUNC__, [Define to 1 if the compiler supports the C99 __func__ variable.]) AH_TEMPLATE(HAVE___INTERPOSE, [Define to 1 if you have dyld with __interpose attribute support.]) AH_TEMPLATE(SUDO_KRB5_INSTANCE, [An instance string to append to the username (separated by a slash) for Kerberos V authentication.]) AH_TEMPLATE(RTLD_PRELOAD_VAR, [The environment variable that controls preloading of dynamic objects.]) AH_TEMPLATE(RTLD_PRELOAD_ENABLE_VAR, [An extra environment variable that is required to enable preloading (if any).]) AH_TEMPLATE(RTLD_PRELOAD_DELIM, [The delimiter to use when defining multiple preloaded objects.]) AH_TEMPLATE(RTLD_PRELOAD_DEFAULT, [The default value of preloaded objects (if any).]) AH_TEMPLATE(HAVE_DSO_VISIBILITY, [Define to 1 if the compiler supports the __visibility__ attribute.]) AH_TEMPLATE(HAVE_SYS_SIGABBREV, [Define to 1 if your libc has the `sys_sigabbrev' symbol.]) AH_TEMPLATE(HAVE_NSS_SEARCH, [Define to 1 if you have the `nss_search' function.]) AH_TEMPLATE(HAVE__NSS_INITF_GROUP, [Define to 1 if you have the `_nss_initf_group' function.]) AH_TEMPLATE(HAVE___NSS_INITF_GROUP, [Define to 1 if you have the `__nss_initf_group' function.]) AH_TEMPLATE(HAVE__NSS_XBYY_BUF_ALLOC, [Define to 1 if you have the `_nss_XbyY_buf_alloc' function.]) AH_TEMPLATE(HAVE___NSS_XBYY_BUF_ALLOC, [Define to 1 if you have the `__nss_XbyY_buf_alloc' function.]) dnl dnl Bits to copy verbatim into config.h.in dnl AH_TOP([#ifndef _SUDO_CONFIG_H #define _SUDO_CONFIG_H]) AH_BOTTOM([/* * Macros to convert ctime and mtime into timevals. */ #define timespec2timeval(_ts, _tv) do { \ (_tv)->tv_sec = (_ts)->tv_sec; \ (_tv)->tv_usec = (_ts)->tv_nsec / 1000; \ } while (0) #ifdef HAVE_ST_MTIM # ifdef HAVE_ST__TIM # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim.st__tim, (_y)) # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim.st__tim, (_y)) # else # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctim, (_y)) # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtim, (_y)) # endif #else # ifdef HAVE_ST_MTIMESPEC # define ctim_get(_x, _y) timespec2timeval(&(_x)->st_ctimespec, (_y)) # define mtim_get(_x, _y) timespec2timeval(&(_x)->st_mtimespec, (_y)) # else # define ctim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_ctime; (_y)->tv_usec = 0; } while (0) # define mtim_get(_x, _y) do { (_y)->tv_sec = (_x)->st_mtime; (_y)->tv_usec = 0; } while (0) # endif /* HAVE_ST_MTIMESPEC */ #endif /* HAVE_ST_MTIM */ #ifdef __GNUC__ # define ignore_result(x) do { \ __typeof__(x) y = (x); \ (void)y; \ } while(0) #else # define ignore_result(x) (void)(x) #endif /* BSD compatibility on some SVR4 systems. */ #ifdef __svr4__ # define BSD_COMP #endif /* __svr4__ */ #endif /* _SUDO_CONFIG_H */])