dnl dnl Process this file with GNU autoconf to produce a configure script. dnl $Sudo: configure.in,v 1.413.2.53 2008/06/22 20:23:56 millert Exp $ dnl dnl Copyright (c) 1994-1996,1998-2007 Todd C. Miller dnl AC_INIT([sudo], [1.6.9]) AC_CONFIG_HEADER(config.h pathnames.h) dnl dnl This won't work before AC_INIT dnl AC_MSG_NOTICE([Configuring Sudo version 1.6.9]) dnl dnl Variables that get substituted in the Makefile and man pages dnl AC_SUBST(LIBTOOL) AC_SUBST(CFLAGS) AC_SUBST(PROGS) AC_SUBST(CPPFLAGS) AC_SUBST(LDFLAGS) AC_SUBST(SUDO_LDFLAGS) AC_SUBST(SUDO_OBJS) AC_SUBST(LIBS) AC_SUBST(SUDO_LIBS) AC_SUBST(NET_LIBS) AC_SUBST(AFS_LIBS) AC_SUBST(GETGROUPS_LIB) AC_SUBST(OSDEFS) AC_SUBST(AUTH_OBJS) AC_SUBST(MANTYPE) AC_SUBST(MAN_POSTINSTALL) AC_SUBST(SUDOERS_MODE) AC_SUBST(SUDOERS_UID) AC_SUBST(SUDOERS_GID) AC_SUBST(DEV) AC_SUBST(SELINUX) AC_SUBST(BAMAN) AC_SUBST(LCMAN) AC_SUBST(SEMAN) AC_SUBST(mansectsu) AC_SUBST(mansectform) AC_SUBST(mansrcdir) AC_SUBST(NOEXECFILE) AC_SUBST(NOEXECDIR) AC_SUBST(noexec_file) AC_SUBST(INSTALL_NOEXEC) AC_SUBST(DONT_LEAK_PATH_INFO) dnl dnl Variables that get substituted in docs (not overridden by environment) dnl AC_SUBST(timedir)dnl initial value from SUDO_TIMEDIR AC_SUBST(timeout) AC_SUBST(password_timeout) AC_SUBST(sudo_umask) AC_SUBST(passprompt) AC_SUBST(long_otp_prompt) AC_SUBST(lecture) AC_SUBST(logfac) AC_SUBST(goodpri) AC_SUBST(badpri) AC_SUBST(loglen) AC_SUBST(ignore_dot) AC_SUBST(mail_no_user) AC_SUBST(mail_no_host) AC_SUBST(mail_no_perms) AC_SUBST(mailto) AC_SUBST(mailsub) AC_SUBST(badpass_message) AC_SUBST(fqdn) AC_SUBST(runas_default) AC_SUBST(env_editor) AC_SUBST(passwd_tries) AC_SUBST(tty_tickets) AC_SUBST(insults) AC_SUBST(root_sudo) AC_SUBST(path_info) dnl dnl Initial values for above dnl timeout=5 password_timeout=5 sudo_umask=0022 passprompt="Password:" long_otp_prompt=off lecture=once logfac=local2 goodpri=notice badpri=alert loglen=80 ignore_dot=off mail_no_user=on mail_no_host=off mail_no_perms=off mailto=root mailsub='*** SECURITY information for %h ***' badpass_message='Sorry, try again.' fqdn=off runas_default=root env_editor=off passwd_tries=3 tty_tickets=off insults=off root_sudo=on path_info=on INSTALL_NOEXEC= dnl dnl Initial values for Makefile variables listed above dnl May be overridden by environment variables.. dnl PROGS="sudo visudo" : ${MANTYPE='man'} : ${mansrcdir='.'} : ${SUDOERS_MODE='0440'} : ${SUDOERS_UID='0'} : ${SUDOERS_GID='0'} DEV="#" SELINUX="#" BAMAN='.\" ' LCMAN='.\" ' SEMAN='.\" ' AUTH_OBJS= AUTH_REG= AUTH_EXCL= AUTH_EXCL_DEF= AUTH_DEF=passwd dnl dnl Other vaiables dnl CHECKSHADOW=true shadow_defs= shadow_funcs= shadow_libs= shadow_libs_optional= dnl dnl Override default configure dirs... dnl if test X"$prefix" = X"NONE"; then test "$mandir" = '${datarootdir}/man' && mandir='$(prefix)/man' else test "$mandir" = '${datarootdir}/man' && mandir='$(datarootdir)/man' fi test "$bindir" = '${exec_prefix}/bin' && bindir='$(exec_prefix)/bin' test "$sbindir" = '${exec_prefix}/sbin' && sbindir='$(exec_prefix)/sbin' test "$sysconfdir" = '${prefix}/etc' -a X"$with_stow" != X"yes" && sysconfdir='/etc' dnl dnl Deprecated --with options (these all warn or generate an error) dnl AC_ARG_WITH(otp-only, [ --with-otp-only deprecated], [case $with_otp_only in yes) with_passwd="no" AC_MSG_NOTICE([--with-otp-only option deprecated, treating as --without-passwd]) ;; esac]) AC_ARG_WITH(alertmail, [ --with-alertmail deprecated], [case $with_alertmail in *) with_mailto="$with_alertmail" AC_MSG_NOTICE([--with-alertmail option deprecated, treating as --mailto]) ;; esac]) dnl dnl Options for --with dnl AC_ARG_WITH(CC, [ --with-CC C compiler to use], [case $with_CC in yes) AC_MSG_ERROR(["must give --with-CC an argument."]) ;; no) AC_MSG_ERROR(["illegal argument: --without-CC."]) ;; *) CC=$with_CC ;; esac]) AC_ARG_WITH(rpath, [ --with-rpath pass -R flag in addition to -L for lib paths], [case $with_rpath in yes|no) ;; *) AC_MSG_ERROR(["--with-rpath does not take an argument."]) ;; esac]) AC_ARG_WITH(blibpath, [ --with-blibpath[=PATH] pass -blibpath flag to ld for additional lib paths], [case $with_blibpath in yes|no) ;; *) AC_MSG_NOTICE([will pass -blibpath:${with_blibpath} to the loader.]) ;; esac]) AC_ARG_WITH(incpath, [ --with-incpath additional places to look for include files], [case $with_incpath in yes) AC_MSG_ERROR(["must give --with-incpath an argument."]) ;; no) AC_MSG_ERROR(["--without-incpath not supported."]) ;; *) AC_MSG_NOTICE([Adding ${with_incpath} to CPPFLAGS]) for i in ${with_incpath}; do CPPFLAGS="${CPPFLAGS} -I${i}" done ;; esac]) AC_ARG_WITH(libpath, [ --with-libpath additional places to look for libraries], [case $with_libpath in yes) AC_MSG_ERROR(["must give --with-libpath an argument."]) ;; no) AC_MSG_ERROR(["--without-libpath not supported."]) ;; *) AC_MSG_NOTICE([Adding ${with_libpath} to LDFLAGS]) ;; esac]) AC_ARG_WITH(libraries, [ --with-libraries additional libraries to link with], [case $with_libraries in yes) AC_MSG_ERROR(["must give --with-libraries an argument."]) ;; no) AC_MSG_ERROR(["--without-libraries not supported."]) ;; *) AC_MSG_NOTICE([Adding ${with_libraries} to LIBS]) ;; esac]) AC_ARG_WITH(devel, [ --with-devel add development options], [case $with_devel in yes) AC_MSG_NOTICE([Setting up for development: -Wall, flex, yacc]) PROGS="${PROGS} testsudoers" OSDEFS="${OSDEFS} -DSUDO_DEVEL" DEV="" ;; no) ;; *) AC_MSG_WARN([Ignoring unknown argument to --with-devel: $with_devel]) ;; esac]) AC_ARG_WITH(efence, [ --with-efence link with -lefence for malloc() debugging], [case $with_efence in yes) AC_MSG_NOTICE([Sudo will link with -lefence (Electric Fence)]) LIBS="${LIBS} -lefence" if test -f /usr/local/lib/libefence.a; then with_libpath="${with_libpath} /usr/local/lib" fi ;; no) ;; *) AC_MSG_WARN([Ignoring unknown argument to --with-efence: $with_efence]) ;; esac]) AC_ARG_WITH(csops, [ --with-csops add CSOps standard options], [case $with_csops in yes) AC_MSG_NOTICE([Adding CSOps standard options]) CHECKSIA=false with_ignore_dot=yes insults=on with_classic_insults=yes with_csops_insults=yes with_env_editor=yes : ${mansectsu='8'} : ${mansectform='5'} ;; no) ;; *) AC_MSG_WARN([Ignoring unknown argument to --with-csops: $with_csops]) ;; esac]) AC_ARG_WITH(passwd, [ --without-passwd don't use passwd/shadow file for authentication], [case $with_passwd in yes|no) AC_MSG_CHECKING(whether to use shadow/passwd file authentication) AC_MSG_RESULT($with_passwd) AUTH_DEF="" test "$with_passwd" = "yes" && AUTH_REG="$AUTH_REG passwd" ;; *) AC_MSG_ERROR(["Sorry, --with-passwd does not take an argument."]) ;; esac]) AC_ARG_WITH(skey, [ --with-skey[=DIR] enable S/Key support ], [case $with_skey in no) with_skey="" ;; *) AC_DEFINE(HAVE_SKEY) AC_MSG_CHECKING(whether to try S/Key authentication) AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG S/Key" ;; esac]) AC_ARG_WITH(opie, [ --with-opie[=DIR] enable OPIE support ], [case $with_opie in no) with_opie="" ;; *) AC_DEFINE(HAVE_OPIE) AC_MSG_CHECKING(whether to try NRL OPIE authentication) AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG NRL_OPIE" ;; esac]) AC_ARG_WITH(long-otp-prompt, [ --with-long-otp-prompt use a two line OTP (skey/opie) prompt], [case $with_long_otp_prompt in yes) AC_DEFINE(LONG_OTP_PROMPT) AC_MSG_CHECKING(whether to use a two line prompt for OTP authentication) AC_MSG_RESULT(yes) long_otp_prompt=on ;; no) long_otp_prompt=off ;; *) AC_MSG_ERROR(["--with-long-otp-prompt does not take an argument."]) ;; esac]) AC_ARG_WITH(SecurID, [ --with-SecurID[[=DIR]] enable SecurID support], [case $with_SecurID in no) with_SecurID="";; *) AC_DEFINE(HAVE_SECURID) AC_MSG_CHECKING(whether to use SecurID for authentication) AC_MSG_RESULT(yes) AUTH_EXCL="$AUTH_EXCL SecurID" ;; esac]) AC_ARG_WITH(fwtk, [ --with-fwtk[[=DIR]] enable FWTK AuthSRV support], [case $with_fwtk in no) with_fwtk="";; *) AC_DEFINE(HAVE_FWTK) AC_MSG_CHECKING(whether to use FWTK AuthSRV for authentication) AC_MSG_RESULT(yes) AUTH_EXCL="$AUTH_EXCL FWTK" ;; esac]) AC_ARG_WITH(kerb4, [ --with-kerb4[[=DIR]] enable Kerberos IV support], [case $with_kerb4 in no) with_kerb4="";; *) AC_MSG_CHECKING(whether to try kerberos IV authentication) AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG kerb4" ;; esac]) AC_ARG_WITH(kerb5, [ --with-kerb5[[=DIR]] enable Kerberos V support], [case $with_kerb5 in no) with_kerb5="";; *) AC_MSG_CHECKING(whether to try Kerberos V authentication) AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG kerb5" ;; esac]) AC_ARG_WITH(aixauth, [ --with-aixauth enable AIX general authentication support], [case $with_aixauth in yes) AUTH_EXCL="$AUTH_EXCL AIX_AUTH";; no) ;; *) AC_MSG_ERROR(["--with-aixauth does not take an argument."]) ;; esac]) AC_ARG_WITH(pam, [ --with-pam enable PAM support], [case $with_pam in yes) AUTH_EXCL="$AUTH_EXCL PAM";; no) ;; *) AC_MSG_ERROR(["--with-pam does not take an argument."]) ;; esac]) AC_ARG_WITH(AFS, [ --with-AFS enable AFS support], [case $with_AFS in yes) AC_DEFINE(HAVE_AFS) AC_MSG_CHECKING(whether to try AFS (kerberos) authentication) AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG AFS" ;; no) ;; *) AC_MSG_ERROR(["--with-AFS does not take an argument."]) ;; esac]) AC_ARG_WITH(DCE, [ --with-DCE enable DCE support], [case $with_DCE in yes) AC_DEFINE(HAVE_DCE) AC_MSG_CHECKING(whether to try DCE (kerberos) authentication) AC_MSG_RESULT(yes) AUTH_REG="$AUTH_REG DCE" ;; no) ;; *) AC_MSG_ERROR(["--with-DCE does not take an argument."]) ;; esac]) AC_ARG_WITH(logincap, [ --with-logincap enable BSD login class support], [case $with_logincap in yes|no) ;; *) AC_MSG_ERROR(["--with-logincap does not take an argument."]) ;; esac]) AC_ARG_WITH(bsdauth, [ --with-bsdauth enable BSD authentication support], [case $with_bsdauth in yes) AUTH_EXCL="$AUTH_EXCL BSD_AUTH";; no) ;; *) AC_MSG_ERROR(["--with-bsdauth does not take an argument."]) ;; esac]) AC_ARG_WITH(project, [ --with-project enable Solaris project support], [case $with_project in yes|no) ;; no) ;; *) AC_MSG_ERROR(["--with-project does not take an argument."]) ;; esac]) AC_MSG_CHECKING(whether to lecture users the first time they run sudo) AC_ARG_WITH(lecture, [ --without-lecture don't print lecture for first-time sudoer], [case $with_lecture in yes|short|always) lecture=once ;; no|none|never) lecture=never ;; *) AC_MSG_ERROR(["unknown argument to --with-lecture: $with_lecture"]) ;; esac]) if test "$lecture" = "once"; then AC_MSG_RESULT(yes) else AC_DEFINE(NO_LECTURE) AC_MSG_RESULT(no) fi AC_MSG_CHECKING(whether sudo should log via syslog or to a file by default) AC_ARG_WITH(logging, [ --with-logging log via syslog, file, or both], [case $with_logging in yes) AC_MSG_ERROR(["must give --with-logging an argument."]) ;; no) AC_MSG_ERROR(["--without-logging not supported."]) ;; syslog) AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog) ;; file) AC_DEFINE(LOGGING, SLOG_FILE) AC_MSG_RESULT(file) ;; both) AC_DEFINE(LOGGING, SLOG_BOTH) AC_MSG_RESULT(both) ;; *) AC_MSG_ERROR(["unknown argument to --with-logging: $with_logging"]) ;; esac], [AC_DEFINE(LOGGING, SLOG_SYSLOG) AC_MSG_RESULT(syslog)]) AC_MSG_CHECKING(which syslog facility sudo should log with) AC_ARG_WITH(logfac, [ --with-logfac syslog facility to log with (default is "local2")], [case $with_logfac in yes) AC_MSG_ERROR(["must give --with-logfac an argument."]) ;; no) AC_MSG_ERROR(["--without-logfac not supported."]) ;; authpriv|auth|daemon|user|local0|local1|local2|local3|local4|local5|local6|local7) logfac=$with_logfac ;; *) AC_MSG_ERROR(["$with_logfac is not a supported syslog facility."]) ;; esac]) AC_DEFINE_UNQUOTED(LOGFAC, "$logfac", [The syslog facility sudo will use.]) AC_MSG_RESULT($logfac) AC_MSG_CHECKING(at which syslog priority to log commands) AC_ARG_WITH(goodpri, [ --with-goodpri syslog priority for commands (def is "notice")], [case $with_goodpri in yes) AC_MSG_ERROR(["must give --with-goodpri an argument."]) ;; no) AC_MSG_ERROR(["--without-goodpri not supported."]) ;; alert|crit|debug|emerg|err|info|notice|warning) goodpri=$with_goodpri ;; *) AC_MSG_ERROR(["$with_goodpri is not a supported syslog priority."]) ;; esac]) AC_DEFINE_UNQUOTED(PRI_SUCCESS, "$goodpri", [The syslog priority sudo will use for successful attempts.]) AC_MSG_RESULT($goodpri) AC_MSG_CHECKING(at which syslog priority to log failures) AC_ARG_WITH(badpri, [ --with-badpri syslog priority for failures (def is "alert")], [case $with_badpri in yes) AC_MSG_ERROR(["must give --with-badpri an argument."]) ;; no) AC_MSG_ERROR(["--without-badpri not supported."]) ;; alert|crit|debug|emerg|err|info|notice|warning) badpri=$with_badpri ;; *) AC_MSG_ERROR([$with_badpri is not a supported syslog priority.]) ;; esac]) AC_DEFINE_UNQUOTED(PRI_FAILURE, "$badpri", [The syslog priority sudo will use for unsuccessful attempts/errors.]) AC_MSG_RESULT($badpri) AC_ARG_WITH(logpath, [ --with-logpath path to the sudo log file], [case $with_logpath in yes) AC_MSG_ERROR(["must give --with-logpath an argument."]) ;; no) AC_MSG_ERROR(["--without-logpath not supported."]) ;; esac]) AC_MSG_CHECKING(how long a line in the log file should be) AC_ARG_WITH(loglen, [ --with-loglen maximum length of a log file line (default is 80)], [case $with_loglen in yes) AC_MSG_ERROR(["must give --with-loglen an argument."]) ;; no) AC_MSG_ERROR(["--without-loglen not supported."]) ;; [[0-9]]*) loglen=$with_loglen ;; *) AC_MSG_ERROR(["you must enter a number, not $with_loglen"]) ;; esac]) AC_DEFINE_UNQUOTED(MAXLOGFILELEN, $loglen, [The max number of chars per log file line (for line wrapping).]) AC_MSG_RESULT($loglen) AC_MSG_CHECKING(whether sudo should ignore '.' or '' in \$PATH) AC_ARG_WITH(ignore-dot, [ --with-ignore-dot ignore '.' in the PATH], [case $with_ignore_dot in yes) ignore_dot=on ;; no) ignore_dot=off ;; *) AC_MSG_ERROR(["--with-ignore-dot does not take an argument."]) ;; esac]) if test "$ignore_dot" = "on"; then AC_DEFINE(IGNORE_DOT_PATH) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_MSG_CHECKING(whether to send mail when a user is not in sudoers) AC_ARG_WITH(mail-if-no-user, [ --without-mail-if-no-user do not send mail if user not in sudoers], [case $with_mail_if_no_user in yes) mail_no_user=on ;; no) mail_no_user=off ;; *) AC_MSG_ERROR(["--with-mail-if-no-user does not take an argument."]) ;; esac]) if test "$mail_no_user" = "on"; then AC_DEFINE(SEND_MAIL_WHEN_NO_USER) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_MSG_CHECKING(whether to send mail when user listed but not for this host) AC_ARG_WITH(mail-if-no-host, [ --with-mail-if-no-host send mail if user in sudoers but not for this host], [case $with_mail_if_no_host in yes) mail_no_host=on ;; no) mail_no_host=off ;; *) AC_MSG_ERROR(["--with-mail-if-no-host does not take an argument."]) ;; esac]) if test "$mail_no_host" = "on"; then AC_DEFINE(SEND_MAIL_WHEN_NO_HOST) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_MSG_CHECKING(whether to send mail when a user tries a disallowed command) AC_ARG_WITH(mail-if-noperms, [ --with-mail-if-noperms send mail if user not allowed to run command], [case $with_mail_if_noperms in yes) mail_noperms=on ;; no) mail_noperms=off ;; *) AC_MSG_ERROR(["--with-mail-if-noperms does not take an argument."]) ;; esac]) if test "$mail_noperms" = "on"; then AC_DEFINE(SEND_MAIL_WHEN_NOT_OK) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_MSG_CHECKING(who should get the mail that sudo sends) AC_ARG_WITH(mailto, [ --with-mailto who should get sudo mail (default is "root")], [case $with_mailto in yes) AC_MSG_ERROR(["must give --with-mailto an argument."]) ;; no) AC_MSG_ERROR(["--without-mailto not supported."]) ;; *) mailto=$with_mailto ;; esac]) AC_DEFINE_UNQUOTED(MAILTO, "$mailto", [The user or email address that sudo mail is sent to.]) AC_MSG_RESULT([$mailto]) AC_ARG_WITH(mailsubject, [ --with-mailsubject subject of sudo mail], [case $with_mailsubject in yes) AC_MSG_ERROR(["must give --with-mailsubject an argument."]) ;; no) AC_MSG_WARN([Sorry, --without-mailsubject not supported.]) ;; *) mailsub="$with_mailsubject" AC_MSG_CHECKING(sudo mail subject) AC_MSG_RESULT([Using alert mail subject: $mailsub]) ;; esac]) AC_DEFINE_UNQUOTED(MAILSUBJECT, "$mailsub", [The subject of the mail sent by sudo to the MAILTO user/address.]) AC_MSG_CHECKING(for bad password prompt) AC_ARG_WITH(passprompt, [ --with-passprompt default password prompt], [case $with_passprompt in yes) AC_MSG_ERROR(["must give --with-passprompt an argument."]) ;; no) AC_MSG_WARN([Sorry, --without-passprompt not supported.]) ;; *) passprompt="$with_passprompt" esac]) AC_MSG_RESULT($passprompt) AC_DEFINE_UNQUOTED(PASSPROMPT, "$passprompt", [The default password prompt.]) AC_MSG_CHECKING(for bad password message) AC_ARG_WITH(badpass-message, [ --with-badpass-message message the user sees when the password is wrong], [case $with_badpass_message in yes) AC_MSG_ERROR(["Must give --with-badpass-message an argument."]) ;; no) AC_MSG_WARN([Sorry, --without-badpass-message not supported.]) ;; *) badpass_message="$with_badpass_message" ;; esac]) AC_DEFINE_UNQUOTED(INCORRECT_PASSWORD, "$badpass_message", [The message given when a bad password is entered.]) AC_MSG_RESULT([$badpass_message]) AC_MSG_CHECKING(whether to expect fully qualified hosts in sudoers) AC_ARG_WITH(fqdn, [ --with-fqdn expect fully qualified hosts in sudoers], [case $with_fqdn in yes) fqdn=on ;; no) fqdn=off ;; *) AC_MSG_ERROR(["--with-fqdn does not take an argument."]) ;; esac]) if test "$fqdn" = "on"; then AC_DEFINE(FQDN) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_ARG_WITH(timedir, [ --with-timedir path to the sudo timestamp dir], [case $with_timedir in yes) AC_MSG_ERROR(["must give --with-timedir an argument."]) ;; no) AC_MSG_ERROR(["--without-timedir not supported."]) ;; esac]) AC_ARG_WITH(sendmail, [ --with-sendmail=path set path to sendmail --without-sendmail do not send mail at all], [case $with_sendmail in yes) with_sendmail="" ;; no) ;; *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SENDMAIL, "$with_sendmail") ;; esac]) AC_ARG_WITH(sudoers-mode, [ --with-sudoers-mode mode of sudoers file (defaults to 0440)], [case $with_sudoers_mode in yes) AC_MSG_ERROR(["must give --with-sudoers-mode an argument."]) ;; no) AC_MSG_ERROR(["--without-sudoers-mode not supported."]) ;; [[1-9]]*) SUDOERS_MODE=0${with_sudoers_mode} ;; 0*) SUDOERS_MODE=$with_sudoers_mode ;; *) AC_MSG_ERROR(["you must use an octal mode, not a name."]) ;; esac]) AC_ARG_WITH(sudoers-uid, [ --with-sudoers-uid uid that owns sudoers file (defaults to 0)], [case $with_sudoers_uid in yes) AC_MSG_ERROR(["must give --with-sudoers-uid an argument."]) ;; no) AC_MSG_ERROR(["--without-sudoers-uid not supported."]) ;; [[0-9]]*) SUDOERS_UID=$with_sudoers_uid ;; *) AC_MSG_ERROR(["you must use an unsigned numeric uid, not a name."]) ;; esac]) AC_ARG_WITH(sudoers-gid, [ --with-sudoers-gid gid that owns sudoers file (defaults to 0)], [case $with_sudoers_gid in yes) AC_MSG_ERROR(["must give --with-sudoers-gid an argument."]) ;; no) AC_MSG_ERROR(["--without-sudoers-gid not supported."]) ;; [[0-9]]*) SUDOERS_GID=$with_sudoers_gid ;; *) AC_MSG_ERROR(["you must use an unsigned numeric gid, not a name."]) ;; esac]) AC_MSG_CHECKING(for umask programs should be run with) AC_ARG_WITH(umask, [ --with-umask umask with which the prog should run (default is 022) --without-umask Preserves the umask of the user invoking sudo.], [case $with_umask in yes) AC_MSG_ERROR(["must give --with-umask an argument."]) ;; no) sudo_umask=0777 ;; [[0-9]]*) sudo_umask=$with_umask ;; *) AC_MSG_ERROR(["you must enter a numeric mask."]) ;; esac]) AC_DEFINE_UNQUOTED(SUDO_UMASK, $sudo_umask, [The umask that the root-run prog should use.]) if test "$sudo_umask" = "0777"; then AC_MSG_RESULT(user) else AC_MSG_RESULT($sudo_umask) fi AC_MSG_CHECKING(for default user to run commands as) AC_ARG_WITH(runas-default, [ --with-runas-default User to run commands as (default is "root")], [case $with_runas_default in yes) AC_MSG_ERROR(["must give --with-runas-default an argument."]) ;; no) AC_MSG_ERROR(["--without-runas-default not supported."]) ;; *) runas_default="$with_runas_default" ;; esac]) AC_DEFINE_UNQUOTED(RUNAS_DEFAULT, "$runas_default", [The user sudo should run commands as by default.]) AC_MSG_RESULT([$runas_default]) AC_ARG_WITH(exempt, [ --with-exempt=group no passwd needed for users in this group], [case $with_exempt in yes) AC_MSG_ERROR(["must give --with-exempt an argument."]) ;; no) AC_MSG_ERROR(["--without-exempt not supported."]) ;; *) AC_DEFINE_UNQUOTED(EXEMPTGROUP, "$with_exempt", [If defined, users in this group need not enter a passwd (ie "sudo").]) AC_MSG_CHECKING(for group to be exempt from password) AC_MSG_RESULT([$with_exempt]) ;; esac]) AC_MSG_CHECKING(for editor that visudo should use) AC_ARG_WITH(editor, [ --with-editor=path Default editor for visudo (defaults to vi)], [case $with_editor in yes) AC_MSG_ERROR(["must give --with-editor an argument."]) ;; no) AC_MSG_ERROR(["--without-editor not supported."]) ;; *) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.]) AC_MSG_RESULT([$with_editor]) ;; esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)]) AC_MSG_CHECKING(whether to obey EDITOR and VISUAL environment variables) AC_ARG_WITH(env-editor, [ --with-env-editor Use the environment variable EDITOR for visudo], [case $with_env_editor in yes) env_editor=on ;; no) env_editor=off ;; *) AC_MSG_ERROR(["--with-env-editor does not take an argument."]) ;; esac]) if test "$env_editor" = "on"; then AC_DEFINE(ENV_EDITOR) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_MSG_CHECKING(number of tries a user gets to enter their password) AC_ARG_WITH(passwd-tries, [ --with-passwd-tries number of tries to enter password (default is 3)], [case $with_passwd_tries in yes) ;; no) AC_MSG_ERROR(["--without-editor not supported."]) ;; [[1-9]]*) passwd_tries=$with_passwd_tries ;; *) AC_MSG_ERROR(["you must enter the numer of tries, > 0"]) ;; esac]) AC_DEFINE_UNQUOTED(TRIES_FOR_PASSWORD, $passwd_tries, [The number of tries a user gets to enter their password.]) AC_MSG_RESULT($passwd_tries) AC_MSG_CHECKING(time in minutes after which sudo will ask for a password again) AC_ARG_WITH(timeout, [ --with-timeout minutes before sudo asks for passwd again (def is 5 minutes)], [case $with_timeout in yes) ;; no) timeout=0 ;; [[0-9]]*) timeout=$with_timeout ;; *) AC_MSG_ERROR(["you must enter the numer of minutes."]) ;; esac]) AC_DEFINE_UNQUOTED(TIMEOUT, $timeout, [The number of minutes before sudo asks for a password again.]) AC_MSG_RESULT($timeout) AC_MSG_CHECKING(time in minutes after the password prompt will time out) AC_ARG_WITH(password-timeout, [ --with-password-timeout passwd prompt timeout in minutes (default is 5 minutes)], [case $with_password_timeout in yes) ;; no) password_timeout=0 ;; [[0-9]]*) password_timeout=$with_password_timeout ;; *) AC_MSG_ERROR(["you must enter the numer of minutes."]) ;; esac]) AC_DEFINE_UNQUOTED(PASSWORD_TIMEOUT, $password_timeout, [The passwd prompt timeout (in minutes).]) AC_MSG_RESULT($password_timeout) AC_MSG_CHECKING(whether to use per-tty ticket files) AC_ARG_WITH(tty-tickets, [ --with-tty-tickets use a different ticket file for each tty], [case $with_tty_tickets in yes) tty_tickets=on ;; no) tty_tickets=off ;; *) AC_MSG_ERROR(["--with-tty-tickets does not take an argument."]) ;; esac]) if test "$tty_tickets" = "on"; then AC_DEFINE(USE_TTY_TICKETS) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_MSG_CHECKING(whether to include insults) AC_ARG_WITH(insults, [ --with-insults insult the user for entering an incorrect password], [case $with_insults in yes) insults=on with_classic_insults=yes with_csops_insults=yes ;; no) insults=off ;; *) AC_MSG_ERROR(["--with-insults does not take an argument."]) ;; esac]) if test "$insults" = "on"; then AC_DEFINE(USE_INSULTS) AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi AC_ARG_WITH(all-insults, [ --with-all-insults include all the sudo insult sets], [case $with_all_insults in yes) with_classic_insults=yes with_csops_insults=yes with_hal_insults=yes with_goons_insults=yes ;; no) ;; *) AC_MSG_ERROR(["--with-all-insults does not take an argument."]) ;; esac]) AC_ARG_WITH(classic-insults, [ --with-classic-insults include the insults from the "classic" sudo], [case $with_classic_insults in yes) AC_DEFINE(CLASSIC_INSULTS) ;; no) ;; *) AC_MSG_ERROR(["--with-classic-insults does not take an argument."]) ;; esac]) AC_ARG_WITH(csops-insults, [ --with-csops-insults include CSOps insults], [case $with_csops_insults in yes) AC_DEFINE(CSOPS_INSULTS) ;; no) ;; *) AC_MSG_ERROR(["--with-csops-insults does not take an argument."]) ;; esac]) AC_ARG_WITH(hal-insults, [ --with-hal-insults include 2001-like insults], [case $with_hal_insults in yes) AC_DEFINE(HAL_INSULTS) ;; no) ;; *) AC_MSG_ERROR(["--with-hal-insults does not take an argument."]) ;; esac]) AC_ARG_WITH(goons-insults, [ --with-goons-insults include the insults from the "Goon Show"], [case $with_goons_insults in yes) AC_DEFINE(GOONS_INSULTS) ;; no) ;; *) AC_MSG_ERROR(["--with-goons-insults does not take an argument."]) ;; esac]) AC_ARG_WITH(ldap, [ --with-ldap[[=DIR]] enable LDAP support], [case $with_ldap in no) with_ldap="";; *) AC_DEFINE(HAVE_LDAP) AC_MSG_CHECKING(whether to use sudoers from LDAP) AC_MSG_RESULT(yes) ;; esac]) AC_ARG_WITH(ldap-conf-file, [ --with-ldap-conf-file path to LDAP configuration file], [AC_DEFINE_UNQUOTED(_PATH_LDAP_CONF, "$with_ldap_conf_file", [Path to the ldap.conf file])]) AC_ARG_WITH(ldap-secret-file, [ --with-ldap-secret-file path to LDAP secret password file], [AC_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$with_ldap_secret_file", [Path to the ldap.secret file])]) AC_ARG_WITH(pc-insults, [ --with-pc-insults replace politically incorrect insults with less offensive ones], [case $with_pc_insults in yes) AC_DEFINE(PC_INSULTS) ;; no) ;; *) AC_MSG_ERROR(["--with-pc-insults does not take an argument."]) ;; esac]) dnl include all insult sets on one line if test "$insults" = "on"; then AC_MSG_CHECKING(which insult sets to include) i="" test "$with_goons_insults" = "yes" && i="goons ${i}" test "$with_hal_insults" = "yes" && i="hal ${i}" test "$with_csops_insults" = "yes" && i="csops ${i}" test "$with_classic_insults" = "yes" && i="classic ${i}" AC_MSG_RESULT([$i]) fi AC_MSG_CHECKING(whether to override the user's path) AC_ARG_WITH(secure-path, [ --with-secure-path override the user's path with a built-in one], [case $with_secure_path in yes) AC_DEFINE_UNQUOTED(SECURE_PATH, "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc") AC_MSG_RESULT([:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc]) ;; no) AC_MSG_RESULT(no) ;; *) AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path") AC_MSG_RESULT([$with_secure_path]) ;; esac], AC_MSG_RESULT(no)) AC_MSG_CHECKING(whether to get ip addresses from the network interfaces) AC_ARG_WITH(interfaces, [ --without-interfaces don't try to read the ip addr of ether interfaces], [case $with_interfaces in yes) AC_MSG_RESULT(yes) ;; no) AC_DEFINE(STUB_LOAD_INTERFACES) AC_MSG_RESULT(no) ;; *) AC_MSG_ERROR(["--with-interfaces does not take an argument."]) ;; esac], AC_MSG_RESULT(yes)) AC_MSG_CHECKING(whether stow should be used) AC_ARG_WITH(stow, [ --with-stow properly handle GNU stow packaging], [case $with_stow in yes) AC_MSG_RESULT(yes) AC_DEFINE(USE_STOW) ;; no) AC_MSG_RESULT(no) ;; *) AC_MSG_ERROR(["--with-stow does not take an argument."]) ;; esac], AC_MSG_RESULT(no)) dnl dnl Options for --enable dnl AC_MSG_CHECKING(whether to do user authentication by default) AC_ARG_ENABLE(authentication, [ --disable-authentication Do not require authentication by default], [ case "$enableval" in yes) AC_MSG_RESULT(yes) ;; no) AC_MSG_RESULT(no) AC_DEFINE(NO_AUTHENTICATION) ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-authentication: $enableval]) ;; esac ], AC_MSG_RESULT(yes)) AC_MSG_CHECKING(whether to disable running the mailer as root) AC_ARG_ENABLE(root-mailer, [ --disable-root-mailer Don't run the mailer as root, run as the user], [ case "$enableval" in yes) AC_MSG_RESULT(no) ;; no) AC_MSG_RESULT(yes) AC_DEFINE(NO_ROOT_MAILER) ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-root-mailer: $enableval]) ;; esac ], AC_MSG_RESULT(no)) AC_ARG_ENABLE(setreuid, [ --disable-setreuid Don't try to use the setreuid() function], [ case "$enableval" in no) SKIP_SETREUID=yes ;; *) ;; esac ]) AC_ARG_ENABLE(setresuid, [ --disable-setresuid Don't try to use the setresuid() function], [ case "$enableval" in no) SKIP_SETRESUID=yes ;; *) ;; esac ]) AC_MSG_CHECKING(whether to disable shadow password support) AC_ARG_ENABLE(shadow, [ --disable-shadow Never use shadow passwords], [ case "$enableval" in yes) AC_MSG_RESULT(no) ;; no) AC_MSG_RESULT(yes) CHECKSHADOW="false" ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-shadow: $enableval]) ;; esac ], AC_MSG_RESULT(no)) AC_MSG_CHECKING(whether root should be allowed to use sudo) AC_ARG_ENABLE(root-sudo, [ --disable-root-sudo Don't allow root to run sudo], [ case "$enableval" in yes) AC_MSG_RESULT(yes) ;; no) AC_DEFINE(NO_ROOT_SUDO) AC_MSG_RESULT(no) root_sudo=off ;; *) AC_MSG_ERROR(["--enable-root-sudo does not take an argument."]) ;; esac ], AC_MSG_RESULT(yes)) AC_MSG_CHECKING(whether to log the hostname in the log file) AC_ARG_ENABLE(log-host, [ --enable-log-host Log the hostname in the log file], [ case "$enableval" in yes) AC_MSG_RESULT(yes) AC_DEFINE(HOST_IN_LOG) ;; no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-log-host: $enableval]) ;; esac ], AC_MSG_RESULT(no)) AC_MSG_CHECKING(whether to invoke a shell if sudo is given no arguments) AC_ARG_ENABLE(noargs-shell, [ --enable-noargs-shell If sudo is given no arguments run a shell], [ case "$enableval" in yes) AC_MSG_RESULT(yes) AC_DEFINE(SHELL_IF_NO_ARGS) ;; no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-noargs-shell: $enableval]) ;; esac ], AC_MSG_RESULT(no)) AC_MSG_CHECKING(whether to set \$HOME to target user in shell mode) AC_ARG_ENABLE(shell-sets-home, [ --enable-shell-sets-home set $HOME to target user in shell mode], [ case "$enableval" in yes) AC_MSG_RESULT(yes) AC_DEFINE(SHELL_SETS_HOME) ;; no) AC_MSG_RESULT(no) ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-shell-sets-home: $enableval]) ;; esac ], AC_MSG_RESULT(no)) AC_MSG_CHECKING(whether to disable 'command not found' messages) AC_ARG_ENABLE(path_info, [ --disable-path-info Print 'command not allowed' not 'command not found'], [ case "$enableval" in yes) AC_MSG_RESULT(no) ;; no) AC_MSG_RESULT(yes) AC_DEFINE(DONT_LEAK_PATH_INFO) path_info=off ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-path-info: $enableval]) ;; esac ], AC_MSG_RESULT(no)) AC_ARG_WITH(selinux, [ --with-selinux enable SELinux support], [case $with_selinux in yes) AC_DEFINE(HAVE_SELINUX) SUDO_LIBS="${SUDO_LIBS} -lselinux" SUDO_OBJS="${SUDO_OBJS} selinux.o" PROGS="${PROGS} sesh" SELINUX="" SEMAN="" ;; no) ;; *) AC_MSG_ERROR(["--with-selinux does not take an argument."]) ;; esac]) dnl dnl If we don't have egrep we can't do anything... dnl AC_CHECK_PROG(EGREPPROG, egrep, egrep) if test -z "$EGREPPROG"; then AC_MSG_ERROR([Sorry, configure requires egrep to run.]) fi dnl dnl Prevent configure from adding the -g flag unless in devel mode dnl if test "$with_devel" != "yes"; then ac_cv_prog_cc_g=no fi dnl dnl C compiler checks dnl AC_ISC_POSIX AC_PROG_CPP dnl dnl Libtool magic; enable shared libs and disable static libs dnl AC_CANONICAL_HOST AC_CANONICAL_TARGET([]) AC_DISABLE_STATIC AC_PROG_LIBTOOL dnl dnl Defer with_noexec until after libtool magic runs dnl if test "$enable_shared" = "no"; then with_noexec=no else eval _shrext="$shrext_cmds" fi AC_MSG_CHECKING(path to sudo_noexec.so) AC_ARG_WITH(noexec, [ --with-noexec[=PATH] fully qualified pathname of sudo_noexec.so], [case $with_noexec in yes) with_noexec="$libexecdir/sudo_noexec$_shrext" ;; no) ;; *) ;; esac], [with_noexec="$libexecdir/sudo_noexec$_shrext"]) AC_MSG_RESULT($with_noexec) NOEXECFILE="sudo_noexec$_shrext" NOEXECDIR="`echo $with_noexec|sed 's:^\(.*\)/[[^/]]*:\1:'`" dnl dnl It is now safe to modify CFLAGS and CPPFLAGS dnl if test "$with_devel" = "yes" -a -n "$GCC"; then CFLAGS="${CFLAGS} -Wall" fi dnl dnl Find programs we use dnl AC_CHECK_PROG(UNAMEPROG, uname, uname) AC_CHECK_PROG(TRPROG, tr, tr) AC_CHECK_PROG(NROFFPROG, nroff, nroff) if test -z "$NROFFPROG"; then MANTYPE="cat" mansrcdir='$(srcdir)' fi dnl dnl What kind of beastie are we being run on? dnl Barf if config.cache was generated on another host. dnl if test -n "$sudo_cv_prev_host"; then if test "$sudo_cv_prev_host" != "$host"; then AC_MSG_ERROR([config.cache was created on a different host; remove it and re-run configure.]) else AC_MSG_CHECKING(previous host type) AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host") AC_MSG_RESULT([$sudo_cv_prev_host]) fi else # this will produce no output since there is no cached value AC_CACHE_VAL(sudo_cv_prev_host, sudo_cv_prev_host="$host") fi dnl dnl We want to be able to differentiate between different rev's dnl if test -n "$host_os"; then OS=`echo $host_os | sed 's/[[0-9]].*//'` OSREV=`echo $host_os | sed 's/^[[^0-9\.]]*\([[0-9\.]]*\).*$/\1/'` OSMAJOR=`echo $OSREV | sed 's/\..*$//'` else OS="unknown" OSREV=0 OSMAJOR=0 fi case "$host" in *-*-sunos4*) # getcwd(3) opens a pipe to getpwd(1)!?! BROKEN_GETCWD=1 # system headers lack prototypes but gcc helps... if test -n "$GCC"; then OSDEFS="${OSDEFS} -D__USE_FIXED_PROTOTYPES__" fi shadow_funcs="getpwanam issecure" ;; *-*-solaris2*) # To get the crypt(3) prototype (so we pass -Wall) OSDEFS="${OSDEFS} -D__EXTENSIONS__" # AFS support needs -lucb if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lucb" fi : ${mansectsu='1m'} : ${mansectform='4'} : ${with_rpath='yes'} test -z "$with_pam" && AUTH_EXCL_DEF="PAM" ;; *-*-aix*) # To get all prototypes (so we pass -Wall) OSDEFS="${OSDEFS} -D_XOPEN_EXTENDED_SOURCE -D_ALL_SOURCE" SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-bI:\$(srcdir)/aixcrypt.exp" if test X"$with_blibpath" != X"no"; then AC_MSG_CHECKING([if linker accepts -Wl,-blibpath]) O_LDFLAGS="$LDFLAGS" LDFLAGS="$O_LDFLAGS -Wl,-blibpath:/usr/lib:/lib" AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], [ if test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then blibpath="$with_blibpath" elif test -n "$GCC"; then blibpath="/usr/lib:/lib:/usr/local/lib" else blibpath="/usr/lib:/lib" fi AC_MSG_RESULT(yes) ], [AC_MSG_RESULT(no)]) fi LDFLAGS="$O_LDFLAGS" # Use authenticate(3) as the default authentication method if test X"$with_aixauth" = X""; then AC_CHECK_FUNCS(authenticate, [AUTH_EXCL_DEF="AIX_AUTH"]) fi ;; *-*-hiuxmpp*) : ${mansectsu='1m'} : ${mansectform='4'} ;; *-*-hpux*) # AFS support needs -lBSD if test "$with_AFS" = "yes"; then AFS_LIBS="-lc -lBSD" fi : ${mansectsu='1m'} : ${mansectform='4'} case "$host" in *-*-hpux[1-8].*) AC_DEFINE(BROKEN_SYSLOG) # Not sure if setuid binaries are safe in < 9.x if test -n "$GCC"; then SUDO_LDFLAGS="${SUDO_LDFLAGS} -static" else SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-a,archive" fi ;; *-*-hpux9.*) AC_DEFINE(BROKEN_SYSLOG) shadow_funcs="getspwuid" # DCE support (requires ANSI C compiler) if test "$with_DCE" = "yes"; then # order of libs in 9.X is important. -lc_r must be last SUDO_LIBS="${SUDO_LIBS} -ldce -lM -lc_r" LIBS="${LIBS} -ldce -lM -lc_r" CPPFLAGS="${CPPFLAGS} -D_REENTRANT -I/usr/include/reentrant" fi ;; *-*-hpux10.*) shadow_funcs="getprpwnam iscomsec" shadow_libs="-lsec" ;; *) shadow_funcs="getspnam iscomsec" shadow_libs="-lsec" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" ;; esac ;; *-dec-osf*) # ignore envariables wrt dynamic lib path SUDO_LDFLAGS="${SUDO_LDFLAGS} -Wl,-no_library_replacement" : ${CHECKSIA='true'} AC_MSG_CHECKING(whether to disable sia support on Digital UNIX) AC_ARG_ENABLE(sia, [ --disable-sia Disable SIA on Digital UNIX], [ case "$enableval" in yes) AC_MSG_RESULT(no) CHECKSIA=true ;; no) AC_MSG_RESULT(yes) CHECKSIA=false ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-sia: $enableval]) ;; esac ], AC_MSG_RESULT(no)) shadow_funcs="getprpwnam dispcrypt" # OSF/1 4.x and higher need -ldb too if test $OSMAJOR -lt 4; then shadow_libs="-lsecurity -laud -lm" else shadow_libs="-lsecurity -ldb -laud -lm" fi # use SIA by default, if we have it test "$CHECKSIA" = "true" && AUTH_EXCL_DEF="SIA" # # Some versions of Digital Unix ship with a broken # copy of prot.h, which we need for shadow passwords. # XXX - make should remove this as part of distclean # AC_MSG_CHECKING([for broken prot.h]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include #include #include ]], [[exit(0);]])], [AC_MSG_RESULT(no)], [AC_MSG_RESULT([yes, fixing locally]) sed 's:::g' < /usr/include/prot.h > prot.h ]) : ${mansectsu='8'} : ${mansectform='4'} ;; *-*-irix*) OSDEFS="${OSDEFS} -D_BSD_TYPES" if test -z "$NROFFPROG"; then MAN_POSTINSTALL=' /bin/rm -f $(mandirsu)/sudo.$(mansectsu).z $(mandirsu)/visudo.$(mansectsu).z $(mandirform)/sudoers.$(mansectform).z ; /usr/bin/pack $(mandirsu)/sudo.$(mansectsu) $(mandirsu)/visudo.$(mansectsu) $(mandirform)/sudoers.$(mansectform)' if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then if test -d /usr/share/catman/local; then mandir="/usr/share/catman/local" else mandir="/usr/catman/local" fi fi else if test "$prefix" = "/usr/local" -a "$mandir" = '$(prefix)/man'; then if test -d "/usr/share/man/local"; then mandir="/usr/share/man/local" else mandir="/usr/man/local" fi fi fi # IRIX <= 4 needs -lsun if test "$OSMAJOR" -le 4; then AC_CHECK_LIB(sun, getpwnam, [LIBS="${LIBS} -lsun"]) fi : ${mansectsu='1m'} : ${mansectform='4'} ;; *-*-linux*|*-*-k*bsd*-gnu) OSDEFS="${OSDEFS} -D_GNU_SOURCE" # Some Linux versions need to link with -lshadow shadow_funcs="getspnam" shadow_libs_optional="-lshadow" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" ;; *-convex-bsd*) OSDEFS="${OSDEFS} -D_CONVEX_SOURCE" if test -z "$GCC"; then CFLAGS="${CFLAGS} -D__STDC__" fi shadow_defs="-D_AUDIT -D_ACL -DSecureWare" shadow_funcs="getprpwnam" shadow_libs="-lprot" ;; *-*-ultrix*) OS="ultrix" shadow_funcs="getauthuid" shadow_libs="-lauth" ;; *-*-riscos*) LIBS="${LIBS} -lsun -lbsd" CPPFLAGS="${CPPFLAGS} -I/usr/include -I/usr/include/bsd" OSDEFS="${OSDEFS} -D_MIPS" : ${mansectsu='1m'} : ${mansectform='4'} ;; *-*-isc*) OSDEFS="${OSDEFS} -D_ISC" LIB_CRYPT=1 SUDO_LIBS="${SUDO_LIBS} -lcrypt" LIBS="${LIBS} -lcrypt" shadow_funcs="getspnam" shadow_libs="-lsec" : ${mansectsu='1m'} : ${mansectform='4'} ;; *-*-sco*|*-sco-*) shadow_funcs="getprpwnam" shadow_libs="-lprot -lx" : ${mansectsu='1m'} : ${mansectform='4'} ;; m88k-motorola-sysv*) # motorolla's cc (a variant of gcc) does -O but not -O2 CFLAGS=`echo $CFLAGS | sed 's/-O2/-O/g'` : ${mansectsu='1m'} : ${mansectform='4'} ;; *-sequent-sysv*) shadow_funcs="getspnam" shadow_libs="-lsec" : ${mansectsu='1m'} : ${mansectform='4'} : ${with_rpath='yes'} ;; *-ncr-sysv4*|*-ncr-sysvr4*) AC_CHECK_LIB(c89, strcasecmp, AC_DEFINE(HAVE_STRCASECMP) [LIBS="${LIBS} -lc89"; ac_cv_func_strcasecmp=yes]) : ${mansectsu='1m'} : ${mansectform='4'} : ${with_rpath='yes'} ;; *-ccur-sysv4*|*-ccur-sysvr4*) LIBS="${LIBS} -lgen" SUDO_LIBS="${SUDO_LIBS} -lgen" : ${mansectsu='1m'} : ${mansectform='4'} : ${with_rpath='yes'} ;; *-*-bsdi*) SKIP_SETREUID=yes # Use shlicc for BSD/OS [23].x unless asked to do otherwise if test "${with_CC+set}" != set -a "$ac_cv_prog_CC" = gcc; then case "$OSMAJOR" in 2|3) AC_MSG_NOTICE([using shlicc as CC]) ac_cv_prog_CC=shlicc CC="$ac_cv_prog_CC" ;; esac fi # Check for newer BSD auth API (just check for >= 3.0?) if test -z "$with_bsdauth"; then AC_CHECK_FUNCS(auth_challenge, [AUTH_EXCL_DEF="BSD_AUTH"]) fi ;; *-*-freebsd*) # FreeBSD has a real setreuid(2) starting with 2.1 and # backported to 2.0.5. We just take 2.1 and above... case "$OSREV" in 0.*|1.*|2.0*) SKIP_SETREUID=yes ;; esac if test "$with_skey" = "yes"; then SUDO_LIBS="${SUDO_LIBS} -lmd" fi CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='maybe'} ;; *-*-*openbsd*) # OpenBSD has a real setreuid(2) starting with 3.3 but # we will use setreuid(2) instead. SKIP_SETREUID=yes CHECKSHADOW="false" # OpenBSD >= 3.0 supports BSD auth if test -z "$with_bsdauth"; then case "$OSREV" in [0-2].*) ;; *) AUTH_EXCL_DEF="BSD_AUTH" ;; esac fi : ${with_logincap='maybe'} ;; *-*-*netbsd*) # NetBSD has a real setreuid(2) starting with 1.3.2 case "$OSREV" in 0.9*|1.[012]*|1.3|1.3.1) SKIP_SETREUID=yes ;; esac CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='maybe'} ;; *-*-dragonfly*) if test "$with_skey" = "yes"; then SUDO_LIBS="${SUDO_LIBS} -lmd" fi CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='yes'} ;; *-*-*fabbsd*) SKIP_SETREUID=yes CHECKSHADOW="false" AUTH_EXCL_DEF="BSD_AUTH" : ${with_logincap='maybe'} ;; *-*-*bsd*) CHECKSHADOW="false" ;; *-*-darwin*) SKIP_SETREUID=yes CHECKSHADOW="false" test -z "$with_pam" && AUTH_EXCL_DEF="PAM" : ${with_logincap='yes'} ;; *-*-nextstep*) # lockf() on is broken on the NeXT -- use flock instead ac_cv_func_lockf=no ac_cv_func_flock=yes ;; *-*-*sysv4*) : ${mansectsu='1m'} : ${mansectform='4'} : ${with_rpath='yes'} ;; *-*-sysv*) : ${mansectsu='1m'} : ${mansectform='4'} ;; *-gnu*) OSDEFS="${OSDEFS} -D_GNU_SOURCE" ;; esac dnl dnl Check for mixing mutually exclusive and regular auth methods dnl AUTH_REG=${AUTH_REG# } AUTH_EXCL=${AUTH_EXCL# } if test -n "$AUTH_EXCL"; then set -- $AUTH_EXCL if test $# != 1; then AC_MSG_ERROR([More than one mutually exclusive authentication method specified: $AUTH_EXCL]) fi if test -n "$AUTH_REG"; then AC_MSG_ERROR([Cannot mix mutually exclusive ($AUTH_EXCL) and regular ($AUTH_REG) authentication methods]) fi fi dnl dnl Only one of S/Key and OPIE may be specified dnl if test X"${with_skey}${with_opie}" = X"yesyes"; then AC_MSG_ERROR(["cannot use both S/Key and OPIE"]) fi dnl dnl Use BSD-style man sections by default dnl : ${mansectsu='8'} : ${mansectform='5'} dnl dnl Add in any libpaths or libraries specified via configure dnl if test -n "$with_libpath"; then for i in ${with_libpath}; do SUDO_APPEND_LIBPATH(LDFLAGS, [$i]) done fi if test -n "$with_libraries"; then for i in ${with_libraries}; do case $i in -l*) ;; *.a) ;; *.o) ;; *) i="-l${i}";; esac LIBS="${LIBS} ${i}" done fi dnl dnl C compiler checks (to be done after os checks) dnl AC_PROG_GCC_TRADITIONAL AC_C_CONST AC_C_VOLATILE dnl dnl Program checks dnl AC_PROG_YACC SUDO_PROG_MV SUDO_PROG_BSHELL if test -z "$with_sendmail"; then SUDO_PROG_SENDMAIL fi if test -z "$with_editor"; then SUDO_PROG_VI fi dnl dnl Header file checks dnl AC_HEADER_STDC AC_HEADER_DIRENT AC_HEADER_TIME AC_CHECK_HEADERS(malloc.h paths.h utime.h netgroup.h sys/sockio.h sys/bsdtypes.h sys/select.h) AC_CHECK_HEADERS([err.h], [], [AC_LIBOBJ(err)]) dnl ultrix termio/termios are broken if test "$OS" != "ultrix"; then AC_SYS_POSIX_TERMIOS if test "$ac_cv_sys_posix_termios" = "yes"; then AC_DEFINE(HAVE_TERMIOS_H) else AC_CHECK_HEADERS(termio.h) fi fi if test ${with_logincap-'no'} != "no"; then AC_CHECK_HEADERS(login_cap.h, [LCMAN="" case "$OS" in freebsd|netbsd) SUDO_LIBS="${SUDO_LIBS} -lutil" ;; esac ]) fi if test ${with_project-'no'} != "no"; then AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H) [SUDO_LIBS="${SUDO_LIBS} -lproject"], -) fi dnl dnl typedef checks dnl AC_TYPE_MODE_T AC_TYPE_UID_T AC_CHECK_TYPES([sig_atomic_t], , [AC_DEFINE(sig_atomic_t, int)], [#include #include ]) AC_CHECK_TYPES([sigaction_t], [AC_DEFINE(HAVE_SIGACTION_T)], [], [#include #include ]) AC_CHECK_TYPE([struct timespec], [AC_DEFINE(HAVE_TIMESPEC)], [], [#include #if TIME_WITH_SYS_TIME # include #endif #include ]) AC_CHECK_TYPES([struct in6_addr], [AC_DEFINE(HAVE_IN6_ADDR)], [], [#include #include ]) SUDO_TYPE_SIZE_T SUDO_TYPE_SSIZE_T SUDO_TYPE_DEV_T SUDO_TYPE_INO_T SUDO_FULL_VOID SUDO_UID_T_LEN SUDO_TYPE_LONG_LONG SUDO_SOCK_SA_LEN dnl dnl only set RETSIGTYPE if it is not set already dnl case "$DEFS" in *"RETSIGTYPE"*) ;; *) AC_TYPE_SIGNAL;; esac dnl dnl Function checks dnl AC_FUNC_GETGROUPS AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \ strftime setrlimit initgroups getgroups fstat gettimeofday \ setlocale getaddrinfo setsid) if test -z "$SKIP_SETRESUID"; then AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes]) fi if test -z "$SKIP_SETREUID"; then AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes]) fi if test -z "$SKIP_SETEUID"; then AC_CHECK_FUNCS(seteuid) fi if test X"$with_interfaces" != X"no"; then AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)]) fi if test -z "$BROKEN_GETCWD"; then AC_REPLACE_FUNCS(getcwd) fi AC_CHECK_FUNCS(glob, [AC_MSG_CHECKING(for GLOB_BRACE and GLOB_TILDE in glob.h) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[int i = GLOB_BRACE | GLOB_TILDE; (void)i;]])], [AC_DEFINE(HAVE_EXTENDED_GLOB) AC_MSG_RESULT(yes)], [AC_LIBOBJ(glob) AC_MSG_RESULT(no)])], [AC_LIBOBJ(glob)]) AC_CHECK_FUNCS(lockf flock, [break]) AC_CHECK_FUNCS(waitpid wait3, [break]) AC_CHECK_FUNCS(innetgr _innetgr, [AC_CHECK_FUNCS(getdomainname) [break]]) AC_CHECK_FUNCS(lsearch, [], [AC_CHECK_LIB([compat], [lsearch], [AC_CHECK_HEADER([search.h], [AC_DEFINE(HAVE_LSEARCH)] [LIBS="${LIBS} -lcompat"], [AC_LIBOBJ(lsearch)], -)], [AC_LIBOBJ(lsearch)])]) AC_CHECK_FUNCS(utimes, [AC_CHECK_FUNCS(futimes futimesat, [break])], [AC_CHECK_FUNCS(futime) AC_LIBOBJ(utimes)]) SUDO_FUNC_FNMATCH([AC_DEFINE(HAVE_FNMATCH)], [AC_LIBOBJ(fnmatch)]) SUDO_FUNC_ISBLANK AC_REPLACE_FUNCS(memrchr strerror strcasecmp sigaction strlcpy strlcat) AC_CHECK_FUNCS(closefrom, [], [AC_LIBOBJ(closefrom) AC_CHECK_DECL(F_CLOSEM, AC_DEFINE(HAVE_FCNTL_CLOSEM), [], [ #include #include ]) ]) AC_CHECK_FUNCS(mkstemp, [], [SUDO_OBJS="${SUDO_OBJS} mkstemp.o" AC_CHECK_FUNCS(random lrand48, [break]) ]) AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf, , [NEED_SNPRINTF=1]) if test X"$ac_cv_type_struct_timespec" != X"no"; then AC_CHECK_MEMBER([struct stat.st_mtim], [AC_DEFINE(HAVE_ST_MTIM)] [AC_CHECK_MEMBER([struct stat.st_mtim.st__tim], AC_DEFINE(HAVE_ST__TIM))], [AC_CHECK_MEMBER([struct stat.st_mtimespec], AC_DEFINE([HAVE_ST_MTIMESPEC]))]) AC_MSG_CHECKING([for two-parameter timespecsub]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include #include ]], [[struct timespec ts1, ts2; ts1.tv_sec = 1; ts1.tv_nsec = 0; ts2.tv_sec = 0; ts2.tv_nsec = 0; #ifndef timespecsub #error missing timespecsub #endif timespecsub(&ts1, &ts2);]])], [AC_DEFINE(HAVE_TIMESPECSUB2) AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)]) fi dnl dnl Check for the dirfd function/macro. If not found, look for dd_fd in DIR. dnl AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include #include <$ac_header_dirent>]], [[DIR *d; (void)dirfd(d);]])], [AC_DEFINE(HAVE_DIRFD)], [AC_TRY_LINK([#include #include <$ac_header_dirent>], [DIR d; memset(&d, 0, sizeof(d)); return(d.dd_fd);], [AC_DEFINE(HAVE_DD_FD)])]) dnl dnl If NEED_SNPRINTF is set, add snprintf.c to LIBOBJS dnl (it contains snprintf, vsnprintf, asprintf, and vasprintf) dnl if test -n "$NEED_SNPRINTF"; then AC_LIBOBJ(snprintf) fi dnl dnl If socket(2) not in libc, check -lsocket and -linet dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols dnl In this case we look for main(), not socket() to avoid using a cached value dnl AC_CHECK_FUNC(socket, , [AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(inet, socket, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find socket() trying -lsocket -lnsl) AC_CHECK_LIB(socket, socket, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl)))]) dnl dnl If inet_addr(3) not in libc, check -lnsl and -linet dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols dnl AC_CHECK_FUNC(inet_addr, , [AC_CHECK_FUNC(__inet_addr, , AC_CHECK_LIB(nsl, inet_addr, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, inet_addr, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"], AC_MSG_WARN(unable to find inet_addr() trying -lsocket -lnsl) AC_CHECK_LIB(socket, inet_addr, [NET_LIBS="${NET_LIBS} -lsocket -lnsl"; LIBS="${LIBS} -lsocket -lnsl"], , -lnsl))))]) dnl dnl If syslog(3) not in libc, check -lsocket, -lnsl and -linet dnl AC_CHECK_FUNC(syslog, , [AC_CHECK_LIB(socket, syslog, [NET_LIBS="${NET_LIBS} -lsocket"; LIBS="${LIBS} -lsocket"], AC_CHECK_LIB(nsl, syslog, [NET_LIBS="${NET_LIBS} -lnsl"; LIBS="${LIBS} -lnsl"], AC_CHECK_LIB(inet, syslog, [NET_LIBS="${NET_LIBS} -linet"; LIBS="${LIBS} -linet"])))]) dnl dnl Bison and DCE use alloca(3), if not in libc, use the sudo one (from gcc) dnl (gcc includes its own alloca(3) but other compilers may not) dnl if test "$with_DCE" = "yes" -o "$ac_cv_prog_YACC" = "bison -y"; then AC_FUNC_ALLOCA fi dnl dnl Check for getprogname() or __progname dnl AC_CHECK_FUNCS(getprogname, , [ AC_MSG_CHECKING([for __progname]) AC_CACHE_VAL(sudo_cv___progname, [ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[extern char *__progname; (void)puts(__progname);]])], [sudo_cv___progname=yes], [sudo_cv___progname=no])]) if test "$sudo_cv___progname" = "yes"; then AC_DEFINE(HAVE___PROGNAME) else AC_LIBOBJ(getprogname) fi AC_MSG_RESULT($sudo_cv___progname) ]) dnl dnl Mutually exclusive auth checks come first, followed by dnl non-exclusive ones. Note: passwd must be last of all! dnl dnl dnl Convert default authentication methods to with_* if dnl no explicit authentication scheme was specified. dnl if test -z "${AUTH_EXCL}${AUTH_REG}" -a -n "$AUTH_EXCL_DEF"; then for auth in $AUTH_EXCL_DEF; do case $auth in AIX_AUTH) with_aixauth=maybe;; BSD_AUTH) with_bsdauth=maybe;; PAM) with_pam=maybe;; SIA) CHECKSIA=true;; esac done fi dnl dnl PAM support. Systems that use PAM by default set with_pam=default dnl and we do the actual tests here. dnl if test ${with_pam-"no"} != "no"; then dnl dnl Linux may need this dnl AC_CHECK_LIB([dl], [main], [SUDO_LIBS="${SUDO_LIBS} -lpam -ldl"], [SUDO_LIBS="${SUDO_LIBS} -lpam"]) ac_cv_lib_dl=ac_cv_lib_dl_main dnl dnl Some PAM implementations (MacOS X for example) put the PAM headers dnl in /usr/include/pam instead of /usr/include/security... dnl AC_CHECK_HEADERS([security/pam_appl.h] [pam/pam_appl.h], [with_pam=yes; break]) if test "$with_pam" = "yes"; then AC_DEFINE(HAVE_PAM) AUTH_OBJS="$AUTH_OBJS pam.o"; AUTH_EXCL=PAM AC_MSG_CHECKING(whether to use PAM session support) AC_ARG_ENABLE(pam_session, [ --disable-pam-session Disable PAM session support], [ case "$enableval" in yes) AC_MSG_RESULT(yes) ;; no) AC_MSG_RESULT(no) AC_DEFINE(NO_PAM_SESSION) ;; *) AC_MSG_RESULT(no) AC_MSG_WARN([Ignoring unknown argument to --enable-pam-session: $enableval]) ;; esac], AC_MSG_RESULT(yes)) case $host in *-*-linux*|*-*-solaris*) # dgettext() may be defined to dgettext_libintl in the # header file, so first check that it links w/ additional # libs, then try with -lintl AC_LINK_IFELSE([AC_LANG_PROGRAM( [[#include ]], [(void)dgettext((char *)0, (char *)0);])], [AC_DEFINE(HAVE_DGETTEXT)], [AC_CHECK_LIB(intl, dgettext, [LIBS="${LIBS} -lintl"] [AC_DEFINE(HAVE_DGETTEXT)])]) ;; esac fi fi dnl dnl AIX general authentication dnl If set to "maybe" only enable if no other exclusive method in use. dnl if test ${with_aixauth-'no'} != "no"; then if test X"$with_aixauth" != X"maybe" -o X"$AUTH_EXCL" = X""; then AC_MSG_NOTICE([using AIX general authentication]) AC_DEFINE(HAVE_AIXAUTH) AUTH_OBJS="$AUTH_OBJS aix_auth.o"; SUDO_LIBS="${SUDO_LIBS} -ls" AUTH_EXCL=AIX_AUTH fi fi dnl dnl BSD authentication dnl If set to "maybe" only enable if no other exclusive method in use. dnl if test ${with_bsdauth-'no'} != "no"; then AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H) [AUTH_OBJS="$AUTH_OBJS bsdauth.o"] [AUTH_EXCL=BSD_AUTH; BAMAN=""], [AC_MSG_ERROR([BSD authentication was specified but bsd_auth.h could not be found])]) fi dnl dnl SIA authentication for Tru64 Unix dnl if test ${CHECKSIA-'false'} = "true"; then AC_CHECK_FUNCS(sia_ses_init, [found=true], [found=false]) if test "$found" = "true"; then AUTH_EXCL=SIA AUTH_OBJS="$AUTH_OBJS sia.o" fi fi dnl dnl extra FWTK libs + includes dnl if test ${with_fwtk-'no'} != "no"; then if test "$with_fwtk" != "yes"; then SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_fwtk}]) CPPFLAGS="${CPPFLAGS} -I${with_fwtk}" with_fwtk=yes fi SUDO_LIBS="${SUDO_LIBS} -lauth -lfwall" AUTH_OBJS="$AUTH_OBJS fwtk.o" fi dnl dnl extra SecurID lib + includes dnl if test ${with_SecurID-'no'} != "no"; then if test "$with_SecurID" != "yes"; then : elif test -d /usr/ace/examples; then with_SecurID=/usr/ace/examples else with_SecurID=/usr/ace fi CPPFLAGS="${CPPFLAGS} -I${with_SecurID}" _LDFLAGS="${LDFLAGS}" SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}]) # # Determine whether to use the new or old SecurID API # AC_CHECK_LIB(aceclnt, SD_Init, [ AUTH_OBJS="$AUTH_OBJS securid5.o"; SUDO_LIBS="${SUDO_LIBS} -laceclnt -lpthread" ] [ SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_SecurID}]) ], [ AUTH_OBJS="$AUTH_OBJS securid.o"; SUDO_LIBS="${SUDO_LIBS} ${with_SecurID}/sdiclient.a" ], [ -lpthread ] ) LDFLAGS="${_LDFLAGS}" fi dnl dnl Non-mutually exclusive auth checks come next. dnl Note: passwd must be last of all! dnl dnl dnl Convert default authentication methods to with_* if dnl no explicit authentication scheme was specified. dnl if test -z "${AUTH_EXCL}" -a -n "$AUTH_DEF"; then for auth in $AUTH_DEF; do case $auth in passwd) : ${with_passwd='maybe'};; esac done fi dnl dnl Kerberos IV dnl if test ${with_kerb4-'no'} != "no"; then AC_DEFINE(HAVE_KERB4) dnl dnl Use the specified directory, if any, else search for correct inc dir dnl O_LDFLAGS="$LDFLAGS" if test "$with_kerb4" = "yes"; then found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" AC_PREPROC_IFELSE([#include ], [found=yes; break]) done test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS" else SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib]) SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb4}/lib]) CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include" AC_CHECK_HEADER([krb.h], [found=yes], [found=no]) fi if test X"$found" = X"no"; then AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS]) fi dnl dnl Check for -ldes vs. -ldes425 dnl AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [ AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""]) ]) dnl dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV dnl AC_MSG_CHECKING(whether we are using KTH Kerberos IV) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[const char *tmp = krb4_version;]])], [ AC_MSG_RESULT(yes) K4LIBS="${K4LIBS} -lcom_err" AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"]) ], [ AC_MSG_RESULT(no) ] ) dnl dnl The actual Kerberos IV lib might be -lkrb or -lkrb4 dnl AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [ AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"], [K4LIBS="-lkrb $K4LIBS"] [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDO_LDFLAGS and possibly add Kerberos libs to SUDO_LIBS])] , [$K4LIBS]) ], [$K4LIBS]) LDFLAGS="$O_LDFLAGS" SUDO_LIBS="${SUDO_LIBS} $K4LIBS" AUTH_OBJS="$AUTH_OBJS kerb4.o" fi dnl dnl Kerberos V dnl There is an easy way and a hard way... dnl if test ${with_kerb5-'no'} != "no"; then AC_CHECK_PROG(KRB5CONFIG, krb5-config, yes, "") if test -n "$KRB5CONFIG"; then AC_DEFINE(HAVE_KERB5) AUTH_OBJS="$AUTH_OBJS kerb5.o" CPPFLAGS="$CPPFLAGS `krb5-config --cflags`" SUDO_LIBS="$SUDO_LIBS `krb5-config --libs`" dnl dnl Try to determine whether we have Heimdal or MIT Kerberos dnl AC_MSG_CHECKING(whether we are using Heimdal) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[const char *tmp = heimdal_version;]])], [ AC_MSG_RESULT(yes) AC_DEFINE(HAVE_HEIMDAL) ], [ AC_MSG_RESULT(no) ] ) fi fi if test ${with_kerb5-'no'} != "no" -a -z "$KRB5CONFIG"; then AC_DEFINE(HAVE_KERB5) dnl dnl Use the specified directory, if any, else search for correct inc dir dnl if test "$with_kerb5" = "yes"; then found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "kerberosV/" "krb5/" "kerberos5/" "kerberosv5/"; do CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}" AC_PREPROC_IFELSE([#include ], [found=yes; break]) done if test X"$found" = X"no"; then CPPFLAGS="$O_CPPFLAGS" AC_MSG_WARN([Unable to locate Kerberos V include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS]) fi else dnl XXX - try to include krb5.h here too SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_kerb5}/lib]) CPPFLAGS="$CPPFLAGS -I${with_kerb5}/include" fi dnl dnl Try to determine whether we have Heimdal or MIT Kerberos dnl AC_MSG_CHECKING(whether we are using Heimdal) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], [[const char *tmp = heimdal_version;]])], [ AC_MSG_RESULT(yes) AC_DEFINE(HAVE_HEIMDAL) SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lcrypto -ldes -lcom_err -lasn1" AC_CHECK_LIB(roken, main, [SUDO_LIBS="${SUDO_LIBS} -lroken"]) ], [ AC_MSG_RESULT(no) SUDO_LIBS="${SUDO_LIBS} -lkrb5 -lk5crypto -lcom_err" AC_CHECK_LIB(krb5support, main, [SUDO_LIBS="${SUDO_LIBS} -lkrb5support,"]) ]) AUTH_OBJS="$AUTH_OBJS kerb5.o" _LIBS="$LIBS" LIBS="${LIBS} ${SUDO_LIBS}" AC_CHECK_FUNCS(krb5_verify_user krb5_init_secure_context) LIBS="$_LIBS" fi dnl dnl extra AFS libs and includes dnl if test ${with_AFS-'no'} = "yes"; then # looks like the "standard" place for AFS libs is /usr/afsws/lib AFSLIBDIRS="/usr/lib/afs /usr/afsws/lib /usr/afsws/lib/afs" for i in $AFSLIBDIRS; do if test -d ${i}; then SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [$i]) FOUND_AFSLIBDIR=true fi done if test -z "$FOUND_AFSLIBDIR"; then AC_MSG_WARN([Unable to locate AFS libraries, you will have to edit the Makefile and add -L/path/to/afs/libs to SUDO_LDFLAGS or rerun configure with the --with-libpath options.]) fi # Order is important here. Note that we build AFS_LIBS from right to left # since AFS_LIBS may be initialized with BSD compat libs that must go last AFS_LIBS="-laudit ${AFS_LIBS}" for i in $AFSLIBDIRS; do if test -f ${i}/util.a; then AFS_LIBS="${i}/util.a ${AFS_LIBS}" FOUND_UTIL_A=true break; fi done if test -z "$FOUND_UTIL_A"; then AFS_LIBS="-lutil ${AFS_LIBS}" fi AFS_LIBS="-lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err ${AFS_LIBS}" # AFS includes may live in /usr/include on some machines... for i in /usr/afsws/include; do if test -d ${i}; then CPPFLAGS="${CPPFLAGS} -I${i}" FOUND_AFSINCDIR=true fi done if test -z "$FOUND_AFSLIBDIR"; then AC_MSG_WARN([Unable to locate AFS include dir, you may have to edit the Makefile and add -I/path/to/afs/includes to CPPFLAGS or rerun configure with the --with-incpath options.]) fi AUTH_OBJS="$AUTH_OBJS afs.o" fi dnl dnl extra DCE obj + lib dnl Order of libs in HP-UX 10.x is important, -ldce must be last. dnl if test ${with_DCE-'no'} = "yes"; then DCE_OBJS="${DCE_OBJS} dce_pwent.o" SUDO_LIBS="${SUDO_LIBS} -ldce" AUTH_OBJS="$AUTH_OBJS dce.o" fi dnl dnl extra S/Key lib and includes dnl if test ${with_skey-'no'} = "yes"; then O_LDFLAGS="$LDFLAGS" if test "$with_skey" != "yes"; then CPPFLAGS="${CPPFLAGS} -I${with_skey}/include" SUDO_APPEND_LIBPATH(LDFLAGS, [${with_skey}/lib]) SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_skey}/lib]) AC_PREPROC_IFELSE([#include ], [found=yes], [found=no]) else found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "/usr/local" "/usr/contrib"; do test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" AC_PREPROC_IFELSE([#include ], [found=yes; break]) done if test "$found" = "no" -o -z "$dir"; then CPPFLAGS="$O_CPPFLAGS" else SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib]) SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib]) fi fi if test "$found" = "no"; then AC_MSG_WARN([Unable to locate skey.h, you will have to edit the Makefile and add -I/path/to/skey/includes to CPPFLAGS]) fi AC_CHECK_LIB(skey, main, [found=yes], [AC_MSG_WARN([Unable to locate libskey.a, you will have to edit the Makefile and add -L/path/to/skey/lib to SUDO_LDFLAGS])]) AC_CHECK_LIB(skey, skeyaccess, AC_DEFINE(HAVE_SKEYACCESS)) LDFLAGS="$O_LDFLAGS" SUDO_LIBS="${SUDO_LIBS} -lskey" AUTH_OBJS="$AUTH_OBJS rfc1938.o" fi dnl dnl extra OPIE lib and includes dnl if test ${with_opie-'no'} = "yes"; then O_LDFLAGS="$LDFLAGS" if test "$with_opie" != "yes"; then CPPFLAGS="${CPPFLAGS} -I${with_opie}/include" SUDO_APPEND_LIBPATH(LDFLAGS, [${with_opie}/lib]) SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_opie}/lib]) AC_PREPROC_IFELSE([#include ], [found=yes], [found=no]) else found=no O_CPPFLAGS="$CPPFLAGS" for dir in "" "/usr/local" "/usr/contrib"; do test -n "$dir" && CPPFLAGS="$O_CPPFLAGS -I${dir}/include" AC_PREPROC_IFELSE([#include ], [found=yes; break]) done if test "$found" = "no" -o -z "$dir"; then CPPFLAGS="$O_CPPFLAGS" else SUDO_APPEND_LIBPATH(LDFLAGS, [${dir}/lib]) SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${dir}/lib]) fi fi if test "$found" = "no"; then AC_MSG_WARN([Unable to locate opie.h, you will have to edit the Makefile and add -I/path/to/opie/includes to CPPFLAGS]) fi AC_CHECK_LIB(opie, main, [found=yes], [AC_MSG_WARN([Unable to locate libopie.a, you will have to edit the Makefile and add -L/path/to/opie/lib to SUDO_LDFLAGS])]) LDFLAGS="$O_LDFLAGS" SUDO_LIBS="${SUDO_LIBS} -lopie" AUTH_OBJS="$AUTH_OBJS rfc1938.o" fi dnl dnl Check for shadow password routines if we have not already done so. dnl If there is a specific list of functions to check we do that first. dnl Otherwise, we check for SVR4-style and then SecureWare-style. dnl if test ${with_passwd-'no'} != "no"; then dnl dnl if crypt(3) not in libc, look elsewhere dnl if test -z "$LIB_CRYPT" -a "$with_passwd" != "no"; then AC_SEARCH_LIBS([crypt], [crypt crypt_d ufc], [test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"]) fi if test "$CHECKSHADOW" = "true" -a -n "$shadow_funcs"; then _LIBS="$LIBS" LIBS="$LIBS $shadow_libs" found=no AC_CHECK_FUNCS($shadow_funcs, [found=yes]) if test "$found" = "yes"; then SUDO_LIBS="$SUDO_LIBS $shadow_libs" elif test -n "$shadow_libs_optional"; then LIBS="$LIBS $shadow_libs_optional" AC_CHECK_FUNCS($shadow_funcs, [found=yes]) if test "$found" = "yes"; then SUDO_LIBS="$SUDO_LIBS $shadow_libs $shadow_libs_optional" fi fi if test "$found" = "yes"; then case "$shadow_funcs" in *getprpwnam*) SECUREWARE=1;; esac test -n "$shadow_defs" && OSDEFS="${OSDEFS} $shadow_defs" else LIBS="$_LIBS" fi CHECKSHADOW=false fi if test "$CHECKSHADOW" = "true"; then AC_SEARCH_LIBS([getspnam], [gen], [AC_DEFINE(HAVE_GETSPNAM)] [CHECKSHADOW=false; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"]) fi if test "$CHECKSHADOW" = "true"; then AC_SEARCH_LIBS([getprpwnam], [sec security prot], [AC_DEFINE(HAVE_GETPRPWNAM)] [CHECKSHADOW=false; SECUREWARE=1; test -n "$ac_lib" && SUDO_LIBS="${SUDO_LIBS} $ac_res"]) fi if test -n "$SECUREWARE"; then AC_CHECK_FUNCS(bigcrypt set_auth_parameters initprivs) AUTH_OBJS="$AUTH_OBJS secureware.o" fi fi dnl dnl extra lib and .o file for LDAP support dnl if test ${with_ldap-'no'} != "no"; then _LDFLAGS="$LDFLAGS" if test "$with_ldap" != "yes"; then SUDO_APPEND_LIBPATH(SUDO_LDFLAGS, [${with_ldap}/lib]) SUDO_APPEND_LIBPATH(LDFLAGS, [${with_ldap}/lib]) CPPFLAGS="${CPPFLAGS} -I${with_ldap}/include" with_ldap=yes fi SUDO_OBJS="${SUDO_OBJS} ldap.o" AC_MSG_CHECKING([for LDAP libraries]) LDAP_LIBS="" _LIBS="$LIBS" found=no for l in -lldap -llber '-lssl -lcrypto'; do LIBS="${LIBS} $l" LDAP_LIBS="${LDAP_LIBS} $l" AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include #include #include ]], [[(void)ldap_init(0, 0)]])], [found=yes; break]) done dnl if nothing linked just try with -lldap if test "$found" = "no"; then LIBS="${_LIBS} -lldap" LDAP_LIBS="-lldap" AC_MSG_RESULT([not found, using -lldap]) else AC_MSG_RESULT([$LDAP_LIBS]) fi dnl check if we need to link with -llber for ber_set_option OLIBS="$LIBS" AC_SEARCH_LIBS([ber_set_option], [lber], [found=yes], [found=no]) if test X"$found" = X"yes" -a X"$LIBS" != X"$OLIBS"; then LDAP_LIBS="$LDAP_LIBS -llber" fi dnl check if ldap.h includes lber.h for us AC_MSG_CHECKING([whether lber.h is needed]) AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include #include ]], [[(void)ldap_init(0, 0)]])], [AC_MSG_RESULT([no])], [ AC_MSG_RESULT([yes]) AC_DEFINE(HAVE_LBER_H)]) AC_CHECK_FUNCS(ldap_initialize ldap_start_tls_s ldapssl_init ldapssl_set_strength) AC_CHECK_HEADERS([ldap_ssl.h] [mps/ldap_ssl.h], [break], [], [#include ]) SUDO_LIBS="${SUDO_LIBS} ${LDAP_LIBS}" LIBS="$_LIBS" LDFLAGS="$_LDFLAGS" # XXX - OpenLDAP has deprecated ldap_get_values() CPPFLAGS="${CPPFLAGS} -DLDAP_DEPRECATED" fi dnl dnl Add $blibpath to SUDO_LDFLAGS if specified by the user or if we dnl added -L dirpaths to SUDO_LDFLAGS. dnl if test -n "$blibpath"; then if test -n "$blibpath_add"; then SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}${blibpath_add}" elif test -n "$with_blibpath" -a "$with_blibpath" != "yes"; then SUDO_LDFLAGS="$SUDO_LDFLAGS -Wl,-blibpath:${blibpath}" fi fi dnl dnl Check for log file and timestamp locations dnl SUDO_LOGFILE SUDO_TIMEDIR dnl dnl Use passwd (and secureware) auth modules? dnl case "$with_passwd" in yes|maybe) AUTH_OBJS="$AUTH_OBJS passwd.o" ;; *) AC_DEFINE(WITHOUT_PASSWD) if test -z "$AUTH_OBJS"; then AC_MSG_ERROR([no authentication methods defined.]) fi ;; esac AUTH_OBJS=${AUTH_OBJS# } _AUTH=`echo "$AUTH_OBJS" | sed 's/\.o//g'` AC_MSG_NOTICE([using the following authentication methods: $_AUTH]) dnl dnl LIBS may contain duplicates from SUDO_LIBS or NET_LIBS so prune it. dnl if test -n "$LIBS"; then L="$LIBS" LIBS= for l in ${L}; do dupe=0 for sl in ${SUDO_LIBS} ${NET_LIBS}; do test $l = $sl && dupe=1 done test $dupe = 0 && LIBS="${LIBS} $l" done fi dnl dnl Set exec_prefix dnl test "$exec_prefix" = "NONE" && exec_prefix='$(prefix)' dnl dnl Defer setting _PATH_SUDO_NOEXEC and _PATH_SUDO_SESH dnl until after exec_prefix is set dnl XXX - this is gross! dnl if test X"$with_noexec" != X"no" -o X"$with_selinux" != X"no"; then oexec_prefix="$exec_prefix" if test "$exec_prefix" = '$(prefix)'; then if test "$prefix" = "NONE"; then exec_prefix="$ac_default_prefix" else exec_prefix="$prefix" fi fi if test X"$with_noexec" != X"no"; then PROGS="${PROGS} sudo_noexec.la" INSTALL_NOEXEC="install-noexec" eval noexec_file="$with_noexec" AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so]) fi if test X"$with_selinux" != X"no"; then eval sesh_file="$libexecdir/sesh" AC_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh]) fi exec_prefix="$oexec_prefix" fi dnl dnl Substitute into the Makefile and man pages dnl AC_CONFIG_FILES([Makefile sudo.man visudo.man sudoers.man]) AC_OUTPUT dnl dnl Spew any text the user needs to know about dnl if test "$with_pam" = "yes"; then case $host in *-*-linux*) AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo]) ;; esac fi dnl dnl Autoheader templates dnl AH_TEMPLATE(BROKEN_SYSLOG, [Define to 1 if the `syslog' function returns a non-zero int to denote failure.]) AH_TEMPLATE(CLASSIC_INSULTS, [Define to 1 if you want the insults from the "classic" version sudo.]) AH_TEMPLATE(CSOPS_INSULTS, [Define to 1 if you want insults culled from the twisted minds of CSOps.]) AH_TEMPLATE(DONT_LEAK_PATH_INFO, [Define to 1 if you want sudo to display "command not allowed" instead of "command not found" when a command cannot be found.]) AH_TEMPLATE(ENV_EDITOR, [Define to 1 if you want visudo to honor the EDITOR and VISUAL env variables.]) AH_TEMPLATE(FQDN, [Define to 1 if you want to require fully qualified hosts in sudoers.]) AH_TEMPLATE(GOONS_INSULTS, [Define to 1 if you want insults from the "Goon Show".]) AH_TEMPLATE(HAL_INSULTS, [Define to 1 if you want 2001-like insults.]) AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.]) AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.]) AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.]) AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.]) AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.]) AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or macro.]) AH_TEMPLATE(HAVE_DGETTEXT, [Define to 1 if you have the `dgettext' function.]) AH_TEMPLATE(HAVE_DISPCRYPT, [Define to 1 if you have the `dispcrypt' function.]) AH_TEMPLATE(HAVE_EXTENDED_GLOB, [Define to 1 if your glob.h defines the GLOB_BRACE and GLOB_TILDE flags.]) AH_TEMPLATE(HAVE_FCNTL_CLOSEM, [Define to 1 if your system has the F_CLOSEM fcntl.]) AH_TEMPLATE(HAVE_FNMATCH, [Define to 1 if you have the `fnmatch' function.]) AH_TEMPLATE(HAVE_FWTK, [Define to 1 if you use the FWTK authsrv daemon.]) AH_TEMPLATE(HAVE_GETAUTHUID, [Define to 1 if you have the `getauthuid' function. (ULTRIX 4.x shadow passwords)]) AH_TEMPLATE(HAVE_GETPRPWNAM, [Define to 1 if you have the `getprpwnam' function. (SecureWare-style shadow passwords)]) AH_TEMPLATE(HAVE_GETPWANAM, [Define to 1 if you have the `getpwanam' function. (SunOS 4.x shadow passwords)]) AH_TEMPLATE(HAVE_GETSPNAM, [Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords)]) AH_TEMPLATE(HAVE_GETSPWUID, [Define to 1 if you have the `getspwuid' function. (HP-UX <= 9.X shadow passwords)]) AH_TEMPLATE(HAVE_HEIMDAL, [Define to 1 if your Kerberos is Heimdal.]) AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if contains struct in6_addr.]) AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)]) AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)]) AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.]) AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.]) AH_TEMPLATE(HAVE_LBER_H, [Define to 1 if your LDAP needs . (OpenLDAP does not)]) AH_TEMPLATE(HAVE_LDAP, [Define to 1 if you use LDAP for sudoers.]) AH_TEMPLATE(HAVE_OPIE, [Define to 1 if you use NRL OPIE.]) AH_TEMPLATE(HAVE_PAM, [Define to 1 if you use PAM authentication.]) AH_TEMPLATE(HAVE_PROJECT_H, [Define to 1 if you have the header file.]) AH_TEMPLATE(HAVE_SECURID, [Define to 1 if you use SecurID for authentication.]) AH_TEMPLATE(HAVE_SELINUX, [Define to 1 to enable SELinux RBAC support.]) AH_TEMPLATE(HAVE_SIA, [Define to 1 if you use SIA authentication.]) AH_TEMPLATE(HAVE_SIGACTION_T, [Define to 1 if has the sigaction_t typedef.]) AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.]) AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().]) AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union]) AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member]) AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member]) AH_TEMPLATE(HAVE_TERMIOS_H, [Define to 1 if you have the header file and the `tcgetattr' function.]) AH_TEMPLATE(HAVE_TIMESPEC, [Define to 1 if you have struct timespec in sys/time.h]) AH_TEMPLATE(HAVE_TIMESPECSUB2, [Define to 1 if you have a timespecsub macro or function that takes two arguments (not three)]) AH_TEMPLATE(HAVE___PROGNAME, [Define to 1 if your crt0.o defines the __progname symbol for you.]) AH_TEMPLATE(HOST_IN_LOG, [Define to 1 if you want the hostname to be entered into the log file.]) AH_TEMPLATE(IGNORE_DOT_PATH, [Define to 1 if you want to ignore '.' and empty PATH elements]) AH_TEMPLATE(LOGGING, [Define to SLOG_SYSLOG, SLOG_FILE, or SLOG_BOTH.]) AH_TEMPLATE(LONG_OTP_PROMPT, [Define to 1 if you want a two line OTP (S/Key or OPIE) prompt.]) AH_TEMPLATE(NO_AUTHENTICATION, [Define to 1 if you don't want sudo to prompt for a password by default.]) AH_TEMPLATE(NO_LECTURE, [Define to 1 if you don't want users to get the lecture the first they user sudo.]) AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid runing the mailer as root.]) AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.]) AH_TEMPLATE(PC_INSULTS, [Define to 1 to replace politically incorrect insults with less offensive ones.]) AH_TEMPLATE(SECURE_PATH, [Define to 1 to override the user's path with a built-in one.]) AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.]) AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.]) AH_TEMPLATE(SEND_MAIL_WHEN_NO_USER, [Define to 1 to send mail when the user is not in the sudoers file.]) AH_TEMPLATE(SHELL_IF_NO_ARGS, [Define to 1 if you want sudo to start a shell if given no arguments.]) AH_TEMPLATE(SHELL_SETS_HOME, [Define to 1 if you want sudo to set $HOME in shell mode.]) AH_TEMPLATE(STUB_LOAD_INTERFACES, [Define to 1 if the code in interfaces.c does not compile for you.]) AH_TEMPLATE(USE_INSULTS, [Define to 1 if you want to insult the user for entering an incorrect password.]) AH_TEMPLATE(USE_STOW, [Define to 1 if you use GNU stow packaging.]) AH_TEMPLATE(USE_TTY_TICKETS, [Define to 1 if you want a different ticket file for each tty.]) AH_TEMPLATE(WITHOUT_PASSWD, [Define to avoid using the passwd/shadow file for authentication.]) AH_TEMPLATE(sig_atomic_t, [Define to `int' if does not define.]) dnl dnl Bits to copy verbatim into config.h.in dnl AH_TOP([#ifndef _SUDO_CONFIG_H #define _SUDO_CONFIG_H]) AH_BOTTOM([/* * Macros to pull sec and nsec parts of mtime from struct stat. * We need to be able to convert between timeval and timespec * so the last 3 digits of tv_nsec are not significant. */ #ifdef HAVE_ST_MTIM # ifdef HAVE_ST__TIM # define mtim_getsec(_x) ((_x).st_mtim.st__tim.tv_sec) # define mtim_getnsec(_x) (((_x).st_mtim.st__tim.tv_nsec / 1000) * 1000) # else # define mtim_getsec(_x) ((_x).st_mtim.tv_sec) # define mtim_getnsec(_x) (((_x).st_mtim.tv_nsec / 1000) * 1000) # endif #else # ifdef HAVE_ST_MTIMESPEC # define mtim_getsec(_x) ((_x).st_mtimespec.tv_sec) # define mtim_getnsec(_x) (((_x).st_mtimespec.tv_nsec / 1000) * 1000) # else # define mtim_getsec(_x) ((_x).st_mtime) # define mtim_getnsec(_x) (0) # endif /* HAVE_ST_MTIMESPEC */ #endif /* HAVE_ST_MTIM */ /* * Emulate a subset of waitpid() if we don't have it. */ #ifdef HAVE_WAITPID # define sudo_waitpid(p, s, o) waitpid(p, s, o) #else # ifdef HAVE_WAIT3 # define sudo_waitpid(p, s, o) wait3(s, o, NULL) # endif #endif /* GNU stow needs /etc/sudoers to be a symlink. */ #ifdef USE_STOW # define stat_sudoers stat #else # define stat_sudoers lstat #endif /* Macros to set/clear/test flags. */ #undef SET #define SET(t, f) ((t) |= (f)) #undef CLR #define CLR(t, f) ((t) &= ~(f)) #undef ISSET #define ISSET(t, f) ((t) & (f)) /* New ANSI-style OS defs for HP-UX and ConvexOS. */ #if defined(hpux) && !defined(__hpux) # define __hpux 1 #endif /* hpux */ #if defined(convex) && !defined(__convex__) # define __convex__ 1 #endif /* convex */ /* BSD compatibility on some SVR4 systems. */ #ifdef __svr4__ # define BSD_COMP #endif /* __svr4__ */ #endif /* _SUDO_CONFIG_H */])